diff --git a/lib/Mount/GroupFolderStorage.php b/lib/Mount/GroupFolderStorage.php index 0b0dbe37d..94daba55e 100644 --- a/lib/Mount/GroupFolderStorage.php +++ b/lib/Mount/GroupFolderStorage.php @@ -10,16 +10,17 @@ use OC\Files\ObjectStore\ObjectStoreScanner; use OC\Files\ObjectStore\ObjectStoreStorage; use OC\Files\Storage\Wrapper\Quota; +use OCP\Files\Cache\ICache; use OCP\Files\Cache\ICacheEntry; use OCP\IUser; use OCP\IUserSession; class GroupFolderStorage extends Quota { private int $folderId; - private ICacheEntry $rootEntry; + private ?ICacheEntry $rootEntry; private IUserSession $userSession; - private ?IUser $mountOwner = null; - /** @var RootEntryCache|null */ + private ?IUser $mountOwner; + /** @var ICache|null */ public $cache = null; public function __construct($parameters) { @@ -53,7 +54,12 @@ public function getCache($path = '', $storage = null) { $storage = $this; } - $this->cache = new RootEntryCache(parent::getCache($path, $storage), $this->rootEntry); + $cache = parent::getCache($path, $storage); + if ($this->rootEntry !== null) { + $cache = new RootEntryCache($cache, $this->rootEntry); + } + $this->cache = $cache; + return $this->cache; } diff --git a/lib/Mount/MountProvider.php b/lib/Mount/MountProvider.php index 49354b18a..edada0aa9 100644 --- a/lib/Mount/MountProvider.php +++ b/lib/Mount/MountProvider.php @@ -128,7 +128,7 @@ public function getMountsForUser(IUser $user, IStorageFactory $loader) { $aclManager = $this->aclManagerFactory->getACLManager($user, $this->getRootStorageId()); $rootRules = $aclManager->getRelevantRulesForPath($aclRootPaths); - return array_values(array_filter(array_map(function ($folder) use ($user, $loader, $conflicts, $aclManager, $rootRules) { + return array_merge(...array_filter(array_map(function (array $folder) use ($user, $loader, $conflicts, $aclManager, $rootRules): ?array { // check for existing files in the user home and rename them if needed $originalFolderName = $folder['mount_point']; if (in_array($originalFolderName, $conflicts)) { @@ -147,7 +147,7 @@ public function getMountsForUser(IUser $user, IStorageFactory $loader) { $userStorage->getPropagator()->propagateChange("files/$folderName", time()); } - return $this->getMount( + $mount = $this->getMount( $folder['folder_id'], '/' . $user->getUID() . '/files/' . $folder['mount_point'], $folder['permissions'], @@ -159,6 +159,22 @@ public function getMountsForUser(IUser $user, IStorageFactory $loader) { $aclManager, $rootRules ); + if (!$mount) { + return null; + } + $trashMount = $this->getTrashMount( + $folder['folder_id'], + '/' . $user->getUID() . '/files_trashbin/groupfolders/' . $folder['folder_id'], + $folder['quota'], + $loader, + $user + ); + + return [ + $mount, + $trashMount, + ]; + }, $folders))); } @@ -181,16 +197,16 @@ private function getCurrentUID(): ?string { } public function getMount( - int $id, - string $mountPoint, - int $permissions, - int $quota, - ?ICacheEntry $cacheEntry = null, + int $id, + string $mountPoint, + int $permissions, + int $quota, + ?ICacheEntry $cacheEntry = null, ?IStorageFactory $loader = null, - bool $acl = false, - ?IUser $user = null, - ?ACLManager $aclManager = null, - array $rootRules = [] + bool $acl = false, + ?IUser $user = null, + ?ACLManager $aclManager = null, + array $rootRules = [] ): ?IMountPoint { if (!$cacheEntry) { // trigger folder creation @@ -220,52 +236,91 @@ public function getMount( $cacheEntry['permissions'] &= $aclRootPermissions; } + $quotaStorage = $this->getGroupFolderStorage($id, $storage, $user, $rootPath, $quota, $cacheEntry); + + $maskedStore = new PermissionsMask([ + 'storage' => $quotaStorage, + 'mask' => $permissions, + ]); + + if (!