Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sharing personal drive should be forbidden #8494

Closed
amrita-shrestha opened this issue Feb 20, 2024 · 0 comments · Fixed by #8538
Closed

Sharing personal drive should be forbidden #8494

amrita-shrestha opened this issue Feb 20, 2024 · 0 comments · Fixed by #8538
Labels
Type:Bug

Comments

@amrita-shrestha
Copy link
Contributor

amrita-shrestha commented Feb 20, 2024
edited

Describe the bug

Share Personal drive with other user return 200 status code

Steps to reproduce

  • create user dummy and sammy
  • user sammy sends share invite on Personal drive to user dummy
    https://localhost:9200/graph/v1beta1/drives/{drive-item}/items/{item-id}/invite
    (item-id will be <oc:fileid> from api response of propfind on user sammy drive-id)
curl -X PROPFIND 'https://localhost:9200/remote.php/dav/spaces/356c601f-370c-4000-bae1-1c0ce5675bb7%2483a1d530-8938-4b04-add5-58a800325d4d' \

.......
    <d:response>
        <d:href>/remote.php/dav/spaces/356c601f-370c-4000-bae1-1c0ce5675bb7$83a1d530-8938-4b04-add5-58a800325d4d/</d:href>
        .......
                <oc:fileid>356c601f-370c-4000-bae1-1c0ce5675bb7$83a1d530-8938-4b04-add5-58a800325d4d!83a1d530-8938-4b04-add5-58a800325d4d</oc:fileid>

curl --location --request POST 'https://localhost:9200/graph/v1beta1/drives/356c601f-370c-4000-bae1-1c0ce5675bb7$83a1d530-8938-4b04-add5-58a800325d4d/items/356c601f-370c-4000-bae1-1c0ce5675bb7$83a1d530-8938-4b04-add5-58a800325d4d!83a1d530-8938-4b04-add5-58a800325d4d/invite' \
--data-raw '{
  "recipients": [
    {
      "@libre.graph.recipient.type": "user",
      "objectId": "1bac9409-47ca-4066-a562-941b0ff68032"
    }
  ],
  "roles": [
    "3a4ba8e9-6a0d-4235-9140-0e7a34007abe"
  ]
}'

-----------------------Response-------------------------------
{
    "value": [
        {
            "grantedToV2": {
                "user": {
                    "displayName": "dum",
                    "id": "1bac9409-47ca-4066-a562-941b0ff68032"
                }
            },
            "roles": [
                "3a4ba8e9-6a0d-4235-9140-0e7a34007abe"
            ]
        }
    ]
}
  • user dummy list sharewithme return empty object
  • user sammy list sharebyme return empty object

Problem with webUI

  • after a successful share invite user sammy personal drive is set as user dummy personal drive in webUI. If we forbid sharing personal space maybe we can avoid webUI bugs.
    Screencast from 02-20-2024 04:48:29 PM.webm

Expected behavior

Sharing of personal drive should be forbidden

Actual behavior

returns 200 status code

Setup

Please describe how you started the server and provide a list of relevant environment variables or configuration files.

OCIS_XXX=5.1.0-prealpha+ccc729936c
OCIS_YYY=latest
Web client version	8.0.0-rc.4

Additional context

Add any other context about the problem here.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Type:Bug
Projects
Infinite Scale Team Board
Status: Done
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[full-ci] Disallow to share the personal drive via graph 2403905/ocis
1 participant
@amrita-shrestha