1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726172717281729173017311732173317341735173617371738173917401741174217431744174517461747174817491750175117521753175417551756175717581759176017611762176317641765176617671768176917701771177217731774177517761777177817791780178117821783178417851786178717881789179017911792179317941795179617971798179918001801180218031804180518061807180818091810181118121813181418151816181718181819182018211822182318241825182618271828182918301831183218331834183518361837183818391840184118421843184418451846184718481849185018511852185318541855185618571858185918601861186218631864186518661867186818691870187118721873187418751876187718781879188018811882188318841885188618871888188918901891189218931894189518961897189818991900190119021903190419051906190719081909191019111912191319141915191619171918191919201921192219231924192519261927192819291930193119321933193419351936193719381939194019411942194319441945194619471948194919501951195219531954195519561957195819591960196119621963196419651966196719681969197019711972197319741975197619771978197919801981198219831984198519861987198819891990199119921993199419951996199719981999200020012002200320042005200620072008200920102011201220132014201520162017201820192020202120222023202420252026202720282029203020312032203320342035203620372038203920402041204220432044204520462047204820492050205120522053205420552056205720582059206020612062206320642065206620672068206920702071207220732074207520762077207820792080208120822083208420852086208720882089209020912092209320942095209620972098209921002101210221032104210521062107210821092110211121122113211421152116211721182119212021212122212321242125212621272128212921302131213221332134213521362137213821392140214121422143214421452146214721482149215021512152215321542155 |
- <?php
- declare(strict_types=1);
- /**
- * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
- * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
- * SPDX-License-Identifier: AGPL-3.0-only
- */
- namespace OCA\Files_Sharing\Controller;
- use Exception;
- use OC\Files\FileInfo;
- use OC\Files\Storage\Wrapper\Wrapper;
- use OCA\Circles\Api\v1\Circles;
- use OCA\Files\Helper;
- use OCA\Files_Sharing\Exceptions\SharingRightsException;
- use OCA\Files_Sharing\External\Storage;
- use OCA\Files_Sharing\ResponseDefinitions;
- use OCA\Files_Sharing\SharedStorage;
- use OCA\GlobalSiteSelector\Service\SlaveService;
- use OCP\App\IAppManager;
- use OCP\AppFramework\Http;
- use OCP\AppFramework\Http\Attribute\NoAdminRequired;
- use OCP\AppFramework\Http\Attribute\UserRateLimit;
- use OCP\AppFramework\Http\DataResponse;
- use OCP\AppFramework\OCS\OCSBadRequestException;
- use OCP\AppFramework\OCS\OCSException;
- use OCP\AppFramework\OCS\OCSForbiddenException;
- use OCP\AppFramework\OCS\OCSNotFoundException;
- use OCP\AppFramework\OCSController;
- use OCP\AppFramework\QueryException;
- use OCP\Constants;
- use OCP\Files\File;
- use OCP\Files\Folder;
- use OCP\Files\InvalidPathException;
- use OCP\Files\IRootFolder;
- use OCP\Files\Mount\IShareOwnerlessMount;
- use OCP\Files\Node;
- use OCP\Files\NotFoundException;
- use OCP\HintException;
- use OCP\IConfig;
- use OCP\IDateTimeZone;
- use OCP\IGroupManager;
- use OCP\IL10N;
- use OCP\IPreview;
- use OCP\IRequest;
- use OCP\IURLGenerator;
- use OCP\IUserManager;
- use OCP\Lock\ILockingProvider;
- use OCP\Lock\LockedException;
- use OCP\Mail\IMailer;
- use OCP\Server;
- use OCP\Share\Exceptions\ShareNotFound;
- use OCP\Share\IManager;
- use OCP\Share\IProviderFactory;
- use OCP\Share\IShare;
- use OCP\Share\IShareProviderWithNotification;
- use OCP\UserStatus\IManager as IUserStatusManager;
- use Psr\Container\ContainerExceptionInterface;
- use Psr\Container\ContainerInterface;
- use Psr\Log\LoggerInterface;
- /**
- * @package OCA\Files_Sharing\API
- *
- * @psalm-import-type Files_SharingShare from ResponseDefinitions
- */
- class ShareAPIController extends OCSController {
- private ?Node $lockedNode = null;
- /**
- * Share20OCS constructor.
- */
- public function __construct(
- string $appName,
- IRequest $request,
- private IManager $shareManager,
- private IGroupManager $groupManager,
- private IUserManager $userManager,
- private IRootFolder $rootFolder,
- private IURLGenerator $urlGenerator,
- private IL10N $l,
- private IConfig $config,
- private IAppManager $appManager,
- private ContainerInterface $serverContainer,
- private IUserStatusManager $userStatusManager,
- private IPreview $previewManager,
- private IDateTimeZone $dateTimeZone,
- private LoggerInterface $logger,
- private IProviderFactory $factory,
- private IMailer $mailer,
- private ?string $userId = null,
- ) {
- parent::__construct($appName, $request);
- }
- /**
- * Convert an IShare to an array for OCS output
- *
- * @param IShare $share
- * @param Node|null $recipientNode
- * @return Files_SharingShare
- * @throws NotFoundException In case the node can't be resolved.
- *
- * @suppress PhanUndeclaredClassMethod
- */
- protected function formatShare(IShare $share, ?Node $recipientNode = null): array {
- $sharedBy = $this->userManager->get($share->getSharedBy());
- $shareOwner = $this->userManager->get($share->getShareOwner());
- $isOwnShare = false;
- if ($shareOwner !== null) {
- $isOwnShare = $shareOwner->getUID() === $this->userId;
- }
- $result = [
- 'id' => $share->getId(),
- 'share_type' => $share->getShareType(),
- 'uid_owner' => $share->getSharedBy(),
- 'displayname_owner' => $sharedBy !== null ? $sharedBy->getDisplayName() : $share->getSharedBy(),
- // recipient permissions
- 'permissions' => $share->getPermissions(),
- // current user permissions on this share
- 'can_edit' => $this->canEditShare($share),
- 'can_delete' => $this->canDeleteShare($share),
- 'stime' => $share->getShareTime()->getTimestamp(),
- 'parent' => null,
- 'expiration' => null,
- 'token' => null,
- 'uid_file_owner' => $share->getShareOwner(),
- 'note' => $share->getNote(),
- 'label' => $share->getLabel(),
- 'displayname_file_owner' => $shareOwner !== null ? $shareOwner->getDisplayName() : $share->getShareOwner(),
- ];
- $userFolder = $this->rootFolder->getUserFolder($this->userId);
- if ($recipientNode) {
- $node = $recipientNode;
- } else {
- $node = $userFolder->getFirstNodeById($share->getNodeId());
- if (!$node) {
- // fallback to guessing the path
- $node = $userFolder->get($share->getTarget());
- if ($node === null || $share->getTarget() === '') {
- throw new NotFoundException();
- }
- }
- }
- $result['path'] = $userFolder->getRelativePath($node->getPath());
- if ($node instanceof Folder) {
- $result['item_type'] = 'folder';
- } else {
- $result['item_type'] = 'file';
- }
- // Get the original node permission if the share owner is the current user
- if ($isOwnShare) {
- $result['item_permissions'] = $node->getPermissions();
- }
- // If we're on the recipient side, the node permissions
- // are bound to the share permissions. So we need to
- // adjust the permissions to the share permissions if necessary.
- if (!$isOwnShare) {
- $result['item_permissions'] = $share->getPermissions();
- // For some reason, single files share are forbidden to have the delete permission
- // since we have custom methods to check those, let's adjust straight away.
- // DAV permissions does not have that issue though.