$this->allowRootShare) { + $maskedStore = new RootPermissionsMask([ + 'storage' => $maskedStore, + 'mask' => Constants::PERMISSION_ALL - Constants::PERMISSION_SHARE, + ]); + } + + return new GroupMountPoint( + $id, + $maskedStore, + $mountPoint, + null, + $loader + ); + } + + public function getTrashMount( + int $id, + string $mountPoint, + int $quota, + IStorageFactory $loader, + IUser $user, + ): IMountPoint { + + $storage = $this->getRootFolder()->getStorage(); + + $storage->setOwner($user->getUID()); + + $trashPath = $this->getRootFolder()->getInternalPath() . '/trash/' . $id; + + $trashStorage = $this->getGroupFolderStorage($id, $storage, $user, $trashPath, $quota, null); + + return new GroupMountPoint( + $id, + $trashStorage, + $mountPoint, + null, + $loader + ); + } + + public function getGroupFolderStorage( + int $id, + IStorage $rootStorage, + ?IUser $user, + string $rootPath, + int $quota, + ?ICacheEntry $rootCacheEntry, + ): IStorage { if ($this->enableEncryption) { $baseStorage = new GroupFolderEncryptionJail([ - 'storage' => $storage, - 'root' => $rootPath + 'storage' => $rootStorage, + 'root' => $rootPath, ]); $quotaStorage = new GroupFolderStorage([ 'storage' => $baseStorage, 'quota' => $quota, 'folder_id' => $id, - 'rootCacheEntry' => $cacheEntry, + 'rootCacheEntry' => $rootCacheEntry, 'userSession' => $this->userSession, 'mountOwner' => $user, ]); } else { $baseStorage = new Jail([ - 'storage' => $storage, - 'root' => $rootPath + 'storage' => $rootStorage, + 'root' => $rootPath, ]); $quotaStorage = new GroupFolderNoEncryptionStorage([ 'storage' => $baseStorage, 'quota' => $quota, 'folder_id' => $id, - 'rootCacheEntry' => $cacheEntry, + 'rootCacheEntry' => $rootCacheEntry, 'userSession' => $this->userSession, 'mountOwner' => $user, ]); } - $maskedStore = new PermissionsMask([ - 'storage' => $quotaStorage, - 'mask' => $permissions - ]); - - if (!$this->allowRootShare) { - $maskedStore = new RootPermissionsMask([ - 'storage' => $maskedStore, - 'mask' => Constants::PERMISSION_ALL - Constants::PERMISSION_SHARE, - ]); - } - return new GroupMountPoint( - $id, - $maskedStore, - $mountPoint, - null, - $loader - ); + return $quotaStorage; } public function getJailPath(int $folderId): string { diff --git a/lib/Trash/GroupTrashItem.php b/lib/Trash/GroupTrashItem.php index 819db698c..2ccdbcb76 100644 --- a/lib/Trash/GroupTrashItem.php +++ b/lib/Trash/GroupTrashItem.php @@ -6,7 +6,6 @@ namespace OCA\GroupFolders\Trash; -use OC\Files\Storage\Wrapper\Jail; use OCA\Files_Trashbin\Trash\ITrashBackend; use OCA\Files_Trashbin\Trash\TrashItem; use OCP\Files\FileInfo; @@ -45,18 +44,7 @@ public function getTitle(): string { return $this->getGroupFolderMountPoint() . '/' . $this->getOriginalLocation(); } - public function getStorage() { - // get the unjailed storage, since the trash item is outside the jail - // (the internal path is also unjailed) - $groupFolderStorage = parent::getStorage(); - if ($groupFolderStorage->instanceOfStorage(Jail::class)) { - /** @var Jail $groupFolderStorage */ - return $groupFolderStorage->getUnjailedStorage(); - } - return $groupFolderStorage; - } - - public function getMtime() { + public function getMtime(): int { // trashbin is currently (incorrectly) assuming these to be the same return $this->getDeletedTime(); } diff --git a/lib/Trash/TrashBackend.php b/lib/Trash/TrashBackend.php index 98a27a240..7cfd19432 100644 --- a/lib/Trash/TrashBackend.php +++ b/lib/Trash/TrashBackend.php @@ -6,8 +6,12 @@ namespace OCA\GroupFolders\Trash; +use OC\Encryption\Exceptions\DecryptionFailedException; +use OC\Files\ObjectStore\ObjectStoreStorage; +use OC\Files\Storage\Wrapper\Encryption; use OC\Files\Storage\Wrapper\Jail; use OCA\Files_Trashbin\Expiration; +use OCA\Files_Trashbin\Storage; use OCA\Files_Trashbin\Trash\ITrashBackend; use OCA\Files_Trashbin\Trash\ITrashItem; use OCA\GroupFolders\ACL\ACLManagerFactory; @@ -67,14 +71,16 @@ public function listTrashFolder(ITrashItem $trashItem): array { return []; } $user = $trashItem->getUser(); - $folder = $this->getNodeForTrashItem($user, $trashItem); - if (!$folder instanceof Folder) { + $folderNode = $this->getNodeForTrashItem($user, $trashItem); + if (!$folderNode instanceof Folder) { return []; } - $content = $folder->getDirectoryListing(); + + $content = $folderNode->getDirectoryListing(); $this->aclManagerFactory->getACLManager($user)->preloadRulesForFolder($trashItem->getPath()); - return array_values(array_filter(array_map(function (Node $node) use ($trashItem, $user) { - if (!