Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Apply group limit on remove from group #47180

Merged
merged 6 commits into from
Aug 13, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
107 changes: 107 additions & 0 deletions cypress/e2e/files_sharing/limit_to_same_group.cy.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,107 @@
/**
* SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/

import { User } from "@nextcloud/cypress"
import { createShare } from "./FilesSharingUtils.ts"

describe('Limit to sharing to people in the same group', () => {
let alice: User
let bob: User
let randomFileName1 = ''
let randomFileName2 = ''
let randomGroupName = ''
let randomGroupName2 = ''
let randomGroupName3 = ''

before(() => {
randomFileName1 = Math.random().toString(36).replace(/[^a-z]+/g, '').substring(0, 10) + '.txt'
randomFileName2 = Math.random().toString(36).replace(/[^a-z]+/g, '').substring(0, 10) + '.txt'
randomGroupName = Math.random().toString(36).replace(/[^a-z]+/g, '').substring(0, 10)
randomGroupName2 = Math.random().toString(36).replace(/[^a-z]+/g, '').substring(0, 10)
randomGroupName3 = Math.random().toString(36).replace(/[^a-z]+/g, '').substring(0, 10)

cy.runOccCommand('config:app:set core shareapi_only_share_with_group_members --value yes')

cy.createRandomUser()
.then(user => {
alice = user
cy.createRandomUser()
})
.then(user => {
bob = user

cy.runOccCommand(`group:add ${randomGroupName}`)
cy.runOccCommand(`group:add ${randomGroupName2}`)
cy.runOccCommand(`group:add ${randomGroupName3}`)
cy.runOccCommand(`group:adduser ${randomGroupName} ${alice.userId}`)
cy.runOccCommand(`group:adduser ${randomGroupName} ${bob.userId}`)
cy.runOccCommand(`group:adduser ${randomGroupName2} ${alice.userId}`)
cy.runOccCommand(`group:adduser ${randomGroupName2} ${bob.userId}`)
cy.runOccCommand(`group:adduser ${randomGroupName3} ${bob.userId}`)

cy.uploadContent(alice, new Blob(['share to bob'], { type: 'text/plain' }), 'text/plain', `/${randomFileName1}`)
cy.uploadContent(bob, new Blob(['share by bob'], { type: 'text/plain' }), 'text/plain', `/${randomFileName2}`)

cy.login(alice)
cy.visit('/apps/files')
createShare(randomFileName1, bob.userId)
cy.login(bob)
cy.visit('/apps/files')
createShare(randomFileName2, alice.userId)
})
})

after(() => {
cy.runOccCommand('config:app:set core shareapi_only_share_with_group_members --value no')
})

it('Alice can see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName2}"]`).should('exist')
})

it('Bob can see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName1}"]`).should('exist')
})

context('Bob is removed from the first group', () => {
before(() => {
cy.runOccCommand(`group:removeuser ${randomGroupName} ${bob.userId}`)
})

it('Alice can see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName2}"]`).should('exist')
})

it('Bob can see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName1}"]`).should('exist')
})
})

context('Bob is removed from the second group', () => {
before(() => {
cy.runOccCommand(`group:removeuser ${randomGroupName2} ${bob.userId}`)
})

it('Alice cannot see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName2}"]`).should('not.exist')
})

it('Bob cannot see the shared file', () => {
cy.login(alice)
cy.visit('/apps/files')
cy.get(`[data-cy-files-list] [data-cy-files-list-row-name="${randomFileName1}"]`).should('not.exist')
})
})
})
46 changes: 44 additions & 2 deletions lib/private/Share20/DefaultShareProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@
use OCP\Mail\IMailer;
use OCP\Share\Exceptions\ShareNotFound;
use OCP\Share\IAttributes;
use OCP\Share\IManager;
use OCP\Share\IShare;
use OCP\Share\IShareProviderSupportsAccept;
use OCP\Share\IShareProviderWithNotification;
Expand All @@ -54,6 +55,7 @@ public function __construct(
private IURLGenerator $urlGenerator,
private ITimeFactory $timeFactory,
private LoggerInterface $logger,
private IManager $shareManager,
) {
}

Expand Down Expand Up @@ -1223,6 +1225,7 @@ public function groupDeleted($gid) {
*
* @param string $uid
* @param string $gid
* @return void
*/
public function userDeletedFromGroup($uid, $gid) {
/*
Expand All @@ -1234,7 +1237,7 @@ public function userDeletedFromGroup($uid, $gid) {
->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_GROUP)))
->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($gid)));

