SAK-30041

Chitova263 · Feb 12, 2016 · 110215b · 110215b
1 parent 6724ce8
commit 110215b
Show file tree

Hide file tree

Showing 7 changed files with 113 additions and 9 deletions.
diff --git a/dashboard/impl/src/test/org/sakaiproject/dash/mock/SiteMock.java b/dashboard/impl/src/test/org/sakaiproject/dash/mock/SiteMock.java
@@ -386,6 +386,11 @@ public Collection<Group> getGroupsWithMember(String userId) {
 		return null;
 	}
 
+	public Collection<Group> getGroupsWithMembers(String [] userIds) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 	public Collection<Group> getGroupsWithMemberHasRole(String userId,
 			String role) {
 		// TODO Auto-generated method stub

diff --git a/...ker/core-providers/src/java/org/sakaiproject/entitybroker/providers/model/EntitySite.java b/...ker/core-providers/src/java/org/sakaiproject/entitybroker/providers/model/EntitySite.java
@@ -551,6 +551,13 @@ public Collection getGroupsWithMember(String arg0) {
         throw new UnsupportedOperationException();
     }
 
+    public Collection getGroupsWithMembers(String [] arg0) {
+        if (site != null) {
+            return site.getGroupsWithMembers(arg0);
+        }
+        throw new UnsupportedOperationException();
+    }
+
     public Collection getGroupsWithMemberHasRole(String arg0, String arg1) {
         if (site != null) {
             return site.getGroupsWithMemberHasRole(arg0, arg1);

diff --git a/kernel/api/src/main/java/org/sakaiproject/site/api/Site.java b/kernel/api/src/main/java/org/sakaiproject/site/api/Site.java
@@ -227,6 +227,15 @@ public interface Site extends Edit, Comparable, Serializable, AuthzGroup
 	 */
 	Collection<Group> getGroupsWithMember(String userId);
 
+	/**
+	 * Get a collection of the groups in a Site that have all these users as members.
+	 * 
+	 * @param userId
+	 *        The user id.
+	 * @return A collection (Group) of groups defined in the site that have these users as members, empty if there are none.
+	 */
+	Collection<Group> getGroupsWithMembers(String[] userIds);
+
 	/**
 	 * Get a collection of the groups in a Site that have this user as a member with this role.
 	 * 

diff --git a/kernel/kernel-impl/src/main/java/org/sakaiproject/content/impl/BaseContentService.java b/kernel/kernel-impl/src/main/java/org/sakaiproject/content/impl/BaseContentService.java
@@ -1486,24 +1486,74 @@ protected String convertLockIfDropbox(String lock, String id)
 			String[] parts = StringUtil.split(id, "/");
 			if (parts.length >= 3)
 			{
+				boolean authDropboxGroupsCheck=true;
 				String ref = null;
 				if (id != null)
 				{
 					ref = getReference(id);
 				}
+
+				if (parts.length>=4)
+				{
+					//Http servlet access to dropbox resources
+					String userId=parts[3];
+					if ((userId==null)||(!isDropboxOwnerInCurrentUserGroups(ref,userId)))
+					{
+						authDropboxGroupsCheck=false;
+					}
+				}
 
 				//Before SAK-11647 any dropbox id asked for dropbox.maintain permission.
 				//Now we must support groups permission, so we ask for this permission too.
 				//Groups permission gives full access to dropboxes of users in current user's groups. 
 				//A different logic can be achieved here depending of lock parameter received.
 				if (m_securityService.unlock(AUTH_DROPBOX_GROUPS, ref))
-					return AUTH_DROPBOX_GROUPS;
-				else return AUTH_DROPBOX_MAINTAIN;
+				{
+					if (authDropboxGroupsCheck)
+					{
+						return AUTH_DROPBOX_GROUPS;
+					}
+					else
+					{
+						return AUTH_DROPBOX_MAINTAIN;
+					}
+				}
+				else
+				{
+					return AUTH_DROPBOX_MAINTAIN;
+				}
 			}
 		}
 
