Access list to share manager #2834
Conversation
|
@rullzer, thanks for your PR! By analyzing the history of the files in this pull request, we identified @schiessle, @LukasReschke and @icewind1991 to be potential reviewers. |
fa99f97 to
2309e25
Compare
| @@ -767,4 +767,8 @@ public function getSharesInFolder($userId, Folder $node, $reshares) { | |||
| return $shares; | |||
| } | |||
|
|
|||
| public function getAccessList($nodes, $currentAccess) { | |||
| return ['users' => [], 'remote' => false, 'public' => false]; | |||
There was a problem hiding this comment.
Shouldn't we check here if the file or a file in the folder is shared by mail and set 'public' to true (this would be enough for encryption)? To make it more generic we could also add another key 'mail' to the array, which would probably be the better solution.
There was a problem hiding this comment.
Yeah didn't think about it yet. Just had to implement something that did not break. I'm fine with both so whatever you prefer.
a5051d9 to
76a0ddb
Compare
Codecov Report
@@ Coverage Diff @@
## master #2834 +/- ##
============================================
+ Coverage 54.08% 54.44% +0.36%
- Complexity 21428 21690 +262
============================================
Files 1317 1324 +7
Lines 81663 82896 +1233
Branches 1305 1305
============================================
+ Hits 44167 45134 +967
- Misses 37496 37762 +266
Continue to review full report at Codecov.
|
|
@nickvergessen @schiessle please have a look |
lib/private/Encryption/File.php
Outdated
| $public = $resultForFile['public'] || $resultForFile['remote'] || $public; | ||
| if ($file !== null) { | ||
| $resultForFile = $this->shareManager->getAccessList($file, false); | ||
| $userIds = \array_merge($userIds, $resultForFile['users']); |
lib/public/Share/IManager.php
Outdated
| * @return array | ||
| * @since 9.2.0 | ||
| */ | ||
| public function getAccessList(\OCP\Files\Node $path, $recursive = true); |
There was a problem hiding this comment.
Missing , $currentAccess = false ?
lib/private/Share20/ShareHelper.php
Outdated
| * @param array $users Array of userIds | ||
| * @return array Mapping $uid to an array of nodes | ||
| */ | ||
| public function getPathsForAccessList(Node $node, $users) { |
76a0ddb to
9e12f9c
Compare
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
112e3c4 to
b96297e
Compare
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
👍 for me now. Seems to do all the tricks! @schiessle can you have a look as well? |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
'public' need to be true as soon as one remote-share, email-share or public link exists. I don't see that this is the case here, but maybe I missed something. |
|
don't we ave remote for remote? |
|
@schiessle also see #2834 (comment) ;) |
|
Yes you are right, remote shares are separate, only the encryption code merges them: https://github.com/nextcloud/server/blob/master/lib/private/Encryption/File.php#L79 But mail-shares and public links where handled by the share api as the same: https://github.com/nextcloud/server/blob/master/lib/private/Share/Share.php#L269 So we either need to keep this behaviour for mail shares and public links or extend the logic on the encryption code to merge public, remote and mail. |
|
Let me just replace the public key. Because the code doesn't care so that seems the easy way. |
Yes, makes probably sense to show mail shares as mail shares but then we need to update it here https://github.com/nextcloud/server/blob/master/lib/private/Encryption/File.php#L79 and here https://github.com/nextcloud/server/blob/master/lib/private/Encryption/File.php#L85 |
|
@schiessle I just made it public now. As that keep the behavior as is for now. |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
3e86cb5 to
cab4111
Compare
|
CI is happy (well 1 timed out). @schiessle @nickvergessen what do you say? Lets get this in! |
|
👍 |
|
Circles complies with the new ShareProvider |
Revived this PR to get rid of the old code
What we do now is offload the accesslist creation to the share providers. Which allows for way more efficient queries.
The manager function now can handle recursion and directly filter out users the currently have no access to the Node (delete group shares for example).
The helper class should be able to assist for notifications.
@nickvergessen @schiessle lets see if we can get this moving!
TODO: