Manager.php 58 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697989910010110210310410510610710810911011111211311411511611711811912012112212312412512612712812913013113213313413513613713813914014114214314414514614714814915015115215315415515615715815916016116216316416516616716816917017117217317417517617717817918018118218318418518618718818919019119219319419519619719819920020120220320420520620720820921021121221321421521621721821922022122222322422522622722822923023123223323423523623723823924024124224324424524624724824925025125225325425525625725825926026126226326426526626726826927027127227327427527627727827928028128228328428528628728828929029129229329429529629729829930030130230330430530630730830931031131231331431531631731831932032132232332432532632732832933033133233333433533633733833934034134234334434534634734834935035135235335435535635735835936036136236336436536636736836937037137237337437537637737837938038138238338438538638738838939039139239339439539639739839940040140240340440540640740840941041141241341441541641741841942042142242342442542642742842943043143243343443543643743843944044144244344444544644744844945045145245345445545645745845946046146246346446546646746846947047147247347447547647747847948048148248348448548648748848949049149249349449549649749849950050150250350450550650750850951051151251351451551651751851952052152252352452552652752852953053153253353453553653753853954054154254354454554654754854955055155255355455555655755855956056156256356456556656756856957057157257357457557657757857958058158258358458558658758858959059159259359459559659759859960060160260360460560660760860961061161261361461561661761861962062162262362462562662762862963063163263363463563663763863964064164264364464564664764864965065165265365465565665765865966066166266366466566666766866967067167267367467567667767867968068168268368468568668768868969069169269369469569669769869970070170270370470570670770870971071171271371471571671771871972072172272372472572672772872973073173273373473573673773873974074174274374474574674774874975075175275375475575675775875976076176276376476576676776876977077177277377477577677777877978078178278378478578678778878979079179279379479579679779879980080180280380480580680780880981081181281381481581681781881982082182282382482582682782882983083183283383483583683783883984084184284384484584684784884985085185285385485585685785885986086186286386486586686786886987087187287387487587687787887988088188288388488588688788888989089189289389489589689789889990090190290390490590690790890991091191291391491591691791891992092192292392492592692792892993093193293393493593693793893994094194294394494594694794894995095195295395495595695795895996096196296396496596696796896997097197297397497597697797897998098198298398498598698798898999099199299399499599699799899910001001100210031004100510061007100810091010101110121013101410151016101710181019102010211022102310241025102610271028102910301031103210331034103510361037103810391040104110421043104410451046104710481049105010511052105310541055105610571058105910601061106210631064106510661067106810691070107110721073107410751076107710781079108010811082108310841085108610871088108910901091109210931094109510961097109810991100110111021103110411051106110711081109111011111112111311141115111611171118111911201121112211231124112511261127112811291130113111321133113411351136113711381139114011411142114311441145114611471148114911501151115211531154115511561157115811591160116111621163116411651166116711681169117011711172117311741175117611771178117911801181118211831184118511861187118811891190119111921193119411951196119711981199120012011202120312041205120612071208120912101211121212131214121512161217121812191220122112221223122412251226122712281229123012311232123312341235123612371238123912401241124212431244124512461247124812491250125112521253125412551256125712581259126012611262126312641265126612671268126912701271127212731274127512761277127812791280128112821283128412851286128712881289129012911292129312941295129612971298129913001301130213031304130513061307130813091310131113121313131413151316131713181319132013211322132313241325132613271328132913301331133213331334133513361337133813391340134113421343134413451346134713481349135013511352135313541355135613571358135913601361136213631364136513661367136813691370137113721373137413751376137713781379138013811382138313841385138613871388138913901391139213931394139513961397139813991400140114021403140414051406140714081409141014111412141314141415141614171418141914201421142214231424142514261427142814291430143114321433143414351436143714381439144014411442144314441445144614471448144914501451145214531454145514561457145814591460146114621463146414651466146714681469147014711472147314741475147614771478147914801481148214831484148514861487148814891490149114921493149414951496149714981499150015011502150315041505150615071508150915101511151215131514151515161517151815191520152115221523152415251526152715281529153015311532153315341535153615371538153915401541154215431544154515461547154815491550155115521553155415551556155715581559156015611562156315641565156615671568156915701571157215731574157515761577157815791580158115821583158415851586158715881589159015911592159315941595159615971598159916001601160216031604160516061607160816091610161116121613161416151616161716181619162016211622162316241625162616271628162916301631163216331634163516361637163816391640164116421643164416451646164716481649165016511652165316541655165616571658165916601661166216631664166516661667166816691670167116721673167416751676167716781679168016811682168316841685168616871688168916901691169216931694169516961697169816991700170117021703170417051706170717081709171017111712171317141715171617171718171917201721172217231724172517261727172817291730173117321733173417351736173717381739174017411742174317441745174617471748174917501751175217531754175517561757175817591760176117621763176417651766176717681769177017711772177317741775177617771778177917801781178217831784178517861787178817891790179117921793179417951796179717981799180018011802180318041805180618071808180918101811181218131814181518161817181818191820182118221823182418251826182718281829183018311832183318341835183618371838183918401841184218431844184518461847184818491850185118521853185418551856185718581859186018611862186318641865186618671868186918701871187218731874187518761877187818791880188118821883
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OC\Share20;
  8. use OC\Files\Mount\MoveableMount;
  9. use OC\KnownUser\KnownUserService;
  10. use OC\Share20\Exception\ProviderException;
  11. use OCA\Files_Sharing\AppInfo\Application;
  12. use OCP\EventDispatcher\IEventDispatcher;
  13. use OCP\Files\File;
  14. use OCP\Files\Folder;
  15. use OCP\Files\IRootFolder;
  16. use OCP\Files\Mount\IMountManager;
  17. use OCP\Files\Node;
  18. use OCP\HintException;
  19. use OCP\IConfig;
  20. use OCP\IDateTimeZone;
  21. use OCP\IGroupManager;
  22. use OCP\IL10N;
  23. use OCP\IURLGenerator;
  24. use OCP\IUser;
  25. use OCP\IUserManager;
  26. use OCP\IUserSession;
  27. use OCP\L10N\IFactory;
  28. use OCP\Mail\IMailer;
  29. use OCP\Security\Events\ValidatePasswordPolicyEvent;
  30. use OCP\Security\IHasher;
  31. use OCP\Security\ISecureRandom;
  32. use OCP\Share;
  33. use OCP\Share\Events\BeforeShareDeletedEvent;
  34. use OCP\Share\Events\ShareAcceptedEvent;
  35. use OCP\Share\Events\ShareCreatedEvent;
  36. use OCP\Share\Events\ShareDeletedEvent;
  37. use OCP\Share\Events\ShareDeletedFromSelfEvent;
  38. use OCP\Share\Exceptions\AlreadySharedException;
  39. use OCP\Share\Exceptions\GenericShareException;
  40. use OCP\Share\Exceptions\ShareNotFound;
  41. use OCP\Share\IManager;
  42. use OCP\Share\IProviderFactory;
  43. use OCP\Share\IShare;
  44. use OCP\Share\IShareProvider;
  45. use OCP\Share\IShareProviderWithNotification;
  46. use Psr\Log\LoggerInterface;
  47. /**
  48. * This class is the communication hub for all sharing related operations.
  49. */
  50. class Manager implements IManager {
  51. private IL10N|null $l;
  52. private LegacyHooks $legacyHooks;
  53. public function __construct(
  54. private LoggerInterface $logger,
  55. private IConfig $config,
  56. private ISecureRandom $secureRandom,
  57. private IHasher $hasher,
  58. private IMountManager $mountManager,
  59. private IGroupManager $groupManager,
  60. private IFactory $l10nFactory,
  61. private IProviderFactory $factory,
  62. private IUserManager $userManager,
  63. private IRootFolder $rootFolder,
  64. private IMailer $mailer,
  65. private IURLGenerator $urlGenerator,
  66. private \OC_Defaults $defaults,
  67. private IEventDispatcher $dispatcher,
  68. private IUserSession $userSession,
  69. private KnownUserService $knownUserService,
  70. private ShareDisableChecker $shareDisableChecker,
  71. private IDateTimeZone $dateTimeZone
  72. ) {
  73. $this->l = $this->l10nFactory->get('lib');
  74. // The constructor of LegacyHooks registers the listeners of share events
  75. // do not remove if those are not properly migrated
  76. $this->legacyHooks = new LegacyHooks($this->dispatcher);
  77. }
  78. /**
  79. * Convert from a full share id to a tuple (providerId, shareId)
  80. *
  81. * @param string $id
  82. * @return string[]
  83. */
  84. private function splitFullId($id) {
  85. return explode(':', $id, 2);
  86. }
  87. /**
  88. * Verify if a password meets all requirements
  89. *
  90. * @param string $password
  91. * @throws \Exception
  92. */
  93. protected function verifyPassword($password) {
  94. if ($password === null) {
  95. // No password is set, check if this is allowed.