$this->userHasAccessToPath($user, $trashItem->getPath() . '/' . $node->getName())) { + + return array_values(array_filter(array_map(function (Node $node) use ($trashItem, $user): ?GroupTrashItem { + if (!$this->userHasAccessToPath($user, $this->getUnJailedPath($node))) { return null; } return new GroupTrashItem( @@ -99,6 +105,7 @@ public function restoreItem(ITrashItem $item) { throw new \LogicException('Trying to restore normal trash item in group folder trash backend'); } $user = $item->getUser(); + $userFolder = $this->rootFolder->getUserFolder($user->getUID()); [, $folderId] = explode('/', $item->getTrashPath()); $node = $this->getNodeForTrashItem($user, $item); if ($node === null) { @@ -114,7 +121,7 @@ public function restoreItem(ITrashItem $item) { $trashStorage = $node->getStorage(); /** @var Folder $targetFolder */ - $targetFolder = $this->mountProvider->getFolder((int)$folderId); + $targetFolder = $userFolder->get($item->getGroupFolderMountPoint()); $originalLocation = $item->getInternalOriginalLocation(); $parent = dirname($originalLocation); if ($parent === '.') { @@ -138,7 +145,7 @@ public function restoreItem(ITrashItem $item) { $target .= ' (' . $i . ')'; if (isset($info['extension'])) { - $target .= $info['extension']; + $target .= '.' . $info['extension']; } return $target; @@ -151,8 +158,19 @@ public function restoreItem(ITrashItem $item) { } $targetLocation = $targetFolder->getInternalPath() . '/' . $originalLocation; - $targetFolder->getStorage()->moveFromStorage($trashStorage, $node->getInternalPath(), $targetLocation); - $targetFolder->getStorage()->getUpdater()->renameFromStorage($trashStorage, $node->getInternalPath(), $targetLocation); + $targetStorage = $targetFolder->getStorage(); + $trashLocation = $node->getInternalPath(); + try { + $targetStorage->moveFromStorage($trashStorage, $trashLocation, $targetLocation); + $targetStorage->getUpdater()->renameFromStorage($trashStorage, $trashLocation, $targetLocation); + } catch (DecryptionFailedException $e) { + // Before https://github.com/nextcloud/groupfolders/pull/3425 the key would be in the wrong place, leading to the decryption failure. + // for those we fall back to the old restore behavior + [$unwrappedTargetStorage, $unwrappedTargetLocation] = $this->unwrapJails($targetStorage, $targetLocation); + [$unwrappedTrashStorage, $unwrappedTrashLocation] = $this->unwrapJails($trashStorage, $trashLocation); + $unwrappedTargetStorage->moveFromStorage($unwrappedTrashStorage, $unwrappedTrashLocation, $unwrappedTargetLocation); + $unwrappedTargetStorage->getUpdater()->renameFromStorage($unwrappedTrashStorage, $unwrappedTrashLocation, $unwrappedTargetLocation); + } $this->trashManager->removeItem((int)$folderId, $item->getName(), $item->getDeletedTime()); \OCP\Util::emitHook( '\OCA\Files_Trashbin\Trashbin', @@ -164,6 +182,18 @@ public function restoreItem(ITrashItem $item) { ); } + private function unwrapJails(IStorage $storage, string $internalPath): array { + $unJailedInternalPath = $internalPath; + $unJailedStorage = $storage; + while ($unJailedStorage->instanceOfStorage(Jail::class)) { + $unJailedStorage = $unJailedStorage->getWrapperStorage(); + if ($unJailedStorage instanceof Jail) { + $unJailedInternalPath = $unJailedStorage->getUnjailedPath($unJailedInternalPath); + } + } + return [$unJailedStorage, $unJailedInternalPath]; + } + /** * @return void * @throw \LogicException @@ -205,16 +235,35 @@ public function moveToTrash(IStorage $storage, string $internalPath): bool { $name = basename($internalPath); $fileEntry = $storage->getCache()->get($internalPath); $folderId = $storage->getFolderId(); - $trashFolder = $this->getTrashFolder($folderId); + $user = $this->userSession->getUser(); + if (!