diff --git a/apps/dav/lib/Connector/Sabre/ServerFactory.php b/apps/dav/lib/Connector/Sabre/ServerFactory.php index c8c4b5608d57..0269efbe9a02 100644 --- a/apps/dav/lib/Connector/Sabre/ServerFactory.php +++ b/apps/dav/lib/Connector/Sabre/ServerFactory.php @@ -30,6 +30,7 @@ use OCA\DAV\DAV\FileCustomPropertiesBackend; use OCA\DAV\DAV\FileCustomPropertiesPlugin; +use OCA\DAV\DAV\ViewOnlyPlugin; use OCA\DAV\Files\BrowserErrorPagePlugin; use OCA\DAV\Files\FileLocksBackend; use OCP\Files\Mount\IMountManager; @@ -154,6 +155,9 @@ public function createServer($baseUri, ); $server->addPlugin(new \OCA\DAV\Connector\Sabre\QuotaPlugin($view)); + // Allow view-only plugin for webdav requests + $server->addPlugin(new ViewOnlyPlugin()); + if ($this->userSession->isLoggedIn()) { $server->addPlugin(new \OCA\DAV\Connector\Sabre\TagsPlugin($objectTree, $this->tagManager)); $server->addPlugin(new \OCA\DAV\Connector\Sabre\SharesPlugin( diff --git a/apps/dav/lib/DAV/ViewOnlyPlugin.php b/apps/dav/lib/DAV/ViewOnlyPlugin.php new file mode 100644 index 000000000000..fdd1ee9584c9 --- /dev/null +++ b/apps/dav/lib/DAV/ViewOnlyPlugin.php @@ -0,0 +1,106 @@ + + * + */ + +namespace OCA\DAV\DAV; + +use OCA\DAV\Connector\Sabre\Exception\Forbidden; +use OCA\DAV\Connector\Sabre\File; +use OCP\Files\InvalidPathException; +use Sabre\DAV\Exception\ServiceUnavailable; +use Sabre\DAV\Server; +use Sabre\DAV\ServerPlugin; +use Sabre\HTTP\RequestInterface; +use Sabre\DAV\Exception\NotFound; +use \OCP\Files\NotFoundException; + +/** + * Sabre plugin for the the file secure-view: + */ +class ViewOnlyPlugin extends ServerPlugin { + + /** @var \Sabre\DAV\Server $server */ + private $server; + + /** + * ViewOnlyPlugin plugin + */ + public function __construct() { + } + + /** + * This initializes the plugin. + * + * This function is called by Sabre\DAV\Server, after + * addPlugin is called. + * + * This method should set up the required event subscriptions. + * + * @param Server $server + * @return void + */ + public function initialize(Server $server) { + $this->server = $server; + //priority 90 to make sure the plugin is called before + //Sabre\DAV\CorePlugin::httpGet + $this->server->on('method:GET', [$this, 'checkViewOnly'], 90); + } + + /** + * + * @param RequestInterface $request request object + * @return boolean + * @throws Forbidden + * @throws ServiceUnavailable + */ + public function checkViewOnly( + RequestInterface $request + ) { + $path = $request->getPath(); + + try { + $node = $this->server->tree->getNodeForPath($path); + + // Restrict view-only only to files + if (!($node instanceof File)) { + return true; + } + + // Restrict view-only to files which are shared + $file = $node->getNode(); + $storage = $file->getStorage(); + if (!$storage->instanceOfStorage('\OCA\Files_Sharing\SharedStorage')) { + return true; + } + + // Extract extra permissions + /** @var \OCA\Files_Sharing\SharedStorage $storage */ + $share = $storage->getShare(); + if (!$file->isUpdateable() && !$share->getExtraPermissions()->getPermission('dav', 'can-download')) { + throw new Forbidden('File is in secure-view mode and cannot be directly downloaded.'); + } + } catch (NotFound $e) { + } catch (NotFoundException $e) { + } catch (InvalidPathException $e) { + } + + return true; + } +} \ No newline at end of file diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php index e1e5a0d984b9..95dc5339d4f6 100644 --- a/apps/dav/lib/Server.php +++ b/apps/dav/lib/Server.php @@ -49,6 +49,7 @@ use OCA\DAV\DAV\LazyOpsPlugin; use OCA\DAV\DAV\MiscCustomPropertiesBackend; use OCA\DAV\DAV\PublicAuth; +use OCA\DAV\DAV\ViewOnlyPlugin; use OCA\DAV\Files\BrowserErrorPagePlugin; use OCA\DAV\Files\FileLocksBackend; use OCA\DAV\Files\PreviewPlugin; @@ -189,6 +190,9 @@ public function __construct(IRequest $request, $baseUri) { $this->server->addPlugin(new CopyEtagHeaderPlugin()); $this->server->addPlugin(new ChunkingPlugin()); + // Allow view-only plugin for webdav requests + $this->server->addPlugin(new ViewOnlyPlugin()); + if (BrowserErrorPagePlugin::isBrowserRequest($request)) { $this->server->addPlugin(new BrowserErrorPagePlugin()); } diff --git a/apps/files_sharing/lib/Controller/Share20OcsController.php b/apps/files_sharing/lib/Controller/Share20OcsController.php index 8d1ee1c7645a..055dbb80455b 100644 --- a/apps/files_sharing/lib/Controller/Share20OcsController.php +++ b/apps/files_sharing/lib/Controller/Share20OcsController.php @@ -22,6 +22,7 @@ namespace OCA\Files_Sharing\Controller; use OC\OCS\Result; +use OC\Share20\ExtraPermissions; use OCP\AppFramework\OCSController; use OCP\Files\IRootFolder; use OCP\Files\NotFoundException; @@ -125,6 +126,43 @@ private function getAdditionalUserInfo(IUser $user) { return null; } + /** + * @param IShare $share + * @param string[][] $formattedShareExtraPermissions + * @return IShare modified share + */ + private function extractExtraPermissions(IShare $share, $formattedShareExtraPermissions) { + $shareExtraPermissions = $share->getExtraPermissions(); + foreach($formattedShareExtraPermissions as $formattedPermission) { + $shareExtraPermissions->setPermission( + $formattedPermission["app"], + $formattedPermission["name"], + (bool) json_decode($formattedPermission["enabled"]) + ); + } + + $share->setExtraPermissions($shareExtraPermissions); + return $share; + } + + /** + * @param IShare $share + * @return array + */ + private function formatExtraPermissions(IShare $share) { + $permissions = $share->getExtraPermissions(); + $formattedShareExtraPermissions = []; + foreach($permissions->getApps() as $app) { + foreach($permissions->getKeys($app) as $key) { + $formattedPermission['app'] = $app; + $formattedPermission['name'] = $key; + $formattedPermission['enabled'] = $permissions->getPermission($app, $key); + $formattedShareExtraPermissions[] = $formattedPermission; + } + } + return json_encode($formattedShareExtraPermissions); + } + /** * Convert an IShare to an array for OCS output * @@ -143,6 +181,7 @@ protected function formatShare(IShare $share, $received = false) { 'uid_owner' => $share->getSharedBy(), 'displayname_owner' => $sharedBy !== null ? $sharedBy->getDisplayName() : $share->getSharedBy(), 'permissions' => $share->getPermissions(), + 'extra_permissions' => $this->formatExtraPermissions($share), 'stime' => $share->getShareTime() ? $share->getShareTime()->getTimestamp() : null, 'parent' => null, 'expiration' => null, @@ -836,6 +875,9 @@ public function updateShare($id) { return new Result(null, 400, $this->l->t('Cannot remove all permissions')); } + $formattedExtraPermissions = $this->request->getParam('extraPermissions', []); + $share = $this->extractExtraPermissions($share, $formattedExtraPermissions); + try { $share = $this->shareManager->updateShare($share); } catch (\Exception $e) { diff --git a/apps/files_sharing/lib/MountProvider.php b/apps/files_sharing/lib/MountProvider.php index 7ae71a10356d..9f374223b03f 100644 --- a/apps/files_sharing/lib/MountProvider.php +++ b/apps/files_sharing/lib/MountProvider.php @@ -157,20 +157,32 @@ private function buildSuperShares(array $allShares, \OCP\IUser $user) { continue; } - $superShare = $this->shareManager->newShare(); - // compute super share based on first entry of the group + $superShare = $this->shareManager->newShare(); $superShare->setId($shares[0]->getId()) ->setShareOwner($shares[0]->getShareOwner()) ->setNodeId($shares[0]->getNodeId()) ->setTarget($shares[0]->getTarget()); // use most permissive permissions + // this covers the case where there are multiple shares for the same + // file