Skip to content

Commit a918428

Browse files
MorrisJobkeMorrisJobke
authored
Merge pull request #1320 from nextcloud/backport-1301-fix-required-permissions-for-webdav-move-and-copy
[stable10] Fix required permissions for webdav move and copy
2 parents 8c4e5a9 + 2e40773 commit a918428

2 files changed

Lines changed: 46 additions & 20 deletions

File tree

apps/dav/lib/Connector/Sabre/ObjectTree.php

Lines changed: 18 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -204,9 +204,18 @@ public function move($sourcePath, $destinationPath) {
204204
}
205205

206206
$infoDestination = $this->fileView->getFileInfo(dirname($destinationPath));
207-
$infoSource = $this->fileView->getFileInfo($sourcePath);
208-
$destinationPermission = $infoDestination && $infoDestination->isUpdateable();
209-
$sourcePermission = $infoSource && $infoSource->isDeletable();
207+
if (dirname($destinationPath) === dirname($sourcePath)) {
208+
$sourcePermission = $infoDestination && $infoDestination->isUpdateable();
209+
$destinationPermission = $sourcePermission;
210+
} else {
211+
$infoSource = $this->fileView->getFileInfo($sourcePath);
212+
if ($this->fileView->file_exists($destinationPath)) {
213+
$destinationPermission = $infoDestination && $infoDestination->isUpdateable();
214+
} else {
215+
$destinationPermission = $infoDestination && $infoDestination->isCreatable();
216+
}
217+
$sourcePermission = $infoSource && $infoSource->isDeletable();
218+
}
210219

211220
if (!$destinationPermission || !$sourcePermission) {
212221
throw new Forbidden('No permissions to move object.');
@@ -298,7 +307,12 @@ public function copy($source, $destination) {
298307

299308

300309
$info = $this->fileView->getFileInfo(dirname($destination));
301-
if ($info && !$info->isUpdateable()) {
310+
if ($this->fileView->file_exists($destination)) {
311+
$destinationPermission = $info && $info->isUpdateable();
312+
} else {
313+
$destinationPermission = $info && $info->isCreatable();
314+
}
315+
if (!$destinationPermission) {
302316
throw new Forbidden('No permissions to copy object.');
303317
}
304318

apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php

Lines changed: 28 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -34,23 +34,24 @@
3434

3535
class TestDoubleFileView extends \OC\Files\View {
3636

37-
public function __construct($updatables, $deletables, $canRename = true) {
37+
public function __construct($creatables, $updatables, $deletables, $canRename = true) {
38+
$this->creatables = $creatables;
3839
$this->updatables = $updatables;
3940
$this->deletables = $deletables;
4041
$this->canRename = $canRename;
4142
$this->lockingProvider = \OC::$server->getLockingProvider();
4243
}
4344

4445
public function isUpdatable($path) {
45-
return $this->updatables[$path];
46+
return !empty($this->updatables[$path]);
4647
}
4748

4849
public function isCreatable($path) {
49-
return $this->updatables[$path];
50+
return !empty($this->creatables[$path]);
5051
}
5152

5253
public function isDeletable($path) {
53-
return $this->deletables[$path];
54+
return !empty($this->deletables[$path]);
5455
}
5556

5657
public function rename($path1, $path2) {
@@ -63,7 +64,11 @@ public function getRelativePath($path) {
6364

6465
public function getFileInfo($path, $includeMountPoints = true) {
6566
$objectTreeTest = new ObjectTreeTest();
66-
return $objectTreeTest->getFileInfoMock();
67+
return $objectTreeTest->getFileInfoMock(
68+
$this->isCreatable($path),
69+
$this->isUpdatable($path),
70+
$this->isDeletable($path)
71+
);
6772
}
6873
}
6974

@@ -76,18 +81,22 @@ public function getFileInfo($path, $includeMountPoints = true) {
7681
*/
7782
class ObjectTreeTest extends \Test\TestCase {
7883

79-
public function getFileInfoMock() {
84+
public function getFileInfoMock($create = true, $update = true, $delete = true) {
8085
$mock = $this->getMockBuilder('\OCP\Files\FileInfo')
8186
->disableOriginalConstructor()
8287
->getMock();
8388
$mock
8489
->expects($this->any())
85-
->method('isDeletable')
86-
->willReturn(true);
90+
->method('isCreatable')
91+
->willReturn($create);
8792
$mock
8893
->expects($this->any())
8994
->method('isUpdateable')
90-
->willReturn(true);
95+
->willReturn($update);
96+
$mock
97+
->expects($this->any())
98+
->method('isDeletable')
99+
->willReturn($delete);
91100

92101
return $mock;
93102
}
@@ -97,14 +106,14 @@ public function getFileInfoMock() {
97106
* @expectedException \Sabre\DAV\Exception\Forbidden
98107
*/
99108
public function testMoveFailed($source, $destination, $updatables, $deletables) {
100-
$this->moveTest($source, $destination, $updatables, $deletables);
109+
$this->moveTest($source, $destination, $updatables, $updatables, $deletables, true);
101110
}
102111

103112
/**
104113
* @dataProvider moveSuccessProvider
105114
*/
106115
public function testMoveSuccess($source, $destination, $updatables, $deletables) {
107-
$this->moveTest($source, $destination, $updatables, $deletables);
116+
$this->moveTest($source, $destination, $updatables, $updatables, $deletables);
108117
$this->assertTrue(true);
109118
}
110119

@@ -113,7 +122,7 @@ public function testMoveSuccess($source, $destination, $updatables, $deletables)
113122
* @expectedException \OCA\DAV\Connector\Sabre\Exception\InvalidPath
114123
*/
115124
public function testMoveFailedInvalidChars($source, $destination, $updatables, $deletables) {
116-
$this->moveTest($source, $destination, $updatables, $deletables);
125+
$this->moveTest($source, $destination, $updatables, $updatables, $deletables);
117126
}
118127

119128
function moveFailedInvalidCharsProvider() {
@@ -144,10 +153,13 @@ function moveSuccessProvider() {
144153
/**
145154
* @param $source
146155
* @param $destination
156+
* @param $creatables
147157
* @param $updatables
158+
* @param $deletables
159+
* @param $throwsBeforeGetNode
148160
*/
149-
private function moveTest($source, $destination, $updatables, $deletables) {
150-
$view = new TestDoubleFileView($updatables, $deletables);
161+
private function moveTest($source, $destination, $creatables, $updatables, $deletables, $throwsBeforeGetNode = false) {
162+
$view = new TestDoubleFileView($creatables, $updatables, $deletables);
151163

152164
$info = new FileInfo('', null, null, array(), null);
153165

@@ -157,7 +169,7 @@ private function moveTest($source, $destination, $updatables, $deletables) {
157169
->setConstructorArgs([$rootDir, $view])
158170
->getMock();
159171

160-
$objectTree->expects($this->once())
172+
$objectTree->expects($throwsBeforeGetNode ? $this->never() : $this->once())
161173
->method('getNodeForPath')
162174
->with($this->identicalTo($source))
163175
->will($this->returnValue(false));
@@ -360,7 +372,7 @@ public function testFailingMove() {
360372
$updatables = array('a' => true, 'a/b' => true, 'b' => true, 'b/b' => false);
361373
$deletables = array('a/b' => true);
362374

363-
$view = new TestDoubleFileView($updatables, $deletables);
375+
$view = new TestDoubleFileView($updatables, $updatables, $deletables);
364376

365377
$info = new FileInfo('', null, null, array(), null);
366378

0 commit comments

Comments
 (0)