[stable10] Backport of Fix the share permissions evaluation

apps/files_sharing/lib/API/Share20OCS.php

@@ -22,6 +22,7 @@
  */
 namespace OCA\Files_Sharing\API;
 
+use OCP\Constants;
 use OCP\Files\IRootFolder;
 use OCP\Files\NotFoundException;
 use OCP\IConfig;
@@ -535,6 +536,17 @@ private function getSharedWithMe($node = null, $includeTags, $stateFilter = 0) {
 			if (($stateFilter === null || $share->getState() === $stateFilter) &&
 					$this->canAccessShare($share)) {
 				try {
+					/**
+					 * Check if the group to which the user belongs is not allowed
+					 * to reshare
+					 */
+					if ($this->shareManager->sharingDisabledForUser($this->currentUser->getUID())) {
+						/**
+						 * Now set the permission to 15. Which will allow not to reshare.
+						 */
+						$permissionEvaluated = $share->getPermissions() & ~Constants::PERMISSION_SHARE;
+						$share->setPermissions($permissionEvaluated);
+					}
 					$formatted[] = $this->formatShare($share, true);
 				} catch (NotFoundException $e) {
 					// Ignore this share

apps/files_sharing/tests/API/Share20OCSTest.php

@@ -3112,6 +3112,72 @@ public function testGetSharesSharedWithMe($requestedPath, $stateFilter) {
 		}
 	}
 
+	public function testGetSharesSharedWithMeAndBlockGroup() {
+		$requestedPath = "/requested/path";
+		$stateFilter = "all";
+		$testStateFilter = $stateFilter;
+		if ($testStateFilter === '' || $testStateFilter === 'all') {
+			$testStateFilter = \OCP\Share::STATE_ACCEPTED;
+		}
+		$userShare = $this->newShare();
+		$userShare->setShareOwner('shareOwner');
+		$userShare->setSharedWith('currentUser');
+		$userShare->setShareType(\OCP\Share::SHARE_TYPE_USER);
+		$userShare->setState($testStateFilter);
+		$userShare->setPermissions(\OCP\Constants::PERMISSION_ALL);
+
+		$group = $this->createMock(IGroup::class);
+		$group->method('inGroup')->with($this->currentUser)->willReturn(true);
+
+		$groupObj = $this->createMock(IGroup::class);
+		$groupObj->method('inGroup')
+			->willReturn(true);
+
+		$this->groupManager->method('get')
+			->will($this->returnValueMap([
+				['group', $group],
+				['excluded_group', $groupObj]
+			]));
+
+		$node = $this->createMock(Node::class);
+		$node->expects($this->at(0))
+			->method('lock');
+		$node->expects($this->at(1))
+			->method('unlock');
+
+		$userFolder = $this->createMock(Folder::class);
+		$userFolder->expects($this->once())
+			->method('get')
+			->with($requestedPath)
+			->willReturn($node);
+		$this->rootFolder->expects($this->once())
+			->method('getUserFolder')
+			->with('currentUser')
+			->willReturn($userFolder);
+
+		$this->shareManager->method('getSharedWith')
+			->will($this->returnValueMap([
+				['currentUser', \OCP\Share::SHARE_TYPE_USER, $node, -1, 0, [$userShare]],
+				['currentUser', \OCP\Share::SHARE_TYPE_GROUP, $node, -1, 0, []],
+			]));
+		$this->shareManager->method('sharingDisabledForUser')
+			->with('currentUser')
+			->willReturn(true);
+
+		$this->request
+			->method('getParam')
+			->will($this->returnValueMap([
+				['path', null, $requestedPath],
+				['state', \OCP\Share::STATE_ACCEPTED, $stateFilter],
+				['shared_with_me', null, 'true'],
+			]));
+
+		$ocs = $this->mockFormatShare();
+		$ocs->method('formatShare')->will($this->returnArgument(0));
+		$result = $ocs->getShares();
+		$this->assertEquals($userShare->getPermissions(), $result->getData()[0]->getPermissions());
+	}
+
 	public function providesAcceptRejectShare() {
 		return [
 			['acceptShare', '/target', true, \OCP\Share::STATE_ACCEPTED],

apps/files_sharing/tests/ApiTest.php

@@ -446,6 +446,7 @@ public function testGetAllShares() {
 	}
 
 	public function testGetAllSharesWithMe() {
+		\OC::$server->getConfig()->setAppValue('core', 'shareapi_exclude_groups_list', '[]');
 		$node1 = $this->userFolder->get($this->filename);
 		$share1 = $this->shareManager->newShare();
 		$share1->setNode($node1)
@@ -473,6 +474,7 @@ public function testGetAllSharesWithMe() {
 
 		$this->shareManager->deleteShare($share1);
 		$this->shareManager->deleteShare($share2);
+		\OC::$server->getConfig()->deleteAppValue('core', 'shareapi_exclude_groups_list');
 	}
 
 	/**

tests/acceptance/features/webUISharingInternalUsers/shareWithUsers.feature

@@ -209,7 +209,6 @@ Feature: Sharing files and folders with internal users
     Then the user should see an error message on the share dialog saying "Sharing is not allowed"
     And the share-with field should not be visible in the details panel
 
-  @enterprise-issue-3037 # after the issue is fixed remove the comments on two lines and remove last line
   Scenario: user tries to re-share a file from a group which is blacklisted from sharing using webUI from shared with you page
     Given group "grp1" has been created
     And user "user1" has been added to group "grp1"
@@ -221,9 +220,8 @@ Feature: Sharing files and folders with internal users
     And the user re-logs in as "user1" using the webUI
     And the user browses to the shared-with-you page
     And the user opens the sharing tab from the file action menu of file "testimage (2).jpg" using the webUI
-    #Then the user should see an error message on the share dialog saying "Sharing is not allowed"
-    #And the share-with field should not be visible in the details panel
-    Then the share-with field should be visible in the details panel
+    Then the user should see an error message on the share dialog saying "Sharing is not allowed"
+    And the share-with field should not be visible in the details panel
     And user "user1" should not be able to share file "testimage (2).jpg" with user "User Three" using the sharing API
 
   Scenario: user shares the file/folder with another internal user and delete the share with user