nextcloud · MorrisJobke · Feb 27, 2018 · Dec 1, 2017 · Dec 1, 2017 · Dec 1, 2017
diff --git a/apps/files_sharing/lib/Capabilities.php b/apps/files_sharing/lib/Capabilities.php
@@ -23,6 +23,7 @@
 namespace OCA\Files_Sharing;
 
 use OCP\Capabilities\ICapability;
+use OCP\Constants;
 use \OCP\IConfig;
 
 /**
@@ -86,6 +87,7 @@ public function getCapabilities() {
  $res['group'] = [];
  $res['group']['enabled'] = $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes') === 'yes';
  $res['group']['expire_date']['enabled'] = true;
+ $res['default_permissions'] = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL);
  }
 
  //Federated sharing

diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -35,8 +35,10 @@
 use OCP\AppFramework\OCS\OCSForbiddenException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
 use OCP\AppFramework\OCSController;
+use OCP\Constants;
 use OCP\Files\Node;
 use OCP\Files\NotFoundException;
+use OCP\IConfig;
 use OCP\IGroupManager;
 use OCP\IL10N;
 use OCP\IUserManager;
@@ -75,6 +77,8 @@ class ShareAPIController extends OCSController {
  private $l;
  /** @var \OCP\Files\Node */
  private $lockedNode;
+ /** @var IConfig */
+ private $config;
 
  /**
  * Share20OCS constructor.
@@ -88,6 +92,7 @@ class ShareAPIController extends OCSController {
  * @param IURLGenerator $urlGenerator
  * @param string $userId
  * @param IL10N $l10n
+ * @param IConfig $config
  */
  public function __construct(
  $appName,
@@ -98,7 +103,8 @@ public function __construct(
  IRootFolder $rootFolder,
  IURLGenerator $urlGenerator,
  $userId,
- IL10N $l10n
+ IL10N $l10n,
+ IConfig $config
  ) {
  parent::__construct($appName, $request);
 
@@ -110,6 +116,7 @@ public function __construct(
  $this->urlGenerator = $urlGenerator;
  $this->currentUser = $userId;
  $this->l = $l10n;
+ $this->config = $config;
  }
 
  /**
@@ -318,7 +325,7 @@ public function deleteShare($id) {
  */
  public function createShare(
  $path = null,
- $permissions = \OCP\Constants::PERMISSION_ALL,
+ $permissions = null,
  $shareType = -1,
  $shareWith = null,
  $publicUpload = 'false',
@@ -327,6 +334,10 @@ public function createShare(
  ) {
  $share = $this->shareManager->newShare();
 
+ if ($permissions === null) {
+ $permissions = $this->config->getAppValue('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL);
+ }
+
  // Verify path
  if ($path === null) {
  throw new OCSNotFoundException($this->l->t('Please specify a file or folder path'));
@@ -347,17 +358,17 @@ public function createShare(
  throw new OCSNotFoundException($this->l->t('Could not create share'));
  }
 
- if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) {
+ if ($permissions < 0 || $permissions > Constants::PERMISSION_ALL) {
  throw new OCSNotFoundException($this->l->t('invalid permissions'));
  }
 
  // Shares always require read permissions
- $permissions |= \OCP\Constants::PERMISSION_READ;
+ $permissions |= Constants::PERMISSION_READ;
 
  if ($path instanceof \OCP\Files\File) {
  // Single file shares should never have delete or create permissions
- $permissions &= ~\OCP\Constants::PERMISSION_DELETE;
- $permissions &= ~\OCP\Constants::PERMISSION_CREATE;
+ $permissions &= ~Constants::PERMISSION_DELETE;
+ $permissions &= ~Constants::PERMISSION_CREATE;
  }
 
  /*
@@ -414,13 +425,13 @@ public function createShare(
  }
 
  $share->setPermissions(
- \OCP\Constants::PERMISSION_READ |
- \OCP\Constants::PERMISSION_CREATE |
- \OCP\Constants::PERMISSION_UPDATE |
- \OCP\Constants::PERMISSION_DELETE
+ Constants::PERMISSION_READ |
+ Constants::PERMISSION_CREATE |
+ Constants::PERMISSION_UPDATE |
+ Constants::PERMISSION_DELETE
  );
  } else {
- $share->setPermissions(\OCP\Constants::PERMISSION_READ);
+ $share->setPermissions(Constants::PERMISSION_READ);
  }
 
