X Tutup
Skip to content

Commit 2642f9d

Browse files
mrow4amrow4a
committed
validate reshare attributes based on supershare
1 parent 2860237 commit 2642f9d

File tree

1 file changed

+29
-0
lines changed

1 file changed

+29
-0
lines changed

lib/private/Share20/Manager.php

Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -322,6 +322,9 @@ protected function validatePermissions(IShare $share) {
322322
/* Use share node permission as default $maxPermissions */
323323
$maxPermissions = $shareNode->getPermissions();
324324

325+
/* Attributes default is null, as attributes are restricted only in reshare */
326+
$maxAttributes = null;
327+
325328
/*
326329
* Quick fix for #23536
327330
* Non moveable mount points do not have update and delete permissions
@@ -352,6 +355,7 @@ protected function validatePermissions(IShare $share) {
352355
'@phan-var \OCA\Files_Sharing\SharedStorage $shareFileStorage';
353356
$parentShare = $shareFileStorage->getShare();
354357
$maxPermissions = $parentShare->getPermissions();
358+
$maxAttributes = $parentShare->getAttributes();
355359
}
356360
}
357361
}
@@ -361,6 +365,11 @@ protected function validatePermissions(IShare $share) {
361365
$message_t = $this->l->t('Cannot increase permissions of %s', [$share->getNode()->getPath()]);
362366
throw new GenericShareException($message_t, $message_t, 404);
363367
}
368+
369+
if ($maxAttributes !== null && !$this->strictSubsetOfAttributes($maxAttributes, $share->getAttributes())) {
370+
$message_t = $this->l->t('Cannot set attributes of %s', [$share->getNode()->getPath()]);
371+
throw new GenericShareException($message_t, $message_t, 404);
372+
}
364373
}
365374

366375
/**
@@ -1666,4 +1675,24 @@ private function isNewShare(IShare $share) {
16661675
private function strictSubsetOfPermissions($allowedPermissions, $newPermissions) {
16671676
return (($allowedPermissions | $newPermissions) === $allowedPermissions);
16681677
}
1678+
1679+
/**
1680+
* Check $newAttributes attribute is a subset of $allowedAttributes
1681+
*
1682+
* @param IAttributes $allowedAttributes
1683+
* @param IAttributes $newAttributes
1684+
* @return boolean ,true if $allowedAttributes enabled is super set of $newAttributes enabled, else false
1685+
*/
1686+
private function strictSubsetOfAttributes($allowedAttributes, $newAttributes) {
1687+
foreach ($allowedAttributes->toArray() as $allowedAttribute) {
1688+
$enabled = $newAttributes->getAttribute($allowedAttribute['scope'], $allowedAttribute['key']);
1689+
1690+
if (($allowedAttribute['enabled'] === $enabled) ||
1691+
($allowedAttribute['enabled'] === true && $enabled === false)) {
1692+
// set to the same value or disabling attribute
1693+
return true;
1694+
}
1695+
}
1696+
return false;
1697+
}
16691698
}

0 commit comments

Comments
 (0)
X Tutup