 		return lock;
 	}
+
+	/**
+	 * Checks if a dropbox owner is in any group with current user, so AUTH_DROPBOX_GROUPS is rightly applied.
+	 * @return true if the dropbox owner is in the group, false otherwise. 
+	 */
+	public boolean isDropboxOwnerInCurrentUserGroups(String refString, String userId)
+	{
+		String currentUser = sessionManager.getCurrentSessionUserId();
+
+		List<Group> site_groups = new ArrayList<Group>();
+		Reference ref = m_entityManager.newReference(refString);
+		try
+		{
+			Site site = m_siteService.getSite(ref.getContext());
+
+			site_groups.addAll(site.getGroupsWithMembers(new String[]{currentUser,userId}));
+			if (site_groups.size()>0)
+			{
+				return true;
+			}
+		}
+		catch (IdUnusedException e)
+		{
+		}
+
+		return false;
+	}
 
 	/**
 	 * Check whether an id would identify an entity in a dropbox.  Does not determine existence of the entity, just whether its id indicates it is a dropbox or contained within a dropbox.

diff --git a/kernel/kernel-impl/src/main/java/org/sakaiproject/site/impl/BaseSite.java b/kernel/kernel-impl/src/main/java/org/sakaiproject/site/impl/BaseSite.java
@@ -1066,24 +1066,46 @@ public Collection<String> getMembersInGroups(Set<String> groupIds) {
 	/**
 	 * {@inheritDoc}
 	 */
-	public Collection getGroupsWithMember(String userId)
+	public Collection<Group> getGroupsWithMember(String userId)
 	{
-		Collection siteGroups = getGroups();
+		Collection<Group> rv = new Vector<Group>();
+		rv = getGroupsWithMembers(new String[] {userId});
+		return rv;
+	}
+
+	/**
+	 * {@inheritDoc}
+	 */
+	public Collection<Group> getGroupsWithMembers(String[] userIds)
+	{
+		Collection<Group> siteGroups = getGroups();
 		ArrayList<String> siteGroupRefs = new ArrayList<String>(siteGroups.size());
 		for ( Iterator it=siteGroups.iterator(); it.hasNext(); )
 			siteGroupRefs.add( ((Group)it.next()).getReference() );
-			
-		List groups = authzGroupService.getAuthzUserGroupIds(siteGroupRefs, userId);
+
+		List groups = authzGroupService.getAuthzUserGroupIds(siteGroupRefs, userIds[0]);
 		Collection<Group> rv = new Vector<Group>();
+
 		for (Iterator i = groups.iterator(); i.hasNext();)
 		{
 			Member m = null;
 			Group g = getGroup( (String)i.next() );
 
 			if ( g != null )
-				m = g.getMember(userId);
-			if ((m != null) && (m.isActive()))
-				rv.add(g);
+			{
+				for (int j=0; j<userIds.length;j++)
+				{
+					m = g.getMember(userIds[j]);
+					if ((m == null) || (!m.isActive()))
+					{
+						break;
+					}
+				}
+				if ((m != null) && (m.isActive()))
+				{
+					rv.add(g);
+				}
+			}
 		}
 
 		return rv;

diff --git a/sitestats/sitestats-impl/src/test/org/sakaiproject/sitestats/test/mocks/FakeSite.java b/sitestats/sitestats-impl/src/test/org/sakaiproject/sitestats/test/mocks/FakeSite.java
@@ -125,6 +125,11 @@ public Collection getGroupsWithMember(String arg0) {
 		return null;
 	}
 
+	public Collection getGroupsWithMembers(String [] arg0) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 	public Collection getGroupsWithMemberHasRole(String arg0, String arg1) {
 		// TODO Auto-generated method stub
 		return null;

diff --git a/sitestats/sitestats-impl/src/test/org/sakaiproject/sitestats/test/perf/mock/MockSite.java b/sitestats/sitestats-impl/src/test/org/sakaiproject/sitestats/test/perf/mock/MockSite.java
@@ -431,6 +431,12 @@ public Collection<Group> getGroupsWithMember(String userId) {
 		return null;
 	}
 
+	@Override
+	public Collection<Group> getGroupsWithMembers(String [] userIds) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
 	@Override
 	public Collection<Group> getGroupsWithMemberHasRole(String userId,
 			String role) {