12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643 |
- <?php
- /**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
- * @author Bjoern Schiessle <bjoern@schiessle.org>
- * @author Björn Schießle <bjoern@schiessle.org>
- * @author Daniel Calviño Sánchez <danxuliu@gmail.com>
- * @author Jan-Christoph Borchardt <hey@jancborchardt.net>
- * @author Joas Schilling <coding@schilljs.com>
- * @author Julius Härtl <jus@bitgrid.net>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Maxence Lange <maxence@artificial-owl.com>
- * @author Maxence Lange <maxence@nextcloud.com>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Pauli Järvinen <pauli.jarvinen@gmail.com>
- * @author Robin Appelman <robin@icewind.nl>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Stephan Müller <mail@stephanmueller.eu>
- * @author Vincent Petry <pvince81@owncloud.com>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
- namespace OC\Share20;
- use OC\Cache\CappedMemoryCache;
- use OC\Files\Mount\MoveableMount;
- use OC\HintException;
- use OC\Share20\Exception\ProviderException;
- use OCP\Files\File;
- use OCP\Files\Folder;
- use OCP\Files\IRootFolder;
- use OCP\Files\Mount\IMountManager;
- use OCP\Files\Node;
- use OCP\IConfig;
- use OCP\IGroupManager;
- use OCP\IL10N;
- use OCP\ILogger;
- use OCP\IURLGenerator;
- use OCP\IUser;
- use OCP\IUserManager;
- use OCP\L10N\IFactory;
- use OCP\Mail\IMailer;
- use OCP\Security\IHasher;
- use OCP\Security\ISecureRandom;
- use OCP\Share\Exceptions\GenericShareException;
- use OCP\Share\Exceptions\ShareNotFound;
- use OCP\Share\IManager;
- use OCP\Share\IProviderFactory;
- use OCP\Share\IShare;
- use Symfony\Component\EventDispatcher\EventDispatcher;
- use Symfony\Component\EventDispatcher\GenericEvent;
- use OCP\Share\IShareProvider;
- use OCP\Share;
- /**
- * This class is the communication hub for all sharing related operations.
- */
- class Manager implements IManager {
- /** @var IProviderFactory */
- private $factory;
- /** @var ILogger */
- private $logger;
- /** @var IConfig */
- private $config;
- /** @var ISecureRandom */
- private $secureRandom;
- /** @var IHasher */
- private $hasher;
- /** @var IMountManager */
- private $mountManager;
- /** @var IGroupManager */
- private $groupManager;
- /** @var IL10N */
- private $l;
- /** @var IFactory */
- private $l10nFactory;
- /** @var IUserManager */
- private $userManager;
- /** @var IRootFolder */
- private $rootFolder;
- /** @var CappedMemoryCache */
- private $sharingDisabledForUsersCache;
- /** @var EventDispatcher */
- private $eventDispatcher;
- /** @var LegacyHooks */
- private $legacyHooks;
- /** @var IMailer */
- private $mailer;
- /** @var IURLGenerator */
- private $urlGenerator;
- /** @var \OC_Defaults */
- private $defaults;
- /**
- * Manager constructor.
- *
- * @param ILogger $logger
- * @param IConfig $config
- * @param ISecureRandom $secureRandom
- * @param IHasher $hasher
- * @param IMountManager $mountManager
- * @param IGroupManager $groupManager
- * @param IL10N $l
- * @param IFactory $l10nFactory
- * @param IProviderFactory $factory
- * @param IUserManager $userManager
- * @param IRootFolder $rootFolder
- * @param EventDispatcher $eventDispatcher
- * @param IMailer $mailer
- * @param IURLGenerator $urlGenerator
- * @param \OC_Defaults $defaults
- */
- public function __construct(
- ILogger $logger,
- IConfig $config,
- ISecureRandom $secureRandom,
- IHasher $hasher,
- IMountManager $mountManager,
- IGroupManager $groupManager,
- IL10N $l,
- IFactory $l10nFactory,
- IProviderFactory $factory,
- IUserManager $userManager,
- IRootFolder $rootFolder,
- EventDispatcher $eventDispatcher,
- IMailer $mailer,
- IURLGenerator $urlGenerator,
- \OC_Defaults $defaults
- ) {
- $this->logger = $logger;
- $this->config = $config;
- $this->secureRandom = $secureRandom;
- $this->hasher = $hasher;
- $this->mountManager = $mountManager;
- $this->groupManager = $groupManager;
- $this->l = $l;
- $this->l10nFactory = $l10nFactory;
- $this->factory = $factory;
- $this->userManager = $userManager;
- $this->rootFolder = $rootFolder;
- $this->eventDispatcher = $eventDispatcher;
- $this->sharingDisabledForUsersCache = new CappedMemoryCache();
- $this->legacyHooks = new LegacyHooks($this->eventDispatcher);
- $this->mailer = $mailer;
- $this->urlGenerator = $urlGenerator;
- $this->defaults = $defaults;
- }
- /**
- * Convert from a full share id to a tuple (providerId, shareId)
- *
- * @param string $id
- * @return string[]
- */
- private function splitFullId($id) {
- return explode(':', $id, 2);
- }
- /**
- * Verify if a password meets all requirements
- *
- * @param string $password
- * @throws \Exception
- */
- protected function verifyPassword($password) {
- if ($password === null) {
- // No password is set, check if this is allowed.
