Skip to content

add some additonal permission checks to the webdav backend#255

Merged
schiessle merged 6 commits intomasterfrom
dav-permission-check
Jun 30, 2016
Merged

add some additonal permission checks to the webdav backend#255
schiessle merged 6 commits intomasterfrom
dav-permission-check

Conversation

@schiessle
Copy link
Member

@schiessle schiessle commented Jun 30, 2016

@LukasReschke another one for you 😉

@schiessle schiessle added this to the Nextcloud Next milestone Jun 30, 2016
@schiessle schiessle force-pushed the dav-permission-check branch from 3182f86 to 93c8458 Compare June 30, 2016 09:17
@LukasReschke
Copy link
Member

LukasReschke commented Jun 30, 2016

Thanks, @schiessle. I'll see if I can write an integration test for this.

@MorrisJobke
Copy link
Member

MorrisJobke commented Jun 30, 2016
edited
Loading

Thanks, @schiessle. I'll see if I can write an integration test for this.

... or even better: let @schiessle try to add this ;)

@LukasReschke
Copy link
Member

LukasReschke commented Jun 30, 2016

... or even better: let @schiessle try to add this ;)

Ah. I guess he'll be busy fixing the theming PR 🙈

@LukasReschke
Copy link
Member

LukasReschke commented Jun 30, 2016

Integration tests passed. They should pass, but there are some broken unit tests, @schiessle mind taking a look at those?


There were 10 errors:

1) OCA\DAV\Tests\unit\Connector\Sabre\ObjectTreeTest::testMoveFailed with data set #0 ('a/b', 'a/c', array(false, false, false), array())
Argument 3 passed to OC\Files\Storage\Common::acquireLock() must implement interface OCP\Lock\ILockingProvider, null given, called in /drone/src/github.com/nextcloud/server/lib/private/Files/View.php on line 1909 and defined

/drone/src/github.com/nextcloud/server/lib/private/Files/Storage/Common.php:667
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1909
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:2011
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1289
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1336
/drone/src/github.com/nextcloud/server/apps/dav/lib/Connector/Sabre/ObjectTree.php:199
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:142
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:75

2) OCA\DAV\Tests\unit\Connector\Sabre\ObjectTreeTest::testMoveFailed with data set #1 ('a/b', 'b/b', array(false, false, false, false), array())
Argument 3 passed to OC\Files\Storage\Common::acquireLock() must implement interface OCP\Lock\ILockingProvider, null given, called in /drone/src/github.com/nextcloud/server/lib/private/Files/View.php on line 1909 and defined

/drone/src/github.com/nextcloud/server/lib/private/Files/Storage/Common.php:667
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1909
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:2011
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1289
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1336
/drone/src/github.com/nextcloud/server/apps/dav/lib/Connector/Sabre/ObjectTree.php:199
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:142
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:75

3) OCA\DAV\Tests\unit\Connector\Sabre\ObjectTreeTest::testMoveFailed with data set #2 ('a/b', 'b/b', array(false, true, false, false), array())
Argument 3 passed to OC\Files\Storage\Common::acquireLock() must implement interface OCP\Lock\ILockingProvider, null given, called in /drone/src/github.com/nextcloud/server/lib/private/Files/View.php on line 1909 and defined

/drone/src/github.com/nextcloud/server/lib/private/Files/Storage/Common.php:667
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1909
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:2011
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1289
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1336
/drone/src/github.com/nextcloud/server/apps/dav/lib/Connector/Sabre/ObjectTree.php:199
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:142
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:75

4) OCA\DAV\Tests\unit\Connector\Sabre\ObjectTreeTest::testMoveFailed with data set #3 ('a/b', 'b/b', array(true, true, false, false), array())
Argument 3 passed to OC\Files\Storage\Common::acquireLock() must implement interface OCP\Lock\ILockingProvider, null given, called in /drone/src/github.com/nextcloud/server/lib/private/Files/View.php on line 1909 and defined

/drone/src/github.com/nextcloud/server/lib/private/Files/Storage/Common.php:667
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1909
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:2011
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1289
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1336
/drone/src/github.com/nextcloud/server/apps/dav/lib/Connector/Sabre/ObjectTree.php:199
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:142
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:75

5) OCA\DAV\Tests\unit\Connector\Sabre\ObjectTreeTest::testMoveFailed with data set #4 ('a/b', 'b/b', array(true, true, true, false), array(false))
Argument 3 passed to OC\Files\Storage\Common::acquireLock() must implement interface OCP\Lock\ILockingProvider, null given, called in /drone/src/github.com/nextcloud/server/lib/private/Files/View.php on line 1909 and defined

/drone/src/github.com/nextcloud/server/lib/private/Files/Storage/Common.php:667
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1909
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:2011
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1289
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1336
/drone/src/github.com/nextcloud/server/apps/dav/lib/Connector/Sabre/ObjectTree.php:199
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:142
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:75

6) OCA\DAV\Tests\unit\Connector\Sabre\ObjectTreeTest::testMoveFailed with data set #5 ('a/b', 'a/c', array(false, true, false), array())
Argument 3 passed to OC\Files\Storage\Common::acquireLock() must implement interface OCP\Lock\ILockingProvider, null given, called in /drone/src/github.com/nextcloud/server/lib/private/Files/View.php on line 1909 and defined

/drone/src/github.com/nextcloud/server/lib/private/Files/Storage/Common.php:667
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1909
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:2011
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1289
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1336
/drone/src/github.com/nextcloud/server/apps/dav/lib/Connector/Sabre/ObjectTree.php:199
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:142
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:75

