Skip to content

Commit

Permalink
Merge pull request #11431 from nextcloud/backport/11430/stable26
Browse files Browse the repository at this point in the history
[stable26] fix(attachments): Don't allow selecting shared folders as attachment …
  • Loading branch information
nickvergessen authored Jan 24, 2024
2 parents 5d2a47f + cc6bc3a commit a1b141e
Show file tree
Hide file tree
Showing 13 changed files with 53 additions and 5 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/integration-mysql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ jobs:
test-suite: ['callapi', 'chat', 'chat-2', 'command', 'conversation', 'conversation-2', 'federation', 'integration', 'sharing', 'sharing-2']
php-versions: ['8.2']
server-versions: ['stable26']
guests-versions: ['stable-2.5']
guests-versions: ['stable2.5']
notifications-versions: ['stable26']

services:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/integration-oci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ jobs:
test-suite: ['callapi', 'chat', 'chat-2', 'command', 'conversation', 'conversation-2', 'federation', 'integration', 'sharing', 'sharing-2']
php-versions: ['8.2']
server-versions: ['stable26']
guests-versions: ['stable-2.5']
guests-versions: ['stable2.5']
notifications-versions: ['stable26']

services:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/integration-pgsql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ jobs:
test-suite: ['callapi', 'chat', 'chat-2', 'command', 'conversation', 'conversation-2', 'federation', 'integration', 'sharing', 'sharing-2']
php-versions: ['8.2']
server-versions: ['stable26']
guests-versions: ['stable-2.5']
guests-versions: ['stable2.5']
notifications-versions: ['stable26']

services:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/integration-sqlite.yml
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ jobs:
test-suite: ['callapi', 'chat', 'chat-2', 'command', 'conversation', 'conversation-2', 'federation', 'integration', 'sharing', 'sharing-2']
php-versions: ['8.2']
server-versions: ['stable26']
guests-versions: ['stable-2.5']
guests-versions: ['stable2.5']
notifications-versions: ['stable26']

steps:
Expand Down
1 change: 0 additions & 1 deletion lib/Controller/PageController.php
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,6 @@ class PageController extends Controller {
private RoomController $api;
private TalkSession $talkSession;
private IUserSession $userSession;
private LoggerInterface $logger;
private Manager $manager;
private ParticipantService $participantService;
private RoomService $roomService;
Expand Down
3 changes: 3 additions & 0 deletions lib/Controller/SettingsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -103,6 +103,9 @@ protected function validateUserSetting(string $setting, $value): bool {
if (!$node instanceof Folder) {
throw new NotPermittedException('Node is not a directory');
}
if ($node->isShared()) {
throw new NotPermittedException('Folder is shared');
}
return !$node->getStorage()->instanceOfStorage(SharedStorage::class);
} catch (NotFoundException $e) {
$userFolder->newFolder($value);
Expand Down
3 changes: 3 additions & 0 deletions lib/Files/TemplateLoader.php
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@
use OCP\IUser;
use OCP\IUserSession;
use OCP\Util;
use Psr\Log\LoggerInterface;

/**
* Helper class to add the Talk UI to the sidebar of the Files app.
Expand All @@ -60,6 +61,7 @@ public function __construct(
IAppManager $appManager,
IRootFolder $rootFolder,
IUserSession $userSession,
LoggerInterface $logger,
) {
$this->initialState = $initialState;
$this->memcacheFactory = $memcacheFactory;
Expand All @@ -68,6 +70,7 @@ public function __construct(
$this->appManager = $appManager;
$this->rootFolder = $rootFolder;
$this->userSession = $userSession;
$this->logger = $logger;
}


Expand Down
3 changes: 3 additions & 0 deletions lib/PublicShare/TemplateLoader.php
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
use OCP\ICacheFactory;
use OCP\IConfig;
use OCP\Util;
use Psr\Log\LoggerInterface;

/**
* Helper class to extend the "publicshare" template from the server.
Expand All @@ -52,11 +53,13 @@ public function __construct(
ICacheFactory $memcacheFactory,
Config $talkConfig,
IConfig $serverConfig,
LoggerInterface $logger,
) {
$this->initialState = $initialState;
$this->talkConfig = $talkConfig;
$this->memcacheFactory = $memcacheFactory;
$this->serverConfig = $serverConfig;
$this->logger = $logger;
}

/**
Expand Down
3 changes: 3 additions & 0 deletions lib/PublicShareAuth/TemplateLoader.php
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,7 @@
use OCP\ICacheFactory;
use OCP\IConfig;
use OCP\Util;
use Psr\Log\LoggerInterface;

/**
* Helper class to extend the "publicshareauth" template from the server.
Expand All @@ -51,11 +52,13 @@ public function __construct(
ICacheFactory $memcacheFactory,
Config $talkConfig,
IConfig $serverConfig,
LoggerInterface $logger,
) {
$this->initialState = $initialState;
$this->talkConfig = $talkConfig;
$this->memcacheFactory = $memcacheFactory;
$this->serverConfig = $serverConfig;
$this->logger = $logger;
}