e.g. from different groups and different permissions $permissions = 0; + $extraPermissions = $superShare->getExtraPermissions(); foreach ($shares as $share) { + // update permissions $permissions |= $share->getPermissions(); + + //update extra permissions + foreach($share->getExtraPermissions()->getApps() as $app) { + foreach($share->getExtraPermissions()->getKeys($app) as $key) { + $enabled = $share->getExtraPermissions()->getPermission($app, $key); + $extraPermissions->setPermission($app, $key, $enabled); + } + } + + // adjust target, for database consistency if needed if ($share->getTarget() !== $superShare->getTarget()) { - // adjust target, for database consistency $share->setTarget($superShare->getTarget()); try { $this->shareManager->moveShare($share, $user->getUID()); @@ -191,8 +203,8 @@ private function buildSuperShares(array $allShares, \OCP\IUser $user) { } } } - $superShare->setPermissions($permissions); + $superShare->setExtraPermissions($extraPermissions); $result[] = [$superShare, $shares]; } diff --git a/core/Migrations/Version20181220085457.php b/core/Migrations/Version20181220085457.php new file mode 100644 index 000000000000..afe9a2e206e0 --- /dev/null +++ b/core/Migrations/Version20181220085457.php @@ -0,0 +1,33 @@ +hasTable("${prefix}share")) { + $shareTable = $schema->getTable("${prefix}share"); + + if (!$shareTable->hasColumn('extra_permissions')) { + $shareTable->addColumn( + 'extra_permissions', + Type::STRING, + [ + 'default' => null, + 'length' => 4096, + 'notnull' => false + ] + ); + } + } + } +} \ No newline at end of file diff --git a/core/js/sharedialogshareelistview.js b/core/js/sharedialogshareelistview.js index 6012055e5330..fc1043d914bc 100644 --- a/core/js/sharedialogshareelistview.js +++ b/core/js/sharedialogshareelistview.js @@ -14,62 +14,68 @@ } var TEMPLATE = - '' - ; + '' + ; /** * @class OCA.Share.ShareDialogShareeListView @@ -94,6 +100,7 @@ events: { 'click .unshare': 'onUnshare', 'click .permissions': 'onPermissionChange', + 'click .extra-permissions': 'onPermissionChange', 'click .showCruds': 'onCrudsToggle', 'click .mailNotification': 'onSendMailNotification' }, @@ -112,8 +119,31 @@ }, /** - * - * @param {OC.Share.Types.ShareInfo} shareInfo + * @param shareIndex + * @returns {object} + */ + getExtraPermissionsObject: function(shareIndex) { + var shareWith = this.model.getShareWith(shareIndex); + + // Returns OC.Share.Types.ShareExtraPermission[] + var permissions = this.model.getShareExtraPermissions(shareIndex); + + var list = []; + permissions.map(function(permission) { + list.push(_.extend( + { + cid: this.cid, + shareWith: shareWith + }, + permission) + ); + }); + + return list; + }, + + /** + * @param shareIndex * @returns {object} */ getShareeObject: function(shareIndex) { @@ -136,6 +166,7 @@ hasCreatePermission: this.model.hasCreatePermission(shareIndex), hasUpdatePermission: this.model.hasUpdatePermission(shareIndex), hasDeletePermission: this.model.hasDeletePermission(shareIndex), + extraPermissions: this.getExtraPermissionsObject(shareIndex), wasMailSent: this.model.notificationMailWasSent(shareIndex), shareWith: shareWith, shareWithDisplayName: shareWithDisplayName, @@ -261,7 +292,7 @@ var shareType = $li.data('share-type'); var shareWith = $li.attr('data-share-with'); - // adjust checkbox states + // adjust share permissions and their required checkbox states var $checkboxes = $('.permissions', $li).not('input[name="edit"]').not('input[name="share"]'); var checked; if ($element.attr('name') === 'edit') { @@ -279,7 +310,23 @@ permissions |= $(checkbox).data('permissions'); }); - this.model.updateShare(shareId, {permissions: permissions}); + // Check extra share permissions + var extraPermissions = []; + $('.extra-permissions', $li).each(function(index, checkbox) { + var