Add a test for hidden upload sharing

api/tests/Vfs/SharingACLTest.php

@@ -62,7 +62,7 @@ class SharingACLTest extends SharingBase
 		}
 	}
 
-	public function setupShare(&$dir)
+	public function setupShare(&$dir, $extra = array(), $create = 'createShare')
 	{
 		// First, create the files to be shared
 		$this->files[] = $dir = Vfs::get_home_dir() . '/share/';
@@ -77,10 +77,9 @@ class SharingACLTest extends SharingBase
 		);
 
 		// Create and use link
-		$extra = array();
 		$this->getShareExtra($dir, Sharing::READONLY, $extra);
 
-		$share = $this->createShare($dir, Sharing::READONLY, $extra);
+		$share = call_user_func([$this,$create],$dir, Sharing::READONLY, $extra);
 		$link = Vfs\Sharing::share2link($share);
 
 		// Now log out and log in as someone else
@@ -92,6 +91,32 @@ class SharingACLTest extends SharingBase
 		return $link;
 	}
 
+	/**
+	 * Create a hidden upload share
+	 *
+	 * @param $path
+	 * @param $mode
+	 * @param array $extra
+	 * @return array
+	 * @throws \EGroupware\Api\Exception\AssertionFailed
+	 */
+	protected function createHiddenUploadShare($path, $mode, $extra = array())
+	{
+		// Make sure the path is there
+		if(!Vfs::is_readable($path))
+		{
+			$this->assertTrue(
+					Vfs::is_dir($path) ? Vfs::mkdir($path,0750,true) : Vfs::touch($path),
+					"Share path $path does not exist"
+			);
+		}
+
+		// Create share
+		$this->shares[] = $share = TestHiddenSharing::create('', $path, $mode, $name, $recipients, $extra);
+
+		return $share;
+	}
+
 	/**
 	 * Test that a share of a directory only gives access to that directory, and any other
 	 * directories that the sharer has are unavailable
@@ -125,7 +150,7 @@ class SharingACLTest extends SharingBase
 		$data = array();
 		$form = $this->getShare($link, $data, true);
 		$this->assertNotNull($form, "Could not read the share link");
-		$rows = $data->data->content->nm->rows;
+		$rows = array_values($data['data']['content']['nm']['rows']);
 
 		$post_mount_vfs = Vfs::mount();
 		//$post_files = Vfs::find('/', $vfs_options);
@@ -140,7 +165,7 @@ class SharingACLTest extends SharingBase
 
 		// Check we can't find the non-shared file in results
 		$result = array_filter($rows, function($v) {
-			return $v->name == $this->no_access;
+			return $v['name'] == $this->no_access;
 		});
 		$this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})");
 
@@ -171,7 +196,7 @@ class SharingACLTest extends SharingBase
 		$data = array();
 		$form = $this->getShare($link, $data, false);
 		$this->assertNotNull($form, "Could not read the share link");
-		$rows = $data->data->content->nm->rows;
+		$rows = $data['data']['content']['nm']['rows'];
 
 		Vfs::clearstatcache();
 		Vfs::init_static();
@@ -179,7 +204,7 @@ class SharingACLTest extends SharingBase
 
 		// Check we can't find the non-shared file
 		$result = array_filter($rows, function($v) {
-			return $v->name == $this->no_access;
+			return $v['name'] == $this->no_access;
 		});
 		$this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})");
 
@@ -189,6 +214,51 @@ class SharingACLTest extends SharingBase
 		$this->checkNextmatch($dir, array_diff($this->files, [$this->no_access, $dir."sub_dir/subdir_test_file.txt"]), $rows);
 	}
 
