Check share restrictions on one to one conversation

Signed-off-by: Vitor Mattos <vitor@php.rio>
4 years ago · c756413574
2 changed files with 38 additions and 0 deletions
--- a/lib/Service/RoomService.php
+++ b/lib/Service/RoomService.php
@ -32,6 +32,7 @@ use OCA\Talk\Participant;
 use OCA\Talk\Room;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\IUser;
+use OCP\Share\IManager as IShareManager;

 class RoomService {

@ -39,14 +40,18 @@ class RoomService {
 	protected $manager;
 	/** @var ParticipantService */
 	protected $participantService;
+	/** @var IShareManager */
+	protected $shareManager;
 	/** @var IEventDispatcher */
 	private $dispatcher;

 	public function __construct(Manager $manager,
 								ParticipantService $participantService,
+								IShareManager $shareManager,
 								IEventDispatcher $dispatcher) {
 		$this->manager = $manager;
 		$this->participantService = $participantService;
+		$this->shareManager = $shareManager;
 		$this->dispatcher = $dispatcher;
 	}

@ -66,6 +71,10 @@ class RoomService {
 			$room = $this->manager->getOne2OneRoom($actor->getUID(), $targetUser->getUID());
 			$this->participantService->ensureOneToOneRoomIsFilled($room);
 		} catch (RoomNotFoundException $e) {
+			if (!$this->shareManager->currentUserCanEnumerateTargetUser($actor, $targetUser)) {
+				throw new RoomNotFoundException();
+			};
+
 			$users = [$actor->getUID(), $targetUser->getUID()];
 			sort($users);
 			$room = $this->manager->createRoom(Room::TYPE_ONE_TO_ONE, json_encode($users));
--- a/tests/php/Service/RoomServiceTest.php
+++ b/tests/php/Service/RoomServiceTest.php
@ -32,6 +32,7 @@ use OCA\Talk\Service\ParticipantService;
 use OCA\Talk\Service\RoomService;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\IUser;
+use OCP\Share\IManager as IShareManager;
 use PHPUnit\Framework\MockObject\MockObject;
 use Test\TestCase;

@ -41,6 +42,8 @@ class RoomServiceTest extends TestCase {
 	protected $manager;
 	/** @var ParticipantService|MockObject */
 	protected $participantService;
+	/** @var IShareManager|MockObject */
+	protected $shareManager;
 	/** @var IEventDispatcher|MockObject */
 	protected $dispatcher;
 	/** @var RoomService */
@ -52,10 +55,12 @@ class RoomServiceTest extends TestCase {

 		$this->manager = $this->createMock(Manager::class);
 		$this->participantService = $this->createMock(ParticipantService::class);
+		$this->shareManager = $this->createMock(IShareManager::class);
 		$this->dispatcher = $this->createMock(IEventDispatcher::class);
 		$this->service = new RoomService(
 			$this->manager,
 			$this->participantService,
+			$this->shareManager,
 			$this->dispatcher
 		);
 	}
@ -70,6 +75,25 @@ class RoomServiceTest extends TestCase {
 		$this->service->createOneToOneConversation($user, $user);
 	}

+	public function testCreateOneToOneConversationWithNotCurrentUserCanEnumerateTargetUser(): void {
+		$user1 = $this->createMock(IUser::class);
+		$user1->method('getUID')
+			->willReturn('uid1');
+		$user2 = $this->createMock(IUser::class);
+		$user2->method('getUID')
+			->willReturn('uid2');
+
+		$this->expectException(RoomNotFoundException::class);
+		$this->shareManager
+			->expects($this->once())
+			->method('currentUserCanEnumerateTargetUser')
+			->willReturn(false);
+		$this->manager
+			->method('getOne2OneRoom')
+			->willThrowException(new RoomNotFoundException());
+		$this->service->createOneToOneConversation($user1, $user2);
+	}
+
 	public function testCreateOneToOneConversationAlreadyExists(): void {
 		$user1 = $this->createMock(IUser::class);
 		$user1->method('getUID')
@ -103,6 +127,11 @@ class RoomServiceTest extends TestCase {
 		$user2->method('getDisplayName')
 			->willReturn('display-2');

+		$this->shareManager
+			->expects($this->once())
+			->method('currentUserCanEnumerateTargetUser')
+			->willReturn(true);
+
 		$room = $this->createMock(Room::class);
 		$this->participantService->expects($this->once())
 			->method('addUsers')