- if ($this->canDeleteShare($share) || $this->canDeleteShareFromSelf($share)) {
- $result['item_permissions'] |= Constants::PERMISSION_DELETE;
- }
- if ($this->canEditShare($share)) {
- $result['item_permissions'] |= Constants::PERMISSION_UPDATE;
- }
- }
- // See MOUNT_ROOT_PROPERTYNAME dav property
- $result['is-mount-root'] = $node->getInternalPath() === '';
- $result['mount-type'] = $node->getMountPoint()->getMountType();
- $result['mimetype'] = $node->getMimetype();
- $result['has_preview'] = $this->previewManager->isAvailable($node);
- $result['storage_id'] = $node->getStorage()->getId();
- $result['storage'] = $node->getStorage()->getCache()->getNumericStorageId();
- $result['item_source'] = $node->getId();
- $result['file_source'] = $node->getId();
- $result['file_parent'] = $node->getParent()->getId();
- $result['file_target'] = $share->getTarget();
- $result['item_size'] = $node->getSize();
- $result['item_mtime'] = $node->getMTime();
- $expiration = $share->getExpirationDate();
- if ($expiration !== null) {
- $expiration->setTimezone($this->dateTimeZone->getTimeZone());
- $result['expiration'] = $expiration->format('Y-m-d 00:00:00');
- }
- if ($share->getShareType() === IShare::TYPE_USER) {
- $sharedWith = $this->userManager->get($share->getSharedWith());
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = $sharedWith !== null ? $sharedWith->getDisplayName() : $share->getSharedWith();
- $result['share_with_displayname_unique'] = $sharedWith !== null ? (
- !empty($sharedWith->getSystemEMailAddress()) ? $sharedWith->getSystemEMailAddress() : $sharedWith->getUID()
- ) : $share->getSharedWith();
- $userStatuses = $this->userStatusManager->getUserStatuses([$share->getSharedWith()]);
- $userStatus = array_shift($userStatuses);
- if ($userStatus) {
- $result['status'] = [
- 'status' => $userStatus->getStatus(),
- 'message' => $userStatus->getMessage(),
- 'icon' => $userStatus->getIcon(),
- 'clearAt' => $userStatus->getClearAt()
- ? (int)$userStatus->getClearAt()->format('U')
- : null,
- ];
- }
- } elseif ($share->getShareType() === IShare::TYPE_GROUP) {
- $group = $this->groupManager->get($share->getSharedWith());
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = $group !== null ? $group->getDisplayName() : $share->getSharedWith();
- } elseif ($share->getShareType() === IShare::TYPE_LINK) {
- // "share_with" and "share_with_displayname" for passwords of link
- // shares was deprecated in Nextcloud 15, use "password" instead.
- $result['share_with'] = $share->getPassword();
- $result['share_with_displayname'] = '(' . $this->l->t('Shared link') . ')';
- $result['password'] = $share->getPassword();
- $result['send_password_by_talk'] = $share->getSendPasswordByTalk();
- $result['token'] = $share->getToken();
- $result['url'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $share->getToken()]);
- } elseif ($share->getShareType() === IShare::TYPE_REMOTE) {
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = $this->getCachedFederatedDisplayName($share->getSharedWith());
- $result['token'] = $share->getToken();
- } elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'CLOUD');
- $result['token'] = $share->getToken();
- } elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
- $result['share_with'] = $share->getSharedWith();
- $result['password'] = $share->getPassword();
- $result['password_expiration_time'] = $share->getPasswordExpirationTime() !== null ? $share->getPasswordExpirationTime()->format(\DateTime::ATOM) : null;
- $result['send_password_by_talk'] = $share->getSendPasswordByTalk();
- $result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'EMAIL');
- $result['token'] = $share->getToken();
- } elseif ($share->getShareType() === IShare::TYPE_CIRCLE) {
- // getSharedWith() returns either "name (type, owner)" or
- // "name (type, owner) [id]", depending on the Teams app version.
- $hasCircleId = (substr($share->getSharedWith(), -1) === ']');
- $result['share_with_displayname'] = $share->getSharedWithDisplayName();
- if (empty($result['share_with_displayname'])) {
- $displayNameLength = ($hasCircleId ? strrpos($share->getSharedWith(), ' ') : strlen($share->getSharedWith()));
- $result['share_with_displayname'] = substr($share->getSharedWith(), 0, $displayNameLength);
- }
- $result['share_with_avatar'] = $share->getSharedWithAvatar();
- $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
- $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
- if ($shareWithLength === false) {
- $result['share_with'] = substr($share->getSharedWith(), $shareWithStart);
- } else {
- $result['share_with'] = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
- }
- } elseif ($share->getShareType() === IShare::TYPE_ROOM) {
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = '';
- try {
- /** @var array{share_with_displayname: string, share_with_link: string, share_with?: string, token?: string} $roomShare */
- $roomShare = $this->getRoomShareHelper()->formatShare($share);
- $result = array_merge($result, $roomShare);
- } catch (QueryException $e) {
- }
- } elseif ($share->getShareType() === IShare::TYPE_DECK) {
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = '';
- try {
- /** @var array{share_with: string, share_with_displayname: string, share_with_link: string} $deckShare */
- $deckShare = $this->getDeckShareHelper()->formatShare($share);
- $result = array_merge($result, $deckShare);
- } catch (QueryException $e) {
- }
- } elseif ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
- $result['share_with'] = $share->getSharedWith();
- $result['share_with_displayname'] = '';
- try {
- /** @var array{share_with: string, share_with_displayname: string, token: string} $scienceMeshShare */
- $scienceMeshShare = $this->getSciencemeshShareHelper()->formatShare($share);
- $result = array_merge($result, $scienceMeshShare);
- } catch (QueryException $e) {
- }
- }
- $result['mail_send'] = $share->getMailSend() ? 1 : 0;
- $result['hide_download'] = $share->getHideDownload() ? 1 : 0;
- $result['attributes'] = null;
- if ($attributes = $share->getAttributes()) {
- $result['attributes'] = (string)\json_encode($attributes->toArray());
- }
- return $result;
- }
- /**
- * Check if one of the users address books knows the exact property, if
- * not we return the full name.
- *
- * @param string $query
- * @param string $property
- * @return string
- */
- private function getDisplayNameFromAddressBook(string $query, string $property): string {
- // FIXME: If we inject the contacts manager it gets initialized before any address books are registered
- try {
- $result = \OC::$server->getContactsManager()->search($query, [$property], [
- 'limit' => 1,
- 'enumeration' => false,
- 'strict_search' => true,
- ]);
- } catch (Exception $e) {
- $this->logger->error(
- $e->getMessage(),
- ['exception' => $e]
- );
- return $query;
- }
- foreach ($result as $r) {
- foreach ($r[$property] as $value) {
- if ($value === $query && $r['FN']) {
- return $r['FN'];
- }
- }
- }
- return $query;
- }
- /**
- * @param list<Files_SharingShare> $shares
- * @param array<string, string>|null $updatedDisplayName
- *
- * @return list<Files_SharingShare>
- */
- private function fixMissingDisplayName(array $shares, ?array $updatedDisplayName = null): array {
- $userIds = $updated = [];
- foreach ($shares as $share) {
- // share is federated and share have no display name yet
- if ($share['share_type'] === IShare::TYPE_REMOTE
- && ($share['share_with'] ?? '') !== ''
- && ($share['share_with_displayname'] ?? '') === '') {
- $userIds[] = $userId = $share['share_with'];
- if ($updatedDisplayName !== null && array_key_exists($userId, $updatedDisplayName)) {
- $share['share_with_displayname'] = $updatedDisplayName[$userId];
- }
- }
- // prepping userIds with displayName to be updated
- $updated[] = $share;
- }
- // if $updatedDisplayName is not null, it means we should have already fixed displayNames of the shares
- if ($updatedDisplayName !== null) {
- return $updated;
- }
- // get displayName for the generated list of userId with no displayName
- $displayNames = $this->retrieveFederatedDisplayName($userIds);
- // if no displayName are updated, we exit
- if (empty($displayNames)) {
- return $updated;
- }
- // let's fix missing display name and returns all shares
- return $this->fixMissingDisplayName($shares, $displayNames);
- }
- /**
- * get displayName of a list of userIds from the lookup-server; through the globalsiteselector app.
- * returns an array with userIds as keys and displayName as values.
- *
- * @param array $userIds
- * @param bool $cacheOnly - do not reach LUS, get data from cache.
- *
- * @return array
- * @throws ContainerExceptionInterface
- */
- private function retrieveFederatedDisplayName(array $userIds, bool $cacheOnly = false): array {
- // check if gss is enabled and available
- if (count($userIds) === 0
- || !$this->appManager->isInstalled('globalsiteselector')
- || !class_exists('\OCA\GlobalSiteSelector\Service\SlaveService')) {
- return [];
- }
- try {
- $slaveService = Server::get(SlaveService::class);
- } catch (\Throwable $e) {
- $this->logger->error(
- $e->getMessage(),
- ['exception' => $e]
- );
- return [];
- }
- return $slaveService->getUsersDisplayName($userIds, $cacheOnly);
- }
- /**
- * retrieve displayName from cache if available (should be used on federated shares)
- * if not available in cache/lus, try for get from address-book, else returns empty string.
