123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038103910401041104210431044104510461047104810491050105110521053105410551056105710581059106010611062106310641065106610671068106910701071107210731074107510761077107810791080108110821083108410851086108710881089109010911092109310941095109610971098109911001101110211031104110511061107110811091110111111121113111411151116111711181119112011211122112311241125112611271128112911301131113211331134113511361137113811391140114111421143114411451146114711481149115011511152115311541155115611571158115911601161116211631164116511661167116811691170117111721173117411751176117711781179118011811182118311841185118611871188118911901191119211931194119511961197119811991200120112021203120412051206120712081209121012111212121312141215121612171218121912201221122212231224122512261227122812291230123112321233123412351236123712381239124012411242124312441245124612471248124912501251125212531254125512561257125812591260126112621263126412651266126712681269127012711272127312741275127612771278127912801281128212831284128512861287128812891290129112921293129412951296129712981299130013011302130313041305130613071308130913101311131213131314131513161317131813191320132113221323132413251326132713281329133013311332133313341335133613371338133913401341134213431344134513461347134813491350135113521353135413551356135713581359136013611362136313641365136613671368136913701371137213731374137513761377137813791380138113821383138413851386138713881389139013911392139313941395139613971398139914001401140214031404140514061407140814091410141114121413141414151416141714181419142014211422142314241425142614271428142914301431143214331434143514361437143814391440144114421443144414451446144714481449145014511452145314541455145614571458145914601461146214631464146514661467146814691470147114721473147414751476147714781479148014811482148314841485148614871488148914901491149214931494149514961497149814991500150115021503150415051506150715081509151015111512151315141515151615171518151915201521152215231524152515261527152815291530153115321533153415351536153715381539154015411542154315441545154615471548154915501551155215531554155515561557155815591560156115621563156415651566156715681569157015711572157315741575157615771578157915801581158215831584158515861587158815891590159115921593159415951596159715981599160016011602160316041605160616071608160916101611161216131614161516161617161816191620162116221623162416251626162716281629163016311632163316341635163616371638163916401641164216431644164516461647164816491650165116521653165416551656165716581659166016611662166316641665166616671668166916701671167216731674167516761677167816791680168116821683168416851686168716881689169016911692169316941695169616971698169917001701170217031704170517061707170817091710171117121713171417151716171717181719172017211722172317241725172617271728172917301731173217331734173517361737173817391740174117421743174417451746174717481749175017511752175317541755175617571758175917601761176217631764176517661767176817691770177117721773177417751776177717781779178017811782178317841785178617871788178917901791179217931794179517961797179817991800180118021803180418051806180718081809181018111812181318141815181618171818181918201821182218231824182518261827182818291830183118321833183418351836183718381839184018411842184318441845184618471848184918501851185218531854185518561857185818591860186118621863186418651866186718681869187018711872187318741875187618771878187918801881188218831884188518861887188818891890189118921893189418951896189718981899190019011902190319041905190619071908190919101911191219131914191519161917191819191920192119221923192419251926192719281929193019311932193319341935193619371938193919401941194219431944194519461947194819491950195119521953195419551956195719581959196019611962196319641965196619671968196919701971197219731974197519761977197819791980198119821983198419851986198719881989199019911992199319941995199619971998199920002001200220032004200520062007200820092010201120122013201420152016201720182019202020212022202320242025202620272028202920302031203220332034203520362037203820392040204120422043204420452046204720482049 |
- <?php
- declare(strict_types=1);
- /**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Bjoern Schiessle <bjoern@schiessle.org>
- * @author castillo92 <37965565+castillo92@users.noreply.github.com>
- * @author Christoph Wurst <christoph@winzerhof-wurst.at>
- * @author Daniel Calviño Sánchez <danxuliu@gmail.com>
- * @author Daniel Kesselberg <mail@danielkesselberg.de>
- * @author Gary Kim <gary@garykim.dev>
- * @author Georg Ehrke <oc.list@georgehrke.com>
- * @author Joas Schilling <coding@schilljs.com>
- * @author John Molakvoæ <skjnldsv@protonmail.com>
- * @author Julius Härtl <jus@bitgrid.net>
- * @author Lukas Reschke <lukas@statuscode.ch>
- * @author Maxence Lange <maxence@artificial-owl.com>
- * @author Maxence Lange <maxence@nextcloud.com>
- * @author Michael Jobst <mjobst+github@tecratech.de>
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Richard Steinmetz <richard@steinmetz.cloud>
- * @author Robin Appelman <robin@icewind.nl>
- * @author Roeland Jago Douma <roeland@famdouma.nl>
- * @author Valdnet <47037905+Valdnet@users.noreply.github.com>
- * @author Vincent Petry <vincent@nextcloud.com>
- * @author waleczny <michal@walczak.xyz>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
- namespace OCA\Files_Sharing\Controller;
- use Exception;
- use OC\Files\FileInfo;
- use OC\Files\Storage\Wrapper\Wrapper;
- use OCA\Files\Helper;
- use OCA\Files_Sharing\Exceptions\SharingRightsException;
- use OCA\Files_Sharing\External\Storage;
- use OCA\Files_Sharing\SharedStorage;
- use OCP\App\IAppManager;
- use OCP\AppFramework\Http\DataResponse;
- use OCP\AppFramework\OCS\OCSBadRequestException;
- use OCP\AppFramework\OCS\OCSException;
- use OCP\AppFramework\OCS\OCSForbiddenException;
- use OCP\AppFramework\OCS\OCSNotFoundException;
- use OCP\AppFramework\OCSController;
- use OCP\AppFramework\QueryException;
- use OCP\Constants;
- use OCP\Files\Folder;
- use OCP\Files\InvalidPathException;
- use OCP\Files\IRootFolder;
- use OCP\Files\Node;
- use OCP\Files\NotFoundException;
- use OCP\IConfig;
- use OCP\IDateTimeZone;
- use OCP\IGroupManager;
- use OCP\IL10N;
- use OCP\IPreview;
- use OCP\IRequest;
- use OCP\IURLGenerator;
- use OCP\IUserManager;
- use OCP\Lock\ILockingProvider;
- use OCP\Lock\LockedException;
- use OCP\Server;
- use OCP\Share\Exceptions\GenericShareException;
- use OCP\Share\Exceptions\ShareNotFound;
- use OCP\Share\IManager;
- use OCP\Share\IShare;
- use OCP\UserStatus\IManager as IUserStatusManager;
- use Psr\Container\ContainerExceptionInterface;
- use Psr\Container\ContainerInterface;
- use Psr\Log\LoggerInterface;
- /**
- * Class Share20OCS
- *
- * @package OCA\Files_Sharing\API
- */
- class ShareAPIController extends OCSController {
- private ?Node $lockedNode = null;
- private string $currentUser;
- /**
- * Share20OCS constructor.
- */
- public function __construct(
- string $appName,
- IRequest $request,
- private IManager $shareManager,
- private IGroupManager $groupManager,
- private IUserManager $userManager,
- private IRootFolder $rootFolder,
- private IURLGenerator $urlGenerator,
- private IL10N $l,
- private IConfig $config,
- private IAppManager $appManager,
- private ContainerInterface $serverContainer,
- private IUserStatusManager $userStatusManager,
- private IPreview $previewManager,
- private IDateTimeZone $dateTimeZone,
- private LoggerInterface $logger,
- ?string $userId = null
- ) {
- parent::__construct($appName, $request);
- $this->currentUser = $userId;
- }
- /**
- * Convert an IShare to an array for OCS output
- *
- * @param \OCP\Share\IShare $share
- * @param Node|null $recipientNode
- * @return array
- * @throws NotFoundException In case the node can't be resolved.
