1
0

FederatedShareProvider.php 32 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Bjoern Schiessle <bjoern@schiessle.org>
  7. * @author Björn Schießle <bjoern@schiessle.org>
  8. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  9. * @author Georg Ehrke <oc.list@georgehrke.com>
  10. * @author Joas Schilling <coding@schilljs.com>
  11. * @author Julius Härtl <jus@bitgrid.net>
  12. * @author Lukas Reschke <lukas@statuscode.ch>
  13. * @author Maxence Lange <maxence@artificial-owl.com>
  14. * @author Morris Jobke <hey@morrisjobke.de>
  15. * @author Robin Appelman <robin@icewind.nl>
  16. * @author Roeland Jago Douma <roeland@famdouma.nl>
  17. * @author Sergej Pupykin <pupykin.s@gmail.com>
  18. * @author Stefan Weil <sw@weilnetz.de>
  19. * @author Thomas Müller <thomas.mueller@tmit.eu>
  20. * @author Valdnet <47037905+Valdnet@users.noreply.github.com>
  21. * @author Vincent Petry <vincent@nextcloud.com>
  22. *
  23. * @license AGPL-3.0
  24. *
  25. * This code is free software: you can redistribute it and/or modify
  26. * it under the terms of the GNU Affero General Public License, version 3,
  27. * as published by the Free Software Foundation.
  28. *
  29. * This program is distributed in the hope that it will be useful,
  30. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  31. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  32. * GNU Affero General Public License for more details.
  33. *
  34. * You should have received a copy of the GNU Affero General Public License, version 3,
  35. * along with this program. If not, see <http://www.gnu.org/licenses/>
  36. *
  37. */
  38. namespace OCA\FederatedFileSharing;
  39. use OC\Share20\Exception\InvalidShare;
  40. use OC\Share20\Share;
  41. use OCP\Constants;
  42. use OCP\DB\QueryBuilder\IQueryBuilder;
  43. use OCP\Federation\ICloudFederationProviderManager;
  44. use OCP\Federation\ICloudIdManager;
  45. use OCP\Files\Folder;
  46. use OCP\Files\IRootFolder;
  47. use OCP\Files\Node;
  48. use OCP\Files\NotFoundException;
  49. use OCP\IConfig;
  50. use OCP\IDBConnection;
  51. use OCP\IL10N;
  52. use OCP\IUserManager;
  53. use OCP\Share\Exceptions\GenericShareException;
  54. use OCP\Share\Exceptions\ShareNotFound;
  55. use OCP\Share\IShare;
  56. use OCP\Share\IShareProvider;
  57. use Psr\Log\LoggerInterface;
  58. /**
  59. * Class FederatedShareProvider
  60. *
  61. * @package OCA\FederatedFileSharing
  62. */
  63. class FederatedShareProvider implements IShareProvider {
  64. public const SHARE_TYPE_REMOTE = 6;
  65. /** @var string */
  66. private $externalShareTable = 'share_external';
  67. /** @var array list of supported share types */
  68. private $supportedShareType = [IShare::TYPE_REMOTE_GROUP, IShare::TYPE_REMOTE, IShare::TYPE_CIRCLE];
  69. /**
  70. * DefaultShareProvider constructor.
  71. */
  72. public function __construct(
  73. private IDBConnection $dbConnection,
  74. private AddressHandler $addressHandler,
  75. private Notifications $notifications,
  76. private TokenHandler $tokenHandler,
  77. private IL10N $l,
  78. private IRootFolder $rootFolder,
  79. private IConfig $config,
  80. private IUserManager $userManager,
  81. private ICloudIdManager $cloudIdManager,
  82. private \OCP\GlobalScale\IConfig $gsConfig,
  83. private ICloudFederationProviderManager $cloudFederationProviderManager,
  84. private LoggerInterface $logger,
  85. ) {
  86. }
  87. /**
  88. * Return the identifier of this provider.
