Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add exclude_groups_from_sharing to capabilities #31580

Merged
merged 1 commit into from
Jun 28, 2018
Merged

Add exclude_groups_from_sharing to capabilities #31580

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 21 additions & 0 deletions apps/files_sharing/lib/Capabilities.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,19 @@ public function __construct(IConfig $config, UserSearch $userSearch, IUserSessio
$this->groupManager = $groupManager;
}

/**
* Returns whether the currently logged in user is an administrator
*
* @return bool true if the user is an admin
*/
private function isAdmin() {
$user = $this->userSession->getUser();
if ($user !== null) {
return $this->groupManager->isAdmin($user->getUID());
}
return false;
}

/**
* Return this classes capabilities
*
Expand Down Expand Up @@ -126,6 +139,14 @@ public function getCapabilities() {
$res['can_share'] = true;
}

if ($this->isAdmin()) {
$res['exclude_groups_from_sharing'] = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'yes') === 'yes';

if ($res['exclude_groups_from_sharing']) {
$res['groups_excluded_from_sharing'] = \json_decode($this->config->getAppValue('core', 'shareapi_exclude_groups_list', '[]'), true);
}
}

$user_enumeration = [];
$user_enumeration['enabled'] = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
if ($user_enumeration['enabled']) {
Expand Down
18 changes: 18 additions & 0 deletions apps/files_sharing/tests/CapabilitiesTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,6 +378,24 @@ public function testShareWithMembershipGroupsOnly() {
$this->assertTrue($result['share_with_membership_groups_only']);
}

public function testNoExcludeGroupsFromSharingWhenNotAdmin() {
$map = [
['core', 'shareapi_enabled', 'yes', 'yes'],
['core', 'shareapi_exclude_groups', 'yes', 'no'],
];
$result = $this->getResults($map);
$this->assertArrayNotHasKey('exclude_groups_from_sharing', $result);
}

public function testExcludeGroupsFromSharingWhenNotAdmin() {
$map = [
['core', 'shareapi_enabled', 'yes', 'yes'],
['core', 'shareapi_exclude_groups', 'yes', 'yes'],
];
$result = $this->getResults($map);
$this->assertArrayNotHasKey('exclude_groups_from_sharing', $result);
}

public function testNoUserEnumeration() {
$map = [
['core', 'shareapi_enabled', 'yes', 'yes'],
Expand Down
81 changes: 78 additions & 3 deletions tests/acceptance/features/apiCapabilities/capabilities.feature
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand All @@ -70,6 +71,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand Down Expand Up @@ -110,6 +112,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand All @@ -134,6 +137,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand All @@ -158,6 +162,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand All @@ -182,6 +187,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | EMPTY |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand Down Expand Up @@ -209,6 +215,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand Down Expand Up @@ -236,6 +243,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand Down Expand Up @@ -263,6 +271,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand All @@ -287,6 +296,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand All @@ -311,6 +321,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand All @@ -336,6 +347,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand Down Expand Up @@ -363,6 +375,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand All @@ -387,6 +400,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | EMPTY |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand All @@ -411,6 +425,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | 1 |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
Expand All @@ -435,6 +450,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | EMPTY |
| files | bigfilechunking | 1 |
| files | undelete | 1 |
Expand All @@ -458,6 +474,7 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | 1 |
| files | bigfilechunking | 1 |
Expand Down Expand Up @@ -486,13 +503,17 @@ Feature: capabilities
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | exclude_groups_from_sharing | 1 |
| files_sharing | groups_excluded_from_sharing@@@element[0] | grp1 |
| files_sharing | groups_excluded_from_sharing@@@element[1] | hash#group |
| files_sharing | groups_excluded_from_sharing@@@element[2] | group-3 |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
| files | undelete | 1 |
| files | versioning | 1 |