- *
- * @suppress PhanUndeclaredClassMethod
- */
- protected function formatShare(IShare $share, Node $recipientNode = null): array {
- $sharedBy = $this->userManager->get($share->getSharedBy());
- $shareOwner = $this->userManager->get($share->getShareOwner());
- $result = [
- 'id' => $share->getId(),
- 'share_type' => $share->getShareType(),
- 'uid_owner' => $share->getSharedBy(),
- 'displayname_owner' => $sharedBy !== null ? $sharedBy->getDisplayName() : $share->getSharedBy(),
- // recipient permissions
- 'permissions' => $share->getPermissions(),
- // current user permissions on this share
- 'can_edit' => $this->canEditShare($share),
- 'can_delete' => $this->canDeleteShare($share),
- 'stime' => $share->getShareTime()->getTimestamp(),
- 'parent' => null,
- 'expiration' => null,
- 'token' => null,
- 'uid_file_owner' => $share->getShareOwner(),
- 'note' => $share->getNote(),
- 'label' => $share->getLabel(),
- 'displayname_file_owner' => $shareOwner !== null ? $shareOwner->getDisplayName() : $share->getShareOwner(),
- ];
- $userFolder = $this->rootFolder->getUserFolder($this->currentUser);
- if ($recipientNode) {
- $node = $recipientNode;
- } else {
- $nodes = $userFolder->getById($share->getNodeId());
- if (empty($nodes)) {
- // fallback to guessing the path
- $node = $userFolder->get($share->getTarget());
- if ($node === null || $share->getTarget() === '') {
- throw new NotFoundException();
- }
- } else {
- $node = reset($nodes);
- }
- }
- $result['path'] = $userFolder->getRelativePath($node->getPath());
- if ($node instanceof Folder) {
- $result['item_type'] = 'folder';
- } else {
- $result['item_type'] = 'file';
- }
- $result['mimetype'] = $node->getMimetype();
- $result['has_preview'] = $this->previewManager->isAvailable($node);
- $result['storage_id'] = $node->getStorage()->getId();
- $result['storage'] = $node->getStorage()->getCache()->getNumericStorageId();
- $result['item_source'] = $node->getId();
- $result['file_source'] = $node->getId();
- $result['file_parent'] = $node->getParent()->getId();
- $result['file_target'] = $share->getTarget();
- $expiration = $share->getExpirationDate();
- if ($expiration !== null) {
- $expiration->setTimezone($this->dateTimeZone->getTimeZone());
- $result['expiration'] = $expiration->format('Y-m-d 00:00:00');
- }
- if ($share->getShareType() === IShare::TYPE_USER) {
- $sharedWith = $this->userManager->get($share->getSharedWith());
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = $sharedWith !== null ? $sharedWith->getDisplayName() : $share->getSharedWith();
- $result['share_with_displayname_unique'] = $sharedWith !== null ? (
- !empty($sharedWith->getSystemEMailAddress()) ? $sharedWith->getSystemEMailAddress() : $sharedWith->getUID()
- ) : $share->getSharedWith();
- $result['status'] = [];
- $userStatuses = $this->userStatusManager->getUserStatuses([$share->getSharedWith()]);
- $userStatus = array_shift($userStatuses);
- if ($userStatus) {
- $result['status'] = [
- 'status' => $userStatus->getStatus(),
- 'message' => $userStatus->getMessage(),
- 'icon' => $userStatus->getIcon(),
- 'clearAt' => $userStatus->getClearAt()
- ? (int)$userStatus->getClearAt()->format('U')
- : null,
- ];
- }
- } elseif ($share->getShareType() === IShare::TYPE_GROUP) {
- $group = $this->groupManager->get($share->getSharedWith());
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = $group !== null ? $group->getDisplayName() : $share->getSharedWith();
- } elseif ($share->getShareType() === IShare::TYPE_LINK) {
- // "share_with" and "share_with_displayname" for passwords of link
- // shares was deprecated in Nextcloud 15, use "password" instead.
- $result['share_with'] = $share->getPassword();
- $result['share_with_displayname'] = '(' . $this->l->t('Shared link') . ')';
- $result['password'] = $share->getPassword();
- $result['send_password_by_talk'] = $share->getSendPasswordByTalk();
- $result['token'] = $share->getToken();
- $result['url'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $share->getToken()]);
- } elseif ($share->getShareType() === IShare::TYPE_REMOTE) {
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = $this->getCachedFederatedDisplayName($share->getSharedWith());
- $result['token'] = $share->getToken();
- } elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'CLOUD');
- $result['token'] = $share->getToken();
- } elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
- $result['share_with'] = $share->getSharedWith();
- $result['password'] = $share->getPassword();
- $result['password_expiration_time'] = $share->getPasswordExpirationTime() !== null ? $share->getPasswordExpirationTime()->format(\DateTime::ATOM) : null;
- $result['send_password_by_talk'] = $share->getSendPasswordByTalk();
- $result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'EMAIL');
- $result['token'] = $share->getToken();
- } elseif ($share->getShareType() === IShare::TYPE_CIRCLE) {
- // getSharedWith() returns either "name (type, owner)" or
- // "name (type, owner) [id]", depending on the Circles app version.
- $hasCircleId = (substr($share->getSharedWith(), -1) === ']');
- $result['share_with_displayname'] = $share->getSharedWithDisplayName();
- if (empty($result['share_with_displayname'])) {
- $displayNameLength = ($hasCircleId ? strrpos($share->getSharedWith(), ' ') : strlen($share->getSharedWith()));
- $result['share_with_displayname'] = substr($share->getSharedWith(), 0, $displayNameLength);
- }
- $result['share_with_avatar'] = $share->getSharedWithAvatar();
- $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
- $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
- if (is_bool($shareWithLength)) {
- $shareWithLength = -1;
- }
- $result['share_with'] = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
- } elseif ($share->getShareType() === IShare::TYPE_ROOM) {
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = '';
- try {
- $result = array_merge($result, $this->getRoomShareHelper()->formatShare($share));
- } catch (QueryException $e) {
- }
- } elseif ($share->getShareType() === IShare::TYPE_DECK) {
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = '';
- try {
- $result = array_merge($result, $this->getDeckShareHelper()->formatShare($share));
- } catch (QueryException $e) {
- }
- } elseif ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = '';
- try {
- $result = array_merge($result, $this->getSciencemeshShareHelper()->formatShare($share));
- } catch (QueryException $e) {
- }
- }
- $result['mail_send'] = $share->getMailSend() ? 1 : 0;
- $result['hide_download'] = $share->getHideDownload() ? 1 : 0;
- $result['attributes'] = null;
- if ($attributes = $share->getAttributes()) {
- $result['attributes'] = \json_encode($attributes->toArray());
- }
- return $result;
- }
- /**
- * Check if one of the users address books knows the exact property, if
- * not we return the full name.
- *
- * @param string $query
- * @param string $property
- * @return string
- */
- private function getDisplayNameFromAddressBook(string $query, string $property): string {
- // FIXME: If we inject the contacts manager it gets initialized before any address books are registered
- try {
- $result = \OC::$server->getContactsManager()->search($query, [$property], [
- 'limit' => 1,
- 'enumeration' => false,
- 'strict_search' => true,
- ]);
- } catch (Exception $e) {
- $this->logger->error(
- $e->getMessage(),
- ['exception' => $e]
- );
- return $query;
- }
- foreach ($result as $r) {
- foreach ($r[$property] as $value) {
- if ($value === $query && $r['FN']) {
- return $r['FN'];
- }
- }
- }
- return $query;
- }
- /**
- * @param array $shares
- * @param array|null $updatedDisplayName
- *
- * @return array
- */
- private function fixMissingDisplayName(array $shares, ?array $updatedDisplayName = null): array {
- $userIds = $updated = [];
- foreach ($shares as $share) {
- // share is federated and share have no display name yet
- if ($share['share_type'] === IShare::TYPE_REMOTE
- && ($share['share_with'] ?? '') !== ''
- && ($share['share_with_displayname'] ?? '') === '') {
- $userIds[] = $userId = $share['share_with'];
- if ($updatedDisplayName !== null && array_key_exists($userId, $updatedDisplayName)) {
- $share['share_with_displayname'] = $updatedDisplayName[$userId];
- }
- }
- // prepping userIds with displayName to be updated
- $updated[] = $share;
- }
- // if $updatedDisplayName is not null, it means we should have already fixed displayNames of the shares
- if ($updatedDisplayName !== null) {
- return $updated;
- }
- // get displayName for the generated list of userId with no displayName
- $displayNames = $this->retrieveFederatedDisplayName($userIds);
- // if no displayName are updated, we exit
- if (empty($displayNames)) {
- return $updated;
- }
- // let's fix missing display name and returns all shares
- return $this->fixMissingDisplayName($shares, $displayNames);
- }
- /**
- * get displayName of a list of userIds from the lookup-server; through the globalsiteselector app.
