Use board permissions to be applied for the shares

juliusknorr · juliusknorr · commit 79468e6f0654 · 2021-01-04T22:26:04.000+01:00
Signed-off-by: Julius Härtl &lt;jus@bitgrid.net&gt;
diff --git a/lib/Service/FilesAppService.php b/lib/Service/FilesAppService.php
@@ -132,6 +132,7 @@ public function extendData(Attachment $attachment) {
 			'mimetype' => $file->getMimeType(),
 			'info' => pathinfo($file->getName()),
 			'hasPreview' => $this->preview->isAvailable($file),
+			'permissions' => $share->getPermissions(),
 		]);
 		return $attachment;
 	}
@@ -170,7 +171,11 @@ public function create(Attachment $attachment) {
 		$fileName = $file['name'];
 
 		$userFolder = $this->rootFolder->getUserFolder($this->userId);
-		$folder = $userFolder->get($this->configService->getAttachmentFolder());
+		try {
+			$folder = $userFolder->get($this->configService->getAttachmentFolder());
+		} catch (NotFoundException $e) {
+			$folder = $userFolder->newFolder($this->configService->getAttachmentFolder());
+		}
 
 		$fileName = $folder->getNonExistingName($fileName);
 		$target = $folder->newFile($fileName);
diff --git a/lib/Service/PermissionService.php b/lib/Service/PermissionService.php
@@ -142,7 +142,7 @@ public function checkPermission($mapper, $id, $permission, $userId = null) {
 		}
 
 		if ($permission === Acl::PERMISSION_SHARE && $this->shareManager->sharingDisabledForUser($this->userId)) {
-			return false;
+			throw new NoPermissionException('Permission denied');
 		}
 
 		if ($this->userIsBoardOwner($boardId, $userId)) {
diff --git a/lib/Sharing/DeckShareProvider.php b/lib/Sharing/DeckShareProvider.php
@@ -37,6 +37,7 @@
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Db\MultipleObjectsReturnedException;
 use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\Constants;
 use OCP\DB\QueryBuilder\IQueryBuilder;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\Folder;
@@ -267,10 +268,25 @@ private function createShareObject(array $data): IShare {
 			$entryData['parent'] = $entryData['f_parent'];
 			$share->setNodeCacheEntry(Cache::cacheEntryFromData($entryData, \OC::$server->get(IMimeTypeLoader::class)));
 		}
-
 		return $share;
 	}
 
+	private function applyBoardPermission($share, $permissions) {
+		try {
+			$this->permissionService->checkPermission($this->cardMapper, $share->getSharedWith(), Acl::PERMISSION_EDIT);
+		} catch (NoPermissionException $e) {
+			$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_UPDATE;
+			$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_CREATE;
+			$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_DELETE;
+		}
+
+		try {
+			$this->permissionService->checkPermission($this->cardMapper, $share->getSharedWith(), Acl::PERMISSION_SHARE);
+		} catch (NoPermissionException $e) {
+			$permissions &= Constants::PERMISSION_ALL - Constants::PERMISSION_SHARE;
+		}
+		$share->setPermissions($permissions);
+	}
 	/**
 	 * @inheritDoc
 	 */
@@ -629,7 +645,7 @@ private function resolveSharesForRecipient(array $shares, string $userId): array
 			$stmt = $query->execute();
 
 			while ($data = $stmt->fetch()) {
-				$shareMap[$data['parent']]->setPermissions((int)$data['permissions']);
+				$this->applyBoardPermission($shareMap[$data['parent']], (int)$data['permissions']);
 				$shareMap[$data['parent']]->setTarget($data['file_target']);
 			}
 
@@ -740,7 +756,6 @@ public function getSharedWith($userId, $shareType, $node, $limit, $offset): arra
 					$offset--;
 					continue;
 				}
-
 				$shares[] = $this->createShareObject($data);
 			}
 			$cursor->closeCursor();
diff --git a/src/components/card/AttachmentList.vue b/src/components/card/AttachmentList.vue
@@ -212,7 +212,6 @@ export default {
 
 					axios.post(generateOcsUrl('apps/files_sharing/api/v1', 2) + 'shares', {
 						path,
-						permissions: 19,
 						shareType: 12,
 						shareWith: '' + this.cardId,
 					}).then(() => {

Original file line number	Diff line number	Diff line change
`@@ -142,7 +142,7 @@ public function checkPermission($mapper, $id, $permission, $userId = null) {`
`142`	`142`	`}`
`143`	`143`
`144`	`144`	`if ($permission === Acl::PERMISSION_SHARE && $this->shareManager->sharingDisabledForUser($this->userId)) {`
`145`		`- return false;`
	`145`	`+ throw new NoPermissionException('Permission denied');`
`146`	`146`	`}`
`147`	`147`
`148`	`148`	`if ($this->userIsBoardOwner($boardId, $userId)) {`