Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix resharing of federated shares that were created out of links #19793

Merged
merged 4 commits into from
Apr 27, 2020
Merged

Fix resharing of federated shares that were created out of links #19793

merged 4 commits into from
Apr 27, 2020

Conversation

juliushaertl
Copy link
Member

This basically fixes two seaparte issues that caused the issue description from below:

  • When converting a link share into a federated share, the share type LINK was kept in the oc_share entry
  • Link shares have reshare permissions by default now if outgoing server2server sharing is enabled

Steps to reproduce

  1. Create 3 different test users (User A, User B, User C)
  2. User A shares a folder with the name “FOLDER” by link (with write perms) and sends this link to User B
  3. User B takes this link and adds the shared folder to his Nextcloud space. User B can now access this shared folder as if it was his own folder.
  4. User B shares the folder to User C as a “native” share (by searching for “User C” in the share dialog)
  5. User C now sees the folder “FOLDER” in his personal Nextcloud space. As soon as User C clicks the folder it disappears and an error message pops up („Operation not permitted“). The folder is not listed under the normal files any more, but still shows up as “Shared with you”.

Caveat

One unfixed part remains. Since before this patch accessing the reshare was possible for the first time and only failed on continuous requests. This is mainly caused by the super share being initialized first

server/apps/files_sharing/lib/SharedStorage.php

Line 90 in 5bf3d1b

$this->superShare = $arguments['superShare'];
and not being updated after the external share is being scanned and the permission of the node is updated

server/lib/private/Files/Cache/Watcher.php

Line 103 in 5bf3d1b

public function update($path, $cachedData) {

@juliushaertl juliushaertl added bug 3. to review Waiting for reviews labels Mar 5, 2020
@juliushaertl juliushaertl added this to the Nextcloud 19 milestone Mar 5, 2020
nickvergessen
nickvergessen reviewed Mar 5, 2020
View reviewed changes
apps/files_sharing/lib/Controller/ShareAPIController.php
$share->setPermissions(Constants::PERMISSION_READ);
$permissions = Constants::PERMISSION_READ;
}
// TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think the reason is, that you can still mount the dav endpoint as external storage

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right, so in that case turning of share permissions on a link would be kind of hiding it only anyway.

ChristophWurst
ChristophWurst approved these changes Mar 9, 2020
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code makes sense, though I'm not a sharing expert

rullzer
rullzer approved these changes Mar 24, 2020
View reviewed changes
Copy link
Member

@rullzer rullzer left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good

@rullzer
Copy link
Member

rullzer commented Mar 24, 2020

But ci says no

@juliushaertl juliushaertl added 2. developing Work in progress and removed 3. to review Waiting for reviews labels Apr 3, 2020
@rullzer rullzer mentioned this pull request Apr 4, 2020
Merged
80 tasks
@juliushaertl juliushaertl force-pushed the bugfix/noid/link-to-federated-reshare branch from ea47311 to 2ac680c Compare April 9, 2020 09:36
@juliushaertl juliushaertl added 3. to review Waiting for reviews and removed 2. developing Work in progress labels Apr 9, 2020
@rullzer rullzer mentioned this pull request Apr 9, 2020
Merged
59 tasks
@skjnldsv
Copy link
Member

CI still says no

1) OCA\Files_Sharing\Tests\ApiTest::testCreateShareLink
128 | Failed asserting that 17 matches expected 1.
129 |  
130 | /drone/src/apps/files_sharing/tests/ApiTest.php:209
131 |  
132 | 2) OCA\Files_Sharing\Tests\ApiTest::testCreateShareLinkPublicUpload
133 | Failed asserting that 31 matches expected 15.
134 |  
135 | /drone/src/apps/files_sharing/tests/ApiTest.php:235

@skjnldsv skjnldsv added 2. developing Work in progress and removed 3. to review Waiting for reviews labels Apr 11, 2020
This was referenced Apr 15, 2020
Merged
Merged
@juliushaertl
Set proper share type when converting link shares to federated shares
45c3ee7 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
@juliushaertl
Link shares have reshare permission if outgoing federated shares are …
5646f7c 
…enabled