- if ($this->shareApiLinkEnforcePassword()) {
- throw new \InvalidArgumentException('Passwords are enforced for link shares');
- }
- return;
- }
- // Let others verify the password
- try {
- $event = new GenericEvent($password);
- $this->eventDispatcher->dispatch('OCP\PasswordPolicy::validate', $event);
- } catch (HintException $e) {
- throw new \Exception($e->getHint());
- }
- }
- /**
- * Check for generic requirements before creating a share
- *
- * @param \OCP\Share\IShare $share
- * @throws \InvalidArgumentException
- * @throws GenericShareException
- *
- * @suppress PhanUndeclaredClassMethod
- */
- protected function generalCreateChecks(\OCP\Share\IShare $share) {
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) {
- // We expect a valid user as sharedWith for user shares
- if (!$this->userManager->userExists($share->getSharedWith())) {
- throw new \InvalidArgumentException('SharedWith is not a valid user');
- }
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) {
- // We expect a valid group as sharedWith for group shares
- if (!$this->groupManager->groupExists($share->getSharedWith())) {
- throw new \InvalidArgumentException('SharedWith is not a valid group');
- }
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
- if ($share->getSharedWith() !== null) {
- throw new \InvalidArgumentException('SharedWith should be empty');
- }
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) {
- if ($share->getSharedWith() === null) {
- throw new \InvalidArgumentException('SharedWith should not be empty');
- }
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE_GROUP) {
- if ($share->getSharedWith() === null) {
- throw new \InvalidArgumentException('SharedWith should not be empty');
- }
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
- if ($share->getSharedWith() === null) {
- throw new \InvalidArgumentException('SharedWith should not be empty');
- }
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_CIRCLE) {
- $circle = \OCA\Circles\Api\v1\Circles::detailsCircle($share->getSharedWith());
- if ($circle === null) {
- throw new \InvalidArgumentException('SharedWith is not a valid circle');
- }
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_ROOM) {
- } else {
- // We can't handle other types yet
- throw new \InvalidArgumentException('unknown share type');
- }
- // Verify the initiator of the share is set
- if ($share->getSharedBy() === null) {
- throw new \InvalidArgumentException('SharedBy should be set');
- }
- // Cannot share with yourself
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER &&
- $share->getSharedWith() === $share->getSharedBy()) {
- throw new \InvalidArgumentException('Can’t share with yourself');
- }
- // The path should be set
- if ($share->getNode() === null) {
- throw new \InvalidArgumentException('Path should be set');
- }
- // And it should be a file or a folder
- if (!($share->getNode() instanceof \OCP\Files\File) &&
- !($share->getNode() instanceof \OCP\Files\Folder)) {
- throw new \InvalidArgumentException('Path should be either a file or a folder');
- }
- // And you can't share your rootfolder
- if ($this->userManager->userExists($share->getSharedBy())) {
- $sharedPath = $this->rootFolder->getUserFolder($share->getSharedBy())->getPath();
- } else {
- $sharedPath = $this->rootFolder->getUserFolder($share->getShareOwner())->getPath();
- }
- if ($sharedPath === $share->getNode()->getPath()) {
- throw new \InvalidArgumentException('You can’t share your root folder');
- }
- // Check if we actually have share permissions
- if (!$share->getNode()->isShareable()) {
- $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]);
- throw new GenericShareException($message_t, $message_t, 404);
- }
- // Permissions should be set
- if ($share->getPermissions() === null) {
- throw new \InvalidArgumentException('A share requires permissions');
- }
- /*
- * Quick fix for #23536
- * Non moveable mount points do not have update and delete permissions
- * while we 'most likely' do have that on the storage.
- */
- $permissions = $share->getNode()->getPermissions();
- $mount = $share->getNode()->getMountPoint();
- if (!($mount instanceof MoveableMount)) {
- $permissions |= \OCP\Constants::PERMISSION_DELETE | \OCP\Constants::PERMISSION_UPDATE;
- }
- // Check that we do not share with more permissions than we have
- if ($share->getPermissions() & ~$permissions) {
- $message_t = $this->l->t('Can’t increase permissions of %s', [$share->getNode()->getPath()]);
- throw new GenericShareException($message_t, $message_t, 404);
- }
- // Check that read permissions are always set
- // Link shares are allowed to have no read permissions to allow upload to hidden folders
- $noReadPermissionRequired = $share->getShareType() === \OCP\Share::SHARE_TYPE_LINK
- || $share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL;
- if (!$noReadPermissionRequired &&
- ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) {
- throw new \InvalidArgumentException('Shares need at least read permissions');
- }
- if ($share->getNode() instanceof \OCP\Files\File) {
- if ($share->getPermissions() & \OCP\Constants::PERMISSION_DELETE) {
- $message_t = $this->l->t('Files can’t be shared with delete permissions');
- throw new GenericShareException($message_t);
- }
- if ($share->getPermissions() & \OCP\Constants::PERMISSION_CREATE) {
- $message_t = $this->l->t('Files can’t be shared with create permissions');
- throw new GenericShareException($message_t);
- }
- }
- }
- /**
- * Validate if the expiration date fits the system settings
- *
- * @param \OCP\Share\IShare $share The share to validate the expiration date of
- * @return \OCP\Share\IShare The modified share object
- * @throws GenericShareException
- * @throws \InvalidArgumentException
- * @throws \Exception
- */
- protected function validateExpirationDate(\OCP\Share\IShare $share) {
- $expirationDate = $share->getExpirationDate();
- if ($expirationDate !== null) {
- //Make sure the expiration date is a date
- $expirationDate->setTime(0, 0, 0);
- $date = new \DateTime();
- $date->setTime(0, 0, 0);
- if ($date >= $expirationDate) {
- $message = $this->l->t('Expiration date is in the past');
- throw new GenericShareException($message, $message, 404);
- }
- }
- // If expiredate is empty set a default one if there is a default
- $fullId = null;
- try {
- $fullId = $share->getFullId();
- } catch (\UnexpectedValueException $e) {
- // This is a new share
- }
- if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) {
- $expirationDate = new \DateTime();
- $expirationDate->setTime(0,0,0);
- $expirationDate->add(new \DateInterval('P'.$this->shareApiLinkDefaultExpireDays().'D'));
- }
- // If we enforce the expiration date check that is does not exceed
- if ($this->shareApiLinkDefaultExpireDateEnforced()) {
- if ($expirationDate === null) {
- throw new \InvalidArgumentException('Expiration date is enforced');
- }
- $date = new \DateTime();
- $date->setTime(0, 0, 0);
- $date->add(new \DateInterval('P' . $this->shareApiLinkDefaultExpireDays() . 'D'));
- if ($date < $expirationDate) {
- $message = $this->l->t('Can’t set expiration date more than %s days in the future', [$this->shareApiLinkDefaultExpireDays()]);
- throw new GenericShareException($message, $message, 404);
- }
- }
- $accepted = true;
- $message = '';
- \OCP\Util::emitHook('\OC\Share', 'verifyExpirationDate', [
- 'expirationDate' => &$expirationDate,
- 'accepted' => &$accepted,
- 'message' => &$message,
- 'passwordSet' => $share->getPassword() !== null,
- ]);
- if (!$accepted) {
- throw new \Exception($message);
- }
- $share->setExpirationDate($expirationDate);
- return $share;
- }
- /**
- * Check for pre share requirements for user shares
- *
- * @param \OCP\Share\IShare $share
- * @throws \Exception
- */
- protected function userCreateChecks(\OCP\Share\IShare $share) {
- // Check if we can share with group members only
- if ($this->shareWithGroupMembersOnly()) {
- $sharedBy = $this->userManager->get($share->getSharedBy());
- $sharedWith = $this->userManager->get($share->getSharedWith());
- // Verify we can share with this user
- $groups = array_intersect(
- $this->groupManager->getUserGroupIds($sharedBy),
- $this->groupManager->getUserGroupIds($sharedWith)
- );
- if (empty($groups)) {
- throw new \Exception('Sharing is only allowed with group members');
- }
- }
- /*
- * TODO: Could be costly, fix
- *
- * Also this is not what we want in the future.. then we want to squash identical shares.