  96. if ($this->shareApiLinkEnforcePassword()) {
  97. throw new \InvalidArgumentException('Passwords are enforced for link and mail shares');
  98. }
  99. return;
  100. }
  101. // Let others verify the password
  102. try {
  103. $this->dispatcher->dispatchTyped(new ValidatePasswordPolicyEvent($password));
  104. } catch (HintException $e) {
  105. throw new \Exception($e->getHint());
  106. }
  107. }
  108. /**
  109. * Check for generic requirements before creating a share
  110. *
  111. * @param IShare $share
  112. * @throws \InvalidArgumentException
  113. * @throws GenericShareException
  114. *
  115. * @suppress PhanUndeclaredClassMethod
  116. */
  117. protected function generalCreateChecks(IShare $share, bool $isUpdate = false) {
  118. if ($share->getShareType() === IShare::TYPE_USER) {
  119. // We expect a valid user as sharedWith for user shares
  120. if (!$this->userManager->userExists($share->getSharedWith())) {
  121. throw new \InvalidArgumentException('SharedWith is not a valid user');
  122. }
  123. } elseif ($share->getShareType() === IShare::TYPE_GROUP) {
  124. // We expect a valid group as sharedWith for group shares
  125. if (!$this->groupManager->groupExists($share->getSharedWith())) {
  126. throw new \InvalidArgumentException('SharedWith is not a valid group');
  127. }
  128. } elseif ($share->getShareType() === IShare::TYPE_LINK) {
  129. // No check for TYPE_EMAIL here as we have a recipient for them
  130. if ($share->getSharedWith() !== null) {
  131. throw new \InvalidArgumentException('SharedWith should be empty');
  132. }
  133. } elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
  134. if ($share->getSharedWith() === null) {
  135. throw new \InvalidArgumentException('SharedWith should not be empty');
  136. }
  137. } elseif ($share->getShareType() === IShare::TYPE_REMOTE) {
  138. if ($share->getSharedWith() === null) {
  139. throw new \InvalidArgumentException('SharedWith should not be empty');
  140. }
  141. } elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
  142. if ($share->getSharedWith() === null) {
  143. throw new \InvalidArgumentException('SharedWith should not be empty');
  144. }
  145. } elseif ($share->getShareType() === IShare::TYPE_CIRCLE) {
  146. $circle = \OCA\Circles\Api\v1\Circles::detailsCircle($share->getSharedWith());
  147. if ($circle === null) {
  148. throw new \InvalidArgumentException('SharedWith is not a valid circle');
  149. }
  150. } elseif ($share->getShareType() === IShare::TYPE_ROOM) {
  151. } elseif ($share->getShareType() === IShare::TYPE_DECK) {
  152. } elseif ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
  153. } else {
  154. // We cannot handle other types yet
  155. throw new \InvalidArgumentException('unknown share type');
  156. }
  157. // Verify the initiator of the share is set
  158. if ($share->getSharedBy() === null) {
  159. throw new \InvalidArgumentException('SharedBy should be set');
  160. }
  161. // Cannot share with yourself
  162. if ($share->getShareType() === IShare::TYPE_USER &&
  163. $share->getSharedWith() === $share->getSharedBy()) {
  164. throw new \InvalidArgumentException('Cannot share with yourself');
  165. }
  166. // The path should be set
  167. if ($share->getNode() === null) {
  168. throw new \InvalidArgumentException('Path should be set');
  169. }
  170. // And it should be a file or a folder
  171. if (!($share->getNode() instanceof \OCP\Files\File) &&
  172. !($share->getNode() instanceof \OCP\Files\Folder)) {
  173. throw new \InvalidArgumentException('Path should be either a file or a folder');
  174. }
  175. // And you cannot share your rootfolder
  176. if ($this->userManager->userExists($share->getSharedBy())) {
  177. $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
  178. } else {
  179. $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
  180. }
  181. if ($userFolder->getId() === $share->getNode()->getId()) {
  182. throw new \InvalidArgumentException('You cannot share your root folder');
  183. }
  184. // Check if we actually have share permissions
  185. if (!$share->getNode()->isShareable()) {
  186. $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getName()]);
  187. throw new GenericShareException($message_t, $message_t, 404);
  188. }
  189. // Permissions should be set
  190. if ($share->getPermissions() === null) {
  191. throw new \InvalidArgumentException('A share requires permissions');
  192. }
  193. $permissions = 0;
  194. $nodesForUser = $userFolder->getById($share->getNodeId());
  195. foreach ($nodesForUser as $node) {
  196. if ($node->getInternalPath() === '' && !$node->getMountPoint() instanceof MoveableMount) {
  197. // for the root of non-movable mount, the permissions we see if limited by the mount itself,
  198. // so we instead use the "raw" permissions from the storage
  199. $permissions |= $node->getStorage()->getPermissions('');
  200. } else {
  201. $permissions |= $node->getPermissions();
  202. }
  203. }
  204. // Check that we do not share with more permissions than we have
  205. if ($share->getPermissions() & ~$permissions) {
  206. $path = $userFolder->getRelativePath($share->getNode()->getPath());
  207. $message_t = $this->l->t('Cannot increase permissions of %s', [$path]);
  208. throw new GenericShareException($message_t, $message_t, 404);
  209. }
  210. // Check that read permissions are always set
  211. // Link shares are allowed to have no read permissions to allow upload to hidden folders
  212. $noReadPermissionRequired = $share->getShareType() === IShare::TYPE_LINK
  213. || $share->getShareType() === IShare::TYPE_EMAIL;
  214. if (!$noReadPermissionRequired &&
  215. ($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) {
  216. throw new \InvalidArgumentException('Shares need at least read permissions');
  217. }
  218. if ($share->getNode() instanceof \OCP\Files\File) {
  219. if ($share->getPermissions() & \OCP\Constants::PERMISSION_DELETE) {
  220. $message_t = $this->l->t('Files cannot be shared with delete permissions');
  221. throw new GenericShareException($message_t);
  222. }
  223. if ($share->getPermissions() & \OCP\Constants::PERMISSION_CREATE) {
  224. $message_t = $this->l->t('Files cannot be shared with create permissions');
  225. throw new GenericShareException($message_t);
  226. }
  227. }
  228. }
  229. /**
  230. * Validate if the expiration date fits the system settings
  231. *
  232. * @param IShare $share The share to validate the expiration date of
  233. * @return IShare The modified share object
  234. * @throws GenericShareException
  235. * @throws \InvalidArgumentException
  236. * @throws \Exception
  237. */
  238. protected function validateExpirationDateInternal(IShare $share) {
  239. $isRemote = $share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP;
  240. $expirationDate = $share->getExpirationDate();
  241. if ($isRemote) {
  242. $defaultExpireDate = $this->shareApiRemoteDefaultExpireDate();
  243. $defaultExpireDays = $this->shareApiRemoteDefaultExpireDays();
  244. $configProp = 'remote_defaultExpDays';
  245. $isEnforced = $this->shareApiRemoteDefaultExpireDateEnforced();
  246. } else {
  247. $defaultExpireDate = $this->shareApiInternalDefaultExpireDate();
  248. $defaultExpireDays = $this->shareApiInternalDefaultExpireDays();
  249. $configProp = 'internal_defaultExpDays';
  250. $isEnforced = $this->shareApiInternalDefaultExpireDateEnforced();
  251. }
  252. // If $expirationDate is falsy, noExpirationDate is true and expiration not enforced
  253. // Then skip expiration date validation as null is accepted
  254. if(!$share->getNoExpirationDate() || $isEnforced) {
  255. if ($expirationDate !== null) {
  256. $expirationDate->setTimezone($this->dateTimeZone->getTimeZone());
  257. $expirationDate->setTime(0, 0, 0);
  258. $date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
  259. $date->setTime(0, 0, 0);
  260. if ($date >= $expirationDate) {
  261. $message = $this->l->t('Expiration date is in the past');
  262. throw new GenericShareException($message, $message, 404);
  263. }
  264. }
  265. // If expiredate is empty set a default one if there is a default
  266. $fullId = null;
  267. try {
  268. $fullId = $share->getFullId();
  269. } catch (\UnexpectedValueException $e) {
  270. // This is a new share
  271. }
  272. if ($fullId === null && $expirationDate === null && $defaultExpireDate) {
  273. $expirationDate = new \DateTime('now', $this->dateTimeZone->getTimeZone());
  274. $expirationDate->setTime(0, 0, 0);
  275. $days = (int)$this->config->getAppValue('core', $configProp, (string)$defaultExpireDays);
  276. if ($days > $defaultExpireDays) {
  277. $days = $defaultExpireDays;
  278. }
  279. $expirationDate->add(new \DateInterval('P' . $days . 'D'));
  280. }
  281. // If we enforce the expiration date check that is does not exceed
  282. if ($isEnforced) {
  283. if (empty($expirationDate)) {
  284. throw new \InvalidArgumentException('Expiration date is enforced');
  285. }
  286. $date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
  287. $date->setTime(0, 0, 0);
  288. $date->add(new \DateInterval('P' . $defaultExpireDays . 'D'));
  289. if ($date < $expirationDate) {
  290. $message = $this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $defaultExpireDays);
