Allow storage wrappers to through a forbidden exception with retry in…

…formation

apps/dav/lib/connector/sabre/directory.php

@@ -28,8 +28,10 @@
  */
 namespace OCA\DAV\Connector\Sabre;
 
+use OCA\DAV\Connector\Sabre\Exception\Forbidden;
 use OCA\DAV\Connector\Sabre\Exception\InvalidPath;
 use OCA\DAV\Connector\Sabre\Exception\FileLocked;
+use OCP\Files\ForbiddenException;
 use OCP\Lock\ILockingProvider;
 use OCP\Lock\LockedException;
 use Sabre\DAV\Exception\Locked;
@@ -117,6 +119,8 @@ public function createFile($name, $data = null) {
 			throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage());
 		} catch (\OCP\Files\InvalidPathException $ex) {
 			throw new InvalidPath($ex->getMessage());
+		} catch (ForbiddenException $ex) {
+			throw new Forbidden($ex->getMessage(), $ex->getRetry());
 		} catch (LockedException $e) {
 			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
 		}
@@ -146,6 +150,8 @@ public function createDirectory($name) {
 			throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage());
 		} catch (\OCP\Files\InvalidPathException $ex) {
 			throw new InvalidPath($ex->getMessage());
+		} catch (ForbiddenException $ex) {
+			throw new Forbidden($ex->getMessage(), $ex->getRetry());
 		} catch (LockedException $e) {
 			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
 		}
@@ -247,6 +253,8 @@ public function delete() {
 				// assume it wasn't possible to remove due to permission issue
 				throw new \Sabre\DAV\Exception\Forbidden();
 			}
+		} catch (ForbiddenException $ex) {
+			throw new Forbidden($ex->getMessage(), $ex->getRetry());
 		} catch (LockedException $e) {
 			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
 		}

apps/dav/lib/connector/sabre/exception/forbidden.php

@@ -0,0 +1,64 @@
+<?php
+/**
+ * @author Joas Schilling <nickvergessen@owncloud.com>
+ *
+ * @copyright Copyright (c) 2015, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\DAV\Connector\Sabre\Exception;
+
+class Forbidden extends \Sabre\DAV\Exception\Forbidden {
+
+	const NS_OWNCLOUD = 'http://owncloud.org/ns';
+
+	/**
+	 * @var bool
+	 */
+	private $retry;
+
+	/**
+	 * @param string $message
+	 * @param bool $retry
+	 * @param \Exception $previous
+	 */
+	public function __construct($message, $retry = false, \Exception $previous = null) {
+		parent::__construct($message, 0, $previous);
+		$this->retry = $retry;
+	}
+
+	/**
+	 * This method allows the exception to include additional information
+	 * into the WebDAV error response
+	 *
+	 * @param \Sabre\DAV\Server $server
+	 * @param \DOMElement $errorNode
+	 * @return void
+	 */
+	public function serialize(\Sabre\DAV\Server $server,\DOMElement $errorNode) {
+
+		// set ownCloud namespace
+		$errorNode->setAttribute('xmlns:o', self::NS_OWNCLOUD);
+
+		// adding the retry node
+		$error = $errorNode->ownerDocument->createElementNS('o:','o:retry', var_export($this->retry, true));
+		$errorNode->appendChild($error);
+
+		// adding the message node
+		$error = $errorNode->ownerDocument->createElementNS('o:','o:reason', $this->getMessage());
+		$errorNode->appendChild($error);
+	}
+}

