diff options
| author | Bjoern Schiessle <schiessle@owncloud.com> | 2014-05-13 17:22:18 +0400 |
|---|---|---|
| committer | Bjoern Schiessle <schiessle@owncloud.com> | 2014-05-22 12:43:44 +0400 |
| commit | 12338e0ef07c409156fa9cd1008bb981bda20461 (patch) | |
| tree | fe859814a2321ab98f498a623db39dab892b8153 /lib | |
| parent | 14a953fbe01a3d26e1330ea224ab71928a2f93c1 (diff) | |
allow admin to disable sharing for specific groups of users
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/private/files/cache/permissions.php | 19 | ||||
| -rw-r--r-- | lib/private/files/storage/common.php | 4 | ||||
| -rw-r--r-- | lib/private/share/share.php | 10 | ||||
| -rwxr-xr-x | lib/private/util.php | 23 | ||||
| -rw-r--r-- | lib/public/util.php | 9 |
5 files changed, 61 insertions, 4 deletions
diff --git a/lib/private/files/cache/permissions.php b/lib/private/files/cache/permissions.php index 2e2bdb20b78..eba18af3863 100644 --- a/lib/private/files/cache/permissions.php +++ b/lib/private/files/cache/permissions.php @@ -36,7 +36,7 @@ class Permissions { $sql = 'SELECT `permissions` FROM `*PREFIX*permissions` WHERE `user` = ? AND `fileid` = ?'; $result = \OC_DB::executeAudited($sql, array($user, $fileId)); if ($row = $result->fetchRow()) { - return $row['permissions']; + return $this->updatePermissions($row['permissions']); } else { return -1; } @@ -78,7 +78,7 @@ class Permissions { $result = \OC_DB::executeAudited($sql, $params); $filePermissions = array(); while ($row = $result->fetchRow()) { - $filePermissions[$row['fileid']] = $row['permissions']; + $filePermissions[$row['fileid']] = $this->updatePermissions($row['permissions']); } return $filePermissions; } @@ -99,7 +99,7 @@ class Permissions { $result = \OC_DB::executeAudited($sql, array($parentId, $user)); $filePermissions = array(); while ($row = $result->fetchRow()) { - $filePermissions[$row['fileid']] = $row['permissions']; + $filePermissions[$row['fileid']] = $this->updatePermissions($row['permissions']); } return $filePermissions; } @@ -140,4 +140,17 @@ class Permissions { } return $users; } + + /** + * check if admin removed the share permission for the user and update the permissions + * + * @param int $permissions + * @return int + */ + protected function updatePermissions($permissions) { + if (\OCP\Util::isSharingDisabledForUser()) { + $permissions &= ~\OCP\PERMISSION_SHARE; + } + return $permissions; + } } diff --git a/lib/private/files/storage/common.php b/lib/private/files/storage/common.php index fef33cabd87..b03ae7d0517 100644 --- a/lib/private/files/storage/common.php +++ b/lib/private/files/storage/common.php @@ -81,6 +81,10 @@ abstract class Common implements \OC\Files\Storage\Storage { } public function isSharable($path) { + if (\OC_Util::isSharingDisabledForUser()) { + return false; + } + return $this->isReadable($path); } diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 16bc492d383..46796c26370 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -485,15 +485,23 @@ class Share extends \OC\Share\Constants { $itemSourceName = $itemSource; } - // verify that the file exists before we try to share it + // check if file can be shared if ($itemType === 'file' or $itemType === 'folder') { $path = \OC\Files\Filesystem::getPath($itemSource); + // verify that the file exists before we try to share it if (!$path) { $message = 'Sharing %s failed, because the file does not exist'; $message_t = $l->t('Sharing %s failed, because the file does not exist', array($itemSourceName)); \OC_Log::write('OCP\Share', sprintf($message, $itemSourceName), \OC_Log::ERROR); throw new \Exception($message_t); } + // verify that the user has share permission + if (!\OC\Files\Filesystem::isSharable($path)) { + $message = 'You are not allowed to share %s'; + $message_t = $l->t('You are not allowed to share %s', array($itemSourceName)); + \OC_Log::write('OCP\Share', sprintf($message, $itemSourceName), \OC_Log::ERROR); + throw new \Exception($message_t); + } } //verify that we don't share a folder which already contains a share mount point diff --git a/lib/private/util.php b/lib/private/util.php index c018721afe3..23c7053002c 100755 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -97,6 +97,29 @@ class OC_Util { } /** + * check if sharing is disabled for the current user + * + * @return boolean + */ + public static function isSharingDisabledForUser() { + if (\OC_Appconfig::getValue('core', 'shareapi_exclude_groups', 'no') === 'yes') { + $user = \OCP\User::getUser(); + $groupsList = \OC_Appconfig::getValue('core', 'shareapi_exclude_groups_list', ''); + $excludedGroups = explode(',', $groupsList); + $usersGroups = \OC_Group::getUserGroups($user); + if (!empty($usersGroups)) { + $remainingGroups = array_diff($usersGroups, $excludedGroups); + // if the user is only in groups which are disabled for sharing then + // sharing is also disabled for the user + if (empty($remainingGroups)) { + return true; + } + } + } + return false; + } + + /** * Get the quota of a user * @param string $user * @return int Quota bytes diff --git a/lib/public/util.php b/lib/public/util.php index 3166d4040d8..d1faec3997f 100644 --- a/lib/public/util.php +++ b/lib/public/util.php @@ -117,6 +117,15 @@ class Util { } /** + * check if sharing is disabled for the current user + * + * @return boolean + */ + public static function isSharingDisabledForUser() { + return \OC_Util::isSharingDisabledForUser(); + } + + /** * get l10n object * @param string $application * @return \OC_L10N |