Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-10.2.1] Do not allow to set higher permissions on a public link share for a resource which was shared with limited permissions #35600

Merged
merged 2 commits into from
Jun 20, 2019
Merged

[release-10.2.1] Do not allow to set higher permissions on a public link share for a resource which was shared with limited permissions #35600

merged 2 commits into from
Jun 20, 2019

Conversation

DeepDiver1975
Copy link
Member

…share-update-test

Do not allow to set higher permissions on a public link share for a r…

backport #35585

@DeepDiver1975 DeepDiver1975 self-assigned this Jun 19, 2019
@patrickjahns patrickjahns changed the title [release-10.2.1] Merge pull request #35585 from owncloud/bugfix/link-… [release-10.2.1] Do not allow to set higher permissions on a public link share for a resource which was shared with limited permissions Jun 19, 2019
@patrickjahns patrickjahns added this to the QA milestone Jun 19, 2019
@phil-davis
Copy link
Contributor 

There was 1 error:

1) OCA\Files_Sharing\Tests\API\Share20OcsControllerTest::testUpdateLinkHigherPermissions
Error: Class 'OCA\Files_Sharing\Tests\API\ILockingProvider' not found

/drone/src/apps/files_sharing/tests/Controller/Share20OcsControllerTest.php:1675

--

https://drone.owncloud.com/owncloud/core/18582/134
same problem as in stable10 backport

@codecov
Copy link

codecov bot commented Jun 19, 2019

Codecov Report

Merging #35600 into release-10.2.1 will decrease coverage by 18.97%.
The diff coverage is n/a.

Impacted file tree graph

@@                  Coverage Diff                  @@
##             release-10.2.1   #35600       +/-   ##
=====================================================
- Coverage             64.39%   45.41%   -18.98%     
=====================================================
  Files                  1286      116     -1170     
  Lines                 77078    11577    -65501     
  Branches               1308     1308               
=====================================================
- Hits                  49631     5258    -44373     
+ Misses                27063     5935    -21128     
  Partials                384      384
Flag Coverage Δ Complexity Δ
#javascript 53.66% <ø> (ø) 0 <ø> (ø) ⬇️
#phpunit 30.81% <ø> (-34.72%) 0 <ø> (-20140)
Impacted Files Coverage Δ Complexity Δ
lib/private/Files/Storage/DAV.php 59.45% <0%> (-21.64%) 0% <0%> (ø)
apps/updatenotification/templates/admin.php
lib/private/Encryption/Keys/Storage.php
lib/private/App/CodeChecker/NodeVisitor.php
lib/private/RedisFactory.php
apps/dav/lib/Avatars/AvatarNode.php
...s/dav/appinfo/Migrations/Version20170202213905.php
apps/dav/lib/Upload/ChunkLocationProvider.php
apps/files/lib/AppInfo/Application.php
apps/systemtags/list.php
... and 1160 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2dc2883...4906da2. Read the comment docs.

@codecov
Copy link

codecov bot commented Jun 19, 2019
edited
Loading

Codecov Report

Merging #35600 into release-10.2.1 will increase coverage by <.01%.
The diff coverage is 100%.

Impacted file tree graph

@@                 Coverage Diff                  @@
##             release-10.2.1   #35600      +/-   ##
====================================================
+ Coverage             64.39%   64.39%   +<.01%     
- Complexity            20145    20147       +2     
====================================================
  Files                  1286     1286              
  Lines                 77087    77092       +5     
  Branches               1308     1308              
====================================================
+ Hits                  49640    49645       +5     
  Misses                27063    27063              
  Partials                384      384
Flag Coverage Δ Complexity Δ
#javascript 53.66% <ø> (ø) 0 <ø> (ø) ⬇️
#phpunit 65.53% <100%> (ø) 20147 <0> (+2) ⬆️
Impacted Files Coverage Δ Complexity Δ
...es_sharing/lib/Controller/Share20OcsController.php 87.52% <100%> (+0.1%) 211 <0> (+2) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 1d1d126...46371fd. Read the comment docs.

@phil-davis
Copy link
Contributor

Random CI error https://drone.owncloud.com/owncloud/core/18598/835

  [Composer\Downloader\TransportException]                                                                                                                                      
The "https://packagist.org/p/provider-2019-01%2466c13dcadb7dfc0f152e52dd4df42e53df7c374618eaa2680f41d8667ce54b12.json" file could not be downloaded (HTTP/1.1 404 Not Found)

I will trigger CI again.

@DeepDiver1975 @phil-davis
[release-10.2.1] Merge pull request #35585 from owncloud/bugfix/link-…
55a29e0 
…share-update-test

Do not allow to set higher permissions on a public link share for a r…
@DeepDiver1975 @phil-davis
Fix unit tests
46371fd
@phil-davis phil-davis force-pushed the release-10.2.1-bfa66f7b146eb7fa9299984494cbea8a5def3ff7 branch from 4906da2 to 46371fd Compare June 20, 2019 08:05
@patrickjahns patrickjahns merged commit 8e466af into release-10.2.1 Jun 20, 2019
@delete-merged-branch delete-merged-branch bot deleted the release-10.2.1-bfa66f7b146eb7fa9299984494cbea8a5def3ff7 branch June 20, 2019 22:18
@phil-davis phil-davis mentioned this pull request Jun 21, 2019
Merged
11 tasks
@davitol davitol mentioned this pull request Jun 25, 2019
Closed
11 tasks
@davitol
Copy link
Contributor

davitol commented Jun 27, 2019

Screen Shot 2019-06-27 at 10 19 47
The solution provided by this PR is a warning that appears and prevents the creation of a public link share for a resource which was shared with limited permissions. But IMHO the best approach should be do not show that option (Download/View/Edit) option in the webUI if we do not have permissions.

Any thoughts? @DeepDiver1975 @pmaier1 @patrickjahns

@patrickjahns patrickjahns modified the milestone: QA Jun 27, 2019
@phil-davis phil-davis mentioned this pull request Aug 2, 2019
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phil-davis phil-davis phil-davis approved these changes

@IljaN IljaN Awaiting requested review from IljaN

@micbar micbar Awaiting requested review from micbar

@patrickjahns patrickjahns Awaiting requested review from patrickjahns

Assignees

@DeepDiver1975 DeepDiver1975

Labels
4 - To release
Projects
None yet
Milestone
10.2.1
Development

Successfully merging this pull request may close these issues.
4 participants
@DeepDiver1975 @phil-davis @davitol @patrickjahns