public function testShareWithUser() { // Invalid shares $message = 'Sharing test.txt failed, because you can not share with yourself'; try { \OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user1, \OCP\Constants::PERMISSION_READ); $this->fail('Exception was expected: ' . $message); } catch (\Exception $exception) { $this->assertEquals($message, $exception->getMessage()); } $message = 'Sharing test.txt failed, because the user foobar does not exist'; try { \OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, 'foobar', \OCP\Constants::PERMISSION_READ); $this->fail('Exception was expected: ' . $message); } catch (\Exception $exception) { $this->assertEquals($message, $exception->getMessage()); } $message = 'Sharing foobar failed, because the sharing backend for test could not find its source'; try { \OCP\Share::shareItem('test', 'foobar', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ); $this->fail('Exception was expected: ' . $message); } catch (\Exception $exception) { $this->assertEquals($message, $exception->getMessage()); } // Valid share $this->shareUserOneTestFileWithUserTwo(); // Attempt to share again \OC_User::setUserId($this->user1); $message = 'Sharing test.txt failed, because this item is already shared with ' . $this->user2; try { \OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ); $this->fail('Exception was expected: ' . $message); } catch (\Exception $exception) { $this->assertEquals($message, $exception->getMessage()); } // Attempt to share back \OC_User::setUserId($this->user2); $message = 'Sharing failed, because the user ' . $this->user1 . ' is the original sharer'; try { \OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user1, \OCP\Constants::PERMISSION_READ); $this->fail('Exception was expected: ' . $message); } catch (\Exception $exception) { $this->assertEquals($message, $exception->getMessage()); } // Unshare \OC_User::setUserId($this->user1); $this->assertTrue(\OCP\Share::unshare('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2)); // Attempt reshare without share permission $this->assertTrue(\OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ)); \OC_User::setUserId($this->user2); $message = 'Sharing test.txt failed, because resharing is not allowed'; try { \OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user3, \OCP\Constants::PERMISSION_READ); $this->fail('Exception was expected: ' . $message); } catch (\Exception $exception) { $this->assertEquals($message, $exception->getMessage()); } // Owner grants share and update permission \OC_User::setUserId($this->user1); $this->assertTrue(\OCP\Share::setPermissions('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_SHARE)); // Attempt reshare with escalated permissions \OC_User::setUserId($this->user2); $message = 'Sharing test.txt failed, because the permissions exceed permissions granted to ' . $this->user2; try { \OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user3, \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_DELETE); $this->fail('Exception was expected: ' . $message); } catch (\Exception $exception) { $this->assertEquals($message, $exception->getMessage()); } // Valid reshare $this->assertTrue(\OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user3, \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE)); $this->assertEquals(array('test.txt'), \OCP\Share::getItemShared('test', 'test.txt', Backend::FORMAT_SOURCE)); \OC_User::setUserId($this->user3); $this->assertEquals(array('test.txt'), \OCP\Share::getItemSharedWith('test', 'test.txt', Backend::FORMAT_SOURCE)); $this->assertEquals(array(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE), \OCP\Share::getItemSharedWith('test', 'test.txt', Backend::FORMAT_PERMISSIONS)); // Attempt to escalate permissions \OC_User::setUserId($this->user2); $message = 'Setting permissions for test.txt failed, because the permissions exceed permissions granted to ' . $this->user2; try { \OCP\Share::setPermissions('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user3, \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_DELETE); $this->fail('Exception was expected: ' . $message); } catch (\Exception $exception) { $this->assertEquals($message, $exception->getMessage()); } // Remove update permission \OC_User::setUserId($this->user1); $this->assertTrue(\OCP\Share::setPermissions('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_SHARE)); \OC_User::setUserId($this->user2); $this->assertEquals(array(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_SHARE), \OCP\Share::getItemSharedWith('test', 