Skip to content

Commit

Permalink
Merge pull request #47192 from nextcloud/backport/47180/stable29
Browse files Browse the repository at this point in the history
  • Loading branch information
@skjnldsv
skjnldsv authored Aug 14, 2024
2 parents 7b66e0d + 3ea2812 commit aa7f5ac
Show file tree
Hide file tree
Showing 4 changed files with 168 additions and 8 deletions.
107 changes: 107 additions & 0 deletions cypress/e2e/files_sharing/limit_to_same_group.cy.ts
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
/**
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/

import { User } from "@nextcloud/cypress"
import { createShare } from "./filesSharingUtils.ts"

describe('Limit to sharing to people in the same group', () => {
let alice: User
let bob: User
let randomFileName1 = ''
let randomFileName2 = ''
let randomGroupName = ''
let randomGroupName2 = ''
let randomGroupName3 = ''

before(() => {
randomFileName1 = Math.random().toString(36).replace(/[^a-z]+/g, '').substring(0, 10) + '.txt'
randomFileName2 = Math.random().toString(36).replace(/[^a-z]+/g, '').substring(0, 10) + '.txt'
randomGroupName = Math.random().toString(36).replace(/[^a-z]+/g, '').substring(0, 10)
randomGroupName2 = Math.random().toString(36).replace(/[^a-z]+/g, '').substring(0, 10)
randomGroupName3 = Math.random().toString(36).replace(/[^a-z]+/g, '').substring(0, 10)

cy.runOccCommand('config:app:set core shareapi_only_share_with_group_members --value yes')

cy.createRandomUser()
.then(user => {
alice = user
cy.createRandomUser()
})
.then(user => {
bob = user

cy.runOccCommand(`group:add ${randomGroupName}`)
cy.runOccCommand(`group:add ${randomGroupName2}`)
cy.runOccCommand(`group:add ${randomGroupName3}`)
cy.runOccCommand(`group:adduser ${randomGroupName} ${alice.userId}`)
cy.runOccCommand(`group:adduser ${randomGroupName} ${bob.userId}`)
cy.runOccCommand(`group:adduser ${randomGroupName2} ${alice.userId}`)
cy.runOccCommand(`group:adduser ${randomGroupName2} ${bob.userId}`)
cy.runOccCommand(`group:adduser ${randomGroupName3} ${bob.userId}`)

cy.uploadContent(alice, new Blob(['share to bob'], { type: 'text/plain' }), 'text/plain', `/${randomFileName1}`)
cy.uploadContent(bob, new Blob(['share by bob'], { type: 'text/plain' }), 'text/plain', `/${randomFileName2}`)

cy.login(alice)
cy.visit('/apps/files')
createShare(randomFileName1, bob.userId)
cy.login(bob)
cy.visit('/apps/files')
createShare(randomFileName2, alice.userId)
})
})

after(() => {
cy.runOccCommand('config:app:set core shareapi_only_share_with_group_members --value no')
})

it('Alice can see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName2}"]`).should('exist')
})

it('Bob can see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName1}"]`).should('exist')
})

context('Bob is removed from the first group', () => {
before(() => {
cy.runOccCommand(`group:removeuser ${randomGroupName} ${bob.userId}`)
})

it('Alice can see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName2}"]`).should('exist')
})

it('Bob can see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName1}"]`).should('exist')
})
})

context('Bob is removed from the second group', () => {
before(() => {
cy.runOccCommand(`group:removeuser ${randomGroupName2} ${bob.userId}`)
})

it('Alice cannot see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName2}"]`).should('not.exist')
})

it('Bob cannot see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName1}"]`).should('not.exist')
})
})
})
46 changes: 44 additions & 2 deletions lib/private/Share20/DefaultShareProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
use OCP\Mail\IMailer;
use OCP\Share\Exceptions\ShareNotFound;
use OCP\Share\IAttributes;
use OCP\Share\IManager;
use OCP\Share\IShare;
use OCP\Share\IShareProvider;
use Psr\Log\LoggerInterface;
Expand Down Expand Up @@ -103,6 +104,7 @@ public function __construct(
IFactory $l10nFactory,
IURLGenerator $urlGenerator,
ITimeFactory $timeFactory,
private IManager $shareManager,
) {
$this->dbConn = $connection;
$this->userManager = $userManager;
Expand Down Expand Up @@ -1293,6 +1295,7 @@ public function groupDeleted($gid) {
*
* @param string $uid
* @param string $gid
* @return void
*/
public function userDeletedFromGroup($uid, $gid) {
/*
Expand All @@ -1304,7 +1307,7 @@ public function userDeletedFromGroup($uid, $gid) {
->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)))
->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid)));

