Merge pull request #26727 from nextcloud/group-exclude-link-share

Add option to exclude groups from creating link shares

apps/files/lib/Controller/ViewController.php

@@ -55,6 +55,7 @@
 use OCP\IRequest;
 use OCP\IURLGenerator;
 use OCP\IUserSession;
+use OCP\Share\IManager;
 
 /**
  * Class ViewController
@@ -86,6 +87,8 @@ class ViewController extends Controller {
 	private $initialState;
 	/** @var ITemplateManager */
 	private $templateManager;
+	/** @var IManager */
+	private $shareManager;
 
 	public function __construct(string $appName,
 		IRequest $request,
@@ -98,7 +101,8 @@ public function __construct(string $appName,
 		IRootFolder $rootFolder,
 		Helper $activityHelper,
 		IInitialState $initialState,
-		ITemplateManager $templateManager
+		ITemplateManager $templateManager,
+		IManager $shareManager
 	) {
 		parent::__construct($appName, $request);
 		$this->appName = $appName;
@@ -113,6 +117,7 @@ public function __construct(string $appName,
 		$this->activityHelper = $activityHelper;
 		$this->initialState = $initialState;
 		$this->templateManager = $templateManager;
+		$this->shareManager = $shareManager;
 	}
 
 	/**
@@ -302,7 +307,7 @@ public function index($dir = '', $view = '', $fileid = null, $fileNotFound = fal
 		$params['owner'] = $storageInfo['owner'] ?? '';
 		$params['ownerDisplayName'] = $storageInfo['ownerDisplayName'] ?? '';
 		$params['isPublic'] = false;
-		$params['allowShareWithLink'] = $this->config->getAppValue('core', 'shareapi_allow_links', 'yes');
+		$params['allowShareWithLink'] = $this->shareManager->shareApiAllowLinks() ? 'yes' : 'no';
 		$params['defaultFileSorting'] = $this->config->getUserValue($user, 'files', 'file_sorting', 'name');
 		$params['defaultFileSortingDirection'] = $this->config->getUserValue($user, 'files', 'file_sorting_direction', 'asc');
 		$params['showgridview'] = $this->config->getUserValue($user, 'files', 'show_grid', false);

apps/files/list.php

@@ -22,10 +22,14 @@
  *
  */
 
+use OCP\Share\IManager;
+
 $config = \OC::$server->getConfig();
 $userSession = \OC::$server->getUserSession();
 // TODO: move this to the generated config.js
-$publicUploadEnabled = $config->getAppValue('core', 'shareapi_allow_public_upload', 'yes');
+/** @var IManager $shareManager */
+$shareManager = \OC::$server->get(IManager::class);
+$publicUploadEnabled = $shareManager->shareApiLinkAllowPublicUpload() ? 'yes' : 'no';;
 
 $showgridview = $config->getUserValue($userSession->getUser()->getUID(), 'files', 'show_grid', false);
 $isIE = OC_Util::isIe();

apps/files/tests/Controller/ViewControllerTest.php

@@ -48,6 +48,7 @@
 use OCP\IURLGenerator;
 use OCP\IUser;
 use OCP\IUserSession;
+use OCP\Share\IManager;
 use OCP\Template;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Test\TestCase;
@@ -84,6 +85,8 @@ class ViewControllerTest extends TestCase {
 	private $initialState;
 	/** @var ITemplateManager|\PHPUnit\Framework\MockObject\MockObject */
 	private $templateManager;
+	/** @var IManager|\PHPUnit\Framework\MockObject\MockObject */
+	private $shareManager;
 
