Skip to content

Commit

Permalink
Merge pull request #1301 from nextcloud/fix-required-permissions-for-…
Browse files Browse the repository at this point in the history 
…webdav-move-and-copy

Fix required permissions for webdav move and copy
  • Loading branch information
@MorrisJobke
MorrisJobke authored Sep 7, 2016
2 parents b3d3a95 + b94a4df commit c36ceb6
Show file tree
Hide file tree
Showing 2 changed files with 46 additions and 20 deletions.
22 changes: 18 additions & 4 deletions apps/dav/lib/Connector/Sabre/ObjectTree.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -204,9 +204,18 @@ public function move($sourcePath, $destinationPath) {
}

$infoDestination = $this->fileView->getFileInfo(dirname($destinationPath));
$infoSource = $this->fileView->getFileInfo($sourcePath);
$destinationPermission = $infoDestination && $infoDestination->isUpdateable();
$sourcePermission = $infoSource && $infoSource->isDeletable();
if (dirname($destinationPath) === dirname($sourcePath)) {
$sourcePermission = $infoDestination && $infoDestination->isUpdateable();
$destinationPermission = $sourcePermission;
} else {
$infoSource = $this->fileView->getFileInfo($sourcePath);
if ($this->fileView->file_exists($destinationPath)) {
$destinationPermission = $infoDestination && $infoDestination->isUpdateable();
} else {
$destinationPermission = $infoDestination && $infoDestination->isCreatable();
}
$sourcePermission = $infoSource && $infoSource->isDeletable();
}

if (!$destinationPermission || !$sourcePermission) {
throw new Forbidden('No permissions to move object.');
Expand Down Expand Up @@ -298,7 +307,12 @@ public function copy($source, $destination) {


$info = $this->fileView->getFileInfo(dirname($destination));
if ($info && !$info->isUpdateable()) {
if ($this->fileView->file_exists($destination)) {
$destinationPermission = $info && $info->isUpdateable();
} else {
$destinationPermission = $info && $info->isCreatable();
}
if (!$destinationPermission) {
throw new Forbidden('No permissions to copy object.');
}

Expand Down
44 changes: 28 additions & 16 deletions apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,23 +34,24 @@

class TestDoubleFileView extends \OC\Files\View {

public function __construct($updatables, $deletables, $canRename = true) {
public function __construct($creatables, $updatables, $deletables, $canRename = true) {
$this->creatables = $creatables;
$this->updatables = $updatables;
$this->deletables = $deletables;
$this->canRename = $canRename;
$this->lockingProvider = \OC::$server->getLockingProvider();
}

public function isUpdatable($path) {
return $this->updatables[$path];
return !empty($this->updatables[$path]);
}

public function isCreatable($path) {
return $this->updatables[$path];
return !empty($this->creatables[$path]);
}

public function isDeletable($path) {
return $this->deletables[$path];
return !empty($this->deletables[$path]);
}

public function rename($path1, $path2) {
Expand All @@ -63,7 +64,11 @@ public function getRelativePath($path) {

public function getFileInfo($path, $includeMountPoints = true) {
$objectTreeTest = new ObjectTreeTest();
return $objectTreeTest->getFileInfoMock();
return $objectTreeTest->getFileInfoMock(
$this->isCreatable($path),
$this->isUpdatable($path),
$this->isDeletable($path)
);
}
}

Expand All @@ -76,18 +81,22 @@ public function getFileInfo($path, $includeMountPoints = true) {
*/
class ObjectTreeTest extends \Test\TestCase {

public function getFileInfoMock() {
public function getFileInfoMock($create = true, $update = true, $delete = true) {
$mock = $this->getMockBuilder('\OCP\Files\FileInfo')
->disableOriginalConstructor()
->getMock();
$mock
->expects($this->any())
->method('isDeletable')
->willReturn(true);
->method('isCreatable')
->willReturn($create);
$mock
->expects($this->any())
->method('isUpdateable')
->willReturn(true);
->willReturn($update);
$mock
->expects($this->any())
->method('isDeletable')
->willReturn($delete);

return $mock;
}
Expand All @@ -97,14 +106,14 @@ public function getFileInfoMock() {
* @expectedException \Sabre\DAV\Exception\Forbidden
*/
public function testMoveFailed($source, $destination, $updatables, $deletables) {
$this->moveTest($source, $destination, $updatables, $deletables);
$this->moveTest($source, $destination, $updatables, $updatables, $deletables, true);
}

/**
* @dataProvider moveSuccessProvider
*/
public function testMoveSuccess($source, $destination, $updatables, $deletables) {
$this->moveTest($source, $destination, $updatables, $deletables);
$this->moveTest($source, $destination, $updatables, $updatables, $deletables);
$this->assertTrue(true);
}

Expand All @@ -113,7 +122,7 @@ public function testMoveSuccess($source, $destination, $updatables, $deletables)
* @expectedException \OCA\DAV\Connector\Sabre\Exception\InvalidPath
*/
public function testMoveFailedInvalidChars($source, $destination, $updatables, $deletables) {
$this->moveTest($source, $destination, $updatables, $deletables);
$this->moveTest($source, $destination, $updatables, $updatables, $deletables);
}

function moveFailedInvalidCharsProvider() {
Expand Down Expand Up @@ -144,10 +153,13 @@ function moveSuccessProvider() {
/**
* @param $source
* @param $destination
* @param $creatables
* @param $updatables
* @param $deletables
* @param $throwsBeforeGetNode
*/
private function moveTest($source, $destination, $updatables, $deletables) {
$view = new TestDoubleFileView($updatables, $deletables);
private function moveTest($source, $destination, $creatables, $updatables, $deletables, $throwsBeforeGetNode = false) {
$view = new TestDoubleFileView($creatables, $updatables, $deletables);

$info = new FileInfo('', null, null, array(), null);

Expand All @@ -157,7 +169,7 @@ private function moveTest($source, $destination, $updatables, $deletables) {
->setConstructorArgs([$rootDir, $view])
->getMock();

$objectTree->expects($this->once())
$objectTree->expects($throwsBeforeGetNode ? $this->never() : $this->once())
->method('getNodeForPath')
->with($this->identicalTo($source))
->will($this->returnValue(false));
Expand Down Expand Up @@ -360,7 +372,7 @@ public function testFailingMove() {
$updatables = array('a' => true, 'a/b' => true, 'b' => true, 'b/b' => false);
$deletables = array('a/b' => true);

$view = new TestDoubleFileView($updatables, $deletables);
$view = new TestDoubleFileView($updatables, $updatables, $deletables);

$info = new FileInfo('', null, null, array(), null);

Expand Down

0 comments on commit c36ceb6

Please sign in to comment.