$user) { + throw new \Exception("file moved to trash with no user in context"); + } + // ensure the folder exists + $this->getTrashFolder($folderId); + + $trashFolder = $this->rootFolder->get('/' . $user->getUID() . '/files_trashbin/groupfolders/' . $folderId); $trashStorage = $trashFolder->getStorage(); $time = time(); $trashName = $name . '.d' . $time; - [$unJailedStorage, $unJailedInternalPath] = $this->unwrapJails($storage, $internalPath); $targetInternalPath = $trashFolder->getInternalPath() . '/' . $trashName; - if ($trashStorage->moveFromStorage($unJailedStorage, $unJailedInternalPath, $targetInternalPath)) { - $this->trashManager->addTrashItem($folderId, $name, $time, $internalPath, $fileEntry->getId(), $this->userSession->getUser()->getUID()); - if ($trashStorage->getCache()->getId($targetInternalPath) !== $fileEntry->getId()) { - $trashStorage->getCache()->moveFromCache($unJailedStorage->getCache(), $unJailedInternalPath, $targetInternalPath); + // until the fix from https://github.com/nextcloud/server/pull/49262 is in all versions we support we need to manually disable the optimization + if ($storage->instanceOfStorage(Encryption::class)) { + $result = $this->moveFromEncryptedStorage($storage, $trashStorage, $internalPath, $targetInternalPath); + } else { + $result = $trashStorage->moveFromStorage($storage, $internalPath, $targetInternalPath); + } + if ($result) { + $this->trashManager->addTrashItem($folderId, $name, $time, $internalPath, $fileEntry->getId(), $user->getUID()); + + // some storage backends (object/encryption) can either already move the cache item or cause the target to be scanned + // so we only conditionally do the cache move here + if (!$trashStorage->getCache()->inCache($targetInternalPath)) { + // doesn't exist in target yet, do the move + $trashStorage->getCache()->moveFromCache($storage->getCache(), $internalPath, $targetInternalPath); + } elseif ($storage->getCache()->inCache($internalPath)) { + // exists in both source and target, cleanup source + $storage->getCache()->remove($internalPath); } } else { throw new \Exception("Failed to move groupfolder item to trash"); @@ -225,16 +274,43 @@ public function moveToTrash(IStorage $storage, string $internalPath): bool { } } - private function unwrapJails(IStorage $storage, string $internalPath): array { - $unJailedInternalPath = $internalPath; - $unJailedStorage = $storage; - while ($unJailedStorage->instanceOfStorage(Jail::class)) { - $unJailedStorage = $unJailedStorage->getWrapperStorage(); - if ($unJailedStorage instanceof Jail) { - $unJailedInternalPath = $unJailedStorage->getUnjailedPath($unJailedInternalPath); + /** + * move from storage when we can't just move within the storage + * + * This is copied from the fallback implementation from Common::moveFromStorage + */ + private function moveFromEncryptedStorage(IStorage $sourceStorage, IStorage $targetStorage, string $sourceInternalPath, string $targetInternalPath): bool { + if (!$sourceStorage->isDeletable($sourceInternalPath)) { + return false; + } + + // the trash should be the top wrapper, remove it to prevent recursive attempts to move to trash + if ($sourceStorage instanceof Storage) { + $sourceStorage = $sourceStorage->getWrapperStorage(); + } + + /** @psalm-suppress TooManyArguments */ + $result = $targetStorage->copyFromStorage($sourceStorage, $sourceInternalPath, $targetInternalPath, true); + if ($result) { + // hacky workaround to make sure we don't rely on a newer minor version + if ($sourceStorage->instanceOfStorage(ObjectStoreStorage::class) && is_callable([$sourceStorage, 'setPreserveCacheOnDelete'])) { + /** @var ObjectStoreStorage $sourceStorage */ + $sourceStorage->setPreserveCacheOnDelete(true); + } + try { + if ($sourceStorage->is_dir($sourceInternalPath)) { + $result = $sourceStorage->rmdir($sourceInternalPath); + } else { + $result = $sourceStorage->unlink($sourceInternalPath); + } + } finally { + if ($sourceStorage->instanceOfStorage(ObjectStoreStorage::class) && is_callable([$sourceStorage, 'setPreserveCacheOnDelete'])) { + /** @var ObjectStoreStorage $sourceStorage */ + $sourceStorage->setPreserveCacheOnDelete(false); + } } } - return [$unJailedStorage, $unJailedInternalPath]; + return $result; } private function userHasAccessToFolder(IUser $user, int $folderId): bool { @@ -257,10 +333,12 @@ private function userHasAccessToPath( private function getNodeForTrashItem(IUser $user, ITrashItem $trashItem): ?Node { [, $folderId, $path] = explode('/', $trashItem->getTrashPath(), 3); + $folderId = (int)$folderId; $folders = $this->folderManager->getFoldersForUser($user); foreach ($folders as $groupFolder) { - if ($groupFolder['folder_id'] === (int)$folderId) { - $trashRoot = $this->getTrashFolder((int)$folderId); + if ($groupFolder['folder_id'] === $folderId) { + /** @var Folder $trashRoot */ + $trashRoot = $this->rootFolder->get('/' . $user->getUID() . '/files_trashbin/groupfolders/' . $folderId); try { $node = $trashRoot->get($path); if (!