  291. throw new GenericShareException($message, $message, 404);
  292. }
  293. }
  294. }
  295. $accepted = true;
  296. $message = '';
  297. \OCP\Util::emitHook('\OC\Share', 'verifyExpirationDate', [
  298. 'expirationDate' => &$expirationDate,
  299. 'accepted' => &$accepted,
  300. 'message' => &$message,
  301. 'passwordSet' => $share->getPassword() !== null,
  302. ]);
  303. if (!$accepted) {
  304. throw new \Exception($message);
  305. }
  306. $share->setExpirationDate($expirationDate);
  307. return $share;
  308. }
  309. /**
  310. * Validate if the expiration date fits the system settings
  311. *
  312. * @param IShare $share The share to validate the expiration date of
  313. * @return IShare The modified share object
  314. * @throws GenericShareException
  315. * @throws \InvalidArgumentException
  316. * @throws \Exception
  317. */
  318. protected function validateExpirationDateLink(IShare $share) {
  319. $expirationDate = $share->getExpirationDate();
  320. $isEnforced = $this->shareApiLinkDefaultExpireDateEnforced();
  321. // If $expirationDate is falsy, noExpirationDate is true and expiration not enforced
  322. // Then skip expiration date validation as null is accepted
  323. if(!($share->getNoExpirationDate() && !$isEnforced)) {
  324. if ($expirationDate !== null) {
  325. $expirationDate->setTimezone($this->dateTimeZone->getTimeZone());
  326. $expirationDate->setTime(0, 0, 0);
  327. $date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
  328. $date->setTime(0, 0, 0);
  329. if ($date >= $expirationDate) {
  330. $message = $this->l->t('Expiration date is in the past');
  331. throw new GenericShareException($message, $message, 404);
  332. }
  333. }
  334. // If expiredate is empty set a default one if there is a default
  335. $fullId = null;
  336. try {
  337. $fullId = $share->getFullId();
  338. } catch (\UnexpectedValueException $e) {
  339. // This is a new share
  340. }
  341. if ($fullId === null && $expirationDate === null && $this->shareApiLinkDefaultExpireDate()) {
  342. $expirationDate = new \DateTime('now', $this->dateTimeZone->getTimeZone());
  343. $expirationDate->setTime(0, 0, 0);
  344. $days = (int)$this->config->getAppValue('core', 'link_defaultExpDays', (string)$this->shareApiLinkDefaultExpireDays());
  345. if ($days > $this->shareApiLinkDefaultExpireDays()) {
  346. $days = $this->shareApiLinkDefaultExpireDays();
  347. }
  348. $expirationDate->add(new \DateInterval('P' . $days . 'D'));
  349. }
  350. // If we enforce the expiration date check that is does not exceed
  351. if ($isEnforced) {
  352. if (empty($expirationDate)) {
  353. throw new \InvalidArgumentException('Expiration date is enforced');
  354. }
  355. $date = new \DateTime('now', $this->dateTimeZone->getTimeZone());
  356. $date->setTime(0, 0, 0);
  357. $date->add(new \DateInterval('P' . $this->shareApiLinkDefaultExpireDays() . 'D'));
  358. if ($date < $expirationDate) {
  359. $message = $this->l->n('Cannot set expiration date more than %n day in the future', 'Cannot set expiration date more than %n days in the future', $this->shareApiLinkDefaultExpireDays());
  360. throw new GenericShareException($message, $message, 404);
  361. }
  362. }
  363. }
  364. $accepted = true;
  365. $message = '';
  366. \OCP\Util::emitHook('\OC\Share', 'verifyExpirationDate', [
  367. 'expirationDate' => &$expirationDate,
  368. 'accepted' => &$accepted,
  369. 'message' => &$message,
  370. 'passwordSet' => $share->getPassword() !== null,
  371. ]);
  372. if (!$accepted) {
  373. throw new \Exception($message);
  374. }
  375. $share->setExpirationDate($expirationDate);
  376. return $share;
  377. }
  378. /**
  379. * Check for pre share requirements for user shares
  380. *
  381. * @param IShare $share
  382. * @throws \Exception
  383. */
  384. protected function userCreateChecks(IShare $share) {
  385. // Check if we can share with group members only
  386. if ($this->shareWithGroupMembersOnly()) {
  387. $sharedBy = $this->userManager->get($share->getSharedBy());
  388. $sharedWith = $this->userManager->get($share->getSharedWith());
  389. // Verify we can share with this user
  390. $groups = array_intersect(
  391. $this->groupManager->getUserGroupIds($sharedBy),
  392. $this->groupManager->getUserGroupIds($sharedWith)
  393. );
  394. // optional excluded groups
  395. $excludedGroups = $this->shareWithGroupMembersOnlyExcludeGroupsList();
  396. $groups = array_diff($groups, $excludedGroups);
  397. if (empty($groups)) {
  398. $message_t = $this->l->t('Sharing is only allowed with group members');
  399. throw new \Exception($message_t);
  400. }
  401. }
  402. /*
  403. * TODO: Could be costly, fix
  404. *
  405. * Also this is not what we want in the future.. then we want to squash identical shares.
  406. */
  407. $provider = $this->factory->getProviderForType(IShare::TYPE_USER);
  408. $existingShares = $provider->getSharesByPath($share->getNode());
  409. foreach ($existingShares as $existingShare) {
  410. // Ignore if it is the same share
  411. try {
  412. if ($existingShare->getFullId() === $share->getFullId()) {
  413. continue;
  414. }
  415. } catch (\UnexpectedValueException $e) {
  416. //Shares are not identical
  417. }
  418. // Identical share already exists
  419. if ($existingShare->getSharedWith() === $share->getSharedWith() && $existingShare->getShareType() === $share->getShareType()) {
  420. $message = $this->l->t('Sharing %s failed, because this item is already shared with the account %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]);
  421. throw new AlreadySharedException($message, $existingShare);
  422. }
  423. // The share is already shared with this user via a group share
  424. if ($existingShare->getShareType() === IShare::TYPE_GROUP) {
  425. $group = $this->groupManager->get($existingShare->getSharedWith());
  426. if (!is_null($group)) {
  427. $user = $this->userManager->get($share->getSharedWith());
  428. if ($group->inGroup($user) && $existingShare->getShareOwner() !== $share->getShareOwner()) {
  429. $message = $this->l->t('Sharing %s failed, because this item is already shared with the account %s', [$share->getNode()->getName(), $share->getSharedWithDisplayName()]);
  430. throw new AlreadySharedException($message, $existingShare);
  431. }
  432. }
  433. }
  434. }
  435. }
  436. /**
  437. * Check for pre share requirements for group shares
  438. *
  439. * @param IShare $share
  440. * @throws \Exception
  441. */
  442. protected function groupCreateChecks(IShare $share) {
  443. // Verify group shares are allowed
  444. if (!$this->allowGroupSharing()) {
  445. throw new \Exception('Group sharing is now allowed');
  446. }
  447. // Verify if the user can share with this group
  448. if ($this->shareWithGroupMembersOnly()) {
  449. $sharedBy = $this->userManager->get($share->getSharedBy());
  450. $sharedWith = $this->groupManager->get($share->getSharedWith());
  451. // optional excluded groups
  452. $excludedGroups = $this->shareWithGroupMembersOnlyExcludeGroupsList();
  453. if (is_null($sharedWith) || in_array($share->getSharedWith(), $excludedGroups) || !$sharedWith->inGroup($sharedBy)) {
  454. throw new \Exception('Sharing is only allowed within your own groups');
  455. }
  456. }
  457. /*
  458. * TODO: Could be costly, fix
  459. *
  460. * Also this is not what we want in the future.. then we want to squash identical shares.
  461. */
  462. $provider = $this->factory->getProviderForType(IShare::TYPE_GROUP);
  463. $existingShares = $provider->getSharesByPath($share->getNode());
  464. foreach ($existingShares as $existingShare) {
  465. try {
  466. if ($existingShare->getFullId() === $share->getFullId()) {
  467. continue;
  468. }
  469. } catch (\UnexpectedValueException $e) {
  470. //It is a new share so just continue
  471. }
  472. if ($existingShare->getSharedWith() === $share->getSharedWith() && $existingShare->getShareType() === $share->getShareType()) {
  473. throw new AlreadySharedException('Path is already shared with this group', $existingShare);
  474. }
  475. }
  476. }
  477. /**
  478. * Check for pre share requirements for link shares
  479. *
  480. * @param IShare $share
  481. * @throws \Exception
  482. */
  483. protected function linkCreateChecks(IShare $share) {
  484. // Are link shares allowed?
  485. if (!$this->shareApiAllowLinks()) {
  486. throw new \Exception('Link sharing is not allowed');
  487. }
  488. // Check if public upload is allowed
  489. if ($share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload() &&
  490. ($share->getPermissions() & (\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_DELETE))) {
  491. throw new \InvalidArgumentException('Public upload is not allowed');
  492. }
  493. }
  494. /**
  495. * To make sure we don't get invisible link shares we set the parent
  496. * of a link if it is a reshare. This is a quick word around
  497. * until we can properly display multiple link shares in the UI
  498. *
  499. * See: https://github.com/owncloud/core/issues/22295
  500. *
  501. * FIXME: Remove once multiple link shares can be properly displayed
  502. *
  503. * @param IShare $share
  504. */
  505. protected function setLinkParent(IShare $share) {
  506. // No sense in checking if the method is not there.
