mirror of
https://github.com/opencloud-eu/opencloud.git
synced 2025-12-30 17:00:57 -06:00
[full-ci] fix public link update (#7862)
* the tests were modified * Update tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature Co-authored-by: Sawjan Gurung <saw.jan.grg3e@gmail.com> * the expected failures removed * change log added, reva bumped. --------- Co-authored-by: Roman Perekhod <rperekhod@owncloud.com> Co-authored-by: Sawjan Gurung <saw.jan.grg3e@gmail.com>
This commit is contained in:
Roman Perekhod
6
changelog/unreleased/fix-public-link-update.md
Normal file
6
changelog/unreleased/fix-public-link-update.md
Normal file
@@ -0,0 +1,6 @@
|
||||
Bugfix: Fix the public link update
|
||||
|
||||
We fixed a bug when normal users can update the public link to delete its password if permission is not sent in data.
|
||||
|
||||
https://github.com/owncloud/ocis/pull/7862
|
||||
https://github.com/owncloud/ocis/issues/7821
|
||||
2
go.mod
2
go.mod
@@ -13,7 +13,7 @@ require (
|
||||
github.com/coreos/go-oidc v2.2.1+incompatible
|
||||
github.com/coreos/go-oidc/v3 v3.8.0
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781
|
||||
github.com/cs3org/reva/v2 v2.16.1-0.20231206142634-7b47abdafd55
|
||||
github.com/cs3org/reva/v2 v2.16.1-0.20231208083424-41aa50b4a2e8
|
||||
github.com/dhowden/tag v0.0.0-20230630033851-978a0926ee25
|
||||
github.com/disintegration/imaging v1.6.2
|
||||
github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
|
||||
|
||||
4
go.sum
4
go.sum
@@ -1017,8 +1017,8 @@ github.com/crewjam/saml v0.4.14 h1:g9FBNx62osKusnFzs3QTN5L9CVA/Egfgm+stJShzw/c=
|
||||
github.com/crewjam/saml v0.4.14/go.mod h1:UVSZCf18jJkk6GpWNVqcyQJMD5HsRugBPf4I1nl2mME=
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781 h1:BUdwkIlf8IS2FasrrPg8gGPHQPOrQ18MS1Oew2tmGtY=
|
||||
github.com/cs3org/go-cs3apis v0.0.0-20231023073225-7748710e0781/go.mod h1:UXha4TguuB52H14EMoSsCqDj7k8a/t7g4gVP+bgY5LY=
|
||||
github.com/cs3org/reva/v2 v2.16.1-0.20231206142634-7b47abdafd55 h1:89YKeYd7nFa1AassJRvA8KOCpFN/4mfaiSxytUnG/AI=
|
||||
github.com/cs3org/reva/v2 v2.16.1-0.20231206142634-7b47abdafd55/go.mod h1:zcrrYVsBv/DwhpyO2/W5hoSZ/k6az6Z2EYQok65uqZY=
|
||||
github.com/cs3org/reva/v2 v2.16.1-0.20231208083424-41aa50b4a2e8 h1:Z1i5VmeHNc6n0jIl/Iljfs+gt7bhdcVT/5cNxn1XIs4=
|
||||
github.com/cs3org/reva/v2 v2.16.1-0.20231208083424-41aa50b4a2e8/go.mod h1:zcrrYVsBv/DwhpyO2/W5hoSZ/k6az6Z2EYQok65uqZY=
|
||||
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
|
||||
@@ -515,10 +515,5 @@ Not everything needs to be implemented for ocis. While the oc10 testsuite covers
|
||||
- [coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature:22](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature#L22)
|
||||
- [coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature:23](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiShareCreateSpecialToShares2/createShareDefaultFolderForReceivedShares.feature#L23)
|
||||
|
||||
#### [Normal users can update the public link to delete its password if permission is not sent in data](https://github.com/owncloud/ocis/issues/7821)
|
||||
|
||||
- [coreApiSharePublicLink1/changingPublicLinkShare.feature:171](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature#L171)
|
||||
- [coreApiSharePublicLink1/changingPublicLinkShare.feature:172](https://github.com/owncloud/ocis/blob/master/tests/acceptance/features/coreApiSharePublicLink1/changingPublicLinkShare.feature#L172)
|
||||
|
||||
Note: always have an empty line at the end of this file.
|
||||
The bash script that processes this file requires that the last line has a newline on the end.
|
||||
|
||||
@@ -101,25 +101,6 @@ Feature: update a public link share
|
||||
| 2 | 200 |
|
||||
|
||||
|
||||
Scenario Outline: creating a new public link share with password and removing (updating) it to make the resources accessible without password using public API
|
||||
Given using OCS API version "<ocs_api_version>"
|
||||
And user "Alice" has uploaded file with content "Random data" to "/randomfile.txt"
|
||||
And user "Alice" has created a public link share with settings
|
||||
| path | randomfile.txt |
|
||||
| password | %public% |
|
||||
When user "Alice" updates the last public link share using the sharing API with
|
||||
#removing password is basically making password empty
|
||||
| password | %remove% |
|
||||
Then the OCS status code should be "<ocs_status_code>"
|
||||
And the HTTP status code should be "200"
|
||||
And the public should be able to download the last publicly shared file using the old public WebDAV API without a password and the content should be "Random data"
|
||||
And the public should be able to download the last publicly shared file using the new public WebDAV API without a password and the content should be "Random data"
|
||||
Examples:
|
||||
| ocs_api_version | ocs_status_code |
|
||||
| 1 | 100 |
|
||||
| 2 | 200 |
|
||||
|
||||
|
||||
Scenario Outline: creating a new public link share, updating its password and getting its info
|
||||
Given using OCS API version "<ocs_api_version>"
|
||||
And user "Alice" has created folder "FOLDER"
|
||||
|
||||
@@ -419,9 +419,15 @@ func (h *Handler) updatePublicShare(w http.ResponseWriter, r *http.Request, shar
|
||||
}
|
||||
|
||||
// empty permissions mean internal link here - NOT denial. Hence we need an extra check
|
||||
if !sufficientPermissions(statRes.GetInfo().GetPermissionSet(), newPermissions, true) {
|
||||
response.WriteOCSError(w, r, http.StatusForbidden, "no share permission", nil)
|
||||
return
|
||||
if newPermissions != nil {
|
||||
if !sufficientPermissions(statRes.GetInfo().GetPermissionSet(), newPermissions, true) {
|
||||
response.WriteOCSError(w, r, http.StatusForbidden, "no share permission", nil)
|
||||
return
|
||||
}
|
||||
} else {
|
||||
statRes.GetInfo().GetPermissionSet()
|
||||
p := decreasePermissionsIfNecessary(int(conversions.RoleFromResourcePermissions(statRes.GetInfo().GetPermissionSet(), false).OCSPermissions()))
|
||||
permKey = &p
|
||||
}
|
||||
|
||||
// ExpireDate
|
||||
|
||||
2
vendor/modules.txt
vendored
2
vendor/modules.txt
vendored
@@ -359,7 +359,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
|
||||
github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
|
||||
github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
|
||||
github.com/cs3org/go-cs3apis/cs3/types/v1beta1
|
||||
# github.com/cs3org/reva/v2 v2.16.1-0.20231206142634-7b47abdafd55
|
||||
# github.com/cs3org/reva/v2 v2.16.1-0.20231208083424-41aa50b4a2e8
|
||||
## explicit; go 1.20
|
||||
github.com/cs3org/reva/v2/cmd/revad/internal/grace
|
||||
github.com/cs3org/reva/v2/cmd/revad/runtime
|
||||
|
||||
Reference in New Issue
Block a user