$this->userHasAccessToPath($user, $trashItem->getPath())) { @@ -294,6 +372,17 @@ private function getTrashFolder(int $folderId): Folder { } } + private function getUnJailedPath(Node $node): string { + $storage = $node->getStorage(); + $path = $node->getInternalPath(); + while ($storage->instanceOfStorage(Jail::class)) { + /** @var Jail $storage */ + $path = $storage->getUnjailedPath($path); + $storage = $storage->getUnjailedStorage(); + } + return $path; + } + /** * @param list $folders * @return list @@ -315,10 +404,16 @@ private function getTrashForFolders(IUser $user, array $folders): array { $folderId = $folder['folder_id']; $folderHasAcl = $folder['acl']; $mountPoint = $folder['mount_point']; - $trashFolder = $this->getTrashFolder($folderId); + + // ensure the trash folder exists + $this->getTrashFolder($folderId); + + + /** @var Folder $trashFolder */ + $trashFolder = $this->rootFolder->get('/' . $user->getUID() . '/files_trashbin/groupfolders/' . $folderId); $content = $trashFolder->getDirectoryListing(); $userCanManageAcl = $this->folderManager->canManageACL($folderId, $user); - $this->aclManagerFactory->getACLManager($user)->preloadRulesForFolder($trashFolder->getPath()); + $this->aclManagerFactory->getACLManager($user)->preloadRulesForFolder($this->getUnJailedPath($trashFolder)); foreach ($content as $item) { /** @var \OC\Files\Node\Node $item */ $pathParts = pathinfo($item->getName()); @@ -334,7 +429,7 @@ private function getTrashForFolders(IUser $user, array $folders): array { if ($originalLocation === '' && !$userCanManageAcl) { continue; } - if (!$this->userHasAccessToPath($user, $item->getPath())) { + if (!$this->userHasAccessToPath($user, $this->getUnJailedPath($item))) { continue; } // if a parent of the original location has also been deleted, we also need to check it based on the now-deleted parent path diff --git a/tests/stub.phpstub b/tests/stub.phpstub index 75d09a397..5075330bf 100644 --- a/tests/stub.phpstub +++ b/tests/stub.phpstub @@ -359,6 +359,9 @@ namespace OCA\Files_Trashbin { { } } + + class Storage extends \OC\Files\Storage\Wrapper\Wrapper { + } } namespace OCA\Files_Versions\Versions { @@ -1560,7 +1563,7 @@ namespace OC\Files\Storage\Wrapper{ * @param string $targetInternalPath * @return bool */ - public function copyFromStorage(\OCP\Files\Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath) + public function copyFromStorage(\OCP\Files\Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false) { } /** @@ -2010,7 +2013,7 @@ namespace OC\Files\Storage\Wrapper{ * @param string $targetInternalPath * @return bool */ - public function copyFromStorage(\OCP\Files\Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath) + public function copyFromStorage(\OCP\Files\Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false) { } /** @@ -2125,7 +2128,7 @@ namespace OC\Files\Storage\Wrapper{ * @param string $targetInternalPath * @return bool */ - public function copyFromStorage(\OCP\Files\Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath) + public function copyFromStorage(\OCP\Files\Storage\IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath, $preserveMtime = false) { } /** @@ -2228,6 +2231,8 @@ namespace OC\Files\Storage\Wrapper{ { } } + class Encryption extends \OC\Files\Storage\Wrapper\Wrapper { + } } namespace OC\Files\ObjectStore { @@ -2323,3 +2328,7 @@ namespace OCA\DAV\Connector\Sabre\Exception { public function serialize(\Sabre\DAV\Server $server, \DOMElement $errorNode) {} } } + +namespace OC\Encryption\Exceptions { + class DecryptionFailedException extends \Exception {} +}