  507. if (method_exists($share, 'setParent')) {
  508. $storage = $share->getNode()->getStorage();
  509. if ($storage->instanceOfStorage('\OCA\Files_Sharing\ISharedStorage')) {
  510. /** @var \OCA\Files_Sharing\SharedStorage $storage */
  511. $share->setParent($storage->getShareId());
  512. }
  513. }
  514. }
  515. /**
  516. * @param File|Folder $path
  517. */
  518. protected function pathCreateChecks($path) {
  519. // Make sure that we do not share a path that contains a shared mountpoint
  520. if ($path instanceof \OCP\Files\Folder) {
  521. $mounts = $this->mountManager->findIn($path->getPath());
  522. foreach ($mounts as $mount) {
  523. if ($mount->getStorage()->instanceOfStorage('\OCA\Files_Sharing\ISharedStorage')) {
  524. throw new \InvalidArgumentException('Path contains files shared with you');
  525. }
  526. }
  527. }
  528. }
  529. /**
  530. * Check if the user that is sharing can actually share
  531. *
  532. * @param IShare $share
  533. * @throws \Exception
  534. */
  535. protected function canShare(IShare $share) {
  536. if (!$this->shareApiEnabled()) {
  537. throw new \Exception('Sharing is disabled');
  538. }
  539. if ($this->sharingDisabledForUser($share->getSharedBy())) {
  540. throw new \Exception('Sharing is disabled for you');
  541. }
  542. }
  543. /**
  544. * Share a path
  545. *
  546. * @param IShare $share
  547. * @return IShare The share object
  548. * @throws \Exception
  549. *
  550. * TODO: handle link share permissions or check them
  551. */
  552. public function createShare(IShare $share) {
  553. $this->canShare($share);
  554. $this->generalCreateChecks($share);
  555. // Verify if there are any issues with the path
  556. $this->pathCreateChecks($share->getNode());
  557. /*
  558. * On creation of a share the owner is always the owner of the path
  559. * Except for mounted federated shares.
  560. */
  561. $storage = $share->getNode()->getStorage();
  562. if ($storage->instanceOfStorage('OCA\Files_Sharing\External\Storage')) {
  563. $parent = $share->getNode()->getParent();
  564. while ($parent->getStorage()->instanceOfStorage('OCA\Files_Sharing\External\Storage')) {
  565. $parent = $parent->getParent();
  566. }
  567. $share->setShareOwner($parent->getOwner()->getUID());
  568. } else {
  569. if ($share->getNode()->getOwner()) {
  570. $share->setShareOwner($share->getNode()->getOwner()->getUID());
  571. } else {
  572. $share->setShareOwner($share->getSharedBy());
  573. }
  574. }
  575. try {
  576. // Verify share type
  577. if ($share->getShareType() === IShare::TYPE_USER) {
  578. $this->userCreateChecks($share);
  579. // Verify the expiration date
  580. $share = $this->validateExpirationDateInternal($share);
  581. } elseif ($share->getShareType() === IShare::TYPE_GROUP) {
  582. $this->groupCreateChecks($share);
  583. // Verify the expiration date
  584. $share = $this->validateExpirationDateInternal($share);
  585. } elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
  586. // Verify the expiration date
  587. $share = $this->validateExpirationDateInternal($share);
  588. } elseif ($share->getShareType() === IShare::TYPE_LINK
  589. || $share->getShareType() === IShare::TYPE_EMAIL) {
  590. $this->linkCreateChecks($share);
  591. $this->setLinkParent($share);
  592. // For now ignore a set token.
  593. $share->setToken(
  594. $this->secureRandom->generate(
  595. \OC\Share\Constants::TOKEN_LENGTH,
  596. \OCP\Security\ISecureRandom::CHAR_HUMAN_READABLE
  597. )
  598. );
  599. // Verify the expiration date
  600. $share = $this->validateExpirationDateLink($share);
  601. // Verify the password
  602. $this->verifyPassword($share->getPassword());
  603. // If a password is set. Hash it!
  604. if ($share->getShareType() === IShare::TYPE_LINK
  605. && $share->getPassword() !== null) {
  606. $share->setPassword($this->hasher->hash($share->getPassword()));
  607. }
  608. }
  609. // Cannot share with the owner
  610. if ($share->getShareType() === IShare::TYPE_USER &&
  611. $share->getSharedWith() === $share->getShareOwner()) {
  612. throw new \InvalidArgumentException('Cannot share with the share owner');
  613. }
  614. // Generate the target
  615. $defaultShareFolder = $this->config->getSystemValue('share_folder', '/');
  616. $allowCustomShareFolder = $this->config->getSystemValueBool('sharing.allow_custom_share_folder', true);
  617. if ($allowCustomShareFolder) {
  618. $shareFolder = $this->config->getUserValue($share->getSharedWith(), Application::APP_ID, 'share_folder', $defaultShareFolder);
  619. } else {
  620. $shareFolder = $defaultShareFolder;
  621. }
  622. $target = $shareFolder . '/' . $share->getNode()->getName();
  623. $target = \OC\Files\Filesystem::normalizePath($target);
  624. $share->setTarget($target);
  625. // Pre share event
  626. $event = new Share\Events\BeforeShareCreatedEvent($share);
  627. $this->dispatcher->dispatchTyped($event);
  628. if ($event->isPropagationStopped() && $event->getError()) {
  629. throw new \Exception($event->getError());
  630. }
  631. $oldShare = $share;
  632. $provider = $this->factory->getProviderForType($share->getShareType());
  633. $share = $provider->create($share);
  634. // Reuse the node we already have
  635. $share->setNode($oldShare->getNode());
  636. // Reset the target if it is null for the new share
  637. if ($share->getTarget() === '') {
  638. $share->setTarget($target);
  639. }
  640. } catch (AlreadySharedException $e) {
  641. // if a share for the same target already exists, dont create a new one, but do trigger the hooks and notifications again
  642. $oldShare = $share;
  643. // Reuse the node we already have
  644. $share = $e->getExistingShare();
  645. $share->setNode($oldShare->getNode());
  646. }
  647. // Post share event
  648. $this->dispatcher->dispatchTyped(new ShareCreatedEvent($share));
  649. // Send email if needed
  650. if ($this->config->getSystemValueBool('sharing.enable_share_mail', true)) {
  651. if ($share->getMailSend()) {
  652. $provider = $this->factory->getProviderForType($share->getShareType());
  653. if ($provider instanceof IShareProviderWithNotification) {
  654. $provider->sendMailNotification($share);
  655. } else {
  656. $this->logger->debug('Share notification not sent because the provider does not support it.', ['app' => 'share']);
  657. }
  658. } else {
  659. $this->logger->debug('Share notification not sent because mailsend is false.', ['app' => 'share']);
  660. }
  661. } else {
  662. $this->logger->debug('Share notification not sent because sharing notification emails is disabled.', ['app' => 'share']);
  663. }
  664. return $share;
  665. }
  666. /**
  667. * Update a share
  668. *
  669. * @param IShare $share
  670. * @return IShare The share object
  671. * @throws \InvalidArgumentException
  672. */
  673. public function updateShare(IShare $share) {
  674. $expirationDateUpdated = false;
  675. $this->canShare($share);
  676. try {
  677. $originalShare = $this->getShareById($share->getFullId());
  678. } catch (\UnexpectedValueException $e) {
  679. throw new \InvalidArgumentException('Share does not have a full id');
  680. }
  681. // We cannot change the share type!
  682. if ($share->getShareType() !== $originalShare->getShareType()) {
  683. throw new \InvalidArgumentException('Cannot change share type');
  684. }
  685. // We can only change the recipient on user shares
  686. if ($share->getSharedWith() !== $originalShare->getSharedWith() &&
  687. $share->getShareType() !== IShare::TYPE_USER) {
  688. throw new \InvalidArgumentException('Can only update recipient on user shares');
  689. }
  690. // Cannot share with the owner
  691. if ($share->getShareType() === IShare::TYPE_USER &&
  692. $share->getSharedWith() === $share->getShareOwner()) {
  693. throw new \InvalidArgumentException('Cannot share with the share owner');
  694. }
  695. $this->generalCreateChecks($share, true);
  696. if ($share->getShareType() === IShare::TYPE_USER) {
  697. $this->userCreateChecks($share);
  698. if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
  699. //Verify the expiration date
  700. $this->validateExpirationDateInternal($share);
  701. $expirationDateUpdated = true;
  702. }
  703. } elseif ($share->getShareType() === IShare::TYPE_GROUP) {
  704. $this->groupCreateChecks($share);
  705. if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
  706. //Verify the expiration date
  707. $this->validateExpirationDateInternal($share);
  708. $expirationDateUpdated = true;
  709. }
  710. } elseif ($share->getShareType() === IShare::TYPE_LINK
  711. || $share->getShareType() === IShare::TYPE_EMAIL) {
  712. $this->linkCreateChecks($share);
  713. // The new password is not set again if it is the same as the old
  714. // one, unless when switching from sending by Talk to sending by
  715. // mail.