- */
- $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_USER);
- $existingShares = $provider->getSharesByPath($share->getNode());
- foreach($existingShares as $existingShare) {
- // Ignore if it is the same share
- try {
- if ($existingShare->getFullId() === $share->getFullId()) {
- continue;
- }
- } catch (\UnexpectedValueException $e) {
- //Shares are not identical
- }
- // Identical share already existst
- if ($existingShare->getSharedWith() === $share->getSharedWith()) {
- throw new \Exception('Path is already shared with this user');
- }
- // The share is already shared with this user via a group share
- if ($existingShare->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) {
- $group = $this->groupManager->get($existingShare->getSharedWith());
- if (!is_null($group)) {
- $user = $this->userManager->get($share->getSharedWith());
- if ($group->inGroup($user) && $existingShare->getShareOwner() !== $share->getShareOwner()) {
- throw new \Exception('Path is already shared with this user');
- }
- }
- }
- }
- }
- /**
- * Check for pre share requirements for group shares
- *
- * @param \OCP\Share\IShare $share
- * @throws \Exception
- */
- protected function groupCreateChecks(\OCP\Share\IShare $share) {
- // Verify group shares are allowed
- if (!$this->allowGroupSharing()) {
- throw new \Exception('Group sharing is now allowed');
- }
- // Verify if the user can share with this group
- if ($this->shareWithGroupMembersOnly()) {
- $sharedBy = $this->userManager->get($share->getSharedBy());
- $sharedWith = $this->groupManager->get($share->getSharedWith());
- if (is_null($sharedWith) || !$sharedWith->inGroup($sharedBy)) {
- throw new \Exception('Sharing is only allowed within your own groups');
- }
- }
- /*
- * TODO: Could be costly, fix
- *
- * Also this is not what we want in the future.. then we want to squash identical shares.
- */
- $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_GROUP);
- $existingShares = $provider->getSharesByPath($share->getNode());
- foreach($existingShares as $existingShare) {
- try {
- if ($existingShare->getFullId() === $share->getFullId()) {
- continue;
- }
- } catch (\UnexpectedValueException $e) {
- //It is a new share so just continue
- }
- if ($existingShare->getSharedWith() === $share->getSharedWith()) {
- throw new \Exception('Path is already shared with this group');
- }
- }
- }
- /**
- * Check for pre share requirements for link shares
- *
- * @param \OCP\Share\IShare $share
- * @throws \Exception
- */
- protected function linkCreateChecks(\OCP\Share\IShare $share) {
- // Are link shares allowed?
- if (!$this->shareApiAllowLinks()) {
- throw new \Exception('Link sharing is not allowed');
- }
- // Link shares by definition can't have share permissions
- if ($share->getPermissions() & \OCP\Constants::PERMISSION_SHARE) {
- throw new \InvalidArgumentException('Link shares can’t have reshare permissions');
- }
- // Check if public upload is allowed
- if (!$this->shareApiLinkAllowPublicUpload() &&
- ($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE))) {
- throw new \InvalidArgumentException('Public upload is not allowed');
- }
- }
- /**
- * To make sure we don't get invisible link shares we set the parent
- * of a link if it is a reshare. This is a quick word around
- * until we can properly display multiple link shares in the UI
- *
- * See: https://github.com/owncloud/core/issues/22295
- *
- * FIXME: Remove once multiple link shares can be properly displayed
- *
- * @param \OCP\Share\IShare $share
- */
- protected function setLinkParent(\OCP\Share\IShare $share) {
- // No sense in checking if the method is not there.
- if (method_exists($share, 'setParent')) {
- $storage = $share->getNode()->getStorage();
- if ($storage->instanceOfStorage('\OCA\Files_Sharing\ISharedStorage')) {
- /** @var \OCA\Files_Sharing\SharedStorage $storage */
- $share->setParent($storage->getShareId());
- }
- }
- }
- /**
- * @param File|Folder $path
- */
- protected function pathCreateChecks($path) {
- // Make sure that we do not share a path that contains a shared mountpoint
- if ($path instanceof \OCP\Files\Folder) {
- $mounts = $this->mountManager->findIn($path->getPath());
- foreach($mounts as $mount) {
- if ($mount->getStorage()->instanceOfStorage('\OCA\Files_Sharing\ISharedStorage')) {
- throw new \InvalidArgumentException('Path contains files shared with you');
- }
- }
- }
- }
- /**
- * Check if the user that is sharing can actually share
- *
- * @param \OCP\Share\IShare $share
- * @throws \Exception
- */
- protected function canShare(\OCP\Share\IShare $share) {
- if (!$this->shareApiEnabled()) {
- throw new \Exception('Sharing is disabled');
- }
- if ($this->sharingDisabledForUser($share->getSharedBy())) {
- throw new \Exception('Sharing is disabled for you');
- }
- }
- /**
- * Share a path
- *
- * @param \OCP\Share\IShare $share
- * @return Share The share object
- * @throws \Exception
- *
- * TODO: handle link share permissions or check them
- */
- public function createShare(\OCP\Share\IShare $share) {
- $this->canShare($share);
- $this->generalCreateChecks($share);
- // Verify if there are any issues with the path
- $this->pathCreateChecks($share->getNode());
- /*
- * On creation of a share the owner is always the owner of the path
- * Except for mounted federated shares.
- */
- $storage = $share->getNode()->getStorage();
- if ($storage->instanceOfStorage('OCA\Files_Sharing\External\Storage')) {
- $parent = $share->getNode()->getParent();
- while($parent->getStorage()->instanceOfStorage('OCA\Files_Sharing\External\Storage')) {
- $parent = $parent->getParent();
- }
- $share->setShareOwner($parent->getOwner()->getUID());
- } else {
- $share->setShareOwner($share->getNode()->getOwner()->getUID());
- }
- //Verify share type
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) {
- $this->userCreateChecks($share);
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) {
- $this->groupCreateChecks($share);
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
- $this->linkCreateChecks($share);
- $this->setLinkParent($share);
- /*
- * For now ignore a set token.
- */
- $share->setToken(
- $this->secureRandom->generate(
- \OC\Share\Constants::TOKEN_LENGTH,
- \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
- )
- );
- //Verify the expiration date
- $this->validateExpirationDate($share);
- //Verify the password
- $this->verifyPassword($share->getPassword());
- // If a password is set. Hash it!
- if ($share->getPassword() !== null) {
- $share->setPassword($this->hasher->hash($share->getPassword()));
- }
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
- $share->setToken(
- $this->secureRandom->generate(
- \OC\Share\Constants::TOKEN_LENGTH,
- \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
- )
- );
- }
- // Cannot share with the owner
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER &&
- $share->getSharedWith() === $share->getShareOwner()) {
- throw new \InvalidArgumentException('Can’t share with the share owner');
- }
- // Generate the target
- $target = $this->config->getSystemValue('share_folder', '/') .'/'. $share->getNode()->getName();
- $target = \OC\Files\Filesystem::normalizePath($target);
- $share->setTarget($target);
- // Pre share event
- $event = new GenericEvent($share);
- $a = $this->eventDispatcher->dispatch('OCP\Share::preShare', $event);
- if ($event->isPropagationStopped() && $event->hasArgument('error')) {
- throw new \Exception($event->getArgument('error'));
- }
- $oldShare = $share;
- $provider = $this->factory->getProviderForType($share->getShareType());
- $share = $provider->create($share);
- //reuse the node we already have
- $share->setNode($oldShare->getNode());
- // Post share event
- $event = new GenericEvent($share);
- $this->eventDispatcher->dispatch('OCP\Share::postShare', $event);
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) {
- $mailSend = $share->getMailSend();
- if($mailSend === true) {
- $user = $this->userManager->get($share->getSharedWith());
- if ($user !== null) {
- $emailAddress = $user->getEMailAddress();
- if ($emailAddress !== null && $emailAddress !== '') {
- $userLang = $this->config->getUserValue($share->getSharedWith(), 'core', 'lang', null);
- $l = $this->l10nFactory->get('lib', $userLang);
- $this->sendMailNotification(
- $l,
- $share->getNode()->getName(),
- $this->urlGenerator->linkToRouteAbsolute('files.viewcontroller.showFile', ['fileid' => $share->getNode()->getId()]),
- $share->getSharedBy(),
- $emailAddress,
- $share->getExpirationDate()
- );
- $this->logger->debug('Sent share notification to ' . $emailAddress . ' for share with ID ' . $share->getId(), ['app' => 'share']);
- } else {
- $this->logger->debug('Share notification not sent to ' . $share->getSharedWith() . ' because email address is not set.', ['app' => 'share']);
- }
- } else {
- $this->logger->debug('Share notification not sent to ' . $share->getSharedWith() . ' because user could not be found.', ['app' => 'share']);
- }
- } else {
- $this->logger->debug('Share notification not sent because mailsend is false.', ['app' => 'share']);
- }
- }
- return $share;
- }
- /**
- * Send mail notifications
- *
- * This method will catch and log mail transmission errors
- *
- * @param IL10N $l Language of the recipient
- * @param string $filename file/folder name
- * @param string $link link to the file/folder
- * @param string $initiator user ID of share sender
- * @param string $shareWith email address of share receiver
- * @param \DateTime|null $expiration
- */
- protected function sendMailNotification(IL10N $l,
- $filename,
- $link,
- $initiator,
- $shareWith,
- \DateTime $expiration = null) {
- $initiatorUser = $this->userManager->get($initiator);
- $initiatorDisplayName = ($initiatorUser instanceof IUser) ? $initiatorUser->getDisplayName() : $initiator;
- $message = $this->mailer->createMessage();
- $emailTemplate = $this->mailer->createEMailTemplate('files_sharing.RecipientNotification', [
- 'filename' => $filename,
- 'link' => $link,
- 'initiator' => $initiatorDisplayName,
- 'expiration' => $expiration,
- 'shareWith' => $shareWith,
- ]);
- $emailTemplate->setSubject($l->t('%1$s shared »%2$s« with you', array($initiatorDisplayName, $filename)));
- $emailTemplate->addHeader();
- $emailTemplate->addHeading($l->t('%1$s shared »%2$s« with you', [$initiatorDisplayName, $filename]), false);
- $text = $l->t('%1$s shared »%2$s« with you.', [$initiatorDisplayName, $filename]);
- $emailTemplate->addBodyText(
- htmlspecialchars($text . ' ' . $l->t('Click the button below to open it.')),
- $text
- );
- $emailTemplate->addBodyButton(
- $l->t('Open »%s«', [$filename]),
- $link
- );
- $message->setTo([$shareWith]);
- // The "From" contains the sharers name
- $instanceName = $this->defaults->getName();
- $senderName = $l->t(
- '%1$s via %2$s',
- [
- $initiatorDisplayName,
- $instanceName
- ]
- );
- $message->setFrom([\OCP\Util::getDefaultEmailAddress($instanceName) => $senderName]);
- // The "Reply-To" is set to the sharer if an mail address is configured
- // also the default footer contains a "Do not reply" which needs to be adjusted.