- *
- * @param string $userId
- * @param bool $cacheOnly if true will not reach the lus but will only get data from cache
- *
- * @return string
- */
- private function getCachedFederatedDisplayName(string $userId, bool $cacheOnly = true): string {
- $details = $this->retrieveFederatedDisplayName([$userId], $cacheOnly);
- if (array_key_exists($userId, $details)) {
- return $details[$userId];
- }
- $displayName = $this->getDisplayNameFromAddressBook($userId, 'CLOUD');
- return ($displayName === $userId) ? '' : $displayName;
- }
- /**
- * Get a specific share by id
- *
- * @param string $id ID of the share
- * @param bool $include_tags Include tags in the share
- * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
- * @throws OCSNotFoundException Share not found
- *
- * 200: Share returned
- */
- #[NoAdminRequired]
- public function getShare(string $id, bool $include_tags = false): DataResponse {
- try {
- $share = $this->getShareById($id);
- } catch (ShareNotFound $e) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- try {
- if ($this->canAccessShare($share)) {
- $share = $this->formatShare($share);
- if ($include_tags) {
- $share = Helper::populateTags([$share], \OC::$server->getTagManager());
- } else {
- $share = [$share];
- }
- return new DataResponse($share);
- }
- } catch (NotFoundException $e) {
- // Fall through
- }
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- /**
- * Delete a share
- *
- * @param string $id ID of the share
- * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
- * @throws OCSNotFoundException Share not found
- * @throws OCSForbiddenException Missing permissions to delete the share
- *
- * 200: Share deleted successfully
- */
- #[NoAdminRequired]
- public function deleteShare(string $id): DataResponse {
- try {
- $share = $this->getShareById($id);
- } catch (ShareNotFound $e) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- try {
- $this->lock($share->getNode());
- } catch (LockedException $e) {
- throw new OCSNotFoundException($this->l->t('Could not delete share'));
- }
- if (!$this->canAccessShare($share)) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- // if it's a group share or a room share
- // we don't delete the share, but only the
- // mount point. Allowing it to be restored
- // from the deleted shares
- if ($this->canDeleteShareFromSelf($share)) {
- $this->shareManager->deleteFromSelf($share, $this->userId);
- } else {
- if (!$this->canDeleteShare($share)) {
- throw new OCSForbiddenException($this->l->t('Could not delete share'));
- }
- $this->shareManager->deleteShare($share);
- }
- return new DataResponse();
- }
- /**
- * Create a share
- *
- * @param string|null $path Path of the share
- * @param int|null $permissions Permissions for the share
- * @param int $shareType Type of the share
- * @param string|null $shareWith The entity this should be shared with
- * @param string $publicUpload If public uploading is allowed
- * @param string $password Password for the share
- * @param string|null $sendPasswordByTalk Send the password for the share over Talk
- * @param ?string $expireDate The expiry date of the share in the user's timezone at 00:00.
- * If $expireDate is not supplied or set to `null`, the system default will be used.
- * @param string $note Note for the share
- * @param string $label Label for the share (only used in link and email)
- * @param string|null $attributes Additional attributes for the share
- * @param 'false'|'true'|null $sendMail Send a mail to the recipient
- *
- * @return DataResponse<Http::STATUS_OK, Files_SharingShare, array{}>
- * @throws OCSBadRequestException Unknown share type
- * @throws OCSException
- * @throws OCSForbiddenException Creating the share is not allowed
- * @throws OCSNotFoundException Creating the share failed
- * @suppress PhanUndeclaredClassMethod
- *
- * 200: Share created
- */
- #[NoAdminRequired]
- public function createShare(
- ?string $path = null,
- ?int $permissions = null,
- int $shareType = -1,
- ?string $shareWith = null,
- string $publicUpload = 'false',
- string $password = '',
- ?string $sendPasswordByTalk = null,
- ?string $expireDate = null,
- string $note = '',
- string $label = '',
- ?string $attributes = null,
- ?string $sendMail = null,
- ): DataResponse {
- $share = $this->shareManager->newShare();
- if ($permissions === null) {
- if ($shareType === IShare::TYPE_LINK
- || $shareType === IShare::TYPE_EMAIL) {
- // to keep legacy default behaviour, we ignore the setting below for link shares
- $permissions = Constants::PERMISSION_READ;
- } else {
- $permissions = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL);
- }
- }
- // Verify path
- if ($path === null) {
- throw new OCSNotFoundException($this->l->t('Please specify a file or folder path'));
- }
- $userFolder = $this->rootFolder->getUserFolder($this->userId);
- try {
- /** @var \OC\Files\Node\Node $node */
- $node = $userFolder->get($path);
- } catch (NotFoundException $e) {
- throw new OCSNotFoundException($this->l->t('Wrong path, file/folder does not exist'));
- }
- // a user can have access to a file through different paths, with differing permissions
- // combine all permissions to determine if the user can share this file
- $nodes = $userFolder->getById($node->getId());
- foreach ($nodes as $nodeById) {
- /** @var FileInfo $fileInfo */
- $fileInfo = $node->getFileInfo();
- $fileInfo['permissions'] |= $nodeById->getPermissions();
- }
- $share->setNode($node);
- try {
- $this->lock($share->getNode());
- } catch (LockedException $e) {
- throw new OCSNotFoundException($this->l->t('Could not create share'));
- }
- if ($permissions < 0 || $permissions > Constants::PERMISSION_ALL) {
- throw new OCSNotFoundException($this->l->t('Invalid permissions'));
- }
- // Shares always require read permissions OR create permissions
- if (($permissions & Constants::PERMISSION_READ) === 0 && ($permissions & Constants::PERMISSION_CREATE) === 0) {
- $permissions |= Constants::PERMISSION_READ;
- }
- if ($node instanceof File) {
- // Single file shares should never have delete or create permissions
- $permissions &= ~Constants::PERMISSION_DELETE;
- $permissions &= ~Constants::PERMISSION_CREATE;
- }
- /**
- * Hack for https://github.com/owncloud/core/issues/22587
- * We check the permissions via webdav. But the permissions of the mount point
- * do not equal the share permissions. Here we fix that for federated mounts.
- */
- if ($node->getStorage()->instanceOfStorage(Storage::class)) {
- $permissions &= ~($permissions & ~$node->getPermissions());
- }
- if ($attributes !== null) {
- $share = $this->setShareAttributes($share, $attributes);
- }
- // Expire date
- if ($expireDate !== null) {
- if ($expireDate !== '') {
- try {
- $expireDateTime = $this->parseDate($expireDate);
- $share->setExpirationDate($expireDateTime);
- } catch (\Exception $e) {
- throw new OCSNotFoundException($e->getMessage(), $e);
- }
- } else {
- // Client sent empty string for expire date.
- // Set noExpirationDate to true so overwrite is prevented.
- $share->setNoExpirationDate(true);
- }
- }
- $share->setSharedBy($this->userId);
- $this->checkInheritedAttributes($share);
- // Handle mail send
- if (is_null($sendMail)) {
- // Define a default behavior when sendMail is not provided
- // For email shares with a valid recipient, the default is to send the mail
- // For all other share types, the default is to not send the mail
- $allowSendMail = ($shareType === IShare::TYPE_EMAIL && $shareWith !== null && $shareWith !== '');
- $share->setMailSend($allowSendMail);
- } else {
- $share->setMailSend($sendMail === 'true');
- }
- if ($shareType === IShare::TYPE_USER) {
- // Valid user is required to share
- if ($shareWith === null || !$this->userManager->userExists($shareWith)) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid account to share with'));
- }
- $share->setSharedWith($shareWith);
- $share->setPermissions($permissions);
- } elseif ($shareType === IShare::TYPE_GROUP) {
- if (!$this->shareManager->allowGroupSharing()) {
- throw new OCSNotFoundException($this->l->t('Group sharing is disabled by the administrator'));
- }
- // Valid group is required to share
- if ($shareWith === null || !$this->groupManager->groupExists($shareWith)) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid group'));
- }
- $share->setSharedWith($shareWith);
- $share->setPermissions($permissions);
- } elseif ($shareType === IShare::TYPE_LINK
- || $shareType === IShare::TYPE_EMAIL) {
- // Can we even share links?