  716. $plainTextPassword = $share->getPassword();
  717. $updatedPassword = $this->updateSharePasswordIfNeeded($share, $originalShare);
  718. /**
  719. * Cannot enable the getSendPasswordByTalk if there is no password set
  720. */
  721. if (empty($plainTextPassword) && $share->getSendPasswordByTalk()) {
  722. throw new \InvalidArgumentException('Cannot enable sending the password by Talk with an empty password');
  723. }
  724. /**
  725. * If we're in a mail share, we need to force a password change
  726. * as either the user is not aware of the password or is already (received by mail)
  727. * Thus the SendPasswordByTalk feature would not make sense
  728. */
  729. if (!$updatedPassword && $share->getShareType() === IShare::TYPE_EMAIL) {
  730. if (!$originalShare->getSendPasswordByTalk() && $share->getSendPasswordByTalk()) {
  731. throw new \InvalidArgumentException('Cannot enable sending the password by Talk without setting a new password');
  732. }
  733. if ($originalShare->getSendPasswordByTalk() && !$share->getSendPasswordByTalk()) {
  734. throw new \InvalidArgumentException('Cannot disable sending the password by Talk without setting a new password');
  735. }
  736. }
  737. if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
  738. // Verify the expiration date
  739. $this->validateExpirationDateLink($share);
  740. $expirationDateUpdated = true;
  741. }
  742. } elseif ($share->getShareType() === IShare::TYPE_REMOTE || $share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
  743. if ($share->getExpirationDate() != $originalShare->getExpirationDate()) {
  744. //Verify the expiration date
  745. $this->validateExpirationDateInternal($share);
  746. $expirationDateUpdated = true;
  747. }
  748. }
  749. $this->pathCreateChecks($share->getNode());
  750. // Now update the share!
  751. $provider = $this->factory->getProviderForType($share->getShareType());
  752. if ($share->getShareType() === IShare::TYPE_EMAIL) {
  753. $share = $provider->update($share, $plainTextPassword);
  754. } else {
  755. $share = $provider->update($share);
  756. }
  757. if ($expirationDateUpdated === true) {
  758. \OC_Hook::emit(Share::class, 'post_set_expiration_date', [
  759. 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
  760. 'itemSource' => $share->getNode()->getId(),
  761. 'date' => $share->getExpirationDate(),
  762. 'uidOwner' => $share->getSharedBy(),
  763. ]);
  764. }
  765. if ($share->getPassword() !== $originalShare->getPassword()) {
  766. \OC_Hook::emit(Share::class, 'post_update_password', [
  767. 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
  768. 'itemSource' => $share->getNode()->getId(),
  769. 'uidOwner' => $share->getSharedBy(),
  770. 'token' => $share->getToken(),
  771. 'disabled' => is_null($share->getPassword()),
  772. ]);
  773. }
  774. if ($share->getPermissions() !== $originalShare->getPermissions()) {
  775. if ($this->userManager->userExists($share->getShareOwner())) {
  776. $userFolder = $this->rootFolder->getUserFolder($share->getShareOwner());
  777. } else {
  778. $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
  779. }
  780. \OC_Hook::emit(Share::class, 'post_update_permissions', [
  781. 'itemType' => $share->getNode() instanceof \OCP\Files\File ? 'file' : 'folder',
  782. 'itemSource' => $share->getNode()->getId(),
  783. 'shareType' => $share->getShareType(),
  784. 'shareWith' => $share->getSharedWith(),
  785. 'uidOwner' => $share->getSharedBy(),
  786. 'permissions' => $share->getPermissions(),
  787. 'attributes' => $share->getAttributes() !== null ? $share->getAttributes()->toArray() : null,
  788. 'path' => $userFolder->getRelativePath($share->getNode()->getPath()),
  789. ]);
  790. }
  791. return $share;
  792. }
  793. /**
  794. * Accept a share.
  795. *
  796. * @param IShare $share
  797. * @param string $recipientId
  798. * @return IShare The share object
  799. * @throws \InvalidArgumentException
  800. * @since 9.0.0
  801. */
  802. public function acceptShare(IShare $share, string $recipientId): IShare {
  803. [$providerId,] = $this->splitFullId($share->getFullId());
  804. $provider = $this->factory->getProvider($providerId);
  805. if (!method_exists($provider, 'acceptShare')) {
  806. // TODO FIX ME
  807. throw new \InvalidArgumentException('Share provider does not support accepting');
  808. }
  809. $provider->acceptShare($share, $recipientId);
  810. $event = new ShareAcceptedEvent($share);
  811. $this->dispatcher->dispatchTyped($event);
  812. return $share;
  813. }
  814. /**
  815. * Updates the password of the given share if it is not the same as the
  816. * password of the original share.
  817. *
  818. * @param IShare $share the share to update its password.
  819. * @param IShare $originalShare the original share to compare its
  820. * password with.
  821. * @return boolean whether the password was updated or not.
  822. */
  823. private function updateSharePasswordIfNeeded(IShare $share, IShare $originalShare) {
  824. $passwordsAreDifferent = ($share->getPassword() !== $originalShare->getPassword()) &&
  825. (($share->getPassword() !== null && $originalShare->getPassword() === null) ||
  826. ($share->getPassword() === null && $originalShare->getPassword() !== null) ||
  827. ($share->getPassword() !== null && $originalShare->getPassword() !== null &&
  828. !$this->hasher->verify($share->getPassword(), $originalShare->getPassword())));
  829. // Password updated.
  830. if ($passwordsAreDifferent) {
  831. //Verify the password
  832. $this->verifyPassword($share->getPassword());
  833. // If a password is set. Hash it!
  834. if (!empty($share->getPassword())) {
  835. $share->setPassword($this->hasher->hash($share->getPassword()));
  836. if ($share->getShareType() === IShare::TYPE_EMAIL) {
  837. // Shares shared by email have temporary passwords
  838. $this->setSharePasswordExpirationTime($share);
  839. }
  840. return true;
  841. } else {
  842. // Empty string and null are seen as NOT password protected
  843. $share->setPassword(null);
  844. if ($share->getShareType() === IShare::TYPE_EMAIL) {
  845. $share->setPasswordExpirationTime(null);
  846. }
  847. return true;
  848. }
  849. } else {
  850. // Reset the password to the original one, as it is either the same
  851. // as the "new" password or a hashed version of it.
  852. $share->setPassword($originalShare->getPassword());
  853. }
  854. return false;
  855. }
  856. /**
  857. * Set the share's password expiration time
  858. */
  859. private function setSharePasswordExpirationTime(IShare $share): void {
  860. if (!$this->config->getSystemValueBool('sharing.enable_mail_link_password_expiration', false)) {
  861. // Sets password expiration date to NULL
  862. $share->setPasswordExpirationTime();
  863. return;
  864. }
  865. // Sets password expiration date
  866. $expirationTime = null;
  867. $now = new \DateTime();
  868. $expirationInterval = $this->config->getSystemValue('sharing.mail_link_password_expiration_interval', 3600);
  869. $expirationTime = $now->add(new \DateInterval('PT' . $expirationInterval . 'S'));
  870. $share->setPasswordExpirationTime($expirationTime);
  871. }
  872. /**
  873. * Delete all the children of this share
  874. * FIXME: remove once https://github.com/owncloud/core/pull/21660 is in
  875. *
  876. * @param IShare $share
  877. * @return IShare[] List of deleted shares
  878. */
  879. protected function deleteChildren(IShare $share) {
  880. $deletedShares = [];
  881. $provider = $this->factory->getProviderForType($share->getShareType());
  882. foreach ($provider->getChildren($share) as $child) {
  883. $this->dispatcher->dispatchTyped(new BeforeShareDeletedEvent($child));
  884. $deletedChildren = $this->deleteChildren($child);
  885. $deletedShares = array_merge($deletedShares, $deletedChildren);
  886. $provider->delete($child);
  887. $this->dispatcher->dispatchTyped(new ShareDeletedEvent($child));
  888. $deletedShares[] = $child;
  889. }
  890. return $deletedShares;
  891. }
  892. /**
  893. * Delete a share
  894. *
  895. * @param IShare $share
  896. * @throws ShareNotFound
  897. * @throws \InvalidArgumentException
  898. */
  899. public function deleteShare(IShare $share) {
  900. try {
  901. $share->getFullId();
  902. } catch (\UnexpectedValueException $e) {
  903. throw new \InvalidArgumentException('Share does not have a full id');
  904. }
  905. $this->dispatcher->dispatchTyped(new BeforeShareDeletedEvent($share));
  906. // Get all children and delete them as well
  907. $this->deleteChildren($share);
  908. // Do the actual delete
  909. $provider = $this->factory->getProviderForType($share->getShareType());
  910. $provider->delete($share);
  911. $this->dispatcher->dispatchTyped(new ShareDeletedEvent($share));
  912. }
  913. /**
  914. * Unshare a file as the recipient.
  915. * This can be different from a regular delete for example when one of
  916. * the users in a groups deletes that share. But the provider should
  917. * handle this.