 	protected function setUp(): void {
 		parent::setUp();
@@ -105,6 +108,7 @@ protected function setUp(): void {
 		$this->activityHelper = $this->createMock(Helper::class);
 		$this->initialState = $this->createMock(IInitialState::class);
 		$this->templateManager = $this->createMock(ITemplateManager::class);
+		$this->shareManager = $this->createMock(IManager::class);
 		$this->viewController = $this->getMockBuilder('\OCA\Files\Controller\ViewController')
 			->setConstructorArgs([
 				'files',
@@ -119,6 +123,7 @@ protected function setUp(): void {
 				$this->activityHelper,
 				$this->initialState,
 				$this->templateManager,
+				$this->shareManager,
 			])
 		->setMethods([
 			'getStorageInfo',
@@ -153,6 +158,8 @@ public function testIndexWithRegularBrowser() {
 				->expects($this->any())
 				->method('getAppValue')
 				->willReturnArgument(2);
+		$this->shareManager->method('shareApiAllowLinks')
+			->willReturn(true);
 
 		$nav = new Template('files', 'appnavigation');
 		$nav->assign('usage_relative', 123);

apps/files_sharing/lib/AppInfo/Application.php

@@ -56,7 +56,9 @@
 use OCP\IDBConnection;
 use OCP\IGroup;
 use OCP\IServerContainer;
+use OCP\IUserSession;
 use OCP\Share\Events\ShareCreatedEvent;
+use OCP\Share\IManager;
 use OCP\Util;
 use Psr\Container\ContainerInterface;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@@ -166,20 +168,24 @@ protected function registerEventsScripts(IEventDispatcher $dispatcher, EventDisp
 	}
 
 	protected function setupSharingMenus() {
-		$config = \OC::$server->getConfig();
+		/** @var IManager $shareManager */
+		$shareManager = \OC::$server->get(IManager::class);
 
-		if ($config->getAppValue('core', 'shareapi_enabled', 'yes') !== 'yes' || !class_exists('\OCA\Files\App')) {
+		if (!$shareManager->shareApiEnabled() || !class_exists('\OCA\Files\App')) {
 			return;
 		}
 
 		// show_Quick_Access stored as string
-		\OCA\Files\App::getNavigationManager()->add(function () {
-			$config = \OC::$server->getConfig();
+		\OCA\Files\App::getNavigationManager()->add(function () use ($shareManager) {
 			$l = \OC::$server->getL10N('files_sharing');
+			/** @var IUserSession $userSession */
+			$userSession = \OC::$server->get(IUserSession::class);
+			$user = $userSession->getUser();
+			$userId = $user ? $user->getUID() : null;
 
 			$sharingSublistArray = [];
 
-			if (\OCP\Util::isSharingDisabledForUser() === false) {
+			if ($shareManager->sharingDisabledForUser($userId) === false) {
 				$sharingSublistArray[] = [
 					'id' => 'sharingout',
 					'appname' => 'files_sharing',
@@ -197,9 +203,9 @@ protected function setupSharingMenus() {
 				'name' => $l->t('Shared with you'),
 			];
 
-			if (\OCP\Util::isSharingDisabledForUser() === false) {
+			if ($shareManager->sharingDisabledForUser($userId) === false) {
 				// Check if sharing by link is enabled
-				if ($config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes') {
+				if ($shareManager->shareApiAllowLinks()) {
 					$sharingSublistArray[] = [
 						'id' => 'sharinglinks',
 						'appname' => 'files_sharing',

apps/files_sharing/lib/Capabilities.php

@@ -28,6 +28,7 @@
 use OCP\Capabilities\ICapability;
 use OCP\Constants;
 use OCP\IConfig;
+use OCP\Share\IManager;
 
 /**
  * Class Capabilities
@@ -38,9 +39,12 @@ class Capabilities implements ICapability {
 
 	/** @var IConfig */
 	private $config;
+	/** @var IManager */
+	private $shareManager;
 
-	public function __construct(IConfig $config) {
+	public function __construct(IConfig $config, IManager $shareManager) {
 		$this->config = $config;
+		$this->shareManager = $shareManager;
 	}
 
 	/**
@@ -51,7 +55,7 @@ public function __construct(IConfig $config) {
 	public function getCapabilities() {
 		$res = [];
 