- $initiatorEmail = $initiatorUser->getEMailAddress();
- if($initiatorEmail !== null) {
- $message->setReplyTo([$initiatorEmail => $initiatorDisplayName]);
- $emailTemplate->addFooter($instanceName . ($this->defaults->getSlogan() !== '' ? ' - ' . $this->defaults->getSlogan() : ''));
- } else {
- $emailTemplate->addFooter();
- }
- $message->useTemplate($emailTemplate);
- try {
- $failedRecipients = $this->mailer->send($message);
- if(!empty($failedRecipients)) {
- $this->logger->error('Share notification mail could not be sent to: ' . implode(', ', $failedRecipients));
- return;
- }
- } catch (\Exception $e) {
- $this->logger->logException($e, ['message' => 'Share notification mail could not be sent']);
- }
- }
- /**
- * Update a share
- *
- * @param \OCP\Share\IShare $share
- * @return \OCP\Share\IShare The share object
- * @throws \InvalidArgumentException
- */
- public function updateShare(\OCP\Share\IShare $share) {
- $expirationDateUpdated = false;
- $this->canShare($share);
- try {
- $originalShare = $this->getShareById($share->getFullId());
- } catch (\UnexpectedValueException $e) {
- throw new \InvalidArgumentException('Share does not have a full id');
- }
- // We can't change the share type!
- if ($share->getShareType() !== $originalShare->getShareType()) {
- throw new \InvalidArgumentException('Can’t change share type');
- }
- // We can only change the recipient on user shares
- if ($share->getSharedWith() !== $originalShare->getSharedWith() &&
- $share->getShareType() !== \OCP\Share::SHARE_TYPE_USER) {
- throw new \InvalidArgumentException('Can only update recipient on user shares');
- }
- // Cannot share with the owner
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER &&
- $share->getSharedWith() === $share->getShareOwner()) {
- throw new \InvalidArgumentException('Can’t share with the share owner');
- }
- $this->generalCreateChecks($share);
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) {
- $this->userCreateChecks($share);
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) {
- $this->groupCreateChecks($share);
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
- $this->linkCreateChecks($share);
- $this->updateSharePasswordIfNeeded($share, $originalShare);
- if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
- //Verify the expiration date
- $this->validateExpirationDate($share);
- $expirationDateUpdated = true;
- }
- } else if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
- // The new password is not set again if it is the same as the old
- // one, unless when switching from sending by Talk to sending by
- // mail.
- $plainTextPassword = $share->getPassword();
- if (!empty($plainTextPassword) && !$this->updateSharePasswordIfNeeded($share, $originalShare) &&
- !($originalShare->getSendPasswordByTalk() && !$share->getSendPasswordByTalk())) {
- $plainTextPassword = null;
- }
- if (empty($plainTextPassword) && !$originalShare->getSendPasswordByTalk() && $share->getSendPasswordByTalk()) {
- // If the same password was already sent by mail the recipient
- // would already have access to the share without having to call
- // the sharer to verify her identity
- throw new \InvalidArgumentException('Can’t enable sending the password by Talk without setting a new password');
- }
- }
- $this->pathCreateChecks($share->getNode());
- // Now update the share!
- $provider = $this->factory->getProviderForType($share->getShareType());
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_EMAIL) {
- $share = $provider->update($share, $plainTextPassword);
- } else {
- $share = $provider->update($share);
- }
- if ($expirationDateUpdated === true) {
- \OC_Hook::emit(Share::class, 'post_set_expiration_date', [
- 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
- 'itemSource' => $share->getNode()->getId(),
- 'date' => $share->getExpirationDate(),
- 'uidOwner' => $share->getSharedBy(),
- ]);
- }
- if ($share->getPassword() !== $originalShare->getPassword()) {
- \OC_Hook::emit(Share::class, 'post_update_password', [
- 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
- 'itemSource' => $share->getNode()->getId(),
- 'uidOwner' => $share->getSharedBy(),
- 'token' => $share->getToken(),
- 'disabled' => is_null($share->getPassword()),
- ]);
- }
- if ($share->getPermissions() !== $originalShare->getPermissions()) {
- if ($this->userManager->userExists($share->getShareOwner())) {
- $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
- } else {
- $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
- }
- \OC_Hook::emit(Share::class, 'post_update_permissions', array(
- 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
- 'itemSource' => $share->getNode()->getId(),
- 'shareType' => $share->getShareType(),
- 'shareWith' => $share->getSharedWith(),
- 'uidOwner' => $share->getSharedBy(),
- 'permissions' => $share->getPermissions(),
- 'path' => $userFolder->getRelativePath($share->getNode()->getPath()),
- ));
- }
- return $share;
- }
- /**
- * Updates the password of the given share if it is not the same as the
- * password of the original share.
- *
- * @param \OCP\Share\IShare $share the share to update its password.
- * @param \OCP\Share\IShare $originalShare the original share to compare its
- * password with.
- * @return boolean whether the password was updated or not.
- */
- private function updateSharePasswordIfNeeded(\OCP\Share\IShare $share, \OCP\Share\IShare $originalShare) {
- // Password updated.
- if ($share->getPassword() !== $originalShare->getPassword()) {
- //Verify the password
- $this->verifyPassword($share->getPassword());
- // If a password is set. Hash it!
