From c756413574a9dfc86770e166cdd50b838ef89be4 Mon Sep 17 00:00:00 2001 From: Vitor Mattos Date: Wed, 24 Nov 2021 09:11:30 -0300 Subject: [PATCH] Check share restrictions on one to one conversation Signed-off-by: Vitor Mattos --- lib/Service/RoomService.php | 9 +++++++++ tests/php/Service/RoomServiceTest.php | 29 +++++++++++++++++++++++++++ 2 files changed, 38 insertions(+) diff --git a/lib/Service/RoomService.php b/lib/Service/RoomService.php index f54544b18c..5a8c45e1bb 100644 --- a/lib/Service/RoomService.php +++ b/lib/Service/RoomService.php @@ -32,6 +32,7 @@ use OCA\Talk\Participant; use OCA\Talk\Room; use OCP\EventDispatcher\IEventDispatcher; use OCP\IUser; +use OCP\Share\IManager as IShareManager; class RoomService { @@ -39,14 +40,18 @@ class RoomService { protected $manager; /** @var ParticipantService */ protected $participantService; + /** @var IShareManager */ + protected $shareManager; /** @var IEventDispatcher */ private $dispatcher; public function __construct(Manager $manager, ParticipantService $participantService, + IShareManager $shareManager, IEventDispatcher $dispatcher) { $this->manager = $manager; $this->participantService = $participantService; + $this->shareManager = $shareManager; $this->dispatcher = $dispatcher; } @@ -66,6 +71,10 @@ class RoomService { $room = $this->manager->getOne2OneRoom($actor->getUID(), $targetUser->getUID()); $this->participantService->ensureOneToOneRoomIsFilled($room); } catch (RoomNotFoundException $e) { + if (!$this->shareManager->currentUserCanEnumerateTargetUser($actor, $targetUser)) { + throw new RoomNotFoundException(); + }; + $users = [$actor->getUID(), $targetUser->getUID()]; sort($users); $room = $this->manager->createRoom(Room::TYPE_ONE_TO_ONE, json_encode($users)); diff --git a/tests/php/Service/RoomServiceTest.php b/tests/php/Service/RoomServiceTest.php index 82ab7e79cb..c373d23828 100644 --- a/tests/php/Service/RoomServiceTest.php +++ b/tests/php/Service/RoomServiceTest.php @@ -32,6 +32,7 @@ use OCA\Talk\Service\ParticipantService; use OCA\Talk\Service\RoomService; use OCP\EventDispatcher\IEventDispatcher; use OCP\IUser; +use OCP\Share\IManager as IShareManager; use PHPUnit\Framework\MockObject\MockObject; use Test\TestCase; @@ -41,6 +42,8 @@ class RoomServiceTest extends TestCase { protected $manager; /** @var ParticipantService|MockObject */ protected $participantService; + /** @var IShareManager|MockObject */ + protected $shareManager; /** @var IEventDispatcher|MockObject */ protected $dispatcher; /** @var RoomService */ @@ -52,10 +55,12 @@ class RoomServiceTest extends TestCase { $this->manager = $this->createMock(Manager::class); $this->participantService = $this->createMock(ParticipantService::class); + $this->shareManager = $this->createMock(IShareManager::class); $this->dispatcher = $this->createMock(IEventDispatcher::class); $this->service = new RoomService( $this->manager, $this->participantService, + $this->shareManager, $this->dispatcher ); } @@ -70,6 +75,25 @@ class RoomServiceTest extends TestCase { $this->service->createOneToOneConversation($user, $user); } + public function testCreateOneToOneConversationWithNotCurrentUserCanEnumerateTargetUser(): void { + $user1 = $this->createMock(IUser::class); + $user1->method('getUID') + ->willReturn('uid1'); + $user2 = $this->createMock(IUser::class); + $user2->method('getUID') + ->willReturn('uid2'); + + $this->expectException(RoomNotFoundException::class); + $this->shareManager + ->expects($this->once()) + ->method('currentUserCanEnumerateTargetUser') + ->willReturn(false); + $this->manager + ->method('getOne2OneRoom') + ->willThrowException(new RoomNotFoundException()); + $this->service->createOneToOneConversation($user1, $user2); + } + public function testCreateOneToOneConversationAlreadyExists(): void { $user1 = $this->createMock(IUser::class); $user1->method('getUID') @@ -103,6 +127,11 @@ class RoomServiceTest extends TestCase { $user2->method('getDisplayName') ->willReturn('display-2'); + $this->shareManager + ->expects($this->once()) + ->method('currentUserCanEnumerateTargetUser') + ->willReturn(true); + $room = $this->createMock(Room::class); $this->participantService->expects($this->once()) ->method('addUsers')