-		if ($this->config->getAppValue('core', 'shareapi_enabled', 'yes') !== 'yes') {
+		if (!$this->shareManager->shareApiEnabled()) {
 			$res['api_enabled'] = false;
 			$res['public'] = ['enabled' => false];
 			$res['user'] = ['send_mail' => false];
@@ -60,10 +64,10 @@ public function getCapabilities() {
 			$res['api_enabled'] = true;
 
 			$public = [];
-			$public['enabled'] = $this->config->getAppValue('core', 'shareapi_allow_links', 'yes') === 'yes';
+			$public['enabled'] = $this->shareManager->shareApiAllowLinks();
 			if ($public['enabled']) {
 				$public['password'] = [];
-				$public['password']['enforced'] = ($this->config->getAppValue('core', 'shareapi_enforce_links_password', 'no') === 'yes');
+				$public['password']['enforced'] = $this->shareManager->shareApiLinkEnforcePassword();
 
 				if ($public['password']['enforced']) {
 					$public['password']['askForOptionalPassword'] = false;
@@ -73,28 +77,28 @@ public function getCapabilities() {
 
 				$public['expire_date'] = [];
 				$public['multiple_links'] = true;
-				$public['expire_date']['enabled'] = $this->config->getAppValue('core', 'shareapi_default_expire_date', 'no') === 'yes';
+				$public['expire_date']['enabled'] = $this->shareManager->shareApiLinkDefaultExpireDate();
 				if ($public['expire_date']['enabled']) {
-					$public['expire_date']['days'] = $this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7');
-					$public['expire_date']['enforced'] = $this->config->getAppValue('core', 'shareapi_enforce_expire_date', 'no') === 'yes';
+					$public['expire_date']['days'] = $this->shareManager->shareApiLinkDefaultExpireDays();
+					$public['expire_date']['enforced'] = $this->shareManager->shareApiLinkDefaultExpireDateEnforced();
 				}
 
 				$public['expire_date_internal'] = [];
-				$public['expire_date_internal']['enabled'] = $this->config->getAppValue('core', 'shareapi_default_internal_expire_date', 'no') === 'yes';
+				$public['expire_date_internal']['enabled'] = $this->shareManager->shareApiInternalDefaultExpireDate();
 				if ($public['expire_date_internal']['enabled']) {
-					$public['expire_date_internal']['days'] = $this->config->getAppValue('core', 'shareapi_internal_expire_after_n_days', '7');
-					$public['expire_date_internal']['enforced'] = $this->config->getAppValue('core', 'shareapi_enforce_internal_expire_date', 'no') === 'yes';
+					$public['expire_date_internal']['days'] = $this->shareManager->shareApiInternalDefaultExpireDays();
+					$public['expire_date_internal']['enforced'] = $this->shareManager->shareApiInternalDefaultExpireDateEnforced();
 				}
 
 				$public['expire_date_remote'] = [];
-				$public['expire_date_remote']['enabled'] = $this->config->getAppValue('core', 'shareapi_default_remote_expire_date', 'no') === 'yes';
+				$public['expire_date_remote']['enabled'] = $this->shareManager->shareApiRemoteDefaultExpireDate();
 				if ($public['expire_date_remote']['enabled']) {
-					$public['expire_date_remote']['days'] = $this->config->getAppValue('core', 'shareapi_remote_expire_after_n_days', '7');
-					$public['expire_date_remote']['enforced'] = $this->config->getAppValue('core', 'shareapi_enforce_remote_expire_date', 'no') === 'yes';
+					$public['expire_date_remote']['days'] = $this->shareManager->shareApiRemoteDefaultExpireDays();
+					$public['expire_date_remote']['enforced'] = $this->shareManager->shareApiRemoteDefaultExpireDateEnforced();
 				}
 
 				$public['send_mail'] = $this->config->getAppValue('core', 'shareapi_allow_public_notification', 'no') === 'yes';
-				$public['upload'] = $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes') === 'yes';
+				$public['upload'] = $this->shareManager->shareApiLinkAllowPublicUpload();
 				$public['upload_files_drop'] = $public['upload'];
 			}
 			$res['public'] = $public;
@@ -106,17 +110,17 @@ public function getCapabilities() {
 