- * returns an array with userIds as keys and displayName as values.
- *
- * @param array $userIds
- * @param bool $cacheOnly - do not reach LUS, get data from cache.
- *
- * @return array
- * @throws ContainerExceptionInterface
- */
- private function retrieveFederatedDisplayName(array $userIds, bool $cacheOnly = false): array {
- // check if gss is enabled and available
- if (count($userIds) === 0
- || !$this->appManager->isInstalled('globalsiteselector')
- || !class_exists('\OCA\GlobalSiteSelector\Service\SlaveService')) {
- return [];
- }
- try {
- $slaveService = Server::get(\OCA\GlobalSiteSelector\Service\SlaveService::class);
- } catch (\Throwable $e) {
- $this->logger->error(
- $e->getMessage(),
- ['exception' => $e]
- );
- return [];
- }
- return $slaveService->getUsersDisplayName($userIds, $cacheOnly);
- }
- /**
- * retrieve displayName from cache if available (should be used on federated shares)
- * if not available in cache/lus, try for get from address-book, else returns empty string.
- *
- * @param string $userId
- * @param bool $cacheOnly if true will not reach the lus but will only get data from cache
- *
- * @return string
- */
- private function getCachedFederatedDisplayName(string $userId, bool $cacheOnly = true): string {
- $details = $this->retrieveFederatedDisplayName([$userId], $cacheOnly);
- if (array_key_exists($userId, $details)) {
- return $details[$userId];
- }
- $displayName = $this->getDisplayNameFromAddressBook($userId, 'CLOUD');
- return ($displayName === $userId) ? '' : $displayName;
- }
- /**
- * Get a specific share by id
- *
- * @NoAdminRequired
- *
- * @param string $id
- * @param bool $includeTags
- * @return DataResponse
- * @throws OCSNotFoundException
- */
- public function getShare(string $id, bool $include_tags = false): DataResponse {
- try {
- $share = $this->getShareById($id);
- } catch (ShareNotFound $e) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- try {
- if ($this->canAccessShare($share)) {
- $share = $this->formatShare($share);
- if ($include_tags) {
- $share = Helper::populateTags([$share], 'file_source', \OC::$server->getTagManager());
- } else {
- $share = [$share];
- }
- return new DataResponse($share);
- }
- } catch (NotFoundException $e) {
- // Fall through
- }
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- /**
- * Delete a share
- *
- * @NoAdminRequired
- *
- * @param string $id
- * @return DataResponse
- * @throws OCSNotFoundException
- */
- public function deleteShare(string $id): DataResponse {
- try {
- $share = $this->getShareById($id);
- } catch (ShareNotFound $e) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- try {
- $this->lock($share->getNode());
- } catch (LockedException $e) {
- throw new OCSNotFoundException($this->l->t('Could not delete share'));
- }
- if (!$this->canAccessShare($share)) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- // if it's a group share or a room share
- // we don't delete the share, but only the
- // mount point. Allowing it to be restored
- // from the deleted shares
- if ($this->canDeleteShareFromSelf($share)) {
- $this->shareManager->deleteFromSelf($share, $this->currentUser);
- } else {
- if (!$this->canDeleteShare($share)) {
- throw new OCSForbiddenException($this->l->t('Could not delete share'));
- }
- $this->shareManager->deleteShare($share);
- }
- return new DataResponse();
- }
- /**
- * @NoAdminRequired
- *
- * @param string $path
- * @param int $permissions
- * @param int $shareType
- * @param string $shareWith
- * @param string $publicUpload
- * @param string $password
- * @param string $sendPasswordByTalk
- * @param string $expireDate
- * @param string $label
- * @param string $attributes
- *
- * @return DataResponse
- * @throws NotFoundException
- * @throws OCSBadRequestException
- * @throws OCSException
- * @throws OCSForbiddenException
- * @throws OCSNotFoundException
- * @throws InvalidPathException
- * @suppress PhanUndeclaredClassMethod
- */
- public function createShare(
- string $path = null,
- int $permissions = null,
- int $shareType = -1,
- string $shareWith = null,
- string $publicUpload = 'false',
- string $password = '',
- string $sendPasswordByTalk = null,
- string $expireDate = null,
- string $note = '',
- string $label = '',
- string $attributes = null
- ): DataResponse {
- $share = $this->shareManager->newShare();
- if ($permissions === null) {
- if ($shareType === IShare::TYPE_LINK
- || $shareType === IShare::TYPE_EMAIL) {
- // to keep legacy default behaviour, we ignore the setting below for link shares
- $permissions = Constants::PERMISSION_READ;
- } else {
- $permissions = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL);
- }
- }
- // Verify path
- if ($path === null) {
- throw new OCSNotFoundException($this->l->t('Please specify a file or folder path'));
- }
- $userFolder = $this->rootFolder->getUserFolder($this->currentUser);
- try {
- /** @var \OC\Files\Node\Node $node */
- $node = $userFolder->get($path);
- } catch (NotFoundException $e) {
- throw new OCSNotFoundException($this->l->t('Wrong path, file/folder does not exist'));
- }
- // a user can have access to a file through different paths, with differing permissions
- // combine all permissions to determine if the user can share this file
- $nodes = $userFolder->getById($node->getId());
- foreach ($nodes as $nodeById) {
- /** @var FileInfo $fileInfo */
- $fileInfo = $node->getFileInfo();
- $fileInfo['permissions'] |= $nodeById->getPermissions();
- }
- $share->setNode($node);
- try {
- $this->lock($share->getNode());
- } catch (LockedException $e) {
- throw new OCSNotFoundException($this->l->t('Could not create share'));
- }
- if ($permissions < 0 || $permissions > Constants::PERMISSION_ALL) {
- throw new OCSNotFoundException($this->l->t('Invalid permissions'));
- }
- // Shares always require read permissions
- $permissions |= Constants::PERMISSION_READ;
- if ($node instanceof \OCP\Files\File) {
- // Single file shares should never have delete or create permissions
- $permissions &= ~Constants::PERMISSION_DELETE;
- $permissions &= ~Constants::PERMISSION_CREATE;
- }
- /**
- * Hack for https://github.com/owncloud/core/issues/22587
- * We check the permissions via webdav. But the permissions of the mount point
- * do not equal the share permissions. Here we fix that for federated mounts.
- */
- if ($node->getStorage()->instanceOfStorage(Storage::class)) {
- $permissions &= ~($permissions & ~$node->getPermissions());
- }
- if ($attributes !== null) {
- $share = $this->setShareAttributes($share, $attributes);
- }
- if ($expireDate !== null) {
- if ($expireDate !== '') {
- try {
- $expireDateTime = $this->parseDate($expireDate);
- $share->setExpirationDate($expireDateTime);
- } catch (\Exception $e) {
- throw new OCSNotFoundException($this->l->t('Invalid date, date format must be YYYY-MM-DD'));
- }
- } else {
- // Client sent empty string for expire date.
- // Set noExpirationDate to true so overwrite is prevented.
- $share->setNoExpirationDate(true);
- }
- }
- $share->setSharedBy($this->currentUser);
- $this->checkInheritedAttributes($share);
- if ($shareType === IShare::TYPE_USER) {
- // Valid user is required to share
- if ($shareWith === null || !$this->userManager->userExists($shareWith)) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid user'));
- }
- $share->setSharedWith($shareWith);
- $share->setPermissions($permissions);
- } elseif ($shareType === IShare::TYPE_GROUP) {
- if (!$this->shareManager->allowGroupSharing()) {
- throw new OCSNotFoundException($this->l->t('Group sharing is disabled by the administrator'));
- }
- // Valid group is required to share
- if ($shareWith === null || !$this->groupManager->groupExists($shareWith)) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid group'));
- }
- $share->setSharedWith($shareWith);
- $share->setPermissions($permissions);
- } elseif ($shareType === IShare::TYPE_LINK
- || $shareType === IShare::TYPE_EMAIL) {
- // Can we even share links?
