Inspection of "Merge pull request #52777 from nextcloud/feat/add-..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 2cbfdc...ebc5ae )

unknown

created 2025-07-17 16:02 UTC

Status

Indentation +19 added lines, -19 removed lines patch added patch discarded remove patch

@@ -14,25 +14,25 @@
 block discarded – undo
  * Features context.
  */
 class SharingContext implements Context, SnippetAcceptingContext {
-	use WebDav;
-	use Trashbin;
-	use AppConfiguration;
-	use CommandLine;
-	use Activity;
+    use WebDav;
+    use Trashbin;
+    use AppConfiguration;
+    use CommandLine;
+    use Activity;
 
-	protected function resetAppConfigs() {
-		$this->deleteServerConfig('core', 'shareapi_default_permissions');
-		$this->deleteServerConfig('core', 'shareapi_default_internal_expire_date');
-		$this->deleteServerConfig('core', 'shareapi_internal_expire_after_n_days');
-		$this->deleteServerConfig('core', 'internal_defaultExpDays');
-		$this->deleteServerConfig('core', 'shareapi_enforce_links_password');
-		$this->deleteServerConfig('core', 'shareapi_default_expire_date');
-		$this->deleteServerConfig('core', 'shareapi_expire_after_n_days');
-		$this->deleteServerConfig('core', 'link_defaultExpDays');
-		$this->deleteServerConfig('core', 'shareapi_allow_federation_on_public_shares');
-		$this->deleteServerConfig('files_sharing', 'outgoing_server2server_share_enabled');
-		$this->deleteServerConfig('core', 'shareapi_allow_view_without_download');
+    protected function resetAppConfigs() {
+        $this->deleteServerConfig('core', 'shareapi_default_permissions');
+        $this->deleteServerConfig('core', 'shareapi_default_internal_expire_date');
+        $this->deleteServerConfig('core', 'shareapi_internal_expire_after_n_days');
+        $this->deleteServerConfig('core', 'internal_defaultExpDays');
+        $this->deleteServerConfig('core', 'shareapi_enforce_links_password');
+        $this->deleteServerConfig('core', 'shareapi_default_expire_date');
+        $this->deleteServerConfig('core', 'shareapi_expire_after_n_days');
+        $this->deleteServerConfig('core', 'link_defaultExpDays');
+        $this->deleteServerConfig('core', 'shareapi_allow_federation_on_public_shares');
+        $this->deleteServerConfig('files_sharing', 'outgoing_server2server_share_enabled');
+        $this->deleteServerConfig('core', 'shareapi_allow_view_without_download');
 
-		$this->runOcc(['config:system:delete', 'share_folder']);
-	}
+        $this->runOcc(['config:system:delete', 'share_folder']);
+    }
 }

Please login to merge, or discard this patch.

build/integration/features/bootstrap/Sharing.php 1 patch

Indentation +723 added lines, -723 removed lines patch added patch discarded remove patch

@@ -15,727 +15,727 @@
 block discarded – undo
 
 
 trait Sharing {
-	use Provisioning;
-
-	/** @var int */
-	private $sharingApiVersion = 1;
-
-	/** @var SimpleXMLElement */
-	private $lastShareData = null;
-
-	/** @var SimpleXMLElement[] */
-	private $storedShareData = [];
-
-	/** @var int */
-	private $savedShareId = null;
-
-	/** @var ResponseInterface */
-	private $response;
-
-	/**
-	 * @Given /^as "([^"]*)" creating a share with$/
-	 * @param string $user
-	 * @param TableNode|null $body
-	 */
-	public function asCreatingAShareWith($user, $body) {
-		$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares";
-		$client = new Client();
-		$options = [
-			'headers' => [
-				'OCS-APIREQUEST' => 'true',
-			],
-		];
-		if ($user === 'admin') {
-			$options['auth'] = $this->adminUser;
-		} else {
-			$options['auth'] = [$user, $this->regularUser];
-		}
-
-		if ($body instanceof TableNode) {
-			$fd = $body->getRowsHash();
-			if (array_key_exists('expireDate', $fd)) {
-				$dateModification = $fd['expireDate'];
-				if ($dateModification === 'null') {
-					$fd['expireDate'] = null;
-				} elseif (!empty($dateModification)) {
-					$fd['expireDate'] = date('Y-m-d', strtotime($dateModification));
-				} else {
-					$fd['expireDate'] = '';
-				}
-			}
-			$options['form_params'] = $fd;
-		}
-
-		try {
-			$this->response = $client->request('POST', $fullUrl, $options);
-		} catch (\GuzzleHttp\Exception\ClientException $ex) {
-			$this->response = $ex->getResponse();
-		}
-
-		$this->lastShareData = simplexml_load_string($this->response->getBody());
-	}
-
-	/**
-	 * @When /^save the last share data as "([^"]*)"$/
-	 */
-	public function saveLastShareData($name) {
-		$this->storedShareData[$name] = $this->lastShareData;
-	}
-
-	/**
-	 * @When /^restore the last share data from "([^"]*)"$/
-	 */
-	public function restoreLastShareData($name) {
-		$this->lastShareData = $this->storedShareData[$name];
-	}
-
-	/**
-	 * @When /^creating a share with$/
-	 * @param TableNode|null $body
-	 */
-	public function creatingShare($body) {
-		$this->asCreatingAShareWith($this->currentUser, $body);
-	}
-
-	/**
-	 * @When /^accepting last share$/
-	 */
-	public function acceptingLastShare() {
-		$share_id = $this->lastShareData->data[0]->id;
-		$url = "/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/pending/$share_id";
-		$this->sendingToWith('POST', $url, null);
-
-		$this->theHTTPStatusCodeShouldBe('200');
-	}
-
-	/**
-	 * @When /^user "([^"]*)" accepts last share$/
-	 *
-	 * @param string $user
-	 */
-	public function userAcceptsLastShare(string $user) {
-		// "As userXXX" and "user userXXX accepts last share" steps are not
-		// expected to be used in the same scenario, but restore the user just
-		// in case.
