Merge pull request #53661 from nextcloud/feat/52635/toggle-for-trusted-server-sharing

feat(files_sharing): Toggle display for trusted server shares

Author: nfebe

apps/files_sharing/lib/Config/ConfigLexicon.php

@@ -22,6 +22,7 @@
  */
 class ConfigLexicon implements ILexicon {
 	public const SHOW_FEDERATED_AS_INTERNAL = 'show_federated_shares_as_internal';
+	public const SHOW_FEDERATED_TO_TRUSTED_AS_INTERNAL = 'show_federated_shares_to_trusted_servers_as_internal';
 
 	public function getStrictness(): Strictness {
 		return Strictness::IGNORE;
@@ -30,6 +31,7 @@ public function getStrictness(): Strictness {
 	public function getAppConfigs(): array {
 		return [
 			new Entry(self::SHOW_FEDERATED_AS_INTERNAL, ValueType::BOOL, false, 'shows federated shares as internal shares', true),
+			new Entry(self::SHOW_FEDERATED_TO_TRUSTED_AS_INTERNAL, ValueType::BOOL, false, 'shows federated shares to trusted servers as internal shares', true),
 		];
 	}
 

apps/files_sharing/lib/Controller/ShareAPIController.php

@@ -15,6 +15,7 @@
 use OC\Files\Storage\Wrapper\Wrapper;
 use OCA\Circles\Api\v1\Circles;
 use OCA\Deck\Sharing\ShareAPIHelper;
+use OCA\Federation\TrustedServers;
 use OCA\Files\Helper;
 use OCA\Files_Sharing\Exceptions\SharingRightsException;
 use OCA\Files_Sharing\External\Storage;
@@ -76,6 +77,7 @@
 class ShareAPIController extends OCSController {
 
 	private ?Node $lockedNode = null;
+	private array $trustedServerCache = [];
 
 	/**
 	 * Share20OCS constructor.
@@ -100,6 +102,7 @@ public function __construct(
 		private IProviderFactory $factory,
 		private IMailer $mailer,
 		private ITagManager $tagManager,
+		private ?TrustedServers $trustedServers,
 		private ?string $userId = null,
 	) {
 		parent::__construct($appName, $request);
@@ -202,6 +205,32 @@ protected function formatShare(IShare $share, ?Node $recipientNode = null): arra
 		$result['item_size'] = $node->getSize();
 		$result['item_mtime'] = $node->getMTime();
 
+		if ($this->trustedServers !== null && in_array($share->getShareType(), [IShare::TYPE_REMOTE, IShare::TYPE_REMOTE_GROUP], true)) {
+			$result['is_trusted_server'] = false;
+			$sharedWith = $share->getSharedWith();
+			$remoteIdentifier = is_string($sharedWith) ? strrchr($sharedWith, '@') : false;
+			if ($remoteIdentifier !== false) {
+				$remote = substr($remoteIdentifier, 1);
+
+				if (isset($this->trustedServerCache[$remote])) {
+					$result['is_trusted_server'] = $this->trustedServerCache[$remote];
+				} else {
+					try {
+						$isTrusted = $this->trustedServers->isTrustedServer($remote);
+						$this->trustedServerCache[$remote] = $isTrusted;
+						$result['is_trusted_server'] = $isTrusted;
+					} catch (\Exception $e) {
+						// Server not found or other issue, we consider it not trusted
+						$this->trustedServerCache[$remote] = false;
+						$this->logger->error(
+							'Error checking if remote server is trusted (treating as untrusted): ' . $e->getMessage(),
+							['exception' => $e]
+						);
+					}
+				}
+			}
+		}
+
 		$expiration = $share->getExpirationDate();
 		if ($expiration !== null) {
 			$expiration->setTimezone($this->dateTimeZone->getTimeZone());

apps/files_sharing/lib/Listener/LoadSidebarListener.php

@@ -38,6 +38,7 @@ public function handle(Event $event): void {
 
 		$appConfig = Server::get(IAppConfig::class);
 		$this->initialState->provideInitialState('showFederatedSharesAsInternal', $appConfig->getValueBool('files_sharing', ConfigLexicon::SHOW_FEDERATED_AS_INTERNAL));
+		$this->initialState->provideInitialState('showFederatedSharesToTrustedServersAsInternal', $appConfig->getValueBool('files_sharing', ConfigLexicon::SHOW_FEDERATED_TO_TRUSTED_AS_INTERNAL));
 		Util::addScript(Application::APP_ID, 'files_sharing_tab', 'files');
 	}
 }

apps/files_sharing/lib/ResponseDefinitions.php

@@ -22,6 +22,7 @@
  *     file_target: string,
  *     has_preview: bool,
  *     hide_download: 0|1,
+ *     is_trusted_server?: bool,
  *     is-mount-root: bool,
  *     id: string,
  *     item_mtime: int,

apps/files_sharing/openapi.json

@@ -548,6 +548,9 @@
                             1
                         ]
                     },
+                    "is_trusted_server": {
+                        "type": "boolean"
+                    },
                     "is-mount-root": {
                         "type": "boolean"
                     },