- if (!$this->shareManager->shareApiAllowLinks()) {
- throw new OCSNotFoundException($this->l->t('Public link sharing is disabled by the administrator'));
- }
- if ($publicUpload === 'true') {
- // Check if public upload is allowed
- if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
- throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
- }
- // Public upload can only be set for folders
- if ($node instanceof File) {
- throw new OCSNotFoundException($this->l->t('Public upload is only possible for publicly shared folders'));
- }
- $permissions = Constants::PERMISSION_READ |
- Constants::PERMISSION_CREATE |
- Constants::PERMISSION_UPDATE |
- Constants::PERMISSION_DELETE;
- }
- // TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones
- if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
- $permissions |= Constants::PERMISSION_SHARE;
- }
- $share->setPermissions($permissions);
- // Set password
- if ($password !== '') {
- $share->setPassword($password);
- }
- // Only share by mail have a recipient
- if (is_string($shareWith) && $shareType === IShare::TYPE_EMAIL) {
- // If sending a mail have been requested, validate the mail address
- if ($share->getMailSend() && !$this->mailer->validateMailAddress($shareWith)) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid email address'));
- }
- $share->setSharedWith($shareWith);
- }
- // If we have a label, use it
- if (!empty($label)) {
- $share->setLabel($label);
- }
- if ($sendPasswordByTalk === 'true') {
- if (!$this->appManager->isEnabledForUser('spreed')) {
- throw new OCSForbiddenException($this->l->t('Sharing %s sending the password by Nextcloud Talk failed because Nextcloud Talk is not enabled', [$node->getPath()]));
- }
- $share->setSendPasswordByTalk(true);
- }
- } elseif ($shareType === IShare::TYPE_REMOTE) {
- if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
- throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType]));
- }
- if ($shareWith === null) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid federated account ID'));
- }
- $share->setSharedWith($shareWith);
- $share->setPermissions($permissions);
- $share->setSharedWithDisplayName($this->getCachedFederatedDisplayName($shareWith, false));
- } elseif ($shareType === IShare::TYPE_REMOTE_GROUP) {
- if (!$this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
- throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType]));
- }
- if ($shareWith === null) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid federated group ID'));
- }
- $share->setSharedWith($shareWith);
- $share->setPermissions($permissions);
- } elseif ($shareType === IShare::TYPE_CIRCLE) {
- if (!\OC::$server->getAppManager()->isEnabledForUser('circles') || !class_exists('\OCA\Circles\ShareByCircleProvider')) {
- throw new OCSNotFoundException($this->l->t('You cannot share to a Team if the app is not enabled'));
- }
- $circle = Circles::detailsCircle($shareWith);
- // Valid team is required to share
- if ($circle === null) {
- throw new OCSNotFoundException($this->l->t('Please specify a valid team'));
- }
- $share->setSharedWith($shareWith);
- $share->setPermissions($permissions);
- } elseif ($shareType === IShare::TYPE_ROOM) {
- try {
- $this->getRoomShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
- } catch (QueryException $e) {
- throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()]));
- }
- } elseif ($shareType === IShare::TYPE_DECK) {
- try {
- $this->getDeckShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
- } catch (QueryException $e) {
- throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()]));
- }
- } elseif ($shareType === IShare::TYPE_SCIENCEMESH) {
- try {
- $this->getSciencemeshShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
- } catch (QueryException $e) {
- throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support ScienceMesh shares', [$node->getPath()]));
- }
- } else {
- throw new OCSBadRequestException($this->l->t('Unknown share type'));
- }
- $share->setShareType($shareType);
- if ($note !== '') {
- $share->setNote($note);
- }
- try {
- $share = $this->shareManager->createShare($share);
- } catch (HintException $e) {
- $code = $e->getCode() === 0 ? 403 : $e->getCode();
- throw new OCSException($e->getHint(), $code);
- } catch (\Exception $e) {
- $this->logger->error($e->getMessage(), ['exception' => $e]);
- throw new OCSForbiddenException('Failed to create share.', $e);
- }
- $output = $this->formatShare($share);
- return new DataResponse($output);
- }
- /**
- * @param null|Node $node
- * @param boolean $includeTags
- *
- * @return list<Files_SharingShare>
- */
- private function getSharedWithMe($node, bool $includeTags): array {
- $userShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_USER, $node, -1, 0);
- $groupShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_GROUP, $node, -1, 0);
- $circleShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_CIRCLE, $node, -1, 0);
- $roomShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_ROOM, $node, -1, 0);
- $deckShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_DECK, $node, -1, 0);
- $sciencemeshShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_SCIENCEMESH, $node, -1, 0);
- $shares = array_merge($userShares, $groupShares, $circleShares, $roomShares, $deckShares, $sciencemeshShares);
- $filteredShares = array_filter($shares, function (IShare $share) {
- return $share->getShareOwner() !== $this->userId;
- });
- $formatted = [];
- foreach ($filteredShares as $share) {
- if ($this->canAccessShare($share)) {
- try {
- $formatted[] = $this->formatShare($share);
- } catch (NotFoundException $e) {
- // Ignore this share
- }
- }
- }
- if ($includeTags) {
- $formatted = Helper::populateTags($formatted, \OC::$server->getTagManager());
- }
- return $formatted;
- }
- /**
- * @param Node $folder
- *
- * @return list<Files_SharingShare>
- * @throws OCSBadRequestException
- * @throws NotFoundException
- */
- private function getSharesInDir(Node $folder): array {
- if (!($folder instanceof Folder)) {
- throw new OCSBadRequestException($this->l->t('Not a directory'));
- }
- $nodes = $folder->getDirectoryListing();
- /** @var IShare[] $shares */
- $shares = array_reduce($nodes, function ($carry, $node) {
- $carry = array_merge($carry, $this->getAllShares($node, true));
- return $carry;
- }, []);
- // filter out duplicate shares
- $known = [];
- $formatted = $miniFormatted = [];
- $resharingRight = false;
- $known = [];
- foreach ($shares as $share) {
- if (in_array($share->getId(), $known) || $share->getSharedWith() === $this->userId) {
- continue;
- }
- try {
- $format = $this->formatShare($share);
- $known[] = $share->getId();
- $formatted[] = $format;
- if ($share->getSharedBy() === $this->userId) {
- $miniFormatted[] = $format;
- }
- if (!$resharingRight && $this->shareProviderResharingRights($this->userId, $share, $folder)) {
- $resharingRight = true;
- }
- } catch (\Exception $e) {
- //Ignore this share
- }
- }
- if (!$resharingRight) {
- $formatted = $miniFormatted;
- }
- return $formatted;
- }
- /**
- * Get shares of the current user
- *
- * @param string $shared_with_me Only get shares with the current user
- * @param string $reshares Only get shares by the current user and reshares
- * @param string $subfiles Only get all shares in a folder
- * @param string $path Get shares for a specific path
- * @param string $include_tags Include tags in the share
- *
- * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
- * @throws OCSNotFoundException The folder was not found or is inaccessible
- *
- * 200: Shares returned
- */
- #[NoAdminRequired]
- public function getShares(
- string $shared_with_me = 'false',
- string $reshares = 'false',
- string $subfiles = 'false',
- string $path = '',
- string $include_tags = 'false',
- ): DataResponse {
- $node = null;
- if ($path !== '') {
- $userFolder = $this->rootFolder->getUserFolder($this->userId);
- try {
- $node = $userFolder->get($path);
- $this->lock($node);
- } catch (NotFoundException $e) {
- throw new OCSNotFoundException(
- $this->l->t('Wrong path, file/folder does not exist')
- );
- } catch (LockedException $e) {
- throw new OCSNotFoundException($this->l->t('Could not lock node'));
- }
- }
- $shares = $this->getFormattedShares(
- $this->userId,
- $node,
- ($shared_with_me === 'true'),
- ($reshares === 'true'),
- ($subfiles === 'true'),
- ($include_tags === 'true')
- );
- return new DataResponse($shares);
- }
- /**
- * @param string $viewer
- * @param Node $node
- * @param bool $sharedWithMe
- * @param bool $reShares
- * @param bool $subFiles
- * @param bool $includeTags
- *
- * @return list<Files_SharingShare>
- * @throws NotFoundException
- * @throws OCSBadRequestException
- */
- private function getFormattedShares(
- string $viewer,
- $node = null,
- bool $sharedWithMe = false,
- bool $reShares = false,
- bool $subFiles = false,
- bool $includeTags = false,
- ): array {
- if ($sharedWithMe) {
- return $this->getSharedWithMe($node, $includeTags);
- }
- if ($subFiles) {
- return $this->getSharesInDir($node);
- }
- $shares = $this->getSharesFromNode($viewer, $node, $reShares);
- $known = $formatted = $miniFormatted = [];
- $resharingRight = false;
- foreach ($shares as $share) {
- try {
- $share->getNode();
- } catch (NotFoundException $e) {
- /*
- * Ignore shares where we can't get the node
- * For example deleted shares
- */
- continue;
- }
- if (in_array($share->getId(), $known)
- || ($share->getSharedWith() === $this->userId && $share->getShareType() === IShare::TYPE_USER)) {
- continue;
- }
- $known[] = $share->getId();
- try {
- /** @var IShare $share */
- $format = $this->formatShare($share, $node);
- $formatted[] = $format;
- // let's also build a list of shares created
- // by the current user only, in case
- // there is no resharing rights
- if ($share->getSharedBy() === $this->userId) {
- $miniFormatted[] = $format;
- }
- // check if one of those share is shared with me
- // and if I have resharing rights on it
- if (!$resharingRight && $this->shareProviderResharingRights($this->userId, $share, $node)) {
- $resharingRight = true;
- }
- } catch (InvalidPathException|NotFoundException $e) {
- }
- }
- if (!$resharingRight) {
- $formatted = $miniFormatted;
- }
- // fix eventual missing display name from federated shares
- $formatted = $this->fixMissingDisplayName($formatted);
- if ($includeTags) {
- $formatted =
- Helper::populateTags($formatted, \OC::$server->getTagManager());
- }
- return $formatted;
- }
- /**
- * Get all shares relative to a file, including parent folders shares rights
- *
- * @param string $path Path all shares will be relative to
- *
- * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
- * @throws InvalidPathException
- * @throws NotFoundException
- * @throws OCSNotFoundException The given path is invalid
- * @throws SharingRightsException
- *
- * 200: Shares returned
- */
- #[NoAdminRequired]
- public function getInheritedShares(string $path): DataResponse {
- // get Node from (string) path.
- $userFolder = $this->rootFolder->getUserFolder($this->userId);
- try {
- $node = $userFolder->get($path);
- $this->lock($node);
- } catch (NotFoundException $e) {
- throw new OCSNotFoundException($this->l->t('Wrong path, file/folder does not exist'));
- } catch (LockedException $e) {
- throw new OCSNotFoundException($this->l->t('Could not lock path'));
- }
- if (!($node->getPermissions() & Constants::PERMISSION_SHARE)) {
- throw new SharingRightsException($this->l->t('no sharing rights on this item'));
- }
- // The current top parent we have access to
- $parent = $node;
- // initiate real owner.
- $owner = $node->getOwner()
- ->getUID();
- if (!$this->userManager->userExists($owner)) {
- return new DataResponse([]);
- }
- // get node based on the owner, fix owner in case of external storage
- $userFolder = $this->rootFolder->getUserFolder($owner);
- if ($node->getId() !== $userFolder->getId() && !$userFolder->isSubNode($node)) {
- $owner = $node->getOwner()
- ->getUID();
- $userFolder = $this->rootFolder->getUserFolder($owner);
- $node = $userFolder->getFirstNodeById($node->getId());
- }
- $basePath = $userFolder->getPath();
- // generate node list for each parent folders
- /** @var Node[] $nodes */
- $nodes = [];
- while (true) {
- $node = $node->getParent();
- if ($node->getPath() === $basePath) {
- break;
- }
- $nodes[] = $node;
- }
- // The user that is requesting this list
- $currentUserFolder = $this->rootFolder->getUserFolder($this->userId);
- // for each nodes, retrieve shares.
- $shares = [];
- foreach ($nodes as $node) {
- $getShares = $this->getFormattedShares($owner, $node, false, true);
- $currentUserNode = $currentUserFolder->getFirstNodeById($node->getId());
- if ($currentUserNode) {
- $parent = $currentUserNode;
- }
- $subPath = $currentUserFolder->getRelativePath($parent->getPath());
- foreach ($getShares as &$share) {
- $share['via_fileid'] = $parent->getId();
- $share['via_path'] = $subPath;
- }
- $this->mergeFormattedShares($shares, $getShares);
- }
- return new DataResponse(array_values($shares));
- }
- /**
- * Check whether a set of permissions contains the permissions to check.
- */
- private function hasPermission(int $permissionsSet, int $permissionsToCheck): bool {
- return ($permissionsSet & $permissionsToCheck) === $permissionsToCheck;
- }
- /**
- * Update a share
- *
- * @param string $id ID of the share
- * @param int|null $permissions New permissions
- * @param string|null $password New password
- * @param string|null $sendPasswordByTalk New condition if the password should be send over Talk
- * @param string|null $publicUpload New condition if public uploading is allowed
- * @param string|null $expireDate New expiry date
- * @param string|null $note New note
- * @param string|null $label New label
- * @param string|null $hideDownload New condition if the download should be hidden
- * @param string|null $attributes New additional attributes
- * @param string|null $sendMail if the share should be send by mail.
- * Considering the share already exists, no mail will be send after the share is updated.
- * You will have to use the sendMail action to send the mail.
- * @param string|null $shareWith New recipient for email shares
- * @return DataResponse<Http::STATUS_OK, Files_SharingShare, array{}>
- * @throws OCSBadRequestException Share could not be updated because the requested changes are invalid
- * @throws OCSForbiddenException Missing permissions to update the share
- * @throws OCSNotFoundException Share not found
- *
- * 200: Share updated successfully
- */
- #[NoAdminRequired]
- public function updateShare(
- string $id,
- ?int $permissions = null,
- ?string $password = null,
- ?string $sendPasswordByTalk = null,
- ?string $publicUpload = null,
- ?string $expireDate = null,
- ?string $note = null,
- ?string $label = null,
- ?string $hideDownload = null,
- ?string $attributes = null,
- ?string $sendMail = null,
- ): DataResponse {
- try {
- $share = $this->getShareById($id);
- } catch (ShareNotFound $e) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- $this->lock($share->getNode());
- if (!$this->canAccessShare($share, false)) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- if (!$this->canEditShare($share)) {
- throw new OCSForbiddenException($this->l->t('You are not allowed to edit incoming shares'));
- }
- if (
- $permissions === null &&
- $password === null &&
- $sendPasswordByTalk === null &&
- $publicUpload === null &&
- $expireDate === null &&
- $note === null &&
- $label === null &&
- $hideDownload === null &&
- $attributes === null &&
- $sendMail === null
- ) {
- throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
- }
- if ($note !== null) {
- $share->setNote($note);
- }
- if ($attributes !== null) {
- $share = $this->setShareAttributes($share, $attributes);
- }
- $this->checkInheritedAttributes($share);
- // Handle mail send
- if ($sendMail === 'true' || $sendMail === 'false') {
- $share->setMailSend($sendMail === 'true');
- }
- /**
- * expirationdate, password and publicUpload only make sense for link shares
- */
- if ($share->getShareType() === IShare::TYPE_LINK
- || $share->getShareType() === IShare::TYPE_EMAIL) {
- // Update hide download state
- $attributes = $share->getAttributes() ?? $share->newAttributes();
- if ($hideDownload === 'true') {
- $share->setHideDownload(true);
- $attributes->setAttribute('permissions', 'download', false);
- } elseif ($hideDownload === 'false') {
- $share->setHideDownload(false);
- $attributes->setAttribute('permissions', 'download', true);
- }
- $share->setAttributes($attributes);
- $newPermissions = null;
- if ($publicUpload === 'true') {
- $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
- } elseif ($publicUpload === 'false') {
- $newPermissions = Constants::PERMISSION_READ;
- }
- if ($permissions !== null) {
- $newPermissions = $permissions;
- $newPermissions = $newPermissions & ~Constants::PERMISSION_SHARE;
- }
- if ($newPermissions !== null) {
- if (!$this->hasPermission($newPermissions, Constants::PERMISSION_READ) && !$this->hasPermission($newPermissions, Constants::PERMISSION_CREATE)) {
- throw new OCSBadRequestException($this->l->t('Share must at least have READ or CREATE permissions'));
- }
- if (!$this->hasPermission($newPermissions, Constants::PERMISSION_READ) && (
- $this->hasPermission($newPermissions, Constants::PERMISSION_UPDATE) || $this->hasPermission($newPermissions, Constants::PERMISSION_DELETE)
- )) {
- throw new OCSBadRequestException($this->l->t('Share must have READ permission if UPDATE or DELETE permission is set'));
- }
- }
- if (
- // legacy
- $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE) ||
- // correct
- $newPermissions === (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE)
- ) {
- if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
- throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
- }
- if (!($share->getNode() instanceof Folder)) {
- throw new OCSBadRequestException($this->l->t('Public upload is only possible for publicly shared folders'));
- }
- // normalize to correct public upload permissions
- if ($publicUpload === 'true') {
- $newPermissions = Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE;
- }
- }
- if ($newPermissions !== null) {
- // TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones
- if (($newPermissions & Constants::PERMISSION_READ) && $this->shareManager->outgoingServer2ServerSharesAllowed()) {
- $newPermissions |= Constants::PERMISSION_SHARE;
- }
- $share->setPermissions($newPermissions);
- $permissions = $newPermissions;
- }
- if ($password === '') {
- $share->setPassword(null);
- } elseif ($password !== null) {
- $share->setPassword($password);
- }
- if ($label !== null) {
- if (strlen($label) > 255) {
- throw new OCSBadRequestException('Maximum label length is 255');
- }
- $share->setLabel($label);
- }
- if ($sendPasswordByTalk === 'true') {
- if (!$this->appManager->isEnabledForUser('spreed')) {
- throw new OCSForbiddenException($this->l->t('"Sending the password by Nextcloud Talk" for sharing a file or folder failed because Nextcloud Talk is not enabled.'));
- }
- $share->setSendPasswordByTalk(true);
- } elseif ($sendPasswordByTalk !== null) {
- $share->setSendPasswordByTalk(false);
- }
- }
- // NOT A LINK SHARE
- else {
- if ($permissions !== null) {
- $share->setPermissions($permissions);
- }
- }
- if ($expireDate === '') {
- $share->setExpirationDate(null);
- } elseif ($expireDate !== null) {
- try {
- $expireDateTime = $this->parseDate($expireDate);
- $share->setExpirationDate($expireDateTime);
- } catch (\Exception $e) {
- throw new OCSBadRequestException($e->getMessage(), $e);
- }
- }
- try {
- $share = $this->shareManager->updateShare($share);
- } catch (HintException $e) {
- $code = $e->getCode() === 0 ? 403 : $e->getCode();
- throw new OCSException($e->getHint(), (int)$code);
- } catch (\Exception $e) {
- $this->logger->error($e->getMessage(), ['exception' => $e]);
- throw new OCSBadRequestException('Failed to update share.', $e);
- }
- return new DataResponse($this->formatShare($share));
- }
- /**
- * Get all shares that are still pending
- *
- * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
- *
- * 200: Pending shares returned
- */
- #[NoAdminRequired]
- public function pendingShares(): DataResponse {
- $pendingShares = [];
- $shareTypes = [
- IShare::TYPE_USER,
- IShare::TYPE_GROUP
- ];
- foreach ($shareTypes as $shareType) {
- $shares = $this->shareManager->getSharedWith($this->userId, $shareType, null, -1, 0);
- foreach ($shares as $share) {
- if ($share->getStatus() === IShare::STATUS_PENDING || $share->getStatus() === IShare::STATUS_REJECTED) {
- $pendingShares[] = $share;
- }
- }
- }
- $result = array_values(array_filter(array_map(function (IShare $share) {
- $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
- $node = $userFolder->getFirstNodeById($share->getNodeId());
- if (!$node) {
- // fallback to guessing the path
- $node = $userFolder->get($share->getTarget());
- if ($node === null || $share->getTarget() === '') {
- return null;
- }
- }
- try {
- $formattedShare = $this->formatShare($share, $node);
- $formattedShare['path'] = '/' . $share->getNode()->getName();
- $formattedShare['permissions'] = 0;
- return $formattedShare;
- } catch (NotFoundException $e) {
- return null;
- }
- }, $pendingShares), function ($entry) {
- return $entry !== null;
- }));
- return new DataResponse($result);
- }
- /**
- * Accept a share
- *
- * @param string $id ID of the share
- * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
- * @throws OCSNotFoundException Share not found
- * @throws OCSException
- * @throws OCSBadRequestException Share could not be accepted
- *
- * 200: Share accepted successfully
- */
- #[NoAdminRequired]
- public function acceptShare(string $id): DataResponse {
- try {
- $share = $this->getShareById($id);
- } catch (ShareNotFound $e) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- if (!$this->canAccessShare($share)) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- try {
- $this->shareManager->acceptShare($share, $this->userId);
- } catch (HintException $e) {
- $code = $e->getCode() === 0 ? 403 : $e->getCode();
- throw new OCSException($e->getHint(), (int)$code);
- } catch (\Exception $e) {
- $this->logger->error($e->getMessage(), ['exception' => $e]);
- throw new OCSBadRequestException('Failed to accept share.', $e);
- }
- return new DataResponse();
- }
- /**
- * Does the user have read permission on the share
- *
- * @param IShare $share the share to check
- * @param boolean $checkGroups check groups as well?
- * @return boolean
- * @throws NotFoundException
- *
- * @suppress PhanUndeclaredClassMethod
- */
- protected function canAccessShare(IShare $share, bool $checkGroups = true): bool {
- // A file with permissions 0 can't be accessed by us. So Don't show it
- if ($share->getPermissions() === 0) {
- return false;
- }
- // Owner of the file and the sharer of the file can always get share
- if ($share->getShareOwner() === $this->userId
- || $share->getSharedBy() === $this->userId) {
- return true;
- }
- // If the share is shared with you, you can access it!
- if ($share->getShareType() === IShare::TYPE_USER
- && $share->getSharedWith() === $this->userId) {
- return true;
- }
- // Have reshare rights on the shared file/folder ?
- // Does the currentUser have access to the shared file?
- $userFolder = $this->rootFolder->getUserFolder($this->userId);
- $file = $userFolder->getFirstNodeById($share->getNodeId());
- if ($file && $this->shareProviderResharingRights($this->userId, $share, $file)) {
- return true;
- }
- // If in the recipient group, you can see the share
- if ($checkGroups && $share->getShareType() === IShare::TYPE_GROUP) {
- $sharedWith = $this->groupManager->get($share->getSharedWith());
- $user = $this->userManager->get($this->userId);
- if ($user !== null && $sharedWith !== null && $sharedWith->inGroup($user)) {
- return true;
- }
- }
- if ($share->getShareType() === IShare::TYPE_CIRCLE) {
- // TODO: have a sanity check like above?
- return true;
- }
- if ($share->getShareType() === IShare::TYPE_ROOM) {
- try {
- return $this->getRoomShareHelper()->canAccessShare($share, $this->userId);
- } catch (QueryException $e) {
- return false;
- }
- }
- if ($share->getShareType() === IShare::TYPE_DECK) {
- try {
- return $this->getDeckShareHelper()->canAccessShare($share, $this->userId);
- } catch (QueryException $e) {
- return false;
- }
- }
- if ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
- try {
- return $this->getSciencemeshShareHelper()->canAccessShare($share, $this->userId);
- } catch (QueryException $e) {
- return false;
- }
- }
- return false;
- }
- /**
- * Does the user have edit permission on the share
- *
- * @param IShare $share the share to check
- * @return boolean
- */
- protected function canEditShare(IShare $share): bool {
- // A file with permissions 0 can't be accessed by us. So Don't show it
- if ($share->getPermissions() === 0) {
- return false;
- }
- // The owner of the file and the creator of the share
- // can always edit the share
- if ($share->getShareOwner() === $this->userId ||
- $share->getSharedBy() === $this->userId
- ) {
- return true;
- }
- $userFolder = $this->rootFolder->getUserFolder($this->userId);
- $file = $userFolder->getFirstNodeById($share->getNodeId());
- if ($file?->getMountPoint() instanceof IShareOwnerlessMount && $this->shareProviderResharingRights($this->userId, $share, $file)) {
- return true;
- }
- //! we do NOT support some kind of `admin` in groups.
- //! You cannot edit shares shared to a group you're
- //! a member of if you're not the share owner or the file owner!
