0013060: refactor filemanager node actions
authorPhilipp Schüle <p.schuele@metaways.de>
Wed, 31 May 2017 12:31:14 +0000 (14:31 +0200)
committerPhilipp Schüle <p.schuele@metaways.de>
Thu, 1 Jun 2017 11:27:21 +0000 (13:27 +0200)
* fixes top level folder acl (server side)
* fixes "other users": all users where shown
 even if they did not grant access to any folder

https://forge.tine20.org/view.php?id=13060

Change-Id: I915cb9823bbe02ed762066b0aab7bdc3ed689a60
Reviewed-on: http://gerrit.tine20.com/customers/4791
Tested-by: Jenkins CI (http://ci.tine20.com/)
Reviewed-by: Philipp Schüle <p.schuele@metaways.de>
tests/tine20/Filemanager/Frontend/JsonTests.php
tine20/Filemanager/Controller/Node.php
tine20/Tinebase/FileSystem.php

index 2f9e7b5..cfb87e7 100644 (file)
@@ -158,11 +158,11 @@ class Filemanager_Frontend_JsonTests extends TestCase
                 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_USER,
                 Tinebase_Model_Grants::GRANT_READ => true,
                 Tinebase_Model_Grants::GRANT_ADD => true,
-                Tinebase_Model_Grants::GRANT_EDIT => true,
-                Tinebase_Model_Grants::GRANT_DELETE => true,
+                Tinebase_Model_Grants::GRANT_EDIT => false,
+                Tinebase_Model_Grants::GRANT_DELETE => false,
                 Tinebase_Model_Grants::GRANT_EXPORT => true,
                 Tinebase_Model_Grants::GRANT_SYNC => true,
-                Tinebase_Model_Grants::GRANT_ADMIN => true,
+                Tinebase_Model_Grants::GRANT_ADMIN => false,
                 Tinebase_Model_Grants::GRANT_FREEBUSY => false,
                 Tinebase_Model_Grants::GRANT_PRIVATE => false,
                 Tinebase_Model_Grants::GRANT_DOWNLOAD => false,
@@ -183,8 +183,8 @@ class Filemanager_Frontend_JsonTests extends TestCase
                 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_USER,
                 Tinebase_Model_Grants::GRANT_READ => true,
                 Tinebase_Model_Grants::GRANT_ADD => true,
-                Tinebase_Model_Grants::GRANT_EDIT => true,
-                Tinebase_Model_Grants::GRANT_DELETE => true,
+                Tinebase_Model_Grants::GRANT_EDIT => false,
+                Tinebase_Model_Grants::GRANT_DELETE => false,
                 Tinebase_Model_Grants::GRANT_EXPORT => true,
                 Tinebase_Model_Grants::GRANT_SYNC => true,
                 Tinebase_Model_Grants::GRANT_ADMIN => false,
@@ -390,6 +390,8 @@ class Filemanager_Frontend_JsonTests extends TestCase
         $node = $this->_getNodeByNameFromResult($this->_personas['sclever']->accountDisplayName, $result);
         $path = '/' . Tinebase_FileSystem::FOLDER_TYPE_PERSONAL . '/' . $this->_personas['sclever']->accountDisplayName;
         self::assertEquals($path, $node['path']);
+        self::assertEquals(1, $result['totalcount'],
+            'only expected sclever personal folder in result. got: ' . print_r($result['results'], true));
     }
 
     /**
@@ -531,6 +533,33 @@ class Filemanager_Frontend_JsonTests extends TestCase
         return $filepaths;
     }
 
+
+    /**
+     * testCreateFileNodeInPersonalRoot
+     */
+    public function testCreateFileNodeInPersonalRoot()
+    {
+        $testPath = '/' . Tinebase_FileSystem::FOLDER_TYPE_PERSONAL
+            . '/' . Tinebase_Core::getUser()->accountLoginName
+            . '/' . 'file1';
+
+
+        $tempPath = Tinebase_TempFile::getTempPath();
+        $tempFileIds = array(Tinebase_TempFile::getInstance()->createTempFile($tempPath));
+        file_put_contents($tempPath, 'someData');
+
+        try {
+            $result = $this->_getUit()->createNodes(array($testPath), Tinebase_Model_Tree_FileObject::TYPE_FILE,
+                $tempFileIds, false);
+            self::fail('it is not allowed to create new files here');
+        } catch (Tinebase_Exception_AccessDenied $tead) {
+            self::assertContains('No permission to add nodes in path', $tead->getMessage());
+        }
+    }
+
+    /**
+     * testMoveFileNode
+     */
     public function testMoveFileNode()
     {
         $filePaths = $this->testCreateFileNodes(true);
index e2734c1..f5ddddb 100644 (file)
@@ -664,7 +664,7 @@ class Filemanager_Controller_Node extends Tinebase_Controller_Record_Abstract
         
