Allow blocking of group sharing

apps/files_sharing/api/share20ocs.php

@@ -264,6 +264,10 @@ public function createShare() {
 			$share->setSharedWith($shareWith);
 			$share->setPermissions($permissions);
 		} else if ($shareType === \OCP\Share::SHARE_TYPE_GROUP) {
+			if (!$this->shareManager->allowGroupSharing()) {
+				return new \OC_OCS_Result(null, 404, 'group sharing is disabled by the administrator');
+			}
+
 			// Valid group is required to share
 			if ($shareWith === null || !$this->groupManager->groupExists($shareWith)) {
 				return new \OC_OCS_Result(null, 404, 'please specify a valid group');

apps/files_sharing/api/sharees.php

@@ -62,6 +62,9 @@ class Sharees {
 	/** @var ILogger */
 	protected $logger;
 
+	/** @var \OCP\Share\IManager */
+	protected $shareManager;
+
 	/** @var bool */
 	protected $shareWithGroupOnly = false;
 
@@ -97,6 +100,7 @@ class Sharees {
 	 * @param IURLGenerator $urlGenerator
 	 * @param IRequest $request
 	 * @param ILogger $logger
+	 * @param \OCP\Share\IManager $shareManager
 	 */
 	public function __construct(IGroupManager $groupManager,
 								IUserManager $userManager,
@@ -105,7 +109,8 @@ public function __construct(IGroupManager $groupManager,
 								IUserSession $userSession,
 								IURLGenerator $urlGenerator,
 								IRequest $request,
-								ILogger $logger) {
+								ILogger $logger,
+								\OCP\Share\IManager $shareManager) {
 		$this->groupManager = $groupManager;
 		$this->userManager = $userManager;
 		$this->contactsManager = $contactsManager;
@@ -114,6 +119,7 @@ public function __construct(IGroupManager $groupManager,
 		$this->urlGenerator = $urlGenerator;
 		$this->request = $request;
 		$this->logger = $logger;
+		$this->shareManager = $shareManager;
 	}
 
 	/**
@@ -411,9 +417,14 @@ public function search() {
 
 		$shareTypes = [
 			Share::SHARE_TYPE_USER,
-			Share::SHARE_TYPE_GROUP,
-			Share::SHARE_TYPE_REMOTE,
 		];
+
+		if ($this->shareManager->allowGroupSharing()) {
+			$shareTypes[] = Share::SHARE_TYPE_GROUP;
+		}
+
+		$shareTypes[] = Share::SHARE_TYPE_REMOTE;
+
 		if (isset($_GET['shareType']) && is_array($_GET['shareType'])) {
 			$shareTypes = array_intersect($shareTypes, $_GET['shareType']);
 			sort($shareTypes);

apps/files_sharing/appinfo/routes.php

@@ -126,7 +126,8 @@ function() {
                                               \OC::$server->getUserSession(),
                                               \OC::$server->getURLGenerator(),
                                               \OC::$server->getRequest(),
-                                              \OC::$server->getLogger());
+                                              \OC::$server->getLogger(),
+                                              \OC::$server->getShareManager());
 
 API::register('get',
 		'/apps/files_sharing/api/v1/sharees',

apps/files_sharing/tests/api/share20ocstest.php

@@ -759,9 +759,12 @@ public function testCreateShareGroup() {
 				->with('valid-path')
 				->willReturn($path);
 
-		$group = $this->getMock('\OCP\IGroup');
 		$this->groupManager->method('groupExists')->with('validGroup')->willReturn(true);
 
+		$this->shareManager->expects($this->once())
+			->method('allowGroupSharing')
+			->willReturn(true);
+
 		$share->method('setPath')->with($path);
 		$share->method('setPermissions')->with(\OCP\Constants::PERMISSION_ALL);
 		$share->method('setShareType')->with(\OCP\Share::SHARE_TYPE_GROUP);
@@ -775,6 +778,51 @@ public function testCreateShareGroup() {
 		$this->assertEquals($expected->getData(), $result->getData());
 	}
 