apps/dav/lib/connector/sabre/file.php

@@ -35,9 +35,11 @@
 use OC\Files\Filesystem;
 use OCA\DAV\Connector\Sabre\Exception\EntityTooLarge;
 use OCA\DAV\Connector\Sabre\Exception\FileLocked;
+use OCA\DAV\Connector\Sabre\Exception\Forbidden as DAVForbiddenException;
 use OCA\DAV\Connector\Sabre\Exception\UnsupportedMediaType;
 use OCP\Encryption\Exceptions\GenericEncryptionException;
 use OCP\Files\EntityTooLargeException;
+use OCP\Files\ForbiddenException;
 use OCP\Files\InvalidContentException;
 use OCP\Files\InvalidPathException;
 use OCP\Files\LockNotAcquiredException;
@@ -175,6 +177,8 @@ public function put($data) {
 						\OCP\Util::writeLog('webdav', 'renaming part file to final file failed', \OCP\Util::ERROR);
 						throw new Exception('Could not rename part file to final file');
 					}
+				} catch (ForbiddenException $ex) {
+					throw new DAVForbiddenException($ex->getMessage(), $ex->getRetry());
 				} catch (\Exception $e) {
 					$partStorage->unlink($internalPartPath);
 					$this->convertToSabreException($e);
@@ -273,6 +277,8 @@ public function get() {
 			throw new ServiceUnavailable("Encryption not ready: " . $e->getMessage());
 		} catch (StorageNotAvailableException $e) {
 			throw new ServiceUnavailable("Failed to open file: " . $e->getMessage());
+		} catch (ForbiddenException $ex) {
+			throw new DAVForbiddenException($ex->getMessage(), $ex->getRetry());
 		} catch (LockedException $e) {
 			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
 		}
@@ -296,6 +302,8 @@ public function delete() {
 			}
 		} catch (StorageNotAvailableException $e) {
 			throw new ServiceUnavailable("Failed to unlink: " . $e->getMessage());
+		} catch (ForbiddenException $ex) {
+			throw new DAVForbiddenException($ex->getMessage(), $ex->getRetry());
 		} catch (LockedException $e) {
 			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
 		}
@@ -474,6 +482,10 @@ private function convertToSabreException(\Exception $e) {
 			// a more general case - due to whatever reason the content could not be written
 			throw new Forbidden($e->getMessage(), 0, $e);
 		}
+		if ($e instanceof ForbiddenException) {
+			// the path for the file was forbidden
+			throw new DAVForbiddenException($e->getMessage(), $e->getRetry(), $e);
+		}
 		if ($e instanceof EntityTooLargeException) {
 			// the file is too big to be stored
 			throw new EntityTooLarge($e->getMessage(), 0, $e);

apps/dav/lib/connector/sabre/objecttree.php

@@ -25,10 +25,12 @@
 
 namespace OCA\DAV\Connector\Sabre;
 
+use OCA\DAV\Connector\Sabre\Exception\Forbidden;
 use OCA\DAV\Connector\Sabre\Exception\InvalidPath;
 use OCA\DAV\Connector\Sabre\Exception\FileLocked;
 use OC\Files\FileInfo;
 use OC\Files\Mount\MoveableMount;
+use OCP\Files\ForbiddenException;
 use OCP\Files\StorageInvalidException;
 use OCP\Files\StorageNotAvailableException;
 use OCP\Lock\LockedException;
@@ -235,6 +237,8 @@ public function move($sourcePath, $destinationPath) {
 			}
 		} catch (StorageNotAvailableException $e) {
 			throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage());
+		} catch (ForbiddenException $ex) {
+			throw new Forbidden($ex->getMessage(), $ex->getRetry());
 		} catch (LockedException $e) {
 			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
 		}
@@ -274,6 +278,8 @@ public function copy($source, $destination) {
 			$this->fileView->copy($source, $destination);
 		} catch (StorageNotAvailableException $e) {
 			throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage());
+		} catch (ForbiddenException $ex) {
+			throw new Forbidden($ex->getMessage(), $ex->getRetry());
 		} catch (LockedException $e) {
 			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
 		}

apps/dav/tests/unit/connector/sabre/directory.php

@@ -9,6 +9,8 @@
 
 namespace OCA\DAV\Tests\Unit\Connector\Sabre;
 