- if ($share->getPassword() !== null) {
- $share->setPassword($this->hasher->hash($share->getPassword()));
- return true;
- }
- }
- return false;
- }
- /**
- * Delete all the children of this share
- * FIXME: remove once https://github.com/owncloud/core/pull/21660 is in
- *
- * @param \OCP\Share\IShare $share
- * @return \OCP\Share\IShare[] List of deleted shares
- */
- protected function deleteChildren(\OCP\Share\IShare $share) {
- $deletedShares = [];
- $provider = $this->factory->getProviderForType($share->getShareType());
- foreach ($provider->getChildren($share) as $child) {
- $deletedChildren = $this->deleteChildren($child);
- $deletedShares = array_merge($deletedShares, $deletedChildren);
- $provider->delete($child);
- $deletedShares[] = $child;
- }
- return $deletedShares;
- }
- /**
- * Delete a share
- *
- * @param \OCP\Share\IShare $share
- * @throws ShareNotFound
- * @throws \InvalidArgumentException
- */
- public function deleteShare(\OCP\Share\IShare $share) {
- try {
- $share->getFullId();
- } catch (\UnexpectedValueException $e) {
- throw new \InvalidArgumentException('Share does not have a full id');
- }
- $event = new GenericEvent($share);
- $this->eventDispatcher->dispatch('OCP\Share::preUnshare', $event);
- // Get all children and delete them as well
- $deletedShares = $this->deleteChildren($share);
- // Do the actual delete
- $provider = $this->factory->getProviderForType($share->getShareType());
- $provider->delete($share);
- // All the deleted shares caused by this delete
- $deletedShares[] = $share;
- // Emit post hook
- $event->setArgument('deletedShares', $deletedShares);
- $this->eventDispatcher->dispatch('OCP\Share::postUnshare', $event);
- }
- /**
- * Unshare a file as the recipient.
- * This can be different from a regular delete for example when one of
- * the users in a groups deletes that share. But the provider should
- * handle this.
- *
- * @param \OCP\Share\IShare $share
- * @param string $recipientId
- */
- public function deleteFromSelf(\OCP\Share\IShare $share, $recipientId) {
- list($providerId, ) = $this->splitFullId($share->getFullId());
- $provider = $this->factory->getProvider($providerId);
- $provider->deleteFromSelf($share, $recipientId);
- $event = new GenericEvent($share);
- $this->eventDispatcher->dispatch('OCP\Share::postUnshareFromSelf', $event);
- }
- public function restoreShare(IShare $share, string $recipientId): IShare {
- list($providerId, ) = $this->splitFullId($share->getFullId());
- $provider = $this->factory->getProvider($providerId);
- return $provider->restore($share, $recipientId);
- }
- /**
- * @inheritdoc
- */
- public function moveShare(\OCP\Share\IShare $share, $recipientId) {
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
- throw new \InvalidArgumentException('Can’t change target of link share');
- }
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && $share->getSharedWith() !== $recipientId) {
- throw new \InvalidArgumentException('Invalid recipient');
- }
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) {
- $sharedWith = $this->groupManager->get($share->getSharedWith());
- if (is_null($sharedWith)) {
- throw new \InvalidArgumentException('Group "' . $share->getSharedWith() . '" does not exist');
- }
- $recipient = $this->userManager->get($recipientId);
- if (!$sharedWith->inGroup($recipient)) {
- throw new \InvalidArgumentException('Invalid recipient');
- }
- }
- list($providerId, ) = $this->splitFullId($share->getFullId());
- $provider = $this->factory->getProvider($providerId);
- $provider->move($share, $recipientId);
- }
- public function getSharesInFolder($userId, Folder $node, $reshares = false) {
- $providers = $this->factory->getAllProviders();
- return array_reduce($providers, function($shares, IShareProvider $provider) use ($userId, $node, $reshares) {
- $newShares = $provider->getSharesInFolder($userId, $node, $reshares);
- foreach ($newShares as $fid => $data) {
- if (!isset($shares[$fid])) {
- $shares[$fid] = [];
- }
- $shares[$fid] = array_merge($shares[$fid], $data);
- }
- return $shares;
- }, []);
- }
- /**
- * @inheritdoc
- */
- public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0) {
- if ($path !== null &&
- !($path instanceof \OCP\Files\File) &&
- !($path instanceof \OCP\Files\Folder)) {
- throw new \InvalidArgumentException('invalid path');
- }
- try {
- $provider = $this->factory->getProviderForType($shareType);
- } catch (ProviderException $e) {
- return [];
- }
- $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset);
- /*
- * Work around so we don't return expired shares but still follow
- * proper pagination.
- */
- $shares2 = [];
- while(true) {
- $added = 0;
- foreach ($shares as $share) {
- try {
- $this->checkExpireDate($share);
- } catch (ShareNotFound $e) {
- //Ignore since this basically means the share is deleted
- continue;
- }
- $added++;
- $shares2[] = $share;
- if (count($shares2) === $limit) {
- break;
- }
- }
- // If we did not fetch more shares than the limit then there are no more shares
- if (count($shares) < $limit) {
- break;
- }
- if (count($shares2) === $limit) {
- break;
- }
- // If there was no limit on the select we are done
- if ($limit === -1) {
- break;
- }
- $offset += $added;
- // Fetch again $limit shares
- $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset);
- // No more shares means we are done
- if (empty($shares)) {
- break;
- }
- }
- $shares = $shares2;
- return $shares;
- }
- /**
- * @inheritdoc
- */
- public function getSharedWith($userId, $shareType, $node = null, $limit = 50, $offset = 0) {
- try {
- $provider = $this->factory->getProviderForType($shareType);
- } catch (ProviderException $e) {
- return [];