checked = $(checkbox).is(':checked'); + var enabled = $(checkbox).data('enabled'); + if (checked && !enabled) { + OC.Notification.showTemporary($(checkbox).data('notification')); + } + $(checkbox).prop('enabled', checked); + extraPermissions.push({ + app : $(checkbox).data('app'), + name: $(checkbox).attr('name'), + enabled: checked + }); + }); + + this.model.updateShare(shareId, {permissions: permissions, extraPermissions: extraPermissions}); }, onCrudsToggle: function(event) { @@ -316,4 +363,4 @@ OC.Share.ShareDialogShareeListView = ShareDialogShareeListView; -})(); +})(); \ No newline at end of file diff --git a/core/js/shareitemmodel.js b/core/js/shareitemmodel.js index c181d7abb8e4..a57ed10d1bdf 100644 --- a/core/js/shareitemmodel.js +++ b/core/js/shareitemmodel.js @@ -38,6 +38,7 @@ * @typedef {object} OC.Share.Types.ShareInfo * @property {number} share_type * @property {number} permissions + * @property {string} extra_permissions * @property {number} file_source optional * @property {number} item_source * @property {string} token @@ -56,6 +57,15 @@ * @property {OC.Share.Types.LinkShareInfo|undefined} linkShare */ + /** + * @typedef {object} OC.Share.Types.ShareExtraPermission + * @property {string} name + * @property {bool} enabled + * @property {string} app + * @property {string} label + * @property {string} notification + */ + /** * These properties are sometimes returned by the server as strings instead * of integers, so we need to convert them accordingly... @@ -84,6 +94,8 @@ _linkSharesCollection: null, + _availableExtraPermissions: {}, + initialize: function(attributes, options) { if(!_.isUndefined(options.configModel)) { this.configModel = options.configModel; @@ -96,6 +108,7 @@ this._linkSharesCollection = new OC.Share.SharesCollection(); _.bindAll(this, 'addShare'); + OC.Plugins.attach('OC.Share.ShareItemModel', this); }, defaults: { @@ -752,7 +765,79 @@ result.push(OC.Share.SHARE_TYPE_LINK); } return _.uniq(result); + }, + + /** + * @param shareIndex + * @returns OC.Share.Types.ShareExtraPermission[] + */ + getShareExtraPermissions: function(shareIndex) { + /** @type OC.Share.Types.ShareInfo **/ + var share = this.get('shares')[shareIndex]; + if(!_.isObject(share)) { + throw "Unknown Share"; + } + + if (_.isUndefined(share.extra_permissions)) { + return []; + } + + + // Mark available permissions as enabled if share has extra permission + var formattedPermissions = []; + var shareExtraPermissions = JSON.parse(share.extra_permissions); + for (var appId in this._availableExtraPermissions) { + if (!this._availableExtraPermissions.hasOwnProperty(appId)) { + continue; + } + for (var permissionId in this._availableExtraPermissions[appId]) { + if (!this._availableExtraPermissions[appId].hasOwnProperty(permissionId)) { + continue; + } + var enabled = false; + shareExtraPermissions.map(function(permission) { + if (permission.app === appId && + permission.name === permissionId && + permission.enabled === true) { + enabled = true; + } + }); + var permissionMeta = this._availableExtraPermissions[appId][permissionId]; + + var shareExtraPermission = { + app: appId, + name: permissionId, + label: permissionMeta.label, + notification: permissionMeta.description, + enabled: enabled + }; + formattedPermissions.push(shareExtraPermission); + } + } + + return formattedPermissions; + }, + + /** + * Apps can register their extra share permissions + * + * @param {string} $appId + * @param {string} $permissionName + * @param {boolean} $permissionDefault + * @param {string} $permissionLabel + * @param {string} $permissionDescription + */ + registerExtraSharePermission: function($appId, $permissionName, $permissionDefault, $permissionLabel, $permissionDescription) { + if (!this._availableExtraPermissions.hasOwnProperty($appId)) { + this._availableExtraPermissions[$appId] = {}; + } + this._availableExtraPermissions[$appId][$permissionName] = { + default: $permissionDefault, + label: $permissionLabel, + description: $permissionDescription + }; } + }); OC.Share.ShareItemModel = ShareItemModel; diff --git a/lib/private/Share20/DefaultShareProvider.php b/lib/private/Share20/DefaultShareProvider.php index c05b7d768796..c68ed14452e2 100644 --- a/lib/private/Share20/DefaultShareProvider.php +++ b/lib/private/Share20/DefaultShareProvider.php @@ -26,6 +26,7 @@ namespace OC\Share20; use OCP\Files\File; +use OCP\Share\IExtraPermissions; use OCP\Share\IShare; use OCP\Share\IShareProvider; use OC\Share20\Exception\InvalidShare; @@ -153,6 +154,9 @@ public function create(\OCP\Share\IShare $share) { // set the permissions $qb->setValue('permissions', $qb->createNamedParameter($share->getPermissions())); + // set extra permissions + $qb->setValue('extra_permissions', $qb->createNamedParameter($share->getExtraPermissions())); + // Set who created this share $qb->setValue('uid_initiator', $qb->createNamedParameter($share->getSharedBy())); @@ -198,6 +202,11 @@ public function create(\OCP\Share\IShare $share) { */ public function update(\OCP\Share\IShare $share) { $this->validate($share); + + $extraSharePermissions = $this->formatExtraPermissions( + $share->getExtraPermissions() + ); + if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { /* * We allow updating the recipient on user shares. @@ -209,6 +218,7 @@ public function update(\OCP\Share\IShare $share) { ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) ->set('permissions', $qb->createNamedParameter($share->getPermissions())) + ->set('extra_permissions', $qb->createNamedParameter($extraSharePermissions)) ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('accepted', $qb->createNamedParameter($share->getState())) @@ -221,6 +231,7 @@ public function update(\OCP\Share\IShare $share) { ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) ->set('permissions', $qb->createNamedParameter($share->getPermissions())) + ->set('extra_permissions', $qb->createNamedParameter($extraSharePermissions)) ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('accepted', $qb->createNamedParameter($share->getState())) @@ -246,6 +257,7 @@ public function update(\OCP\Share\IShare $share) { $qb->update('share') ->where($qb->expr()->eq('parent', $qb->createNamedParameter($share->getId()))) ->set('permissions', $qb->createNamedParameter($share->getPermissions())) + ->set('extra_permissions', $qb->createNamedParameter($extraSharePermissions)) ->execute(); } elseif ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { $qb = $this->dbConn->getQueryBuilder(); @@ -255,6 +267,7 @@ public function update(\OCP\Share\IShare $share) { ->set('uid_owner', $qb->createNamedParameter($share->getShareOwner())) ->set('uid_initiator', $qb->createNamedParameter($share->getSharedBy())) ->set('permissions', $qb->createNamedParameter($share->getPermissions())) + ->set('extra_permissions', $qb->createNamedParameter($extraSharePermissions)) ->set('item_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('file_source', $qb->createNamedParameter($share->getNode()->getId())) ->set('token', $qb->createNamedParameter($share->getToken())) @@ -396,6 +409,10 @@ public function updateForRecipient(\OCP\Share\IShare $share, $recipient) { $data = $stmt->fetch(); $stmt->closeCursor(); + $extraSharePermissions = $this->formatExtraPermissions( + $share->getExtraPermissions() + ); + if ($data === false) { // No usergroup share yet. Create one. $qb = $this->dbConn->getQueryBuilder(); @@ -411,6 +428,7 @@ public function updateForRecipient(\OCP\Share\IShare $share, $recipient) { 