open-dsi
/
onlyoffice-nextcloud
mirror of https://github.com/ONLYOFFICE/onlyoffice-nextcloud
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
The app which enables the users to edit office documents from Nextcloud using ONLYOFFICE Document Server, allows multiple users to collaborate in real time and to save back those changes to Nextcloud
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3009 Commits
24 Branches
91 Tags
23 MiB
 
 
 
 
 
Tag: Branch: Tree: develop
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'develop'
${ noResults }
onlyoffice-nextcloud/lib/ExtraPermissions.php

403 lines
13 KiB
Raw Permalink Blame History

<?php
/*
* Copyright (C) Ascensio System SIA, 2009-2026
*
* This program is a free software product. You can redistribute it and/or
* modify it under the terms of the GNU Affero General Public License (AGPL)
* version 3 as published by the Free Software Foundation, together with the
* additional terms provided in the LICENSE file.
*
* This program is distributed WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For
* details, see the GNU AGPL at: https://www.gnu.org/licenses/agpl-3.0.html
*
* You can contact Ascensio System SIA by email at info@onlyoffice.com
* or by postal mail at 20A-6 Ernesta Birznieka-Upisha Street, Riga,
* LV-1050, Latvia, European Union.
*
* The interactive user interfaces in modified versions of the Program
* are required to display Appropriate Legal Notices in accordance with
* Section 5 of the GNU AGPL version 3.
*
* No trademark rights are granted under this License.
*
* All non-code elements of the Product, including illustrations,
* icon sets, and technical writing content, are licensed under the
* Creative Commons Attribution-ShareAlike 4.0 International License:
* https://creativecommons.org/licenses/by-sa/4.0/legalcode
*
* This license applies only to such non-code elements and does not
* modify or replace the licensing terms applicable to the Program's
* source code, which remains licensed under the GNU Affero General
* Public License v3.
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OCA\Onlyoffice;
use OCA\Talk\Manager as TalkManager;
use OCP\Constants;
use OCP\IAppConfig;
use OCP\IDBConnection;
use OCP\Share\Exceptions\ShareNotFound;
use OCP\Share\IManager;
use OCP\Share\IShare;
use Psr\Log\LoggerInterface;
/**
* Class expands base permissions
*
* @package OCA\Onlyoffice
*/
class ExtraPermissions {
/**
* Table name
*/
private const TABLENAME_KEY = "onlyoffice_permissions";
/**
* Extra permission values
*
* @var integer
*/
public const NONE = 0;
public const REVIEW = 1;
public const COMMENT = 2;
public const FILLFORMS = 4;
public const MODIFYFILTER = 8;
public function __construct(
private readonly LoggerInterface $logger,
private readonly IManager $shareManager,
private readonly IAppConfig $config,
private readonly AppConfig $appConfig,
private readonly IDBConnection $connection,
private readonly ?TalkManager $talkManager,
) {}
/**
* Get extra permissions by shareId
*/
public function getExtra(string $shareId): ?array {
$share = $this->getShare($shareId);
if (!$share instanceof IShare) {
return null;
}
$shareId = $share->getId();
$extra = $this->get($shareId);
$wasInit = isset($extra["permissions"]);
$checkExtra = $wasInit ? (int)$extra["permissions"] : self::NONE;
[$availableExtra, $defaultPermissions] = $this->validation($share, $checkExtra, $wasInit);
if ($availableExtra === 0
|| ($availableExtra & $checkExtra) !== $checkExtra) {
if (!empty($extra)) {
$this->delete($shareId);
}
$this->logger->debug("Share " . $shareId . " does not support extra permissions");
return null;
}
if (empty($extra)) {
$extra["id"] = -1;
$extra["share_id"] = $share->getId();
$extra["permissions"] = $defaultPermissions;
}