  89. *
  90. * @return string Containing only [a-zA-Z0-9]
  91. */
  92. public function identifier() {
  93. return 'ocFederatedSharing';
  94. }
  95. /**
  96. * Share a path
  97. *
  98. * @param IShare $share
  99. * @return IShare The share object
  100. * @throws ShareNotFound
  101. * @throws \Exception
  102. */
  103. public function create(IShare $share) {
  104. $shareWith = $share->getSharedWith();
  105. $itemSource = $share->getNodeId();
  106. $itemType = $share->getNodeType();
  107. $permissions = $share->getPermissions();
  108. $sharedBy = $share->getSharedBy();
  109. $shareType = $share->getShareType();
  110. $expirationDate = $share->getExpirationDate();
  111. if ($shareType === IShare::TYPE_REMOTE_GROUP &&
  112. !$this->isOutgoingServer2serverGroupShareEnabled()
  113. ) {
  114. $message = 'It is not allowed to send federated group shares from this server.';
  115. $message_t = $this->l->t('It is not allowed to send federated group shares from this server.');
  116. $this->logger->debug($message, ['app' => 'Federated File Sharing']);
  117. throw new \Exception($message_t);
  118. }
  119. /*
  120. * Check if file is not already shared with the remote user
  121. */
  122. $alreadyShared = $this->getSharedWith($shareWith, IShare::TYPE_REMOTE, $share->getNode(), 1, 0);
  123. $alreadySharedGroup = $this->getSharedWith($shareWith, IShare::TYPE_REMOTE_GROUP, $share->getNode(), 1, 0);
  124. if (!empty($alreadyShared) || !empty($alreadySharedGroup)) {
  125. $message = 'Sharing %1$s failed, because this item is already shared with %2$s';
  126. $message_t = $this->l->t('Sharing %1$s failed, because this item is already shared with the account %2$s', [$share->getNode()->getName(), $shareWith]);
  127. $this->logger->debug(sprintf($message, $share->getNode()->getName(), $shareWith), ['app' => 'Federated File Sharing']);
  128. throw new \Exception($message_t);
  129. }
  130. // don't allow federated shares if source and target server are the same
  131. $cloudId = $this->cloudIdManager->resolveCloudId($shareWith);
  132. $currentServer = $this->addressHandler->generateRemoteURL();
  133. $currentUser = $sharedBy;
  134. if ($this->addressHandler->compareAddresses($cloudId->getUser(), $cloudId->getRemote(), $currentUser, $currentServer)) {
  135. $message = 'Not allowed to create a federated share to the same account.';
  136. $message_t = $this->l->t('Not allowed to create a federated share to the same account');
  137. $this->logger->debug($message, ['app' => 'Federated File Sharing']);
  138. throw new \Exception($message_t);
  139. }
  140. // Federated shares always have read permissions
  141. if (($share->getPermissions() & Constants::PERMISSION_READ) === 0) {
  142. $message = 'Federated shares require read permissions';
  143. $message_t = $this->l->t('Federated shares require read permissions');
  144. $this->logger->debug($message, ['app' => 'Federated File Sharing']);
  145. throw new \Exception($message_t);
  146. }
  147. $share->setSharedWith($cloudId->getId());
  148. try {
  149. $remoteShare = $this->getShareFromExternalShareTable($share);
  150. } catch (ShareNotFound $e) {
  151. $remoteShare = null;
  152. }
  153. if ($remoteShare) {
  154. try {
  155. $ownerCloudId = $this->cloudIdManager->getCloudId($remoteShare['owner'], $remoteShare['remote']);
  156. $shareId = $this->addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $ownerCloudId->getId(), $permissions, 'tmp_token_' . time(), $shareType, $expirationDate);
  157. $share->setId($shareId);
  158. [$token, $remoteId] = $this->askOwnerToReShare($shareWith, $share, $shareId);
  159. // remote share was create successfully if we get a valid token as return
  160. $send = is_string($token) && $token !== '';
  161. } catch (\Exception $e) {
  162. // fall back to old re-share behavior if the remote server
  163. // doesn't support flat re-shares (was introduced with Nextcloud 9.1)
  164. $this->removeShareFromTable($share);
  165. $shareId = $this->createFederatedShare($share);
  166. }
  167. if ($send) {
  168. $this->updateSuccessfulReshare($shareId, $token);
  169. $this->storeRemoteId($shareId, $remoteId);
  170. } else {
  171. $this->removeShareFromTable($share);
  172. $message_t = $this->l->t('File is already shared with %s', [$shareWith]);
  173. throw new \Exception($message_t);
  174. }
  175. } else {
  176. $shareId = $this->createFederatedShare($share);
  177. }
  178. $data = $this->getRawShare($shareId);
  179. return $this->createShareObject($data);
  180. }
  181. /**
  182. * create federated share and inform the recipient
  183. *
  184. * @param IShare $share
  185. * @return int
  186. * @throws ShareNotFound
  187. * @throws \Exception
  188. */
  189. protected function createFederatedShare(IShare $share) {
  190. $token = $this->tokenHandler->generateToken();
  191. $shareId = $this->addShareToDB(
  192. $share->getNodeId(),
  193. $share->getNodeType(),
