Fix shares read permissions #16761
Fix shares read permissions #16761
Conversation
skjnldsv
requested review from
rullzer,
MorrisJobke,
schiessle,
blizzz and
danxuliu
skjnldsv
force-pushed
the
fix/sharing/shares-access-sanity-checks
branch
2 times, most recently
from
cee92bd to
ec56209
Compare
skjnldsv
added
2. developing
This comment has been minimized.
This comment has been minimized.
skjnldsv
force-pushed
the
fix/sharing/shares-access-sanity-checks
branch
from
ec56209 to
432c411
Compare
skjnldsv
added
3. to review
|
So, with the request to displays the list of sharing to users with resharing rights, I missed an endpoint resulting in users not being able to access information they should be allowed to read. This PR should allow users with resharing rights to retrieve data from a specific nice catch, @skjnldsv |
skjnldsv
force-pushed
the
fix/sharing/shares-access-sanity-checks
branch
from
432c411 to
2194a02
Compare
There was a problem hiding this comment.
CI is not happy; it seems that this gives access to a share to users that should not be able to access it.
Similarly several sharing integration tests in Talk fail too with this pull request (which of course could just mean that they need to be adjusted to the new behaviour, but it seems that they are caused by the same aforementioned problem).
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
skjnldsv
force-pushed
the
fix/sharing/shares-access-sanity-checks
branch
from
759ef6e to
9afc6ac
Compare
| throw new OCSNotFoundException($this->l->t('Wrong share ID, share doesn\'t exist')); | ||
| } | ||
|
|
||
| if ($share->getShareOwner() !== $this->currentUser && $share->getSharedBy() !== $this->currentUser) { |
There was a problem hiding this comment.
Already part of the canEditShare
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
skjnldsv
added
4. to release
skjnldsv
force-pushed
the
fix/sharing/shares-access-sanity-checks
branch
4 times, most recently
from
717013b to
845ac7f
Compare
|
/compile amend / |
|
Weird |
|
three acceptance failing, but when running locally: And the output doesn't even go to the end of test sstatus lines (like above) in drone, I guess it timed out 🤷♂️ |
So, even locally or the bot cannot find changes. |
Copied and adjusted from "tests/integration/run-docker.sh" in Talk; see its commit history for further reference. Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
This will be needed to test scenarios in which updating a share return a different HTTP status code, like 401. The assertion for the 200 HTTP status code was added in those scenarios that tested updating a share (that is, those that were also checking the OCS status code), but not in those in which updating a share was just a preparatory step for the actual test (in the same way that the HTTP status code is not checked in those tests when creating a share). Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
skjnldsv
force-pushed
the
fix/sharing/shares-access-sanity-checks
branch
from
845ac7f to
b647341
Compare
|
Okay, the acceptances issues are on master, not on this pr. |
A user with reshare permissions on a file is now able to get any share of that file (just like the owner). Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
skjnldsv
force-pushed
the
fix/sharing/shares-access-sanity-checks
branch
from
b647341 to
ff895ab
Compare
We need to check if getShare (singular) also have resharing rights :)