$extra["type"] = $share->getShareType();
$extra["shareWith"] = $share->getSharedWith();
$extra["shareWithName"] = $share->getSharedWithDisplayName();
$extra["available"] = $availableExtra;
return $extra;
}
/**
* Get list extra permissions by shares
*/
public function getExtras(array $shares): array {
$result = [];
$shareIds = [];
foreach ($shares as $share) {
$shareIds[] = $share->getId();
}
if (empty($shareIds)) {
return $result;
}
$extras = $this->getList($shareIds);
$noActualList = [];
foreach ($shares as $share) {
$currentExtra = [];
foreach ($extras as $extra) {
if ($extra["share_id"] === $share->getId()) {
$currentExtra = $extra;
}
}
$wasInit = isset($currentExtra["permissions"]);
$checkExtra = $wasInit ? (int)$currentExtra["permissions"] : self::NONE;
[$availableExtra, $defaultPermissions] = $this->validation($share, $checkExtra, $wasInit);
if (($availableExtra === 0 || ($availableExtra & $checkExtra) !== $checkExtra) && !empty($currentExtra)) {
$noActualList[] = $share->getId();
$currentExtra = [];
}
if ($availableExtra > 0) {
if (empty($currentExtra)) {
$currentExtra["id"] = -1;
$currentExtra["share_id"] = $share->getId();
$currentExtra["permissions"] = $defaultPermissions;
}
$currentExtra["type"] = $share->getShareType();
$currentExtra["shareWith"] = $share->getSharedWith();
$currentExtra["shareWithName"] = $share->getSharedWithDisplayName();
$currentExtra["available"] = $availableExtra;
if ($currentExtra["type"] === IShare::TYPE_ROOM && $this->talkManager !== null) {
$rooms = $this->talkManager->searchRoomsByToken($currentExtra["shareWith"]);
if (!empty($rooms)) {
$room = $rooms[0];
$currentExtra["shareWith"] = $room->getName();
$currentExtra["shareWithName"] = $room->getName();
}
}
$result[] = $currentExtra;
}
}
if (!empty($noActualList)) {
$this->deleteList($noActualList);
}
return $result;
}
/**
* Get extra permissions by share
*
* @param string $shareId - share identifier
* @param integer $permissions - extra permissions bitmask
* @param integer $extraId - extra permission identifier
*
* @return bool
*/
public function setExtra(string $shareId, int $permissions, int $extraId): bool {
$result = false;
$share = $this->getShare($shareId);
if (!$share instanceof IShare) {
return $result;
}
[$availableExtra, $defaultPermissions] = $this->validation($share, $permissions);
if (($availableExtra & $permissions) !== $permissions) {
$this->logger->debug("Share " . $shareId . " does not available to extend permissions");
return $result;
}
$result = $extraId > 0 ? $this->update($share->getId(), $permissions) : $this->insert($share->getId(), $permissions);
return $result;
}
/**
* Delete extra permissions for share
*/
public function delete(string $shareId): bool {
$delete = $this->connection->prepare("
DELETE FROM `*PREFIX*" . self::TABLENAME_KEY . "`
WHERE `share_id` = ?
");
return (bool)$delete->execute([$shareId]);
}
/**
* Delete list extra permissions
*
* @param array $shareIds - array of share identifiers
*/
public function deleteList(array $shareIds): bool {
$condition = "";
if (count($shareIds) > 1) {
$counter = count($shareIds);
for ($i = 1; $i < $counter; $i++) {
$condition .= " OR `share_id` = ?";
}
}
$delete = $this->connection->prepare("
DELETE FROM `*PREFIX*" . self::TABLENAME_KEY . "`
WHERE `share_id` = ?
" . $condition);
return (bool)$delete->execute($shareIds);
}
/**
* Get extra permissions for share
*/
private function get(string $shareId): array {
$select = $this->connection->prepare("
SELECT id, share_id, permissions
FROM `*PREFIX*" . self::TABLENAME_KEY . "`
WHERE `share_id` = ?
");
$result = $select->execute([$shareId]);
$values = $result->fetch();
$value = is_array($values) ? $values : [];
$result = [];
if (!empty($value)) {
$result = [
"id" => (int)$value["id"],