$cursor = $qb->execute();
$cursor = $qb->executeQuery();
$ids = [];
while ($row = $cursor->fetch()) {
$ids[] = (int)$row['id'];
Expand All @@ -1251,7 +1254,46 @@ public function userDeletedFromGroup($uid, $gid) {
->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)))
->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($uid)))
->andWhere($qb->expr()->in('parent', $qb->createNamedParameter($chunk, IQueryBuilder::PARAM_INT_ARRAY)));
$qb->execute();
$qb->executeStatement();
}
}

if ($this->shareManager->shareWithGroupMembersOnly()) {
$user = $this->userManager->get($uid);
if ($user === null) {
return;
}
$userGroups = $this->groupManager->getUserGroupIds($user);
$userGroups = array_diff($userGroups, $this->shareManager->shareWithGroupMembersOnlyExcludeGroupsList());

// Delete user shares received by the user from users in the group.
$userReceivedShares = $this->shareManager->getSharedWith($uid, IShare::TYPE_USER, null, -1);
foreach ($userReceivedShares as $share) {
$owner = $this->userManager->get($share->getSharedBy());
if ($owner === null) {
continue;
}
$ownerGroups = $this->groupManager->getUserGroupIds($owner);
$mutualGroups = array_intersect($userGroups, $ownerGroups);

if (count($mutualGroups) === 0) {
$this->shareManager->deleteShare($share);
}
}

// Delete user shares from the user to users in the group.
$userEmittedShares = $this->shareManager->getSharesBy($uid, IShare::TYPE_USER, null, true, -1);
foreach ($userEmittedShares as $share) {
$recipient = $this->userManager->get($share->getSharedWith());
if ($recipient === null) {
continue;
}
$recipientGroups = $this->groupManager->getUserGroupIds($recipient);
$mutualGroups = array_intersect($userGroups, $recipientGroups);

if (count($mutualGroups) === 0) {
$this->shareManager->deleteShare($share);
}
}
}
}
Expand Down
1 change: 1 addition & 0 deletions lib/private/Share20/ProviderFactory.php
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ protected function defaultShareProvider() {
$this->serverContainer->getURLGenerator(),
$this->serverContainer->query(ITimeFactory::class),
$this->serverContainer->get(LoggerInterface::class),
$this->serverContainer->get(IManager::class),
);
}

Expand Down
21 changes: 15 additions & 6 deletions tests/lib/Share20/DefaultShareProviderTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,8 @@ class DefaultShareProviderTest extends \Test\TestCase {
/** @var LoggerInterface|MockObject */
protected $logger;

protected IShareManager&MockObject $shareManager;

protected function setUp(): void {
$this->dbConn = \OC::$server->getDatabaseConnection();
$this->userManager = $this->createMock(IUserManager::class);
Expand All @@ -84,6 +86,7 @@ protected function setUp(): void {
$this->urlGenerator = $this->createMock(IURLGenerator::class);
$this->timeFactory = $this->createMock(ITimeFactory::class);
$this->logger = $this->createMock(LoggerInterface::class);
$this->shareManager = $this->createMock(IShareManager::class);

$this->userManager->expects($this->any())->method('userExists')->willReturn(true);
$this->timeFactory->expects($this->any())->method('now')->willReturn(new \DateTimeImmutable("2023-05-04 00:00 Europe/Berlin"));
Expand All @@ -101,7 +104,8 @@ protected function setUp(): void {
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory,
$this->logger
$this->logger,
$this->shareManager,
);
}

Expand Down Expand Up @@ -464,7 +468,8 @@ public function testDeleteSingleShare() {
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory,
$this->logger
$this->logger,
$this->shareManager,
])
->setMethods(['getShareById'])
->getMock();
Expand Down Expand Up @@ -560,7 +565,8 @@ public function testDeleteGroupShareWithUserGroupShares() {
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory,
$this->logger
$this->logger,
$this->shareManager,
])
->setMethods(['getShareById'])
->getMock();
Expand Down Expand Up @@ -2529,7 +2535,8 @@ public function testGetSharesInFolder() {
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory,
$this->logger
$this->logger,
$this->shareManager,
);

$password = md5(time());
Expand Down Expand Up @@ -2628,7 +2635,8 @@ public function testGetAccessListNoCurrentAccessRequired() {
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory,
$this->logger
$this->logger,
$this->shareManager,
);

$u1 = $userManager->createUser('testShare1', 'test');
Expand Down Expand Up @@ -2725,7 +2733,8 @@ public function testGetAccessListCurrentAccessRequired() {
$this->l10nFactory,
$this->urlGenerator,
$this->timeFactory,
$this->logger
$this->logger,
$this->shareManager,
);

$u1 = $userManager->createUser('testShare1', 'test');
Expand Down
Loading