diff options
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/l10n/zh_CN.js | 2 | ||||
| -rw-r--r-- | lib/l10n/zh_CN.json | 2 | ||||
| -rw-r--r-- | lib/private/Files/ObjectStore/Swift.php | 6 | ||||
| -rw-r--r-- | lib/private/Files/ObjectStore/SwiftFactory.php | 4 | ||||
| -rw-r--r-- | lib/private/Files/Storage/Wrapper/Jail.php | 2 | ||||
| -rw-r--r-- | lib/private/Security/Hasher.php | 15 | ||||
| -rw-r--r-- | lib/private/SubAdmin.php | 36 |
7 files changed, 37 insertions, 30 deletions
diff --git a/lib/l10n/zh_CN.js b/lib/l10n/zh_CN.js index 1ecd7ab7cb2..6bfb178e268 100644 --- a/lib/l10n/zh_CN.js +++ b/lib/l10n/zh_CN.js @@ -5,6 +5,7 @@ OC.L10N.register( "This can usually be fixed by giving the webserver write access to the config directory" : "您可以设置 Web 服务器对 config 目录的写权限修复这个问题", "Or, if you prefer to keep config.php file read only, set the option \"config_is_read_only\" to true in it." : "或者,如果希望保持 config.php 文件的只读权限,请将 \"config_is_read_only\" 设置为 true。", "See %s" : "查看 %s", + "This can usually be fixed by giving the webserver write access to the config directory." : "通常可以通过授予 Web 服务器对 config 目录的写访问权限来解决此问题。", "Or, if you prefer to keep config.php file read only, set the option \"config_is_read_only\" to true in it. See %s" : "或者,如果希望保持 config.php 文件的只读权限,请将 \"config_is_read_only\" 设置为 true。查看 %s", "The files of the app %1$s were not replaced correctly. Make sure it is a version compatible with the server." : "应用%1$s的文件替换不正确。请确认版本与当前服务器兼容。", "Sample configuration detected" : "示例配置检测", @@ -186,6 +187,7 @@ OC.L10N.register( "Cannot write into \"config\" directory" : "无法写入“config”目录", "This can usually be fixed by giving the webserver write access to the config directory. See %s" : "这个通常可以通过赋予写入权限到 config 目录来修复。查看:%s", "Cannot write into \"apps\" directory" : "无法写入“apps”目录", + "This can usually be fixed by giving the webserver write access to the apps directory or disabling the appstore in the config file." : "通常可以通过授予 Web 服务器对 apps 目录的写访问权限或在配置文件中禁用 appstore 来解决此问题。", "Cannot create \"data\" directory" : "无法创建“data”目录 ", "This can usually be fixed by giving the webserver write access to the root directory. See %s" : "这个通常可以通过赋予根目录写入权限来修复。查看:%s", "Permissions can usually be fixed by giving the webserver write access to the root directory. See %s." : "权限通常可以通过赋予根目录写入权限来修复。查看:%s。", diff --git a/lib/l10n/zh_CN.json b/lib/l10n/zh_CN.json index 540d7db1b50..5c5dcbf2885 100644 --- a/lib/l10n/zh_CN.json +++ b/lib/l10n/zh_CN.json @@ -3,6 +3,7 @@ "This can usually be fixed by giving the webserver write access to the config directory" : "您可以设置 Web 服务器对 config 目录的写权限修复这个问题", "Or, if you prefer to keep config.php file read only, set the option \"config_is_read_only\" to true in it." : "或者,如果希望保持 config.php 文件的只读权限,请将 \"config_is_read_only\" 设置为 true。", "See %s" : "查看 %s", + "This can usually be fixed by giving the webserver write access to the config directory." : "通常可以通过授予 Web 服务器对 config 目录的写访问权限来解决此问题。", "Or, if you prefer to keep config.php file read only, set the option \"config_is_read_only\" to true in it. See %s" : "或者,如果希望保持 config.php 文件的只读权限,请将 \"config_is_read_only\" 设置为 true。查看 %s", "The files of the app %1$s were not replaced correctly. Make sure it is a version compatible with the server." : "应用%1$s的文件替换不正确。请确认版本与当前服务器兼容。", "Sample configuration detected" : "示例配置检测", @@ -184,6 +185,7 @@ "Cannot write into \"config\" directory" : "无法写入“config”目录", "This can usually be fixed by giving the webserver write access to the config directory. See %s" : "这个通常可以通过赋予写入权限到 config 目录来修复。查看:%s", "Cannot write into \"apps\" directory" : "无法写入“apps”目录", + "This can usually be fixed by giving the webserver write access to the apps directory or disabling the appstore in the config file." : "通常可以通过授予 Web 服务器对 apps 目录的写访问权限或在配置文件中禁用 appstore 来解决此问题。", "Cannot create \"data\" directory" : "无法创建“data”目录 ", "This can usually be fixed by giving the webserver write access to the root directory. See %s" : "这个通常可以通过赋予根目录写入权限来修复。查看:%s", "Permissions can usually be fixed by giving the webserver write access to the root directory. See %s." : "权限通常可以通过赋予根目录写入权限来修复。查看:%s。", diff --git a/lib/private/Files/ObjectStore/Swift.php b/lib/private/Files/ObjectStore/Swift.php index e0d819f8a2a..1ce4312af2b 100644 --- a/lib/private/Files/ObjectStore/Swift.php +++ b/lib/private/Files/ObjectStore/Swift.php @@ -26,17 +26,12 @@ namespace OC\Files\ObjectStore; use GuzzleHttp\Client; -use GuzzleHttp\Exception\ClientException; -use GuzzleHttp\Exception\ConnectException; -use GuzzleHttp\Exception\RequestException; use GuzzleHttp\Exception\BadResponseException; -use GuzzleHttp\HandlerStack; use function GuzzleHttp\Psr7\stream_for; use Icewind\Streams\RetryWrapper; use OCP\Files\NotFoundException; use OCP\Files\ObjectStore\IObjectStore; use OCP\Files\StorageAuthException; -use OpenStack\Common\Error\BadResponseError; class Swift implements IObjectStore { /** @@ -112,7 +107,6 @@ class Swift implements IObjectStore { ], ] ); - } catch (BadResponseException $e) { if ($e->getResponse() && $e->getResponse()->getStatusCode() === 404) { throw new NotFoundException("object $urn not found in object store"); diff --git a/lib/private/Files/ObjectStore/SwiftFactory.php b/lib/private/Files/ObjectStore/SwiftFactory.php index 9857e1def85..0354fba638f 100644 --- a/lib/private/Files/ObjectStore/SwiftFactory.php +++ b/lib/private/Files/ObjectStore/SwiftFactory.php @@ -78,12 +78,12 @@ class SwiftFactory { * @throws StorageAuthException */ public function getCachedTokenId() { - if ( !isset($this->params['cachedToken']) ) { + if (!isset($this->params['cachedToken'])) { throw new StorageAuthException('Unauthenticated ObjectStore connection'); } // Is it V2 token? - if ( isset($this->params['cachedToken']['token']) ) { + if (isset($this->params['cachedToken']['token'])) { return $this->params['cachedToken']['token']['id']; } diff --git a/lib/private/Files/Storage/Wrapper/Jail.php b/lib/private/Files/Storage/Wrapper/Jail.php index 929a4942562..7350c104ba8 100644 --- a/lib/private/Files/Storage/Wrapper/Jail.php +++ b/lib/private/Files/Storage/Wrapper/Jail.php @@ -541,6 +541,6 @@ class Jail extends Wrapper { } public function getDirectoryContent($directory): \Traversable { - return $this->getWrapperStorage()->getDirectoryContent($this->getJailedPath($directory)); + return $this->getWrapperStorage()->getDirectoryContent($this->getUnjailedPath($directory)); } } diff --git a/lib/private/Security/Hasher.php b/lib/private/Security/Hasher.php index 7a6c66d8f87..2ed21e7e427 100644 --- a/lib/private/Security/Hasher.php +++ b/lib/private/Security/Hasher.php @@ -67,16 +67,11 @@ class Hasher implements IHasher { if (\defined('PASSWORD_ARGON2I')) { // password_hash fails, when the minimum values are undershot. - // In this case, ignore and revert to default - if ($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 8) { - $this->options['memory_cost'] = $this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST); - } - if ($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) { - $this->options['time_cost'] = $this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST); - } - if ($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_MEMORY_COST) >= 1) { - $this->options['threads'] = $this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS); - } + // In this case, apply minimum. + $this->options['threads'] = max($this->config->getSystemValueInt('hashingThreads', PASSWORD_ARGON2_DEFAULT_THREADS), 1); + // The minimum memory cost is 8 KiB per thread. + $this->options['memory_cost'] = max($this->config->getSystemValueInt('hashingMemoryCost', PASSWORD_ARGON2_DEFAULT_MEMORY_COST), $this->options['threads'] * 8); + $this->options['time_cost'] = max($this->config->getSystemValueInt('hashingTimeCost', PASSWORD_ARGON2_DEFAULT_TIME_COST), 1); } $hashingCost = $this->config->getSystemValue('hashingCost', null); diff --git a/lib/private/SubAdmin.php b/lib/private/SubAdmin.php index d292e998ab9..890bcf67b3b 100644 --- a/lib/private/SubAdmin.php +++ b/lib/private/SubAdmin.php @@ -110,6 +110,25 @@ class SubAdmin extends PublicEmitter implements ISubAdmin { * @return IGroup[] */ public function getSubAdminsGroups(IUser $user): array { + $groupIds = $this->getSubAdminsGroupIds($user); + + $groups = []; + foreach ($groupIds as $groupId) { + $group = $this->groupManager->get($groupId); + if ($group !== null) { + $groups[$group->getGID()] = $group; + } + } + + return $groups; + } + + /** + * Get group ids of a SubAdmin + * @param IUser $user the SubAdmin + * @return string[] + */ + public function getSubAdminsGroupIds(IUser $user): array { $qb = $this->dbConn->getQueryBuilder(); $result = $qb->select('gid') @@ -119,10 +138,7 @@ class SubAdmin extends PublicEmitter implements ISubAdmin { $groups = []; while ($row = $result->fetch()) { - $group = $this->groupManager->get($row['gid']); - if (!is_null($group)) { - $groups[$group->getGID()] = $group; - } + $groups[] = $row['gid']; } $result->closeCursor(); @@ -255,13 +271,11 @@ class SubAdmin extends PublicEmitter implements ISubAdmin { if ($this->groupManager->isAdmin($user->getUID())) { return false; } - $accessibleGroups = $this->getSubAdminsGroups($subadmin); - foreach ($accessibleGroups as $accessibleGroup) { - if ($accessibleGroup->inGroup($user)) { - return true; - } - } - return false; + + $accessibleGroups = $this->getSubAdminsGroupIds($subadmin); + $userGroups = $this->groupManager->getUserGroupIds($user); + + return !empty(array_intersect($accessibleGroups, $userGroups)); } /** |