- if (!$this->shareManager->shareApiAllowLinks()) {
- throw new OCSNotFoundException($this->l->t('Public link sharing is disabled by the administrator'));
- }
- if ($publicUpload === 'true') {
- // Check if public upload is allowed
- if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
- throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
- }
- // Public upload can only be set for folders
- if ($node instanceof \OCP\Files\File) {
- throw new OCSNotFoundException($this->l->t('Public upload is only possible for publicly shared folders'));
- }
- $permissions = Constants::PERMISSION_READ |
- Constants::PERMISSION_CREATE |
- Constants::PERMISSION_UPDATE |
- Constants::PERMISSION_DELETE;
- }
- // TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones
- if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
- $permissions |= Constants::PERMISSION_SHARE;
- }
- $share->setPermissions($permissions);
- // Set password
- if ($password !== '') {
- $share->setPassword($password);
- }
- // Only share by mail have a recipient
- if (is_string($shareWith) && $shareType === IShare::TYPE_EMAIL) {
- $share->setSharedWith($shareWith);
- }
- // If we have a label, use it
- if (!empty($label)) {
- $share->setLabel($label);
- }
- if ($sendPasswordByTalk === 'true') {
- if (!$this->appManager->isEnabledForUser('spreed')) {
- throw new OCSForbiddenException($this->l->t('Sharing %s sending the password by Nextcloud Talk failed because Nextcloud Talk is not enabled', [$node->getPath()]));
- }
- $share->setSendPasswordByTalk(true);
- }
- } elseif ($shareType === IShare::TYPE_REMOTE) {
- if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
- throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType]));
- }
- if ($shareWith === null) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid federated user ID'));
- }
- $share->setSharedWith($shareWith);
- $share->setPermissions($permissions);
- $share->setSharedWithDisplayName($this->getCachedFederatedDisplayName($shareWith, false));
- } elseif ($shareType === IShare::TYPE_REMOTE_GROUP) {
- if (!$this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
- throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType]));
- }
- if ($shareWith === null) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid federated group ID'));
- }
- $share->setSharedWith($shareWith);
- $share->setPermissions($permissions);
- } elseif ($shareType === IShare::TYPE_CIRCLE) {
- if (!\OC::$server->getAppManager()->isEnabledForUser('circles') || !class_exists('\OCA\Circles\ShareByCircleProvider')) {
- throw new OCSNotFoundException($this->l->t('You cannot share to a Circle if the app is not enabled'));
- }
- $circle = \OCA\Circles\Api\v1\Circles::detailsCircle($shareWith);
- // Valid circle is required to share
- if ($circle === null) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid circle'));
- }
- $share->setSharedWith($shareWith);
- $share->setPermissions($permissions);
- } elseif ($shareType === IShare::TYPE_ROOM) {
- try {
- $this->getRoomShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
- } catch (QueryException $e) {
- throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()]));
- }
- } elseif ($shareType === IShare::TYPE_DECK) {
- try {
- $this->getDeckShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
- } catch (QueryException $e) {
- throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()]));
- }
- } elseif ($shareType === IShare::TYPE_SCIENCEMESH) {
- try {
- $this->getSciencemeshShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
- } catch (QueryException $e) {
- throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support ScienceMesh shares', [$node->getPath()]));
- }
- } else {
- throw new OCSBadRequestException($this->l->t('Unknown share type'));
- }
- $share->setShareType($shareType);
- if ($note !== '') {
- $share->setNote($note);
- }
- try {
- $share = $this->shareManager->createShare($share);
- } catch (GenericShareException $e) {
- $this->logger->error($e->getMessage(), ['exception' => $e]);
- $code = $e->getCode() === 0 ? 403 : $e->getCode();
- throw new OCSException($e->getHint(), $code);
- } catch (\Exception $e) {
- $this->logger->error($e->getMessage(), ['exception' => $e]);
- throw new OCSForbiddenException($e->getMessage(), $e);
- }
- $output = $this->formatShare($share);
- return new DataResponse($output);
- }
- /**
- * @param null|Node $node
- * @param boolean $includeTags
- *
- * @return array
- */
- private function getSharedWithMe($node, bool $includeTags): array {
- $userShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_USER, $node, -1, 0);
- $groupShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_GROUP, $node, -1, 0);
- $circleShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_CIRCLE, $node, -1, 0);
- $roomShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_ROOM, $node, -1, 0);
- $deckShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_DECK, $node, -1, 0);
- $sciencemeshShares = $this->shareManager->getSharedWith($this->currentUser, IShare::TYPE_SCIENCEMESH, $node, -1, 0);
- $shares = array_merge($userShares, $groupShares, $circleShares, $roomShares, $deckShares, $sciencemeshShares);
- $filteredShares = array_filter($shares, function (IShare $share) {
- return $share->getShareOwner() !== $this->currentUser;
- });
- $formatted = [];
- foreach ($filteredShares as $share) {
- if ($this->canAccessShare($share)) {
- try {
- $formatted[] = $this->formatShare($share);
- } catch (NotFoundException $e) {
- // Ignore this share
- }
- }
- }
- if ($includeTags) {
- $formatted = Helper::populateTags($formatted, 'file_source', \OC::$server->getTagManager());
- }
- return $formatted;
- }
- /**
- * @param \OCP\Files\Node $folder
- *
- * @return array
- * @throws OCSBadRequestException
- * @throws NotFoundException
- */
- private function getSharesInDir(Node $folder): array {
- if (!($folder instanceof \OCP\Files\Folder)) {
- throw new OCSBadRequestException($this->l->t('Not a directory'));
- }
- $nodes = $folder->getDirectoryListing();
- /** @var \OCP\Share\IShare[] $shares */
- $shares = array_reduce($nodes, function ($carry, $node) {
- $carry = array_merge($carry, $this->getAllShares($node, true));
- return $carry;
- }, []);
- // filter out duplicate shares
- $known = [];
- $formatted = $miniFormatted = [];
- $resharingRight = false;
- $known = [];
- foreach ($shares as $share) {
- if (in_array($share->getId(), $known) || $share->getSharedWith() === $this->currentUser) {
- continue;
- }
- try {
- $format = $this->formatShare($share);
- $known[] = $share->getId();
- $formatted[] = $format;
- if ($share->getSharedBy() === $this->currentUser) {
- $miniFormatted[] = $format;
- }
- if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $folder)) {
- $resharingRight = true;
- }
- } catch (\Exception $e) {
- //Ignore this share
- }
- }
- if (!$resharingRight) {
- $formatted = $miniFormatted;
- }
- return $formatted;
- }
- /**
- * The getShares function.
- *
- * @NoAdminRequired
- *
- * @param string $shared_with_me
- * @param string $reshares
- * @param string $subfiles
- * @param string $path
- *
- * - Get shares by the current user
- * - Get shares by the current user and reshares (?reshares=true)
- * - Get shares with the current user (?shared_with_me=true)
- * - Get shares for a specific path (?path=...)
- * - Get all shares in a folder (?subfiles=true&path=..)
