From 8fa3e7a6bf42fc907a5e98f01104220b35fee48f Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Mon, 19 Jan 2015 14:39:00 +0100
Subject: [PATCH] Do not retrieve shares through group if user has no group
---
lib/private/share/share.php | 42 +++++++++++++++++++------------------
tests/lib/share/share.php | 27 +++++++++++++++++++++++-
2 files changed, 48 insertions(+), 21 deletions(-)
diff --git a/lib/private/share/share.php b/lib/private/share/share.php
index e5f350a24f..c9f9654203 100644
--- a/lib/private/share/share.php
+++ b/lib/private/share/share.php
@@ -337,27 +337,29 @@ class Share extends \OC\Share\Constants {
if(empty($shares) && $user !== null) {
$groups = \OC_Group::getUserGroups($user);
- $where = 'WHERE `' . $column . '` = ? AND `item_type` = ? AND `share_with` in (?)';
- $arguments = array($itemSource, $itemType, $groups);
- $types = array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY);
-
- if ($owner !== null) {
- $where .= ' AND `uid_owner` = ?';
- $arguments[] = $owner;
- $types[] = null;
- }
-
- // TODO: inject connection, hopefully one day in the future when this
- // class isn't static anymore...
- $conn = \OC_DB::getConnection();
- $result = $conn->executeQuery(
- 'SELECT * FROM `*PREFIX*share` ' . $where,
- $arguments,
- $types
- );
+ if (!empty($groups)) {
+ $where = 'WHERE `' . $column . '` = ? AND `item_type` = ? AND `share_with` in (?)';
+ $arguments = array($itemSource, $itemType, $groups);
+ $types = array(null, null, \Doctrine\DBAL\Connection::PARAM_STR_ARRAY);
+
+ if ($owner !== null) {
+ $where .= ' AND `uid_owner` = ?';
+ $arguments[] = $owner;
+ $types[] = null;
+ }
- while ($row = $result->fetch()) {
- $shares[] = $row;
+ // TODO: inject connection, hopefully one day in the future when this
+ // class isn't static anymore...
+ $conn = \OC_DB::getConnection();
+ $result = $conn->executeQuery(
+ 'SELECT * FROM `*PREFIX*share` ' . $where,
+ $arguments,
+ $types
+ );
+
+ while ($row = $result->fetch()) {
+ $shares[] = $row;
+ }
}
}
diff --git a/tests/lib/share/share.php b/tests/lib/share/share.php
index 4b42036fc2..6a50dd1f96 100644
--- a/tests/lib/share/share.php
+++ b/tests/lib/share/share.php
@@ -27,6 +27,8 @@ class Test_Share extends \Test\TestCase {
protected $user2;
protected $user3;
protected $user4;
+ protected $user5;
+ protected $user6;
protected $groupAndUser;
protected $groupBackend;
protected $group1;
@@ -45,12 +47,14 @@ class Test_Share extends \Test\TestCase {
$this->user3 = $this->getUniqueID('user3_');
$this->user4 = $this->getUniqueID('user4_');
$this->user5 = $this->getUniqueID('user5_');
+ $this->user6 = $this->getUniqueID('user6_');
$this->groupAndUser = $this->getUniqueID('groupAndUser_');
OC_User::createUser($this->user1, 'pass');
OC_User::createUser($this->user2, 'pass');
OC_User::createUser($this->user3, 'pass');
OC_User::createUser($this->user4, 'pass');
OC_User::createUser($this->user5, 'pass');
+ OC_User::createUser($this->user6, 'pass'); // no group
OC_User::createUser($this->groupAndUser, 'pass');
OC_User::setUserId($this->user1);
OC_Group::clearBackends();
@@ -85,6 +89,18 @@ class Test_Share extends \Test\TestCase {
$query->execute(array('test'));
OC_Appconfig::setValue('core', 'shareapi_allow_resharing', $this->resharing);
+ OC_User::deleteUser($this->user1);
+ OC_User::deleteUser($this->user2);
+ OC_User::deleteUser($this->user3);
+ OC_User::deleteUser($this->user4);
+ OC_User::deleteUser($this->user5);
+ OC_User::deleteUser($this->user6);
+ OC_User::deleteUser($this->groupAndUser);
+
+ OC_Group::deleteGroup($this->group1);
+ OC_Group::deleteGroup($this->group2);
+ OC_Group::deleteGroup($this->groupAndUser);
+
parent::tearDown();
}
@@ -720,6 +736,8 @@ class Test_Share extends \Test\TestCase {
$query->execute($args);
$args = array('test', 99, 'target4', OCP\Share::SHARE_TYPE_USER, $this->user3, $this->user4);
$query->execute($args);
+ $args = array('test', 99, 'target4', OCP\Share::SHARE_TYPE_USER, $this->user6, $this->user4);
+ $query->execute($args);
$result1 = \OCP\Share::getItemSharedWithUser('test', 99, $this->user2, $this->user1);
@@ -735,8 +753,12 @@ class Test_Share extends \Test\TestCase {
$this->verifyResult($result3, array('target3', 'target4'));
$result4 = \OCP\Share::getItemSharedWithUser('test', 99, null, null);
- $this->assertSame(4, count($result4));
+ $this->assertSame(5, count($result4)); // 5 because target4 appears twice
$this->verifyResult($result4, array('target1', 'target2', 'target3', 'target4'));
+
+ $result6 = \OCP\Share::getItemSharedWithUser('test', 99, $this->user6, null);
+ $this->assertSame(1, count($result6));
+ $this->verifyResult($result6, array('target4'));
}
public function testGetItemSharedWithUserFromGroupShare() {
@@ -772,6 +794,9 @@ class Test_Share extends \Test\TestCase {
$result4 = \OCP\Share::getItemSharedWithUser('test', 99, null, null);
$this->assertSame(4, count($result4));
$this->verifyResult($result4, array('target1', 'target2', 'target3', 'target4'));
+
+ $result6 = \OCP\Share::getItemSharedWithUser('test', 99, $this->user6, null);
+ $this->assertSame(0, count($result6));
}
public function verifyResult($result, $expected) {
--
GitLab