  194. $share->getSharedWith(),
  195. $share->getSharedBy(),
  196. $share->getShareOwner(),
  197. $share->getPermissions(),
  198. $token,
  199. $share->getShareType(),
  200. $share->getExpirationDate()
  201. );
  202. $failure = false;
  203. try {
  204. $sharedByFederatedId = $share->getSharedBy();
  205. if ($this->userManager->userExists($sharedByFederatedId)) {
  206. $cloudId = $this->cloudIdManager->getCloudId($sharedByFederatedId, $this->addressHandler->generateRemoteURL());
  207. $sharedByFederatedId = $cloudId->getId();
  208. }
  209. $ownerCloudId = $this->cloudIdManager->getCloudId($share->getShareOwner(), $this->addressHandler->generateRemoteURL());
  210. $send = $this->notifications->sendRemoteShare(
  211. $token,
  212. $share->getSharedWith(),
  213. $share->getNode()->getName(),
  214. $shareId,
  215. $share->getShareOwner(),
  216. $ownerCloudId->getId(),
  217. $share->getSharedBy(),
  218. $sharedByFederatedId,
  219. $share->getShareType()
  220. );
  221. if ($send === false) {
  222. $failure = true;
  223. }
  224. } catch (\Exception $e) {
  225. $this->logger->error('Failed to notify remote server of federated share, removing share.', [
  226. 'app' => 'federatedfilesharing',
  227. 'exception' => $e,
  228. ]);
  229. $failure = true;
  230. }
  231. if ($failure) {
  232. $this->removeShareFromTableById($shareId);
  233. $message_t = $this->l->t('Sharing %1$s failed, could not find %2$s, maybe the server is currently unreachable or uses a self-signed certificate.',
  234. [$share->getNode()->getName(), $share->getSharedWith()]);
  235. throw new \Exception($message_t);
  236. }
  237. return $shareId;
  238. }
  239. /**
  240. * @param string $shareWith
  241. * @param IShare $share
  242. * @param string $shareId internal share Id
  243. * @return array
  244. * @throws \Exception
  245. */
  246. protected function askOwnerToReShare($shareWith, IShare $share, $shareId) {
  247. $remoteShare = $this->getShareFromExternalShareTable($share);
  248. $token = $remoteShare['share_token'];
  249. $remoteId = $remoteShare['remote_id'];
  250. $remote = $remoteShare['remote'];
  251. [$token, $remoteId] = $this->notifications->requestReShare(
  252. $token,
  253. $remoteId,
  254. $shareId,
  255. $remote,
  256. $shareWith,
  257. $share->getPermissions(),
  258. $share->getNode()->getName()
  259. );
  260. return [$token, $remoteId];
  261. }
  262. /**
  263. * get federated share from the share_external table but exclude mounted link shares
  264. *
  265. * @param IShare $share
  266. * @return array
  267. * @throws ShareNotFound
  268. */
  269. protected function getShareFromExternalShareTable(IShare $share) {
  270. $query = $this->dbConnection->getQueryBuilder();
  271. $query->select('*')->from($this->externalShareTable)
  272. ->where($query->expr()->eq('user', $query->createNamedParameter($share->getShareOwner())))
  273. ->andWhere($query->expr()->eq('mountpoint', $query->createNamedParameter($share->getTarget())));
  274. $qResult = $query->execute();
  275. $result = $qResult->fetchAll();
  276. $qResult->closeCursor();
  277. if (isset($result[0]) && (int)$result[0]['remote_id'] > 0) {
  278. return $result[0];
  279. }
  280. throw new ShareNotFound('share not found in share_external table');
  281. }
  282. /**
  283. * add share to the database and return the ID
  284. *
  285. * @param int $itemSource
  286. * @param string $itemType
  287. * @param string $shareWith
  288. * @param string $sharedBy
  289. * @param string $uidOwner
  290. * @param int $permissions
  291. * @param string $token
  292. * @param int $shareType
  293. * @param \DateTime $expirationDate
  294. * @return int
  295. */
  296. private function addShareToDB($itemSource, $itemType, $shareWith, $sharedBy, $uidOwner, $permissions, $token, $shareType, $expirationDate) {
  297. $qb = $this->dbConnection->getQueryBuilder();
  298. $qb->insert('share')
  299. ->setValue('share_type', $qb->createNamedParameter($shareType))
  300. ->setValue('item_type', $qb->createNamedParameter($itemType))
  301. ->setValue('item_source', $qb->createNamedParameter($itemSource))
  302. ->setValue('file_source', $qb->createNamedParameter($itemSource))
  303. ->setValue('share_with', $qb->createNamedParameter($shareWith))
  304. ->setValue('uid_owner', $qb->createNamedParameter($uidOwner))
  305. ->setValue('uid_initiator', $qb->createNamedParameter($sharedBy))
  306. ->setValue('permissions', $qb->createNamedParameter($permissions))
  307. ->setValue('expiration', $qb->createNamedParameter($expirationDate, IQueryBuilder::PARAM_DATE))
  308. ->setValue('token', $qb->createNamedParameter($token))
  309. ->setValue('stime', $qb->createNamedParameter(time()));
  310. /*
  311. * Added to fix https://github.com/owncloud/core/issues/22215
  312. * Can be removed once we get rid of ajax/share.php
  313. */
  314. $qb->setValue('file_target', $qb->createNamedParameter(''));