+	public function testCreateShareGroupNotAllowed() {
+		$share = $this->getMock('\OCP\Share\IShare');
+		$this->shareManager->method('newShare')->willReturn($share);
+
+		$this->request
+			->method('getParam')
+			->will($this->returnValueMap([
+				['path', null, 'valid-path'],
+				['permissions', null, \OCP\Constants::PERMISSION_ALL],
+				['shareType', '-1', \OCP\Share::SHARE_TYPE_GROUP],
+				['shareWith', null, 'validGroup'],
+			]));
+
+		$userFolder = $this->getMock('\OCP\Files\Folder');
+		$this->rootFolder->expects($this->once())
+			->method('getUserFolder')
+			->with('currentUser')
+			->willReturn($userFolder);
+
+		$path = $this->getMock('\OCP\Files\Folder');
+		$storage = $this->getMock('OCP\Files\Storage');
+		$storage->method('instanceOfStorage')
+			->with('OCA\Files_Sharing\External\Storage')
+			->willReturn(false);
+		$path->method('getStorage')->willReturn($storage);
+		$userFolder->expects($this->once())
+			->method('get')
+			->with('valid-path')
+			->willReturn($path);
+
+		$this->groupManager->method('groupExists')->with('validGroup')->willReturn(true);
+
+		$this->shareManager->expects($this->once())
+			->method('allowGroupSharing')
+			->willReturn(false);
+
+		$share->method('setPath')->with($path);
+
+		$expected = new \OC_OCS_Result(null, 404, 'group sharing is disabled by the administrator');
+		$result = $this->ocs->createShare();
+
+		$this->assertEquals($expected->getMeta(), $result->getMeta());
+		$this->assertEquals($expected->getData(), $result->getData());
+	}
+
 	public function testCreateShareLinkNoLinksAllowed() {
 		$this->request
 			->method('getParam')

apps/files_sharing/tests/api/shareestest.php

@@ -55,6 +55,9 @@ class ShareesTest extends TestCase {
 	/** @var \OCP\IRequest|\PHPUnit_Framework_MockObject_MockObject */
 	protected $request;
 
+	/** @var \OCP\Share\IManager|\PHPUnit_Framework_MockObject_MockObject */
+	protected $shareManager;
+
 	protected function setUp() {
 		parent::setUp();
 
@@ -78,6 +81,10 @@ protected function setUp() {
 			->disableOriginalConstructor()
 			->getMock();
 
+		$this->shareManager = $this->getMockBuilder('OCP\Share\IManager')
+			->disableOriginalConstructor()
+			->getMock();
+
 		$this->sharees = new Sharees(
 			$this->groupManager,
 			$this->userManager,
@@ -86,7 +93,8 @@ protected function setUp() {
 			$this->session,
 			$this->getMockBuilder('OCP\IURLGenerator')->disableOriginalConstructor()->getMock(),
 			$this->request,
-			$this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock()
+			$this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock(),
+			$this->shareManager
 		);
 	}
 
@@ -966,89 +974,95 @@ public function dataSearch() {
 		$allTypes = [Share::SHARE_TYPE_USER, Share::SHARE_TYPE_GROUP, Share::SHARE_TYPE_REMOTE];
 
 		return [
-			[[], '', 'yes', true, '', null, $allTypes, 1, 200, false, true],
+			[[], '', 'yes', true, '', null, $allTypes, 1, 200, false, true, true],
 
 			// Test itemType
 			[[
 				'search' => '',
-			], '', 'yes', true, '', null, $allTypes, 1, 200, false, true],
+			], '', 'yes', true, '', null, $allTypes, 1, 200, false, true, true],
 			[[
 				'search' => 'foobar',
-			], '', 'yes', true, 'foobar', null, $allTypes, 1, 200, false, true],
+			], '', 'yes', true, 'foobar', null, $allTypes, 1, 200, false, true, true],
 			[[
 				'search' => 0,
-			], '', 'yes', true, '0', null, $allTypes, 1, 200, false, true],
+			], '', 'yes', true, '0', null, $allTypes, 1, 200, false, true, true],
 
 			// Test itemType
 			[[
 				'itemType' => '',
-			], '', 'yes', true, '', '', $allTypes, 1, 200, false, true],
+			], '', 'yes', true, '', '', $allTypes, 1, 200, false, true, true],
 			[[
 				'itemType' => 'folder',
-			], '', 'yes', true, '', 'folder', $allTypes, 1, 200, false, true],
+			], '', 'yes', true, '', 'folder', $allTypes, 1, 200, false, true, true],
 			[[
 				'itemType' => 0,
-			], '', 'yes', true, '', '0', $allTypes, 1, 200, false, true],
+			], '', 'yes', true, '', '0', $allTypes, 1, 200, false, true, true],
 
