mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-04-26 02:08:25 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6919 from owncloud/bump-reva-fix-6670

Browse Source 
[full-ci] bump reva (Fix #6670)
This commit is contained in:
Phil Davis
2023-07-31 13:45:32 +05:45
committed by GitHub
parent 3d046f6ba8 5fb992d868
commit 80f4d6a22d
16 changed files with 126 additions and 125 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
changelog/unreleased/bump-reva.md
View File

@@ -3,3 +3,4 @@ Enhancement: Bump reva
bumps reva version
https://github.com/owncloud/ocis/pull/6899
https://github.com/owncloud/ocis/pull/6919

2
go.mod
View File

@@ -13,7 +13,7 @@ require (
github.com/coreos/go-oidc v2.2.1+incompatible
github.com/coreos/go-oidc/v3 v3.6.0
github.com/cs3org/go-cs3apis v0.0.0-20230516150832-730ac860c71d
github.com/cs3org/reva/v2 v2.15.1-0.20230731061316-db79e9b61738
github.com/cs3org/reva/v2 v2.15.1-0.20230731062052-2c2e370980e0
github.com/disintegration/imaging v1.6.2
github.com/dutchcoders/go-clamd v0.0.0-20170520113014-b970184f4d9e
github.com/egirna/icap-client v0.1.1

4
go.sum
View File

@@ -625,8 +625,8 @@ github.com/crewjam/httperr v0.2.0 h1:b2BfXR8U3AlIHwNeFFvZ+BV1LFvKLlzMjzaTnZMybNo
github.com/crewjam/httperr v0.2.0/go.mod h1:Jlz+Sg/XqBQhyMjdDiC+GNNRzZTD7x39Gu3pglZ5oH4=
github.com/crewjam/saml v0.4.13 h1:TYHggH/hwP7eArqiXSJUvtOPNzQDyQ7vwmwEqlFWhMc=
github.com/crewjam/saml v0.4.13/go.mod h1:igEejV+fihTIlHXYP8zOec3V5A8y3lws5bQBFsTm4gA=
github.com/cs3org/reva/v2 v2.15.1-0.20230731061316-db79e9b61738 h1:EILZCEJMYRla6cktKLpi1c3KwISyoYMGTX0AKCuUTZA=
github.com/cs3org/reva/v2 v2.15.1-0.20230731061316-db79e9b61738/go.mod h1:4z5EQghS2LhSWZWocH51Dw9VAs16No1zSFvFgQtgS7w=
github.com/cs3org/reva/v2 v2.15.1-0.20230731062052-2c2e370980e0 h1:Vmghy5B5q/C22JR+fPtsKMra2ug2p3s0CeVmNnQIu4o=
github.com/cs3org/reva/v2 v2.15.1-0.20230731062052-2c2e370980e0/go.mod h1:4z5EQghS2LhSWZWocH51Dw9VAs16No1zSFvFgQtgS7w=
github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8 h1:Z9lwXumT5ACSmJ7WGnFl+OMLLjpz5uR2fyz7dC255FI=
github.com/cubewise-code/go-mime v0.0.0-20200519001935-8c5762b177d8/go.mod h1:4abs/jPXcmJzYoYGF91JF9Uq9s/KL5n1jvFDix8KcqY=
github.com/cyberdelia/templates v0.0.0-20141128023046-ca7fffd4298c/go.mod h1:GyV+0YP4qX0UQ7r2MoYZ+AvYDp12OF5yg4q8rGnyNh4=