- return false;
- }
- /**
- * Does the user have delete permission on the share
- *
- * @param IShare $share the share to check
- * @return boolean
- */
- protected function canDeleteShare(IShare $share): bool {
- // A file with permissions 0 can't be accessed by us. So Don't show it
- if ($share->getPermissions() === 0) {
- return false;
- }
- // if the user is the recipient, i can unshare
- // the share with self
- if ($share->getShareType() === IShare::TYPE_USER &&
- $share->getSharedWith() === $this->userId
- ) {
- return true;
- }
- // The owner of the file and the creator of the share
- // can always delete the share
- if ($share->getShareOwner() === $this->userId ||
- $share->getSharedBy() === $this->userId
- ) {
- return true;
- }
- $userFolder = $this->rootFolder->getUserFolder($this->userId);
- $file = $userFolder->getFirstNodeById($share->getNodeId());
- if ($file?->getMountPoint() instanceof IShareOwnerlessMount && $this->shareProviderResharingRights($this->userId, $share, $file)) {
- return true;
- }
- return false;
- }
- /**
- * Does the user have delete permission on the share
- * This differs from the canDeleteShare function as it only
- * remove the share for the current user. It does NOT
- * completely delete the share but only the mount point.
- * It can then be restored from the deleted shares section.
- *
- * @param IShare $share the share to check
- * @return boolean
- *
- * @suppress PhanUndeclaredClassMethod
- */
- protected function canDeleteShareFromSelf(IShare $share): bool {
- if ($share->getShareType() !== IShare::TYPE_GROUP &&
- $share->getShareType() !== IShare::TYPE_ROOM &&
- $share->getShareType() !== IShare::TYPE_DECK &&
- $share->getShareType() !== IShare::TYPE_SCIENCEMESH
- ) {
- return false;
- }
- if ($share->getShareOwner() === $this->userId ||
- $share->getSharedBy() === $this->userId
- ) {
- // Delete the whole share, not just for self
- return false;
- }
- // If in the recipient group, you can delete the share from self
- if ($share->getShareType() === IShare::TYPE_GROUP) {
- $sharedWith = $this->groupManager->get($share->getSharedWith());
- $user = $this->userManager->get($this->userId);
- if ($user !== null && $sharedWith !== null && $sharedWith->inGroup($user)) {
- return true;
- }
- }
- if ($share->getShareType() === IShare::TYPE_ROOM) {
- try {
- return $this->getRoomShareHelper()->canAccessShare($share, $this->userId);
- } catch (QueryException $e) {
- return false;
- }
- }
- if ($share->getShareType() === IShare::TYPE_DECK) {
- try {
- return $this->getDeckShareHelper()->canAccessShare($share, $this->userId);
- } catch (QueryException $e) {
- return false;
- }
- }
- if ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
- try {
- return $this->getSciencemeshShareHelper()->canAccessShare($share, $this->userId);
- } catch (QueryException $e) {
- return false;
- }
- }
- return false;
- }
- /**
- * Make sure that the passed date is valid ISO 8601
- * So YYYY-MM-DD
- * If not throw an exception
- *
- * @param string $expireDate
- *
- * @throws \Exception
- * @return \DateTime
- */
- private function parseDate(string $expireDate): \DateTime {
- try {
- $date = new \DateTime(trim($expireDate, '"'), $this->dateTimeZone->getTimeZone());
- // Make sure it expires at midnight in owner timezone
- $date->setTime(0, 0, 0);
- } catch (\Exception $e) {
- throw new \Exception($this->l->t('Invalid date. Format must be YYYY-MM-DD'));
- }
- return $date;
- }
- /**
- * Since we have multiple providers but the OCS Share API v1 does
- * not support this we need to check all backends.
- *
- * @param string $id
- * @return IShare
- * @throws ShareNotFound
- */
- private function getShareById(string $id): IShare {
- $share = null;
- // First check if it is an internal share.
- try {
- $share = $this->shareManager->getShareById('ocinternal:' . $id, $this->userId);
- return $share;
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- try {
- if ($this->shareManager->shareProviderExists(IShare::TYPE_CIRCLE)) {
- $share = $this->shareManager->getShareById('ocCircleShare:' . $id, $this->userId);
- return $share;
- }
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- try {
- if ($this->shareManager->shareProviderExists(IShare::TYPE_EMAIL)) {
- $share = $this->shareManager->getShareById('ocMailShare:' . $id, $this->userId);
- return $share;
- }
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- try {
- $share = $this->shareManager->getShareById('ocRoomShare:' . $id, $this->userId);
- return $share;
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- try {
- if ($this->shareManager->shareProviderExists(IShare::TYPE_DECK)) {
- $share = $this->shareManager->getShareById('deck:' . $id, $this->userId);
- return $share;
- }
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- try {
- if ($this->shareManager->shareProviderExists(IShare::TYPE_SCIENCEMESH)) {
- $share = $this->shareManager->getShareById('sciencemesh:' . $id, $this->userId);
- return $share;
- }
- } catch (ShareNotFound $e) {
- // Do nothing, just try the other share type
- }
- if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
- throw new ShareNotFound();
- }
- $share = $this->shareManager->getShareById('ocFederatedSharing:' . $id, $this->userId);
- return $share;
- }
- /**
- * Lock a Node
- *
- * @param Node $node
- * @throws LockedException
- */
- private function lock(Node $node) {
- $node->lock(ILockingProvider::LOCK_SHARED);
- $this->lockedNode = $node;
- }
- /**
- * Cleanup the remaining locks
- * @throws LockedException
- */
- public function cleanup() {
- if ($this->lockedNode !== null) {
- $this->lockedNode->unlock(ILockingProvider::LOCK_SHARED);
- }
- }
- /**
- * Returns the helper of ShareAPIController for room shares.
- *
- * If the Talk application is not enabled or the helper is not available
- * a QueryException is thrown instead.
- *
- * @return \OCA\Talk\Share\Helper\ShareAPIController
- * @throws QueryException
- */
- private function getRoomShareHelper() {
- if (!$this->appManager->isEnabledForUser('spreed')) {
- throw new QueryException();
- }
- return $this->serverContainer->get('\OCA\Talk\Share\Helper\ShareAPIController');
- }
- /**
- * Returns the helper of ShareAPIHelper for deck shares.
- *
- * If the Deck application is not enabled or the helper is not available
- * a QueryException is thrown instead.
- *
- * @return \OCA\Deck\Sharing\ShareAPIHelper
- * @throws QueryException
- */
- private function getDeckShareHelper() {
- if (!$this->appManager->isEnabledForUser('deck')) {
- throw new QueryException();
- }
- return $this->serverContainer->get('\OCA\Deck\Sharing\ShareAPIHelper');
- }
- /**
- * Returns the helper of ShareAPIHelper for sciencemesh shares.
- *
- * If the sciencemesh application is not enabled or the helper is not available
- * a QueryException is thrown instead.
- *
- * @return \OCA\Deck\Sharing\ShareAPIHelper
- * @throws QueryException
- */
- private function getSciencemeshShareHelper() {
- if (!$this->appManager->isEnabledForUser('sciencemesh')) {
- throw new QueryException();
- }
- return $this->serverContainer->get('\OCA\ScienceMesh\Sharing\ShareAPIHelper');
- }
- /**
- * @param string $viewer
- * @param Node $node
- * @param bool $reShares
- *
- * @return IShare[]
- */
- private function getSharesFromNode(string $viewer, $node, bool $reShares): array {
- $providers = [
- IShare::TYPE_USER,
- IShare::TYPE_GROUP,
- IShare::TYPE_LINK,
- IShare::TYPE_EMAIL,
- IShare::TYPE_CIRCLE,
- IShare::TYPE_ROOM,
- IShare::TYPE_DECK,
- IShare::TYPE_SCIENCEMESH
- ];
- // Should we assume that the (currentUser) viewer is the owner of the node !?
- $shares = [];
- foreach ($providers as $provider) {
- if (!$this->shareManager->shareProviderExists($provider)) {
- continue;
- }
- $providerShares =
- $this->shareManager->getSharesBy($viewer, $provider, $node, $reShares, -1, 0);
- $shares = array_merge($shares, $providerShares);
- }
- if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
- $federatedShares = $this->shareManager->getSharesBy(
- $this->userId, IShare::TYPE_REMOTE, $node, $reShares, -1, 0
- );
- $shares = array_merge($shares, $federatedShares);
- }
- if ($this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
- $federatedShares = $this->shareManager->getSharesBy(
- $this->userId, IShare::TYPE_REMOTE_GROUP, $node, $reShares, -1, 0
- );
- $shares = array_merge($shares, $federatedShares);
- }
- return $shares;
- }
- /**
- * @param Node $node
- *
- * @throws SharingRightsException
- */
- private function confirmSharingRights(Node $node): void {
- if (!$this->hasResharingRights($this->userId, $node)) {
- throw new SharingRightsException($this->l->t('No sharing rights on this item'));
- }
- }
- /**
- * @param string $viewer
- * @param Node $node
- *
- * @return bool
- */
- private function hasResharingRights($viewer, $node): bool {
- if ($viewer === $node->getOwner()->getUID()) {
- return true;
- }
- foreach ([$node, $node->getParent()] as $node) {
- $shares = $this->getSharesFromNode($viewer, $node, true);
- foreach ($shares as $share) {
- try {
- if ($this->shareProviderResharingRights($viewer, $share, $node)) {
- return true;
- }
- } catch (InvalidPathException|NotFoundException $e) {
- }
- }
- }
- return false;
- }
- /**
- * Returns if we can find resharing rights in an IShare object for a specific user.