-		$previousUser = $this->currentUser;
-
-		$this->currentUser = $user;
-
-		$share_id = $this->lastShareData->data[0]->id;
-		$url = "/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/pending/$share_id";
-		$this->sendingToWith('POST', $url, null);
-
-		$this->currentUser = $previousUser;
-
-		$this->theHTTPStatusCodeShouldBe('200');
-	}
-
-	/**
-	 * @Then /^last link share can be downloaded$/
-	 */
-	public function lastLinkShareCanBeDownloaded() {
-		if (count($this->lastShareData->data->element) > 0) {
-			$url = $this->lastShareData->data[0]->url;
-		} else {
-			$url = $this->lastShareData->data->url;
-		}
-		$fullUrl = $url . '/download';
-		$this->checkDownload($fullUrl, null, 'text/plain');
-	}
-
-	/**
-	 * @Then /^last share can be downloaded$/
-	 */
-	public function lastShareCanBeDownloaded() {
-		if (count($this->lastShareData->data->element) > 0) {
-			$token = $this->lastShareData->data[0]->token;
-		} else {
-			$token = $this->lastShareData->data->token;
-		}
-
-		$fullUrl = substr($this->baseUrl, 0, -4) . 'index.php/s/' . $token . '/download';
-		$this->checkDownload($fullUrl, null, 'text/plain');
-	}
-
-	/**
-	 * @Then /^last share with password "([^"]*)" can be downloaded$/
-	 */
-	public function lastShareWithPasswordCanBeDownloaded($password) {
-		if (count($this->lastShareData->data->element) > 0) {
-			$token = $this->lastShareData->data[0]->token;
-		} else {
-			$token = $this->lastShareData->data->token;
-		}
-
-		$fullUrl = substr($this->baseUrl, 0, -4) . "public.php/dav/files/$token/";
-		$this->checkDownload($fullUrl, ['', $password], 'text/plain');
-	}
-
-	private function checkDownload($url, $auth = null, $mimeType = null) {
-		if ($auth !== null) {
-			$options['auth'] = $auth;
-		}
-		$options['stream'] = true;
-
-		$client = new Client();
-		$this->response = $client->get($url, $options);
-		Assert::assertEquals(200, $this->response->getStatusCode());
-
-		$buf = '';
-		$body = $this->response->getBody();
-		while (!$body->eof()) {
-			// read everything
-			$buf .= $body->read(8192);
-		}
-		$body->close();
-
-		if ($mimeType !== null) {
-			$finfo = new finfo;
-			Assert::assertEquals($mimeType, $finfo->buffer($buf, FILEINFO_MIME_TYPE));
-		}
-	}
-
-	/**
-	 * @When /^Adding expiration date to last share$/
-	 */
-	public function addingExpirationDate() {
-		$share_id = (string)$this->lastShareData->data[0]->id;
-		$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/$share_id";
-		$client = new Client();
-		$options = [];
-		if ($this->currentUser === 'admin') {
-			$options['auth'] = $this->adminUser;
-		} else {
-			$options['auth'] = [$this->currentUser, $this->regularUser];
-		}
-		$date = date('Y-m-d', strtotime('+3 days'));
-		$options['form_params'] = ['expireDate' => $date];
-		$this->response = $this->response = $client->request('PUT', $fullUrl, $options);
-		Assert::assertEquals(200, $this->response->getStatusCode());
-	}
-
-	/**
-	 * @When /^Updating last share with$/
-	 * @param TableNode|null $body
-	 */
-	public function updatingLastShare($body) {
-		$share_id = (string)$this->lastShareData->data[0]->id;
-		$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/$share_id";
-		$client = new Client();
-		$options = [
-			'headers' => [
-				'OCS-APIREQUEST' => 'true',
-			],
-		];
-		if ($this->currentUser === 'admin') {
-			$options['auth'] = $this->adminUser;
-		} else {
-			$options['auth'] = [$this->currentUser, $this->regularUser];
-		}
-
-		if ($body instanceof TableNode) {
-			$fd = $body->getRowsHash();
-			if (array_key_exists('expireDate', $fd)) {
-				$dateModification = $fd['expireDate'];
-				$fd['expireDate'] = date('Y-m-d', strtotime($dateModification));
-			}
-			$options['form_params'] = $fd;
-		}
-
-		try {
-			$this->response = $client->request('PUT', $fullUrl, $options);
-		} catch (\GuzzleHttp\Exception\ClientException $ex) {
-			$this->response = $ex->getResponse();
-		}
-	}
-
-	public function createShare($user,
-		$path = null,
-		$shareType = null,
-		$shareWith = null,
-		$publicUpload = null,
-		$password = null,
-		$permissions = null,
-		$viewOnly = false) {
-		$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares";
-		$client = new Client();
-		$options = [
-			'headers' => [
-				'OCS-APIREQUEST' => 'true',
-			],
-		];
-
-		if ($user === 'admin') {
-			$options['auth'] = $this->adminUser;
-		} else {
-			$options['auth'] = [$user, $this->regularUser];
-		}
-		$body = [];
-		if (!is_null($path)) {
-			$body['path'] = $path;
-		}
-		if (!is_null($shareType)) {
-			$body['shareType'] = $shareType;
-		}
-		if (!is_null($shareWith)) {
-			$body['shareWith'] = $shareWith;
-		}
-		if (!is_null($publicUpload)) {
-			$body['publicUpload'] = $publicUpload;
-		}
-		if (!is_null($password)) {
-			$body['password'] = $password;
-		}
-		if (!is_null($permissions)) {
-			$body['permissions'] = $permissions;