  // Set password
@@ -447,13 +458,9 @@ public function createShare(
  $share->setPermissions($permissions);
  } else if ($shareType === \OCP\Share::SHARE_TYPE_EMAIL) {
  if ($share->getNodeType() === 'file') {
- $share->setPermissions(\OCP\Constants::PERMISSION_READ);
+ $share->setPermissions(Constants::PERMISSION_READ);
  } else {
- $share->setPermissions(
- \OCP\Constants::PERMISSION_READ |
- \OCP\Constants::PERMISSION_CREATE |
- \OCP\Constants::PERMISSION_UPDATE |
- \OCP\Constants::PERMISSION_DELETE);
+ $share->setPermissions($permissions);
  }
  $share->setSharedWith($shareWith);
  } else if ($shareType === \OCP\Share::SHARE_TYPE_CIRCLE) {
@@ -698,33 +705,33 @@ public function updateShare(
 
  $newPermissions = null;
  if ($publicUpload === 'true') {
- $newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE;
+ $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
  } else if ($publicUpload === 'false') {
- $newPermissions = \OCP\Constants::PERMISSION_READ;
+ $newPermissions = Constants::PERMISSION_READ;
  }
 
  if ($permissions !== null) {
  $newPermissions = (int)$permissions;
- $newPermissions = $newPermissions & ~\OCP\Constants::PERMISSION_SHARE;
+ $newPermissions = $newPermissions & ~Constants::PERMISSION_SHARE;
  }
 
  if ($newPermissions !== null &&
  !in_array($newPermissions, [
- \OCP\Constants::PERMISSION_READ,
- \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE, // legacy
- \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE, // correct
- \OCP\Constants::PERMISSION_CREATE, // hidden file list
- \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE, // allow to edit single files
+ Constants::PERMISSION_READ,
+ Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE, // legacy
+ Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE, // correct
+ Constants::PERMISSION_CREATE, // hidden file list
+ Constants::PERMISSION_READ | Constants::PERMISSION_UPDATE, // allow to edit single files
  ])
  ) {
  throw new OCSBadRequestException($this->l->t('Can\'t change permissions for public share links'));
  }
 
  if (
  // legacy
- $newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE) ||
+ $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE) ||
  // correct
- $newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE)
+ $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE)
  ) {
  if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
  throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
@@ -735,7 +742,7 @@ public function updateShare(
  }
 
  // normalize to correct public upload permissions
- $newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE;
+ $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
  }
 
  if ($newPermissions !== null) {

diff --git a/apps/files_sharing/tests/ApiTest.php b/apps/files_sharing/tests/ApiTest.php
@@ -37,6 +37,7 @@
 use OCP\AppFramework\OCS\OCSException;
 use OCP\AppFramework\OCS\OCSForbiddenException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
+use OCP\IConfig;
 use OCP\IL10N;
 use OCP\IRequest;
 
@@ -105,6 +106,7 @@ private function createOCS($userId) {
  ->will($this->returnCallback(function($text, $parameters = []) {
  return vsprintf($text, $parameters);
  }));
+ $config = $this->createMock(IConfig::class);
 
  return new ShareAPIController(
  self::APP_NAME,
@@ -115,7 +117,8 @@ private function createOCS($userId) {
  \OC::$server->getRootFolder(),
  \OC::$server->getURLGenerator(),
  $userId,
- $l
+ $l,
+ $config
  );
  }
 

diff --git a/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php b/apps/files_sharing/tests/Controller/ShareAPIControllerTest.php
@@ -31,6 +31,7 @@
 use OCP\Files\File;
 use OCP\Files\Folder;
 use OCP\Files\Storage;
+use OCP\IConfig;
 use OCP\IL10N;
 use OCA\Files_Sharing\Controller\ShareAPIController;
 use OCP\Files\NotFoundException;
@@ -84,6 +85,9 @@ class ShareAPIControllerTest extends TestCase {
  /** @var IL10N|\PHPUnit_Framework_MockObject_MockObject */
  private $l;
 
+ /** @var IConfig|\PHPUnit_Framework_MockObject_MockObject */
+ private $config;
+
  protected function setUp() {
  $this->shareManager = $this->createMock(IManager::class);
  $this->shareManager
@@ -102,6 +106,7 @@ protected function setUp() {
  ->will($this->returnCallback(function($text, $parameters = []) {
  return vsprintf($text, $parameters);
  }));
+ $this->config = $this->createMock(IConfig::class);
 
  $this->ocs = new ShareAPIController(
  $this->appName,
@@ -112,7 +117,8 @@ protected function setUp() {
  $this->rootFolder,
  $this->urlGenerator,
  $this->currentUser,
- $this->l
+ $this->l,
+ $this->config
  );
  }
 
@@ -131,6 +137,7 @@ private function mockFormatShare() {
  $this->urlGenerator,
  $this->currentUser,
  $this->l,
+ $this->config
  ])->setMethods(['formatShare'])
  ->getMock();
  }
@@ -439,6 +446,7 @@ public function testGetShare(\OCP\Share\IShare $share, array $result) {
  $this->urlGenerator,
  $this->currentUser,
  $this->l,
+ $this->config
  ])->setMethods(['canAccessShare'])
  ->getMock();
 