14
tests/acceptance/features/apiSpaces/resharing.feature
View File

@@ -54,10 +54,10 @@ Feature: Resharing
And user "Carol" should be included in the response
And user "Damian" should be included in the response
@skipOnRevaMaster
Scenario: user can't share with more permissions than they have
When user "Damian" shares folder "Shares/folder" with user "Ember" with permissions "31" using the sharing API
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the OCS status message should be "Cannot set the requested share permissions"
@@ -88,7 +88,7 @@ Feature: Resharing
| Brian | 998 | should exist |
| Carol | 100 | should not exist |
@skipOnRevaMaster
Scenario Outline: resharing folder with different permissions
When user "<user>" shares folder "Shares/folder" with user "Ember" with permissions "<permissions>" using the sharing API
Then the OCS status code should be "<code>"
@@ -97,10 +97,10 @@ Feature: Resharing
| Brian | 17 | 100 |
| Carol | 31 | 100 |
| Damian | 17 | 100 |
| Damian | 27 | 404 |
| Damian | 31 | 404 |
| Damian | 27 | 403 |
| Damian | 31 | 403 |
@skipOnRevaMaster
Scenario Outline: Resharing files with different permissions
Given user "Alice" has uploaded file with content "Random data" to "/file.txt"
And user "Alice" has shared file "/file.txt" with user "Brian" with permissions "<shareepermissions>"
@@ -110,7 +110,7 @@ Feature: Resharing
Examples:
| shareepermissions | granteepermissions | code |
| 17 | 17 | 100 |
| 17 | 19 | 404 |
| 17 | 19 | 403 |
| 19 | 19 | 100 |

12
tests/acceptance/features/apiSpacesShares/shareSpaces.feature
View File

@@ -131,7 +131,7 @@ Feature: Share spaces
| editor |
| viewer |
@skipOnRevaMaster
Scenario Outline: user with editor or viewer role cannot share a space to another user
Given user "Alice" has shared a space "share space" with settings:
| shareWith | Brian |
@@ -139,8 +139,8 @@ Feature: Share spaces
When user "Brian" shares a space "share space" with settings:
| shareWith | Bob |
| role | <new_role> |
Then the HTTP status code should be "404"
And the OCS status code should be "404"
Then the HTTP status code should be "403"
And the OCS status code should be "403"
And the OCS status message should be "No share permission"
And the user "Bob" should not have a space called "share space"
Examples:
@@ -172,7 +172,7 @@ Feature: Share spaces
| manager | editor |
| manager | viewer |
@skipOnRevaMaster
Scenario Outline: user without manager role cannot change the role of space members
Given user "Alice" has shared a space "share space" with settings:
| shareWith | Brian |
@@ -183,8 +183,8 @@ Feature: Share spaces
When user "Brian" updates the space "share space" with settings:
| shareWith | Bob |
| role | <new_role> |
Then the HTTP status code should be "404"
And the OCS status code should be "404"
Then the HTTP status code should be "403"
And the OCS status code should be "403"
And the user "Alice" should have a space called "share space" granted to "Bob" with role "viewer"
Examples:
| role | new_role |

6
tests/acceptance/features/apiSpacesShares/shareSpacesViaLink.feature
View File

@@ -70,15 +70,15 @@ Feature: Share spaces via link
And for user "Alice" the space "share space" should contain these entries:
| lorem.txt |
@skipOnRevaMaster
Scenario Outline: user without manager role cannot share a space to public via link
Given user "Alice" has shared a space "share space" with settings:
| shareWith | Brian |
| role | <role> |
When user "Brian" creates a public link share of the space "share space" with settings:
| permissions | 1 |
Then the HTTP status code should be "404"
And the OCS status code should be "404"
Then the HTTP status code should be "403"
And the OCS status code should be "403"
And the OCS status message should be "No share permission"
And for user "Alice" the space "share space" should not contain the last created public link
Examples:

6
tests/acceptance/features/apiSpacesShares/shareSubItemOfSpace.feature
View File

@@ -65,7 +65,7 @@ Feature: Share a file or folder that is inside a space
| file.txt | file | viewer | 2042-03-25T23:59:59+0100 | 2042-03-25 |
| file.txt | file | editor | | |
@skipOnRevaMaster
Scenario Outline: user participant of the project space without space manager role cannot share an entity to another user
Given user "Alice" has shared a space "share sub-item" with settings:
| shareWith | Brian |
@@ -74,8 +74,8 @@ Feature: Share a file or folder that is inside a space
| path | <entity> |
| shareWith | Bob |
| role | editor |
Then the HTTP status code should be "404"
And the OCS status code should be "404"
Then the HTTP status code should be "403"
And the OCS status code should be "403"
And the OCS status message should be "No share permission"
Examples:
| entity | spaceRole |

