Skip to content

Commit

Permalink
Loose share restriction (#117)
Browse files Browse the repository at this point in the history
  • Loading branch information
labkode authored May 10, 2017
1 parent 70fb0cb commit 65a49ad
Show file tree
Hide file tree
Showing 3 changed files with 36 additions and 13 deletions.
31 changes: 21 additions & 10 deletions core/ajax/share.php
Original file line number Diff line number Diff line change
Expand Up @@ -172,20 +172,31 @@
} else {
$shareWith = (string)$_POST['shareWith'];
}
$return = OCP\Share::unshare((string)$_POST['itemType'],(string) $_POST['itemSource'], (int)$_POST['shareType'], $shareWith);
($return) ? OC_JSON::success() : OC_JSON::error();
try {
\OC\ShareUtil::checkParentDirSharedById($_POST['itemSource'], $_POST['shareType'] === OCP\Share::SHARE_TYPE_LINK);
$return = OCP\Share::unshare((string)$_POST['itemType'],(string) $_POST['itemSource'], (int)$_POST['shareType'], $shareWith);
($return) ? OC_JSON::success() : OC_JSON::error();
} catch (Exception $exception) {
OC_JSON::error(array('data' => array('message' => $exception->getMessage())));
return;
}
}
break;
case 'setPermissions':
if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) {
$return = OCP\Share::setPermissions(
(string)$_POST['itemType'],
(string)$_POST['itemSource'],
(int)$_POST['shareType'],
(string)$_POST['shareWith'],
(int)$_POST['permissions']
);
($return) ? OC_JSON::success() : OC_JSON::error();
try {
\OC\ShareUtil::checkParentDirSharedById($_POST['itemSource'], $_POST['shareType'] === OCP\Share::SHARE_TYPE_LINK);
$return = OCP\Share::setPermissions(
(string)$_POST['itemType'],
(string)$_POST['itemSource'],
(int)$_POST['shareType'],
(string)$_POST['shareWith'],
(int)$_POST['permissions']
);
($return) ? OC_JSON::success() : OC_JSON::error();
} catch (Exception $exception) {
OC_JSON::error(array('data' => array('message' => $exception->getMessage())));
}
}
break;
case 'setExpirationDate':
Expand Down
12 changes: 10 additions & 2 deletions core/js/share.js
Original file line number Diff line number Diff line change
Expand Up @@ -430,14 +430,22 @@ OC.Share = _.extend(OC.Share || {}, {
callback();
}
} else {
OC.dialogs.alert(t('core', 'Error while unsharing'), t('core', 'Error'));
var msg = t('core', 'Error while unsharing');
if (result.data && result.data.message) {
msg = result.data.message;
}
OC.dialogs.alert(msg, t('core', 'Error'));
}
});
},
setPermissions:function(itemType, itemSource, shareType, shareWith, permissions) {
$.post(OC.filePath('core', 'ajax', 'share.php'), { action: 'setPermissions', itemType: itemType, itemSource: itemSource, shareType: shareType, shareWith: shareWith, permissions: permissions }, function(result) {
if (!result || result.status !== 'success') {
OC.dialogs.alert(t('core', 'Error while changing permissions'), t('core', 'Error'));
var msg = t('core', 'Error while unsharing');
if (result.data && result.data.message) {
msg = result.data.message;
}
OC.dialogs.alert(msg, t('core', 'Error'));
}
});
},
Expand Down
6 changes: 5 additions & 1 deletion lib/private/shareutil.php
Original file line number Diff line number Diff line change
Expand Up @@ -61,14 +61,18 @@ public static function checkParentDirShared(array $eosMeta, $isShareByLink) {
}
}

/*
* We allow to share in children folders because we do not allow modification of permissins or unsharing of the parent
$sharedFolderPath = self::parentFoldersHaveBeenShared($allPaths, $currentPath);
if ($sharedFolderPath !== false) {
throw new \Exception("Unable to share the file because the ancestor directory '$sharedFolderPath' has been already shared");
}
*/

$sharedFolderPath = self::childrenFoldersHaveBeenShared($allPaths, $currentPath);
if ($sharedFolderPath) {
throw new \Exception("Unable to share the file because the subfolder '$sharedFolderPath' has been already shared");
$msg = "Unable to modify share information because it will cause the lost of share information in the already shared folder '$sharedFolderPath'";
throw new \Exception($msg);
}
}

Expand Down

0 comments on commit 65a49ad

Please sign in to comment.