- *
- * @param string $include_tags
- *
- * @return DataResponse
- * @throws NotFoundException
- * @throws OCSBadRequestException
- * @throws OCSNotFoundException
- */
- public function getShares(
- string $shared_with_me = 'false',
- string $reshares = 'false',
- string $subfiles = 'false',
- string $path = '',
- string $include_tags = 'false'
- ): DataResponse {
- $node = null;
- if ($path !== '') {
- $userFolder = $this->rootFolder->getUserFolder($this->currentUser);
- try {
- $node = $userFolder->get($path);
- $this->lock($node);
- } catch (NotFoundException $e) {
- throw new OCSNotFoundException(
- $this->l->t('Wrong path, file/folder does not exist')
- );
- } catch (LockedException $e) {
- throw new OCSNotFoundException($this->l->t('Could not lock node'));
- }
- }
- $shares = $this->getFormattedShares(
- $this->currentUser,
- $node,
- ($shared_with_me === 'true'),
- ($reshares === 'true'),
- ($subfiles === 'true'),
- ($include_tags === 'true')
- );
- return new DataResponse($shares);
- }
- /**
- * @param string $viewer
- * @param Node $node
- * @param bool $sharedWithMe
- * @param bool $reShares
- * @param bool $subFiles
- * @param bool $includeTags
- *
- * @return array
- * @throws NotFoundException
- * @throws OCSBadRequestException
- */
- private function getFormattedShares(
- string $viewer,
- $node = null,
- bool $sharedWithMe = false,
- bool $reShares = false,
- bool $subFiles = false,
- bool $includeTags = false
- ): array {
- if ($sharedWithMe) {
- return $this->getSharedWithMe($node, $includeTags);
- }
- if ($subFiles) {
- return $this->getSharesInDir($node);
- }
- $shares = $this->getSharesFromNode($viewer, $node, $reShares);
- $known = $formatted = $miniFormatted = [];
- $resharingRight = false;
- foreach ($shares as $share) {
- try {
- $share->getNode();
- } catch (NotFoundException $e) {
- /*
- * Ignore shares where we can't get the node
- * For example deleted shares
- */
- continue;
- }
- if (in_array($share->getId(), $known)
- || ($share->getSharedWith() === $this->currentUser && $share->getShareType() === IShare::TYPE_USER)) {
- continue;
- }
- $known[] = $share->getId();
- try {
- /** @var IShare $share */
- $format = $this->formatShare($share, $node);
- $formatted[] = $format;
- // let's also build a list of shares created
- // by the current user only, in case
- // there is no resharing rights
- if ($share->getSharedBy() === $this->currentUser) {
- $miniFormatted[] = $format;
- }
- // check if one of those share is shared with me
- // and if I have resharing rights on it
- if (!$resharingRight && $this->shareProviderResharingRights($this->currentUser, $share, $node)) {
- $resharingRight = true;
- }
- } catch (InvalidPathException | NotFoundException $e) {
- }
- }
- if (!$resharingRight) {
- $formatted = $miniFormatted;
- }
- // fix eventual missing display name from federated shares
- $formatted = $this->fixMissingDisplayName($formatted);
- if ($includeTags) {
- $formatted =
- Helper::populateTags($formatted, 'file_source', \OC::$server->getTagManager());
- }
- return $formatted;
- }
- /**
- * The getInheritedShares function.
- * returns all shares relative to a file, including parent folders shares rights.
- *
- * @NoAdminRequired
- *
- * @param string $path
- *
- * - Get shares by the current user
- * - Get shares by the current user and reshares (?reshares=true)
- * - Get shares with the current user (?shared_with_me=true)
- * - Get shares for a specific path (?path=...)
- * - Get all shares in a folder (?subfiles=true&path=..)
- *
- * @return DataResponse
- * @throws InvalidPathException
- * @throws NotFoundException
- * @throws OCSNotFoundException
- * @throws OCSBadRequestException
- * @throws SharingRightsException
- */
- public function getInheritedShares(string $path): DataResponse {
- // get Node from (string) path.
- $userFolder = $this->rootFolder->getUserFolder($this->currentUser);
- try {
- $node = $userFolder->get($path);
- $this->lock($node);
- } catch (\OCP\Files\NotFoundException $e) {
- throw new OCSNotFoundException($this->l->t('Wrong path, file/folder does not exist'));
- } catch (LockedException $e) {
- throw new OCSNotFoundException($this->l->t('Could not lock path'));
- }
- if (!($node->getPermissions() & Constants::PERMISSION_SHARE)) {
- throw new SharingRightsException('no sharing rights on this item');
- }
- // The current top parent we have access to
- $parent = $node;
- // initiate real owner.
- $owner = $node->getOwner()
- ->getUID();
- if (!$this->userManager->userExists($owner)) {
- return new DataResponse([]);
- }
- // get node based on the owner, fix owner in case of external storage
- $userFolder = $this->rootFolder->getUserFolder($owner);
- if ($node->getId() !== $userFolder->getId() && !$userFolder->isSubNode($node)) {
- $owner = $node->getOwner()
- ->getUID();
- $userFolder = $this->rootFolder->getUserFolder($owner);
- $nodes = $userFolder->getById($node->getId());
- $node = array_shift($nodes);
- }
- $basePath = $userFolder->getPath();
- // generate node list for each parent folders
- /** @var Node[] $nodes */
- $nodes = [];
- while (true) {
- $node = $node->getParent();
- if ($node->getPath() === $basePath) {
- break;
- }
- $nodes[] = $node;
- }
- // The user that is requesting this list
- $currentUserFolder = $this->rootFolder->getUserFolder($this->currentUser);
- // for each nodes, retrieve shares.
- $shares = [];
- foreach ($nodes as $node) {
- $getShares = $this->getFormattedShares($owner, $node, false, true);
- $currentUserNodes = $currentUserFolder->getById($node->getId());
- if (!empty($currentUserNodes)) {
- $parent = array_pop($currentUserNodes);
- }
- $subPath = $currentUserFolder->getRelativePath($parent->getPath());
- foreach ($getShares as &$share) {
- $share['via_fileid'] = $parent->getId();
- $share['via_path'] = $subPath;
- }
- $this->mergeFormattedShares($shares, $getShares);
- }
- return new DataResponse(array_values($shares));
- }
- /**
- * Check whether a set of permissions contains the permissions to check.
- */
- private function hasPermission(int $permissionsSet, int $permissionsToCheck): bool {
- return ($permissionsSet & $permissionsToCheck) === $permissionsToCheck;
- }
- /**
- * @NoAdminRequired
- *
- * @param string $id
- * @param int $permissions
- * @param string $password
- * @param string $sendPasswordByTalk
- * @param string $publicUpload
- * @param string $expireDate
- * @param string $note
- * @param string $label
- * @param string $hideDownload
- * @param string $attributes
- * @return DataResponse
- * @throws LockedException
- * @throws NotFoundException
- * @throws OCSBadRequestException
- * @throws OCSForbiddenException
- * @throws OCSNotFoundException
- */
- public function updateShare(
- string $id,
- int $permissions = null,
- string $password = null,
- string $sendPasswordByTalk = null,
- string $publicUpload = null,
- string $expireDate = null,
- string $note = null,
- string $label = null,
- string $hideDownload = null,
- string $attributes = null
- ): DataResponse {
- try {
- $share = $this->getShareById($id);
- } catch (ShareNotFound $e) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- $this->lock($share->getNode());
- if (!$this->canAccessShare($share, false)) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- if (!$this->canEditShare($share)) {
- throw new OCSForbiddenException('You are not allowed to edit incoming shares');
- }
- if (
- $permissions === null &&
- $password === null &&
- $sendPasswordByTalk === null &&
- $publicUpload === null &&
- $expireDate === null &&
- $note === null &&
- $label === null &&
- $hideDownload === null &&
- $attributes === null
- ) {
- throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
- }
- if ($note !== null) {
- $share->setNote($note);
- }
- if ($attributes !== null) {
- $share = $this->setShareAttributes($share, $attributes);
- }
- $this->checkInheritedAttributes($share);
- /**
- * expirationdate, password and publicUpload only make sense for link shares
- */
- if ($share->getShareType() === IShare::TYPE_LINK
- || $share->getShareType() === IShare::TYPE_EMAIL) {
- /**
- * We do not allow editing link shares that the current user
- * doesn't own. This is confusing and lead to errors when
- * someone else edit a password or expiration date without
- * the share owner knowing about it.
