-
Notifications
You must be signed in to change notification settings - Fork 2.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
only share owner and sharer update or delete share #36120
Conversation
https://drone.owncloud.com/owncloud/core/20452/43/12
That existing scenario is strange. It expected that the receiving user of a group share could delete the share, and then it tests various stuff about the etags... Edit: I pushed a commit to fixup this test scenario so that it does what seems to have been intended. (It previously worked somewhat by luck, because of the bug that is fixed in this PR) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Just a minor optional change
*/ | ||
protected function canChangeShare(IShare $share) { | ||
// Only owner or the sharer of the file can update or delete share | ||
if ($share->getShareOwner() === $this->userSession->getUser()->getUID() || |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$sessionUserId = $this->userSession->getUser()->getUID();
return ($share->getShareOwner() === $sessionUserId || $share->getSharedBy() === $sessionUserId)
Not sure if this is more readable.... up to you to decide what to do.
Codecov Report
@@ Coverage Diff @@
## master #36120 +/- ##
=======================================
Coverage 54% 54%
=======================================
Files 63 63
Lines 7403 7403
Branches 1308 1308
=======================================
Hits 3998 3998
Misses 3019 3019
Partials 386 386
Continue to review full report at Codecov.
|
Codecov Report
@@ Coverage Diff @@
## master #36120 +/- ##
=======================================
Coverage 54% 54%
=======================================
Files 63 63
Lines 7403 7403
Branches 1308 1308
=======================================
Hits 3998 3998
Misses 3019 3019
Partials 386 386
Continue to review full report at Codecov.
|
I pushed a commit to fixup the |
1f00e9c
to
e4fb548
Compare
I also added and extra acceptance test scenario for the case when an individual user receives a share of a file or folder, to check that the individual receiving user cannot delete the share. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good when CI passes.
"random" yarn install error in a drone job https://drone.owncloud.com/owncloud/core/20463/29/7 |
more stupid drone https://drone.owncloud.com/owncloud/core/20466/6/3
I restarted again. |
e4fb548
to
961b24a
Compare
Rebased, let's see if drone stops being stupid. |
Description
Access permission, should not enough to update or delete a share. Only share-owner and sharer can update or delete the share.
Related Issue
Motivation and Context
Fighting with bugs.
How Has This Been Tested?
Manually with the described scenario.
Types of changes
Checklist: