Merge pull request #12105 from nextcloud/using-resharing-right-to-dis…

…play-shares

Shares are displayed to users with resharing rights

apps/files_sharing/lib/Controller/ShareAPIController.php

@@ -39,7 +39,6 @@
 use OCP\AppFramework\OCSController;
 use OCP\AppFramework\QueryException;
 use OCP\Constants;
-use OCP\Files\Folder;
 use OCP\Files\Node;
 use OCP\Files\NotFoundException;
 use OCP\IConfig;
@@ -242,6 +241,9 @@ protected function formatShare(\OCP\Share\IShare $share, Node $recipientNode = n
 
 			$shareWithStart = ($hasCircleId? strrpos($share->getSharedWith(), '[') + 1: 0);
 			$shareWithLength = ($hasCircleId? -1: strpos($share->getSharedWith(), ' '));
+			if (is_bool($shareWithLength)) {
+				$shareWithLength = -1;
+			}
 			$result['share_with'] = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
 		} else if ($share->getShareType() === Share::SHARE_TYPE_ROOM) {
 			$result['share_with'] = $share->getSharedWith();
@@ -730,15 +732,29 @@ public function getShares(
 			$shares = array_merge($shares, $federatedShares);
 		}
 
-		$formatted = [];
+		$formatted = $miniFormatted = [];
+		$resharingRight = false;
 		foreach ($shares as $share) {
+			/** @var IShare $share */
 			try {
-				$formatted[] = $this->formatShare($share, $path);
-			} catch (NotFoundException $e) {
+				$format = $this->formatShare($share, $path);
+				$formatted[] = $format;
+				if ($share->getSharedBy() === $this->currentUser) {
+					$miniFormatted[] = $format;
+				}
+
+				if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $path)) {
+					$resharingRight = true;
+				}
+			} catch (\Exception $e) {
 				//Ignore share
 			}
 		}
 
+		if (!$resharingRight) {
+			$formatted = $miniFormatted;
+		}
+
 		if ($include_tags) {
 			$formatted = Helper::populateTags($formatted, 'file_source', \OC::$server->getTagManager());
 		}
@@ -1122,4 +1138,64 @@ private function getRoomShareHelper() {
 
 		return $this->serverContainer->query('\OCA\Spreed\Share\Helper\ShareAPIController');
 	}
+
+
+	/**
+	 * Returns if we can find resharing rights in an IShare object for a specific user.
+	 *
+	 * @suppress PhanUndeclaredClassMethod
+	 *
+	 * @param string $userId
+	 * @param IShare $share
+	 * @param Node $node
+	 * @return bool
+	 * @throws NotFoundException
+	 * @throws \OCP\Files\InvalidPathException
+	 */
+	private function shareProviderResharingRights(string $userId, IShare $share, $node): bool {
+
+		if ($share->getShareOwner() === $userId) {
+			return true;
+		}
+
+		// we check that current user have parent resharing rights on the current file
+		if ($node !== null && ($node->getPermissions() & \OCP\Constants::PERMISSION_SHARE) !== 0) {
+			return true;
+		}
+
+		if ((\OCP\Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) {
+			return false;
+		}
+
+		if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && $share->getSharedWith() === $userId) {
+			return true;
+		}
+
+		if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP && $this->groupManager->isInGroup($userId, $share->getSharedWith())) {
+			return true;
+		}
+
+		if ($share->getShareType() === \OCP\Share::SHARE_TYPE_CIRCLE && \OC::$server->getAppManager()->isEnabledForUser('circles') &&
+			class_exists('\OCA\Circles\Api\v1\Circles')) {
+			$hasCircleId = (substr($share->getSharedWith(), -1) === ']');
+			$shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
+			$shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
+			if (is_bool($shareWithLength)) {
+				$shareWithLength = -1;
+			}
+			$sharedWith = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
+			try {
+				$member = \OCA\Circles\Api\v1\Circles::getMember($sharedWith, $userId, 1);
+				if ($member->getLevel() >= 4) {
+					return true;
+				}
+				return false;
+			} catch (QueryException $e) {
+				return false;
+			}
+		}
+
+		return false;
+	}
+
 }

core/js/share/sharedialogshareelistview.handlebars

@@ -1,8 +1,10 @@
 <ul id="shareWithList" class="shareWithList">
 	{{#each sharees}}
+        {{#unless isShareWithCurrentUser}}
 		<li data-share-id="{{shareId}}" data-share-type="{{shareType}}" data-share-with="{{shareWith}}">
 			<div class="avatar {{#if modSeed}}imageplaceholderseed{{/if}}" data-username="{{shareWith}}" data-avatar="{{shareWithAvatar}}" data-displayname="{{shareWithDisplayName}}" {{#if modSeed}}data-seed="{{shareWith}} {{shareType}}"{{/if}}></div>
 			<span class="username" title="{{shareWithTitle}}">{{shareWithDisplayName}}</span>
+			{{#if canUpdateShareSettings }}
 			<span class="sharingOptionsGroup">
 				{{#if editPermissionPossible}}
 					<span>
@@ -14,7 +16,9 @@
 					{{{popoverMenu}}}
 				</div>
 			</span>
+			{{/if}}
 		</li>
+	{{/unless}}
 	{{/each}}
 	{{#each linkReshares}}
 		<li data-share-id="{{shareId}}" data-share-type="{{shareType}}">

core/js/sharedialogshareelistview.js

@@ -86,6 +86,7 @@
 			var shareType = this.model.getShareType(shareIndex);
 			var sharedBy = this.model.getSharedBy(shareIndex);
 			var sharedByDisplayName = this.model.getSharedByDisplayName(shareIndex);
+			var fileOwnerUid = this.model.getFileOwnerUid(shareIndex);
 
 			var hasPermissionOverride = {};
 			if (shareType === OC.Share.SHARE_TYPE_GROUP) {
@@ -143,13 +144,18 @@
 				hasCreatePermission: this.model.hasCreatePermission(shareIndex),
 				hasUpdatePermission: this.model.hasUpdatePermission(shareIndex),
 				hasDeletePermission: this.model.hasDeletePermission(shareIndex),
+				sharedBy: sharedBy,
+				sharedByDisplayName: sharedByDisplayName,
 				shareWith: shareWith,
 				shareWithDisplayName: shareWithDisplayName,
 				shareWithAvatar: shareWithAvatar,
 				shareWithTitle: shareWithTitle,
 				shareType: shareType,
 				shareId: this.model.get('shares')[shareIndex].id,
 				modSeed: shareWithAvatar || (shareType !== OC.Share.SHARE_TYPE_USER && shareType !== OC.Share.SHARE_TYPE_CIRCLE && shareType !== OC.Share.SHARE_TYPE_ROOM),
+				owner: fileOwnerUid,
+				isShareWithCurrentUser: (shareType === OC.Share.SHARE_TYPE_USER && shareWith === oc_current_user),
+				canUpdateShareSettings: (sharedBy === oc_current_user || fileOwnerUid === oc_current_user),
 				isRemoteShare: shareType === OC.Share.SHARE_TYPE_REMOTE,
 				isRemoteGroupShare: shareType === OC.Share.SHARE_TYPE_REMOTE_GROUP,
 				isNoteAvailable: shareType !== OC.Share.SHARE_TYPE_REMOTE && shareType !== OC.Share.SHARE_TYPE_REMOTE_GROUP,

core/js/shareitemmodel.js

@@ -456,6 +456,19 @@
 			return share.displayname_owner;
 		},
 
+		/**
+		 * @param shareIndex
+		 * @returns {string}
+		 */
+		getFileOwnerUid: function(shareIndex) {
+			/** @type OC.Share.Types.ShareInfo **/
+			var share = this.get('shares')[shareIndex];
+			if(!_.isObject(share)) {
+				throw "Unknown Share";
+			}
+			return share.uid_file_owner;
+		},
+
 		/**
 		 * returns the array index of a sharee for a provided shareId
 		 *

core/js/tests/specs/sharedialogshareelistview.js

@@ -129,6 +129,7 @@ describe('OC.Share.ShareDialogShareeListView', function () {
 				share_type: OC.Share.SHARE_TYPE_USER,
 				share_with: 'user1',
 				share_with_displayname: 'User One',
+				uid_owner: oc_current_user,
 				itemType: 'folder'
 			}]);
 			shareModel.set('itemType', 'folder');
@@ -144,6 +145,7 @@ describe('OC.Share.ShareDialogShareeListView', function () {
 				share_type: OC.Share.SHARE_TYPE_USER,
 				share_with: 'user _.@-\'',
 				share_with_displayname: 'User One',
+				uid_owner: oc_current_user,
 				itemType: 'folder'
 			}]);
 			shareModel.set('itemType', 'folder');
@@ -159,6 +161,7 @@ describe('OC.Share.ShareDialogShareeListView', function () {
 				share_type: OC.Share.SHARE_TYPE_USER,
 				share_with: 'user1',
 				share_with_displayname: 'User One',
+				uid_owner: oc_current_user,
 				itemType: 'folder'
 			}]);
 			shareModel.set('itemType', 'folder');
@@ -174,6 +177,7 @@ describe('OC.Share.ShareDialogShareeListView', function () {
 				share_type: OC.Share.SHARE_TYPE_USER,
 				share_with: 'user _.@-\'',
 				share_with_displayname: 'User One',
+				uid_owner: oc_current_user,
 				itemType: 'folder'
 			}]);
 			shareModel.set('itemType', 'folder');
@@ -189,7 +193,8 @@ describe('OC.Share.ShareDialogShareeListView', function () {
 				permissions: 1,
 				share_type: OC.Share.SHARE_TYPE_USER,
 				share_with: 'user1',
-				share_with_displayname: 'User One'
+				share_with_displayname: 'User One',
+				uid_owner: oc_current_user,
 			}]);
 			shareModel.set('itemType', 'folder');
 			listView.render();
@@ -206,6 +211,7 @@ describe('OC.Share.ShareDialogShareeListView', function () {
 				share_type: OC.Share.SHARE_TYPE_USER,
 				share_with: 'user1',
 				share_with_displayname: 'User One',
+				uid_owner: oc_current_user,
 				itemType: 'folder'
 			}]);
 			shareModel.set('itemType', 'folder');
@@ -223,6 +229,7 @@ describe('OC.Share.ShareDialogShareeListView', function () {
 				share_type: OC.Share.SHARE_TYPE_USER,
 				share_with: 'user1',
 				share_with_displayname: 'User One',
+				uid_owner: oc_current_user,
 				itemType: 'folder'
 			}]);
 			shareModel.set('itemType', 'folder');

lib/private/Share20/DefaultShareProvider.php

@@ -623,12 +623,14 @@ public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offs
 		if ($reshares === false) {
 			$qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)));
 		} else {
-			$qb->andWhere(
-				$qb->expr()->orX(
-					$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
-					$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
-				)
-			);
+			if ($node === null) {
+				$qb->andWhere(
+					$qb->expr()->orX(
+						$qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
+						$qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
+					)
+				);
+			}
 		}
 
 		if ($node !== null) {