- }
- $shares = $provider->getSharedWith($userId, $shareType, $node, $limit, $offset);
- // remove all shares which are already expired
- foreach ($shares as $key => $share) {
- try {
- $this->checkExpireDate($share);
- } catch (ShareNotFound $e) {
- unset($shares[$key]);
- }
- }
- return $shares;
- }
- /**
- * @inheritdoc
- */
- public function getDeletedSharedWith($userId, $shareType, $node = null, $limit = 50, $offset = 0) {
- $shares = $this->getSharedWith($userId, $shareType, $node, $limit, $offset);
- // Only get deleted shares
- $shares = array_filter($shares, function(IShare $share) {
- return $share->getPermissions() === 0;
- });
- // Only get shares where the owner still exists
- $shares = array_filter($shares, function (IShare $share) {
- return $this->userManager->userExists($share->getShareOwner());
- });
- return $shares;
- }
- /**
- * @inheritdoc
- */
- public function getShareById($id, $recipient = null) {
- if ($id === null) {
- throw new ShareNotFound();
- }
- list($providerId, $id) = $this->splitFullId($id);
- try {
- $provider = $this->factory->getProvider($providerId);
- } catch (ProviderException $e) {
- throw new ShareNotFound();
- }
- $share = $provider->getShareById($id, $recipient);
- $this->checkExpireDate($share);
- return $share;
- }
- /**
- * Get all the shares for a given path
- *
- * @param \OCP\Files\Node $path
- * @param int $page
- * @param int $perPage
- *
- * @return Share[]
- */
- public function getSharesByPath(\OCP\Files\Node $path, $page=0, $perPage=50) {
- return [];
- }
- /**
- * Get the share by token possible with password
- *
- * @param string $token
- * @return Share
- *
- * @throws ShareNotFound
- */
- public function getShareByToken($token) {
- // tokens can't be valid local user names
- if ($this->userManager->userExists($token)) {
- throw new ShareNotFound();
- }
- $share = null;
- try {
- if($this->shareApiAllowLinks()) {
- $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_LINK);
- $share = $provider->getShareByToken($token);
- }
- } catch (ProviderException $e) {
- } catch (ShareNotFound $e) {
- }
- // If it is not a link share try to fetch a federated share by token
- if ($share === null) {
- try {
- $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_REMOTE);
- $share = $provider->getShareByToken($token);
- } catch (ProviderException $e) {
- } catch (ShareNotFound $e) {
- }
- }
- // If it is not a link share try to fetch a mail share by token
- if ($share === null && $this->shareProviderExists(\OCP\Share::SHARE_TYPE_EMAIL)) {
- try {
- $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_EMAIL);
- $share = $provider->getShareByToken($token);
- } catch (ProviderException $e) {
- } catch (ShareNotFound $e) {
- }
- }
- if ($share === null && $this->shareProviderExists(\OCP\Share::SHARE_TYPE_CIRCLE)) {
- try {
- $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_CIRCLE);
- $share = $provider->getShareByToken($token);
- } catch (ProviderException $e) {
- } catch (ShareNotFound $e) {
- }
- }
- if ($share === null && $this->shareProviderExists(\OCP\Share::SHARE_TYPE_ROOM)) {
- try {
- $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_ROOM);
- $share = $provider->getShareByToken($token);
- } catch (ProviderException $e) {
- } catch (ShareNotFound $e) {
- }
- }
- if ($share === null) {
- throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
- }
- $this->checkExpireDate($share);
- /*
- * Reduce the permissions for link shares if public upload is not enabled
- */
- if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK &&
- !$this->shareApiLinkAllowPublicUpload()) {
- $share->setPermissions($share->getPermissions() & ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE));
- }
- return $share;
- }
- protected function checkExpireDate($share) {
- if ($share->getExpirationDate() !== null &&
- $share->getExpirationDate() <= new \DateTime()) {
- $this->deleteShare($share);
- throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
- }
- }
- /**
- * Verify the password of a public share
- *
- * @param \OCP\Share\IShare $share
- * @param string $password
- * @return bool
- */
- public function checkPassword(\OCP\Share\IShare $share, $password) {
- $passwordProtected = $share->getShareType() !== \OCP\Share::SHARE_TYPE_LINK
- || $share->getShareType() !== \OCP\Share::SHARE_TYPE_EMAIL;
- if (!$passwordProtected) {
- //TODO maybe exception?
- return false;
- }
- if ($password === null || $share->getPassword() === null) {
- return false;
- }
- $newHash = '';
- if (!$this->hasher->verify($password, $share->getPassword(), $newHash)) {
- return false;
- }
- if (!empty($newHash)) {
- $share->setPassword($newHash);
- $provider = $this->factory->getProviderForType($share->getShareType());
- $provider->update($share);
- }
- return true;
- }
- /**
- * @inheritdoc
- */
- public function userDeleted($uid) {
- $types = [\OCP\Share::SHARE_TYPE_USER, \OCP\Share::SHARE_TYPE_GROUP, \OCP\Share::SHARE_TYPE_LINK, \OCP\Share::SHARE_TYPE_REMOTE, \OCP\Share::SHARE_TYPE_EMAIL];
- foreach ($types as $type) {
- try {
- $provider = $this->factory->getProviderForType($type);
- } catch (ProviderException $e) {
- continue;
- }
- $provider->userDeleted($uid, $type);
- }
- }
- /**
- * @inheritdoc
- */
- public function groupDeleted($gid) {
- $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_GROUP);
- $provider->groupDeleted($gid);
- }
- /**
- * @inheritdoc
- */
- public function userDeletedFromGroup($uid, $gid) {
- $provider = $this->factory->getProviderForType(\OCP\Share::SHARE_TYPE_GROUP);
- $provider->userDeletedFromGroup($uid, $gid);
- }
- /**
- * Get access list to a path. This means
- * all the users that can access a given path.
