Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[For 10.4] user is only allowed to see their own home trashbin #36488

Merged
merged 1 commit into from
Dec 6, 2019
Merged

[For 10.4] user is only allowed to see their own home trashbin #36488

merged 1 commit into from
Dec 6, 2019

Conversation

karakayasemi
Copy link
Contributor

@karakayasemi karakayasemi commented Nov 28, 2019
edited
Loading

Description

User is only allowed to see their own home trashbin.

Related Issue

Motivation and Context

Trashbin API had allowed users to see the trashbin content of other users. This bug has been resolved.

How Has This Been Tested?

Followed #36378's reproduce steps. Also, acceptance tests already cover this issue.

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Database schema changes (next release will require increase of minor version instead of patch)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

Checklist:

  • Code changes
  • Unit tests added
  • Acceptance tests added
  • Documentation ticket raised:
  • Changelog item, see TEMPLATE

@karakayasemi karakayasemi added this to the development milestone Nov 28, 2019
@karakayasemi karakayasemi self-assigned this Nov 28, 2019
@codecov
Copy link

codecov bot commented Nov 28, 2019
edited
Loading

Codecov Report

Merging #36488 into master will increase coverage by <.01%.
The diff coverage is 71.42%.

Impacted file tree graph

@@             Coverage Diff              @@
##             master   #36488      +/-   ##
============================================
+ Coverage     64.68%   64.68%   +<.01%     
- Complexity    19023    19026       +3     
============================================
  Files          1268     1268              
  Lines         74362    74371       +9     
  Branches       1309     1309              
============================================
+ Hits          48100    48106       +6     
- Misses        25876    25879       +3     
  Partials        386      386
Flag Coverage Δ Complexity Δ
#javascript 54% <ø> (ø) 0 <ø> (ø) ⬇️
#phpunit 65.86% <71.42%> (ø) 19026 <2> (+3) ⬆️
Impacted Files Coverage Δ Complexity Δ
apps/dav/lib/RootCollection.php 91.89% <0%> (-3.89%) 3 <0> (ø)
apps/dav/lib/TrashBin/TrashBinHome.php 100% <100%> (ø) 7 <1> (ø) ⬇️
apps/dav/lib/TrashBin/RootCollection.php 100% <100%> (ø) 5 <1> (+3) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update a5cedc1...1bffb58. Read the comment docs.

@karakayasemi karakayasemi force-pushed the acl-trashbin-api branch 5 times, most recently from 8f37218 to b2c08a9 Compare November 29, 2019 18:05
phil-davis
phil-davis reviewed Nov 30, 2019
View reviewed changes
Copy link
Contributor

@phil-davis phil-davis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good from QA acceptance test point of view

@phil-davis phil-davis changed the title user is only allowed to see their own home trashbin [for 10.4] user is only allowed to see their own home trashbin Nov 30, 2019
@phil-davis phil-davis changed the title [for 10.4] user is only allowed to see their own home trashbin [For 10.4] user is only allowed to see their own home trashbin Nov 30, 2019
@phil-davis
Copy link
Contributor

@micbar this needs a developer technical review of the code, then IMO it can be merged for 10.4 release.

DeepDiver1975
DeepDiver1975 requested changes Dec 2, 2019
View reviewed changes
apps/dav/lib/TrashBin/RootCollection.php
list(, $name) = \Sabre\Uri\split($principalInfo['uri']);
$sessionUser = \OC::$server->getUserSession()->getUser();
if ($sessionUser === null || $name !== $sessionUser->getUID()) {
throw new NotAuthenticated();
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shall we log something here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I looked at similar classes, generally, we do not log anything in RootCollections, I could not find specific things to log. If you have any suggestions, I can add it.

@skshetry skshetry requested a review from dpakach December 2, 2019 10:35
@phil-davis
Copy link
Contributor

@DeepDiver1975 or somebody - review again, and we can merge?

@DeepDiver1975 DeepDiver1975 merged commit f9b7c4a into master Dec 6, 2019
@delete-merged-branch delete-merged-branch bot deleted the acl-trashbin-api branch December 6, 2019 07:47
@phil-davis phil-davis mentioned this pull request Dec 9, 2019
Merged
11 tasks
@davitol davitol mentioned this pull request Jan 9, 2020
Closed
39 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@phil-davis phil-davis phil-davis left review comments

@DeepDiver1975 DeepDiver1975 DeepDiver1975 approved these changes

@jvillafanez jvillafanez Awaiting requested review from jvillafanez

@VicDeo VicDeo Awaiting requested review from VicDeo

@dpakach dpakach Awaiting requested review from dpakach

Assignees

@karakayasemi karakayasemi

Labels
3 - To Review
Projects
None yet
Milestone
development
Development

Successfully merging this pull request may close these issues.

Trashbin api allows users to see trashbin content of other users.
3 participants
@karakayasemi @phil-davis @DeepDiver1975