diff --git a/apps/files_sharing/lib/API/Share20OCS.php b/apps/files_sharing/lib/API/Share20OCS.php index 0b1cc97288a6..4aaf0a23dd0f 100644 --- a/apps/files_sharing/lib/API/Share20OCS.php +++ b/apps/files_sharing/lib/API/Share20OCS.php @@ -22,6 +22,7 @@ */ namespace OCA\Files_Sharing\API; +use OCP\Constants; use OCP\Files\IRootFolder; use OCP\Files\NotFoundException; use OCP\IConfig; @@ -535,6 +536,17 @@ private function getSharedWithMe($node = null, $includeTags, $stateFilter = 0) { if (($stateFilter === null || $share->getState() === $stateFilter) && $this->canAccessShare($share)) { try { + /** + * Check if the group to which the user belongs is not allowed + * to reshare + */ + if ($this->shareManager->sharingDisabledForUser($this->currentUser->getUID())) { + /** + * Now set the permission to 15. Which will allow not to reshare. + */ + $permissionEvaluated = $share->getPermissions() & ~Constants::PERMISSION_SHARE; + $share->setPermissions($permissionEvaluated); + } $formatted[] = $this->formatShare($share, true); } catch (NotFoundException $e) { // Ignore this share diff --git a/apps/files_sharing/tests/API/Share20OCSTest.php b/apps/files_sharing/tests/API/Share20OCSTest.php index ab872abe53d6..7d0b04804b24 100644 --- a/apps/files_sharing/tests/API/Share20OCSTest.php +++ b/apps/files_sharing/tests/API/Share20OCSTest.php @@ -3112,6 +3112,72 @@ public function testGetSharesSharedWithMe($requestedPath, $stateFilter) { } } + public function testGetSharesSharedWithMeAndBlockGroup() { + $requestedPath = "/requested/path"; + $stateFilter = "all"; + $testStateFilter = $stateFilter; + if ($testStateFilter === '' || $testStateFilter === 'all') { + $testStateFilter = \OCP\Share::STATE_ACCEPTED; + } + $userShare = $this->newShare(); + $userShare->setShareOwner('shareOwner'); + $userShare->setSharedWith('currentUser'); + $userShare->setShareType(\OCP\Share::SHARE_TYPE_USER); + $userShare->setState($testStateFilter); + $userShare->setPermissions(\OCP\Constants::PERMISSION_ALL); + + $group = $this->createMock(IGroup::class); + $group->method('inGroup')->with($this->currentUser)->willReturn(true); + + $groupObj = $this->createMock(IGroup::class); + $groupObj->method('inGroup') + ->willReturn(true); + + $this->groupManager->method('get') + ->will($this->returnValueMap([ + ['group', $group], + ['excluded_group', $groupObj] + ])); + + $node = $this->createMock(Node::class); + $node->expects($this->at(0)) + ->method('lock'); + $node->expects($this->at(1)) + ->method('unlock'); + + $userFolder = $this->createMock(Folder::class); + $userFolder->expects($this->once()) + ->method('get') + ->with($requestedPath) + ->willReturn($node); + $this->rootFolder->expects($this->once()) + ->method('getUserFolder') + ->with('currentUser') + ->willReturn($userFolder); + + $this->shareManager->method('getSharedWith') + ->will($this->returnValueMap([ + ['currentUser', \OCP\Share::SHARE_TYPE_USER, $node, -1, 0, [$userShare]], + ['currentUser', \OCP\Share::SHARE_TYPE_GROUP, $node, -1, 0, []], + ])); + $this->shareManager->method('sharingDisabledForUser') + ->with('currentUser') + ->willReturn(true); + + $this->request + ->method('getParam') + ->will($this->returnValueMap([ + ['path', null, $requestedPath], + ['state', \OCP\Share::STATE_ACCEPTED, $stateFilter], + ['shared_with_me', null, 'true'], + ])); + + $ocs = $this->mockFormatShare(); + $ocs->method('formatShare')->will($this->returnArgument(0)); + $result = $ocs->getShares(); + $this->assertEquals($userShare->getPermissions(), $result->getData()[0]->getPermissions()); + } + public function providesAcceptRejectShare() { return [ ['acceptShare', '/target', true, \OCP\Share::STATE_ACCEPTED], diff --git a/apps/files_sharing/tests/ApiTest.php b/apps/files_sharing/tests/ApiTest.php index 527b80690d01..10e764da11cc 100644 --- a/apps/files_sharing/tests/ApiTest.php +++ b/apps/files_sharing/tests/ApiTest.php @@ -446,6 +446,7 @@ public function testGetAllShares() { } public function testGetAllSharesWithMe() { + \OC::$server->getConfig()->setAppValue('core', 'shareapi_exclude_groups_list', '[]'); $node1 = $this->userFolder->get($this->filename); $share1 = $this->shareManager->newShare(); $share1->setNode($node1) @@ -473,6 +474,7 @@ public function testGetAllSharesWithMe() { $this->shareManager->deleteShare($share1); $this->shareManager->deleteShare($share2); + \OC::$server->getConfig()->deleteAppValue('core', 'shareapi_exclude_groups_list'); } /** diff --git a/tests/acceptance/features/webUISharingInternalUsers/shareWithUsers.feature b/tests/acceptance/features/webUISharingInternalUsers/shareWithUsers.feature index 449d270c285a..0ba32e279a1d 100644 --- a/tests/acceptance/features/webUISharingInternalUsers/shareWithUsers.feature +++ b/tests/acceptance/features/webUISharingInternalUsers/shareWithUsers.feature @@ -209,7 +209,6 @@ Feature: Sharing files and folders with internal users Then the user should see an error message on the share dialog saying "Sharing is not allowed" And the share-with field should not be visible in the details panel - @enterprise-issue-3037 # after the issue is fixed remove the comments on two lines and remove last line Scenario: user tries to re-share a file from a group which is blacklisted from sharing using webUI from shared with you page Given group "grp1" has been created And user "user1" has been added to group "grp1" @@ -221,9 +220,8 @@ Feature: Sharing files and folders with internal users And the user re-logs in as "user1" using the webUI And the user browses to the shared-with-you page And the user opens the sharing tab from the file action menu of file "testimage (2).jpg" using the webUI - #Then the user should see an error message on the share dialog saying "Sharing is not allowed" - #And the share-with field should not be visible in the details panel - Then the share-with field should be visible in the details panel + Then the user should see an error message on the share dialog saying "Sharing is not allowed" + And the share-with field should not be visible in the details panel And user "user1" should not be able to share file "testimage (2).jpg" with user "User Three" using the sharing API Scenario: user shares the file/folder with another internal user and delete the share with user