-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Restrict deletion of share_folder by user #35998
Conversation
Queries I have here is :
|
ec1cd19
to
1cbe690
Compare
Codecov Report
@@ Coverage Diff @@
## master #35998 +/- ##
=======================================
Coverage 53.85% 53.85%
=======================================
Files 63 63
Lines 7377 7377
Branches 1301 1301
=======================================
Hits 3973 3973
Misses 3019 3019
Partials 385 385
Continue to review full report at Codecov.
|
I don't like this solution. Neither the directory nor the dav app doesn't need to know that the folder will be used to hold the shares. For them, it's just another folder without any special restriction. If the files_sharing app is the one creating the folder, it should be the files_sharing app the one preventing the deletion. The app already has a storage wrapper available, so we can reuse that storage wrapper and prevent the folder deletion there.
|
Looking at the code, the share_folder storage points to home storage and not the ShareStorage. And hence deletion call made from the trashbin storage causes the code flow reach Local storage. Debugged the storages available during the rename from the home folder to the trashbin, unfortunately sharedstorage is not there. |
1cbe690
to
e7417aa
Compare
Looks like from the codeflow, the folder created using |
Is it possible to use a mount point instead of creating a folder? it might be worthy to have a look and check if it's possible or not. |
It looks like say if we use mount point for |
Looks like we've run out of ideas.... it seems we'll have to go with this solution. Do we need the changes in the dav app? I think the changes in the |
e7417aa
to
81e40b6
Compare
81e40b6
to
f0e2487
Compare
Yes you are right, we don't need the dav change. The View change should be enough. I have adjusted the PR for view only. Let me know if this change looks ok. |
f0e2487
to
ad83756
Compare
ad83756
to
08cfe4d
Compare
tests/lib/Files/ViewTest.php
Outdated
$view = new View('/' . $this->user . '/files'); | ||
$view->mkdir(\OC::$server->getConfig()->getSystemValue('share_folder', '/')); | ||
$this->assertFalse($view->rmdir($deleteFolder)); | ||
\OC::$server->getConfig()->deleteSystemValue('share_folder'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Any better alternative to this cleanup? There are a couple of things I don't like:
- This will change the configuration without restoring the previous value. It will delete whatever value there was before.
- If the test fails for whatever reason, a different value for the "share_folder" will be kept. This might cause problems in other "not-so-unit" tests.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have updated the PR by using overwriteService
in the test method. And using restoreService
in the tearDown
. The reason for using overwriteService
in the method and not in the setUp
is: there are methods which have call to config and that were causing issues. So I think its better to have it only for one method where we need it.
Restrict deletion of share_folder by user Signed-off-by: Sujith H <sharidasan@owncloud.com>
08cfe4d
to
14d830c
Compare
@sharidas I added |
When I delete What is the requirement here? (the behaviour above seems not so bad - you do not lose any data and can easily accept yyour shares again if you accidentallly delete them) Before I receive any shares, there is no |
Now I discovered that you have to put the leading @sharidas that is not mentioned in the original post describing the manual testing? |
Restrict deletion of share_folder by user
Signed-off-by: Sujith H sharidasan@owncloud.com
Description
The idea behind this PR is to restrict user to delete the folder
share_folder
set in the config.php. In this change, I have tried to restrict the deletion from the View and from the dav app (i.e, access via webdav ).Related Issue
Motivation and Context
Restrict user to delete folder
share_folder
set in the config.php.How Has This Been Tested?
SharedFolder
to the config asshare_folder => 'SharedFolder'
SharedFolder
and then called thermdir
method of View. Received the return as false.Screenshots (if appropriate):
Types of changes
Checklist:
Open tasks: