/** * @param array $parameters * @return \OC_OCS_Result */ public function setAppValue($parameters) { $app = $parameters['appid']; $configKey = $parameters['configkey']; $value = $this->request->getParam('value'); $this->config->setAppValue($app, $configKey, $value); return new \OC_OCS_Result(); }
/** * request received to ask remote server for a shared secret * * @return \OC_OCS_Result */ public function receiveSurveyResults() { $data = $this->request->getParam('data'); $array = json_decode($data, true); if ($array === null) { return new \OC_OCS_Result(null, Http::STATUS_BAD_REQUEST, 'Invalid data supplied.'); } try { $this->service->add($array); } catch (\Exception $e) { return new \OC_OCS_Result(null, Http::STATUS_BAD_REQUEST, 'Invalid data supplied.'); } return new \OC_OCS_Result(null, Http::STATUS_OK); }
/** * @param array $headers * @param bool $hasMoreActivities * @return array */ protected function generateHeaders(array $headers, $hasMoreActivities) { if ($hasMoreActivities && isset($headers['X-Activity-Last-Given'])) { // Set the "Link" header for the next page $nextPageParameters = ['since' => $headers['X-Activity-Last-Given'], 'limit' => $this->limit, 'sort' => $this->sort]; if ($this->objectType && $this->objectId) { $nextPageParameters['object_type'] = $this->objectType; $nextPageParameters['object_id'] = $this->objectId; } if ($this->request->getParam('format') !== null) { $nextPageParameters['format'] = $this->request->getParam('format'); } $nextPage = $this->request->getServerProtocol(); # http $nextPage .= '://' . $this->request->getServerHost(); # localhost $nextPage .= $this->request->getScriptName(); # /ocs/v2.php $nextPage .= $this->request->getPathInfo(); # /apps/activity/api/v2/activity $nextPage .= '?' . http_build_query($nextPageParameters); $headers['Link'] = '<' . $nextPage . '>; rel="next"'; } return $headers; }
/** * @param int $id * @return \OC_OCS_Result */ public function updateShare($id) { // Try both our default and our federated provider $share = null; try { $share = $this->shareManager->getShareById('ocinternal:' . $id); } catch (\OC\Share20\Exception\ShareNotFound $e) { //Ignore for now //return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.'); } // Could not find the share as internal share... maybe it is a federated share if ($share === null) { return \OCA\Files_Sharing\API\Local::updateShare(['id' => $id]); } if (!$this->canAccessShare($share)) { return new \OC_OCS_Result(null, 404, "wrong share Id, share doesn't exist."); } $permissions = $this->request->getParam('permissions', null); $password = $this->request->getParam('password', null); $publicUpload = $this->request->getParam('publicUpload', null); $expireDate = $this->request->getParam('expireDate', null); if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) { return new \OC_OCS_Result(null, 400, 'Wrong or no update parameter given'); } if ($expireDate !== null) { try { $expireDate = $this->parseDate($expireDate); } catch (\Exception $e) { return new \OC_OCS_Result(null, 400, $e->getMessage()); } $share->setExpirationDate($expireDate); } if ($permissions !== null) { $permissions = (int) $permissions; $share->setPermissions($permissions); } if ($password !== null) { $share->setPassword($password); } if ($publicUpload === 'true') { $share->setPermissions(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE); } else { if ($publicUpload === 'false') { $share->setPermissions(\OCP\Constants::PERMISSION_READ); } } try { $share = $this->shareManager->updateShare($share); } catch (\Exception $e) { return new \OC_OCS_Result(null, 400, $e->getMessage()); } return new \OC_OCS_Result($this->formatShare($share)); }
/** * create shared secret and return it * * @return \OC_OCS_Result */ public function getSharedSecret() { $url = $this->request->getParam('url'); $token = $this->request->getParam('token'); if ($this->trustedServers->isTrustedServer($url) === false || $this->isValidToken($url, $token) === false) { return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); } $sharedSecret = $this->secureRandom->getMediumStrengthGenerator()->generate(32); $this->trustedServers->addSharedSecret($url, $sharedSecret); // reset token after the exchange of the shared secret was successful $this->dbHandler->addToken($url, ''); return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK); }