+
+	/**
+	 * Test that a share of a directory with hidden upload subdirectory only gives access to that directory,
+	 * and the upload directory as well as any other directories that the sharer has are unavailable
+	 *
+	 * This checks from one logged in user to anonymous with a new session
+	 */
+	public function testShareHiddenUploadNewSession()
+	{
+		$dir = '';
+		$link = $this->setupShare($dir, [], 'createHiddenUploadShare');
+
+		// Now follow the link - this _should_ be enough to get it added
+		//$mimetype = Vfs::mime_content_type($dir);
+		//$this->checkSharedFile($link, $mimetype);
+
+		// Read the etemplate
+		$data = array();
+		$form = $this->getShare($link, $data, false);
+		$this->assertNotNull($form, "Could not read the share link");
+		$rows = array_values($data['data']['content']['nm']['rows']);
+
+		Vfs::clearstatcache();
+		Vfs::init_static();
+		Vfs\StreamWrapper::init_static();
+
+		// Check we can't find the non-shared file
+		$result = array_filter($rows, function($v) {
+			return $v['name'] == $this->no_access;
+		});
+		$this->assertEmpty($result, "Found the file we shouldn't have access to ({$this->no_access})");
+
+		// Test that we can't see the hidden upload directory
+		$result = array_filter($rows, function($v) {
+			return $v['name'] == 'Upload';
+		});
+		$this->assertEmpty($result, "Hidden upload directory is visible");
+
+
+		// Check that we can find the shared file(s) in the form / nm list
+		// Don't test the no-access one (done above), and no good way to get the sub-dir file either,
+		// since nm only has top-level files and we can't switch the filter
+		$this->checkNextmatch($dir, array_diff($this->files, [$this->no_access, $dir."sub_dir/subdir_test_file.txt"]), $rows);
+	}
+
 	/**
 	 * Check the nextmatch rows to see if all the expected files (in the given directory) are present
 	 *
@@ -207,7 +277,7 @@ class SharingACLTest extends SharingBase
 				$relative_file = substr($relative_file, 0, -1);
 			}
 			$result = array_filter($rows, function($v) use ($relative_file) {
-				return $v->name == $relative_file;
+				return $v['name'] == $relative_file;
 			});
 			$this->assertNotEmpty($result, "Couldn't find shared file '$file'");
 		}

api/tests/Vfs/SharingBase.php

@@ -623,10 +623,14 @@ class SharingBase extends LoggedInTest
 		$curl = curl_init($link);
 		curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
 		curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
+
+		// Setting this lets us debug the request too
+		$cookie = 'XDEBUG_SESSION=PHPSTORM';
 		if($keep_session)
 		{
-			curl_setopt($curl, CURLOPT_COOKIE, "XDEBUG_SESSION=PHPSTORM;".Api\Session::EGW_SESSION_NAME."={$GLOBALS['egw']->session->sessionid};kp3={$GLOBALS['egw']->session->kp3}");
+			 $cookie .= ';'.Api\Session::EGW_SESSION_NAME."={$GLOBALS['egw']->session->sessionid};kp3={$GLOBALS['egw']->session->kp3}";
 		}
+		curl_setopt($curl, CURLOPT_COOKIE, $cookie);
 		$html = curl_exec($curl);
 		curl_close($curl);
 
@@ -652,7 +656,7 @@ class SharingBase extends LoggedInTest
 			}
 		}
 		$this->assertNotNull($form, "Didn't find template in response");
-		$data = json_decode($form->getAttribute('data-etemplate'));
+		$data = json_decode($form->getAttribute('data-etemplate'), true);
 
 		return $form;
 	}
@@ -710,3 +714,30 @@ class TestSharing extends Api\Vfs\Sharing {
 	}
 }
 }
+
+/**
+ * Use this class for sharing so we can make sure we get a session ID, even
+ * though we're on the command line
+ */
+if(!class_exists('TestHiddenSharing'))
+{
+	class TestHiddenSharing extends Api\Vfs\HiddenUploadSharing {
+
+		public static function create_new_session()
+		{
+			if (!($sessionid = $GLOBALS['egw']->session->create('anonymous@'.$GLOBALS['egw_info']['user']['domain'],
+					'', 'text', false, false)))
+			{
+				// Allow for testing
+				$sessionid = 'CLI_TEST ' . time();
+				$GLOBALS['egw']->session->sessionid = $sessionid;
+			}
+			return $sessionid;
+		}
+
+		public static function get_share_class($share)
+		{
+			return __CLASS__;
+		}
+	}
+}