/**
* Share an item with a user, group, or via private link
* @param string $itemType
* @param string $itemSource
* @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
* @param string $shareWith User or group the item is being shared with
* @param int $permissions CRUDS
* @param string $itemSourceName
* @param \DateTime $expirationDate
* @param bool $passwordChanged
* @return boolean|string Returns true on success or false on failure, Returns token on success for links
* @throws \OC\HintException when the share type is remote and the shareWith is invalid
* @throws \Exception
*/
public static function shareItem($itemType, $itemSource, $shareType, $shareWith, $permissions, $itemSourceName = null, \DateTime $expirationDate = null, $passwordChanged = null)
{
$backend = self::getBackend($itemType);
$l = \OC::$server->getL10N('lib');
if ($backend->isShareTypeAllowed($shareType) === false) {
$message = 'Sharing %s failed, because the backend does not allow shares from type %i';
$message_t = $l->t('Sharing %s failed, because the backend does not allow shares from type %i', array($itemSourceName, $shareType));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareType), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
$uidOwner = \OC_User::getUser();
$shareWithinGroupOnly = self::shareWithGroupMembersOnly();
if (is_null($itemSourceName)) {
$itemSourceName = $itemSource;
}
$itemName = $itemSourceName;
// check if file can be shared
if ($itemType === 'file' or $itemType === 'folder') {
$path = \OC\Files\Filesystem::getPath($itemSource);
$itemName = $path;
// verify that the file exists before we try to share it
if (!$path) {
$message = 'Sharing %s failed, because the file does not exist';
$message_t = $l->t('Sharing %s failed, because the file does not exist', array($itemSourceName));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
// verify that the user has share permission
if (!\OC\Files\Filesystem::isSharable($path)) {
$message = 'You are not allowed to share %s';
$message_t = $l->t('You are not allowed to share %s', [$path]);
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $path), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
//verify that we don't share a folder which already contains a share mount point
if ($itemType === 'folder') {
$path = '/' . $uidOwner . '/files' . \OC\Files\Filesystem::getPath($itemSource) . '/';
$mountManager = \OC\Files\Filesystem::getMountManager();
$mounts = $mountManager->findIn($path);
foreach ($mounts as $mount) {
if ($mount->getStorage()->instanceOfStorage('\\OCA\\Files_Sharing\\ISharedStorage')) {
$message = 'Sharing "' . $itemSourceName . '" failed, because it contains files shared with you!';
\OCP\Util::writeLog('OCP\\Share', $message, \OCP\Util::DEBUG);
throw new \Exception($message);
}
}
}
// single file shares should never have delete permissions
if ($itemType === 'file') {
$permissions = (int) $permissions & ~\OCP\Constants::PERMISSION_DELETE;
}
//Validate expirationDate
if ($expirationDate !== null) {
try {
/*
* Reuse the validateExpireDate.
* We have to pass time() since the second arg is the time
* the file was shared, since it is not shared yet we just use
* the current time.
*/
$expirationDate = self::validateExpireDate($expirationDate->format('Y-m-d'), time(), $itemType, $itemSource);
} catch (\Exception $e) {
throw new \OC\HintException($e->getMessage(), $e->getMessage(), 404);
}
}
// Verify share type and sharing conditions are met
if ($shareType === self::SHARE_TYPE_USER) {
if ($shareWith == $uidOwner) {
$message = 'Sharing %s failed, because you can not share with yourself';
$message_t = $l->t('Sharing %s failed, because you can not share with yourself', [$itemName]);
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if (!\OC_User::userExists($shareWith)) {
$message = 'Sharing %s failed, because the user %s does not exist';
$message_t = $l->t('Sharing %s failed, because the user %s does not exist', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if ($shareWithinGroupOnly) {
$inGroup = array_intersect(\OC_Group::getUserGroups($uidOwner), \OC_Group::getUserGroups($shareWith));
if (empty($inGroup)) {
$message = 'Sharing %s failed, because the user ' . '%s is not a member of any groups that %s is a member of';
$message_t = $l->t('Sharing %s failed, because the user %s is not a member of any groups that %s is a member of', array($itemName, $shareWith, $uidOwner));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemName, $shareWith, $uidOwner), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
// Check if the item source is already shared with the user, either from the same owner or a different user
if ($checkExists = self::getItems($itemType, $itemSource, self::$shareTypeUserAndGroups, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a user share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_USER, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a user share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with user %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with user %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::ERROR);
throw new \Exception($message_t);
}
}
} else {
if ($shareType === self::SHARE_TYPE_GROUP) {
if (!\OC_Group::groupExists($shareWith)) {
$message = 'Sharing %s failed, because the group %s does not exist';
$message_t = $l->t('Sharing %s failed, because the group %s does not exist', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if ($shareWithinGroupOnly && !\OC_Group::inGroup($uidOwner, $shareWith)) {
$message = 'Sharing %s failed, because ' . '%s is not a member of the group %s';
$message_t = $l->t('Sharing %s failed, because %s is not a member of the group %s', array($itemSourceName, $uidOwner, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $uidOwner, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
// Check if the item source is already shared with the group, either from the same owner or a different user
