diff options
| author | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-03-29 05:18:17 +0400 |
|---|---|---|
| committer | Michael Gapczynski <GapczynskiM@gmail.com> | 2012-03-29 05:18:17 +0400 |
| commit | 5fef9dfc22eba8d62e5db412632927a523ebf7d5 (patch) | |
| tree | 7010360d7ec7972680285607b8a2a6f3485bcc35 /apps/files_sharing | |
| parent | 60ba5508a4bfaf0581301a6240011060a7432997 (diff) | |
Make users only able to share with users in groups they belong to
Diffstat (limited to 'apps/files_sharing')
| -rw-r--r-- | apps/files_sharing/ajax/userautocomplete.php | 22 | ||||
| -rw-r--r-- | apps/files_sharing/lib_share.php | 14 |
2 files changed, 24 insertions, 12 deletions
diff --git a/apps/files_sharing/ajax/userautocomplete.php b/apps/files_sharing/ajax/userautocomplete.php index 9d971fb62af..38b673ee51b 100644 --- a/apps/files_sharing/ajax/userautocomplete.php +++ b/apps/files_sharing/ajax/userautocomplete.php @@ -7,21 +7,23 @@ OC_JSON::checkLoggedIn(); OC_JSON::checkAppEnabled('files_sharing'); $users = array(); -$ocusers = OC_User::getUsers(); +$groups = array(); $self = OC_User::getUser(); -$groups = OC_Group::getUserGroups($self); +$userGroups = OC_Group::getUserGroups($self); $users[] = "<optgroup label='Users'>"; -foreach ($ocusers as $user) { - if ($user != $self) { - $users[] = "<option value='".$user."'>".$user."</option>"; +$groups[] = "<optgroup label='Groups'>"; +foreach ($userGroups as $group) { + $groupUsers = OC_Group::usersInGroup($group); + foreach ($groupUsers as $user) { + if ($user != $self) { + $users[] = "<option value='".$user."'>".$user."</option>"; + } } + $groups[] = "<option value='".$group."'>".$group."</option>"; } $users[] = "</optgroup>"; -$users[] = "<optgroup label='Groups'>"; -foreach ($groups as $group) { - $users[] = "<option value='".$group."'>".$group."</option>"; -} -$users[] = "</optgroup>"; +$groups[] = "</optgroup>"; +$users = array_merge($users, $groups); OC_JSON::encodedPrint($users); ?> diff --git a/apps/files_sharing/lib_share.php b/apps/files_sharing/lib_share.php index 42739bdfba9..673984f393b 100644 --- a/apps/files_sharing/lib_share.php +++ b/apps/files_sharing/lib_share.php @@ -52,8 +52,18 @@ class OC_Share { // Remove the owner from the list of users in the group $uid_shared_with = array_diff($uid_shared_with, array($uid_owner)); } else if (OC_User::userExists($uid_shared_with)) { - $gid = null; - $uid_shared_with = array($uid_shared_with); + $userGroups = OC_Group::getUserGroups($uid_owner); + // Check if the user is in one of the owner's groups + foreach ($userGroups as $group) { + if ($inGroup = OC_Group::inGroup($uid_shared_with, $group)) { + $gid = null; + $uid_shared_with = array($uid_shared_with); + break; + } + } + if (!$inGroup) { + throw new Exception("You can't share with ".$uid_shared_with); + } } else { throw new Exception($uid_shared_with." is not a user"); } |