'file_source' => $qb->createNamedParameter($share->getNode()->getId()), 'file_target' => $qb->createNamedParameter($share->getTarget()), 'permissions' => $qb->createNamedParameter($share->getPermissions()), + 'extra_permissions' => $qb->createNamedParameter($extraSharePermissions), 'stime' => $qb->createNamedParameter($share->getShareTime()->getTimestamp()), 'accepted' => $qb->createNamedParameter($share->getState()), ])->execute(); @@ -423,6 +441,7 @@ public function updateForRecipient(\OCP\Share\IShare $share, $recipient) { // make sure to reset the permissions to the one of the parent share, // as legacy entries with zero permissions might still exist ->set('permissions', $qb->createNamedParameter($share->getPermissions())) + ->set('extra_permissions', $qb->createNamedParameter($extraSharePermissions)) ->where($qb->expr()->eq('id', $qb->createNamedParameter($data['id']))) ->execute(); } @@ -963,6 +982,9 @@ private function createShare($data) { $share->setToken($data['token']); } + $extraPermissions = $this->loadExtraPermissions($data['extra_permissions']); + $share->setExtraPermissions($extraPermissions); + $share->setSharedBy($data['uid_initiator']); $share->setShareOwner($data['uid_owner']); @@ -1238,4 +1260,45 @@ private function validate($share) { // TODO: add more early validation for fields instead of relying on the DB } + + /** + * Load from database format (JSON string) to IExtraPermissions + * + * @param string $data + * @return IExtraPermissions + */ + private function loadExtraPermissions($data) { + $extraPermissions = new ExtraPermissions(); + if (!is_null($data)) { + $extraPermissionsJson = json_decode($data, true); + foreach ($extraPermissionsJson as $app => $keys) { + foreach($keys as $key => $enabled) { + $extraPermissions->setPermission($app, $key, $enabled); + } + } + } + + return $extraPermissions; + } + + /** + * Format IExtraPermissions to database format (JSON string) + * + * @param IExtraPermissions $permissions + * @return string|null + */ + private function formatExtraPermissions($permissions) { + if (empty($permissions)) { + return null; + } + + $formattedPermissions = []; + foreach($permissions->getApps() as $app) { + $formattedPermissions[$app] = []; + foreach($permissions->getKeys($app) as $key) { + $formattedPermissions[$app][$key] = $permissions->getPermission($app, $key); + } + } + return json_encode($formattedPermissions); + } } diff --git a/lib/private/Share20/ExtraPermissions.php b/lib/private/Share20/ExtraPermissions.php new file mode 100644 index 000000000000..4553f5f54529 --- /dev/null +++ b/lib/private/Share20/ExtraPermissions.php @@ -0,0 +1,69 @@ + + * + * @copyright Copyright (c) 2018, ownCloud GmbH + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ +namespace OC\Share20; + +use OCP\Share\IExtraPermissions; + +class ExtraPermissions implements IExtraPermissions { + + /** @var array */ + private $permissions; + + public function __construct() { + $this->permissions = []; + } + + /** + * @inheritdoc + */ + public function setPermission($app, $key, $enabled) { + if (!array_key_exists($app, $this->permissions)) { + $this->permissions[$app] = []; + } + $this->permissions[$app][$key] = $enabled; + } + + /** + * @inheritdoc + */ + public function getPermission($app, $key) { + return array_key_exists($app, $this->permissions) && + array_key_exists($key, $this->permissions[$app]) && + $this->permissions[$app][$key]; + } + + /** + * @inheritdoc + */ + public function getApps() { + return array_keys($this->permissions); + } + + /** + * @inheritdoc + */ + public function getKeys($app) { + if (!array_key_exists($app, $this->permissions)) { + return []; + } + return array_keys($this->permissions[$app]); + } +} \ No newline at end of file diff --git a/lib/private/Share20/Manager.php