@@ -707,6 +715,7 @@ public function testCreateShareUser() {
  $this->urlGenerator,
  $this->currentUser,
  $this->l,
+ $this->config
  ])->setMethods(['formatShare'])
  ->getMock();
 
@@ -804,6 +813,7 @@ public function testCreateShareGroup() {
  $this->urlGenerator,
  $this->currentUser,
  $this->l,
+ $this->config
  ])->setMethods(['formatShare'])
  ->getMock();
 
@@ -1119,6 +1129,7 @@ public function testCreateReshareOfFederatedMountNoDeletePermissions() {
  $this->urlGenerator,
  $this->currentUser,
  $this->l,
+ $this->config
  ])->setMethods(['formatShare'])
  ->getMock();
 

diff --git a/core/Controller/OCJSController.php b/core/Controller/OCJSController.php
@@ -26,6 +26,7 @@
 namespace OC\Core\Controller;
 
 use bantu\IniGetWrapper\IniGetWrapper;
+use OC\CapabilitiesManager;
 use OC\Template\JSConfigHelper;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Controller;
@@ -59,6 +60,7 @@ class OCJSController extends Controller {
  * @param IGroupManager $groupManager
  * @param IniGetWrapper $iniWrapper
  * @param IURLGenerator $urlGenerator
+ * @param CapabilitiesManager $capabilitiesManager
  */
  public function __construct($appName,
  IRequest $request,
@@ -70,7 +72,8 @@ public function __construct($appName,
  IConfig $config,
  IGroupManager $groupManager,
  IniGetWrapper $iniWrapper,
- IURLGenerator $urlGenerator) {
+ IURLGenerator $urlGenerator,
+ CapabilitiesManager $capabilitiesManager) {
  parent::__construct($appName, $request);
 
  $this->helper = new JSConfigHelper(
@@ -82,7 +85,8 @@ public function __construct($appName,
  $config,
  $groupManager,
  $iniWrapper,
- $urlGenerator
+ $urlGenerator,
+ $capabilitiesManager
  );
  }
 

diff --git a/core/js/js.js b/core/js/js.js
@@ -80,6 +80,13 @@ var OCP = {},
  */
  webroot:oc_webroot,
 
+ /**
+ * Capabilities
+ *
+ * @type array
+ */
+ _capabilities: window.oc_capabilities || null,
+
  appswebroots:(typeof oc_appswebroots !== 'undefined') ? oc_appswebroots:false,
  /**
  * Currently logged in user or null if none
@@ -308,6 +315,18 @@ var OCP = {},
  return OC.webroot;
  },
 
+
+ /**
+ * Returns the capabilities
+ *
+ * @return {array} capabilities
+ *
+ * @since 14.0
+ */
+ getCapabilities: function() {
+ return OC._capabilities;
+ },
+
  /**
  * Returns the currently logged in user or null if there is no logged in
  * user (public page mode)

diff --git a/core/js/shareitemmodel.js b/core/js/shareitemmodel.js
@@ -158,23 +158,24 @@
  var shareType = attributes.shareType;
  attributes = _.extend({}, attributes);
 
- // Default permissions are Edit (CRUD) and Share
- // Check if these permissions are possible
- var permissions = OC.PERMISSION_READ;
+ // get default permissions
+ var defaultPermissions = OC.getCapabilities()['files_sharing']['default_permissions'] || OC.PERMISSION_ALL;
+ var possiblePermissions = OC.PERMISSION_READ;
+
  if (this.updatePermissionPossible()) {
- permissions = permissions | OC.PERMISSION_UPDATE;
+ possiblePermissions = possiblePermissions | OC.PERMISSION_UPDATE;
  }
  if (this.createPermissionPossible()) {
- permissions = permissions | OC.PERMISSION_CREATE;
+ possiblePermissions = possiblePermissions | OC.PERMISSION_CREATE;
  }
  if (this.deletePermissionPossible()) {
- permissions = permissions | OC.PERMISSION_DELETE;
+ possiblePermissions = possiblePermissions | OC.PERMISSION_DELETE;
  }
  if (this.configModel.get('isResharingAllowed') && (this.sharePermissionPossible())) {
- permissions = permissions | OC.PERMISSION_SHARE;
+ possiblePermissions = possiblePermissions | OC.PERMISSION_SHARE;
  }
 
- attributes.permissions = permissions;
+ attributes.permissions = defaultPermissions & possiblePermissions;
  if (_.isUndefined(attributes.path)) {
  attributes.path = this.fileInfoModel.getFullPath();
  }