mirror of https://github.com/nextcloud/bookmarks
Merge branch 'master' into stable
This commit is contained in:
commit
06a56bb54d
|
@ -4,6 +4,12 @@ All notable changes to this project will be documented in this file.
|
|||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||
|
||||
## [13.1.3] - 2023-12-18
|
||||
|
||||
### Fixes
|
||||
|
||||
* fix(Authorizer)
|
||||
|
||||
## [13.1.2] - 2023-12-14
|
||||
|
||||
### Fixed
|
||||
|
|
2
Makefile
2
Makefile
|
@ -7,7 +7,7 @@ source_dir=$(build_dir)/source
|
|||
sign_dir=$(build_dir)/sign
|
||||
package_name=$(app_name)
|
||||
cert_dir=$(HOME)/.nextcloud/certificates
|
||||
version+=13.1.2
|
||||
version+=13.1.3
|
||||
|
||||
all: dev-setup build-js-production composer-no-dev
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ Requirements:
|
|||
- mbstring: *
|
||||
- when using MySQL, use at least v8.0
|
||||
]]></description>
|
||||
<version>13.1.2</version>
|
||||
<version>13.1.3</version>
|
||||
<licence>agpl</licence>
|
||||
<author mail="mklehr@gmx.net">Marcel Klehr</author>
|
||||
<author mail="blizzz@arthur-schiwon.de" homepage="https://www.arthur-schiwon.de">Arthur Schiwon</author>
|
||||
|
|
|
@ -247,8 +247,8 @@ class FoldersController extends ApiController {
|
|||
* @PublicPage
|
||||
*/
|
||||
public function removeFromFolder($folderId, $bookmarkId): JSONResponse {
|
||||
if (!Authorizer::hasPermission(Authorizer::PERM_WRITE, $this->authorizer->getPermissionsForFolder($folderId, $this->request)) &&
|
||||
!Authorizer::hasPermission(Authorizer::PERM_EDIT, $this->authorizer->getPermissionsForFolder($bookmarkId, $this->request))) {
|
||||
if (!Authorizer::hasPermission(Authorizer::PERM_WRITE, $this->authorizer->getPermissionsForFolder($folderId, $this->request)) ||
|
||||
!Authorizer::hasPermission(Authorizer::PERM_EDIT, $this->authorizer->getPermissionsForBookmark($bookmarkId, $this->request))) {
|
||||
return new JSONResponse(['status' => 'error', 'data' => 'Unauthorized'], Http::STATUS_FORBIDDEN);
|
||||
}
|
||||
try {
|
||||
|
|
|
@ -263,7 +263,7 @@ class Authorizer {
|
|||
if ($share->getFolderId() === $itemId && $type === TreeMapper::TYPE_FOLDER) {
|
||||
// If the sought folder is the root folder of the share, we give EDIT permissions + optionally RESHARE
|
||||
// because the user can edit the shared folder
|
||||
$perms = $this->getMaskFromFlags(true, $share->getCanShare()) | self::PERM_EDIT;
|
||||
$perms = $this->getMaskFromFlags($share->getCanWrite(), $share->getCanShare()) | self::PERM_EDIT;
|
||||
} elseif ($this->treeMapper->hasDescendant($share->getFolderId(), $type, $itemId)) {
|
||||
$perms = $this->getMaskFromFlags($share->getCanWrite(), $share->getCanShare());
|
||||
} else {
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
"name": "bookmarks",
|
||||
"version": "13.1.2",
|
||||
"version": "13.1.3",
|
||||
"main": "js/index.js",
|
||||
"scripts": {
|
||||
"build": "webpack --node-env production --progress --config webpack.js",
|
||||
|
|
|
@ -100,8 +100,7 @@
|
|||
{{ !$store.state.public? t('bookmarks', 'The RSS feed requires authentication with your Nextcloud credentials') : '' }}
|
||||
</NcActionButton>
|
||||
</NcActions>
|
||||
<NcTextField
|
||||
:value.sync="search"
|
||||
<NcTextField :value.sync="search"
|
||||
:label="t('bookmarks','Search')"
|
||||
:placeholder="t('bookmarks','Search')"
|
||||
class="inline-search"
|
||||
|
|
|
@ -234,9 +234,9 @@ class FolderControllerTest extends TestCase {
|
|||
* @throws \OCA\Bookmarks\Exception\UnsupportedOperation
|
||||
* @throws \OCP\AppFramework\Db\DoesNotExistException
|
||||
*/
|
||||
public function setupSharedFolder() {
|
||||
public function setupSharedFolder($canWrite = true, $canShare = false) {
|
||||
$this->authorizer->setUserId($this->userId);
|
||||
$this->share = $this->folders->createShare($this->folder1->getId(), $this->otherUser, \OCP\Share\IShare::TYPE_USER, true, false);
|
||||
$this->share = $this->folders->createShare($this->folder1->getId(), $this->otherUser, \OCP\Share\IShare::TYPE_USER, $canWrite, $canShare);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -887,6 +887,27 @@ class FolderControllerTest extends TestCase {
|
|||
$this->assertEquals('error', $data['status'], var_export($data, true));
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws AlreadyExistsError
|
||||
* @throws UrlParseError
|
||||
* @throws UserLimitExceededError
|
||||
* @throws \OCP\AppFramework\Db\DoesNotExistException
|
||||
* @throws MultipleObjectsReturnedException
|
||||
* @dataProvider shareCanWriteDataProvider
|
||||
*/
|
||||
public function testDeleteFromSharedFolder(bool $canWrite): void {
|
||||
$this->setupBookmarks();
|
||||
$this->setupSharedFolder($canWrite);
|
||||
$this->authorizer->setUserId($this->otherUserId);
|
||||
$output = $this->otherController->removeFromFolder($this->folder1->getId(), $this->bookmark1Id);
|
||||
$data = $output->getData();
|
||||
if ($canWrite) {
|
||||
$this->assertEquals('success', $data['status'], var_export($data, true));
|
||||
} else {
|
||||
$this->assertEquals('error', $data['status'], var_export($data, true));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws AlreadyExistsError
|
||||
* @throws UrlParseError
|
||||
|
|
Loading…
Reference in New Issue