 			// Test shareType
 			[[
-			], '', 'yes', true, '', null, $allTypes, 1, 200, false, true],
+			], '', 'yes', true, '', null, $allTypes, 1, 200, false, true, true],
 			[[
 				'shareType' => 0,
-			], '', 'yes', true, '', null, [0], 1, 200, false, true],
+			], '', 'yes', true, '', null, [0], 1, 200, false, true, true],
 			[[
 				'shareType' => '0',
-			], '', 'yes', true, '', null, [0], 1, 200, false, true],
+			], '', 'yes', true, '', null, [0], 1, 200, false, true, true],
 			[[
 				'shareType' => 1,
-			], '', 'yes', true, '', null, [1], 1, 200, false, true],
+			], '', 'yes', true, '', null, [1], 1, 200, false, true, true],
 			[[
 				'shareType' => 12,
-			], '', 'yes', true, '', null, [], 1, 200, false, true],
+			], '', 'yes', true, '', null, [], 1, 200, false, true, true],
 			[[
 				'shareType' => 'foobar',
-			], '', 'yes', true, '', null, $allTypes, 1, 200, false, true],
+			], '', 'yes', true, '', null, $allTypes, 1, 200, false, true, true],
 			[[
 				'shareType' => [0, 1, 2],
-			], '', 'yes', true, '', null, [0, 1], 1, 200, false, true],
+			], '', 'yes', true, '', null, [0, 1], 1, 200, false, true, true],
 			[[
 				'shareType' => [0, 1],
-			], '', 'yes', true, '', null, [0, 1], 1, 200, false, true],
+			], '', 'yes', true, '', null, [0, 1], 1, 200, false, true, true],
 			[[
 				'shareType' => $allTypes,
-			], '', 'yes', true, '', null, $allTypes, 1, 200, false, true],
+			], '', 'yes', true, '', null, $allTypes, 1, 200, false, true, true],
 			[[
 				'shareType' => $allTypes,
-			], '', 'yes', false, '', null, [0, 1], 1, 200, false, true],
+			], '', 'yes', false, '', null, [0, 1], 1, 200, false, true, true],
+			[[
+				'shareType' => $allTypes,
+			], '', 'yes', true, '', null, [0, 6], 1, 200, false, true, false],
+			[[
+				'shareType' => $allTypes,
+			], '', 'yes', false, '', null, [0], 1, 200, false, true, false],
 
 			// Test pagination
 			[[
 				'page' => 1,
-			], '', 'yes', true, '', null, $allTypes, 1, 200, false, true],
+			], '', 'yes', true, '', null, $allTypes, 1, 200, false, true, true],
 			[[
 				'page' => 10,
-			], '', 'yes', true, '', null, $allTypes, 10, 200, false, true],
+			], '', 'yes', true, '', null, $allTypes, 10, 200, false, true, true],
 
 			// Test perPage
 			[[
 				'perPage' => 1,
-			], '', 'yes', true, '', null, $allTypes, 1, 1, false, true],
+			], '', 'yes', true, '', null, $allTypes, 1, 1, false, true, true],
 			[[
 				'perPage' => 10,
-			], '', 'yes', true, '', null, $allTypes, 1, 10, false, true],
+			], '', 'yes', true, '', null, $allTypes, 1, 10, false, true, true],
 
 			// Test $shareWithGroupOnly setting
-			[[], 'no', 'yes',  true, '', null, $allTypes, 1, 200, false, true],
-			[[], 'yes', 'yes', true, '', null, $allTypes, 1, 200, true, true],
+			[[], 'no', 'yes',  true, '', null, $allTypes, 1, 200, false, true, true],
+			[[], 'yes', 'yes', true, '', null, $allTypes, 1, 200, true, true, true],
 
 			// Test $shareeEnumeration setting
-			[[], 'no', 'yes',  true, '', null, $allTypes, 1, 200, false, true],
-			[[], 'no', 'no', true, '', null, $allTypes, 1, 200, false, false],
+			[[], 'no', 'yes',  true, '', null, $allTypes, 1, 200, false, true, true],
+			[[], 'no', 'no', true, '', null, $allTypes, 1, 200, false, false, true],
 
 			// Test keep case for search
 			[[
 				'search' => 'foo@example.com/ownCloud',
-			], '', 'yes', true, 'foo@example.com/ownCloud', null, $allTypes, 1, 200, false, true],
+			], '', 'yes', true, 'foo@example.com/ownCloud', null, $allTypes, 1, 200, false, true, true],
 		];
 	}
 
@@ -1066,8 +1080,9 @@ public function dataSearch() {
 	 * @param int $perPage
 	 * @param bool $shareWithGroupOnly
 	 * @param bool $shareeEnumeration
+	 * @param bool $allowGroupSharing
 	 */
-	public function testSearch($getData, $apiSetting, $enumSetting, $remoteSharingEnabled, $search, $itemType, $shareTypes, $page, $perPage, $shareWithGroupOnly, $shareeEnumeration) {
+	public function testSearch($getData, $apiSetting, $enumSetting, $remoteSharingEnabled, $search, $itemType, $shareTypes, $page, $perPage, $shareWithGroupOnly, $shareeEnumeration, $allowGroupSharing) {
 		$oldGet = $_GET;
 		$_GET = $getData;
 
