When `show_federated_shares_to_trusted_servers_as_internal` is enabled,
lookup server results were being filtered out because they lacked the
`isTrustedServer` flag. This adds the flag to lookup results by:
- Injecting TrustedServers service into LookupPlugin
- Adding `server` and `isTrustedServer` fields to each lookup result
- Updating tests to reflect new structure
This ensures lookup results from trusted servers appear in internal
sharing while non-trusted servers are correctly filtered out.
Signed-off-by: nfebe <fenn25.fn@gmail.com>
When a logged-in user accesses a public share link in the same browser,
the system was incorrectly checking if that user's groups were excluded
from creating link shares. This caused share not found errors for users
in excluded groups, even though public shares should be accessible to anyone
with the link.
The group exclusion setting (`shareapi_allow_links_exclude_groups`) is
intended to restrict share creation, not share access. Public shares
are meant to be anonymous and accessible regardless of the viewer identity
or group membership.
We now check the exclusion for the share creator and not the viewer.
Signed-off-by: nfebe <fenn25.fn@gmail.com>
Add retriesMaxAttempts parameter to S3 objectstore configuration
to allow customization of AWS SDK retry behavior for handling
unreliable network conditions or proxy issues.
Defaults to 5 retries (AWS SDK default) if not specified.
Signed-off-by: nfebe <fenn25.fn@gmail.com>
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
When computing the unencrypted file size, we need the size of the last encrypted chunk as its size is usually not the regular 8192 bits.
To avoid reading the whole file, we seek directly to that last chunk based on the expected file size. When the expected file size is smaller than the actual one, we have a logic in place to continue reading until we reach the end of the file.
In that logic, we forgot to increment the `$lastChunkNr` which is important when we later check the signature of the chunk.
This commit adds that missing increment.
Signed-off-by: Louis Chmn <louis@chmn.me>
The MailPlugin collaborator returned results for both user and mail
collaborators, but it was registered only for mail collaborators. While
it might make sense to move the user results to the UserPlugin instead
that change would be more complex and riskier, so for now the MailPlugin
is now registered for both user and mail collaborators and the results
are limited only to the registered type.
As the plugins are registered only with their class and then resolved
when needed using dependency injection it is not possible (as far as I
know) to provide an explicit parameter in the constructor to
differentiate whether the MailPlugin should return user or mail
collaborators. To overcome this two subclasses are introduced,
MailByMailPlugin and UserByMailPlugin, which just hardcode in their
constructor the collaborator type that their parent MailPlugin must use,
and those subclasses are the ones registered instead of the MailPlugin
(which still contains all the logic).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Nextcloud bot
nfebe
Andy Scherzinger
Daniel
Ferdinand Thiessen
provokateurin
Carl Schwan
Anna Larch
Kent Delante
Sebastian Krupinski
Richard Steinmetz
Louis Chmn
Robin Appelman
Marcel Müller
Côme Chilliet
Benjamin Frueh
Maxence Lange
Daniel Calviño Sánchez
Joas Schilling
Julien Veyssier
Micke Nordin