Update krankerl config

Signed-off-by: Julius Härtl <jus@bitgrid.net>

.nextcloudignore

@@ -0,0 +1,31 @@
+build/
+.git
+js/node_modules
+js/tests
+js/legacy
+js/controller
+js/directive
+js/filters
+js/service
+js/bower.json
+js/.bowerrc
+js/.jshintrc
+js/Gruntfile.js
+js/package.json
+js/package-lock.json
+docs/
+tests
+.codecov.yml
+composer.json
+composer.lock
+_config.yml
+.drone.yml
+.travis.yml
+.eslintignore
+.eslintrc.yml
+.gitignore
+issue_template.md
+krankerl.toml
+Makefile
+mkdocs.yml
+run-eslint.sh

CHANGELOG.md

@@ -1,6 +1,15 @@
 # Changelog
 All notable changes to this project will be documented in this file.
 
+## 0.8.1 - 2020-04-08
+
+## Added
+- Nextcloud 19 compatibility
+
+## Fixed
+- Let new shares only use the current users permissions
+- Check for board membership on comments entity event
+
 ## 0.8.0 - 2020-01-16
 
 ## Added

appinfo/info.xml

@@ -17,7 +17,7 @@
 - 🚀 Get your project organized
 
 </description>
-    <version>0.8.0</version>
+    <version>0.8.1</version>
     <licence>agpl</licence>
     <author>Julius Härtl</author>
     <namespace>Deck</namespace>

js/package.json

@@ -7,7 +7,7 @@
     "test": "tests"
   },
   "dependencies": {
-    "@uirouter/angularjs": "^1.0.24",
+    "@uirouter/angularjs": "^1.0.25",
     "angular": "^1.7.9",
     "angular-animate": "^1.7.9",
     "angular-file-upload": "^2.5.0",
@@ -23,24 +23,24 @@
     "ng-sortable": "^1.3.8",
     "ui-select": "^0.19.8",
     "vue": "^2.6.11",
-    "vuex": "^3.1.2"
+    "vuex": "^3.1.3"
   },
   "devDependencies": {
-    "@babel/core": "^7.8.3",
+    "@babel/core": "^7.9.0",
-    "@babel/plugin-syntax-dynamic-import": "^7.7.4",
+    "@babel/plugin-syntax-dynamic-import": "^7.8.3",
-    "@babel/polyfill": "^7.8.3",
+    "@babel/polyfill": "^7.8.7",
-    "@babel/preset-env": "^7.8.3",
+    "@babel/preset-env": "^7.9.0",
-    "babel-loader": "^8.0.6",
+    "babel-loader": "^8.1.0",
     "css-loader": "^3.4.2",
     "karma": "^4.4.1",
     "mini-css-extract-plugin": "^0.9.0",
     "style-loader": "^1.1.3",
-    "url-loader": "^3.0.0",
+    "url-loader": "^4.0.0",
-    "vue-loader": "^15.8.3",
+    "vue-loader": "^15.9.1",
     "vue-style-loader": "^4.1.2",
     "vue-template-compiler": "^2.6.11",
-    "webpack": "^4.41.5",
+    "webpack": "^4.42.1",
-    "webpack-cli": "^3.3.10",
+    "webpack-cli": "^3.3.11",
     "webpack-merge": "^4.2.2"
   },
   "scripts": {

krankerl.toml

@@ -1,38 +1,4 @@
 [package]
-exclude = [
-    "build/",
-    ".git",
-    "js/node_modules",
-    "js/tests",
-    "js/legacy",
-    "js/controller",
-    "js/directive",
-    "js/filters",
-    "js/service",
-    "js/bower.json",
-    "js/.bowerrc",
-    "js/.jshintrc",
-    "js/Gruntfile.js",
-    "js/package.json",
-    "js/package-lock.json",
-    "docs/",
-    "tests",
-    ".codecov.yml",
-    "composer.json",
-    "composer.lock",
-    "_config.yml",
-    ".drone.yml",
-    ".travis.yml",
-    ".eslintignore",
-    ".eslintrc.yml",
-    ".gitignore",
-    "issue_template.md",
-    "krankerl.toml",
-    "Makefile",
-    "mkdocs.yml",
-    "run-eslint.sh"
-]
-
 before_cmds = [
     'make clean-build',
     'make build'