  918. *
  919. * @param IShare $share
  920. * @param string $recipientId
  921. */
  922. public function deleteFromSelf(IShare $share, $recipientId) {
  923. [$providerId,] = $this->splitFullId($share->getFullId());
  924. $provider = $this->factory->getProvider($providerId);
  925. $provider->deleteFromSelf($share, $recipientId);
  926. $event = new ShareDeletedFromSelfEvent($share);
  927. $this->dispatcher->dispatchTyped($event);
  928. }
  929. public function restoreShare(IShare $share, string $recipientId): IShare {
  930. [$providerId,] = $this->splitFullId($share->getFullId());
  931. $provider = $this->factory->getProvider($providerId);
  932. return $provider->restore($share, $recipientId);
  933. }
  934. /**
  935. * @inheritdoc
  936. */
  937. public function moveShare(IShare $share, $recipientId) {
  938. if ($share->getShareType() === IShare::TYPE_LINK
  939. || $share->getShareType() === IShare::TYPE_EMAIL) {
  940. throw new \InvalidArgumentException('Cannot change target of link share');
  941. }
  942. if ($share->getShareType() === IShare::TYPE_USER && $share->getSharedWith() !== $recipientId) {
  943. throw new \InvalidArgumentException('Invalid recipient');
  944. }
  945. if ($share->getShareType() === IShare::TYPE_GROUP) {
  946. $sharedWith = $this->groupManager->get($share->getSharedWith());
  947. if (is_null($sharedWith)) {
  948. throw new \InvalidArgumentException('Group "' . $share->getSharedWith() . '" does not exist');
  949. }
  950. $recipient = $this->userManager->get($recipientId);
  951. if (!$sharedWith->inGroup($recipient)) {
  952. throw new \InvalidArgumentException('Invalid recipient');
  953. }
  954. }
  955. [$providerId,] = $this->splitFullId($share->getFullId());
  956. $provider = $this->factory->getProvider($providerId);
  957. return $provider->move($share, $recipientId);
  958. }
  959. public function getSharesInFolder($userId, Folder $node, $reshares = false, $shallow = true) {
  960. $providers = $this->factory->getAllProviders();
  961. if (!$shallow) {
  962. throw new \Exception("non-shallow getSharesInFolder is no longer supported");
  963. }
  964. return array_reduce($providers, function ($shares, IShareProvider $provider) use ($userId, $node, $reshares) {
  965. $newShares = $provider->getSharesInFolder($userId, $node, $reshares);
  966. foreach ($newShares as $fid => $data) {
  967. if (!isset($shares[$fid])) {
  968. $shares[$fid] = [];
  969. }
  970. $shares[$fid] = array_merge($shares[$fid], $data);
  971. }
  972. return $shares;
  973. }, []);
  974. }
  975. /**
  976. * @inheritdoc
  977. */
  978. public function getSharesBy($userId, $shareType, $path = null, $reshares = false, $limit = 50, $offset = 0) {
  979. if ($path !== null &&
  980. !($path instanceof \OCP\Files\File) &&
  981. !($path instanceof \OCP\Files\Folder)) {
  982. throw new \InvalidArgumentException('invalid path');
  983. }
  984. try {
  985. $provider = $this->factory->getProviderForType($shareType);
  986. } catch (ProviderException $e) {
  987. return [];
  988. }
  989. $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset);
  990. /*
  991. * Work around so we don't return expired shares but still follow
  992. * proper pagination.
  993. */
  994. $shares2 = [];
  995. while (true) {
  996. $added = 0;
  997. foreach ($shares as $share) {
  998. try {
  999. $this->checkShare($share);
  1000. } catch (ShareNotFound $e) {
  1001. //Ignore since this basically means the share is deleted
  1002. continue;
  1003. }
  1004. $added++;
  1005. $shares2[] = $share;
  1006. if (count($shares2) === $limit) {
  1007. break;
  1008. }
  1009. }
  1010. // If we did not fetch more shares than the limit then there are no more shares
  1011. if (count($shares) < $limit) {
  1012. break;
  1013. }
  1014. if (count($shares2) === $limit) {
  1015. break;
  1016. }
  1017. // If there was no limit on the select we are done
  1018. if ($limit === -1) {
  1019. break;
  1020. }
  1021. $offset += $added;
  1022. // Fetch again $limit shares
  1023. $shares = $provider->getSharesBy($userId, $shareType, $path, $reshares, $limit, $offset);
  1024. // No more shares means we are done
  1025. if (empty($shares)) {
  1026. break;
  1027. }
  1028. }
  1029. $shares = $shares2;
  1030. return $shares;
  1031. }
  1032. /**
  1033. * @inheritdoc
  1034. */
  1035. public function getSharedWith($userId, $shareType, $node = null, $limit = 50, $offset = 0) {
  1036. try {
  1037. $provider = $this->factory->getProviderForType($shareType);
  1038. } catch (ProviderException $e) {
  1039. return [];
  1040. }
  1041. $shares = $provider->getSharedWith($userId, $shareType, $node, $limit, $offset);
  1042. // remove all shares which are already expired
  1043. foreach ($shares as $key => $share) {
  1044. try {
  1045. $this->checkShare($share);
  1046. } catch (ShareNotFound $e) {
  1047. unset($shares[$key]);
  1048. }
  1049. }
  1050. return $shares;
  1051. }
  1052. /**
  1053. * @inheritdoc
  1054. */
  1055. public function getDeletedSharedWith($userId, $shareType, $node = null, $limit = 50, $offset = 0) {
  1056. $shares = $this->getSharedWith($userId, $shareType, $node, $limit, $offset);
  1057. // Only get deleted shares
  1058. $shares = array_filter($shares, function (IShare $share) {
  1059. return $share->getPermissions() === 0;
  1060. });
  1061. // Only get shares where the owner still exists
  1062. $shares = array_filter($shares, function (IShare $share) {
  1063. return $this->userManager->userExists($share->getShareOwner());
  1064. });
  1065. return $shares;
  1066. }
  1067. /**
  1068. * @inheritdoc
  1069. */
  1070. public function getShareById($id, $recipient = null) {
  1071. if ($id === null) {
  1072. throw new ShareNotFound();
  1073. }
  1074. [$providerId, $id] = $this->splitFullId($id);
  1075. try {
  1076. $provider = $this->factory->getProvider($providerId);
  1077. } catch (ProviderException $e) {
  1078. throw new ShareNotFound();
  1079. }
  1080. $share = $provider->getShareById($id, $recipient);
  1081. $this->checkShare($share);
  1082. return $share;
  1083. }
  1084. /**
  1085. * Get all the shares for a given path
  1086. *
  1087. * @param \OCP\Files\Node $path
  1088. * @param int $page
  1089. * @param int $perPage
  1090. *
  1091. * @return Share[]
  1092. */
  1093. public function getSharesByPath(\OCP\Files\Node $path, $page = 0, $perPage = 50) {
  1094. return [];
  1095. }
  1096. /**
  1097. * Get the share by token possible with password
  1098. *
  1099. * @param string $token
  1100. * @return IShare
  1101. *
  1102. * @throws ShareNotFound
  1103. */
  1104. public function getShareByToken($token) {
  1105. // tokens cannot be valid local user names
  1106. if ($this->userManager->userExists($token)) {
  1107. throw new ShareNotFound();
  1108. }
  1109. $share = null;
  1110. try {
  1111. if ($this->shareApiAllowLinks()) {
  1112. $provider = $this->factory->getProviderForType(IShare::TYPE_LINK);
  1113. $share = $provider->getShareByToken($token);
  1114. }
  1115. } catch (ProviderException $e) {
  1116. } catch (ShareNotFound $e) {
  1117. }
  1118. // If it is not a link share try to fetch a federated share by token
  1119. if ($share === null) {
  1120. try {
  1121. $provider = $this->factory->getProviderForType(IShare::TYPE_REMOTE);
  1122. $share = $provider->getShareByToken($token);
  1123. } catch (ProviderException $e) {
  1124. } catch (ShareNotFound $e) {
  1125. }
  1126. }
  1127. // If it is not a link share try to fetch a mail share by token
  1128. if ($share === null && $this->shareProviderExists(IShare::TYPE_EMAIL)) {
  1129. try {
  1130. $provider = $this->factory->getProviderForType(IShare::TYPE_EMAIL);
  1131. $share = $provider->getShareByToken($token);
  1132. } catch (ProviderException $e) {
  1133. } catch (ShareNotFound $e) {
  1134. }
  1135. }
  1136. if ($share === null && $this->shareProviderExists(IShare::TYPE_CIRCLE)) {
  1137. try {
  1138. $provider = $this->factory->getProviderForType(IShare::TYPE_CIRCLE);
  1139. $share = $provider->getShareByToken($token);
  1140. } catch (ProviderException $e) {
  1141. } catch (ShareNotFound $e) {
  1142. }
  1143. }
  1144. if ($share === null && $this->shareProviderExists(IShare::TYPE_ROOM)) {
  1145. try {
  1146. $provider = $this->factory->getProviderForType(IShare::TYPE_ROOM);
  1147. $share = $provider->getShareByToken($token);
  1148. } catch (ProviderException $e) {
  1149. } catch (ShareNotFound $e) {
  1150. }
  1151. }
  1152. if ($share === null) {
  1153. throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