Signed-off-by: Julius Härtl <jus@bitgrid.net>
@juliushaertl
Remove unneeded test since links have resharing permissions by default
397ab1c 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
@juliushaertl juliushaertl force-pushed the bugfix/noid/link-to-federated-reshare branch from 2ac680c to 397ab1c Compare April 21, 2020 12:35
@juliushaertl juliushaertl removed the 2. developing Work in progress label Apr 21, 2020
@juliushaertl juliushaertl added the 4. to release Ready to be released and/or waiting for tests to finish label Apr 21, 2020
@rullzer rullzer mentioned this pull request Apr 23, 2020
Merged
11 tasks
@juliushaertl
Copy link
Member Author

juliushaertl commented Apr 23, 2020
edited

Ok, some sharing integration tests also need fixes here, I'll have another look.

@juliushaertl juliushaertl added 2. developing Work in progress and removed 4. to release Ready to be released and/or waiting for tests to finish labels Apr 23, 2020
@juliushaertl
Adjust integration tests to new permissions
7a9469f 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
@juliushaertl
Copy link
Member Author

Fine now. The integration-sharees-* ones are different issues failing on master as well.

@juliushaertl juliushaertl added 4. to release Ready to be released and/or waiting for tests to finish and removed 2. developing Work in progress labels Apr 23, 2020
@MorrisJobke MorrisJobke merged commit 1738e17 into master Apr 27, 2020
@MorrisJobke MorrisJobke deleted the bugfix/noid/link-to-federated-reshare branch April 27, 2020 09:05
skjnldsv
skjnldsv reviewed Apr 29, 2020
View reviewed changes
apps/files_sharing/lib/Controller/ShareAPIController.php
}
// TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones
if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
$permissions |= Constants::PERMISSION_SHARE;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So, this actually breaks the UI.
Because suddenly we have SHARE+READ (17) instead of just READ (1).
The front doesn't understand it as it's not part of the available options.

@juliushaertl

Copy link
Member

@skjnldsv skjnldsv Apr 29, 2020
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

server/apps/files_sharing/src/components/SharingEntryLink.vue

Lines 352 to 355 in 699cbeb

publicUploadRWValue: OC.PERMISSION_UPDATE | OC.PERMISSION_CREATE | OC.PERMISSION_READ | OC.PERMISSION_DELETE,
publicUploadRValue: OC.PERMISSION_READ,
publicUploadWValue: OC.PERMISSION_CREATE,

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So it's even worse, we add the Share permission on create
But we always remove it on update. 🤔

server/apps/files_sharing/lib/Controller/ShareAPIController.php

Lines 992 to 993 in cb05782

$newPermissions = (int) $permissions;
$newPermissions = $newPermissions & ~Constants::PERMISSION_SHARE;

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fix in progress in #20726

@skjnldsv skjnldsv mentioned this pull request Apr 29, 2020
Merged
@skjnldsv
Copy link
Member

Also, needs backport, no ?

@skjnldsv
Copy link
Member

/backport to stable18

@backportbot-nextcloud
Copy link

The backport to stable18 failed. Please do this backport manually.

@MorrisJobke
Copy link
Member

Also, needs backport, no ?

@juliushaertl 🏓

This was referenced May 26, 2020
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nickvergessen nickvergessen nickvergessen left review comments

@skjnldsv skjnldsv skjnldsv left review comments

@rullzer rullzer rullzer approved these changes

@MorrisJobke MorrisJobke MorrisJobke approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@schiessle schiessle Awaiting requested review from schiessle

@kesselb kesselb Awaiting requested review from kesselb

@icewind1991 icewind1991 Awaiting requested review from icewind1991

Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish bug
Projects
None yet
Milestone
Nextcloud 19
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@juliushaertl @rullzer @skjnldsv @MorrisJobke @nickvergessen @ChristophWurst