-		}
-
-		if ($viewOnly === true) {
-			$body['attributes'] = json_encode([['scope' => 'permissions', 'key' => 'download', 'value' => false]]);
-		}
-
-		$options['form_params'] = $body;
-
-		try {
-			$this->response = $client->request('POST', $fullUrl, $options);
-			$this->lastShareData = simplexml_load_string($this->response->getBody());
-		} catch (\GuzzleHttp\Exception\ClientException $ex) {
-			$this->response = $ex->getResponse();
-			throw new \Exception($this->response->getBody());
-		}
-	}
-
-	public function isFieldInResponse($field, $contentExpected) {
-		$data = simplexml_load_string($this->response->getBody())->data[0];
-		if ((string)$field == 'expiration') {
-			if (!empty($contentExpected)) {
-				$contentExpected = date('Y-m-d', strtotime($contentExpected)) . ' 00:00:00';
-			}
-		}
-		if (count($data->element) > 0) {
-			foreach ($data as $element) {
-				if ($contentExpected == 'A_TOKEN') {
-					return (strlen((string)$element->$field) == 15);
-				} elseif ($contentExpected == 'A_NUMBER') {
-					return is_numeric((string)$element->$field);
-				} elseif ($contentExpected == 'AN_URL') {
-					return $this->isExpectedUrl((string)$element->$field, 'index.php/s/');
-				} elseif ((string)$element->$field == $contentExpected) {
-					return true;
-				} else {
-					print($element->$field);
-				}
-			}
-
-			return false;
-		} else {
-			if ($contentExpected == 'A_TOKEN') {
-				return (strlen((string)$data->$field) == 15);
-			} elseif ($contentExpected == 'A_NUMBER') {
-				return is_numeric((string)$data->$field);
-			} elseif ($contentExpected == 'AN_URL') {
-				return $this->isExpectedUrl((string)$data->$field, 'index.php/s/');
-			} elseif ($contentExpected == $data->$field) {
-				return true;
-			} else {
-				print($data->$field);
-			}
-			return false;
-		}
-	}
-
-	/**
-	 * @Then /^File "([^"]*)" should be included in the response$/
-	 *
-	 * @param string $filename
-	 */
-	public function checkSharedFileInResponse($filename) {
-		Assert::assertEquals(true, $this->isFieldInResponse('file_target', "/$filename"));
-	}
-
-	/**
-	 * @Then /^File "([^"]*)" should not be included in the response$/
-	 *
-	 * @param string $filename
-	 */
-	public function checkSharedFileNotInResponse($filename) {
-		Assert::assertEquals(false, $this->isFieldInResponse('file_target', "/$filename"));
-	}
-
-	/**
-	 * @Then /^User "([^"]*)" should be included in the response$/
-	 *
-	 * @param string $user
-	 */
-	public function checkSharedUserInResponse($user) {
-		Assert::assertEquals(true, $this->isFieldInResponse('share_with', "$user"));
-	}
-
-	/**
-	 * @Then /^User "([^"]*)" should not be included in the response$/
-	 *
-	 * @param string $user
-	 */
-	public function checkSharedUserNotInResponse($user) {
-		Assert::assertEquals(false, $this->isFieldInResponse('share_with', "$user"));
-	}
-
-	public function isUserOrGroupInSharedData($userOrGroup, $permissions = null) {
-		$data = simplexml_load_string($this->response->getBody())->data[0];
-		foreach ($data as $element) {
-			if ($element->share_with == $userOrGroup && ($permissions === null || $permissions == $element->permissions)) {
-				return true;
-			}
-		}
-		return false;
-	}
-
-	/**
-	 * @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with user "([^"]*)"( with permissions ([\d]*))?( view-only)?$/
-	 *
-	 * @param string $filepath
-	 * @param string $user1
-	 * @param string $user2
-	 */
-	public function assureFileIsShared($entry, $filepath, $user1, $user2, $withPerms = null, $permissions = null, $viewOnly = null) {
-		// when view-only is set, permissions is empty string instead of null...
-		if ($permissions === '') {
-			$permissions = null;
-		}
-		$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares" . "?path=$filepath";
-		$client = new Client();
-		$options = [];
-		if ($user1 === 'admin') {
-			$options['auth'] = $this->adminUser;
-		} else {
-			$options['auth'] = [$user1, $this->regularUser];
-		}
-		$options['headers'] = [
-			'OCS-APIREQUEST' => 'true',
-		];
-		$this->response = $client->get($fullUrl, $options);
-		if ($this->isUserOrGroupInSharedData($user2, $permissions)) {
-			return;
-		} else {
-			$this->createShare($user1, $filepath, 0, $user2, null, null, $permissions, $viewOnly !== null);
-		}
-		$this->response = $client->get($fullUrl, $options);
-		Assert::assertEquals(true, $this->isUserOrGroupInSharedData($user2, $permissions));
-	}
-
-	/**
-	 * @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with group "([^"]*)"( with permissions ([\d]*))?( view-only)?$/
-	 *
-	 * @param string $filepath
-	 * @param string $user
-	 * @param string $group
-	 */
-	public function assureFileIsSharedWithGroup($entry, $filepath, $user, $group, $withPerms = null, $permissions = null, $viewOnly = null) {
-		// when view-only is set, permissions is empty string instead of null...