'test.txt', Backend::FORMAT_PERMISSIONS)); \OC_User::setUserId($this->user3); $this->assertEquals(array(\OCP\Constants::PERMISSION_READ), \OCP\Share::getItemSharedWith('test', 'test.txt', Backend::FORMAT_PERMISSIONS)); // Remove share permission \OC_User::setUserId($this->user1); $this->assertTrue(\OCP\Share::setPermissions('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ)); \OC_User::setUserId($this->user2); $this->assertEquals(array(\OCP\Constants::PERMISSION_READ), \OCP\Share::getItemSharedWith('test', 'test.txt', Backend::FORMAT_PERMISSIONS)); \OC_User::setUserId($this->user3); $this->assertSame(array(), \OCP\Share::getItemSharedWith('test', 'test.txt')); // Reshare again, and then have owner unshare \OC_User::setUserId($this->user1); $this->assertTrue(\OCP\Share::setPermissions('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_SHARE)); \OC_User::setUserId($this->user2); $this->assertTrue(\OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user3, \OCP\Constants::PERMISSION_READ)); \OC_User::setUserId($this->user1); $this->assertTrue(\OCP\Share::unshare('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2)); \OC_User::setUserId($this->user2); $this->assertSame(array(), \OCP\Share::getItemSharedWith('test', 'test.txt')); \OC_User::setUserId($this->user3); $this->assertSame(array(), \OCP\Share::getItemSharedWith('test', 'test.txt')); // Attempt target conflict \OC_User::setUserId($this->user1); $this->assertTrue(\OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ)); \OC_User::setUserId($this->user3); $this->assertTrue(\OCP\Share::shareItem('test', 'share.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ)); \OC_User::setUserId($this->user2); $to_test = \OCP\Share::getItemsSharedWith('test', Backend::FORMAT_TARGET); $this->assertEquals(2, count($to_test)); $this->assertTrue(in_array('test.txt', $to_test)); $this->assertTrue(in_array('test1.txt', $to_test)); // Unshare from self $this->assertTrue(\OCP\Share::unshareFromSelf('test', 'test.txt')); $this->assertEquals(array('test1.txt'), \OCP\Share::getItemsSharedWith('test', Backend::FORMAT_TARGET)); // Unshare from self via source $this->assertTrue(\OCP\Share::unshareFromSelf('test', 'share.txt', true)); $this->assertEquals(array(), \OCP\Share::getItemsSharedWith('test', Backend::FORMAT_TARGET)); \OC_User::setUserId($this->user1); $this->assertTrue(\OCP\Share::shareItem('test', 'test.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ)); \OC_User::setUserId($this->user3); $this->assertTrue(\OCP\Share::shareItem('test', 'share.txt', \OCP\Share::SHARE_TYPE_USER, $this->user2, \OCP\Constants::PERMISSION_READ)); \OC_User::setUserId($this->user2); $to_test = \OCP\Share::getItemsSharedWith('test', Backend::FORMAT_TARGET); $this->assertEquals(2, count($to_test)); $this->assertTrue(in_array('test.txt', $to_test)); $this->assertTrue(in_array('test1.txt', $to_test)); // Remove user \OC_User::setUserId($this->user1); $user = \OC::$server->getUserManager()->get($this->user1); if ($user !== null) { $user->delete(); } \OC_User::setUserId($this->user2); $this->assertEquals(array('test1.txt'), \OCP\Share::getItemsSharedWith('test', Backend::FORMAT_TARGET)); }
/** * update permissions for a share * @param array $share information about the share * @param array $params contains 'permissions' * @return \OC_OCS_Result */ private static function updatePermissions($share, $params) { $itemSource = $share['item_source']; $itemType = $share['item_type']; $shareWith = $share['share_with']; $shareType = $share['share_type']; $permissions = isset($params['_put']['permissions']) ? (int) $params['_put']['permissions'] : null; $publicUploadStatus = \OC::$server->getAppConfig()->getValue('core', 'shareapi_allow_public_upload', 'yes'); $publicUploadEnabled = $publicUploadStatus === 'yes' ? true : false; // only change permissions for public shares if public upload is enabled // and we want to set permissions to 1 (read only) or 7 (allow upload) if ((int) $shareType === \OCP\Share::SHARE_TYPE_LINK) { if ($publicUploadEnabled === false || $permissions !== 7 && $permissions !== 1) { return new \OC_OCS_Result(null, 400, "can't change permission for public link share"); } } try { $return = \OCP\Share::setPermissions($itemType, $itemSource, $shareType, $shareWith, $permissions); } catch (\Exception $e) { return new \OC_OCS_Result(null, 404, $e->getMessage()); } if ($return) { return new \OC_OCS_Result(); } else { return new \OC_OCS_Result(null, 404, "couldn't set permissions"); } }
