diff options
| author | Robin Appelman <robin@icewind.nl> | 2021-04-23 21:20:56 +0300 |
|---|---|---|
| committer | Robin Appelman <robin@icewind.nl> | 2021-05-12 17:11:31 +0300 |
| commit | 0e6321957df6635d43ad07d7add23b1cea581fc0 (patch) | |
| tree | 0e0e448f515cd778b6f08e7140abf742a3e11e3a | |
| parent | b1dca57a1ce59bacc4089761275e4366e9760313 (diff) | |
allow excluding groups from creating link shares
Signed-off-by: Robin Appelman <robin@icewind.nl>
| -rw-r--r-- | apps/settings/js/admin.js | 2 | ||||
| -rw-r--r-- | apps/settings/lib/Settings/Admin/Sharing.php | 4 | ||||
| -rw-r--r-- | apps/settings/templates/settings/admin/sharing.php | 10 | ||||
| -rw-r--r-- | lib/private/Server.php | 3 | ||||
| -rw-r--r-- | lib/private/Share20/Manager.php | 120 |
5 files changed, 76 insertions, 63 deletions
diff --git a/apps/settings/js/admin.js b/apps/settings/js/admin.js index 271d13b43d0..f749c9e132c 100644 --- a/apps/settings/js/admin.js +++ b/apps/settings/js/admin.js @@ -1,5 +1,5 @@ window.addEventListener('DOMContentLoaded', function(){ - $('#excludedGroups').each(function (index, element) { + $('#excludedGroups,#linksExcludedGroups').each(function (index, element) { OC.Settings.setupGroupsSelect($(element)); $(element).change(function(ev) { var groups = ev.val || []; diff --git a/apps/settings/lib/Settings/Admin/Sharing.php b/apps/settings/lib/Settings/Admin/Sharing.php index 7eb9649a1aa..8d759b4ae85 100644 --- a/apps/settings/lib/Settings/Admin/Sharing.php +++ b/apps/settings/lib/Settings/Admin/Sharing.php @@ -64,11 +64,15 @@ class Sharing implements ISettings { $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); $excludeGroupsList = !is_null(json_decode($excludedGroups)) ? implode('|', json_decode($excludedGroups, true)) : ''; + $linksExcludedGroups = $this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', ''); + $linksExcludeGroupsList = !is_null(json_decode($linksExcludedGroups)) + ? implode('|', json_decode($linksExcludedGroups, true)) : ''; $parameters = [ // Built-In Sharing 'allowGroupSharing' => $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes'), 'allowLinks' => $this->config->getAppValue('core', 'shareapi_allow_links', 'yes'), + 'allowLinksExcludeGroups' => $linksExcludeGroupsList, 'allowPublicUpload' => $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes'), 'allowResharing' => $this->config->getAppValue('core', 'shareapi_allow_resharing', 'yes'), 'allowShareDialogUserEnumeration' => $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes'), diff --git a/apps/settings/templates/settings/admin/sharing.php b/apps/settings/templates/settings/admin/sharing.php index 4bb2ddca7d9..9b562cface6 100644 --- a/apps/settings/templates/settings/admin/sharing.php +++ b/apps/settings/templates/settings/admin/sharing.php @@ -138,6 +138,14 @@ <p class="<?php if ($_['shareAPIEnabled'] === 'no') { p('hidden'); }?>"> + <p class="indent"> + <?php p($l->t('Exclude groups from creating link shares:'));?> + </p> + <p id="selectLinksExcludedGroups" class="indent <?php if ($_['allowLinks'] === 'no') { + p('hidden'); +} ?>"> + <input name="shareapi_allow_links_exclude_groups" type="hidden" id="linksExcludedGroups" value="<?php p($_['allowLinksExcludeGroups']) ?>" style="width: 400px" class="noJSAutoUpdate"/> + </p> <input type="checkbox" name="shareapi_allow_resharing" id="allowResharing" class="checkbox" value="1" <?php if ($_['allowResharing'] === 'yes') { print_unescaped('checked="checked"'); @@ -176,7 +184,7 @@ } ?>"> <input name="shareapi_exclude_groups_list" type="hidden" id="excludedGroups" value="<?php p($_['shareExcludedGroupsList']) ?>" style="width: 400px" class="noJSAutoUpdate"/> <br /> - <em><?php p($l->t('These groups will still be able to receive shares, but not to initiate them.')); ?></em> + <em><?php p($l->t('These groups will still be able to receive shares, but not to initiate them.')); ?></em> </p> <p class="<?php if ($_['shareAPIEnabled'] === 'no') { diff --git a/lib/private/Server.php b/lib/private/Server.php index f7eaf9f3591..9047a7c454d 100644 --- a/lib/private/Server.php +++ b/lib/private/Server.php @@ -1234,7 +1234,8 @@ class Server extends ServerContainer implements IServerContainer { $c->get(IMailer::class), $c->get(IURLGenerator::class), $c->get('ThemingDefaults'), - $c->get(IEventDispatcher::class) + $c->get(IEventDispatcher::class), + $c->get(IUserSession::class) ); return $manager; diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index 00020c3a8f6..51b6c5be0fc 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -57,6 +57,7 @@ use OCP\ILogger; use