Skip to content
Permalink
Browse files

Additional perm check in Webdav

  • Loading branch information...
PVince81 committed Jul 6, 2016
1 parent 8f42a1f commit acbbadb71ceee7f01da347f7dcd519beda78cc47
Showing with 91 additions and 2 deletions.
  1. +8 −0 lib/private/connector/sabre/objecttree.php
  2. +83 −2 tests/lib/connector/sabre/objecttree.php
@@ -206,6 +206,14 @@ public function copy($source, $destination) {
// this will trigger existence check
$this->getNodeForPath($source);
$destinationDir = dirname($destination);
if ($destinationDir === '.') {
$destinationDir = '';
}
if (!$this->fileView->isCreatable($destinationDir)) {
throw new \Sabre\DAV\Exception\Forbidden();
}
try {
if ($this->fileView->is_file($source)) {
$this->fileView->copy($source, $destination);
@@ -10,7 +10,7 @@
use OC\Files\FileInfo;
use OC_Connector_Sabre_Directory;
use OC\Files\Storage\Temporary;
use PHPUnit_Framework_TestCase;
class TestDoubleFileView extends \OC\Files\View {
@@ -103,7 +103,7 @@ private function moveTest($source, $dest, $updatables, $deletables) {
$info = new FileInfo('', null, null, array(), null);
$rootDir = new OC_Connector_Sabre_Directory($view, $info);
$rootDir = new \OC_Connector_Sabre_Directory($view, $info);
$objectTree = $this->getMock('\OC\Connector\Sabre\ObjectTree',
array('nodeExists', 'getNodeForPath'),
array($rootDir, $view));
@@ -119,4 +119,85 @@ private function moveTest($source, $dest, $updatables, $deletables) {
$objectTree->move($source, $dest);
}
public function copyDataProvider() {
return [
// copy into same dir
['a', 'b', ''],
// copy into same dir
['a/a', 'a/b', 'a'],
// copy into another dir
['a', 'sub/a', 'sub'],
];
}
/**
* @dataProvider copyDataProvider
*/
public function testCopy($sourcePath, $targetPath, $targetParent) {
$view = $this->getMock('\OC\Files\View');
$view->expects($this->once())
->method('is_file')
->with($sourcePath)
->will($this->returnValue(true));
$view->expects($this->once())
->method('isCreatable')
->with($targetParent)
->will($this->returnValue(true));
$view->expects($this->once())
->method('copy')
->with($sourcePath, $targetPath)
->will($this->returnValue(true));
$info = new FileInfo('', null, null, array(), null);
$rootDir = new \OC_Connector_Sabre_Directory($view, $info);
$objectTree = $this->getMock('\OC\Connector\Sabre\ObjectTree',
array('nodeExists', 'getNodeForPath'),
array($rootDir, $view));
$objectTree->expects($this->once())
->method('getNodeForPath')
->with($this->identicalTo($sourcePath))
->will($this->returnValue(false));
/** @var $objectTree \OC\Connector\Sabre\ObjectTree */
$mountManager = \OC\Files\Filesystem::getMountManager();
$objectTree->init($rootDir, $view, $mountManager);
$objectTree->copy($sourcePath, $targetPath);
}
/**
* @dataProvider copyDataProvider
* @expectedException \Sabre\DAV\Exception\Forbidden
*/
public function testCopyFailNotCreatable($sourcePath, $targetPath, $targetParent) {
$view = $this->getMock('\OC\Files\View');
$view->expects($this->any())
->method('is_file')
->with($sourcePath)
->will($this->returnValue(true));
$view->expects($this->once())
->method('isCreatable')
->with($targetParent)
->will($this->returnValue(false));
$view->expects($this->never())
->method('copy');
$info = new FileInfo('', null, null, array(), null);
$rootDir = new \OC_Connector_Sabre_Directory($view, $info);
$objectTree = $this->getMock('\OC\Connector\Sabre\ObjectTree',
array('nodeExists', 'getNodeForPath'),
array($rootDir, $view));
$objectTree->expects($this->once())
->method('getNodeForPath')
->with($this->identicalTo($sourcePath))
->will($this->returnValue(false));
/** @var $objectTree \OC\Connector\Sabre\ObjectTree */
$mountManager = \OC\Files\Filesystem::getMountManager();
$objectTree->init($rootDir, $view, $mountManager);
$objectTree->copy($sourcePath, $targetPath);
}
}

0 comments on commit acbbadb

Please sign in to comment.
You can’t perform that action at this time.