-		if ($permissions === '') {
-			$permissions = null;
-		}
-		$fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares" . "?path=$filepath";
-		$client = new Client();
-		$options = [];
-		if ($user === 'admin') {
-			$options['auth'] = $this->adminUser;
-		} else {
-			$options['auth'] = [$user, $this->regularUser];
-		}
-		$options['headers'] = [
-			'OCS-APIREQUEST' => 'true',
-		];
-		$this->response = $client->get($fullUrl, $options);
-		if ($this->isUserOrGroupInSharedData($group, $permissions)) {
-			return;
-		} else {
-			$this->createShare($user, $filepath, 1, $group, null, null, $permissions, $viewOnly !== null);
-		}
-		$this->response = $client->get($fullUrl, $options);
-		Assert::assertEquals(true, $this->isUserOrGroupInSharedData($group, $permissions));
-	}
-
-	/**
-	 * @When /^Deleting last share$/
-	 */
-	public function deletingLastShare() {
-		$share_id = $this->lastShareData->data[0]->id;
-		$url = "/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/$share_id";
-		$this->sendingToWith('DELETE', $url, null);
-	}
-
-	/**
-	 * @When /^Getting info of last share$/
-	 */
-	public function gettingInfoOfLastShare() {
-		$share_id = $this->lastShareData->data[0]->id;
-		$url = "/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/$share_id";
-		$this->sendingToWith('GET', $url, null);
-	}
-
-	/**
-	 * @Then /^last share_id is included in the answer$/
-	 */
-	public function checkingLastShareIDIsIncluded() {
-		$share_id = $this->lastShareData->data[0]->id;
-		if (!$this->isFieldInResponse('id', $share_id)) {
-			Assert::fail("Share id $share_id not found in response");
-		}
-	}
-
-	/**
-	 * @Then /^last share_id is not included in the answer$/
-	 */
-	public function checkingLastShareIDIsNotIncluded() {
-		$share_id = $this->lastShareData->data[0]->id;
-		if ($this->isFieldInResponse('id', $share_id)) {
-			Assert::fail("Share id $share_id has been found in response");
-		}
-	}
-
-	/**
-	 * @Then /^Share fields of last share match with$/
-	 * @param TableNode|null $body
-	 */
-	public function checkShareFields($body) {
-		if ($body instanceof TableNode) {
-			$fd = $body->getRowsHash();
-
-			foreach ($fd as $field => $value) {
-				if (substr($field, 0, 10) === 'share_with') {
-					$value = str_replace('REMOTE', substr($this->remoteBaseUrl, 0, -5), $value);
-					$value = str_replace('LOCAL', substr($this->localBaseUrl, 0, -5), $value);
-				}
-				if (substr($field, 0, 6) === 'remote') {
-					$value = str_replace('REMOTE', substr($this->remoteBaseUrl, 0, -4), $value);
-					$value = str_replace('LOCAL', substr($this->localBaseUrl, 0, -4), $value);
-				}
-				if (!$this->isFieldInResponse($field, $value)) {
-					Assert::fail("$field" . " doesn't have value " . "$value");
-				}
-			}
-		}
-	}
-
-	/**
-	 * @Then the list of returned shares has :count shares
-	 */
-	public function theListOfReturnedSharesHasShares(int $count) {
-		$this->theHTTPStatusCodeShouldBe('200');
-		$this->theOCSStatusCodeShouldBe('100');
-
-		$returnedShares = $this->getXmlResponse()->data[0];
-
-		Assert::assertEquals($count, count($returnedShares->element));
-	}
-
-	/**
-	 * @Then share :count is returned with
-	 *
-	 * @param int $number
-	 * @param TableNode $body
-	 */
-	public function shareXIsReturnedWith(int $number, TableNode $body) {
-		$this->theHTTPStatusCodeShouldBe('200');
-		$this->theOCSStatusCodeShouldBe('100');
-
-		if (!($body instanceof TableNode)) {
-			return;
-		}
-
-		$returnedShare = $this->getXmlResponse()->data[0];
-		if ($returnedShare->element) {
-			$returnedShare = $returnedShare->element[$number];
-		}
-
-		$defaultExpectedFields = [
-			'id' => 'A_NUMBER',
-			'permissions' => '19',
-			'stime' => 'A_NUMBER',
-			'parent' => '',
-			'expiration' => '',
-			'token' => '',
-			'storage' => 'A_NUMBER',
-			'item_source' => 'A_NUMBER',
-			'file_source' => 'A_NUMBER',
-			'file_parent' => 'A_NUMBER',
-			'mail_send' => '0'
-		];
-		$expectedFields = array_merge($defaultExpectedFields, $body->getRowsHash());
-
-		if (!array_key_exists('uid_file_owner', $expectedFields)
-				&& array_key_exists('uid_owner', $expectedFields)) {
-			$expectedFields['uid_file_owner'] = $expectedFields['uid_owner'];
-		}
-		if (!array_key_exists('displayname_file_owner', $expectedFields)
-				&& array_key_exists('displayname_owner', $expectedFields)) {
-			$expectedFields['displayname_file_owner'] = $expectedFields['displayname_owner'];
-		}
-
-		if (array_key_exists('share_type', $expectedFields)
-				&& $expectedFields['share_type'] == 10 /* IShare::TYPE_ROOM */
-				&& array_key_exists('share_with', $expectedFields)) {
-			if ($expectedFields['share_with'] === 'private_conversation') {
-				$expectedFields['share_with'] = 'REGEXP /^private_conversation_[0-9a-f]{6}$/';
-			} else {
-				$expectedFields['share_with'] = FeatureContext::getTokenForIdentifier($expectedFields['share_with']);
-			}
-		}
-
-		foreach ($expectedFields as $field => $value) {
-			$this->assertFieldIsInReturnedShare($field, $value, $returnedShare);
-		}
-	}
-
-	/**
-	 * @return SimpleXMLElement
-	 */
-	private function getXmlResponse(): \SimpleXMLElement {
-		return simplexml_load_string($this->response->getBody());
-	}
-
-	/**
-	 * @param string $field
-	 * @param string $contentExpected
-	 * @param \SimpleXMLElement $returnedShare
-	 */
-	private function assertFieldIsInReturnedShare(string $field, string $contentExpected, \SimpleXMLElement $returnedShare) {
-		if ($contentExpected === 'IGNORE') {
-			return;
-		}
-
-		if (!property_exists($returnedShare, $field)) {
-			Assert::fail("$field was not found in response");
-		}
-
-		if ($field === 'expiration' && !empty($contentExpected)) {
-			$contentExpected = date('Y-m-d', strtotime($contentExpected)) . ' 00:00:00';
-		}
-
-		if ($contentExpected === 'A_NUMBER') {
-			Assert::assertTrue(is_numeric((string)$returnedShare->$field), "Field '$field' is not a number: " . $returnedShare->$field);
-		} elseif ($contentExpected === 'A_TOKEN') {
-			// A token is composed by 15 characters from
-			// ISecureRandom::CHAR_HUMAN_READABLE.
