fix: user can only delete own external storage#41092

DeepDiver1975 · 2023-11-13T18:58:06Z

Description

Ensure that users can only delete their own external storage configurations.

How Has This Been Tested?

🤖

Screenshots (if appropriate):

Types of changes

Bug fix (non-breaking change which fixes an issue)
New feature (non-breaking change which adds functionality)
Database schema changes (next release will require increase of minor version instead of patch)
Breaking change (fix or feature that would cause existing functionality to change)
Technical debt
Tests only (no source changes)

Checklist:

update-docs · 2023-11-13T18:58:10Z

Thanks for opening this pull request! The maintainers of this repository would appreciate it if you would create a changelog item based on your changes.

DeepDiver1975 · 2023-11-13T19:00:59Z

apps/files_external/lib/Lib/Backend/Local.php

 			->addParameters([
 				(new DefinitionParameter('datadir', $l->t('Location'))),
 			])
-			->setAllowedVisibility(IStoragesBackendService::VISIBILITY_ADMIN)


jvillafanez

Just some doc stuff.

jvillafanez · 2023-11-14T08:03:30Z

lib/private/Files/External/Service/DBConfigService.php

 		}, $optionsMap);
 	}

+	public function getPersonalMountById(int $mountId, string $userId): ?array {


We might need some PHPDoc, specially to explain the return value. I guess it will return the whole row, but it could also return part of it, or a different information based on the row, maybe including extra information.

In addition, in the weird case of matching multiple rows, it will return the first matched row. There could be other options such as returning null (can't decide the right row), or throwing an exception, so it would be nice to clarify. I guess the column has a unique key constraint, so it won't matter, but the count($mounts) > 0 seems to differ.

It selects by id. There is one or none result.

jvillafanez · 2023-11-14T08:08:17Z

lib/private/Files/External/Service/UserStoragesService.php

 		return $result;
 	}
+
+	public function removeStorage($id) {


PHPDoc would be fine, specially no note that the storage will only be looked for as personal mount of the user, so the method will throw a NotFoundException if the id isn't one of his personal mount points, even if the id exists somewhere else.

Yeah. The whole code is a bit nuts.
Docs could help for the next dev looking at this in a few years 🤣

DeepDiver1975 · 2023-11-16T08:59:35Z

Failing drone is unrelated ...

sonarqubecloud · 2023-11-16T09:49:48Z

Kudos, SonarCloud Quality Gate passed!

0 Bugs
0 Vulnerabilities
0 Security Hotspots
3 Code Smells

100.0% Coverage
0.0% Duplication

DeepDiver1975 added the 3 - To Review label Nov 13, 2023

DeepDiver1975 force-pushed the fix/fs-ex-remove branch from 62f9933 to 16acc12 Compare November 13, 2023 18:59

DeepDiver1975 commented Nov 13, 2023

View reviewed changes

DeepDiver1975 force-pushed the fix/fs-ex-remove branch 2 times, most recently from 7d84892 to 3c7bc6e Compare November 13, 2023 19:03

jvillafanez approved these changes Nov 14, 2023

View reviewed changes

DeepDiver1975 force-pushed the fix/fs-ex-remove branch from 3c7bc6e to 891f4aa Compare November 15, 2023 11:26

fix: user can only delete own external storage

2d85873

DeepDiver1975 force-pushed the fix/fs-ex-remove branch from 891f4aa to 2d85873 Compare November 16, 2023 07:35

DeepDiver1975 merged commit 5a075b7 into master Nov 16, 2023

delete-merged-branch bot deleted the fix/fs-ex-remove branch November 16, 2023 10:35

DeepDiver1975 added a commit that referenced this pull request Nov 17, 2023

fix: user can only delete own external storage (#41092)

8dc5c66

phil-davis pushed a commit that referenced this pull request Nov 22, 2023

fix: user can only delete own external storage (#41092)

95c1f21

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix: user can only delete own external storage#41092