// The check for each user in the group is done inside the put() function
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_GROUP, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a group share, this use case is for increasing
// permissions for a specific user
if ($checkExists['uid_owner'] != $uidOwner || $checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
// Convert share with into an array with the keys group and users
$group = $shareWith;
$shareWith = array();
$shareWith['group'] = $group;
$shareWith['users'] = array_diff(\OC_Group::usersInGroup($group), array($uidOwner));
} else {
if ($shareType === self::SHARE_TYPE_LINK) {
$updateExistingShare = false;
if (\OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_links', 'yes') == 'yes') {
// when updating a link share
// FIXME Don't delete link if we update it
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_LINK, null, $uidOwner, self::FORMAT_NONE, null, 1)) {
// remember old token
$oldToken = $checkExists['token'];
$oldPermissions = $checkExists['permissions'];
//delete the old share
Helper::delete($checkExists['id']);
$updateExistingShare = true;
}
if ($passwordChanged === null) {
// Generate hash of password - same method as user passwords
if (is_string($shareWith) && $shareWith !== '') {
self::verifyPassword($shareWith);
$shareWith = \OC::$server->getHasher()->hash($shareWith);
} else {
// reuse the already set password, but only if we change permissions
// otherwise the user disabled the password protection
if ($checkExists && (int) $permissions !== (int) $oldPermissions) {
$shareWith = $checkExists['share_with'];
}
}
} else {
if ($passwordChanged === true) {
if (is_string($shareWith) && $shareWith !== '') {
self::verifyPassword($shareWith);
$shareWith = \OC::$server->getHasher()->hash($shareWith);
}
} else {
if ($updateExistingShare) {
$shareWith = $checkExists['share_with'];
}
}
}
if (\OCP\Util::isPublicLinkPasswordRequired() && empty($shareWith)) {
$message = 'You need to provide a password to create a public link, only protected links are allowed';
$message_t = $l->t('You need to provide a password to create a public link, only protected links are allowed');
\OCP\Util::writeLog('OCP\\Share', $message, \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
if ($updateExistingShare === false && self::isDefaultExpireDateEnabled() && empty($expirationDate)) {
$expirationDate = Helper::calcExpireDate();
}
// Generate token
if (isset($oldToken)) {
$token = $oldToken;
} else {
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS);
}
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName, $expirationDate);
if ($result) {
return $token;
} else {
return false;
}
}
$message = 'Sharing %s failed, because sharing with links is not allowed';
$message_t = $l->t('Sharing %s failed, because sharing with links is not allowed', array($itemSourceName));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName), \OCP\Util::DEBUG);
throw new \Exception($message_t);
} else {
if ($shareType === self::SHARE_TYPE_REMOTE) {
/*
* Check if file is not already shared with the remote user
*/
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_REMOTE, $shareWith, $uidOwner, self::FORMAT_NONE, null, 1, true, true)) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, $shareWith));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
$token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(self::TOKEN_LENGTH, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS);
list($user, $remote) = Helper::splitUserRemote($shareWith);
$shareWith = $user . '@' . $remote;
$shareId = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, $token, $itemSourceName);
$send = false;
if ($shareId) {
$send = self::sendRemoteShare($token, $shareWith, $itemSourceName, $shareId, $uidOwner);
}
if ($send === false) {
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
self::unshare($itemType, $itemSource, $shareType, $shareWith, $currentUser);
$message_t = $l->t('Sharing %s failed, could not find %s, maybe the server is currently unreachable.', array($itemSourceName, $shareWith));
throw new \Exception($message_t);
}
return $send;
} else {
if ($shareType === self::SHARE_TYPE_SHARING_GROUP) {
if (!\OCA\Sharing_Group\Data::findGroupById($shareWith)) {
$message = 'Sharing %s failed, because the group %s does not exist';
$message_t = $l->t('Sharing %s failed, because the group %s does not exist', array($itemSourceName, $shareWith));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
if ($checkExists = self::getItems($itemType, $itemSource, self::SHARE_TYPE_SHARING_GROUP, $shareWith, null, self::FORMAT_NONE, null, 1, true, true)) {
// Only allow the same share to occur again if it is the same
// owner and is not a group share, this use case is for increasing
// permissions for a specific user
if ($checkExists['share_type'] == $shareType) {
$message = 'Sharing %s failed, because this item is already shared with %s';
$message_t = $l->t('Sharing %s failed, because this item is already shared with %s', array($itemSourceName, \OCA\Sharing_Group\Data::getGroupName($shareWith)));
\OC_Log::write('OCP\\Share', sprintf($message, $itemSourceName, $shareWith), \OC_Log::ERROR);
throw new \Exception($message_t);
}
}
$group = $shareWith;
$shareWith = array();
$shareWith['group'] = $group;
$shareWith['users'] = array_diff(\OCA\Sharing_Group\Data::readGroupUsers($group), array($uidOwner));
} else {
// Future share types need to include their own conditions
$message = 'Share type %s is not valid for %s';
$message_t = $l->t('Share type %s is not valid for %s', array($shareType, $itemSource));
\OCP\Util::writeLog('OCP\\Share', sprintf($message, $shareType, $itemSource), \OCP\Util::DEBUG);
throw new \Exception($message_t);
}
}
}
}
}
// Put the item into the database
$result = self::put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, null, null, $itemSourceName, $expirationDate);
return $result ? true : false;
}