OCP\IURLGenerator; use OCP\IUser; use OCP\IUserManager; +use OCP\IUserSession; use OCP\L10N\IFactory; use OCP\Mail\IMailer; use OCP\Security\Events\ValidatePasswordPolicyEvent; @@ -104,8 +105,6 @@ class Manager implements IManager { private $sharingDisabledForUsersCache; /** @var EventDispatcherInterface */ private $legacyDispatcher; - /** @var LegacyHooks */ - private $legacyHooks; /** @var IMailer */ private $mailer; /** @var IURLGenerator */ @@ -114,44 +113,26 @@ class Manager implements IManager { private $defaults; /** @var IEventDispatcher */ private $dispatcher; + private $userSession; - - /** - * Manager constructor. - * - * @param ILogger $logger - * @param IConfig $config - * @param ISecureRandom $secureRandom - * @param IHasher $hasher - * @param IMountManager $mountManager - * @param IGroupManager $groupManager - * @param IL10N $l - * @param IFactory $l10nFactory - * @param IProviderFactory $factory - * @param IUserManager $userManager - * @param IRootFolder $rootFolder - * @param EventDispatcherInterface $eventDispatcher - * @param IMailer $mailer - * @param IURLGenerator $urlGenerator - * @param \OC_Defaults $defaults - */ public function __construct( - ILogger $logger, - IConfig $config, - ISecureRandom $secureRandom, - IHasher $hasher, - IMountManager $mountManager, - IGroupManager $groupManager, - IL10N $l, - IFactory $l10nFactory, - IProviderFactory $factory, - IUserManager $userManager, - IRootFolder $rootFolder, - EventDispatcherInterface $legacyDispatcher, - IMailer $mailer, - IURLGenerator $urlGenerator, - \OC_Defaults $defaults, - IEventDispatcher $dispatcher + ILogger $logger, + IConfig $config, + ISecureRandom $secureRandom, + IHasher $hasher, + IMountManager $mountManager, + IGroupManager $groupManager, + IL10N $l, + IFactory $l10nFactory, + IProviderFactory $factory, + IUserManager $userManager, + IRootFolder $rootFolder, + EventDispatcherInterface $legacyDispatcher, + IMailer $mailer, + IURLGenerator $urlGenerator, + \OC_Defaults $defaults, + IEventDispatcher $dispatcher, + IUserSession $userSession ) { $this->logger = $logger; $this->config = $config; @@ -166,11 +147,11 @@ class Manager implements IManager { $this->rootFolder = $rootFolder; $this->legacyDispatcher = $legacyDispatcher; $this->sharingDisabledForUsersCache = new CappedMemoryCache(); - $this->legacyHooks = new LegacyHooks($this->legacyDispatcher); $this->mailer = $mailer; $this->urlGenerator = $urlGenerator; $this->defaults = $defaults; $this->dispatcher = $dispatcher; + $this->userSession = $userSession; } /** @@ -274,7 +255,7 @@ class Manager implements IManager { // And it should be a file or a folder if (!($share->getNode() instanceof \OCP\Files\File) && - !($share->getNode() instanceof \OCP\Files\Folder)) { + !($share->getNode() instanceof \OCP\Files\Folder)) { throw new \InvalidArgumentException('Path should be either a file or a folder'); } @@ -422,13 +403,13 @@ class Manager implements IManager { } if ($fullId === null && $expirationDate === null && $defaultExpireDate) { $expirationDate = new \DateTime(); - $expirationDate->setTime(0,0,0); + $expirationDate->setTime(0, 0, 0); $days = (int)$this->config->getAppValue('core', $configProp, (string)$defaultExpireDays); if ($days > $defaultExpireDays) { $days = $defaultExpireDays; } - $expirationDate->add(new \DateInterval('P'.$days.'D')); + $expirationDate->add(new \DateInterval('P' . $days . 'D')); } // If we enforce the expiration date check that is does not exceed @@ -498,13 +479,13 @@ class Manager implements IManager { if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) { $expirationDate = new \DateTime(); - $expirationDate->setTime(0,0,0); + $expirationDate->setTime(0, 0, 0); $days = (int)$this->config->getAppValue('core', 'link_defaultExpDays', $this->shareApiLinkDefaultExpireDays()); if ($days > $this->shareApiLinkDefaultExpireDays()) { $days = $this->shareApiLinkDefaultExpireDays(); } - $expirationDate->add(new \DateInterval('P'.$days.'D')); + $expirationDate->add(new \DateInterval('P' . $days . 