-			Assert::assertRegExp('/^[abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789]{15}$/', (string)$returnedShare->$field, "Field '$field' is not a token");
-		} elseif (strpos($contentExpected, 'REGEXP ') === 0) {
-			Assert::assertRegExp(substr($contentExpected, strlen('REGEXP ')), (string)$returnedShare->$field, "Field '$field' does not match");
-		} else {
-			Assert::assertEquals($contentExpected, (string)$returnedShare->$field, "Field '$field' does not match");
-		}
-	}
-
-	/**
-	 * @Then As :user remove all shares from the file named :fileName
-	 */
-	public function asRemoveAllSharesFromTheFileNamed($user, $fileName) {
-		$url = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares?format=json";
-		$client = new \GuzzleHttp\Client();
-		$res = $client->get(
-			$url,
-			[
-				'auth' => [
-					$user,
-					'123456',
-				],
-				'headers' => [
-					'Content-Type' => 'application/json',
-					'OCS-APIREQUEST' => 'true',
-				],
-			]
-		);
-		$json = json_decode($res->getBody()->getContents(), true);
-		$deleted = false;
-		foreach ($json['ocs']['data'] as $data) {
-			if (stripslashes($data['path']) === $fileName) {
-				$id = $data['id'];
-				$client->delete(
-					$this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/{$id}",
-					[
-						'auth' => [
-							$user,
-							'123456',
-						],
-						'headers' => [
-							'Content-Type' => 'application/json',
-							'OCS-APIREQUEST' => 'true',
-						],
-					]
-				);
-				$deleted = true;
-			}
-		}
-
-		if ($deleted === false) {
-			throw new \Exception("Could not delete file $fileName");
-		}
-	}
-
-	/**
-	 * @When save last share id
-	 */
-	public function saveLastShareId() {
-		$this->savedShareId = ($this->lastShareData['data']['id'] ?? null);
-	}
-
-	/**
-	 * @Then share ids should match
-	 */
-	public function shareIdsShouldMatch() {
-		if ($this->savedShareId !== ($this->lastShareData['data']['id'] ?? null)) {
-			throw new \Exception('Expected the same link share to be returned');
-		}
-	}
-
-	/**
-	 * @When /^getting sharees for$/
-	 * @param TableNode $body
-	 */
-	public function whenGettingShareesFor($body) {
-		$url = '/apps/files_sharing/api/v1/sharees';
-		if ($body instanceof TableNode) {
-			$parameters = [];
-			foreach ($body->getRowsHash() as $key => $value) {
-				$parameters[] = $key . '=' . $value;
-			}
-			if (!empty($parameters)) {
-				$url .= '?' . implode('&', $parameters);
-			}
-		}
-
-		$this->sendingTo('GET', $url);
-	}
-
-	/**
-	 * @Then /^"([^"]*)" sharees returned (are|is empty)$/
-	 * @param string $shareeType
-	 * @param string $isEmpty
-	 * @param TableNode|null $shareesList
-	 */
-	public function thenListOfSharees($shareeType, $isEmpty, $shareesList = null) {
-		if ($isEmpty !== 'is empty') {
-			$sharees = $shareesList->getRows();
-			$respondedArray = $this->getArrayOfShareesResponded($this->response, $shareeType);
-			Assert::assertEquals($sharees, $respondedArray);
-		} else {
-			$respondedArray = $this->getArrayOfShareesResponded($this->response, $shareeType);
-			Assert::assertEmpty($respondedArray);
-		}
-	}
-
-	public function getArrayOfShareesResponded(ResponseInterface $response, $shareeType) {
-		$elements = simplexml_load_string($response->getBody())->data;
-		$elements = json_decode(json_encode($elements), 1);
-		if (strpos($shareeType, 'exact ') === 0) {
-			$elements = $elements['exact'];
-			$shareeType = substr($shareeType, 6);
-		}
-
-		$sharees = [];
-		foreach ($elements[$shareeType] as $element) {
-			$sharees[] = [$element['label'], $element['value']['shareType'], $element['value']['shareWith']];
-		}
-		return $sharees;
-	}
+    use Provisioning;
+
+    /** @var int */
+    private $sharingApiVersion = 1;
+
+    /** @var SimpleXMLElement */
+    private $lastShareData = null;
+
+    /** @var SimpleXMLElement[] */
+    private $storedShareData = [];
+
+    /** @var int */
+    private $savedShareId = null;
+
+    /** @var ResponseInterface */
+    private $response;
+
+    /**
+     * @Given /^as "([^"]*)" creating a share with$/
+     * @param string $user
+     * @param TableNode|null $body
+     */
+    public function asCreatingAShareWith($user, $body) {
+        $fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares";
+        $client = new Client();
+        $options = [
+            'headers' => [
+                'OCS-APIREQUEST' => 'true',
+            ],
+        ];
+        if ($user === 'admin') {
+            $options['auth'] = $this->adminUser;
+        } else {
+            $options['auth'] = [$user, $this->regularUser];
+        }
+
+        if ($body instanceof TableNode) {
+            $fd = $body->getRowsHash();
+            if (array_key_exists('expireDate', $fd)) {
+                $dateModification = $fd['expireDate'];
+                if ($dateModification === 'null') {
+                    $fd['expireDate'] = null;
+                } elseif (!empty($dateModification)) {
+                    $fd['expireDate'] = date('Y-m-d', strtotime($dateModification));
+                } else {
+                    $fd['expireDate'] = '';
+                }
+            }
+            $options['form_params'] = $fd;
+        }
+
+        try {
+            $this->response = $client->request('POST', $fullUrl, $options);
+        } catch (\GuzzleHttp\Exception\ClientException $ex) {
+            $this->response = $ex->getResponse();
+        }
+
+        $this->lastShareData = simplexml_load_string($this->response->getBody());
+    }
+
+    /**
+     * @When /^save the last share data as "([^"]*)"$/
+     */
+    public function saveLastShareData($name) {