  1154. }
  1155. $this->checkShare($share);
  1156. /*
  1157. * Reduce the permissions for link or email shares if public upload is not enabled
  1158. */
  1159. if (($share->getShareType() === IShare::TYPE_LINK || $share->getShareType() === IShare::TYPE_EMAIL)
  1160. && $share->getNodeType() === 'folder' && !$this->shareApiLinkAllowPublicUpload()) {
  1161. $share->setPermissions($share->getPermissions() & ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE));
  1162. }
  1163. return $share;
  1164. }
  1165. /**
  1166. * Check expire date and disabled owner
  1167. *
  1168. * @throws ShareNotFound
  1169. */
  1170. protected function checkShare(IShare $share): void {
  1171. if ($share->isExpired()) {
  1172. $this->deleteShare($share);
  1173. throw new ShareNotFound($this->l->t('The requested share does not exist anymore'));
  1174. }
  1175. if ($this->config->getAppValue('files_sharing', 'hide_disabled_user_shares', 'no') === 'yes') {
  1176. $uids = array_unique([$share->getShareOwner(),$share->getSharedBy()]);
  1177. foreach ($uids as $uid) {
  1178. $user = $this->userManager->get($uid);
  1179. if ($user?->isEnabled() === false) {
  1180. throw new ShareNotFound($this->l->t('The requested share comes from a disabled user'));
  1181. }
  1182. }
  1183. }
  1184. }
  1185. /**
  1186. * Verify the password of a public share
  1187. *
  1188. * @param IShare $share
  1189. * @param ?string $password
  1190. * @return bool
  1191. */
  1192. public function checkPassword(IShare $share, $password) {
  1193. // if there is no password on the share object / passsword is null, there is nothing to check
  1194. if ($password === null || $share->getPassword() === null) {
  1195. return false;
  1196. }
  1197. // Makes sure password hasn't expired
  1198. $expirationTime = $share->getPasswordExpirationTime();
  1199. if ($expirationTime !== null && $expirationTime < new \DateTime()) {
  1200. return false;
  1201. }
  1202. $newHash = '';
  1203. if (!$this->hasher->verify($password, $share->getPassword(), $newHash)) {
  1204. return false;
  1205. }
  1206. if (!empty($newHash)) {
  1207. $share->setPassword($newHash);
  1208. $provider = $this->factory->getProviderForType($share->getShareType());
  1209. $provider->update($share);
  1210. }
  1211. return true;
  1212. }
  1213. /**
  1214. * @inheritdoc
  1215. */
  1216. public function userDeleted($uid) {
  1217. $types = [IShare::TYPE_USER, IShare::TYPE_GROUP, IShare::TYPE_LINK, IShare::TYPE_REMOTE, IShare::TYPE_EMAIL];
  1218. foreach ($types as $type) {
  1219. try {
  1220. $provider = $this->factory->getProviderForType($type);
  1221. } catch (ProviderException $e) {
  1222. continue;
  1223. }
  1224. $provider->userDeleted($uid, $type);
  1225. }
  1226. }
  1227. /**
  1228. * @inheritdoc
  1229. */
  1230. public function groupDeleted($gid) {
  1231. $provider = $this->factory->getProviderForType(IShare::TYPE_GROUP);
  1232. $provider->groupDeleted($gid);
  1233. $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
  1234. if ($excludedGroups === '') {
  1235. return;
  1236. }
  1237. $excludedGroups = json_decode($excludedGroups, true);
  1238. if (json_last_error() !== JSON_ERROR_NONE) {
  1239. return;
  1240. }
  1241. $excludedGroups = array_diff($excludedGroups, [$gid]);
  1242. $this->config->setAppValue('core', 'shareapi_exclude_groups_list', json_encode($excludedGroups));
  1243. }
  1244. /**
  1245. * @inheritdoc
  1246. */
  1247. public function userDeletedFromGroup($uid, $gid) {
  1248. $provider = $this->factory->getProviderForType(IShare::TYPE_GROUP);
  1249. $provider->userDeletedFromGroup($uid, $gid);
  1250. }
  1251. /**
  1252. * Get access list to a path. This means
  1253. * all the users that can access a given path.
  1254. *
  1255. * Consider:
  1256. * -root
  1257. * |-folder1 (23)
  1258. * |-folder2 (32)
  1259. * |-fileA (42)
  1260. *
  1261. * fileA is shared with user1 and user1@server1 and email1@maildomain1
  1262. * folder2 is shared with group2 (user4 is a member of group2)
  1263. * folder1 is shared with user2 (renamed to "folder (1)") and user2@server2
  1264. * and email2@maildomain2
  1265. *
  1266. * Then the access list to '/folder1/folder2/fileA' with $currentAccess is:
  1267. * [
  1268. * users => [
  1269. * 'user1' => ['node_id' => 42, 'node_path' => '/fileA'],
  1270. * 'user4' => ['node_id' => 32, 'node_path' => '/folder2'],
  1271. * 'user2' => ['node_id' => 23, 'node_path' => '/folder (1)'],
  1272. * ],
  1273. * remote => [
  1274. * 'user1@server1' => ['node_id' => 42, 'token' => 'SeCr3t'],
  1275. * 'user2@server2' => ['node_id' => 23, 'token' => 'FooBaR'],
  1276. * ],
  1277. * public => bool
  1278. * mail => [
  1279. * 'email1@maildomain1' => ['node_id' => 42, 'token' => 'aBcDeFg'],
  1280. * 'email2@maildomain2' => ['node_id' => 23, 'token' => 'hIjKlMn'],
  1281. * ]
  1282. * ]
  1283. *
  1284. * The access list to '/folder1/folder2/fileA' **without** $currentAccess is:
  1285. * [
  1286. * users => ['user1', 'user2', 'user4'],
  1287. * remote => bool,
  1288. * public => bool
  1289. * mail => ['email1@maildomain1', 'email2@maildomain2']
  1290. * ]
  1291. *
  1292. * This is required for encryption/activity
  1293. *
  1294. * @param \OCP\Files\Node $path
  1295. * @param bool $recursive Should we check all parent folders as well
  1296. * @param bool $currentAccess Ensure the recipient has access to the file (e.g. did not unshare it)
  1297. * @return array
  1298. */
  1299. public function getAccessList(\OCP\Files\Node $path, $recursive = true, $currentAccess = false) {
  1300. $owner = $path->getOwner();
  1301. if ($owner === null) {
  1302. return [];
  1303. }
  1304. $owner = $owner->getUID();
  1305. if ($currentAccess) {
  1306. $al = ['users' => [], 'remote' => [], 'public' => false, 'mail' => []];
  1307. } else {
  1308. $al = ['users' => [], 'remote' => false, 'public' => false, 'mail' => []];
  1309. }
  1310. if (!$this->userManager->userExists($owner)) {
  1311. return $al;
  1312. }
  1313. //Get node for the owner and correct the owner in case of external storage
  1314. $userFolder = $this->rootFolder->getUserFolder($owner);
  1315. if ($path->getId() !== $userFolder->getId() && !$userFolder->isSubNode($path)) {
  1316. $path = $userFolder->getFirstNodeById($path->getId());
  1317. if ($path === null || $path->getOwner() === null) {
  1318. return [];
  1319. }
  1320. $owner = $path->getOwner()->getUID();
  1321. }
  1322. $providers = $this->factory->getAllProviders();
  1323. /** @var Node[] $nodes */
  1324. $nodes = [];
  1325. if ($currentAccess) {
  1326. $ownerPath = $path->getPath();
  1327. $ownerPath = explode('/', $ownerPath, 4);
  1328. if (count($ownerPath) < 4) {
  1329. $ownerPath = '';
  1330. } else {
  1331. $ownerPath = $ownerPath[3];
  1332. }
  1333. $al['users'][$owner] = [
  1334. 'node_id' => $path->getId(),
  1335. 'node_path' => '/' . $ownerPath,
  1336. ];
  1337. } else {
  1338. $al['users'][] = $owner;
  1339. }
  1340. // Collect all the shares
  1341. while ($path->getPath() !== $userFolder->getPath()) {
  1342. $nodes[] = $path;
  1343. if (!$recursive) {
  1344. break;
  1345. }
  1346. $path = $path->getParent();
  1347. }
  1348. foreach ($providers as $provider) {
  1349. $tmp = $provider->getAccessList($nodes, $currentAccess);
  1350. foreach ($tmp as $k => $v) {
  1351. if (isset($al[$k])) {
  1352. if (is_array($al[$k])) {
  1353. if ($currentAccess) {
  1354. $al[$k] += $v;
  1355. } else {
  1356. $al[$k] = array_merge($al[$k], $v);
  1357. $al[$k] = array_unique($al[$k]);
  1358. $al[$k] = array_values($al[$k]);
  1359. }
  1360. } else {
  1361. $al[$k] = $al[$k] || $v;
  1362. }
  1363. } else {
  1364. $al[$k] = $v;
  1365. }
  1366. }
  1367. }
  1368. return $al;
  1369. }
  1370. /**
  1371. * Create a new share
  1372. *
  1373. * @return IShare
  1374. */
  1375. public function newShare() {
  1376. return new \OC\Share20\Share($this->rootFolder, $this->userManager);
  1377. }
  1378. /**
  1379. * Is the share API enabled
  1380. *
  1381. * @return bool
  1382. */
  1383. public function shareApiEnabled() {
  1384. return $this->config->getAppValue('core', 'shareapi_enabled', 'yes') === 'yes';
  1385. }
  1386. /**
  1387. * Is public link sharing enabled
  1388. *
  1389. * @return bool
  1390. */
  1391. public function shareApiAllowLinks() {
  1392. if ($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
  1393. return false;
  1394. }
  1395. $user = $this->userSession->getUser();
  1396. if ($user) {
  1397. $excludedGroups = json_decode($this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '[]'));
  1398. if ($excludedGroups) {
  1399. $userGroups = $this->groupManager->getUserGroupIds($user);
  1400. return !(bool)array_intersect($excludedGroups, $userGroups);
  1401. }
  1402. }
  1403. return true;
  1404. }
  1405. /**
  1406. * Is password on public link requires
  1407. *
  1408. * @param bool Check group membership exclusion
  1409. * @return bool
  1410. */
  1411. public function shareApiLinkEnforcePassword(bool $checkGroupMembership = true) {
  1412. $excludedGroups = $this->config->getAppValue('core', 'shareapi_enforce_links_password_excluded_groups', '');
  1413. if ($excludedGroups !== '' && $checkGroupMembership) {
  1414. $excludedGroups = json_decode($excludedGroups);
  1415. $user = $this->userSession->getUser();
  1416. if ($user) {
  1417. $userGroups = $this->groupManager->getUserGroupIds($user);
  1418. if ((bool)array_intersect($excludedGroups, $userGroups)) {
  1419. return false;
  1420. }
  1421. }
  1422. }
  1423. return $this->config->getAppValue('core', 'shareapi_enforce_links_password', 'no') === 'yes';
  1424. }
  1425. /**
  1426. * Is default link expire date enabled
  1427. *
  1428. * @return bool
  1429. */
  1430. public function shareApiLinkDefaultExpireDate() {
  1431. return $this->config->getAppValue('core', 'shareapi_default_expire_date', 'no') === 'yes';
  1432. }
  1433. /**
  1434. * Is default link expire date enforced
  1435. *`
  1436. *
  1437. * @return bool
  1438. */
  1439. public function shareApiLinkDefaultExpireDateEnforced() {
  1440. return $this->shareApiLinkDefaultExpireDate() &&
  1441. $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes';
  1442. }
  1443. /**
  1444. * Number of default link expire days
  1445. *
  1446. * @return int
  1447. */
  1448. public function shareApiLinkDefaultExpireDays() {
  1449. return (int)$this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7');
  1450. }
  1451. /**
  1452. * Is default internal expire date enabled
  1453. *
  1454. * @return bool
  1455. */
  1456. public function shareApiInternalDefaultExpireDate(): bool {
  1457. return $this->config->getAppValue('core', 'shareapi_default_internal_expire_date', 'no') === 'yes';
  1458. }
  1459. /**
  1460. * Is default remote expire date enabled
  1461. *
  1462. * @return bool
  1463. */
  1464. public function shareApiRemoteDefaultExpireDate(): bool {
  1465. return $this->config->getAppValue('core', 'shareapi_default_remote_expire_date', 'no') === 'yes';
  1466. }
  1467. /**
  1468. * Is default expire date enforced
  1469. *
  1470. * @return bool
  1471. */
  1472. public function shareApiInternalDefaultExpireDateEnforced(): bool {
  1473. return $this->shareApiInternalDefaultExpireDate() &&
  1474. $this->config->getAppValue('core', 'shareapi_enforce_internal_expire_date', 'no') === 'yes';
  1475. }
  1476. /**
  1477. * Is default expire date enforced for remote shares
  1478. *
  1479. * @return bool
  1480. */
  1481. public function shareApiRemoteDefaultExpireDateEnforced(): bool {
  1482. return $this->shareApiRemoteDefaultExpireDate() &&
  1483. $this->config->getAppValue('core', 'shareapi_enforce_remote_expire_date', 'no') === 'yes';
  1484. }
  1485. /**
  1486. * Number of default expire days
  1487. *
  1488. * @return int
  1489. */
  1490. public function shareApiInternalDefaultExpireDays(): int {
  1491. return (int)$this->config->getAppValue('core', 'shareapi_internal_expire_after_n_days', '7');
  1492. }
  1493. /**
  1494. * Number of default expire days for remote shares
  1495. *
  1496. * @return int
  1497. */
  1498. public function shareApiRemoteDefaultExpireDays(): int {
  1499. return (int)$this->config->getAppValue('core', 'shareapi_remote_expire_after_n_days', '7');
  1500. }
  1501. /**
  1502. * Allow public upload on link shares
  1503. *
  1504. * @return bool
  1505. */
  1506. public function shareApiLinkAllowPublicUpload() {
  1507. return $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes') === 'yes';
  1508. }
  1509. /**
  1510. * check if user can only share with group members
  1511. *
  1512. * @return bool
  1513. */
  1514. public function shareWithGroupMembersOnly() {
  1515. return $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
  1516. }
  1517. /**
  1518. * If shareWithGroupMembersOnly is enabled, return an optional
  1519. * list of groups that must be excluded from the principle of
  1520. * belonging to the same group.
  1521. *
  1522. * @return array
  1523. */
  1524. public function shareWithGroupMembersOnlyExcludeGroupsList() {
  1525. if (!$this->shareWithGroupMembersOnly()) {
  1526. return [];
  1527. }
  1528. $excludeGroups = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', '');
  1529. return json_decode($excludeGroups, true) ?? [];
  1530. }
  1531. /**
  1532. * Check if users can share with groups
  1533. *
  1534. * @return bool
  1535. */
  1536. public function allowGroupSharing() {
  1537. return $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes') === 'yes';
  1538. }
  1539. public function allowEnumeration(): bool {
  1540. return $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
  1541. }
  1542. public function limitEnumerationToGroups(): bool {
  1543. return $this->allowEnumeration() &&
  1544. $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
  1545. }
  1546. public function limitEnumerationToPhone(): bool {
  1547. return $this->allowEnumeration() &&
  1548. $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
  1549. }
  1550. public function allowEnumerationFullMatch(): bool {
  1551. return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes';
  1552. }
  1553. public function matchEmail(): bool {
  1554. return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes';
  1555. }
  1556. public function ignoreSecondDisplayName(): bool {
  1557. return $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes';
  1558. }
  1559. public function currentUserCanEnumerateTargetUser(?IUser $currentUser, IUser $targetUser): bool {
  1560. if ($this->allowEnumerationFullMatch()) {
  1561. return true;
  1562. }
  1563. if (!$this->allowEnumeration()) {
  1564. return false;
  1565. }
  1566. if (!$this->limitEnumerationToPhone() && !$this->limitEnumerationToGroups()) {
  1567. // Enumeration is enabled and not restricted: OK
  1568. return true;
  1569. }
  1570. if (!$currentUser instanceof IUser) {
  1571. // Enumeration restrictions require an account
  1572. return false;
  1573. }
  1574. // Enumeration is limited to phone match
  1575. if ($this->limitEnumerationToPhone() && $this->knownUserService->isKnownToUser($currentUser->getUID(), $targetUser->getUID())) {
  1576. return true;
  1577. }
  1578. // Enumeration is limited to groups
  1579. if ($this->limitEnumerationToGroups()) {
  1580. $currentUserGroupIds = $this->groupManager->getUserGroupIds($currentUser);
  1581. $targetUserGroupIds = $this->groupManager->getUserGroupIds($targetUser);
  1582. if (!empty(array_intersect($currentUserGroupIds, $targetUserGroupIds))) {
  1583. return true;
  1584. }
  1585. }
  1586. return false;
  1587. }
  1588. /**
  1589. * Copied from \OC_Util::isSharingDisabledForUser
  1590. *
  1591. * TODO: Deprecate function from OC_Util
  1592. *
  1593. * @param string $userId
  1594. * @return bool
  1595. */
  1596. public function sharingDisabledForUser($userId) {
  1597. return $this->shareDisableChecker->sharingDisabledForUser($userId);
  1598. }
  1599. /**
  1600. * @inheritdoc
  1601. */
  1602. public function outgoingServer2ServerSharesAllowed() {
  1603. return $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'yes';
  1604. }
  1605. /**
  1606. * @inheritdoc
  1607. */
  1608. public function outgoingServer2ServerGroupSharesAllowed() {
  1609. return $this->config->getAppValue('files_sharing', 'outgoing_server2server_group_share_enabled', 'no') === 'yes';
  1610. }
  1611. /**
  1612. * @inheritdoc
  1613. */
  1614. public function shareProviderExists($shareType) {
  1615. try {
  1616. $this->factory->getProviderForType($shareType);
  1617. } catch (ProviderException $e) {
  1618. return false;
  1619. }
  1620. return true;
  1621. }
  1622. public function registerShareProvider(string $shareProviderClass): void {
  1623. $this->factory->registerProvider($shareProviderClass);
  1624. }
  1625. public function getAllShares(): iterable {
  1626. $providers = $this->factory->getAllProviders();
  1627. foreach ($providers as $provider) {
  1628. yield from $provider->getAllShares();
  1629. }
  1630. }
  1631. }