'D')); } // If we enforce the expiration date check that is does not exceed @@ -553,8 +534,8 @@ class Manager implements IManager { $sharedWith = $this->userManager->get($share->getSharedWith()); // Verify we can share with this user $groups = array_intersect( - $this->groupManager->getUserGroupIds($sharedBy), - $this->groupManager->getUserGroupIds($sharedWith) + $this->groupManager->getUserGroupIds($sharedBy), + $this->groupManager->getUserGroupIds($sharedWith) ); if (empty($groups)) { $message_t = $this->l->t('Sharing is only allowed with group members'); @@ -919,7 +900,7 @@ class Manager implements IManager { '%1$s via %2$s', [ $initiatorDisplayName, - $instanceName + $instanceName, ] ); $message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]); @@ -1102,7 +1083,7 @@ class Manager implements IManager { * @since 9.0.0 */ public function acceptShare(IShare $share, string $recipientId): IShare { - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); if (!method_exists($provider, 'acceptShare')) { @@ -1127,10 +1108,10 @@ class Manager implements IManager { */ private function updateSharePasswordIfNeeded(IShare $share, IShare $originalShare) { $passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword()) && - (($share->getPassword() !== null && $originalShare->getPassword() === null) || - ($share->getPassword() === null && $originalShare->getPassword() !== null) || - ($share->getPassword() !== null && $originalShare->getPassword() !== null && - !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); + (($share->getPassword() !== null && $originalShare->getPassword() === null) || + ($share->getPassword() === null && $originalShare->getPassword() !== null) || + ($share->getPassword() !== null && $originalShare->getPassword() !== null && + !$this->hasher->verify($share->getPassword(), $originalShare->getPassword()))); // Password updated. if ($passwordsAreDifferent) { @@ -1225,7 +1206,7 @@ class Manager implements IManager { * @param string $recipientId */ public function deleteFromSelf(IShare $share, $recipientId) { - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); $provider->deleteFromSelf($share, $recipientId); @@ -1234,7 +1215,7 @@ class Manager implements IManager { } public function restoreShare(IShare $share, string $recipientId): IShare { - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); return $provider->restore($share, $recipientId); @@ -1264,7 +1245,7 @@ class Manager implements IManager { } } - [$providerId, ] = $this->splitFullId($share->getFullId()); + [$providerId,] = $this->splitFullId($share->getFullId()); $provider = $this->factory->getProvider($providerId); return $provider->move($share, $recipientId); @@ -1291,8 +1272,8 @@ class Manager implements IManager { */ public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0) { if ($path !== null && - !($path instanceof \OCP\Files\File) && - !($path instanceof \OCP\Files\Folder)) { + !($path instanceof \OCP\Files\File) && + !($path instanceof \OCP\Files\Folder)) { throw new \InvalidArgumentException('invalid path'); } @@ -1533,8 +1514,8 @@ class Manager implements IManager { */ public function checkPassword(IShare $share, $password) { $passwordProtected = $share->getShareType() !== IShare::TYPE_LINK - || $share->getShareType() !== IShare::TYPE_EMAIL - || $share->getShareType() !== IShare::TYPE_CIRCLE; + || $share->getShareType() !== IShare::TYPE_EMAIL + || $share->getShareType() !== IShare::TYPE_CIRCLE; if (!$passwordProtected) { //TODO maybe exception? return false; @@ -1756,7 +1737,20 @@ class Manager implements IManager { * @return bool */ public function shareApiAllowLinks() { - return $this->config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes'; + if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') { + return false; + } + + $user = $this->userSession->getUser(); + if ($user) { + $excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]')); + if ($excludedGroups) { + $userGroups = $this->groupManager->getUserGroupIds($user); + return !(bool)array_intersect($excludedGroups, $userGroups); + } + } + + return true; } /** @@ -1780,6 +1774,7 @@ class Manager implements IManager { /** * Is default link expire date enforced *` + * * @return bool */ public function shareApiLinkDefaultExpireDateEnforced() { @@ -1790,6 +1785,7 @@ class Manager implements IManager { /** * Number of default link expire days + * * @return int */ public function shareApiLinkDefaultExpireDays() { @@ -1836,6 +1832,7 @@ class Manager implements IManager { /** * Number of default expire days + * * @return int */ public function shareApiInternalDefaultExpireDays(): int { @@ -1844,6 +1841,7 @@ class Manager implements IManager { /** * Number of default expire days for remote shares + * * @return int */ public function shareApiRemoteDefaultExpireDays(): int { @@ -1861,6 +1859,7 @@ class Manager implements IManager { /** * check if user can only share with group members + * * @return bool */ public function shareWithGroupMembersOnly() { @@ -1869,6 +1868,7 @@ class Manager implements IManager { /** * Check if users can share with groups + * * @return bool */ public function allowGroupSharing() { |