/** * Get the user for the token * * @return string * @throws \UnexpectedValueException If the token is invalid, does not exist or is not unique */ protected function getUserFromToken() { $token = (string) $this->request->getParam('token', ''); if (strlen($token) !== 30) { throw new \UnexpectedValueException('The token is invalid'); } $users = $this->config->getUsersForUserValue('activity', 'rsstoken', $token); if (sizeof($users) !== 1) { // No unique user found throw new \UnexpectedValueException('The token is invalid'); } // Token found login as that user return array_shift($users); }
/** * creates a new group * * @param array $parameters * @return OC_OCS_Result */ public function addGroup($parameters) { // Validate name $groupId = $this->request->getParam('groupid', ''); if (empty($groupId)) { \OCP\Util::writeLog('provisioning_api', 'Group name not supplied', \OCP\Util::ERROR); return new OC_OCS_Result(null, 101, 'Invalid group name'); } // Check if it exists if ($this->groupManager->groupExists($groupId)) { return new OC_OCS_Result(null, 102); } $this->groupManager->createGroup($groupId); return new OC_OCS_Result(null, 100); }
/** * creates a new group * * @param array $parameters * @return OC_OCS_Result */ public function addGroup($parameters) { // Validate name $groupId = $this->request->getParam('groupid', ''); if (preg_match('/[^a-zA-Z0-9 _\\.@\\-]/', $groupId) || empty($groupId)) { \OCP\Util::writeLog('provisioning_api', 'Attempt made to create group using invalid characters.', \OCP\Util::ERROR); return new OC_OCS_Result(null, 101, 'Invalid group name'); } // Check if it exists if ($this->groupManager->groupExists($groupId)) { return new OC_OCS_Result(null, 102); } $this->groupManager->createGroup($groupId); return new OC_OCS_Result(null, 100); }
/** * create shared secret and return it * * @return \OC_OCS_Result */ public function getSharedSecret() { $url = $this->request->getParam('url'); $token = $this->request->getParam('token'); if ($this->trustedServers->isTrustedServer($url) === false) { $this->logger->log(\OCP\Util::ERROR, 'remote server not trusted (' . $url . ') while getting shared secret'); return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); } if ($this->isValidToken($url, $token) === false) { $this->logger->log(\OCP\Util::ERROR, 'remote server (' . $url . ') didn\'t send a valid token (got ' . $token . ') while getting shared secret'); return new \OC_OCS_Result(null, HTTP::STATUS_FORBIDDEN); } $sharedSecret = $this->secureRandom->generate(32); $this->trustedServers->addSharedSecret($url, $sharedSecret); // reset token after the exchange of the shared secret was successful $this->dbHandler->addToken($url, ''); return new \OC_OCS_Result(['sharedSecret' => $sharedSecret], Http::STATUS_OK); }
/** * update share information to keep federated re-shares in sync * * @param array $params * @return \OC_OCS_Result */ public function updatePermissions($params) { $id = (int) $params['id']; $token = $this->request->getParam('token', null); $permissions = $this->request->getParam('permissions', null); try { $share = $this->federatedShareProvider->getShareById($id); } catch (Share\Exceptions\ShareNotFound $e) { return new \OC_OCS_Result(null, Http::STATUS_BAD_REQUEST); } $validPermission = ctype_digit($permissions); $validToken = $this->verifyShare($share, $token); if ($validPermission && $validToken) { $this->updatePermissionsInDatabase($share, (int) $permissions); } else { return new \OC_OCS_Result(null, Http::STATUS_BAD_REQUEST); } return new \OC_OCS_Result(); }