  315. $qb->execute();
  316. return $qb->getLastInsertId();
  317. }
  318. /**
  319. * Update a share
  320. *
  321. * @param IShare $share
  322. * @return IShare The share object
  323. */
  324. public function update(IShare $share) {
  325. /*
  326. * We allow updating the permissions of federated shares
  327. */
  328. $qb = $this->dbConnection->getQueryBuilder();
  329. $qb->update('share')
  330. ->where($qb->expr()->eq('id', $qb->createNamedParameter($share->getId())))
  331. ->set('permissions', $qb->createNamedParameter($share->getPermissions()))
  332. ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner()))
  333. ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy()))
  334. ->set('expiration', $qb->createNamedParameter($share->getExpirationDate(), IQueryBuilder::PARAM_DATE))
  335. ->execute();
  336. // send the updated permission to the owner/initiator, if they are not the same
  337. if ($share->getShareOwner() !== $share->getSharedBy()) {
  338. $this->sendPermissionUpdate($share);
  339. }
  340. return $share;
  341. }
  342. /**
  343. * send the updated permission to the owner/initiator, if they are not the same
  344. *
  345. * @param IShare $share
  346. * @throws ShareNotFound
  347. * @throws \OCP\HintException
  348. */
  349. protected function sendPermissionUpdate(IShare $share) {
  350. $remoteId = $this->getRemoteId($share);
  351. // if the local user is the owner we send the permission change to the initiator
  352. if ($this->userManager->userExists($share->getShareOwner())) {
  353. [, $remote] = $this->addressHandler->splitUserRemote($share->getSharedBy());
  354. } else { // ... if not we send the permission change to the owner
  355. [, $remote] = $this->addressHandler->splitUserRemote($share->getShareOwner());
  356. }
  357. $this->notifications->sendPermissionChange($remote, $remoteId, $share->getToken(), $share->getPermissions());
  358. }
  359. /**
  360. * update successful reShare with the correct token
  361. *
  362. * @param int $shareId
  363. * @param string $token
  364. */
  365. protected function updateSuccessfulReShare($shareId, $token) {
  366. $query = $this->dbConnection->getQueryBuilder();
  367. $query->update('share')
  368. ->where($query->expr()->eq('id', $query->createNamedParameter($shareId)))
  369. ->set('token', $query->createNamedParameter($token))
  370. ->execute();
  371. }
  372. /**
  373. * store remote ID in federated reShare table
  374. *
  375. * @param $shareId
  376. * @param $remoteId
  377. */
  378. public function storeRemoteId(int $shareId, string $remoteId): void {
  379. $query = $this->dbConnection->getQueryBuilder();
  380. $query->insert('federated_reshares')
  381. ->values(
  382. [
  383. 'share_id' => $query->createNamedParameter($shareId),
  384. 'remote_id' => $query->createNamedParameter($remoteId),
  385. ]
  386. );
  387. $query->execute();
  388. }
  389. /**
  390. * get share ID on remote server for federated re-shares
  391. *
  392. * @param IShare $share
  393. * @return string
  394. * @throws ShareNotFound
  395. */
  396. public function getRemoteId(IShare $share): string {
  397. $query = $this->dbConnection->getQueryBuilder();
  398. $query->select('remote_id')->from('federated_reshares')
  399. ->where($query->expr()->eq('share_id', $query->createNamedParameter((int)$share->getId())));
  400. $result = $query->execute();
  401. $data = $result->fetch();
  402. $result->closeCursor();
  403. if (!is_array($data) || !isset($data['remote_id'])) {
  404. throw new ShareNotFound();
  405. }
  406. return (string)$data['remote_id'];
  407. }
  408. /**
  409. * @inheritdoc
  410. */
  411. public function move(IShare $share, $recipient) {
  412. /*
  413. * This function does nothing yet as it is just for outgoing
  414. * federated shares.
  415. */
  416. return $share;
  417. }
  418. /**
  419. * Get all children of this share
  420. *
  421. * @param IShare $parent
  422. * @return IShare[]
  423. */
  424. public function getChildren(IShare $parent) {
  425. $children = [];
  426. $qb = $this->dbConnection->getQueryBuilder();
  427. $qb->select('*')
  428. ->from('share')
  429. ->where($qb->expr()->eq('parent', $qb->createNamedParameter($parent->getId())))
  430. ->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)))
  431. ->orderBy('id');
  432. $cursor = $qb->execute();
  433. while ($data = $cursor->fetch()) {
  434. $children[] = $this->createShareObject($data);
  435. }
  436. $cursor->closeCursor();
  437. return $children;
  438. }
  439. /**
  440. * Delete a share (owner unShares the file)
  441. *
  442. * @param IShare $share
  443. * @throws ShareNotFound
  444. * @throws \OCP\HintException
  445. */
  446. public function delete(IShare $share) {
  447. [, $remote] = $this->addressHandler->splitUserRemote($share->getSharedWith());
  448. // if the local user is the owner we can send the unShare request directly...