@@ -1082,6 +1097,10 @@ public function testSearch($getData, $apiSetting, $enumSetting, $remoteSharingEn
 				['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', $enumSetting],
 			]);
 
+		$this->shareManager->expects($this->once())
+			->method('allowGroupSharing')
+			->willReturn($allowGroupSharing);
+
 		$sharees = $this->getMockBuilder('\OCA\Files_Sharing\API\Sharees')
 			->setConstructorArgs([
 				$this->groupManager,
@@ -1091,7 +1110,8 @@ public function testSearch($getData, $apiSetting, $enumSetting, $remoteSharingEn
 				$this->session,
 				$this->getMockBuilder('OCP\IURLGenerator')->disableOriginalConstructor()->getMock(),
 				$this->getMockBuilder('OCP\IRequest')->disableOriginalConstructor()->getMock(),
-				$this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock()
+				$this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock(),
+				$this->shareManager
 			])
 			->setMethods(array('searchSharees', 'isRemoteSharingAllowed'))
 			->getMock();
@@ -1175,7 +1195,8 @@ public function testSearchInvalid($getData, $message) {
 				$this->session,
 				$this->getMockBuilder('OCP\IURLGenerator')->disableOriginalConstructor()->getMock(),
 				$this->getMockBuilder('OCP\IRequest')->disableOriginalConstructor()->getMock(),
-				$this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock()
+				$this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock(),
+				$this->shareManager
 			])
 			->setMethods(array('searchSharees', 'isRemoteSharingAllowed'))
 			->getMock();
@@ -1327,7 +1348,8 @@ public function testSearchSharees($searchTerm, $itemType, array $shareTypes, $pa
 				$this->session,
 				$this->getMockBuilder('OCP\IURLGenerator')->disableOriginalConstructor()->getMock(),
 				$this->getMockBuilder('OCP\IRequest')->disableOriginalConstructor()->getMock(),
-				$this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock()
+				$this->getMockBuilder('OCP\ILogger')->disableOriginalConstructor()->getMock(),
+				$this->shareManager
 			])
 			->setMethods(array('getShareesForShareIds', 'getUsers', 'getGroups', 'getRemote'))
 			->getMock();

build/integration/features/bootstrap/ShareesContext.php

@@ -68,5 +68,6 @@ public function getArrayOfShareesResponded(ResponseInterface $response, $shareeT
 	protected function resetAppConfigs() {
 		$this->modifyServerConfig('core', 'shareapi_only_share_with_group_members', 'no');
 		$this->modifyServerConfig('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes');
+		$this->modifyServerConfig('core', 'shareapi_allow_group_sharing', 'yes');
 	}
 }

build/integration/sharees_features/sharees.feature

@@ -222,3 +222,19 @@ Feature: sharees
     Then "groups" sharees returned is empty
     Then "exact remotes" sharees returned is empty
     Then "remotes" sharees returned is empty
+
+  Scenario: Group sharees not returned when group sharing is disabled
+    Given As an "test"
+    And parameter "shareapi_allow_group_sharing" of app "core" is set to "no"
+    When getting sharees for
+      | search | sharee |
+      | itemType | file |
+    Then the OCS status code should be "100"
+    And the HTTP status code should be "200"
+    And "exact users" sharees returned is empty
+    And "users" sharees returned are
+      | Sharee1 | 0 | Sharee1 |
+    And "exact groups" sharees returned is empty
+    And "groups" sharees returned is empty
+    And "exact remotes" sharees returned is empty
+    And "remotes" sharees returned is empty

core/js/config.php

@@ -162,7 +162,8 @@
 				'sharingDisabledForUser' => \OCP\Util::isSharingDisabledForUser(),
 				'resharingAllowed' => \OCP\Share::isResharingAllowed(),
 				'remoteShareAllowed' => $outgoingServer2serverShareEnabled,
-				'federatedCloudShareDoc' => \OC::$server->getURLGenerator()->linkToDocs('user-sharing-federated')
+				'federatedCloudShareDoc' => \OC::$server->getURLGenerator()->linkToDocs('user-sharing-federated'),
+				'allowGroupSharing' => \OC::$server->getShareManager()->allowGroupSharing()
 				)
 			)
 	),

core/js/shareconfigmodel.js

@@ -26,7 +26,8 @@
 			isDefaultExpireDateEnabled: oc_appconfig.core.defaultExpireDateEnabled === true,
 			isRemoteShareAllowed: oc_appconfig.core.remoteShareAllowed,
 			defaultExpireDate: oc_appconfig.core.defaultExpireDate,
-			isResharingAllowed: oc_appconfig.core.resharingAllowed
+			isResharingAllowed: oc_appconfig.core.resharingAllowed,
+			allowGroupSharing: oc_appconfig.core.allowGroupSharing
 		},
 
 		/**