/**
Expand Down
9 changes: 9 additions & 0 deletions lib/Service/RecordingService.php
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,7 @@
use OCP\Files\IRootFolder;
use OCP\Files\NotFoundException;
use OCP\Files\NotPermittedException;
use OCP\IConfig;
use OCP\Notification\IManager;
use OCP\Share\IManager as ShareManager;
use OCP\Share\IShare;
Expand Down Expand Up @@ -72,6 +73,7 @@ public function __construct(
protected Manager $roomManager,
protected ITimeFactory $timeFactory,
protected Config $config,
protected IConfig $serverConfig,
protected RoomService $roomService,
protected ShareManager $shareManager,
protected ChatManager $chatManager,
Expand Down Expand Up @@ -190,6 +192,13 @@ private function getRecordingFolder(string $owner, string $token): Folder {
try {
/** @var \OCP\Files\Folder */
$recordingRootFolder = $userFolder->get($recordingRootFolderName);
if ($recordingRootFolder->isShared()) {
$this->logger->error('Talk attachment folder for user {userId} is set to a shared folder. Resetting to their root.', [
'userId' => $owner,
]);

$this->serverConfig->setUserValue($owner, 'spreed', 'attachment_folder', '/');
}
} catch (NotFoundException $e) {
/** @var \OCP\Files\Folder */
$recordingRootFolder = $userFolder->newFolder($recordingRootFolderName);
Expand Down
9 changes: 9 additions & 0 deletions lib/TInitialState.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
use OCP\IConfig;
use OCP\IUser;
use OCP\Util;
use Psr\Log\LoggerInterface;

trait TInitialState {
/** @var Config */
Expand All @@ -44,6 +45,8 @@ trait TInitialState {
protected $initialState;
/** @var ICacheFactory */
protected $memcacheFactory;
/** @var LoggerInterface */
protected $logger;

protected function publishInitialStateShared(): void {
// Needed to enable the screensharing extension in Chromium < 72
Expand Down Expand Up @@ -134,6 +137,12 @@ protected function publishInitialStateForUser(IUser $user, IRootFolder $rootFold
try {
try {
$folder = $userFolder->get($attachmentFolder);
if ($folder->isShared()) {
$this->logger->error('Talk attachment folder for user {userId} is set to a shared folder. Resetting to their root.', [
'userId' => $user->getUID(),
]);
throw new NotPermittedException('Folder is shared');
}
} catch (NotFoundException $e) {
$folder = $userFolder->newFolder($attachmentFolder);
}
Expand Down
14 changes: 14 additions & 0 deletions tests/integration/features/sharing/settings.feature
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
Feature: sharing/settings

Background:
Given user "participant1" exists
Given user "participant2" exists

Scenario: Do not allow setting a shared folder as attachment_folder
Given user "participant1" creates folder "/test"
When user "participant1" sets setting "attachment_folder" to "/test" with 200 (v1)
Then user "participant1" has capability "spreed=>config=>attachments=>folder" set to "/test"
Given user "participant2" creates folder "/test-participant2"
Given user "participant2" shares "/test-participant2" with user "participant1" with OCS 100
When user "participant1" sets setting "attachment_folder" to "/test-participant2" with 400 (v1)
Then user "participant1" has capability "spreed=>config=>attachments=>folder" set to "/test"
5 changes: 5 additions & 0 deletions tests/php/Service/RecordingServiceTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -48,6 +48,7 @@ function is_uploaded_file($filename) {
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Files\IMimeTypeDetector;
use OCP\Files\IRootFolder;
use OCP\IConfig;
use OCP\Notification\IManager;
use OCP\Share\IManager as ShareManager;
use PHPUnit\Framework\MockObject\MockObject;
Expand All @@ -63,6 +64,8 @@ class RecordingServiceTest extends TestCase {
private $rootFolder;
/** @var Config|MockObject */
private $config;
/** @var IConfig|MockObject */
private $serverConfig;
/** @var IManager|MockObject */
private $notificationManager;
/** @var Manager|MockObject */
Expand Down Expand Up @@ -92,6 +95,7 @@ public function setUp(): void {
$this->roomManager = $this->createMock(Manager::class);
$this->timeFactory = $this->createMock(ITimeFactory::class);
$this->config = $this->createMock(Config::class);
$this->serverConfig = $this->createMock(IConfig::class);
$this->roomService = $this->createMock(RoomService::class);
$this->shareManager = $this->createMock(ShareManager::class);
$this->chatManager = $this->createMock(ChatManager::class);
Expand All @@ -106,6 +110,7 @@ public function setUp(): void {
$this->roomManager,
$this->timeFactory,
$this->config,
$this->serverConfig,
$this->roomService,
$this->shareManager,
$this->chatManager,
Expand Down

0 comments on commit a1b141e

Please sign in to comment.