- *
- * @suppress PhanUndeclaredClassMethod
- *
- * @param string $userId
- * @param IShare $share
- * @param Node $node
- *
- * @return bool
- * @throws NotFoundException
- * @throws InvalidPathException
- */
- private function shareProviderResharingRights(string $userId, IShare $share, $node): bool {
- if ($share->getShareOwner() === $userId) {
- return true;
- }
- // we check that current user have parent resharing rights on the current file
- if ($node !== null && ($node->getPermissions() & Constants::PERMISSION_SHARE) !== 0) {
- return true;
- }
- if ((Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) {
- return false;
- }
- if ($share->getShareType() === IShare::TYPE_USER && $share->getSharedWith() === $userId) {
- return true;
- }
- if ($share->getShareType() === IShare::TYPE_GROUP && $this->groupManager->isInGroup($userId, $share->getSharedWith())) {
- return true;
- }
- if ($share->getShareType() === IShare::TYPE_CIRCLE && \OC::$server->getAppManager()->isEnabledForUser('circles')
- && class_exists('\OCA\Circles\Api\v1\Circles')) {
- $hasCircleId = (str_ends_with($share->getSharedWith(), ']'));
- $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
- $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
- if ($shareWithLength === false) {
- $sharedWith = substr($share->getSharedWith(), $shareWithStart);
- } else {
- $sharedWith = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
- }
- try {
- $member = Circles::getMember($sharedWith, $userId, 1);
- if ($member->getLevel() >= 4) {
- return true;
- }
- return false;
- } catch (QueryException $e) {
- return false;
- }
- }
- return false;
- }
- /**
- * Get all the shares for the current user
- *
- * @param Node|null $path
- * @param boolean $reshares
- * @return IShare[]
- */
- private function getAllShares(?Node $path = null, bool $reshares = false) {
- // Get all shares
- $userShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_USER, $path, $reshares, -1, 0);
- $groupShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_GROUP, $path, $reshares, -1, 0);
- $linkShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_LINK, $path, $reshares, -1, 0);
- // EMAIL SHARES
- $mailShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_EMAIL, $path, $reshares, -1, 0);
- // TEAM SHARES
- $circleShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_CIRCLE, $path, $reshares, -1, 0);
- // TALK SHARES
- $roomShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_ROOM, $path, $reshares, -1, 0);
- // DECK SHARES
- $deckShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_DECK, $path, $reshares, -1, 0);
- // SCIENCEMESH SHARES
- $sciencemeshShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_SCIENCEMESH, $path, $reshares, -1, 0);
- // FEDERATION
- if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
- $federatedShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_REMOTE, $path, $reshares, -1, 0);
- } else {
- $federatedShares = [];
- }
- if ($this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
- $federatedGroupShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_REMOTE_GROUP, $path, $reshares, -1, 0);
- } else {
- $federatedGroupShares = [];
- }
- return array_merge($userShares, $groupShares, $linkShares, $mailShares, $circleShares, $roomShares, $deckShares, $sciencemeshShares, $federatedShares, $federatedGroupShares);
- }
- /**
- * merging already formatted shares.
- * We'll make an associative array to easily detect duplicate Ids.
- * Keys _needs_ to be removed after all shares are retrieved and merged.
- *
- * @param array $shares
- * @param array $newShares
- */
- private function mergeFormattedShares(array &$shares, array $newShares) {
- foreach ($newShares as $newShare) {
- if (!array_key_exists($newShare['id'], $shares)) {
- $shares[$newShare['id']] = $newShare;
- }
- }
- }
- /**
- * @param IShare $share
- * @param string|null $attributesString
- * @return IShare modified share
- */
- private function setShareAttributes(IShare $share, ?string $attributesString) {
- $newShareAttributes = null;
- if ($attributesString !== null) {
- $newShareAttributes = $this->shareManager->newShare()->newAttributes();
- $formattedShareAttributes = \json_decode($attributesString, true);
- if (is_array($formattedShareAttributes)) {
- foreach ($formattedShareAttributes as $formattedAttr) {
- $newShareAttributes->setAttribute(
- $formattedAttr['scope'],
- $formattedAttr['key'],
- $formattedAttr['value'],
- );
- }
- } else {
- throw new OCSBadRequestException($this->l->t('Invalid share attributes provided: "%s"', [$attributesString]));
- }
- }
- $share->setAttributes($newShareAttributes);
- return $share;
- }
- private function checkInheritedAttributes(IShare $share): void {
- if (!$share->getSharedBy()) {
- return; // Probably in a test
- }
- $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
- $node = $userFolder->getFirstNodeById($share->getNodeId());
- if (!$node) {
- return;
- }
- if ($node->getStorage()->instanceOfStorage(SharedStorage::class)) {
- $storage = $node->getStorage();
- if ($storage instanceof Wrapper) {
- $storage = $storage->getInstanceOfStorage(SharedStorage::class);
- if ($storage === null) {
- throw new \RuntimeException('Should not happen, instanceOfStorage but getInstanceOfStorage return null');
- }
- } else {
- throw new \RuntimeException('Should not happen, instanceOfStorage but not a wrapper');
- }
- /** @var SharedStorage $storage */
- $inheritedAttributes = $storage->getShare()->getAttributes();
- if ($inheritedAttributes !== null && $inheritedAttributes->getAttribute('permissions', 'download') === false) {
- $share->setHideDownload(true);
- $attributes = $share->getAttributes();
- if ($attributes) {
- $attributes->setAttribute('permissions', 'download', false);
- $share->setAttributes($attributes);
- }
- }
- }
- }
- /**
- * Send a mail notification again for a share.
- * The mail_send option must be enabled for the given share.
- * @param string $id the share ID
- * @param string $password the password to check against. Necessary for password protected shares.
- * @throws OCSNotFoundException Share not found
- * @throws OCSForbiddenException You are not allowed to send mail notifications
- * @throws OCSBadRequestException Invalid request or wrong password
- * @throws OCSException Error while sending mail notification
- * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
- *
- * 200: The email notification was sent successfully
- */
- #[NoAdminRequired]
- #[UserRateLimit(limit: 5, period: 120)]
- public function sendShareEmail(string $id, $password = ''): DataResponse {
- try {
- $share = $this->getShareById($id);
- if (!$this->canAccessShare($share, false)) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- if (!$this->canEditShare($share)) {
- throw new OCSForbiddenException($this->l->t('You are not allowed to send mail notifications'));
- }
- // For mail and link shares, the user must be
- // the owner of the share, not only the file owner.
- if ($share->getShareType() === IShare::TYPE_EMAIL
- || $share->getShareType() === IShare::TYPE_LINK) {
- if ($share->getSharedBy() !== $this->userId) {
- throw new OCSForbiddenException($this->l->t('You are not allowed to send mail notifications'));
- }
- }
- try {
- $provider = $this->factory->getProviderForType($share->getShareType());
- if (!($provider instanceof IShareProviderWithNotification)) {
- throw new OCSBadRequestException($this->l->t('No mail notification configured for this share type'));
- }
- // Circumvent the password encrypted data by
- // setting the password clear. We're not storing
- // the password clear, it is just a temporary
- // object manipulation. The password will stay
- // encrypted in the database.
- if ($share->getPassword() !== null && $share->getPassword() !== $password) {
- if (!$this->shareManager->checkPassword($share, $password)) {
- throw new OCSBadRequestException($this->l->t('Wrong password'));
- }
- $share = $share->setPassword($password);
- }
- $provider->sendMailNotification($share);
- return new DataResponse();
- } catch (Exception $e) {
- $this->logger->error($e->getMessage(), ['exception' => $e]);
- throw new OCSException($this->l->t('Error while sending mail notification'));
- }
- } catch (ShareNotFound $e) {
- throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
- }
- }
- }
|