From b773a568da47711b166f2c6dd9fcba0fab479db7 Mon Sep 17 00:00:00 2001 From: Louis Chemineau Date: Wed, 29 Jan 2025 17:29:30 +0100 Subject: [PATCH] fix: Exclude non accepted shares when computing access list Signed-off-by: Louis Chemineau [skip ci] --- 3rdparty | 2 +- lib/private/Share20/DefaultShareProvider.php | 13 +++++++++++++ tests/lib/Share20/DefaultShareProviderTest.php | 9 +++++++++ 3 files changed, 23 insertions(+), 1 deletion(-) diff --git a/3rdparty b/3rdparty index 608c54eded0a6..143debd21039a 160000 --- a/3rdparty +++ b/3rdparty @@ -1 +1 @@ -Subproject commit 608c54eded0a682b1363eb5c4a26e97e3470c3e5 +Subproject commit 143debd21039aaad43e137cb08a3d88eb140a20a diff --git a/lib/private/Share20/DefaultShareProvider.php b/lib/private/Share20/DefaultShareProvider.php index 955eb187c4661..6e71895ffc334 100644 --- a/lib/private/Share20/DefaultShareProvider.php +++ b/lib/private/Share20/DefaultShareProvider.php @@ -1338,6 +1338,19 @@ public function getAccessList($nodes, $currentAccess) { $qb->expr()->eq('item_type', $qb->createNamedParameter('file')), $qb->expr()->eq('item_type', $qb->createNamedParameter('folder')) )); + + // Ensure accepted is true for user and usergroup type + $qb->andWhere( + $qb->expr()->orX( + $qb->expr()->andX( + $qb->expr()->neq('share_type', $qb->createNamedParameter(IShare::TYPE_USER)), + $qb->expr()->neq('share_type', $qb->createNamedParameter(IShare::TYPE_USERGROUP)), + ), + $qb->expr()->eq('accepted', $qb->createNamedParameter(IShare::STATUS_ACCEPTED, IQueryBuilder::PARAM_INT)), + ), + ); + + $cursor = $qb->execute(); $users = []; diff --git a/tests/lib/Share20/DefaultShareProviderTest.php b/tests/lib/Share20/DefaultShareProviderTest.php index e89157d29b23d..309348bb59846 100644 --- a/tests/lib/Share20/DefaultShareProviderTest.php +++ b/tests/lib/Share20/DefaultShareProviderTest.php @@ -2701,6 +2701,7 @@ public function testGetAccessListNoCurrentAccessRequired() { ->setShareType(IShare::TYPE_USER) ->setPermissions(\OCP\Constants::PERMISSION_ALL); $share1 = $this->provider->create($share1); + $share1 = $provider->acceptShare($share1, $u2->getUid()); $share2 = $shareManager->newShare(); $share2->setNode($folder2) @@ -2713,6 +2714,9 @@ public function testGetAccessListNoCurrentAccessRequired() { $shareManager->deleteFromSelf($share2, $u4->getUID()); + $share2 = $provider->acceptShare($share2, $u3->getUid()); + $share2 = $provider->acceptShare($share2, $u4->getUid()); + $share3 = $shareManager->newShare(); $share3->setNode($file1) ->setSharedBy($u3->getUID()) @@ -2729,6 +2733,7 @@ public function testGetAccessListNoCurrentAccessRequired() { ->setShareType(IShare::TYPE_USER) ->setPermissions(\OCP\Constants::PERMISSION_READ); $share4 = $this->provider->create($share4); + $share4 = $provider->acceptShare($share4, $u5->getUid()); $result = $provider->getAccessList([$folder1, $folder2, $file1], false); @@ -2799,6 +2804,7 @@ public function testGetAccessListCurrentAccessRequired() { ->setShareType(IShare::TYPE_USER) ->setPermissions(\OCP\Constants::PERMISSION_ALL); $share1 = $this->provider->create($share1); + $share1 = $provider->acceptShare($share1, $u2->getUid()); $share2 = $shareManager->newShare(); $share2->setNode($folder2) @@ -2808,6 +2814,8 @@ public function testGetAccessListCurrentAccessRequired() { ->setShareType(IShare::TYPE_GROUP) ->setPermissions(\OCP\Constants::PERMISSION_ALL); $share2 = $this->provider->create($share2); + $share2 = $provider->acceptShare($share2, $u3->getUid()); + $share2 = $provider->acceptShare($share2, $u4->getUid()); $shareManager->deleteFromSelf($share2, $u4->getUID()); @@ -2827,6 +2835,7 @@ public function testGetAccessListCurrentAccessRequired() { ->setShareType(IShare::TYPE_USER) ->setPermissions(\OCP\Constants::PERMISSION_READ); $share4 = $this->provider->create($share4); + $share4 = $provider->acceptShare($share4, $u5->getUid()); $result = $provider->getAccessList([$folder1, $folder2, $file1], true);