From f12b030d8e011518b93eb91478e220400bbf07f7 Mon Sep 17 00:00:00 2001
From: Roeland Jago Douma <rullzer@owncloud.com>
Date: Fri, 26 Feb 2016 14:58:41 +0100
Subject: [PATCH] When the Share API is disabled do not return shares

Fixes #22668

Block everything in the OCS Share API
---
 apps/files_sharing/api/share20ocs.php         | 20 ++++++
 .../tests/api/share20ocstest.php              | 71 +++++++++++++++++++
 2 files changed, 91 insertions(+)

diff --git a/apps/files_sharing/api/share20ocs.php b/apps/files_sharing/api/share20ocs.php
index 4abd821f2ae5..b458590546db 100644
--- a/apps/files_sharing/api/share20ocs.php
+++ b/apps/files_sharing/api/share20ocs.php
@@ -158,6 +158,10 @@ public function getShare($id) {
 		// Try both our default, and our federated provider..
 		$share = null;
 
+		if (!$this->shareManager->shareApiEnabled()) {
+			return new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		}
+
 		// First check if it is an internal share.
 		try {
 			$share = $this->shareManager->getShareById('ocinternal:'.$id);
@@ -200,6 +204,10 @@ public function deleteShare($id) {
 		// Try both our default and our federated provider
 		$share = null;
 
+		if (!$this->shareManager->shareApiEnabled()) {
+			return new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		}
+
 		try {
 			$share = $this->shareManager->getShareById('ocinternal:' . $id);
 		} catch (ShareNotFound $e) {
@@ -235,6 +243,10 @@ public function deleteShare($id) {
 	public function createShare() {
 		$share = $this->shareManager->newShare();
 
+		if (!$this->shareManager->shareApiEnabled()) {
+			return new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		}
+
 		// Verify path
 		$path = $this->request->getParam('path', null);
 		if ($path === null) {
@@ -448,6 +460,10 @@ private function getSharesInDir($folder) {
 	 * @return \OC_OCS_Result
 	 */
 	public function getShares() {
+		if (!$this->shareManager->shareApiEnabled()) {
+			return new \OC_OCS_Result();
+		}
+
 		$sharedWithMe = $this->request->getParam('shared_with_me', null);
 		$reshares = $this->request->getParam('reshares', null);
 		$subfiles = $this->request->getParam('subfiles');
@@ -508,6 +524,10 @@ public function updateShare($id) {
 		// Try both our default and our federated provider
 		$share = null;
 
+		if (!$this->shareManager->shareApiEnabled()) {
+			return new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		}
+
 		try {
 			$share = $this->shareManager->getShareById('ocinternal:' . $id);
 		} catch (ShareNotFound $e) {
diff --git a/apps/files_sharing/tests/api/share20ocstest.php b/apps/files_sharing/tests/api/share20ocstest.php
index 81db3b963335..a37b6d33cc6c 100644
--- a/apps/files_sharing/tests/api/share20ocstest.php
+++ b/apps/files_sharing/tests/api/share20ocstest.php
@@ -65,6 +65,10 @@ protected function setUp() {
 		$this->shareManager = $this->getMockBuilder('OCP\Share\IManager')
 			->disableOriginalConstructor()
 			->getMock();
+		$this->shareManager
+			->expects($this->any())
+			->method('shareApiEnabled')
+			->willReturn(true);
 		$this->groupManager = $this->getMock('OCP\IGroupManager');
 		$this->userManager = $this->getMock('OCP\IUserManager');
 		$this->request = $this->getMock('OCP\IRequest');
@@ -1813,7 +1817,74 @@ public function testFormatShare(array $expects, \OCP\Share\IShare $share, array
 		} catch (NotFoundException $e) {
 			$this->assertTrue($exception);
 		}
+	}
+
+	/**
+	 * @return Share20OCS
+	 */
+	public function getOcsDisabledAPI() {
+		$shareManager = $this->getMockBuilder('OCP\Share\IManager')
+			->disableOriginalConstructor()
+			->getMock();
+		$shareManager
+			->expects($this->any())
+			->method('shareApiEnabled')
+			->willReturn(false);
+
+		return new Share20OCS(
+			$shareManager,
+			$this->groupManager,
+			$this->userManager,
+			$this->request,
+			$this->rootFolder,
+			$this->urlGenerator,
+			$this->currentUser
+		);
+	}
+
+	public function testGetShareApiDisabled() {
+		$ocs = $this->getOcsDisabledAPI();
+
+		$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		$result = $ocs->getShare('my:id');
+
+		$this->assertEquals($expected, $result);
+	}
+
+	public function testDeleteShareApiDisabled() {
+		$ocs = $this->getOcsDisabledAPI();
+
+		$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		$result = $ocs->deleteShare('my:id');
+
+		$this->assertEquals($expected, $result);
+	}
+
+
+	public function testCreateShareApiDisabled() {
+		$ocs = $this->getOcsDisabledAPI();
+
+		$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		$result = $ocs->createShare();
+
+		$this->assertEquals($expected, $result);
+	}
+
+	public function testGetSharesApiDisabled() {
+		$ocs = $this->getOcsDisabledAPI();
+
+		$expected = new \OC_OCS_Result();
+		$result = $ocs->getShares();
+
+		$this->assertEquals($expected, $result);
+	}
+
+	public function testUpdateShareApiDisabled() {
+		$ocs = $this->getOcsDisabledAPI();
 
+		$expected = new \OC_OCS_Result(null, 404, 'Share API is disabled');
+		$result = $ocs->updateShare('my:id');
 
+		$this->assertEquals($expected, $result);
 	}
 }