- *
- * Consider:
- * -root
- * |-folder1 (23)
- * |-folder2 (32)
- * |-fileA (42)
- *
- * fileA is shared with user1 and user1@server1
- * folder2 is shared with group2 (user4 is a member of group2)
- * folder1 is shared with user2 (renamed to "folder (1)") and user2@server2
- *
- * Then the access list to '/folder1/folder2/fileA' with $currentAccess is:
- * [
- * users => [
- * 'user1' => ['node_id' => 42, 'node_path' => '/fileA'],
- * 'user4' => ['node_id' => 32, 'node_path' => '/folder2'],
- * 'user2' => ['node_id' => 23, 'node_path' => '/folder (1)'],
- * ],
- * remote => [
- * 'user1@server1' => ['node_id' => 42, 'token' => 'SeCr3t'],
- * 'user2@server2' => ['node_id' => 23, 'token' => 'FooBaR'],
- * ],
- * public => bool
- * mail => bool
- * ]
- *
- * The access list to '/folder1/folder2/fileA' **without** $currentAccess is:
- * [
- * users => ['user1', 'user2', 'user4'],
- * remote => bool,
- * public => bool
- * mail => bool
- * ]
- *
- * This is required for encryption/activity
- *
- * @param \OCP\Files\Node $path
- * @param bool $recursive Should we check all parent folders as well
- * @param bool $currentAccess Ensure the recipient has access to the file (e.g. did not unshare it)
- * @return array
- */
- public function getAccessList(\OCP\Files\Node $path, $recursive = true, $currentAccess = false) {
- $owner = $path->getOwner()->getUID();
- if ($currentAccess) {
- $al = ['users' => [], 'remote' => [], 'public' => false];
- } else {
- $al = ['users' => [], 'remote' => false, 'public' => false];
- }
- if (!$this->userManager->userExists($owner)) {
- return $al;
- }
- //Get node for the owner and correct the owner in case of external storages
- $userFolder = $this->rootFolder->getUserFolder($owner);
- if ($path->getId() !== $userFolder->getId() && !$userFolder->isSubNode($path)) {
- $nodes = $userFolder->getById($path->getId());
- $path = array_shift($nodes);
- $owner = $path->getOwner()->getUID();
- }
- $providers = $this->factory->getAllProviders();
- /** @var Node[] $nodes */
- $nodes = [];
- if ($currentAccess) {
- $ownerPath = $path->getPath();
- $ownerPath = explode('/', $ownerPath, 4);
- if (count($ownerPath) < 4) {
- $ownerPath = '';
- } else {
- $ownerPath = $ownerPath[3];
- }
- $al['users'][$owner] = [
- 'node_id' => $path->getId(),
- 'node_path' => '/' . $ownerPath,
- ];
- } else {
- $al['users'][] = $owner;
- }
- // Collect all the shares
- while ($path->getPath() !== $userFolder->getPath()) {
- $nodes[] = $path;
- if (!$recursive) {
- break;
- }
- $path = $path->getParent();
- }
- foreach ($providers as $provider) {
- $tmp = $provider->getAccessList($nodes, $currentAccess);
- foreach ($tmp as $k => $v) {
- if (isset($al[$k])) {
- if (is_array($al[$k])) {
- if ($currentAccess) {
- $al[$k] += $v;
- } else {
- $al[$k] = array_merge($al[$k], $v);
- $al[$k] = array_unique($al[$k]);
- $al[$k] = array_values($al[$k]);
- }
- } else {
- $al[$k] = $al[$k] || $v;
- }
- } else {
- $al[$k] = $v;
- }
- }
- }
- return $al;
- }
- /**
- * Create a new share
- * @return \OCP\Share\IShare
- */
- public function newShare() {
- return new \OC\Share20\Share($this->rootFolder, $this->userManager);
- }
- /**
- * Is the share API enabled
- *
- * @return bool
- */
- public function shareApiEnabled() {
- return $this->config->getAppValue('core', 'shareapi_enabled', 'yes') === 'yes';
- }
- /**
- * Is public link sharing enabled
- *
- * @return bool
- */
- public function shareApiAllowLinks() {
- return $this->config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes';
- }
- /**
- * Is password on public link requires
- *
- * @return bool
- */
- public function shareApiLinkEnforcePassword() {
- return $this->config->getAppValue('core', 'shareapi_enforce_links_password', 'no') === 'yes';
- }
- /**
- * Is default expire date enabled
- *
- * @return bool
- */
- public function shareApiLinkDefaultExpireDate() {
- return $this->config->getAppValue('core', 'shareapi_default_expire_date', 'no') === 'yes';
- }
- /**
- * Is default expire date enforced
- *`
- * @return bool
- */
- public function shareApiLinkDefaultExpireDateEnforced() {
- return $this->shareApiLinkDefaultExpireDate() &&
- $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes';
- }
- /**
- * Number of default expire days
- *shareApiLinkAllowPublicUpload
- * @return int
- */
- public function shareApiLinkDefaultExpireDays() {
- return (int)$this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7');
- }
- /**
- * Allow public upload on link shares
- *
- * @return bool
- */
- public function shareApiLinkAllowPublicUpload() {
- return $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes') === 'yes';
- }
- /**
- * check if user can only share with group members
- * @return bool
- */
- public function shareWithGroupMembersOnly() {
- return $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
- }
- /**
- * Check if users can share with groups
- * @return bool
- */
- public function allowGroupSharing() {
- return $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes') === 'yes';
- }
- /**
- * Copied from \OC_Util::isSharingDisabledForUser
- *
- * TODO: Deprecate fuction from OC_Util
- *
- * @param string $userId
- * @return bool
- */
- public function sharingDisabledForUser($userId) {
- if ($userId === null) {
- return false;
- }
- if (isset($this->sharingDisabledForUsersCache[$userId])) {
- return $this->sharingDisabledForUsersCache[$userId];
- }
- if ($this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') {
- $groupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
- $excludedGroups = json_decode($groupsList);
- if (is_null($excludedGroups)) {
- $excludedGroups = explode(',', $groupsList);
- $newValue = json_encode($excludedGroups);
- $this->config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue);
- }
- $user = $this->userManager->get($userId);
- $usersGroups = $this->groupManager->getUserGroupIds($user);
- if (!empty($usersGroups)) {
- $remainingGroups = array_diff($usersGroups, $excludedGroups);
- // if the user is only in groups which are disabled for sharing then
- // sharing is also disabled for the user
- if (empty($remainingGroups)) {
- $this->sharingDisabledForUsersCache[$userId] = true;
- return true;
- }
- }
- }
- $this->sharingDisabledForUsersCache[$userId] = false;
- return false;
- }
- /**
- * @inheritdoc
- */
- public function outgoingServer2ServerSharesAllowed() {
- return $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'yes';
- }
- /**
- * @inheritdoc
- */
- public function outgoingServer2ServerGroupSharesAllowed() {
- return $this->config->getAppValue('files_sharing', 'outgoing_server2server_group_share_enabled', 'no') === 'yes';
- }
- /**
- * @inheritdoc
- */
- public function shareProviderExists($shareType) {
- try {
- $this->factory->getProviderForType($shareType);
- } catch (ProviderException $e) {
- return false;
- }
- return true;
- }
- }
|