 			// deprecated in favour of 'group', but we need to keep it for now
 			// in order to stay compatible with older clients
-			$res['group_sharing'] = $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes') === 'yes';
+			$res['group_sharing'] = $this->shareManager->allowGroupSharing();
 
 			$res['group'] = [];
-			$res['group']['enabled'] = $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes') === 'yes';
+			$res['group']['enabled'] = $this->shareManager->allowGroupSharing();
 			$res['group']['expire_date']['enabled'] = true;
 			$res['default_permissions'] = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', Constants::PERMISSION_ALL);
 		}
 
 		//Federated sharing
 		$res['federation'] = [
-			'outgoing' => $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') === 'yes',
+			'outgoing' => $this->shareManager->outgoingServer2ServerSharesAllowed(),
 			'incoming' => $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') === 'yes',
 			// old bogus one, expire_date was not working before, keeping for compatibility
 			'expire_date' => ['enabled' => true],

apps/files_sharing/tests/CapabilitiesTest.php

@@ -27,8 +27,24 @@
 
 namespace OCA\Files_Sharing\Tests;
 
+use OC\Share20\Manager;
 use OCA\Files_Sharing\Capabilities;
+use OCP\EventDispatcher\IEventDispatcher;
+use OCP\Files\IRootFolder;
+use OCP\Files\Mount\IMountManager;
 use OCP\IConfig;
+use OCP\IGroupManager;
+use OCP\IL10N;
+use OCP\ILogger;
+use OCP\IURLGenerator;
+use OCP\IUserManager;
+use OCP\IUserSession;
+use OCP\L10N\IFactory;
+use OCP\Mail\IMailer;
+use OCP\Security\IHasher;
+use OCP\Security\ISecureRandom;
+use OCP\Share\IProviderFactory;
+use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 
 /**
  * Class CapabilitiesTest
@@ -60,7 +76,26 @@ private function getFilesSharingPart(array $data) {
 	private function getResults(array $map) {
 		$config = $this->getMockBuilder(IConfig::class)->disableOriginalConstructor()->getMock();
 		$config->method('getAppValue')->willReturnMap($map);
-		$cap = new Capabilities($config);
+		$shareManager = new Manager(
+			$this->createMock(ILogger::class),
+			$config,
+			$this->createMock(ISecureRandom::class),
+			$this->createMock(IHasher::class),
+			$this->createMock(IMountManager::class),
+			$this->createMock(IGroupManager::class),
+			$this->createMock(IL10N::class),
+			$this->createMock(IFactory::class),
+			$this->createMock(IProviderFactory::class),
+			$this->createMock(IUserManager::class),
+			$this->createMock(IRootFolder::class),
+			$this->createMock(EventDispatcherInterface::class),
+			$this->createMock(IMailer::class),
+			$this->createMock(IURLGenerator::class),
+			$this->createMock(\OC_Defaults::class),
+			$this->createMock(IEventDispatcher::class),
+			$this->createMock(IUserSession::class)
+		);
+		$cap = new Capabilities($config, $shareManager);
 		$result = $this->getFilesSharingPart($cap->getCapabilities());
 		return $result;
 	}

apps/settings/js/admin.js

@@ -1,5 +1,5 @@
 window.addEventListener('DOMContentLoaded', function(){
-	$('#excludedGroups').each(function (index, element) {
+	$('#excludedGroups,#linksExcludedGroups').each(function (index, element) {
 		OC.Settings.setupGroupsSelect($(element));
 		$(element).change(function(ev) {
 			var groups = ev.val || [];

apps/settings/lib/Settings/Admin/Sharing.php

@@ -64,11 +64,15 @@ public function getForm() {
 		$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
 		$excludeGroupsList = !is_null(json_decode($excludedGroups))
 			? implode('|', json_decode($excludedGroups, true)) : '';
+		$linksExcludedGroups = $this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '');
+		$linksExcludeGroupsList = !is_null(json_decode($linksExcludedGroups))
+			? implode('|', json_decode($linksExcludedGroups, true)) : '';
 
