Skip to content
Permalink
Browse files Browse the repository at this point in the history
Additional perm check in Webdav
  • Loading branch information
Vincent Petry committed Jul 12, 2016
1 parent bf9524e commit 0622e63
Show file tree
Hide file tree
Showing 2 changed files with 87 additions and 0 deletions.
5 changes: 5 additions & 0 deletions lib/private/connector/sabre/objecttree.php
Expand Up @@ -270,6 +270,11 @@ public function copy($source, $destination) {
throw new InvalidPath($ex->getMessage());
}

// Webdav's copy will implicitly do a delete+create, so only create+delete permissions are required
if (!$this->fileView->isCreatable($destinationDir)) {
throw new \Sabre\DAV\Exception\Forbidden();
}

try {
$this->fileView->copy($source, $destination);
} catch (StorageNotAvailableException $e) {
Expand Down
82 changes: 82 additions & 0 deletions tests/lib/connector/sabre/objecttree.php
Expand Up @@ -119,6 +119,88 @@ private function moveTest($source, $destination, $updatables, $deletables) {
$objectTree->move($source, $destination);
}

public function copyDataProvider() {
return [
// copy into same dir
['a', 'b', ''],
// copy into same dir
['a/a', 'a/b', 'a'],
// copy into another dir
['a', 'sub/a', 'sub'],
];
}

/**
* @dataProvider copyDataProvider
*/
public function testCopy($sourcePath, $targetPath, $targetParent) {
$view = $this->getMock('\OC\Files\View');
$view->expects($this->once())
->method('verifyPath')
->with($targetParent)
->will($this->returnValue(true));
$view->expects($this->once())
->method('isCreatable')
->with($targetParent)
->will($this->returnValue(true));
$view->expects($this->once())
->method('copy')
->with($sourcePath, $targetPath)
->will($this->returnValue(true));

$info = new FileInfo('', null, null, array(), null);

$rootDir = new \OC\Connector\Sabre\Directory($view, $info);
$objectTree = $this->getMock('\OC\Connector\Sabre\ObjectTree',
array('nodeExists', 'getNodeForPath'),
array($rootDir, $view));

$objectTree->expects($this->once())
->method('getNodeForPath')
->with($this->identicalTo($sourcePath))
->will($this->returnValue(false));

/** @var $objectTree \OC\Connector\Sabre\ObjectTree */
$mountManager = \OC\Files\Filesystem::getMountManager();
$objectTree->init($rootDir, $view, $mountManager);
$objectTree->copy($sourcePath, $targetPath);
}

/**
* @dataProvider copyDataProvider
* @expectedException \Sabre\DAV\Exception\Forbidden
*/
public function testCopyFailNotCreatable($sourcePath, $targetPath, $targetParent) {
$view = $this->getMock('\OC\Files\View');
$view->expects($this->once())
->method('verifyPath')
->with($targetParent)
->will($this->returnValue(true));
$view->expects($this->once())
->method('isCreatable')
->with($targetParent)
->will($this->returnValue(false));
$view->expects($this->never())
->method('copy');

$info = new FileInfo('', null, null, array(), null);

$rootDir = new \OC\Connector\Sabre\Directory($view, $info);
$objectTree = $this->getMock('\OC\Connector\Sabre\ObjectTree',
array('nodeExists', 'getNodeForPath'),
array($rootDir, $view));

$objectTree->expects($this->once())
->method('getNodeForPath')
->with($this->identicalTo($sourcePath))
->will($this->returnValue(false));

/** @var $objectTree \OC\Connector\Sabre\ObjectTree */
$mountManager = \OC\Files\Filesystem::getMountManager();
$objectTree->init($rootDir, $view, $mountManager);
$objectTree->copy($sourcePath, $targetPath);
}

/**
* @dataProvider nodeForPathProvider
*/
Expand Down

0 comments on commit 0622e63

Please sign in to comment.