From 65a49ad4fa68e0ea4ae62065679a687f77b1c509 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Hugo=20Gonz=C3=A1lez=20Labrador?= Date: Wed, 10 May 2017 09:29:20 +0200 Subject: [PATCH] Loose share restriction (#117) --- core/ajax/share.php | 31 +++++++++++++++++++++---------- core/js/share.js | 12 ++++++++++-- lib/private/shareutil.php | 6 +++++- 3 files changed, 36 insertions(+), 13 deletions(-) diff --git a/core/ajax/share.php b/core/ajax/share.php index 6d1791f8d19f..b6f1fdbf74f7 100644 --- a/core/ajax/share.php +++ b/core/ajax/share.php @@ -172,20 +172,31 @@ } else { $shareWith = (string)$_POST['shareWith']; } - $return = OCP\Share::unshare((string)$_POST['itemType'],(string) $_POST['itemSource'], (int)$_POST['shareType'], $shareWith); - ($return) ? OC_JSON::success() : OC_JSON::error(); + try { + \OC\ShareUtil::checkParentDirSharedById($_POST['itemSource'], $_POST['shareType'] === OCP\Share::SHARE_TYPE_LINK); + $return = OCP\Share::unshare((string)$_POST['itemType'],(string) $_POST['itemSource'], (int)$_POST['shareType'], $shareWith); + ($return) ? OC_JSON::success() : OC_JSON::error(); + } catch (Exception $exception) { + OC_JSON::error(array('data' => array('message' => $exception->getMessage()))); + return; + } } break; case 'setPermissions': if (isset($_POST['shareType']) && isset($_POST['shareWith']) && isset($_POST['permissions'])) { - $return = OCP\Share::setPermissions( - (string)$_POST['itemType'], - (string)$_POST['itemSource'], - (int)$_POST['shareType'], - (string)$_POST['shareWith'], - (int)$_POST['permissions'] - ); - ($return) ? OC_JSON::success() : OC_JSON::error(); + try { + \OC\ShareUtil::checkParentDirSharedById($_POST['itemSource'], $_POST['shareType'] === OCP\Share::SHARE_TYPE_LINK); + $return = OCP\Share::setPermissions( + (string)$_POST['itemType'], + (string)$_POST['itemSource'], + (int)$_POST['shareType'], + (string)$_POST['shareWith'], + (int)$_POST['permissions'] + ); + ($return) ? OC_JSON::success() : OC_JSON::error(); + } catch (Exception $exception) { + OC_JSON::error(array('data' => array('message' => $exception->getMessage()))); + } } break; case 'setExpirationDate': diff --git a/core/js/share.js b/core/js/share.js index b93aa6fa1927..1932043203ed 100644 --- a/core/js/share.js +++ b/core/js/share.js @@ -430,14 +430,22 @@ OC.Share = _.extend(OC.Share || {}, { callback(); } } else { - OC.dialogs.alert(t('core', 'Error while unsharing'), t('core', 'Error')); + var msg = t('core', 'Error while unsharing'); + if (result.data && result.data.message) { + msg = result.data.message; + } + OC.dialogs.alert(msg, t('core', 'Error')); } }); }, setPermissions:function(itemType, itemSource, shareType, shareWith, permissions) { $.post(OC.filePath('core', 'ajax', 'share.php'), { action: 'setPermissions', itemType: itemType, itemSource: itemSource, shareType: shareType, shareWith: shareWith, permissions: permissions }, function(result) { if (!result || result.status !== 'success') { - OC.dialogs.alert(t('core', 'Error while changing permissions'), t('core', 'Error')); + var msg = t('core', 'Error while unsharing'); + if (result.data && result.data.message) { + msg = result.data.message; + } + OC.dialogs.alert(msg, t('core', 'Error')); } }); }, diff --git a/lib/private/shareutil.php b/lib/private/shareutil.php index 559f6e59b473..92b57193fbda 100644 --- a/lib/private/shareutil.php +++ b/lib/private/shareutil.php @@ -61,14 +61,18 @@ public static function checkParentDirShared(array $eosMeta, $isShareByLink) { } } + /* + * We allow to share in children folders because we do not allow modification of permissins or unsharing of the parent $sharedFolderPath = self::parentFoldersHaveBeenShared($allPaths, $currentPath); if ($sharedFolderPath !== false) { throw new \Exception("Unable to share the file because the ancestor directory '$sharedFolderPath' has been already shared"); } + */ $sharedFolderPath = self::childrenFoldersHaveBeenShared($allPaths, $currentPath); if ($sharedFolderPath) { - throw new \Exception("Unable to share the file because the subfolder '$sharedFolderPath' has been already shared"); + $msg = "Unable to modify share information because it will cause the lost of share information in the already shared folder '$sharedFolderPath'"; + throw new \Exception($msg); } }