ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Use board permissions to be applied for the shares

Browse Source 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl
2021-01-04 22:05:44 +01:00
parent 0c6dfb2442
commit 79468e6f06
4 changed files with 25 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
lib/Service/FilesAppService.php
View File

@@ -132,6 +132,7 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
'mimetype' => $file->getMimeType(), 'mimetype' => $file->getMimeType(),
'info' => pathinfo($file->getName()), 'info' => pathinfo($file->getName()),
'hasPreview' => $this->preview->isAvailable($file), 'hasPreview' => $this->preview->isAvailable($file),
'permissions' => $share->getPermissions(),
]); ]);
return $attachment; return $attachment;
} }
@@ -170,7 +171,11 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
$fileName = $file['name']; $fileName = $file['name'];
$userFolder = $this->rootFolder->getUserFolder($this->userId); $userFolder = $this->rootFolder->getUserFolder($this->userId);
$folder = $userFolder->get($this->configService->getAttachmentFolder()); try {
$folder = $userFolder->get($this->configService->getAttachmentFolder());
} catch (NotFoundException $e) {
$folder = $userFolder->newFolder($this->configService->getAttachmentFolder());
}
$fileName = $folder->getNonExistingName($fileName); $fileName = $folder->getNonExistingName($fileName);
$target = $folder->newFile($fileName); $target = $folder->newFile($fileName);

2
lib/Service/PermissionService.php
View File

@@ -142,7 +142,7 @@ class PermissionService {
} }
if ($permission === Acl::PERMISSION_SHARE && $this->shareManager->sharingDisabledForUser($this->userId)) { if ($permission === Acl::PERMISSION_SHARE && $this->shareManager->sharingDisabledForUser($this->userId)) {
return false; throw new NoPermissionException('Permission denied');
} }
if ($this->userIsBoardOwner($boardId, $userId)) { if ($this->userIsBoardOwner($boardId, $userId)) {

21
lib/Sharing/DeckShareProvider.php
View File

@@ -37,6 +37,7 @@ use OCA\Deck\Service\PermissionService;
use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Db\MultipleObjectsReturnedException; use OCP\AppFramework\Db\MultipleObjectsReturnedException;
use OCP\AppFramework\Utility\ITimeFactory; use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Constants;
use OCP\DB\QueryBuilder\IQueryBuilder; use OCP\DB\QueryBuilder\IQueryBuilder;
use OCP\EventDispatcher\IEventDispatcher; use OCP\EventDispatcher\IEventDispatcher;
use OCP\Files\Folder; use OCP\Files\Folder;
@@ -267,10 +268,25 @@ class DeckShareProvider implements \OCP\Share\IShareProvider {
$entryData['parent'] = $entryData['f_parent']; $entryData['parent'] = $entryData['f_parent'];
$share->setNodeCacheEntry(Cache::cacheEntryFromData($entryData, \OC::$server->get(IMimeTypeLoader::class))); $share->setNodeCacheEntry(Cache::cacheEntryFromData($entryData, \OC::$server->get(IMimeTypeLoader::class)));
} }
return $share; return $share;
} }
private function applyBoardPermission($share, $permissions) {
try {
$this->permissionService->checkPermission($this->cardMapper, $share->getSharedWith(), Acl::PERMISSION_EDIT);
} catch (NoPermissionException $e) {
$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_UPDATE;
$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_CREATE;
$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_DELETE;
}
try {
$this->permissionService->checkPermission($this->cardMapper, $share->getSharedWith(), Acl::PERMISSION_SHARE);
} catch (NoPermissionException $e) {
$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_SHARE;
}
$share->setPermissions($permissions);
}
/** /**
* @inheritDoc * @inheritDoc
*/ */
@@ -629,7 +645,7 @@ class DeckShareProvider implements \OCP\Share\IShareProvider {
$stmt = $query->execute(); $stmt = $query->execute();
while ($data = $stmt->fetch()) { while ($data = $stmt->fetch()) {
$shareMap[$data['parent']]->setPermissions((int)$data['permissions']); $this->applyBoardPermission($shareMap[$data['parent']], (int)$data['permissions']);
$shareMap[$data['parent']]->setTarget($data['file_target']); $shareMap[$data['parent']]->setTarget($data['file_target']);
} }
@@ -740,7 +756,6 @@ class DeckShareProvider implements \OCP\Share\IShareProvider {
$offset--; $offset--;
continue; continue;
} }
$shares[] = $this->createShareObject($data); $shares[] = $this->createShareObject($data);
} }
$cursor->closeCursor(); $cursor->closeCursor();

1
src/components/card/AttachmentList.vue
View File

@@ -212,7 +212,6 @@ export default {
axios.post(generateOcsUrl('apps/files_sharing/api/v1', 2) + 'shares', { axios.post(generateOcsUrl('apps/files_sharing/api/v1', 2) + 'shares', {
path, path,
permissions: 19,
shareType: 12, shareType: 12,
shareWith: '' + this.cardId, shareWith: '' + this.cardId,
}).then(() => { }).then(() => {