- * We only allow deletion
- */
- if ($share->getSharedBy() !== $this->currentUser) {
- throw new OCSForbiddenException('You are not allowed to edit link shares that you don\'t own');
- }
- // Update hide download state
- if ($hideDownload === 'true') {
- $share->setHideDownload(true);
- } elseif ($hideDownload === 'false') {
- $share->setHideDownload(false);
- }
- $newPermissions = null;
- if ($publicUpload === 'true') {
- $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
- } elseif ($publicUpload === 'false') {
- $newPermissions = Constants::PERMISSION_READ;
- }
- if ($permissions !== null) {
- $newPermissions = $permissions;
- $newPermissions = $newPermissions & ~Constants::PERMISSION_SHARE;
- }
- if ($newPermissions !== null) {
- if (!$this->hasPermission($newPermissions, Constants::PERMISSION_READ) && !$this->hasPermission($newPermissions, Constants::PERMISSION_CREATE)) {
- throw new OCSBadRequestException($this->l->t('Share must at least have READ or CREATE permissions'));
- }
- if (!$this->hasPermission($newPermissions, Constants::PERMISSION_READ) && (
- $this->hasPermission($newPermissions, Constants::PERMISSION_UPDATE) || $this->hasPermission($newPermissions, Constants::PERMISSION_DELETE)
- )) {
- throw new OCSBadRequestException($this->l->t('Share must have READ permission if UPDATE or DELETE permission is set'));
- }
- }
- if (
- // legacy
- $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE) ||
- // correct
- $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE)
- ) {
- if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
- throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
- }
- if (!($share->getNode() instanceof \OCP\Files\Folder)) {
- throw new OCSBadRequestException($this->l->t('Public upload is only possible for publicly shared folders'));
- }
- // normalize to correct public upload permissions
- if ($publicUpload === 'true') {
- $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
- }
- }
- if ($newPermissions !== null) {
- // TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones
- if (($newPermissions & Constants::PERMISSION_READ) && $this->shareManager->outgoingServer2ServerSharesAllowed()) {
- $newPermissions |= Constants::PERMISSION_SHARE;
- }
- $share->setPermissions($newPermissions);
- $permissions = $newPermissions;
- }
- if ($password === '') {
- $share->setPassword(null);
- } elseif ($password !== null) {
- $share->setPassword($password);
- }
- if ($label !== null) {
- if (strlen($label) > 255) {
- throw new OCSBadRequestException("Maximum label length is 255");
- }
- $share->setLabel($label);
- }
- if ($sendPasswordByTalk === 'true') {
- if (!$this->appManager->isEnabledForUser('spreed')) {
- throw new OCSForbiddenException($this->l->t('"Sending the password by Nextcloud Talk" for sharing a file or folder failed because Nextcloud Talk is not enabled.'));
- }
- $share->setSendPasswordByTalk(true);
- } elseif ($sendPasswordByTalk !== null) {
- $share->setSendPasswordByTalk(false);
- }
- }
- // NOT A LINK SHARE
- else {
- if ($permissions !== null) {
- $share->setPermissions($permissions);
- }
- }
- if ($expireDate === '') {
- $share->setExpirationDate(null);
- } elseif ($expireDate !== null) {
- try {
- $expireDate = $this->parseDate($expireDate);
- } catch (\Exception $e) {
- throw new OCSBadRequestException($e->getMessage(), $e);
- }
- $share->setExpirationDate($expireDate);
- }
- try {
- $share = $this->shareManager->updateShare($share);
- } catch (GenericShareException $e) {
- $code = $e->getCode() === 0 ? 403 : $e->getCode();
- throw new OCSException($e->getHint(), (int)$code);
- } catch (\Exception $e) {
- throw new OCSBadRequestException($e->getMessage(), $e);
- }
- return new DataResponse($this->formatShare($share));
- }
- /**
- * @NoAdminRequired
- */
- public function pendingShares(): DataResponse {
- $pendingShares = [];
- $shareTypes = [
- IShare::TYPE_USER,
- IShare::TYPE_GROUP
- ];
- foreach ($shareTypes as $shareType) {
- $shares = $this->shareManager->getSharedWith($this->currentUser, $shareType, null, -1, 0);
- foreach ($shares as $share) {
- if ($share->getStatus() === IShare::STATUS_PENDING || $share->getStatus() === IShare::STATUS_REJECTED) {
- $pendingShares[] = $share;
- }
- }
- }
- $result = array_filter(array_map(function (IShare $share) {
- $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
- $nodes = $userFolder->getById($share->getNodeId());
- if (empty($nodes)) {
- // fallback to guessing the path
- $node = $userFolder->get($share->getTarget());
- if ($node === null || $share->getTarget() === '') {
- return null;
- }
- } else {
- $node = $nodes[0];
- }
- try {
- $formattedShare = $this->formatShare($share, $node);
- $formattedShare['status'] = $share->getStatus();
- $formattedShare['path'] = $share->getNode()->getName();
- $formattedShare['permissions'] = 0;
- return $formattedShare;
- } catch (NotFoundException $e) {
- return null;
- }
- }, $pendingShares), function ($entry) {
- return $entry !== null;
- });
- return new DataResponse($result);
- }
- /**
- * @NoAdminRequired
- *
- * @param string $id
- * @return DataResponse
- * @throws OCSNotFoundException
- * @throws OCSException
- * @throws OCSBadRequestException
- */
- public function acceptShare(string $id): DataResponse {
- try {
- $share = $this->getShareById($id);
- } catch (ShareNotFound $e) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- if (!$this->canAccessShare($share)) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- try {
- $this->shareManager->acceptShare($share, $this->currentUser);
- } catch (GenericShareException $e) {
- $code = $e->getCode() === 0 ? 403 : $e->getCode();
- throw new OCSException($e->getHint(), (int)$code);
- } catch (\Exception $e) {
- throw new OCSBadRequestException($e->getMessage(), $e);
- }
- return new DataResponse();
- }
- /**
- * Does the user have read permission on the share
- *
- * @param \OCP\Share\IShare $share the share to check
- * @param boolean $checkGroups check groups as well?
- * @return boolean
- * @throws NotFoundException
- *
- * @suppress PhanUndeclaredClassMethod
- */
- protected function canAccessShare(\OCP\Share\IShare $share, bool $checkGroups = true): bool {
- // A file with permissions 0 can't be accessed by us. So Don't show it
- if ($share->getPermissions() === 0) {
- return false;
- }
- // Owner of the file and the sharer of the file can always get share
- if ($share->getShareOwner() === $this->currentUser
- || $share->getSharedBy() === $this->currentUser) {
- return true;
- }
- // If the share is shared with you, you can access it!
- if ($share->getShareType() === IShare::TYPE_USER
- && $share->getSharedWith() === $this->currentUser) {
- return true;
- }
- // Have reshare rights on the shared file/folder ?
- // Does the currentUser have access to the shared file?
- $userFolder = $this->rootFolder->getUserFolder($this->currentUser);
- $files = $userFolder->getById($share->getNodeId());
- if (!empty($files) && $this->shareProviderResharingRights($this->currentUser, $share, $files[0])) {
- return true;
- }
- // If in the recipient group, you can see the share
- if ($checkGroups && $share->getShareType() === IShare::TYPE_GROUP) {
- $sharedWith = $this->groupManager->get($share->getSharedWith());
- $user = $this->userManager->get($this->currentUser);
- if ($user !== null && $sharedWith !== null && $sharedWith->inGroup($user)) {
- return true;
- }
- }
- if ($share->getShareType() === IShare::TYPE_CIRCLE) {
- // TODO: have a sanity check like above?
- return true;
- }
- if ($share->getShareType() === IShare::TYPE_ROOM) {
- try {
- return $this->getRoomShareHelper()->canAccessShare($share, $this->currentUser);
- } catch (QueryException $e) {
- return false;
- }
- }
- if ($share->getShareType() === IShare::TYPE_DECK) {
- try {
- return $this->getDeckShareHelper()->canAccessShare($share, $this->currentUser);
- } catch (QueryException $e) {
- return false;
- }
- }
- if ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
- try {
- return $this->getSciencemeshShareHelper()->canAccessShare($share, $this->currentUser);
- } catch (QueryException $e) {
- return false;
- }
- }
- return false;
- }
- /**
- * Does the user have edit permission on the share
- *
- * @param \OCP\Share\IShare $share the share to check
- * @return boolean
- */
- protected function canEditShare(\OCP\Share\IShare $share): bool {
- // A file with permissions 0 can't be accessed by us. So Don't show it
- if ($share->getPermissions() === 0) {
- return false;
- }
- // The owner of the file and the creator of the share
- // can always edit the share
- if ($share->getShareOwner() === $this->currentUser ||
- $share->getSharedBy() === $this->currentUser
- ) {
- return true;
- }
- //! we do NOT support some kind of `admin` in groups.