lib/AppInfo/Application.php

@@ -33,6 +33,7 @@ use OCA\Deck\Db\CardMapper;
 use OCA\Deck\Middleware\ExceptionMiddleware;
 use OCA\Deck\Notification\Notifier;
 use OCA\Deck\Service\FullTextSearchService;
+use OCA\Deck\Service\PermissionService;
 use OCP\AppFramework\App;
 use OCP\Collaboration\Resources\IManager;
 use OCP\Comments\CommentsEntityEvent;
@@ -151,13 +152,14 @@ class Application extends App {
 		$this->getContainer()->getServer()->getEventDispatcher()->addListener(CommentsEntityEvent::EVENT_ENTITY, function(CommentsEntityEvent $event) {
 			$event->addEntityCollection('deckCard', function($name) {
 				/** @var CardMapper */
-				$service = $this->getContainer()->query(CardMapper::class);
+				$cardMapper = $this->getContainer()->query(CardMapper::class);
+				$permissionService = $this->getContainer()->query(PermissionService::class);
+
 				try {
-					$service->find((int) $name);
+					return $permissionService->checkPermission($cardMapper, (int) $name, Acl::PERMISSION_READ);
-				} catch (\InvalidArgumentException $e) {
+				} catch (\Exception $e) {
 					return false;
 				}
-				return true;
 			});
 		});
 		$this->registerCommentsEventHandler();

lib/Service/BoardService.php

@@ -454,6 +454,17 @@ class BoardService {
 		return $board;
 	}
 
+	private function applyPermissions($boardId, $edit, $share, $manage) {
+		try {
+			$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_MANAGE);
+		} catch (NoPermissionException $e) {
+			$acls = $this->aclMapper->findAll($boardId);
+			$edit = $this->permissionService->userCan($acls, Acl::PERMISSION_EDIT, $this->userId) && $edit;
+			$share = $this->permissionService->userCan($acls, Acl::PERMISSION_SHARE, $this->userId) && $share;
+			$manage = $this->permissionService->userCan($acls, Acl::PERMISSION_MANAGE, $this->userId) && $manage;
+		}
+		return [$edit, $share, $manage];
+	}
 
 	/**
 	 * @param $boardId
@@ -493,6 +504,8 @@ class BoardService {
 		}
 
 		$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_SHARE);
+		[$edit, $share, $manage] = $this->applyPermissions($boardId, $edit, $share, $manage);
+
 		$acl = new Acl();
 		$acl->setBoardId($boardId);
 		$acl->setType($type);
@@ -555,8 +568,10 @@ class BoardService {
 		}
 
 		$this->permissionService->checkPermission($this->aclMapper, $id, Acl::PERMISSION_SHARE);
+
 		/** @var Acl $acl */
 		$acl = $this->aclMapper->find($id);
+		[$edit, $share, $manage] = $this->applyPermissions($acl->getBoardId(), $edit, $share, $manage);
 		$acl->setPermissionEdit($edit);
 		$acl->setPermissionShare($share);
 		$acl->setPermissionManage($manage);

tests/unit/Service/BoardServiceTest.php

@@ -34,6 +34,7 @@ use OCA\Deck\Db\BoardMapper;
 use OCA\Deck\Db\ChangeHelper;
 use OCA\Deck\Db\LabelMapper;
 use OCA\Deck\Db\StackMapper;
+use OCA\Deck\NoPermissionException;
 use OCA\Deck\Notification\NotificationHelper;
 use OCP\IUser;
 use OCP\IUserManager;
@@ -260,6 +261,93 @@ class BoardServiceTest extends TestCase {
 		));
 	}
 