6
tests/acceptance/features/apiSpacesShares/shareSubItemOfSpaceViaPublicLink.feature
View File

@@ -96,7 +96,7 @@ Feature: Share a file or folder that is inside a space via public link
| folder | /folder | folder | httpd/unix-directory |
| folder/file.txt | /file.txt | file | text/plain |
@skipOnRevaMaster
Scenario Outline: user participant of the project space without space manager role cannot share an entity inside project space via public link
Given user "Alice" has shared a space "share sub-item" with settings:
| shareWith | Brian |
@@ -108,8 +108,8 @@ Feature: Share a file or folder that is inside a space via public link
| password | 123 |
| name | public link |
| expireDate | 2042-03-25T23:59:59+0100 |
Then the HTTP status code should be "404"
And the OCS status code should be "404"
Then the HTTP status code should be "403"
And the OCS status code should be "403"
And the OCS status message should be "No share permission"
Examples:
| entity | spaceRole |

48
tests/acceptance/features/coreApiSharePublicLink2/reShareAsPublicLinkToSharesNewDav.feature
View File

@@ -10,7 +10,7 @@ Feature: reshare as public link
| Alice |
| Brian |
@skipOnRevaMaster
Scenario Outline: creating a public link from a share with read permission only is not allowed
Given using OCS API version "<ocs_api_version>"
And user "Alice" has created folder "/test"
@@ -19,12 +19,12 @@ Feature: reshare as public link
When user "Brian" creates a public link share using the sharing API with settings
| path | /Shares/test |
| publicUpload | false |
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
Examples:
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 404 |
| 2 | 403 |
Scenario Outline: creating a public link from a share with share+read only permissions is allowed
@@ -46,7 +46,7 @@ Feature: reshare as public link
| 1 | 100 |
| 2 | 200 |
@skipOnRevaMaster
Scenario Outline: creating an upload public link from a share with share+read only permissions is not allowed
Given using OCS API version "<ocs_api_version>"
And user "Alice" has created folder "/test"
@@ -56,14 +56,14 @@ Feature: reshare as public link
| path | /Shares/test |
| permissions | read,update,create,delete |
| publicUpload | true |
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
Examples:
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 404 |
| 2 | 403 |
@skipOnRevaMaster
Scenario Outline: creating a public link from a share with read+write permissions only is not allowed
Given using OCS API version "<ocs_api_version>"
And user "Alice" has created folder "/test"
@@ -72,12 +72,12 @@ Feature: reshare as public link
When user "Brian" creates a public link share using the sharing API with settings
| path | /Shares/test |
| publicUpload | true |
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
Examples:
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 404 |
| 2 | 403 |
Scenario Outline: creating a public link from a share with share+read+write permissions is allowed
@@ -120,7 +120,7 @@ Feature: reshare as public link
| 1 | 100 |
| 2 | 200 |
@skipOnRevaMaster
Scenario Outline: creating an upload public link from a sub-folder of a share with share+read only permissions is not allowed
Given using OCS API version "<ocs_api_version>"
And user "Alice" has created folder "/test"
@@ -131,14 +131,14 @@ Feature: reshare as public link
| path | /Shares/test/sub |
| permissions | read,update,create,delete |
| publicUpload | true |
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
Examples:
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 404 |
| 2 | 403 |
@skipOnRevaMaster
Scenario Outline: increasing permissions of a public link of a share with share+read only permissions is not allowed
Given using OCS API version "<ocs_api_version>"
And user "Alice" has created folder "/test"
@@ -151,15 +151,15 @@ Feature: reshare as public link
| publicUpload | false |
When user "Brian" updates the last public link share using the sharing API with
| permissions | read,update,create,delete |
Then the OCS status code should be "404" or "403"
And the HTTP status code should be "<http_status_code1>" or "<http_status_code2>"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And uploading a file should not work using the new public WebDAV API
Examples:
| ocs_api_version | http_status_code1 | http_status_code2 |
| 1 | 200 | 200 |
| 2 | 404 | 403 |
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 403 |
@skipOnRevaMaster
Scenario Outline: increasing permissions of a public link from a sub-folder of a share with share+read only permissions is not allowed
Given using OCS API version "<ocs_api_version>"
And user "Alice" has created folder "/test"
@@ -173,10 +173,10 @@ Feature: reshare as public link
And uploading a file should not work using the new public WebDAV API
When user "Brian" updates the last public link share using the sharing API with
| permissions | read,update,create,delete |
Then the OCS status code should be "404" or "403"
And the HTTP status code should be "<http_status_code1>" or "<http_status_code2>"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And uploading a file should not work using the new public WebDAV API
Examples:
| ocs_api_version | http_status_code1 | http_status_code2 |
| 1 | 200 | 200 |
| 2 | 404 | 403 |
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 403 |