"share_id" => (string)$value["share_id"],
"permissions" => (int)$value["permissions"]
];
}
return $result;
}
/**
* Get list extra permissions
*/
private function getList(array $shareIds): array {
$condition = "";
if (count($shareIds) > 1) {
$counter = count($shareIds);
for ($i = 1; $i < $counter; $i++) {
$condition .= " OR `share_id` = ?";
}
}
$select = $this->connection->prepare("
SELECT id, share_id, permissions
FROM `*PREFIX*" . self::TABLENAME_KEY . "`
WHERE `share_id` = ?
" . $condition);
$result = $select->execute($shareIds);
$values = $result->fetchAll();
$result = [];
if (is_array($values)) {
foreach ($values as $value) {
$result[] = [
"id" => (int)$value["id"],
"share_id" => (string)$value["share_id"],
"permissions" => (int)$value["permissions"]
];
}
}
return $result;
}
/**
* Store extra permissions for share
*
* @param string $shareId - share identifier
* @param integer $permissions - permissions bitmask
*/
private function insert(string $shareId, int $permissions): bool {
$insert = $this->connection->prepare("
INSERT INTO `*PREFIX*" . self::TABLENAME_KEY . "`
(`share_id`, `permissions`)
VALUES (?, ?)
");
return (bool)$insert->execute([$shareId, $permissions]);
}
/**
* Update extra permissions for share
*
* @param string $shareId - share identifier
* @param int $permissions - permissions bitmask
*/
private function update(string $shareId, int $permissions): bool {
$update = $this->connection->prepare("
UPDATE `*PREFIX*" . self::TABLENAME_KEY . "`
SET `permissions` = ?
WHERE `share_id` = ?
");
return (bool)$update->execute([$permissions, $shareId]);
}
/**
* Validation share on extend capability by extra permissions
*
* @param IShare $share - share
* @param int $checkExtra - checkable extra permissions bitmask
* @param bool $wasInit - was initialization extra
*/
private function validation(IShare $share, int $checkExtra, bool $wasInit = true): array {
$availableExtra = self::NONE;
$defaultExtra = self::NONE;
if ($share->getShareType() !== IShare::TYPE_LINK
&& ($share->getPermissions() & Constants::PERMISSION_SHARE) === Constants::PERMISSION_SHARE
&& $this->config->getValueString('core', 'shareapi_allow_resharing', 'yes') === 'yes') {
return [$availableExtra, $defaultExtra];
}
$node = $share->getNode();
$ext = strtolower(pathinfo((string) $node->getName(), PATHINFO_EXTENSION));
$format = !empty($ext) && array_key_exists($ext, $this->appConfig->formatsSetting()) ? $this->appConfig->formatsSetting()[$ext] : null;
if (!isset($format)) {
return [$availableExtra, $defaultExtra];
}
if (($share->getPermissions() & Constants::PERMISSION_UPDATE) === Constants::PERMISSION_UPDATE) {
if (isset($format["modifyFilter"]) && $format["modifyFilter"]
&& ($checkExtra & self::COMMENT) !== self::COMMENT) {
$availableExtra |= self::MODIFYFILTER;
$defaultExtra |= self::MODIFYFILTER;
}
if (isset($format["review"]) && $format["review"]) {
$availableExtra |= self::REVIEW;
}
if (isset($format["comment"]) && $format["comment"]
&& ($checkExtra & self::REVIEW) !== self::REVIEW
&& (($checkExtra & self::MODIFYFILTER) !== self::MODIFYFILTER)) {
$availableExtra |= self::COMMENT;
}
if (isset($format["fillForms"]) && $format["fillForms"]
&& ($checkExtra & self::REVIEW) !== self::REVIEW) {
$availableExtra |= self::FILLFORMS;
}
if (!$wasInit && ($defaultExtra & self::MODIFYFILTER) === self::MODIFYFILTER) {
$availableExtra ^= self::COMMENT;
}
}
return [$availableExtra, $defaultExtra];
}
/**
* Get origin share
*/
private function getShare(string $shareId): ?IShare {
foreach (["ocinternal", "ocRoomShare", "ocCircleShare"] as $provider) {
try {
return $this->shareManager->getShareById("$provider:$shareId");
} catch (ShareNotFound) {}
}
$this->logger->error("getShare: share not found: $shareId");
return null;
}
}