+	public function dataAddAclExtendPermission() {
+		return [
+			[[false, false, false], [false, false, false], [false, false, false]],
+			[[false, false, false], [true, true, true], [false, false, false]],
+
+			// user has share permissions -> can only reshare with those
+			[[false, true, false], [false, false, false], [false, false, false]],
+			[[false, true, false], [false, true, false], [false, true, false]],
+			[[false, true, false], [true, true, true], [false, true, false]],
+
+			// user has write permissions -> can only reshare with those
+			[[true, true, false], [false, false, false], [false, false, false]],
+			[[true, true, false], [false, true, false], [false, true, false]],
+			[[true, true, false], [true, true, true], [true, true, false]],
+
+			// user has manage permissions -> can upgrade acl permissions
+			[[false, false, true], [true, true, true], [true, true, true]],
+			[[true, true, true], [false, false, true], [false, false, true]],
+		];
+	}
+
+	/**
+	 * @dataProvider dataAddAclExtendPermission
+	 * @param $currentUserAcl
+	 * @param $providedAcl
+	 * @param $resultingAcl
+	 * @throws NoPermissionException
+	 * @throws \OCA\Deck\BadRequestException
+	 */
+	public function testAddAclExtendPermission($currentUserAcl, $providedAcl, $resultingAcl) {
+		$existingAcl = new Acl();
+		$existingAcl->setBoardId(123);
+		$existingAcl->setType('user');
+		$existingAcl->setParticipant('admin');
+		$existingAcl->setPermissionEdit($currentUserAcl[0]);
+		$existingAcl->setPermissionShare($currentUserAcl[1]);
+		$existingAcl->setPermissionManage($currentUserAcl[2]);
+		$this->permissionService->expects($this->at(0))
+			->method('checkPermission')
+			->with($this->boardMapper, 123, Acl::PERMISSION_SHARE, null);
+		if ($currentUserAcl[2]) {
+			$this->permissionService->expects($this->at(1))
+				->method('checkPermission')
+				->with($this->boardMapper, 123, Acl::PERMISSION_MANAGE, null);
+		} else {
+			$this->aclMapper->expects($this->once())
+				->method('findAll')
+				->willReturn([$existingAcl]);
+			$this->permissionService->expects($this->at(1))
+				->method('checkPermission')
+				->with($this->boardMapper, 123, Acl::PERMISSION_MANAGE, null)
+				->willThrowException(new NoPermissionException('No permission'));
+			$this->permissionService->expects($this->at(2))
+				->method('userCan')
+				->willReturn($currentUserAcl[0]);
+			$this->permissionService->expects($this->at(3))
+				->method('userCan')
+				->willReturn($currentUserAcl[1]);
+			$this->permissionService->expects($this->at(4))
+				->method('userCan')
+				->willReturn($currentUserAcl[2]);
+		}
+
+		$user = $this->createMock(IUser::class);
+		$user->method('getUID')->willReturn('admin');
+		$acl = new Acl();
+		$acl->setBoardId(123);
+		$acl->setType('user');
+		$acl->setParticipant('admin');
+		$acl->setPermissionEdit($resultingAcl[0]);
+		$acl->setPermissionShare($resultingAcl[1]);
+		$acl->setPermissionManage($resultingAcl[2]);
+		$acl->resolveRelation('participant', function($participant) use (&$user) {
+			return null;
+		});
+		$this->notificationHelper->expects($this->once())
+			->method('sendBoardShared');
+		$expected = clone $acl;
+		$this->aclMapper->expects($this->once())
+			->method('insert')
+			->with($acl)
+			->willReturn($acl);
+		$this->assertEquals($expected, $this->service->addAcl(
+			123, 'user', 'admin', $providedAcl[0], $providedAcl[1], $providedAcl[2]
+		));
+	}
+
 	public function testUpdateAcl() {
 		$acl = new Acl();
 		$acl->setBoardId(123);