 		$parameters = [
 			// Built-In Sharing
 			'allowGroupSharing' => $this->config->getAppValue('core', 'shareapi_allow_group_sharing', 'yes'),
 			'allowLinks' => $this->config->getAppValue('core', 'shareapi_allow_links', 'yes'),
+			'allowLinksExcludeGroups' => $linksExcludeGroupsList,
 			'allowPublicUpload' => $this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes'),
 			'allowResharing' => $this->config->getAppValue('core', 'shareapi_allow_resharing', 'yes'),
 			'allowShareDialogUserEnumeration' => $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes'),

apps/settings/templates/settings/admin/sharing.php

@@ -138,6 +138,14 @@
 	<p class="<?php if ($_['shareAPIEnabled'] === 'no') {
 	p('hidden');
 }?>">
+	<p class="indent">
+		<?php p($l->t('Exclude groups from creating link shares:'));?>
+	</p>
+	<p id="selectLinksExcludedGroups" class="indent <?php if ($_['allowLinks'] === 'no') {
+	p('hidden');
+} ?>">
+		<input name="shareapi_allow_links_exclude_groups" type="hidden" id="linksExcludedGroups" value="<?php p($_['allowLinksExcludeGroups']) ?>" style="width: 400px" class="noJSAutoUpdate"/>
+	</p>
 		<input type="checkbox" name="shareapi_allow_resharing" id="allowResharing" class="checkbox"
 			   value="1" <?php if ($_['allowResharing'] === 'yes') {
 	print_unescaped('checked="checked"');
@@ -176,7 +184,7 @@
 } ?>">
 		<input name="shareapi_exclude_groups_list" type="hidden" id="excludedGroups" value="<?php p($_['shareExcludedGroupsList']) ?>" style="width: 400px" class="noJSAutoUpdate"/>
 		<br />
-		<em><?php p($l->t('These groups will still be able to receive shares, but not to initiate them.')); ?></em>
+		 <em><?php p($l->t('These groups will still be able to receive shares, but not to initiate them.')); ?></em>
 	</p>
 
 	<p class="<?php if ($_['shareAPIEnabled'] === 'no') {

apps/settings/tests/Settings/Admin/SharingTest.php

@@ -90,6 +90,8 @@ public function testGetFormWithoutExcludedGroups() {
 				['core', 'shareapi_remote_expire_after_n_days', '7', '7'],
 				['core', 'shareapi_enforce_remote_expire_date', 'no', 'no'],
 			]);
+		$this->shareManager->method('shareWithGroupMembersOnly')
+			->willReturn(false);
 
 		$expected = new TemplateResponse(
 			'settings',
@@ -121,6 +123,7 @@ public function testGetFormWithoutExcludedGroups() {
 				'shareDefaultRemoteExpireDateSet' => 'no',
 				'shareRemoteExpireAfterNDays' => '7',
 				'shareRemoteEnforceExpireDate' => 'no',
+				'allowLinksExcludeGroups' => '',
 			],
 			''
 		);
@@ -156,6 +159,8 @@ public function testGetFormWithExcludedGroups() {
 				['core', 'shareapi_remote_expire_after_n_days', '7', '7'],
 				['core', 'shareapi_enforce_remote_expire_date', 'no', 'no'],
 			]);
+		$this->shareManager->method('shareWithGroupMembersOnly')
+			->willReturn(false);
 
 		$expected = new TemplateResponse(
 			'settings',
@@ -187,6 +192,7 @@ public function testGetFormWithExcludedGroups() {
 				'shareDefaultRemoteExpireDateSet' => 'no',
 				'shareRemoteExpireAfterNDays' => '7',
 				'shareRemoteEnforceExpireDate' => 'no',
+				'allowLinksExcludeGroups' => '',
 			],
 			''
 		);