- //! You cannot edit shares shared to a group you're
- //! a member of if you're not the share owner or the file owner!
- return false;
- }
- /**
- * Does the user have delete permission on the share
- *
- * @param \OCP\Share\IShare $share the share to check
- * @return boolean
- */
- protected function canDeleteShare(\OCP\Share\IShare $share): bool {
- // A file with permissions 0 can't be accessed by us. So Don't show it
- if ($share->getPermissions() === 0) {
- return false;
- }
- // if the user is the recipient, i can unshare
- // the share with self
- if ($share->getShareType() === IShare::TYPE_USER &&
- $share->getSharedWith() === $this->currentUser
- ) {
- return true;
- }
- // The owner of the file and the creator of the share
- // can always delete the share
- if ($share->getShareOwner() === $this->currentUser ||
- $share->getSharedBy() === $this->currentUser
- ) {
- return true;
- }
- return false;
- }
- /**
- * Does the user have delete permission on the share
- * This differs from the canDeleteShare function as it only
- * remove the share for the current user. It does NOT
- * completely delete the share but only the mount point.
- * It can then be restored from the deleted shares section.
- *
- * @param \OCP\Share\IShare $share the share to check
- * @return boolean
- *
- * @suppress PhanUndeclaredClassMethod
- */
- protected function canDeleteShareFromSelf(\OCP\Share\IShare $share): bool {
- if ($share->getShareType() !== IShare::TYPE_GROUP &&
- $share->getShareType() !== IShare::TYPE_ROOM &&
- $share->getShareType() !== IShare::TYPE_DECK &&
- $share->getShareType() !== IShare::TYPE_SCIENCEMESH
- ) {
- return false;
- }
- if ($share->getShareOwner() === $this->currentUser ||
- $share->getSharedBy() === $this->currentUser
- ) {
- // Delete the whole share, not just for self
- return false;
- }
- // If in the recipient group, you can delete the share from self
- if ($share->getShareType() === IShare::TYPE_GROUP) {
- $sharedWith = $this->groupManager->get($share->getSharedWith());
- $user = $this->userManager->get($this->currentUser);
- if ($user !== null && $sharedWith !== null && $sharedWith->inGroup($user)) {
- return true;
- }
- }
- if ($share->getShareType() === IShare::TYPE_ROOM) {
- try {
- return $this->getRoomShareHelper()->canAccessShare($share, $this->currentUser);
- } catch (QueryException $e) {
- return false;
- }
- }
- if ($share->getShareType() === IShare::TYPE_DECK) {
- try {
- return $this->getDeckShareHelper()->canAccessShare($share, $this->currentUser);
- } catch (QueryException $e) {
- return false;
- }
- }
- if ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
- try {
- return $this->getSciencemeshShareHelper()->canAccessShare($share, $this->currentUser);
- } catch (QueryException $e) {
- return false;
- }
- }
- return false;
- }
- /**
- * Make sure that the passed date is valid ISO 8601
- * So YYYY-MM-DD
- * If not throw an exception
- *
- * @param string $expireDate
- *
- * @throws \Exception
- * @return \DateTime
- */
- private function parseDate(string $expireDate): \DateTime {
- try {
- $date = new \DateTime(trim($expireDate, "\""), $this->dateTimeZone->getTimeZone());
- // Make sure it expires at midnight in owner timezone
- $date->setTime(0, 0, 0);
- } catch (\Exception $e) {
- throw new \Exception('Invalid date. Format must be YYYY-MM-DD');
- }
- // Use server timezone to store the date
- $date->setTimezone(new \DateTimeZone(date_default_timezone_get()));
- return $date;
- }
- /**
- * Since we have multiple providers but the OCS Share API v1 does
- * not support this we need to check all backends.
- *
- * @param string $id
- * @return \OCP\Share\IShare
- * @throws ShareNotFound
- */
- private function getShareById(string $id): IShare {
- $share = null;
- // First check if it is an internal share.
- try {
- $share = $this->shareManager->getShareById('ocinternal:' . $id, $this->currentUser);
- return $share;
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- try {
- if ($this->shareManager->shareProviderExists(IShare::TYPE_CIRCLE)) {
- $share = $this->shareManager->getShareById('ocCircleShare:' . $id, $this->currentUser);
- return $share;
- }
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- try {
- if ($this->shareManager->shareProviderExists(IShare::TYPE_EMAIL)) {
- $share = $this->shareManager->getShareById('ocMailShare:' . $id, $this->currentUser);
- return $share;
- }
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- try {
- $share = $this->shareManager->getShareById('ocRoomShare:' . $id, $this->currentUser);
- return $share;
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- try {
- if ($this->shareManager->shareProviderExists(IShare::TYPE_DECK)) {
- $share = $this->shareManager->getShareById('deck:' . $id, $this->currentUser);
- return $share;
- }
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- try {
- if ($this->shareManager->shareProviderExists(IShare::TYPE_SCIENCEMESH)) {
- $share = $this->shareManager->getShareById('sciencemesh:' . $id, $this->currentUser);
- return $share;
- }
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
- throw new ShareNotFound();
- }
- $share = $this->shareManager->getShareById('ocFederatedSharing:' . $id, $this->currentUser);
- return $share;
- }
- /**
- * Lock a Node
- *
- * @param \OCP\Files\Node $node
- * @throws LockedException
- */
- private function lock(\OCP\Files\Node $node) {
- $node->lock(ILockingProvider::LOCK_SHARED);
- $this->lockedNode = $node;
- }
- /**
- * Cleanup the remaining locks
- * @throws LockedException
- */
- public function cleanup() {
- if ($this->lockedNode !== null) {
- $this->lockedNode->unlock(ILockingProvider::LOCK_SHARED);
- }
- }
- /**
- * Returns the helper of ShareAPIController for room shares.
- *
- * If the Talk application is not enabled or the helper is not available
- * a QueryException is thrown instead.
- *
- * @return \OCA\Talk\Share\Helper\ShareAPIController
- * @throws QueryException
- */
- private function getRoomShareHelper() {
- if (!$this->appManager->isEnabledForUser('spreed')) {
- throw new QueryException();
- }
- return $this->serverContainer->get('\OCA\Talk\Share\Helper\ShareAPIController');
- }
- /**
- * Returns the helper of ShareAPIHelper for deck shares.
- *
- * If the Deck application is not enabled or the helper is not available
- * a QueryException is thrown instead.
- *
- * @return \OCA\Deck\Sharing\ShareAPIHelper
- * @throws QueryException
- */
- private function getDeckShareHelper() {
- if (!$this->appManager->isEnabledForUser('deck')) {
- throw new QueryException();
- }
- return $this->serverContainer->get('\OCA\Deck\Sharing\ShareAPIHelper');
- }
- /**
- * Returns the helper of ShareAPIHelper for sciencemesh shares.
- *
- * If the sciencemesh application is not enabled or the helper is not available
- * a QueryException is thrown instead.
- *
- * @return \OCA\Deck\Sharing\ShareAPIHelper
- * @throws QueryException
- */
- private function getSciencemeshShareHelper() {
- if (!$this->appManager->isEnabledForUser('sciencemesh')) {
- throw new QueryException();
- }
- return $this->serverContainer->get('\OCA\ScienceMesh\Sharing\ShareAPIHelper');
- }
- /**
- * @param string $viewer
- * @param Node $node
- * @param bool $reShares
- *
- * @return IShare[]
- */
- private function getSharesFromNode(string $viewer, $node, bool $reShares): array {
- $providers = [
- IShare::TYPE_USER,
- IShare::TYPE_GROUP,
- IShare::TYPE_LINK,
- IShare::TYPE_EMAIL,
- IShare::TYPE_CIRCLE,
- IShare::TYPE_ROOM,
- IShare::TYPE_DECK,
- IShare::TYPE_SCIENCEMESH
- ];
- // Should we assume that the (currentUser) viewer is the owner of the node !?