/** * The getShares function. * * - Get shares by the current user * - Get shares by the current user and reshares (?reshares=true) * - Get shares with the current user (?shared_with_me=true) * - Get shares for a specific path (?path=...) * - Get all shares in a folder (?subfiles=true&path=..) * * @return \OC_OCS_Result */ public function getShares() { $sharedWithMe = $this->request->getParam('shared_with_me', null); $reshares = $this->request->getParam('reshares', null); $subfiles = $this->request->getParam('subfiles'); $path = $this->request->getParam('path', null); if ($sharedWithMe === 'true') { return $this->getSharedWithMe(); } if ($path !== null) { $userFolder = $this->rootFolder->getUserFolder($this->currentUser->getUID()); try { $path = $userFolder->get($path); } catch (\OCP\Files\NotFoundException $e) { return new \OC_OCS_Result(null, 404, 'wrong path, file/folder doesn\'t exist'); } } if ($subfiles === 'true') { return $this->getSharesInDir($path); } if ($reshares === 'true') { $reshares = true; } else { $reshares = false; } // Get all shares $userShares = $this->shareManager->getSharesBy($this->currentUser, \OCP\Share::SHARE_TYPE_USER, $path, $reshares, -1, 0); $groupShares = $this->shareManager->getSharesBy($this->currentUser, \OCP\Share::SHARE_TYPE_GROUP, $path, $reshares, -1, 0); $linkShares = $this->shareManager->getSharesBy($this->currentUser, \OCP\Share::SHARE_TYPE_LINK, $path, $reshares, -1, 0); //TODO: Add federated shares $shares = array_merge($userShares, $groupShares, $linkShares); $formatted = []; foreach ($shares as $share) { $formatted[] = $this->formatShare($share); } return new \OC_OCS_Result($formatted); }
/** * Lets you access post and get parameters by the index * @deprecated 7.0.0 write your parameters as method arguments instead * @param string $key the key which you want to access in the URL Parameter * placeholder, $_POST or $_GET array. * The priority how they're returned is the following: * 1. URL parameters * 2. POST parameters * 3. GET parameters * @param string $default If the key is not found, this value will be returned * @return mixed the content of the array * @since 6.0.0 */ public function params($key, $default = null) { return $this->request->getParam($key, $default); }
/** * @param array $parameters * @return int */ protected function getPath($parameters) { $node = \OC::$server->getRootFolder()->getUserFolder($parameters['user'])->get($this->request->getParam('path')); return 'files/' . md5($node->getStorage()->getId() . '::' . trim($node->getInternalPath(), '/')); }
/** * @param int $id * @return \OC_OCS_Result */ public function updateShare($id) { try { $share = $this->getShareById($id); } catch (ShareNotFound $e) { return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.'); } if (!$this->canAccessShare($share)) { return new \OC_OCS_Result(null, 404, 'wrong share Id, share doesn\'t exist.'); } $permissions = $this->request->getParam('permissions', null); $password = $this->request->getParam('password', null); $publicUpload = $this->request->getParam('publicUpload', null); $expireDate = $this->request->getParam('expireDate', null); /* * expirationdate, password and publicUpload only make sense for link shares */ if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) { return new \OC_OCS_Result(null, 400, 'Wrong or no update parameter given'); } $newPermissions = null; if ($publicUpload === 'true') { $newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE; } else { if ($publicUpload === 'false') { $newPermissions = \OCP\Constants::PERMISSION_READ; } } if ($permissions !== null) { $newPermissions = (int) $permissions; } if ($newPermissions !== null && $newPermissions !== \OCP\Constants::PERMISSION_READ && $newPermissions !== (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) { return new \OC_OCS_Result(null, 400, 'can\'t change permission for public link share'); } if ($newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) { if (!$this->shareManager->shareApiLinkAllowPublicUpload()) { return new \OC_OCS_Result(null, 403, 'public upload disabled by the administrator'); } if (!$share->getNode() instanceof \OCP\Files\Folder) { return new \OC_OCS_Result(null, 400, "public upload is only possible for public shared folders"); } } if ($newPermissions !== null) { $share->setPermissions($newPermissions); } if ($expireDate === '') { $share->setExpirationDate(null); } else { if ($expireDate !