+        $this->storedShareData[$name] = $this->lastShareData;
+    }
+
+    /**
+     * @When /^restore the last share data from "([^"]*)"$/
+     */
+    public function restoreLastShareData($name) {
+        $this->lastShareData = $this->storedShareData[$name];
+    }
+
+    /**
+     * @When /^creating a share with$/
+     * @param TableNode|null $body
+     */
+    public function creatingShare($body) {
+        $this->asCreatingAShareWith($this->currentUser, $body);
+    }
+
+    /**
+     * @When /^accepting last share$/
+     */
+    public function acceptingLastShare() {
+        $share_id = $this->lastShareData->data[0]->id;
+        $url = "/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/pending/$share_id";
+        $this->sendingToWith('POST', $url, null);
+
+        $this->theHTTPStatusCodeShouldBe('200');
+    }
+
+    /**
+     * @When /^user "([^"]*)" accepts last share$/
+     *
+     * @param string $user
+     */
+    public function userAcceptsLastShare(string $user) {
+        // "As userXXX" and "user userXXX accepts last share" steps are not
+        // expected to be used in the same scenario, but restore the user just
+        // in case.
+        $previousUser = $this->currentUser;
+
+        $this->currentUser = $user;
+
+        $share_id = $this->lastShareData->data[0]->id;
+        $url = "/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/pending/$share_id";
+        $this->sendingToWith('POST', $url, null);
+
+        $this->currentUser = $previousUser;
+
+        $this->theHTTPStatusCodeShouldBe('200');
+    }
+
+    /**
+     * @Then /^last link share can be downloaded$/
+     */
+    public function lastLinkShareCanBeDownloaded() {
+        if (count($this->lastShareData->data->element) > 0) {
+            $url = $this->lastShareData->data[0]->url;
+        } else {
+            $url = $this->lastShareData->data->url;
+        }
+        $fullUrl = $url . '/download';
+        $this->checkDownload($fullUrl, null, 'text/plain');
+    }
+
+    /**
+     * @Then /^last share can be downloaded$/
+     */
+    public function lastShareCanBeDownloaded() {
+        if (count($this->lastShareData->data->element) > 0) {
+            $token = $this->lastShareData->data[0]->token;
+        } else {
+            $token = $this->lastShareData->data->token;
+        }
+
+        $fullUrl = substr($this->baseUrl, 0, -4) . 'index.php/s/' . $token . '/download';
+        $this->checkDownload($fullUrl, null, 'text/plain');
+    }
+
+    /**
+     * @Then /^last share with password "([^"]*)" can be downloaded$/
+     */
+    public function lastShareWithPasswordCanBeDownloaded($password) {
+        if (count($this->lastShareData->data->element) > 0) {
+            $token = $this->lastShareData->data[0]->token;
+        } else {
+            $token = $this->lastShareData->data->token;
+        }
+
+        $fullUrl = substr($this->baseUrl, 0, -4) . "public.php/dav/files/$token/";
+        $this->checkDownload($fullUrl, ['', $password], 'text/plain');
+    }
+
+    private function checkDownload($url, $auth = null, $mimeType = null) {
+        if ($auth !== null) {
+            $options['auth'] = $auth;
+        }
+        $options['stream'] = true;
+
+        $client = new Client();
+        $this->response = $client->get($url, $options);
+        Assert::assertEquals(200, $this->response->getStatusCode());
+
+        $buf = '';
+        $body = $this->response->getBody();
+        while (!$body->eof()) {
+            // read everything
+            $buf .= $body->read(8192);
+        }
+        $body->close();
+
+        if ($mimeType !== null) {
+            $finfo = new finfo;
+            Assert::assertEquals($mimeType, $finfo->buffer($buf, FILEINFO_MIME_TYPE));
+        }
+    }
+
+    /**
+     * @When /^Adding expiration date to last share$/
+     */
+    public function addingExpirationDate() {
+        $share_id = (string)$this->lastShareData->data[0]->id;
+        $fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/$share_id";
+        $client = new Client();
+        $options = [];
+        if ($this->currentUser === 'admin') {
+            $options['auth'] = $this->adminUser;
+        } else {
+            $options['auth'] = [$this->currentUser, $this->regularUser];
+        }
+        $date = date('Y-m-d', strtotime('+3 days'));
+        $options['form_params'] = ['expireDate' => $date];
+        $this->response = $this->response = $client->request('PUT', $fullUrl, $options);
+        Assert::assertEquals(200, $this->response->getStatusCode());
+    }
+
+    /**
+     * @When /^Updating last share with$/
+     * @param TableNode|null $body
+     */
+    public function updatingLastShare($body) {
+        $share_id = (string)$this->lastShareData->data[0]->id;
+        $fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/$share_id";
+        $client = new Client();
+        $options = [
+            'headers' => [
+                'OCS-APIREQUEST' => 'true',
+            ],
+        ];
+        if ($this->currentUser === 'admin') {
+            $options['auth'] = $this->adminUser;
+        } else {
+            $options['auth'] = [$this->currentUser, $this->regularUser];
+        }
+
+        if ($body instanceof TableNode) {
+            $fd = $body->getRowsHash();
+            if (array_key_exists('expireDate', $fd)) {
+                $dateModification = $fd['expireDate'];
+                $fd['expireDate'] = date('Y-m-d', strtotime($dateModification));
+            }
+            $options['form_params'] = $fd;
+        }
+
+        try {