12
tests/acceptance/features/coreApiSharePublicLink3/updatePublicLinkShare.feature
View File

@@ -246,7 +246,7 @@ Feature: update a public link share
| 1 | 100 |
| 2 | 200 |
@skipOnRevaMaster
Scenario Outline: adding public upload to a read only shared folder as recipient is not allowed using the public API
Given using OCS API version "<ocs_api_version>"
And user "Brian" has been created with default attributes and without skeleton files
@@ -258,14 +258,14 @@ Feature: update a public link share
| publicUpload | false |
When user "Brian" updates the last public link share using the sharing API with
| publicUpload | true |
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And uploading a file should not work using the old public WebDAV API
And uploading a file should not work using the new public WebDAV API
Examples:
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 404 |
| 2 | 403 |
Scenario Outline:adding public upload to a shared folder as recipient is allowed with permissions using the public API
@@ -288,7 +288,7 @@ Feature: update a public link share
| 1 | 100 |
| 2 | 200 |
@skipOnRevaMaster
Scenario Outline: adding public link with all permissions to a read only shared folder as recipient is not allowed using the public API
Given using OCS API version "<ocs_api_version>"
And user "Brian" has been created with default attributes and without skeleton files
@@ -300,14 +300,14 @@ Feature: update a public link share
| permissions | read |
When user "Brian" updates the last public link share using the sharing API with
| permissions | read,update,create,delete |
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And uploading a file should not work using the old public WebDAV API
And uploading a file should not work using the new public WebDAV API
Examples:
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 404 |
| 2 | 403 |
Scenario Outline: adding public link with all permissions to a read only shared folder as recipient is allowed with permissions using the public API

72
tests/acceptance/features/coreApiShareReshareToShares1/reShare.feature
View File