== null) { try { $expireDate = $this->parseDate($expireDate); } catch (\Exception $e) { return new \OC_OCS_Result(null, 400, $e->getMessage()); } $share->setExpirationDate($expireDate); } } if ($password === '') { $share->setPassword(null); } else { if ($password !== null) { $share->setPassword($password); } } } else { // For other shares only permissions is valid. if ($permissions === null) { return new \OC_OCS_Result(null, 400, 'Wrong or no update parameter given'); } else { $permissions = (int) $permissions; $share->setPermissions($permissions); } } if ($permissions !== null) { /* Check if this is an incomming share */ $incomingShares = $this->shareManager->getSharedWith($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_USER, $share->getNode(), -1, 0); $incomingShares = array_merge($incomingShares, $this->shareManager->getSharedWith($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_GROUP, $share->getNode(), -1, 0)); if (!empty($incomingShares)) { $maxPermissions = 0; foreach ($incomingShares as $incomingShare) { $maxPermissions |= $incomingShare->getPermissions(); } if ($share->getPermissions() & ~$maxPermissions) { return new \OC_OCS_Result(null, 404, 'Cannot increase permissions'); } } } try { $share = $this->shareManager->updateShare($share); } catch (\Exception $e) { return new \OC_OCS_Result(null, 400, $e->getMessage()); } return new \OC_OCS_Result($this->formatShare($share)); }
/** * @param int $id * @return \OC_OCS_Result */ public function updateShare($id) { // Try both our default and our federated provider $share = null; try { $share = $this->shareManager->getShareById('ocinternal:' . $id); } catch (ShareNotFound $e) { //Ignore for now //return new \OC_OCS_Result(null, 404, 'wrong share ID, share doesn\'t exist.'); } // Could not find the share as internal share... maybe it is a federated share if ($share === null) { return \OCA\Files_Sharing\API\Local::updateShare(['id' => $id]); } if (!$this->canAccessShare($share)) { return new \OC_OCS_Result(null, 404, 'wrong share Id, share doesn\'t exist.'); } $permissions = $this->request->getParam('permissions', null); $password = $this->request->getParam('password', null); $publicUpload = $this->request->getParam('publicUpload', null); $expireDate = $this->request->getParam('expireDate', null); /* * expirationdate, password and publicUpload only make sense for link shares */ if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) { return new \OC_OCS_Result(null, 400, 'Wrong or no update parameter given'); } $newPermissions = null; if ($publicUpload === 'true') { $newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE; } else { if ($publicUpload === 'false') { $newPermissions = \OCP\Constants::PERMISSION_READ; } } if ($permissions !== null) { $newPermissions = (int) $permissions; } if ($newPermissions !== null && $newPermissions !== \OCP\Constants::PERMISSION_READ && $newPermissions !== (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) { return new \OC_OCS_Result(null, 400, 'can\'t change permission for public link share'); } if ($newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) { if (!$this->shareManager->shareApiLinkAllowPublicUpload()) { return new \OC_OCS_Result(null, 403, 'public upload disabled by the administrator'); } if (!$share->getNode() instanceof \OCP\Files\Folder) { return new \OC_OCS_Result(null, 400, "public upload is only possible for public shared folders"); } } if ($newPermissions !== null) { $share->setPermissions($newPermissions); } if ($expireDate === '') { $share->setExpirationDate(null); } else { if ($expireDate !== null) { try { $expireDate = $this->parseDate($expireDate); } catch (\Exception $e) { return new \OC_OCS_Result(null, 400, $e->getMessage()); } $share->setExpirationDate($expireDate); } } if ($password === '') { $share->setPassword(null); } else { if ($password !== null) { $share->setPassword($password); } } } else { // For other shares only permissions is valid. if ($permissions === null) { return new \OC_OCS_Result(null, 400, 'Wrong or no update parameter given'); } else { $permissions = (int) $permissions; $share->setPermissions($permissions); } } try { $share = $this->shareManager->updateShare($share); } catch (\Exception $e) { return new \OC_OCS_Result(null, 400, $e->getMessage()); } return new \OC_OCS_Result($this->formatShare($share)); }
