Check that the owner of a link share still has share permissions on access

[icewind1991]

Part of #19157 (comment)

Easiest way to check atm is to manually edit the permissions in the database for a publicly shared file

cc @PVince81 @DeepDiver1975

[mention-bot]

By analyzing the blame information on this pull request, we identified @LukasReschke, @DeepDiver1975 and @owncloud-bot to be potential reviewers

[PVince81]

That's only half the fix, we should also prevent the web UI page to show

[PVince81]

AFAIK it already has a check when link sharing is completely disabled. Maybe just add an additional condition there ?

[icewind1991]

That's only half the fix

Yes, I'm aware

Maybe just add an additional condition there ?

That place doesn't have an easy way to access the fileinfo/permissions

[PVince81]

Never mind, I tested the wrong thing... This is only public dav

[PVince81]

I can say that it works, because the web UI is using public webdav and am now getting an error 👍

The next step will be to make the share link page show a 404.

[PVince81]

Instead of a new plugin, how about adding the check in PublicAuth ? Or put it in the code that resolves the share ? (which would cover both Webdav and web UI)

[icewind1991]

The problem is that we need access to the fileinfo which we dont have in the publicauth or share code

[PVince81]

How about just adding this if block directly inline then here https://github.com/owncloud/core/pull/20928/files#diff-c176f230a2fba97e6f6e1af689b09e6aR73 ?

[icewind1991]

Can't do that since this check only needs to be done for public stuff

[PVince81]

Tested with #20903

• BUG: Opening a public link folder shows the folder, but with an error message. It would be better to deny the whole link as if it did not exist (404)
• BUG: Public link with file share (picture) still displays the picture in the page

[PVince81]

@icewind1991 any update ? Can this be done before the freeze ?

Are you having difficulties making this work ?

[icewind1991]

@PVince81 all fixed

@DeepDiver1975 @MorrisJobke @rullzer please review

[PVince81]

Tested, works now 👍
Thanks!

[schiessle]

Code looks good... what about unit tests?

[schiessle]

existing tests seems to fail as well:

OCA\Files_Sharing\Controllers\ShareControllerTest::testShowShare
OCP\Files\NotFoundException: 

/ssd/jenkins/workspace/core-ci-linux/database/sqlite/label/SLAVE/apps/files_sharing/lib/controllers/sharecontroller.php:228
/ssd/jenkins/workspace/core-ci-linux/database/sqlite/label/SLAVE/apps/files_sharing/tests/controller/sharecontroller.php:320

[rullzer]

Fixed the unit test.. the node needed more to be mocked... Sometimes I think I should mock less...

[icewind1991]

Added test

[schiessle]

looks good now... 👍 if all tests passed