@@ -11,14 +11,14 @@ Feature: sharing
| Brian |
| Carol |
@smokeTest
@smokeTest @skipOnRevaMaster
Scenario Outline: user is not allowed to reshare file when reshare permission is not given
Given using OCS API version "<ocs_api_version>"
And user "Alice" has uploaded file "filesForUpload/textfile.txt" to "/textfile0.txt"
And user "Alice" has shared file "/textfile0.txt" with user "Brian" with permissions "read,update"
And user "Brian" has accepted share "/textfile0.txt" offered by user "Alice"
When user "Brian" shares file "/Shares/textfile0.txt" with user "Carol" with permissions "read,update" using the sharing API
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And as "Carol" file "/Shares/textfile0.txt" should not exist
And the sharing API should report to user "Carol" that no shares are in the pending state
@@ -26,16 +26,16 @@ Feature: sharing
Examples:
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 404 |
| 2 | 403 |
@skipOnRevaMaster
Scenario Outline: user is not allowed to reshare folder when reshare permission is not given
Given using OCS API version "<ocs_api_version>"
And user "Alice" has created folder "/FOLDER"
And user "Alice" has shared folder "/FOLDER" with user "Brian" with permissions "read,update"
And user "Brian" has accepted share "/FOLDER" offered by user "Alice"
When user "Brian" shares folder "/Shares/FOLDER" with user "Carol" with permissions "read,update" using the sharing API
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And as "Carol" folder "/Shares/FOLDER" should not exist
And the sharing API should report to user "Carol" that no shares are in the pending state
@@ -43,7 +43,7 @@ Feature: sharing
Examples:
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 404 |
| 2 | 403 |
@smokeTest
Scenario Outline: user is allowed to reshare file with the same permissions
@@ -109,14 +109,14 @@ Feature: sharing
| 1 | 100 |
| 2 | 200 |
@skipOnRevaMaster
Scenario Outline: user is not allowed to reshare file and set more permissions bits
Given using OCS API version "<ocs_api_version>"
And user "Alice" has uploaded file "filesForUpload/textfile.txt" to "/textfile0.txt"
And user "Alice" has shared file "/textfile0.txt" with user "Brian" with permissions 17
And user "Brian" has accepted share "/textfile0.txt" offered by user "Alice"
When user "Brian" shares file "/Shares/textfile0.txt" with user "Carol" with permissions <reshare_permissions> using the sharing API
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And as "Carol" file "/Shares/textfile0.txt" should not exist
And the sharing API should report to user "Carol" that no shares are in the pending state
@@ -125,18 +125,18 @@ Feature: sharing
| ocs_api_version | http_status_code | reshare_permissions |
# passing on more bits including reshare
| 1 | 200 | 19 |
| 2 | 404 | 19 |
| 2 | 403 | 19 |
| 1 | 200 | 23 |
| 2 | 404 | 23 |
| 2 | 403 | 23 |
| 1 | 200 | 31 |
| 2 | 404 | 31 |
| 2 | 403 | 31 |
# passing on more bits but not reshare
| 1 | 200 | 3 |
| 2 | 404 | 3 |
| 2 | 403 | 3 |
| 1 | 200 | 7 |
| 2 | 404 | 7 |
| 2 | 403 | 7 |
| 1 | 200 | 15 |
| 2 | 404 | 15 |
| 2 | 403 | 15 |
Scenario Outline: user is allowed to reshare file and set create (4) or delete (8) permissions bits, which get ignored
@@ -179,14 +179,14 @@ Feature: sharing
| 1 | 100 | 17 | 9 | 1 |
| 2 | 200 | 17 | 9 | 1 |
@skipOnRevaMaster
Scenario Outline: user is not allowed to reshare folder and set more permissions bits
Given using OCS API version "<ocs_api_version>"
And user "Alice" has created folder "/PARENT"
And user "Alice" has shared folder "/PARENT" with user "Brian" with permissions <received_permissions>
And user "Brian" has accepted share "/PARENT" offered by user "Alice"
When user "Brian" shares folder "/Shares/PARENT" with user "Carol" with permissions <reshare_permissions> using the sharing API
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And as "Carol" folder "/Shares/PARENT" should not exist
And the sharing API should report to user "Carol" that no shares are in the pending state
@@ -195,39 +195,39 @@ Feature: sharing
| ocs_api_version | http_status_code | received_permissions | reshare_permissions |
# try to pass on more bits including reshare
| 1 | 200 | 17 | 19 |
| 2 | 404 | 17 | 19 |
| 2 | 403 | 17 | 19 |
| 1 | 200 | 17 | 21 |
| 2 | 404 | 17 | 21 |
| 2 | 403 | 17 | 21 |
| 1 | 200 | 17 | 23 |
| 2 | 404 | 17 | 23 |
| 2 | 403 | 17 | 23 |
| 1 | 200 | 17 | 31 |
| 2 | 404 | 17 | 31 |
| 2 | 403 | 17 | 31 |
| 1 | 200 | 19 | 23 |
| 2 | 404 | 19 | 23 |
| 2 | 403 | 19 | 23 |
| 1 | 200 | 19 | 31 |
| 2 | 404 | 19 | 31 |
| 2 | 403 | 19 | 31 |
# try to pass on more bits but not reshare
| 1 | 200 | 17 | 3 |
| 2 | 404 | 17 | 3 |
| 2 | 403 | 17 | 3 |
| 1 | 200 | 17 | 5 |
| 2 | 404 | 17 | 5 |
| 2 | 403 | 17 | 5 |
| 1 | 200 | 17 | 7 |
| 2 | 404 | 17 | 7 |
| 2 | 403 | 17 | 7 |
| 1 | 200 | 17 | 15 |
| 2 | 404 | 17 | 15 |
| 2 | 403 | 17 | 15 |
| 1 | 200 | 19 | 7 |
| 2 | 404 | 19 | 7 |
| 2 | 403 | 19 | 7 |
| 1 | 200 | 19 | 15 |
| 2 | 404 | 19 | 15 |
| 2 | 403 | 19 | 15 |
@skipOnRevaMaster
Scenario Outline: user is not allowed to reshare folder and add delete permission bit (8)
Given using OCS API version "<ocs_api_version>"
And user "Alice" has created folder "/PARENT"
And user "Alice" has shared folder "/PARENT" with user "Brian" with permissions <received_permissions>
And user "Brian" has accepted share "/PARENT" offered by user "Alice"
When user "Brian" shares folder "/Shares/PARENT" with user "Carol" with permissions <reshare_permissions> using the sharing API
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And as "Carol" folder "/Shares/PARENT" should not exist
And the sharing API should report to user "Carol" that no shares are in the pending state
@@ -236,18 +236,18 @@ Feature: sharing
| ocs_api_version | http_status_code | received_permissions | reshare_permissions |
# try to pass on extra delete (including reshare)
| 1 | 200 | 17 | 25 |
| 2 | 404 | 17 | 25 |
| 2 | 403 | 17 | 25 |
| 1 | 200 | 19 | 27 |
| 2 | 404 | 19 | 27 |
| 2 | 403 | 19 | 27 |
| 1 | 200 | 23 | 31 |
| 2 | 404 | 23 | 31 |
| 2 | 403 | 23 | 31 |
# try to pass on extra delete (but not reshare)
| 1 | 200 | 17 | 9 |
| 2 | 404 | 17 | 9 |
| 2 | 403 | 17 | 9 |
| 1 | 200 | 19 | 11 |
| 2 | 404 | 19 | 11 |
| 2 | 403 | 19 | 11 |
| 1 | 200 | 23 | 15 |
| 2 | 404 | 23 | 15 |
| 2 | 403 | 23 | 15 |
Scenario Outline: reshare a file with same name as a deleted file