         try {
             $this->_checkIfExists($path);
-            $this->_backend->checkPathACL($parentPathRecord, 'add');
+            $this->_backend->checkPathACL($parentPathRecord, 'add', /* $_topLevelAllowed */ $_type === Tinebase_Model_Tree_FileObject::TYPE_FOLDER);
         } catch (Filemanager_Exception_NodeExists $fene) {
             if ($_forceOverwrite) {
 
index 4d002a3..5fc5e4a 100644 (file)
@@ -2166,7 +2166,7 @@ class Tinebase_FileSystem implements
     {
         switch ($_path->containerType) {
             case Tinebase_FileSystem::FOLDER_TYPE_PERSONAL:
-                if ($_path->containerOwner) {
+                if ($_path->containerOwner && ($_topLevelAllowed || ! $_path->isToplevelPath())) {
                     $hasPermission = ($_path->containerOwner === Tinebase_Core::getUser()->accountLoginName || $_action === 'get');
                 } else {
                     $hasPermission = ($_action === 'get');
@@ -2174,7 +2174,7 @@ class Tinebase_FileSystem implements
                 break;
             case Tinebase_FileSystem::FOLDER_TYPE_SHARED:
                 if ($_action !== 'get') {
-                    // TODO check if app has MANAGE_SHARED_FOLDERS richt?
+                    // TODO check if app has MANAGE_SHARED_FOLDERS right?
                     $hasPermission = Tinebase_Acl_Roles::getInstance()->hasRight(
                         $_path->application->name,
                         Tinebase_Core::getUser()->getId(),
@@ -2409,7 +2409,7 @@ class Tinebase_FileSystem implements
         $sharedFoldersOfOtherUsers = $this->searchNodes($filter);
 
         foreach ($otherAccountNodes as $otherAccount) {
-            if ($sharedFoldersOfOtherUsers->filter('parent_id', $otherAccount->getId())) {
+            if (count($sharedFoldersOfOtherUsers->filter('parent_id', $otherAccount->getId())) > 0) {
                 $result->addRecord($otherAccount);
                 $account = Tinebase_User::getInstance()->getUserByPropertyFromSqlBackend(
                     'accountId',
@@ -2524,11 +2524,10 @@ class Tinebase_FileSystem implements
                 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_USER,
                 Tinebase_Model_Grants::GRANT_READ => true,
                 Tinebase_Model_Grants::GRANT_ADD => true,
-                Tinebase_Model_Grants::GRANT_EDIT => true,
-                Tinebase_Model_Grants::GRANT_DELETE => true,
+                Tinebase_Model_Grants::GRANT_EDIT => false,
+                Tinebase_Model_Grants::GRANT_DELETE => false,
                 Tinebase_Model_Grants::GRANT_EXPORT => true,
                 Tinebase_Model_Grants::GRANT_SYNC => true,
-                Tinebase_Model_Grants::GRANT_ADMIN => true,
             ));
         } else if ($pathRecord->isToplevelPath() && $pathRecord->containerType === Tinebase_FileSystem::FOLDER_TYPE_SHARED) {
             $account = $_accountId instanceof Tinebase_Model_FullUser
@@ -2540,8 +2539,8 @@ class Tinebase_FileSystem implements
                 'account_type' => Tinebase_Acl_Rights::ACCOUNT_TYPE_USER,
                 Tinebase_Model_Grants::GRANT_READ => true,
                 Tinebase_Model_Grants::GRANT_ADD => $hasManageSharedRight,
-                Tinebase_Model_Grants::GRANT_EDIT => $hasManageSharedRight,
-                Tinebase_Model_Grants::GRANT_DELETE => $hasManageSharedRight,
+                Tinebase_Model_Grants::GRANT_EDIT => false,
+                Tinebase_Model_Grants::GRANT_DELETE => false,
                 Tinebase_Model_Grants::GRANT_EXPORT => true,
                 Tinebase_Model_Grants::GRANT_SYNC => true,
             ));