+            $this->response = $client->request('PUT', $fullUrl, $options);
+        } catch (\GuzzleHttp\Exception\ClientException $ex) {
+            $this->response = $ex->getResponse();
+        }
+    }
+
+    public function createShare($user,
+        $path = null,
+        $shareType = null,
+        $shareWith = null,
+        $publicUpload = null,
+        $password = null,
+        $permissions = null,
+        $viewOnly = false) {
+        $fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares";
+        $client = new Client();
+        $options = [
+            'headers' => [
+                'OCS-APIREQUEST' => 'true',
+            ],
+        ];
+
+        if ($user === 'admin') {
+            $options['auth'] = $this->adminUser;
+        } else {
+            $options['auth'] = [$user, $this->regularUser];
+        }
+        $body = [];
+        if (!is_null($path)) {
+            $body['path'] = $path;
+        }
+        if (!is_null($shareType)) {
+            $body['shareType'] = $shareType;
+        }
+        if (!is_null($shareWith)) {
+            $body['shareWith'] = $shareWith;
+        }
+        if (!is_null($publicUpload)) {
+            $body['publicUpload'] = $publicUpload;
+        }
+        if (!is_null($password)) {
+            $body['password'] = $password;
+        }
+        if (!is_null($permissions)) {
+            $body['permissions'] = $permissions;
+        }
+
+        if ($viewOnly === true) {
+            $body['attributes'] = json_encode([['scope' => 'permissions', 'key' => 'download', 'value' => false]]);
+        }
+
+        $options['form_params'] = $body;
+
+        try {
+            $this->response = $client->request('POST', $fullUrl, $options);
+            $this->lastShareData = simplexml_load_string($this->response->getBody());
+        } catch (\GuzzleHttp\Exception\ClientException $ex) {
+            $this->response = $ex->getResponse();
+            throw new \Exception($this->response->getBody());
+        }
+    }
+
+    public function isFieldInResponse($field, $contentExpected) {
+        $data = simplexml_load_string($this->response->getBody())->data[0];
+        if ((string)$field == 'expiration') {
+            if (!empty($contentExpected)) {
+                $contentExpected = date('Y-m-d', strtotime($contentExpected)) . ' 00:00:00';
+            }
+        }
+        if (count($data->element) > 0) {
+            foreach ($data as $element) {
+                if ($contentExpected == 'A_TOKEN') {
+                    return (strlen((string)$element->$field) == 15);
+                } elseif ($contentExpected == 'A_NUMBER') {
+                    return is_numeric((string)$element->$field);
+                } elseif ($contentExpected == 'AN_URL') {
+                    return $this->isExpectedUrl((string)$element->$field, 'index.php/s/');
+                } elseif ((string)$element->$field == $contentExpected) {
+                    return true;
+                } else {
+                    print($element->$field);
+                }
+            }
+
+            return false;
+        } else {
+            if ($contentExpected == 'A_TOKEN') {
+                return (strlen((string)$data->$field) == 15);
+            } elseif ($contentExpected == 'A_NUMBER') {
+                return is_numeric((string)$data->$field);
+            } elseif ($contentExpected == 'AN_URL') {
+                return $this->isExpectedUrl((string)$data->$field, 'index.php/s/');
+            } elseif ($contentExpected == $data->$field) {
+                return true;
+            } else {
+                print($data->$field);
+            }
+            return false;
+        }
+    }
+
+    /**
+     * @Then /^File "([^"]*)" should be included in the response$/
+     *
+     * @param string $filename
+     */
+    public function checkSharedFileInResponse($filename) {
+        Assert::assertEquals(true, $this->isFieldInResponse('file_target', "/$filename"));
+    }
+
+    /**
+     * @Then /^File "([^"]*)" should not be included in the response$/
+     *
+     * @param string $filename
+     */
+    public function checkSharedFileNotInResponse($filename) {
+        Assert::assertEquals(false, $this->isFieldInResponse('file_target', "/$filename"));
+    }
+
+    /**
+     * @Then /^User "([^"]*)" should be included in the response$/
+     *
+     * @param string $user
+     */
+    public function checkSharedUserInResponse($user) {
+        Assert::assertEquals(true, $this->isFieldInResponse('share_with', "$user"));
+    }
+
+    /**
+     * @Then /^User "([^"]*)" should not be included in the response$/
+     *
+     * @param string $user
+     */
+    public function checkSharedUserNotInResponse($user) {
+        Assert::assertEquals(false, $this->isFieldInResponse('share_with', "$user"));
+    }
+
+    public function isUserOrGroupInSharedData($userOrGroup, $permissions = null) {
+        $data = simplexml_load_string($this->response->getBody())->data[0];
+        foreach ($data as $element) {
+            if ($element->share_with == $userOrGroup && ($permissions === null || $permissions == $element->permissions)) {
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with user "([^"]*)"( with permissions ([\d]*))?( view-only)?$/
+     *
+     * @param string $filepath
+     * @param string $user1
+     * @param string $user2
+     */
+    public function assureFileIsShared($entry, $filepath, $user1, $user2, $withPerms = null, $permissions = null, $viewOnly = null) {
+        // when view-only is set, permissions is empty string instead of null...