46
tests/acceptance/features/coreApiShareReshareToShares2/reShareSubfolder.feature
View File

@@ -29,13 +29,13 @@ Feature: a subfolder of a received share can be reshared
| 1 | 100 |
| 2 | 200 |
@skipOnRevaMaster
Scenario Outline: user is not allowed to reshare a sub-folder with more permissions
Given using OCS API version "<ocs_api_version>"
And user "Alice" has shared folder "/TMP" with user "Brian" with permissions <received_permissions>
And user "Brian" has accepted share "/TMP" offered by user "Alice"
When user "Brian" shares folder "/Shares/TMP/SUB" with user "Carol" with permissions <reshare_permissions> using the sharing API
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And as "Carol" folder "/Shares/SUB" should not exist
And the sharing API should report to user "Carol" that no shares are in the pending state
@@ -44,44 +44,44 @@ Feature: a subfolder of a received share can be reshared
| ocs_api_version | http_status_code | received_permissions | reshare_permissions |
# try to pass on more bits including reshare
| 1 | 200 | 17 | 19 |
| 2 | 404 | 17 | 19 |
| 2 | 403 | 17 | 19 |
| 1 | 200 | 17 | 21 |
| 2 | 404 | 17 | 21 |
| 2 | 403 | 17 | 21 |
| 1 | 200 | 17 | 23 |
| 2 | 404 | 17 | 23 |
| 2 | 403 | 17 | 23 |
| 1 | 200 | 17 | 31 |
| 2 | 404 | 17 | 31 |
| 2 | 403 | 17 | 31 |
| 1 | 200 | 19 | 23 |
| 2 | 404 | 19 | 23 |
| 2 | 403 | 19 | 23 |
| 1 | 200 | 19 | 31 |
| 2 | 404 | 19 | 31 |
| 2 | 403 | 19 | 31 |
# try to pass on more bits but not reshare
| 1 | 200 | 17 | 3 |
| 2 | 404 | 17 | 3 |
| 2 | 403 | 17 | 3 |
| 1 | 200 | 17 | 5 |
| 2 | 404 | 17 | 5 |
| 2 | 403 | 17 | 5 |
| 1 | 200 | 17 | 7 |
| 2 | 404 | 17 | 7 |
| 2 | 403 | 17 | 7 |
| 1 | 200 | 17 | 15 |
| 2 | 404 | 17 | 15 |
| 2 | 403 | 17 | 15 |
| 1 | 200 | 19 | 7 |
| 2 | 404 | 19 | 7 |
| 2 | 403 | 19 | 7 |
| 1 | 200 | 19 | 15 |
| 2 | 404 | 19 | 15 |
| 2 | 403 | 19 | 15 |
# try to pass on extra delete (including reshare)
| 1 | 200 | 17 | 25 |
| 2 | 404 | 17 | 25 |
| 2 | 403 | 17 | 25 |
| 1 | 200 | 19 | 27 |
| 2 | 404 | 19 | 27 |
| 2 | 403 | 19 | 27 |
| 1 | 200 | 23 | 31 |
| 2 | 404 | 23 | 31 |
| 2 | 403 | 23 | 31 |
# try to pass on extra delete (but not reshare)
| 1 | 200 | 17 | 9 |
| 2 | 404 | 17 | 9 |
| 2 | 403 | 17 | 9 |
| 1 | 200 | 19 | 11 |
| 2 | 404 | 19 | 11 |
| 2 | 403 | 19 | 11 |
| 1 | 200 | 23 | 15 |
| 2 | 404 | 23 | 15 |
| 2 | 403 | 23 | 15 |
@issue-2214
Scenario Outline: user is allowed to update reshare of a sub-folder with less permissions
@@ -123,7 +123,7 @@ Feature: a subfolder of a received share can be reshared
| 1 | 100 |
| 2 | 200 |
@issue-2214
@issue-2214 @skipOnRevaMaster
Scenario Outline: user is not allowed to update reshare of a sub-folder with more permissions
Given using OCS API version "<ocs_api_version>"
And user "Alice" has shared folder "/TMP" with user "Brian" with permissions "share,read"
@@ -132,7 +132,7 @@ Feature: a subfolder of a received share can be reshared
And user "Carol" has accepted share "/SUB" offered by user "Brian"
When user "Brian" updates the last share using the sharing API with
| permissions | all |
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And as "Carol" folder "/Shares/SUB" should exist
But user "Carol" should not be able to upload file "filesForUpload/textfile.txt" to "/Shares/SUB/textfile.txt"
@@ -141,4 +141,4 @@ Feature: a subfolder of a received share can be reshared
Examples:
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 404 |
| 2 | 403 |

6
tests/acceptance/features/coreApiShareReshareToShares3/reShareUpdate.feature
View File

@@ -46,7 +46,7 @@ Feature: sharing
| 1 | 100 |
| 2 | 200 |
@skipOnRevaMaster
Scenario Outline: do not allow update of reshare to exceed permissions
Given using OCS API version "<ocs_api_version>"
And user "Alice" has shared folder "/TMP" with user "Brian" with permissions "share,read"
@@ -55,13 +55,13 @@ Feature: sharing
And user "Carol" has accepted share "/TMP" offered by user "Brian"
When user "Brian" updates the last share using the sharing API with
| permissions | all |
Then the OCS status code should be "404"
Then the OCS status code should be "403"
And the HTTP status code should be "<http_status_code>"
And user "Carol" should not be able to upload file "filesForUpload/textfile.txt" to "Shares/TMP/textfile.txt"
Examples:
| ocs_api_version | http_status_code |
| 1 | 200 |
| 2 | 404 |
| 2 | 403 |
Scenario Outline: update of user reshare by the original share owner can increase permissions up to the permissions of the top-level share

6
vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/public.go generated vendored
View File