7) OCA\DAV\Tests\unit\Connector\Sabre\ObjectTreeTest::testMoveSuccess with data set #0 ('a/b', 'b/b', array(true, true, true, false), array(true))
Argument 3 passed to OC\Files\Storage\Common::acquireLock() must implement interface OCP\Lock\ILockingProvider, null given, called in /drone/src/github.com/nextcloud/server/lib/private/Files/View.php on line 1909 and defined

/drone/src/github.com/nextcloud/server/lib/private/Files/Storage/Common.php:667
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1909
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:2011
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1289
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1336
/drone/src/github.com/nextcloud/server/apps/dav/lib/Connector/Sabre/ObjectTree.php:199
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:142
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:82

8) OCA\DAV\Tests\unit\Connector\Sabre\ObjectTreeTest::testMoveSuccess with data set #1 ('a/b*', 'b/b', array(true, true, true, false), array(true))
Argument 3 passed to OC\Files\Storage\Common::acquireLock() must implement interface OCP\Lock\ILockingProvider, null given, called in /drone/src/github.com/nextcloud/server/lib/private/Files/View.php on line 1909 and defined

/drone/src/github.com/nextcloud/server/lib/private/Files/Storage/Common.php:667
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1909
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:2011
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1289
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1336
/drone/src/github.com/nextcloud/server/apps/dav/lib/Connector/Sabre/ObjectTree.php:199
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:142
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:82

9) OCA\DAV\Tests\unit\Connector\Sabre\ObjectTreeTest::testMoveFailedInvalidChars with data set #0 ('a/b', 'a/*', array(true, true, false), array())
Argument 3 passed to OC\Files\Storage\Common::acquireLock() must implement interface OCP\Lock\ILockingProvider, null given, called in /drone/src/github.com/nextcloud/server/lib/private/Files/View.php on line 1909 and defined

/drone/src/github.com/nextcloud/server/lib/private/Files/Storage/Common.php:667
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1909
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:2011
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1289
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1336
/drone/src/github.com/nextcloud/server/apps/dav/lib/Connector/Sabre/ObjectTree.php:199
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:142
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:91

10) OCA\DAV\Tests\unit\Connector\Sabre\ObjectTreeTest::testFailingMove
Argument 3 passed to OC\Files\Storage\Common::acquireLock() must implement interface OCP\Lock\ILockingProvider, null given, called in /drone/src/github.com/nextcloud/server/lib/private/Files/View.php on line 1909 and defined

/drone/src/github.com/nextcloud/server/lib/private/Files/Storage/Common.php:667
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1909
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:2011
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1289
/drone/src/github.com/nextcloud/server/lib/private/Files/View.php:1336
/drone/src/github.com/nextcloud/server/apps/dav/lib/Connector/Sabre/ObjectTree.php:199
/drone/src/github.com/nextcloud/server/apps/dav/tests/unit/Connector/Sabre/ObjectTreeTest.php:353

@LukasReschke LukasReschke force-pushed the dav-permission-check branch from eae9b92 to f43fba4 Compare June 30, 2016 10:20
@LukasReschke LukasReschke force-pushed the dav-permission-check branch from f43fba4 to 4e21543 Compare June 30, 2016 10:21
LukasReschke
LukasReschke reviewed Jun 30, 2016
View reviewed changes
apps/dav/lib/Connector/Sabre/ObjectTree.php Outdated
$sourcePermission = $infoSource && $infoSource->isDeletable();

if (!$destinationPermission || !$sourcePermission) {
throw new Forbidden();
Copy link
Member

@LukasReschke LukasReschke Jun 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Required parameter $message missing

Copy link
Member

@LukasReschke LukasReschke Jun 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

(Will fix myself)

@MorrisJobke MorrisJobke added 2. developing Work in progress and removed 3. to review Waiting for reviews labels Jun 30, 2016
@LukasReschke
Copy link
Member

LukasReschke commented Jun 30, 2016

Tests should pass now after ea18d86

schiessle
schiessle reviewed Jun 30, 2016
View reviewed changes
apps/dav/lib/Connector/Sabre/ObjectTree.php Outdated
$info = $this->fileView->getFileInfo(dirname($destination));
if ($info && !$info->isUpdateable()) {
throw new Forbidden();
throw new Forbidden('No permissions to move object.');
Copy link
Member Author

@schiessle schiessle Jun 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

"copy" in this case? 😉

@MorrisJobke
Copy link
Member

MorrisJobke commented Jun 30, 2016
edited
Loading

Tested and works 👍

@MorrisJobke MorrisJobke added 3. to review Waiting for reviews backport-request and removed 2. developing Work in progress labels Jun 30, 2016
@schiessle
Copy link
Member Author

schiessle commented Jun 30, 2016

👍 for the tests

@schiessle schiessle merged commit e9dedfb into master Jun 30, 2016
@LukasReschke LukasReschke deleted the dav-permission-check branch June 30, 2016 13:06
@schiessle schiessle mentioned this pull request Jun 30, 2016
Merged
PVince81
PVince81 reviewed Jul 6, 2016
View reviewed changes
apps/dav/lib/Connector/Sabre/ObjectTree.php


$info = $this->fileView->getFileInfo(dirname($destination));
if ($info && !$info->isUpdateable()) {
Copy link
Member

@PVince81 PVince81 Jul 6, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might not be 100% correct. A copy needs create permissions for a "copy in" as new file.
As for "copy + overwrite" it's "create + delete", because SabreDAV will trigger an automatic delete of the target before running this method. So in the end only a check on "create" is needed.

Even though the "update" permission semantically seems to fit better for overwrites, it never quite worked as expected.

@nickvergessen nickvergessen mentioned this pull request Sep 7, 2016
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

3. to review Waiting for reviews bug feature: dav

Projects

None yet

Milestone

Nextcloud 10.0

Development

Successfully merging this pull request may close these issues.

4 participants

@schiessle @LukasReschke @MorrisJobke @PVince81