- $shares = [];
- foreach ($providers as $provider) {
- if (!$this->shareManager->shareProviderExists($provider)) {
- continue;
- }
- $providerShares =
- $this->shareManager->getSharesBy($viewer, $provider, $node, $reShares, -1, 0);
- $shares = array_merge($shares, $providerShares);
- }
- if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
- $federatedShares = $this->shareManager->getSharesBy(
- $this->currentUser, IShare::TYPE_REMOTE, $node, $reShares, -1, 0
- );
- $shares = array_merge($shares, $federatedShares);
- }
- if ($this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
- $federatedShares = $this->shareManager->getSharesBy(
- $this->currentUser, IShare::TYPE_REMOTE_GROUP, $node, $reShares, -1, 0
- );
- $shares = array_merge($shares, $federatedShares);
- }
- return $shares;
- }
- /**
- * @param Node $node
- *
- * @throws SharingRightsException
- */
- private function confirmSharingRights(Node $node): void {
- if (!$this->hasResharingRights($this->currentUser, $node)) {
- throw new SharingRightsException('no sharing rights on this item');
- }
- }
- /**
- * @param string $viewer
- * @param Node $node
- *
- * @return bool
- */
- private function hasResharingRights($viewer, $node): bool {
- if ($viewer === $node->getOwner()->getUID()) {
- return true;
- }
- foreach ([$node, $node->getParent()] as $node) {
- $shares = $this->getSharesFromNode($viewer, $node, true);
- foreach ($shares as $share) {
- try {
- if ($this->shareProviderResharingRights($viewer, $share, $node)) {
- return true;
- }
- } catch (InvalidPathException | NotFoundException $e) {
- }
- }
- }
- return false;
- }
- /**
- * Returns if we can find resharing rights in an IShare object for a specific user.
- *
- * @suppress PhanUndeclaredClassMethod
- *
- * @param string $userId
- * @param IShare $share
- * @param Node $node
- *
- * @return bool
- * @throws NotFoundException
- * @throws InvalidPathException
- */
- private function shareProviderResharingRights(string $userId, IShare $share, $node): bool {
- if ($share->getShareOwner() === $userId) {
- return true;
- }
- // we check that current user have parent resharing rights on the current file
- if ($node !== null && ($node->getPermissions() & Constants::PERMISSION_SHARE) !== 0) {
- return true;
- }
- if ((\OCP\Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) {
- return false;
- }
- if ($share->getShareType() === IShare::TYPE_USER && $share->getSharedWith() === $userId) {
- return true;
- }
- if ($share->getShareType() === IShare::TYPE_GROUP && $this->groupManager->isInGroup($userId, $share->getSharedWith())) {
- return true;
- }
- if ($share->getShareType() === IShare::TYPE_CIRCLE && \OC::$server->getAppManager()->isEnabledForUser('circles')
- && class_exists('\OCA\Circles\Api\v1\Circles')) {
- $hasCircleId = (substr($share->getSharedWith(), -1) === ']');
- $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
- $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
- if ($shareWithLength === false) {
- $sharedWith = substr($share->getSharedWith(), $shareWithStart);
- } else {
- $sharedWith = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
- }
- try {
- $member = \OCA\Circles\Api\v1\Circles::getMember($sharedWith, $userId, 1);
- if ($member->getLevel() >= 4) {
- return true;
- }
- return false;
- } catch (QueryException $e) {
- return false;
- }
- }
- return false;
- }
- /**
- * Get all the shares for the current user
- *
- * @param Node|null $path
- * @param boolean $reshares
- * @return IShare[]
- */
- private function getAllShares(?Node $path = null, bool $reshares = false) {
- // Get all shares
- $userShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_USER, $path, $reshares, -1, 0);
- $groupShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_GROUP, $path, $reshares, -1, 0);
- $linkShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_LINK, $path, $reshares, -1, 0);
- // EMAIL SHARES
- $mailShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_EMAIL, $path, $reshares, -1, 0);
- // CIRCLE SHARES
- $circleShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_CIRCLE, $path, $reshares, -1, 0);
- // TALK SHARES
- $roomShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_ROOM, $path, $reshares, -1, 0);
- // DECK SHARES
- $deckShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_DECK, $path, $reshares, -1, 0);
- // SCIENCEMESH SHARES
- $sciencemeshShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_SCIENCEMESH, $path, $reshares, -1, 0);
- // FEDERATION
- if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
- $federatedShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_REMOTE, $path, $reshares, -1, 0);
- } else {
- $federatedShares = [];
- }
- if ($this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
- $federatedGroupShares = $this->shareManager->getSharesBy($this->currentUser, IShare::TYPE_REMOTE_GROUP, $path, $reshares, -1, 0);
- } else {
- $federatedGroupShares = [];
- }
- return array_merge($userShares, $groupShares, $linkShares, $mailShares, $circleShares, $roomShares, $deckShares, $sciencemeshShares, $federatedShares, $federatedGroupShares);
- }
- /**
- * merging already formatted shares.
- * We'll make an associative array to easily detect duplicate Ids.
- * Keys _needs_ to be removed after all shares are retrieved and merged.
- *
- * @param array $shares
- * @param array $newShares
- */
- private function mergeFormattedShares(array &$shares, array $newShares) {
- foreach ($newShares as $newShare) {
- if (!array_key_exists($newShare['id'], $shares)) {
- $shares[$newShare['id']] = $newShare;
- }
- }
- }
- /**
- * @param IShare $share
- * @param string|null $attributesString
- * @return IShare modified share
- */
- private function setShareAttributes(IShare $share, ?string $attributesString) {
- $newShareAttributes = null;
- if ($attributesString !== null) {
- $newShareAttributes = $this->shareManager->newShare()->newAttributes();
- $formattedShareAttributes = \json_decode($attributesString, true);
- if (is_array($formattedShareAttributes)) {
- foreach ($formattedShareAttributes as $formattedAttr) {
- $newShareAttributes->setAttribute(
- $formattedAttr['scope'],
- $formattedAttr['key'],
- is_string($formattedAttr['enabled']) ? (bool) \json_decode($formattedAttr['enabled']) : $formattedAttr['enabled']
- );
- }
- } else {
- throw new OCSBadRequestException('Invalid share attributes provided: \"' . $attributesString . '\"');
- }
- }
- $share->setAttributes($newShareAttributes);
- return $share;
- }
- private function checkInheritedAttributes(IShare $share): void {
- if (!$share->getSharedBy()) {
- return; // Probably in a test
- }
- $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
- $nodes = $userFolder->getById($share->getNodeId());
- if (empty($nodes)) {
- return;
- }
- $node = $nodes[0];
- if ($node->getStorage()->instanceOfStorage(SharedStorage::class)) {
- $storage = $node->getStorage();
- if ($storage instanceof Wrapper) {
- $storage = $storage->getInstanceOfStorage(SharedStorage::class);
- if ($storage === null) {
- throw new \RuntimeException('Should not happen, instanceOfStorage but getInstanceOfStorage return null');
- }
- } else {
- throw new \RuntimeException('Should not happen, instanceOfStorage but not a wrapper');
- }
- /** @var \OCA\Files_Sharing\SharedStorage $storage */
- $inheritedAttributes = $storage->getShare()->getAttributes();
- if ($inheritedAttributes !== null && $inheritedAttributes->getAttribute('permissions', 'download') === false) {
- $share->setHideDownload(true);
- $attributes = $share->getAttributes();
- if ($attributes) {
- $attributes->setAttribute('permissions', 'download', false);
- $share->setAttributes($attributes);
- }
- }
- }
- }
- }
|