@@ -161,9 +161,9 @@ func (h *Handler) createPublicLinkShare(w http.ResponseWriter, r *http.Request,
}
if !sufficientPermissions(statInfo.PermissionSet, permissions, true) {
response.WriteOCSError(w, r, http.StatusNotFound, "no share permission", nil)
response.WriteOCSError(w, r, http.StatusForbidden, "no share permission", nil)
return nil, &ocsError{
Code: http.StatusNotFound,
Code: http.StatusForbidden,
Message: "Cannot set the requested share permissions",
Error: errors.New("cannot set the requested share permissions"),
}
@@ -417,7 +417,7 @@ func (h *Handler) updatePublicShare(w http.ResponseWriter, r *http.Request, shar
// empty permissions mean internal link here - NOT denial. Hence we need an extra check
if !sufficientPermissions(statRes.Info.PermissionSet, newPermissions, true) {
response.WriteOCSError(w, r, http.StatusNotFound, "no share permission", nil)
response.WriteOCSError(w, r, http.StatusForbidden, "no share permission", nil)
return
}

8
vendor/github.com/cs3org/reva/v2/internal/http/services/owncloud/ocs/handlers/apps/sharing/shares/shares.go generated vendored
View File

@@ -232,7 +232,7 @@ func (h *Handler) CreateShare(w http.ResponseWriter, r *http.Request) {
case rpc.Code_CODE_NOT_FOUND:
response.WriteOCSData(w, r, response.MetaPathNotFound, nil, nil)
case rpc.Code_CODE_PERMISSION_DENIED:
response.WriteOCSError(w, r, http.StatusNotFound, "No share permission", nil)
response.WriteOCSError(w, r, http.StatusForbidden, "No share permission", nil)
default:
sublog.Error().Interface("status", statRes.Status).Msg("CreateShare: stat failed")
w.WriteHeader(http.StatusInternalServerError)
@@ -250,7 +250,7 @@ func (h *Handler) CreateShare(w http.ResponseWriter, r *http.Request) {
// check user has share permissions
if !conversions.RoleFromResourcePermissions(statRes.Info.PermissionSet, false).OCSPermissions().Contain(conversions.PermissionShare) {
response.WriteOCSError(w, r, http.StatusNotFound, "No share permission", nil)
response.WriteOCSError(w, r, http.StatusForbidden, "No share permission", nil)
return
}
@@ -298,7 +298,7 @@ func (h *Handler) CreateShare(w http.ResponseWriter, r *http.Request) {
// public links default to read only
_, _, ocsErr := h.extractPermissions(reqRole, reqPermissions, statRes.Info, conversions.NewViewerRole(h.resharing))
if ocsErr != nil && ocsErr.Error != conversions.ErrZeroPermission {
response.WriteOCSError(w, r, http.StatusNotFound, "No share permission", nil)
response.WriteOCSError(w, r, http.StatusForbidden, "No share permission", nil)
return
}
share, ocsErr := h.createPublicLinkShare(w, r, statRes.Info)
@@ -459,7 +459,7 @@ func (h *Handler) extractPermissions(reqRole string, reqPermissions string, ri *
if !sufficientPermissions(ri.PermissionSet, role.CS3ResourcePermissions(), false) && role.Name != conversions.RoleDenied {
return nil, nil, &ocsError{
Code: http.StatusNotFound,
Code: http.StatusForbidden,
Message: "Cannot set the requested share permissions",
Error: errors.New("cannot set the requested share permissions"),
}

2
vendor/modules.txt vendored
View File

@@ -352,7 +352,7 @@ github.com/cs3org/go-cs3apis/cs3/storage/provider/v1beta1
github.com/cs3org/go-cs3apis/cs3/storage/registry/v1beta1
github.com/cs3org/go-cs3apis/cs3/tx/v1beta1
github.com/cs3org/go-cs3apis/cs3/types/v1beta1
# github.com/cs3org/reva/v2 v2.15.1-0.20230731061316-db79e9b61738
# github.com/cs3org/reva/v2 v2.15.1-0.20230731062052-2c2e370980e0
## explicit; go 1.20
github.com/cs3org/reva/v2/cmd/revad/internal/grace
github.com/cs3org/reva/v2/cmd/revad/runtime