+use OCP\Files\ForbiddenException;
+
 class Directory extends \Test\TestCase {
 
 	/** @var \OC\Files\View | \PHPUnit_Framework_MockObject_MockObject */
@@ -48,6 +50,25 @@ public function testDeleteRootFolderFails() {
 		$dir->delete();
 	}
 
+	/**
+	 * @expectedException \OCA\DAV\Connector\Sabre\Exception\Forbidden
+	 */
+	public function testDeleteForbidden() {
+		// deletion allowed
+		$this->info->expects($this->once())
+			->method('isDeletable')
+			->will($this->returnValue(true));
+
+		// but fails
+		$this->view->expects($this->once())
+			->method('rmdir')
+			->with('sub')
+			->willThrowException(new ForbiddenException('', true));
+
+		$dir = $this->getDir('sub');
+		$dir->delete();
+	}
+
 	/**
 	 *
 	 */

apps/dav/tests/unit/connector/sabre/exception/forbiddentest.php

@@ -0,0 +1,44 @@
+<?php
+/**
+ * Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OCA\DAV\Tests\Unit\Connector\Sabre\Exception;
+
+use OCA\DAV\Connector\Sabre\Exception\Forbidden;
+
+class ForbiddenTest extends \Test\TestCase {
+
+	public function testSerialization() {
+
+		// create xml doc
+		$DOM = new \DOMDocument('1.0','utf-8');
+		$DOM->formatOutput = true;
+		$error = $DOM->createElementNS('DAV:','d:error');
+		$error->setAttribute('xmlns:s', \Sabre\DAV\Server::NS_SABREDAV);
+		$DOM->appendChild($error);
+
+		// serialize the exception
+		$message = "1234567890";
+		$retry = false;
+		$expectedXml = <<<EOD
+<?xml version="1.0" encoding="utf-8"?>
+<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:o="http://owncloud.org/ns">
+  <o:retry xmlns:o="o:">false</o:retry>
+  <o:reason xmlns:o="o:">1234567890</o:reason>
+</d:error>
+
+EOD;
+
+		$ex = new Forbidden($message, $retry);
+		$server = $this->getMock('Sabre\DAV\Server');
+		$ex->serialize($server, $error);
+
+		// assert
+		$xml = $DOM->saveXML();
+		$this->assertEquals($expectedXml, $xml);
+	}
+}

apps/dav/tests/unit/connector/sabre/exception/invalidpathtest.php

@@ -1,15 +1,15 @@
 <?php
-
-namespace OCA\DAV\Tests\Unit\Connector\Sabre\Exception;
-
-use OCA\DAV\Connector\Sabre\Exception\InvalidPath;
-
 /**
  * Copyright (c) 2015 Thomas Müller <deepdiver@owncloud.com>
  * This file is licensed under the Affero General Public License version 3 or
  * later.
  * See the COPYING-README file.
  */
+
+namespace OCA\DAV\Tests\Unit\Connector\Sabre\Exception;
+
+use OCA\DAV\Connector\Sabre\Exception\InvalidPath;
+
 class InvalidPathTest extends \Test\TestCase {
 
 	public function testSerialization() {

apps/dav/tests/unit/connector/sabre/file.php

@@ -9,6 +9,7 @@
 namespace OCA\DAV\Tests\Unit\Connector\Sabre;
 
 use OC\Files\Storage\Local;
+use OCP\Files\ForbiddenException;
 use Test\HookHelper;
 use OC\Files\Filesystem;
 use OCP\Lock\ILockingProvider;
@@ -72,6 +73,10 @@ public function fopenFailuresProvider() {
 				new \OCP\Files\InvalidPathException(),
 				'Sabre\DAV\Exception\Forbidden'
 			],
+			[
+				new \OCP\Files\ForbiddenException('', true),
+				'OCA\DAV\Connector\Sabre\Exception\Forbidden'
+			],
 			[
 				new \OCP\Files\LockNotAcquiredException('/test.txt', 1),
 				'OCA\DAV\Connector\Sabre\Exception\FileLocked'
@@ -690,6 +695,29 @@ public function testDeleteThrowsWhenDeletionFailed() {
 		$file->delete();
 	}
 