Scenario: When in a group that is excluded from sharing, can_share is off
Scenario: When in a group that is excluded from sharing, can_share is off and "exclude groups from sharing" details are not reported
Given parameter "shareapi_exclude_groups" of app "core" has been set to "yes"
And user "user0" has been created
And group "grp1" has been created
Expand Down Expand Up @@ -523,8 +544,14 @@ Feature: capabilities
| files | bigfilechunking | 1 |
| files | undelete | 1 |
| files | versioning | 1 |
And the capabilities should not contain
| capability | path_to_element |
| files_sharing | exclude_groups_from_sharing |
| files_sharing | groups_excluded_from_sharing@@@element[0] |
| files_sharing | groups_excluded_from_sharing@@@element[1] |
| files_sharing | groups_excluded_from_sharing@@@element[2] |

Scenario: When not in any group that is excluded from sharing, can_share is on
Scenario: When not in any group that is excluded from sharing, can_share is on and "exclude groups from sharing" details are not reported
Given parameter "shareapi_exclude_groups" of app "core" has been set to "yes"
And user "user0" has been created
And group "grp1" has been created
Expand Down Expand Up @@ -555,8 +582,50 @@ Feature: capabilities
| files | bigfilechunking | 1 |
| files | undelete | 1 |
| files | versioning | 1 |
And the capabilities should not contain
| capability | path_to_element |
| files_sharing | exclude_groups_from_sharing |
| files_sharing | groups_excluded_from_sharing@@@element[0] |
| files_sharing | groups_excluded_from_sharing@@@element[1] |
| files_sharing | groups_excluded_from_sharing@@@element[2] |

Scenario: When in a group that is excluded from sharing and in another group, can_share is off
Scenario: When not in any group at all, can_share is on and "exclude groups from sharing" details are not reported
Given parameter "shareapi_exclude_groups" of app "core" has been set to "yes"
And group "grp1" has been created
And group "hash#group" has been created
And group "group-3" has been created
And parameter "shareapi_exclude_groups_list" of app "core" has been set to '["grp1","hash#group","group-3"]'
And user "user0" has been created
And as user "user0"
When the user retrieves the capabilities using the API
Then the capabilities should contain
| capability | path_to_element | value |
| core | pollinterval | 60 |
| core | webdav-root | remote.php/webdav |
| files_sharing | api_enabled | 1 |
| files_sharing | can_share | 1 |
| files_sharing | public@@@enabled | 1 |
| files_sharing | public@@@upload | 1 |
| files_sharing | public@@@send_mail | EMPTY |
| files_sharing | public@@@social_share | 1 |
| files_sharing | resharing | 1 |
| files_sharing | federation@@@outgoing | 1 |
| files_sharing | federation@@@incoming | 1 |
| files_sharing | group_sharing | 1 |
| files_sharing | share_with_group_members_only | EMPTY |
| files_sharing | user_enumeration@@@enabled | 1 |
| files_sharing | user_enumeration@@@group_members_only | EMPTY |
| files | bigfilechunking | 1 |
| files | undelete | 1 |
| files | versioning | 1 |
And the capabilities should not contain
| capability | path_to_element |
| files_sharing | exclude_groups_from_sharing |
| files_sharing | groups_excluded_from_sharing@@@element[0] |
| files_sharing | groups_excluded_from_sharing@@@element[1] |
| files_sharing | groups_excluded_from_sharing@@@element[2] |

Scenario: When in a group that is excluded from sharing and in another group, can_share is off and "exclude groups from sharing" details are not reported
Given parameter "shareapi_exclude_groups" of app "core" has been set to "yes"
And user "user0" has been created
And group "grp1" has been created
Expand Down Expand Up @@ -588,3 +657,9 @@ Feature: capabilities
| files | bigfilechunking | 1 |
| files | undelete | 1 |
| files | versioning | 1 |
And the capabilities should not contain
| capability | path_to_element |
| files_sharing | exclude_groups_from_sharing |
| files_sharing | groups_excluded_from_sharing@@@element[0] |
| files_sharing | groups_excluded_from_sharing@@@element[1] |
| files_sharing | groups_excluded_from_sharing@@@element[2] |