apps/files_sharing/src/components/SharingEntry.vue

@@ -77,9 +77,9 @@ export default {
 				title += ` (${t('files_sharing', 'group')})`
 			} else if (this.share.type === ShareType.Room) {
 				title += ` (${t('files_sharing', 'conversation')})`
-			} else if (this.share.type === ShareType.Remote) {
+			} else if (this.share.type === ShareType.Remote && !this.share.isTrustedServer) {
 				title += ` (${t('files_sharing', 'remote')})`
-			} else if (this.share.type === ShareType.RemoteGroup) {
+			} else if (this.share.type === ShareType.RemoteGroup && !this.share.isTrustedServer) {
 				title += ` (${t('files_sharing', 'remote group')})`
 			} else if (this.share.type === ShareType.Guest) {
 				title += ` (${t('files_sharing', 'guest')})`

apps/files_sharing/src/components/SharingInput.vue

@@ -192,30 +192,39 @@ export default {
 				lookup = true
 			}
 
-			let shareType = []
-
 			const remoteTypes = [ShareType.Remote, ShareType.RemoteGroup]
-
-			if (this.isExternal && !this.config.showFederatedSharesAsInternal) {
-				shareType.push(...remoteTypes)
+			const shareType = []
+
+			const showFederatedAsInternal
+	= this.config.showFederatedSharesAsInternal
+	|| this.config.showFederatedSharesToTrustedServersAsInternal
+
+			const shouldAddRemoteTypes
+	// For internal users, add remote types if config says to show them as internal
+	= (!this.isExternal && showFederatedAsInternal)
+	// For external users, add them if config *doesn't* say to show them as internal
+	|| (this.isExternal && !showFederatedAsInternal)
+	// Edge case: federated-to-trusted is a separate "add" trigger for external users
+	|| (this.isExternal && this.config.showFederatedSharesToTrustedServersAsInternal)
+
+			if (this.isExternal) {
+				if (getCapabilities().files_sharing.public.enabled === true) {
+					shareType.push(ShareType.Email)
+				}
 			} else {
-				shareType = shareType.concat([
+				shareType.push(
 					ShareType.User,
 					ShareType.Group,
 					ShareType.Team,
 					ShareType.Room,
 					ShareType.Guest,
 					ShareType.Deck,
 					ShareType.ScienceMesh,
-				])
-
-				if (this.config.showFederatedSharesAsInternal) {
-					shareType.push(...remoteTypes)
-				}
+				)
 			}
 
-			if (getCapabilities().files_sharing.public.enabled === true && this.isExternal) {
-				shareType.push(ShareType.Email)
+			if (shouldAddRemoteTypes) {
+				shareType.push(...remoteTypes)
 			}
 
 			let request = null
@@ -366,6 +375,11 @@ export default {
 
 					// filter out existing mail shares
 					if (share.value.shareType === ShareType.Email) {
+						// When sharing internally, we don't want to suggest email addresses
+						// that the user previously created shares to
+						if (!this.isExternal) {
+							return arr
+						}
 						const emails = this.linkShares.map(elem => elem.shareWith)
 						if (emails.indexOf(share.value.shareWith.trim()) !== -1) {
 							return arr

apps/files_sharing/src/models/Share.ts

@@ -486,4 +486,11 @@ export default class Share {
 		return this._share.status
 	}
 
+	/**
+	 * Is the share from a trusted server
+	 */
+	get isTrustedServer(): boolean {
+		return !!this._share.is_trusted_server
+	}
+
 }

apps/files_sharing/src/services/ConfigService.ts

@@ -315,4 +315,12 @@ export default class Config {
 		return loadState('files_sharing', 'showFederatedSharesAsInternal', false)
 	}
 
+	/**
+	 * Show federated shares to trusted servers as internal shares
+	 * @return {boolean}
+	 */
+	get showFederatedSharesToTrustedServersAsInternal(): boolean {
+		return loadState('files_sharing', 'showFederatedSharesToTrustedServersAsInternal', false)
+	}
+
 }

apps/files_sharing/src/views/SharingLinkList.vue

@@ -7,12 +7,6 @@
 	<ul v-if="canLinkShare"
 		:aria-label="t('files_sharing', 'Link shares')"
 		class="sharing-link-list">
-		<!-- If no link shares, show the add link default entry -->
-		<SharingEntryLink v-if="!hasLinkShares && canReshare"
-			:can-reshare="canReshare"
-			:file-info="fileInfo"
-			@add:share="addShare" />
-
 		<!-- Else we display the list -->
 		<template v-if="hasShares">
 			<!-- using shares[index] to work with .sync -->
@@ -27,6 +21,12 @@
 				@remove:share="removeShare"
 				@open-sharing-details="openSharingDetails(share)" />
 		</template>
+
+		<!-- If no link shares, show the add link default entry -->
+		<SharingEntryLink v-if="!hasLinkShares && canReshare"
+			:can-reshare="canReshare"
+			:file-info="fileInfo"
+			@add:share="addShare" />
 	</ul>
 </template>