  449. if ($this->userManager->userExists($share->getShareOwner())) {
  450. $this->notifications->sendRemoteUnShare($remote, $share->getId(), $share->getToken());
  451. $this->revokeShare($share, true);
  452. } else { // ... if not we need to correct ID for the unShare request
  453. $remoteId = $this->getRemoteId($share);
  454. $this->notifications->sendRemoteUnShare($remote, $remoteId, $share->getToken());
  455. $this->revokeShare($share, false);
  456. }
  457. // only remove the share when all messages are send to not lose information
  458. // about the share to early
  459. $this->removeShareFromTable($share);
  460. }
  461. /**
  462. * in case of a re-share we need to send the other use (initiator or owner)
  463. * a message that the file was unshared
  464. *
  465. * @param IShare $share
  466. * @param bool $isOwner the user can either be the owner or the user who re-sahred it
  467. * @throws ShareNotFound
  468. * @throws \OCP\HintException
  469. */
  470. protected function revokeShare($share, $isOwner) {
  471. if ($this->userManager->userExists($share->getShareOwner()) && $this->userManager->userExists($share->getSharedBy())) {
  472. // If both the owner and the initiator of the share are local users we don't have to notify anybody else
  473. return;
  474. }
  475. // also send a unShare request to the initiator, if this is a different user than the owner
  476. if ($share->getShareOwner() !== $share->getSharedBy()) {
  477. if ($isOwner) {
  478. [, $remote] = $this->addressHandler->splitUserRemote($share->getSharedBy());
  479. } else {
  480. [, $remote] = $this->addressHandler->splitUserRemote($share->getShareOwner());
  481. }
  482. $remoteId = $this->getRemoteId($share);
  483. $this->notifications->sendRevokeShare($remote, $remoteId, $share->getToken());
  484. }
  485. }
  486. /**
  487. * remove share from table
  488. *
  489. * @param IShare $share
  490. */
  491. public function removeShareFromTable(IShare $share) {
  492. $this->removeShareFromTableById($share->getId());
  493. }
  494. /**
  495. * remove share from table
  496. *
  497. * @param string $shareId
  498. */
  499. private function removeShareFromTableById($shareId) {
  500. $qb = $this->dbConnection->getQueryBuilder();
  501. $qb->delete('share')
  502. ->where($qb->expr()->eq('id', $qb->createNamedParameter($shareId)))
  503. ->andWhere($qb->expr()->neq('share_type', $qb->createNamedParameter(IShare::TYPE_CIRCLE)));
  504. $qb->execute();
  505. $qb = $this->dbConnection->getQueryBuilder();
  506. $qb->delete('federated_reshares')
  507. ->where($qb->expr()->eq('share_id', $qb->createNamedParameter($shareId)));
  508. $qb->execute();
  509. }
  510. /**
  511. * @inheritdoc
  512. */
  513. public function deleteFromSelf(IShare $share, $recipient) {
  514. // nothing to do here. Technically deleteFromSelf in the context of federated
  515. // shares is a umount of an external storage. This is handled here
  516. // apps/files_sharing/lib/external/manager.php
  517. // TODO move this code over to this app
  518. }
  519. public function restore(IShare $share, string $recipient): IShare {
  520. throw new GenericShareException('not implemented');
  521. }
  522. public function getSharesInFolder($userId, Folder $node, $reshares, $shallow = true) {
  523. $qb = $this->dbConnection->getQueryBuilder();
  524. $qb->select('*')
  525. ->from('share', 's')
  526. ->andWhere($qb->expr()->orX(
  527. $qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
  528. $qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
  529. ))
  530. ->andWhere(
  531. $qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_REMOTE))
  532. );
  533. /**
  534. * Reshares for this user are shares where they are the owner.
  535. */
  536. if ($reshares === false) {
  537. $qb->andWhere($qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)));
  538. } else {
  539. $qb->andWhere(
  540. $qb->expr()->orX(
  541. $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
  542. $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
  543. )
  544. );
  545. }
  546. $qb->innerJoin('s', 'filecache', 'f', $qb->expr()->eq('s.file_source', 'f.fileid'));
  547. $qb->andWhere($qb->expr()->eq('f.storage', $qb->createNamedParameter($node->getMountPoint()->getNumericStorageId(), IQueryBuilder::PARAM_INT)));
  548. if ($shallow) {
  549. $qb->andWhere($qb->expr()->eq('f.parent', $qb->createNamedParameter($node->getId(), IQueryBuilder::PARAM_INT)));
  550. } else {
  551. $qb->andWhere($qb->expr()->like('f.path', $qb->createNamedParameter($this->dbConnection->escapeLikeParameter($node->getInternalPath()) . '/%')));
  552. }
  553. $qb->orderBy('id');
  554. $cursor = $qb->execute();
  555. $shares = [];
  556. while ($data = $cursor->fetch()) {
  557. $shares[$data['fileid']][] = $this->createShareObject($data);
  558. }
  559. $cursor->closeCursor();
  560. return $shares;
  561. }
  562. /**
  563. * @inheritdoc
  564. */
  565. public function getSharesBy($userId, $shareType, $node, $reshares, $limit, $offset) {
  566. $qb = $this->dbConnection->getQueryBuilder();
  567. $qb->select('*')
  568. ->from('share');
  569. $qb->andWhere($qb->expr()->eq('share_type', $qb->createNamedParameter($shareType)));
  570. /**
  571. * Reshares for this user are shares where they are the owner.