public function testEtagChangeOnPermissionsChange() { $this->loginAsUser(self::TEST_FILES_SHARING_API_USER1); $view = new View('/' . self::TEST_FILES_SHARING_API_USER1 . '/files'); $folderInfo = $view->getFileInfo('/sub1/sub2/folder'); \OCP\Share::setPermissions('folder', $folderInfo->getId(), \OCP\Share::SHARE_TYPE_USER, self::TEST_FILES_SHARING_API_USER2, 17); $this->assertEtagsForFoldersChanged([self::TEST_FILES_SHARING_API_USER2, self::TEST_FILES_SHARING_API_USER4]); $this->assertAllUnchaged(); }
public function testShareWithGroupUniqueName() { $this->loginHelper(self::TEST_FILES_SHARING_API_USER1); \OC\Files\Filesystem::file_put_contents('test.txt', 'test'); $fileInfo = \OC\Files\Filesystem::getFileInfo('test.txt'); $this->assertTrue(\OCP\Share::shareItem('file', $fileInfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, self::TEST_FILES_SHARING_API_GROUP1, 23)); $this->loginHelper(self::TEST_FILES_SHARING_API_USER2); $items = \OCP\Share::getItemsSharedWith('file'); $this->assertSame('/test.txt', $items[0]['file_target']); $this->assertSame(23, $items[0]['permissions']); \OC\Files\Filesystem::rename('test.txt', 'new test.txt'); $items = \OCP\Share::getItemsSharedWith('file'); $this->assertSame('/new test.txt', $items[0]['file_target']); $this->assertSame(23, $items[0]['permissions']); $this->loginHelper(self::TEST_FILES_SHARING_API_USER1); \OCP\Share::setPermissions('file', $items[0]['item_source'], $items[0]['share_type'], $items[0]['share_with'], 3); $this->loginHelper(self::TEST_FILES_SHARING_API_USER2); $items = \OCP\Share::getItemsSharedWith('file'); $this->assertSame('/new test.txt', $items[0]['file_target']); $this->assertSame(3, $items[0]['permissions']); }
/** * If the permissions on a group share are upgraded be sure to still respect * removed shares by a member of that group */ function testPermissionUpgradeOnUserDeletedGroupShare() { \OC_Group::createGroup('testGroup'); \OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER1, 'testGroup'); \OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup'); \OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup'); $connection = \OC::$server->getDatabaseConnection(); // Share item with group $fileinfo = $this->view->getFileInfo($this->folder); $this->assertTrue(\OCP\Share::shareItem('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, "testGroup", \OCP\Constants::PERMISSION_READ)); // Login as user 2 and verify the item exists self::loginHelper(self::TEST_FILES_SHARING_API_USER2); $this->assertTrue(\OC\Files\Filesystem::file_exists($this->folder)); $result = \OCP\Share::getItemSharedWithBySource('folder', $fileinfo['fileid']); $this->assertNotEmpty($result); $this->assertEquals(\OCP\Constants::PERMISSION_READ, $result['permissions']); // Delete the share $this->assertTrue(\OC\Files\Filesystem::rmdir($this->folder)); $this->assertFalse(\OC\Files\Filesystem::file_exists($this->folder)); // Verify we do not get a share $result = \OCP\Share::getItemSharedWithBySource('folder', $fileinfo['fileid']); $this->assertEmpty($result); // Verify that the permission is correct in the DB $qb = $connection->getQueryBuilder(); $qb->select('*')->from('share')->where($qb->expr()->eq('file_source', $qb->createParameter('fileSource')))->andWhere($qb->expr()->eq('share_type', $qb->createParameter('shareType')))->setParameter(':fileSource', $fileinfo['fileid'])->setParameter(':shareType', 2); $res = $qb->execute()->fetchAll(); $this->assertCount(1, $res); $this->assertEquals(0, $res[0]['permissions']); // Login as user 1 again and change permissions self::loginHelper(self::TEST_FILES_SHARING_API_USER1); $this->assertTrue(\OCP\Share::setPermissions('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, "testGroup", \OCP\Constants::PERMISSION_ALL)); // Login as user 2 and verify self::loginHelper(self::TEST_FILES_SHARING_API_USER2); $this->assertFalse(\OC\Files\Filesystem::file_exists($this->folder)); $result = \OCP\Share::getItemSharedWithBySource('folder', $fileinfo['fileid']); $this->assertEmpty($result); $connection = \OC::$server->getDatabaseConnection(); $qb = $connection->getQueryBuilder(); $qb->select('*')->from('share')->where($qb->expr()->eq('file_source', $qb->createParameter('fileSource')))->andWhere($qb->expr()->eq('share_type', $qb->createParameter('shareType')))->setParameter(':fileSource', $fileinfo['fileid'])->setParameter(':shareType', 2); $res = $qb->execute()->fetchAll(); $this->assertCount(1, $res); $this->assertEquals(0, $res[0]['permissions']); //cleanup self::loginHelper(self::TEST_FILES_SHARING_API_USER1); \OCP\Share::unshare('folder', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'testGroup'); \OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER1, 'testGroup'); \OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup'); \OC_Group::removeFromGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup'); }