$cursor = $qb->execute();
$cursor = $qb->executeQuery();
$ids = [];
while ($row = $cursor->fetch()) {
$ids[] = (int)$row['id'];
Expand All @@ -1321,7 +1324,46 @@ public function userDeletedFromGroup($uid, $gid) {
->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)))
->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($uid)))
->andWhere($qb->expr()->in('parent', $qb->createNamedParameter($chunk, IQueryBuilder::PARAM_INT_ARRAY)));
$qb->execute();
$qb->executeStatement();
}
}

if ($this->shareManager->shareWithGroupMembersOnly()) {
$user = $this->userManager->get($uid);
if ($user === null) {
return;
}
$userGroups = $this->groupManager->getUserGroupIds($user);
$userGroups = array_diff($userGroups, $this->shareManager->shareWithGroupMembersOnlyExcludeGroupsList());

// Delete user shares received by the user from users in the group.
$userReceivedShares = $this->shareManager->getSharedWith($uid, IShare::TYPE_USER, null, -1);
foreach ($userReceivedShares as $share) {
$owner = $this->userManager->get($share->getSharedBy());
if ($owner === null) {
continue;
}
$ownerGroups = $this->groupManager->getUserGroupIds($owner);
$mutualGroups = array_intersect($userGroups, $ownerGroups);

if (count($mutualGroups) === 0) {
$this->shareManager->deleteShare($share);
}
}

// Delete user shares from the user to users in the group.
$userEmittedShares = $this->shareManager->getSharesBy($uid, IShare::TYPE_USER, null, true, -1);
foreach ($userEmittedShares as $share) {
$recipient = $this->userManager->get($share->getSharedWith());
if ($recipient === null) {
continue;
}
$recipientGroups = $this->groupManager->getUserGroupIds($recipient);
$mutualGroups = array_intersect($userGroups, $recipientGroups);

if (count($mutualGroups) === 0) {
$this->shareManager->deleteShare($share);
}
}
}
}
Expand Down
1 change: 1 addition & 0 deletions lib/private/Share20/ProviderFactory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,6 +109,7 @@ protected function defaultShareProvider() {
$this->serverContainer->getL10NFactory(),
$this->serverContainer->getURLGenerator(),
$this->serverContainer->query(ITimeFactory::class),
$this->serverContainer->get(IManager::class),
);
}

Expand Down
22 changes: 16 additions & 6 deletions tests/lib/Share20/DefaultShareProviderTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,9 @@ class DefaultShareProviderTest extends \Test\TestCase {
/** @var ITimeFactory|MockObject */
protected $timeFactory;

/** @var IShareManager&MockObject */
protected $shareManager;

protected function setUp(): void {
$this->dbConn = \OC::$server->getDatabaseConnection();
$this->userManager = $this->createMock(IUserManager::class);
Expand All @@ -94,6 +97,7 @@ protected function setUp(): void {
$this->defaults = $this->getMockBuilder(Defaults::class)->disableOriginalConstructor()->getMock();
$this->urlGenerator = $this->createMock(IURLGenerator::class);
$this->timeFactory = $this->createMock(ITimeFactory::class);
$this->shareManager = $this->createMock(IShareManager::class);

$this->userManager->expects($this->any())->method('userExists')->willReturn(true);
$this->timeFactory->expects($this->any())->method('now')->willReturn(new \DateTimeImmutable("2023-05-04 00:00 Europe/Berlin"));
Expand All @@ -110,7 +114,8 @@ protected function setUp(): void {
$this->defaults,
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory
$this->timeFactory,
$this->shareManager,
);
}

Expand Down Expand Up @@ -471,7 +476,8 @@ public function testDeleteSingleShare() {
$this->defaults,
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory
$this->timeFactory,
$this->shareManager,
])
->setMethods(['getShareById'])
->getMock();
Expand Down Expand Up @@ -566,7 +572,8 @@ public function testDeleteGroupShareWithUserGroupShares() {
$this->defaults,
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory
$this->timeFactory,
$this->shareManager,
])
->setMethods(['getShareById'])
->getMock();
Expand Down Expand Up @@ -2526,7 +2533,8 @@ public function testGetSharesInFolder() {
$this->defaults,
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory
$this->timeFactory,
$this->shareManager,
);

$password = md5(time());
Expand Down Expand Up @@ -2624,7 +2632,8 @@ public function testGetAccessListNoCurrentAccessRequired() {
$this->defaults,
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory
$this->timeFactory,
$this->shareManager,
);

$u1 = $userManager->createUser('testShare1', 'test');
Expand Down Expand Up @@ -2720,7 +2729,8 @@ public function testGetAccessListCurrentAccessRequired() {
$this->defaults,
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory
$this->timeFactory,
$this->shareManager,
);

$u1 = $userManager->createUser('testShare1', 'test');
Expand Down

0 comments on commit aa7f5ac

Please sign in to comment.