  572. */
  573. if ($reshares === false) {
  574. //Special case for old shares created via the web UI
  575. $or1 = $qb->expr()->andX(
  576. $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
  577. $qb->expr()->isNull('uid_initiator')
  578. );
  579. $qb->andWhere(
  580. $qb->expr()->orX(
  581. $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId)),
  582. $or1
  583. )
  584. );
  585. } else {
  586. $qb->andWhere(
  587. $qb->expr()->orX(
  588. $qb->expr()->eq('uid_owner', $qb->createNamedParameter($userId)),
  589. $qb->expr()->eq('uid_initiator', $qb->createNamedParameter($userId))
  590. )
  591. );
  592. }
  593. if ($node !== null) {
  594. $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
  595. }
  596. if ($limit !== -1) {
  597. $qb->setMaxResults($limit);
  598. }
  599. $qb->setFirstResult($offset);
  600. $qb->orderBy('id');
  601. $cursor = $qb->execute();
  602. $shares = [];
  603. while ($data = $cursor->fetch()) {
  604. $shares[] = $this->createShareObject($data);
  605. }
  606. $cursor->closeCursor();
  607. return $shares;
  608. }
  609. /**
  610. * @inheritdoc
  611. */
  612. public function getShareById($id, $recipientId = null) {
  613. $qb = $this->dbConnection->getQueryBuilder();
  614. $qb->select('*')
  615. ->from('share')
  616. ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)))
  617. ->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)));
  618. $cursor = $qb->execute();
  619. $data = $cursor->fetch();
  620. $cursor->closeCursor();
  621. if ($data === false) {
  622. throw new ShareNotFound('Can not find share with ID: ' . $id);
  623. }
  624. try {
  625. $share = $this->createShareObject($data);
  626. } catch (InvalidShare $e) {
  627. throw new ShareNotFound();
  628. }
  629. return $share;
  630. }
  631. /**
  632. * Get shares for a given path
  633. *
  634. * @param \OCP\Files\Node $path
  635. * @return IShare[]
  636. */
  637. public function getSharesByPath(Node $path) {
  638. $qb = $this->dbConnection->getQueryBuilder();
  639. // get federated user shares
  640. $cursor = $qb->select('*')
  641. ->from('share')
  642. ->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($path->getId())))
  643. ->andWhere($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)))
  644. ->execute();
  645. $shares = [];
  646. while ($data = $cursor->fetch()) {
  647. $shares[] = $this->createShareObject($data);
  648. }
  649. $cursor->closeCursor();
  650. return $shares;
  651. }
  652. /**
  653. * @inheritdoc
  654. */
  655. public function getSharedWith($userId, $shareType, $node, $limit, $offset) {
  656. /** @var IShare[] $shares */
  657. $shares = [];
  658. //Get shares directly with this user
  659. $qb = $this->dbConnection->getQueryBuilder();
  660. $qb->select('*')
  661. ->from('share');
  662. // Order by id
  663. $qb->orderBy('id');
  664. // Set limit and offset
  665. if ($limit !== -1) {
  666. $qb->setMaxResults($limit);
  667. }
  668. $qb->setFirstResult($offset);
  669. $qb->where($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)));
  670. $qb->andWhere($qb->expr()->eq('share_with', $qb->createNamedParameter($userId)));
  671. // Filter by node if provided
  672. if ($node !== null) {
  673. $qb->andWhere($qb->expr()->eq('file_source', $qb->createNamedParameter($node->getId())));
  674. }
  675. $cursor = $qb->execute();
  676. while ($data = $cursor->fetch()) {
  677. $shares[] = $this->createShareObject($data);
  678. }
  679. $cursor->closeCursor();
  680. return $shares;
  681. }
  682. /**
  683. * Get a share by token
  684. *
  685. * @param string $token
