Adds a permission check for app directories #10538
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
I think it would be good to get this into 14 as well. As it fixes potential update issues with the update |
|
Here is a question: I messed around with my git config. For a while the sign off was broken. It didn't complain and added the "signed off" but actually didn't sign it at all o_O I managed to fix it. Does anyone know a way how to sign off commits in GitHub afterwards? |
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
f8cd5f5 to
e092d8e
Compare
|
@weeman1337 There is a difference between signing your commits and adding a sign off message. The signoff message is fine for all those commits. The gpg signing seems to be missing, however you would need to do an interactive rebase and edit each commit. You can then just call |
|
@weeman1337 😁 Seems you already found it 👍 |
|
@juliushaertl jep found it - this time it worked. Sometimes it seems that GitHub doesn't recognize updates to already existing commits... ¯\_(ツ)_/¯ |
juliusknorr
requested changes
Aug 9, 2018
| $appsDir = new DirectoryIterator($appRoot['path']); | ||
| foreach ($appsDir as $fileInfo) { | ||
| if ($fileInfo->isDir() && !$fileInfo->isDot()) { | ||
| $absAppPath = $appsPath . DIRECTORY_SEPARATOR . $fileInfo->getFilename(); |
There was a problem hiding this comment.
We should check from the config if the apps directory is marked as writable. If not, there is no reason to report it imho.
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Joas Schilling <coding@schilljs.com>
only update the encrypted version after the write operation is finished and the stream is closed Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Signed-off-by: Julius Härtl <jus@bitgrid.net>
In some cases, the DeletedShareAPIController requires explicit handling of each type of share (for example, to format a share for a DataResponse). Room shares are implemented in an external app (Nextcloud Talk), so in order to keep the controller as isolated as possible from room share specifics all that explicit handling is done in a helper class provided by the Talk app. In other cases it is just enough to call the share manager specifying a room share type; note that the share manager is guarded against share types for which there is no provider, so it is not necessary to explicitly check that before passing room shares to the share manager. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The test just ensures that the controller will gracefully reject the creation instead of failing miserably; the integration tests when Talk is enabled are in the Talk repository. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The MountProvider for shares creates mount points for the files shared with the user, which makes possible to use the received shared files and folders as regular files and folders. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
A user can move her own shares into a received share. When that happens she is effectively handing over the ownership of the file, so the share needs to be updated to reflect the new owner. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Like done for other types of shares, room shares are now explicitly described as such in the UI. The avatar used is the image provided in the "shareWithAvatar" property of the share. If none is given then the avatar is the first letter of the display name of the room share with a coloured background seeded from the room token. If the display name of the room is empty then no letter is shown in the avatar; no special handling is done in that case. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Like done with group shares, received room shares are described as such in the UI. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The DeletedShareAPIController and ShareAPIController helpers for room shares are defined in Talk, so the classes do not exist when Talk is not installed. Due to this when the object returned by "getRoomShareHelper" is used Phan complains that the class is not declared. This is not a problem, though, because when the class is not available "getRoomShareHelper" throws an exception, which is then caught where that method was called. Therefore now those warnings from Phan are suppressed (it would be better to use "@phan-suppress-next-line" instead, but it is not yet available in our Phan version). Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Tokens will be used to give access to a share to guests in public rooms. Although the token itself is created in the provider of room shares and no changes are needed for that, due to the code structure it is necessary to explicitly call the provider from the manager when getting a room share by token. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fixes #10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
Ok - I messed it up :( I'll do a new branch/PR including the changes. |
|
@weeman1337 seems you tried to pull in recent master changes? A rebase on master and a force push is totally fine inside branches. 😉 |
|
@juliushaertl yeah good to know. So far my prime directive was "never fiddle around in the git history, once it's public". :) |
|
Yeah, that is only problematic if multiple people work on the same branch. Otherwise we have very little issues with that. ;) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds a setup check for the permissions of the app root directories.
There is a test for the case the permissions are fine. It's hard to add a test for the wrong permissions, because an ordinary user can't do a
chown.Closes #10154