Disallow sharing without chat permissions

Signed-off-by: Joas Schilling <coding@schilljs.com>

2 files changed, 46 insertions, 1 deletions

diff --git a/tests/integration/features/chat/file-share.feature b/tests/integration/features/chat/file-share.feature
index cb35a4d16..caae8ffae 100644
--- a/tests/integration/features/chat/file-share.feature
+++ b/tests/integration/features/chat/file-share.feature
@@ -1,6 +1,7 @@
 Feature: chat/public
   Background:
     Given user "participant1" exists
+    Given user "participant2" exists
 
   Scenario: Share a file to a chat
     Given user "participant1" creates room "public room" (v4)
@@ -11,6 +12,18 @@ Feature: chat/public
       | room        | actorType | actorId      | actorDisplayName         | message  | messageParameters |
       | public room | users     | participant1 | participant1-displayname | {file}   | "IGNORE"          |
 
+  Scenario: Can not share a file without chat permission
+    Given user "participant1" creates room "public room" (v4)
+      | roomType | 3 |
+      | roomName | room |
+    And user "participant1" adds user "participant2" to room "public room" with 200 (v4)
+    # Removing chat permission only
+    Then user "participant1" sets permissions for "participant2" in room "public room" to "CSJLAVP" with 200 (v4)
+    When user "participant2" shares "welcome.txt" with room "public room"
+    And the OCS status code should be 404
+    Then user "participant1" sees the following messages in room "public room" with 200
+      | room        | actorType | actorId      | actorDisplayName         | message  | messageParameters |
+
   Scenario: Delete share a file message from a chat
     Given user "participant1" creates room "public room" (v4)
       | roomType | 3 |
@@ -23,3 +36,19 @@ Feature: chat/public
     Then user "participant1" sees the following messages in room "public room" with 200
       | room        | actorType | actorId      | actorDisplayName         | message                | messageParameters |
       | public room | users     | participant1 | participant1-displayname | Message deleted by you | {"actor":{"type":"user","id":"participant1","name":"participant1-displayname"}} |
+
+  Scenario: Can not delete a share file message without chat permission
+    Given user "participant1" creates room "public room" (v4)
+      | roomType | 3 |
+      | roomName | room |
+    And user "participant1" adds user "participant2" to room "public room" with 200 (v4)
+    When user "participant2" shares "welcome.txt" with room "public room"
+    Then user "participant1" sees the following messages in room "public room" with 200
+      | room        | actorType | actorId      | actorDisplayName         | message  | messageParameters |
+      | public room | users     | participant2 | participant2-displayname | {file}   | "IGNORE"          |
+    # Removing chat permission only
+    Then user "participant1" sets permissions for "participant2" in room "public room" to "CSJLAVP" with 200 (v4)
+    And user "participant2" deletes message "shared::file::welcome.txt" from room "public room" with 403
+    Then user "participant1" sees the following messages in room "public room" with 200
+      | room        | actorType | actorId      | actorDisplayName         | message  | messageParameters |
+      | public room | users     | participant2 | participant2-displayname | {file}   | "IGNORE"          |
diff --git a/tests/php/Collaboration/Collaborators/RoomPluginTest.php b/tests/php/Collaboration/Collaborators/RoomPluginTest.php
index f96d23569..bb116ffd7 100644
--- a/tests/php/Collaboration/Collaborators/RoomPluginTest.php
+++ b/tests/php/Collaboration/Collaborators/RoomPluginTest.php
@@ -27,6 +27,8 @@ namespace OCA\Talk\Tests\php\Collaboration\Collaborators;
 
 use OCA\Talk\Collaboration\Collaborators\RoomPlugin;
 use OCA\Talk\Manager;
+use OCA\Talk\Model\Attendee;
+use OCA\Talk\Participant;
 use OCA\Talk\Room;
 use OCP\Collaboration\Collaborators\ISearchResult;
 use OCP\Collaboration\Collaborators\SearchResultType;
@@ -65,8 +67,9 @@ class RoomPluginTest extends TestCase {
 		$this->plugin = new RoomPlugin($this->manager, $this->userSession);
 	}
 
-	private function newRoom(int $type, string $token, string $name): Room {
+	private function newRoom(int $type, string $token, string $name, int $permissions = Attendee::PERMISSIONS_MAX_DEFAULT): Room {
 		$room = $this->createMock(Room::class);
+		$participant = $this->createMock(Participant::class);
 
 		$room->expects($this->any())
 			->method('getType')
@@ -80,6 +83,14 @@ class RoomPluginTest extends TestCase {
 			->method('getDisplayName')
 			->willReturn($name);
 
+		$room->expects($this->any())
+			->method('getParticipant')
+			->willReturn($participant);
+
+		$participant->expects($this->any())
+			->method('getPermissions')
+			->willReturn($permissions);
+
 		return $room;
 	}
 
@@ -116,6 +127,11 @@ class RoomPluginTest extends TestCase {
 				$this->newResult('Room name', 'roomToken')
 			], false],
 
+			// Chats without chat permission are not returned
+			['room', 2, 0, [
+				$this->newRoom(Room::TYPE_GROUP, 'roomToken', 'Room name', Attendee::PERMISSIONS_MAX_DEFAULT ^ Attendee::PERMISSIONS_CHAT),
+			], [], [], false],
+
 			// Search term with single exact match
 			['room name', 2, 0, [
 				$this->newRoom(Room::TYPE_GROUP, 'roomToken', 'Unmatched name'),