  686. * @return IShare
  687. * @throws ShareNotFound
  688. */
  689. public function getShareByToken($token) {
  690. $qb = $this->dbConnection->getQueryBuilder();
  691. $cursor = $qb->select('*')
  692. ->from('share')
  693. ->where($qb->expr()->in('share_type', $qb->createNamedParameter($this->supportedShareType, IQueryBuilder::PARAM_INT_ARRAY)))
  694. ->andWhere($qb->expr()->eq('token', $qb->createNamedParameter($token)))
  695. ->execute();
  696. $data = $cursor->fetch();
  697. if ($data === false) {
  698. throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
  699. }
  700. try {
  701. $share = $this->createShareObject($data);
  702. } catch (InvalidShare $e) {
  703. throw new ShareNotFound('Share not found', $this->l->t('Could not find share'));
  704. }
  705. return $share;
  706. }
  707. /**
  708. * get database row of a give share
  709. *
  710. * @param $id
  711. * @return array
  712. * @throws ShareNotFound
  713. */
  714. private function getRawShare($id) {
  715. // Now fetch the inserted share and create a complete share object
  716. $qb = $this->dbConnection->getQueryBuilder();
  717. $qb->select('*')
  718. ->from('share')
  719. ->where($qb->expr()->eq('id', $qb->createNamedParameter($id)));
  720. $cursor = $qb->execute();
  721. $data = $cursor->fetch();
  722. $cursor->closeCursor();
  723. if ($data === false) {
  724. throw new ShareNotFound;
  725. }
  726. return $data;
  727. }
  728. /**
  729. * Create a share object from an database row
  730. *
  731. * @param array $data
  732. * @return IShare
  733. * @throws InvalidShare
  734. * @throws ShareNotFound
  735. */
  736. private function createShareObject($data) {
  737. $share = new Share($this->rootFolder, $this->userManager);
  738. $share->setId((int)$data['id'])
  739. ->setShareType((int)$data['share_type'])
  740. ->setPermissions((int)$data['permissions'])
  741. ->setTarget($data['file_target'])
  742. ->setMailSend((bool)$data['mail_send'])
  743. ->setToken($data['token']);
  744. $shareTime = new \DateTime();
  745. $shareTime->setTimestamp((int)$data['stime']);
  746. $share->setShareTime($shareTime);
  747. $share->setSharedWith($data['share_with']);
  748. if ($data['uid_initiator'] !== null) {
  749. $share->setShareOwner($data['uid_owner']);
  750. $share->setSharedBy($data['uid_initiator']);
  751. } else {
  752. //OLD SHARE
  753. $share->setSharedBy($data['uid_owner']);
  754. $path = $this->getNode($share->getSharedBy(), (int)$data['file_source']);
  755. $owner = $path->getOwner();
  756. $share->setShareOwner($owner->getUID());
  757. }
  758. $share->setNodeId((int)$data['file_source']);
  759. $share->setNodeType($data['item_type']);
  760. $share->setProviderId($this->identifier());
  761. if ($data['expiration'] !== null) {
  762. $expiration = \DateTime::createFromFormat('Y-m-d H:i:s', $data['expiration']);
  763. $share->setExpirationDate($expiration);
  764. }
  765. return $share;
  766. }
  767. /**
  768. * Get the node with file $id for $user
  769. *
  770. * @param string $userId
  771. * @param int $id
  772. * @return \OCP\Files\Node
  773. * @throws InvalidShare
  774. */
  775. private function getNode($userId, $id) {
  776. try {
  777. $userFolder = $this->rootFolder->getUserFolder($userId);
  778. } catch (NotFoundException $e) {
  779. throw new InvalidShare();
  780. }
  781. $node = $userFolder->getFirstNodeById($id);
  782. if (!$node) {
  783. throw new InvalidShare();
  784. }
  785. return $node;
  786. }
  787. /**
  788. * A user is deleted from the system
  789. * So clean up the relevant shares.
