Merge pull request #21960 from owncloud/share2_ocs_fix_passing_empty_…

…strings Share2 ocs fix passing empty strings
owncloud · Jan 28, 2016 · 295de6a · 295de6a
2 parents d425b4f + 6957917
commit 295de6a
Show file tree

Hide file tree

Showing 2 changed files with 744 additions and 32 deletions.
diff --git a/apps/files_sharing/api/share20ocs.php b/apps/files_sharing/api/share20ocs.php
@@ -270,12 +270,12 @@ public function createShare() {
 			if ($publicUpload === 'true') {
 				// Check if public upload is allowed
 				if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
-					return new \OC_OCS_Result(null, 403, '"public upload disabled by the administrator');
+					return new \OC_OCS_Result(null, 403, 'public upload disabled by the administrator');
 				}
 
 				// Public upload can only be set for folders
 				if ($path instanceof \OCP\Files\File) {
-					return new \OC_OCS_Result(null, 404, '"public upload is only possible for public shared folders');
+					return new \OC_OCS_Result(null, 404, 'public upload is only possible for public shared folders');
 				}
 
 				$share->setPermissions(
@@ -288,12 +288,16 @@ public function createShare() {
 			}
 
 			// Set password
-			$share->setPassword($this->request->getParam('password', null));
+			$password = $this->request->getParam('password', '');
+
+			if ($password !== '') {
+				$share->setPassword($password);
+			}
 
 			//Expire date
-			$expireDate = $this->request->getParam('expireDate', null);
+			$expireDate = $this->request->getParam('expireDate', '');
 
-			if ($expireDate !== null) {
+			if ($expireDate !== '') {
 				try {
 					$expireDate = $this->parseDate($expireDate);
 					$share->setExpirationDate($expireDate);
@@ -446,42 +450,82 @@ public function updateShare($id) {
 		}
 
 		if (!$this->canAccessShare($share)) {
-			return new \OC_OCS_Result(null, 404, "wrong share Id, share doesn't exist.");
+			return new \OC_OCS_Result(null, 404, 'wrong share Id, share doesn\'t exist.');
 		}
 
 		$permissions = $this->request->getParam('permissions', null);
 		$password = $this->request->getParam('password', null);
 		$publicUpload = $this->request->getParam('publicUpload', null);
 		$expireDate = $this->request->getParam('expireDate', null);
 
-		if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) {
-			return new \OC_OCS_Result(null, 400, 'Wrong or no update parameter given');
-		}
+		/*
+		 * expirationdate, password and publicUpload only make sense for link shares
+		 */
+		if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
+			if ($permissions === null && $password === null && $publicUpload === null && $expireDate === null) {
+				return new \OC_OCS_Result(null, 400, 'Wrong or no update parameter given');
+			}
 
-		if ($expireDate !== null) {
-			try {
-				$expireDate = $this->parseDate($expireDate);
-			} catch (\Exception $e) {
-				return new \OC_OCS_Result(null, 400, $e->getMessage());
+			$newPermissions = null;
+			if ($publicUpload === 'true') {
+				$newPermissions = \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE;
+			} else if ($publicUpload === 'false') {
+				$newPermissions = \OCP\Constants::PERMISSION_READ;
 			}
-			$share->setExpirationDate($expireDate);
-		}
 
-		if ($permissions !== null) {
-			$permissions = (int)$permissions;
-			$share->setPermissions($permissions);
-		}
+			if ($permissions !== null) {
+				$newPermissions = (int)$permissions;
+			}
 
-		if ($password !== null) {
-			$share->setPassword($password);
-		}
+			if ($newPermissions !== null &&
+				$newPermissions !== \OCP\Constants::PERMISSION_READ &&
+				$newPermissions !== (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) {
+				return new \OC_OCS_Result(null, 400, 'can\'t change permission for public link share');
+			}
+
+			if ($newPermissions === (\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE)) {
+				if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
+					return new \OC_OCS_Result(null, 403, 'public upload disabled by the administrator');
+				}
+
+				if (!($share->getPath() instanceof \OCP\Files\Folder)) {
+					return new \OC_OCS_Result(null, 400, "public upload is only possible for public shared folders");
+				}
+			}
+
+			if ($newPermissions !== null) {
+				$share->setPermissions($newPermissions);
+			}
 
-		if ($publicUpload === 'true') {
-			$share->setPermissions(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE);
-		} else if ($publicUpload === 'false') {
-			$share->setPermissions(\OCP\Constants::PERMISSION_READ);
+			if ($expireDate === '') {
+				$share->setExpirationDate(null);
+			} else if ($expireDate !== null) {
+				try {
+					$expireDate = $this->parseDate($expireDate);
+				} catch (\Exception $e) {
+					return new \OC_OCS_Result(null, 400, $e->getMessage());
+				}
+				$share->setExpirationDate($expireDate);
+			}
+
+			if ($password === '') {
+				$share->setPassword(null);
+			} else if ($password !== null) {
+				$share->setPassword($password);
+			}
+
+		} else {
+			// For other shares only permissions is valid.
+			if ($permissions === null) {
+				return new \OC_OCS_Result(null, 400, 'Wrong or no update parameter given');
+			} else {
+				$permissions = (int)$permissions;
+				$share->setPermissions($permissions);
+			}
 		}
 
+
+
 		try {
 			$share = $this->shareManager->updateShare($share);
 		} catch (\Exception $e) {
@@ -491,6 +535,14 @@ public function updateShare($id) {
 		return new \OC_OCS_Result($this->formatShare($share));
 	}
 
+	public function validatePermissions($permissions) {
+		if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) {
+			return false;
+		}
+
+
+	}
+
 	/**
 	 * @param \OCP\Share\IShare $share
 	 * @return bool