-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exclude groups for sharing #49217
base: master
Are you sure you want to change the base?
Exclude groups for sharing #49217
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please add a test for this
// Get a list of groups to exclude from search results | ||
$blacklisted_groups = $this->config->getSystemValue('blacklisted_groups', true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Get a list of groups to exclude from search results | |
$blacklisted_groups = $this->config->getSystemValue('blacklisted_groups', true); | |
// Get a list of groups to exclude from search results | |
$sharingDisabledGroups = $this->config->getSystemValue('sharing.disabled_groups', true); |
This name is too generic for a system option and blacklist
should be avoided (it's better and clearer to use blocklist
).
// Get a list of groups to exclude from search results | ||
$blacklisted_groups = $this->config->getSystemValue('blacklisted_groups', true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
// Get a list of groups to exclude from search results | |
$blacklisted_groups = $this->config->getSystemValue('blacklisted_groups', true); | |
// Get a list of groups to exclude from search results | |
$blacklisted_groups = $this->config->getSystemValue('blacklisted_groups', []); |
The default value needs to be an empty array, as otherwise the later code will fail if the config is not set.
$this->result['groups'] = array_filter($this->result['groups'], function($group) use ($blacklisted_groups) { | ||
return !in_array($group['label'], $blacklisted_groups); | ||
}); | ||
// Reindex array to maintain sequential numeric keys | ||
$this->result['groups'] = array_values($this->result['groups']); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$this->result['groups'] = array_filter($this->result['groups'], function($group) use ($blacklisted_groups) { | |
return !in_array($group['label'], $blacklisted_groups); | |
}); | |
// Reindex array to maintain sequential numeric keys | |
$this->result['groups'] = array_values($this->result['groups']); | |
$this->result['groups'] = array_values(array_filter($this->result['groups'], function($group) use ($blacklisted_groups) { | |
return !in_array($group['label'], $blacklisted_groups); | |
})); |
$this->result['exact']['groups'] = array_filter($this->result['exact']['groups'], function($group) use ($blacklisted_groups) { | ||
return !in_array($group['label'], $blacklisted_groups); | ||
}); | ||
// Reindex array to maintain sequential numeric keys | ||
$this->result['exact']['groups'] = array_values($this->result['exact']['groups']); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$this->result['exact']['groups'] = array_filter($this->result['exact']['groups'], function($group) use ($blacklisted_groups) { | |
return !in_array($group['label'], $blacklisted_groups); | |
}); | |
// Reindex array to maintain sequential numeric keys | |
$this->result['exact']['groups'] = array_values($this->result['exact']['groups']); | |
$this->result['exact']['groups'] = array_values(array_filter($this->result['exact']['groups'], function($group) use ($blacklisted_groups) { | |
return !in_array($group['label'], $blacklisted_groups); | |
})); |
Also some documentation in https://github.com/nextcloud/documentation about this would be nice as well. |
@tomwezepoel thanks for the contribution and good luck with the reviews! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Additionally to excluding groups from the search results we should actually prevent creating shares with one of the groups as the recipient. This needs to be implemented in the ShareAPIController.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- Maybe that logic would fit better in
lib/private/Collaboration/Collaborators/GroupPlugin.php
? - The current solution limits which groups you can search for, but don't limit which you can share with. This is probably the place to add that logic: https://github.com/nextcloud-gmbh/server/blob/1d69ffa48948bbcebc892cc89cd8b551940c58eb/lib/private/Share20/Manager.php#L491-L492
- You'll also need to add checkbox in the admin settings. Probably in
apps/settings/lib/Settings/Admin/Sharing.php
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
DRY adjustments and possible type guard addition
@@ -197,6 +197,27 @@ public function search(string $search = '', ?string $itemType = null, int $page | |||
$result['exact'] = array_merge($this->result['exact'], $result['exact']); | |||
} | |||
$this->result = array_merge($this->result, $result); | |||
|
|||
// Get a list of groups to exclude from search results | |||
$blacklisted_groups = $this->config->getSystemValue('blacklisted_groups', true); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
$blacklisted_groups = $this->config->getSystemValue('blacklisted_groups', true); | |
$blacklisted_groups = $this->config->getSystemValue('blacklisted_groups', true); | |
if (!is_array($blacklisted_groups)) { | |
$blacklisted_groups = []; | |
} |
Graceful handling if non array is passed? This can be needless if the source if SURE to provide arrays (when probably not configurable)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is fine to assume we get an array, but the default value needs to be an array like I already suggested above.
if (isset($this->result['groups'])) { | ||
$this->result['groups'] = array_filter($this->result['groups'], function($group) use ($blacklisted_groups) { | ||
return !in_array($group['label'], $blacklisted_groups); | ||
}); | ||
// Reindex array to maintain sequential numeric keys | ||
$this->result['groups'] = array_values($this->result['groups']); | ||
} | ||
|
||
if (isset($this->result['exact']['groups'])) { | ||
$this->result['exact']['groups'] = array_filter($this->result['exact']['groups'], function($group) use ($blacklisted_groups) { | ||
return !in_array($group['label'], $blacklisted_groups); | ||
}); | ||
// Reindex array to maintain sequential numeric keys | ||
$this->result['exact']['groups'] = array_values($this->result['exact']['groups']); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if (isset($this->result['groups'])) { | |
$this->result['groups'] = array_filter($this->result['groups'], function($group) use ($blacklisted_groups) { | |
return !in_array($group['label'], $blacklisted_groups); | |
}); | |
// Reindex array to maintain sequential numeric keys | |
$this->result['groups'] = array_values($this->result['groups']); | |
} | |
if (isset($this->result['exact']['groups'])) { | |
$this->result['exact']['groups'] = array_filter($this->result['exact']['groups'], function($group) use ($blacklisted_groups) { | |
return !in_array($group['label'], $blacklisted_groups); | |
}); | |
// Reindex array to maintain sequential numeric keys | |
$this->result['exact']['groups'] = array_values($this->result['exact']['groups']); | |
} | |
$filterBlacklistedGroups = function ($groups) use ($blacklisted_groups) { | |
return array_values(array_filter($groups, function ($group) use ($blacklisted_groups) { | |
return isset($group['label']) && !in_array($group['label'], $blacklisted_groups); | |
})); | |
}; | |
if (isset($this->result['groups'])) { | |
$this->result['groups'] = $filterBlacklistedGroups($this->result['groups']); | |
} | |
if (isset($this->result['exact']['groups'])) { | |
$this->result['exact']['groups'] = $filterBlacklistedGroups($this->result['exact']['groups']); | |
} |
Since the filter logic is repeated, you can use an inline closure..... or define a function outside this method.
Thanks for all your feedback, really appreciated. 👍 😃 |
Hello there, We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process. Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6 Thank you for contributing to Nextcloud and we hope to hear from you soon! (If you believe you should not receive this message, you can add yourself to the blocklist.) |
See also issue #49198
Certain application or configuration options require the use of groups. Think of enabling certain apps for a specific group of the option to restrict autocomplete with sharing for only users in a specific group.
When you make use of these options, it can only result in large groups. When someone accidentally shares data with such a group then, it can have data impact in addition to large system impact.
Example array response which we got in on line; https://github.com/nextcloud/server/blob/master/apps/files_sharing/lib/Controller/ShareesAPIController.php#L200
From this result we will filter the group
jupyter
as example.Array will contain a list of groups which will be excluded for sharing purposes.