/** * @return \OC_OCS_Result */ public function createShare() { $share = $this->shareManager->newShare(); // Verify path $path = $this->request->getParam('path', null); if ($path === null) { return new \OC_OCS_Result(null, 404, 'please specify a file or folder path'); } $userFolder = $this->rootFolder->getUserFolder($this->currentUser->getUID()); try { $path = $userFolder->get($path); } catch (\OCP\Files\NotFoundException $e) { return new \OC_OCS_Result(null, 404, 'wrong path, file/folder doesn\'t exist'); } $share->setPath($path); // Parse permissions (if available) $permissions = $this->request->getParam('permissions', null); if ($permissions === null) { $permissions = \OCP\Constants::PERMISSION_ALL; } else { $permissions = (int) $permissions; } if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) { return new \OC_OCS_Result(null, 404, 'invalid permissions'); } // Shares always require read permissions $permissions |= \OCP\Constants::PERMISSION_READ; if ($path instanceof \OCP\Files\File) { // Single file shares should never have delete or create permissions $permissions &= ~\OCP\Constants::PERMISSION_DELETE; $permissions &= ~\OCP\Constants::PERMISSION_CREATE; } $shareWith = $this->request->getParam('shareWith', null); $shareType = (int) $this->request->getParam('shareType', '-1'); if ($shareType === \OCP\Share::SHARE_TYPE_USER) { // Valid user is required to share if ($shareWith === null || !$this->userManager->userExists($shareWith)) { return new \OC_OCS_Result(null, 404, 'please specify a valid user'); } $share->setSharedWith($this->userManager->get($shareWith)); $share->setPermissions($permissions); } else { if ($shareType === \OCP\Share::SHARE_TYPE_GROUP) { // Valid group is required to share if ($shareWith === null || !$this->groupManager->groupExists($shareWith)) { return new \OC_OCS_Result(null, 404, 'please specify a valid group'); } $share->setSharedWith($this->groupManager->get($shareWith)); $share->setPermissions($permissions); } else { if ($shareType === \OCP\Share::SHARE_TYPE_LINK) { //Can we even share links? if (!$this->shareManager->shareApiAllowLinks()) { return new \OC_OCS_Result(null, 404, 'public link sharing is disabled by the administrator'); } $publicUpload = $this->request->getParam('publicUpload', null); if ($publicUpload === 'true') { // Check if public upload is allowed if (!$this->shareManager->shareApiLinkAllowPublicUpload()) { return new \OC_OCS_Result(null, 403, '"public upload disabled by the administrator'); } // Public upload can only be set for folders if ($path instanceof \OCP\Files\File) { return new \OC_OCS_Result(null, 404, '"public upload is only possible for public shared folders'); } $share->setPermissions(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE); } else { $share->setPermissions(\OCP\Constants::PERMISSION_READ); } // Set password $share->setPassword($this->request->getParam('password', null)); //Expire date $expireDate = $this->request->getParam('expireDate', null); if ($expireDate !== null) { try { $expireDate = $this->parseDate($expireDate); $share->setExpirationDate($expireDate); } catch (\Exception $e) { return new \OC_OCS_Result(null, 404, 'Invalid Date. Format must be YYYY-MM-DD.'); } } } else { if ($shareType === \OCP\Share::SHARE_TYPE_REMOTE) { //fixme Remote shares are handled by old code path for now return \OCA\Files_Sharing\API\Local::createShare([]); } else { return new \OC_OCS_Result(null, 400, "unknown share type"); } } } } $share->setShareType($shareType); $share->setSharedBy($this->currentUser); try { $share = $this->shareManager->createShare($share); } catch (\OC\HintException $e) { $code = $e->getCode() === 0 ? 403 : $e->getCode(); return new \OC_OCS_Result(null, $code, $e->getHint()); } catch (\Exception $e) { return new \OC_OCS_Result(null, 403, $e->getMessage()); } $share = $this->formatShare($share); return new \OC_OCS_Result($share); }