b/lib/private/Share20/Manager.php index a98401c53fab..52622b05d2d6 100644 --- a/lib/private/Share20/Manager.php +++ b/lib/private/Share20/Manager.php @@ -1382,7 +1382,10 @@ public function getAccessList(\OCP\Files\Node $path) { * @return \OCP\Share\IShare; */ public function newShare() { - return new \OC\Share20\Share($this->rootFolder, $this->userManager); + $extraPermissions = new ExtraPermissions(); + $share = new Share($this->rootFolder, $this->userManager); + $share->setExtraPermissions($extraPermissions); + return $share; } /** diff --git a/lib/private/Share20/Share.php b/lib/private/Share20/Share.php index 4fa7e4ccfe93..1d416e537e1f 100644 --- a/lib/private/Share20/Share.php +++ b/lib/private/Share20/Share.php @@ -28,8 +28,10 @@ use OCP\IUserManager; use OCP\Share\Exceptions\IllegalIDChangeException; use OC\Share\Constants; +use OCP\Share\IExtraPermissions; +use OCP\Share\IShare; -class Share implements \OCP\Share\IShare { +class Share implements IShare { /** @var string */ private $id; @@ -51,6 +53,8 @@ class Share implements \OCP\Share\IShare { private $shareOwner; /** @var int */ private $permissions; + /** @var IExtraPermissions */ + private $extraPermissions; /** @var \DateTime */ private $expireDate; /** @var string */ @@ -269,6 +273,20 @@ public function getPermissions() { return $this->permissions; } + /** + * @inheritdoc + */ + public function setExtraPermissions($permissions) { + $this->extraPermissions = $permissions; + return $this; + } + /** + * @inheritdoc + */ + public function getExtraPermissions() { + return $this->extraPermissions; + } + /** * @inheritdoc */ @@ -362,7 +380,7 @@ public function getToken() { * Set the parent of this share * * @param int parent - * @return \OCP\Share\IShare + * @return IShare * @deprecated The new shares do not have parents. This is just here for legacy reasons. */ public function setParent($parent) { diff --git a/lib/public/Share/IExtraPermissions.php b/lib/public/Share/IExtraPermissions.php new file mode 100644 index 000000000000..69f5eb586912 --- /dev/null +++ b/lib/public/Share/IExtraPermissions.php @@ -0,0 +1,68 @@ + + * + * @copyright Copyright (c) 2018, ownCloud GmbH + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ +namespace OCP\Share; + +/** + * Interface IExtraPermission + * + * @package OCP\Share + * @since 10.2.0 + */ +interface IExtraPermissions { + + /** + * Sets a permission. If the key did not exist before it will be created. + * + * @param string $app app + * @param string $key key + * @param bool $enabled enabled + * @since 10.2.0 + */ + public function setPermission($app, $key, $enabled); + + /** + * Check if permission is enabled. + * + * @param string $app app + * @param string $key key + * @return bool + * @since 10.2.0 + */ + public function getPermission($app, $key); + + /** + * Get all apps for which extra permissions are set + * + * @return string[] apps + * @since 10.2.0 + */ + public function getApps(); + + /** + * Get all permission keys for specific app + * + * @param string $app + * @return string[] + * @since 10.2.0 + */ + public function getKeys($app); + +} \ No newline at end of file diff --git a/lib/public/Share/IShare.php b/lib/public/Share/IShare.php index ae8d90489661..fbb65e127fa6 100644 --- a/lib/public/Share/IShare.php +++ b/lib/public/Share/IShare.php @@ -184,6 +184,22 @@ public function setPermissions($permissions); */ public function getPermissions(); + /** + * Set extra permissions + * + * @param IExtraPermissions $permissions + * @since 10.2.0 + * @return \OCP\Share\IShare The modified object + */ + public function setExtraPermissions($permissions); + /** + * Get extra permissions + * + * @return IExtraPermissions + * @since 10.2.0 + */ + public function getExtraPermissions(); + /** * Set the expiration date *