+	/**
+	 * @expectedException \OCA\DAV\Connector\Sabre\Exception\Forbidden
+	 */
+	public function testDeleteThrowsWhenDeletionThrows() {
+		// setup
+		$view = $this->getMock('\OC\Files\View',
+			array());
+
+		// but fails
+		$view->expects($this->once())
+			->method('unlink')
+			->willThrowException(new ForbiddenException('', true));
+
+		$info = new \OC\Files\FileInfo('/test.txt', null, null, array(
+			'permissions' => \OCP\Constants::PERMISSION_ALL
+		), null);
+
+		$file = new \OCA\DAV\Connector\Sabre\File($view, $info);
+
+		// action
+		$file->delete();
+	}
+
 	/**
 	 * Asserts hook call
 	 *
@@ -835,4 +863,22 @@ public function testGetFopenFails() {
 
 		$file->get();
 	}
+
+	/**
+	 * @expectedException \OCA\DAV\Connector\Sabre\Exception\Forbidden
+	 */
+	public function testGetFopenThrows() {
+		$view = $this->getMock('\OC\Files\View', ['fopen'], array());
+		$view->expects($this->atLeastOnce())
+			->method('fopen')
+			->willThrowException(new ForbiddenException('', true));
+
+		$info = new \OC\Files\FileInfo('/test.txt', null, null, array(
+			'permissions' => \OCP\Constants::PERMISSION_ALL
+		), null);
+
+		$file = new \OCA\DAV\Connector\Sabre\File($view, $info);
+
+		$file->get();
+	}
 }

lib/private/cache/file.php

@@ -185,6 +185,8 @@ public function gc() {
 					} catch (\OCP\Lock\LockedException $e) {
 						// ignore locked chunks
 						\OC::$server->getLogger()->debug('Could not cleanup locked chunk "' . $file . '"', array('app' => 'core'));
+					} catch (\OCP\Files\ForbiddenException $e) {
+						\OC::$server->getLogger()->debug('Could not cleanup forbidden chunk "' . $file . '"', array('app' => 'core'));
 					} catch (\OCP\Files\LockNotAcquiredException $e) {
 						\OC::$server->getLogger()->debug('Could not cleanup locked chunk "' . $file . '"', array('app' => 'core'));
 					}

lib/private/files.php

@@ -142,6 +142,11 @@ public static function get($dir, $files, $onlyHeader = false) {
 			$l = \OC::$server->getL10N('core');
 			$hint = method_exists($ex, 'getHint') ? $ex->getHint() : '';
 			\OC_Template::printErrorPage($l->t('File is currently busy, please try again later'), $hint);
+		} catch (\OCP\Files\ForbiddenException $ex) {
+			self::unlockAllTheFiles($dir, $files, $getType, $view, $filename);
+			OC::$server->getLogger()->logException($ex);
+			$l = \OC::$server->getL10N('core');
+			\OC_Template::printErrorPage($l->t('Can\'t read file'), $ex->getMessage());
 		} catch (\Exception $ex) {
 			self::unlockAllTheFiles($dir, $files, $getType, $view, $filename);
 			OC::$server->getLogger()->logException($ex);

lib/private/files/cache/scanner.php

@@ -432,6 +432,8 @@ public function backgroundScan() {
 				// skip unavailable storages
 			} catch (\OCP\Files\StorageNotAvailableException $e) {
 				// skip unavailable storages
+			} catch (\OCP\Files\ForbiddenException $e) {
+				// skip forbidden storages
 			} catch (\OCP\Lock\LockedException $e) {
 				// skip unavailable storages
 			}