  790. *
  791. * @param string $uid
  792. * @param int $shareType
  793. */
  794. public function userDeleted($uid, $shareType) {
  795. //TODO: probably a good idea to send unshare info to remote servers
  796. $qb = $this->dbConnection->getQueryBuilder();
  797. $qb->delete('share')
  798. ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_REMOTE)))
  799. ->andWhere($qb->expr()->eq('uid_owner', $qb->createNamedParameter($uid)))
  800. ->execute();
  801. }
  802. /**
  803. * This provider does not handle groups
  804. *
  805. * @param string $gid
  806. */
  807. public function groupDeleted($gid) {
  808. // We don't handle groups here
  809. }
  810. /**
  811. * This provider does not handle groups
  812. *
  813. * @param string $uid
  814. * @param string $gid
  815. */
  816. public function userDeletedFromGroup($uid, $gid) {
  817. // We don't handle groups here
  818. }
  819. /**
  820. * check if users from other Nextcloud instances are allowed to mount public links share by this instance
  821. *
  822. * @return bool
  823. */
  824. public function isOutgoingServer2serverShareEnabled() {
  825. if ($this->gsConfig->onlyInternalFederation()) {
  826. return false;
  827. }
  828. $result = $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes');
  829. return ($result === 'yes');
  830. }
  831. /**
  832. * check if users are allowed to mount public links from other Nextclouds
  833. *
  834. * @return bool
  835. */
  836. public function isIncomingServer2serverShareEnabled() {
  837. if ($this->gsConfig->onlyInternalFederation()) {
  838. return false;
  839. }
  840. $result = $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes');
  841. return ($result === 'yes');
  842. }
  843. /**
  844. * check if users from other Nextcloud instances are allowed to send federated group shares
  845. *
  846. * @return bool
  847. */
  848. public function isOutgoingServer2serverGroupShareEnabled() {
  849. if ($this->gsConfig->onlyInternalFederation()) {
  850. return false;
  851. }
  852. $result = $this->config->getAppValue('files_sharing', 'outgoing_server2server_group_share_enabled', 'no');
  853. return ($result === 'yes');
  854. }
  855. /**
  856. * check if users are allowed to receive federated group shares
  857. *
  858. * @return bool
  859. */
  860. public function isIncomingServer2serverGroupShareEnabled() {
  861. if ($this->gsConfig->onlyInternalFederation()) {
  862. return false;
  863. }
  864. $result = $this->config->getAppValue('files_sharing', 'incoming_server2server_group_share_enabled', 'no');
  865. return ($result === 'yes');
  866. }
  867. /**
  868. * check if federated group sharing is supported, therefore the OCM API need to be enabled
  869. *
  870. * @return bool
  871. */
  872. public function isFederatedGroupSharingSupported() {
  873. return $this->cloudFederationProviderManager->isReady();
  874. }
  875. /**
  876. * Check if querying sharees on the lookup server is enabled
  877. *
  878. * @return bool
  879. */
  880. public function isLookupServerQueriesEnabled() {
  881. // in a global scale setup we should always query the lookup server
  882. if ($this->gsConfig->isGlobalScaleEnabled()) {
  883. return true;
  884. }
  885. $result = $this->config->getAppValue('files_sharing', 'lookupServerEnabled', 'yes');
  886. return ($result === 'yes');
  887. }
  888. /**
  889. * Check if it is allowed to publish user specific data to the lookup server
  890. *
  891. * @return bool
  892. */
  893. public function isLookupServerUploadEnabled() {
  894. // in a global scale setup the admin is responsible to keep the lookup server up-to-date
  895. if ($this->gsConfig->isGlobalScaleEnabled()) {
  896. return false;
  897. }
  898. $result = $this->config->getAppValue('files_sharing', 'lookupServerUploadEnabled', 'yes');
  899. return ($result === 'yes');
  900. }
  901. /**
  902. * @inheritdoc
  903. */
  904. public function getAccessList($nodes, $currentAccess) {
  905. $ids = [];
  906. foreach ($nodes as $node) {
  907. $ids[] = $node->getId();
  908. }
  909. $qb = $this->dbConnection->getQueryBuilder();
  910. $qb->select('share_with', 'token', 'file_source')
  911. ->from('share')
  912. ->where($qb->expr()->eq('share_type', $qb->createNamedParameter(IShare::TYPE_REMOTE)))
  913. ->andWhere($qb->expr()->in('file_source', $qb->createNamedParameter($ids, IQueryBuilder::PARAM_INT_ARRAY)))
  914. ->andWhere($qb->expr()->orX(
  915. $qb->expr()->eq('item_type', $qb->createNamedParameter('file')),
  916. $qb->expr()->eq('item_type', $qb->createNamedParameter('folder'))
  917. ));
  918. $cursor = $qb->execute();
  919. if ($currentAccess === false) {
  920. $remote = $cursor->fetch() !== false;
  921. $cursor->closeCursor();
  922. return ['remote' => $remote];
  923. }
  924. $remote = [];
  925. while ($row = $cursor->fetch()) {
  926. $remote[$row['share_with']] = [
  927. 'node_id' => $row['file_source'],
  928. 'token' => $row['token'],
  929. ];
  930. }
  931. $cursor->closeCursor();
  932. return ['remote' => $remote];
  933. }
  934. public function getAllShares(): iterable {
  935. $qb = $this->dbConnection->getQueryBuilder();
  936. $qb->select('*')
  937. ->from('share')
  938. ->where(
  939. $qb->expr()->orX(
  940. $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_REMOTE)),
  941. $qb->expr()->eq('share_type', $qb->createNamedParameter(\OCP\Share\IShare::TYPE_REMOTE_GROUP))
  942. )
  943. );
  944. $cursor = $qb->execute();
  945. while ($data = $cursor->fetch()) {
  946. try {
  947. $share = $this->createShareObject($data);
  948. } catch (InvalidShare $e) {
  949. continue;
  950. } catch (ShareNotFound $e) {
  951. continue;
  952. }
  953. yield $share;
  954. }
  955. $cursor->closeCursor();
  956. }
  957. }