fix: update re-share if shared-by user has been revoked #43025
Conversation
|
Another effected case by this issue:
|
luka-nextcloud
force-pushed
the
bugfix/error-on-reshare-after-transfer-ownership
branch
2 times, most recently
from
c298bf1
to
0828727
Compare
|
@artonge I've updated as you requested, please check again. |
There was a problem hiding this comment.
Can you add comments to clarify what each if group does?
I am also wondering if we could find this shares with the following query:
SELECT
f.fileid,
f.path,
f.storage,
s.id as share_id,
s.uid_owner as share_owner,
s.uid_initiator as share_initiator,
s.share_with as share_recipient
FROM
oc_filecache f
JOIN oc_share s ON f.fileid = s.file_source
AND s.uid_initiator NOT IN (
SELECT
user_id
FROM
oc_mounts m
WHERE
f.storage = m.storage_id
)If so, then we could have a background job to remove them every hour or so like https://github.com/nextcloud/server/blob/master/apps/files_sharing/lib/DeleteOrphanedSharesJob.php, which might be easier than the current solution.
@artonge It only works if the shared-by user refreshes his files list after his share has revoked. So, I don't think this query would do the job. |
luka-nextcloud
force-pushed
the
bugfix/error-on-reshare-after-transfer-ownership
branch
3 times, most recently
from
007d650
to
df7160f
Compare
luka-nextcloud
force-pushed
the
bugfix/error-on-reshare-after-transfer-ownership
branch
from
df7160f
to
73fb85b
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
luka-nextcloud
force-pushed
the
bugfix/error-on-reshare-after-transfer-ownership
branch
from
7e64905
to
cf9b02a
Compare
|
Tests are failing |
luka-nextcloud
force-pushed
the
bugfix/error-on-reshare-after-transfer-ownership
branch
3 times, most recently
from
323ffb4
to
0d42361
Compare
Signed-off-by: Luka Trovic <luka@nextcloud.com>
luka-nextcloud
force-pushed
the
bugfix/error-on-reshare-after-transfer-ownership
branch
from
0d42361
to
032be69
Compare
|
@come-nc Could you please review again? All checks have passed now. |
|
|
||
| public function __construct( | ||
| IDBConnection $connection, | ||
| IRootFolder $rootFolder | ||
| IRootFolder $rootFolder, | ||
| IUserMountCache $userMountCache |
There was a problem hiding this comment.
| IUserMountCache $userMountCache | |
| IUserMountCache $userMountCache, |
|
|
||
| foreach ($sharesInFolder as $shares) { | ||
| foreach ($shares as $child) { | ||
| $this->deleteShare($child); |
There was a problem hiding this comment.
For subfiles you did not check that the user still has access to it, I think?
lib/private/Share20/Manager.php
Outdated
| // If the user has another shares, we don't delete the shares by this user | ||
| if ($share->getShareType() === IShare::TYPE_USER) { | ||
| $groupShares = $this->getSharedWith($share->getSharedWith(), IShare::TYPE_GROUP, $node, -1, 0); | ||
|
|
||
| if (count($groupShares) !== 0) { | ||
| return; | ||
| } | ||
|
|
||
| // Check shares of parent folders | ||
| try { | ||
| $parentNode = $node->getParent(); | ||
| while ($parentNode) { | ||
| $groupShares = $this->getSharedWith($share->getSharedWith(), IShare::TYPE_GROUP, $parentNode, -1, 0); | ||
| $userShares = $this->getSharedWith($share->getSharedWith(), IShare::TYPE_USER, $parentNode, -1, 0); | ||
|
|
||
| if (count($groupShares) !== 0 || count($userShares) !== 0) { | ||
| return; | ||
| } | ||
|
|
||
| $parentNode = $parentNode->getParent(); | ||
| } | ||
| } catch (NotFoundException) { | ||
| } | ||
| } |
There was a problem hiding this comment.
Instead of doing all this to check if the user still has access to the file or not, does it not make more sense to directly check if the user has access to the file? We must have some tooling for that, no?
There was a problem hiding this comment.
@come-nc I cannot find another way to check this logic. Could you provide some suggestions?
There was a problem hiding this comment.
Get the user folder of the user and use getFirstNodeById would work I think.
There was a problem hiding this comment.
(Note that this would only work after deleting the share)
Signed-off-by: Luka Trovic <luka@nextcloud.com>
|
@luka-nextcloud After talking with Robin, actually the ownership transfer is supposed to update the owner of the share so there should be no problem in the first place? |
|
@come-nc Does it mean that these changes are enough for this issue?
|
No, the second diff looks like it will cause trouble by arbitrary changing sharedBy of shares. I lost track of what you are trying to fix, can you explain how to reproduce your problem? Why do you remove the exception handling removing invalid shares in OwnershipTransferService? |
|
UserC already loses access to Folder1 after step 3, right? |
No, UserC didn't lose access to Folder1 after step3. This is the issue we are trying to fix.
No error. |
Summary
TODO
Checklist