+        if ($permissions === '') {
+            $permissions = null;
+        }
+        $fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares" . "?path=$filepath";
+        $client = new Client();
+        $options = [];
+        if ($user1 === 'admin') {
+            $options['auth'] = $this->adminUser;
+        } else {
+            $options['auth'] = [$user1, $this->regularUser];
+        }
+        $options['headers'] = [
+            'OCS-APIREQUEST' => 'true',
+        ];
+        $this->response = $client->get($fullUrl, $options);
+        if ($this->isUserOrGroupInSharedData($user2, $permissions)) {
+            return;
+        } else {
+            $this->createShare($user1, $filepath, 0, $user2, null, null, $permissions, $viewOnly !== null);
+        }
+        $this->response = $client->get($fullUrl, $options);
+        Assert::assertEquals(true, $this->isUserOrGroupInSharedData($user2, $permissions));
+    }
+
+    /**
+     * @Given /^(file|folder|entry) "([^"]*)" of user "([^"]*)" is shared with group "([^"]*)"( with permissions ([\d]*))?( view-only)?$/
+     *
+     * @param string $filepath
+     * @param string $user
+     * @param string $group
+     */
+    public function assureFileIsSharedWithGroup($entry, $filepath, $user, $group, $withPerms = null, $permissions = null, $viewOnly = null) {
+        // when view-only is set, permissions is empty string instead of null...
+        if ($permissions === '') {
+            $permissions = null;
+        }
+        $fullUrl = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares" . "?path=$filepath";
+        $client = new Client();
+        $options = [];
+        if ($user === 'admin') {
+            $options['auth'] = $this->adminUser;
+        } else {
+            $options['auth'] = [$user, $this->regularUser];
+        }
+        $options['headers'] = [
+            'OCS-APIREQUEST' => 'true',
+        ];
+        $this->response = $client->get($fullUrl, $options);
+        if ($this->isUserOrGroupInSharedData($group, $permissions)) {
+            return;
+        } else {
+            $this->createShare($user, $filepath, 1, $group, null, null, $permissions, $viewOnly !== null);
+        }
+        $this->response = $client->get($fullUrl, $options);
+        Assert::assertEquals(true, $this->isUserOrGroupInSharedData($group, $permissions));
+    }
+
+    /**
+     * @When /^Deleting last share$/
+     */
+    public function deletingLastShare() {
+        $share_id = $this->lastShareData->data[0]->id;
+        $url = "/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/$share_id";
+        $this->sendingToWith('DELETE', $url, null);
+    }
+
+    /**
+     * @When /^Getting info of last share$/
+     */
+    public function gettingInfoOfLastShare() {
+        $share_id = $this->lastShareData->data[0]->id;
+        $url = "/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/$share_id";
+        $this->sendingToWith('GET', $url, null);
+    }
+
+    /**
+     * @Then /^last share_id is included in the answer$/
+     */
+    public function checkingLastShareIDIsIncluded() {
+        $share_id = $this->lastShareData->data[0]->id;
+        if (!$this->isFieldInResponse('id', $share_id)) {
+            Assert::fail("Share id $share_id not found in response");
+        }
+    }
+
+    /**
+     * @Then /^last share_id is not included in the answer$/
+     */
+    public function checkingLastShareIDIsNotIncluded() {
+        $share_id = $this->lastShareData->data[0]->id;
+        if ($this->isFieldInResponse('id', $share_id)) {
+            Assert::fail("Share id $share_id has been found in response");
+        }
+    }
+
+    /**
+     * @Then /^Share fields of last share match with$/
+     * @param TableNode|null $body
+     */
+    public function checkShareFields($body) {
+        if ($body instanceof TableNode) {
+            $fd = $body->getRowsHash();
+
+            foreach ($fd as $field => $value) {
+                if (substr($field, 0, 10) === 'share_with') {
+                    $value = str_replace('REMOTE', substr($this->remoteBaseUrl, 0, -5), $value);
+                    $value = str_replace('LOCAL', substr($this->localBaseUrl, 0, -5), $value);
+                }
+                if (substr($field, 0, 6) === 'remote') {
+                    $value = str_replace('REMOTE', substr($this->remoteBaseUrl, 0, -4), $value);
+                    $value = str_replace('LOCAL', substr($this->localBaseUrl, 0, -4), $value);
+                }
+                if (!$this->isFieldInResponse($field, $value)) {
+                    Assert::fail("$field" . " doesn't have value " . "$value");
+                }
+            }
+        }
+    }
+
+    /**
+     * @Then the list of returned shares has :count shares
+     */
+    public function theListOfReturnedSharesHasShares(int $count) {
+        $this->theHTTPStatusCodeShouldBe('200');
+        $this->theOCSStatusCodeShouldBe('100');
+
+        $returnedShares = $this->getXmlResponse()->data[0];
+
+        Assert::assertEquals($count, count($returnedShares->element));
+    }
+
+    /**
+     * @Then share :count is returned with
+     *
+     * @param int $number
+     * @param TableNode $body
+     */
+    public function shareXIsReturnedWith(int $number, TableNode $body) {
+        $this->theHTTPStatusCodeShouldBe('200');
+        $this->theOCSStatusCodeShouldBe('100');
+
+        if (!($body instanceof TableNode)) {
+            return;
+        }
+
+        $returnedShare = $this->getXmlResponse()->data[0];
+        if ($returnedShare->element) {
+            $returnedShare = $returnedShare->element[$number];
+        }
+
+        $defaultExpectedFields = [
+            'id' => 'A_NUMBER',
+            'permissions' => '19',
+            'stime' => 'A_NUMBER',
+            'parent' => '',
+            'expiration' => '',
+            'token' => '',
+            'storage' => 'A_NUMBER',
+            'item_source' => 'A_NUMBER',
+            'file_source' => 'A_NUMBER',
+            'file_parent' => 'A_NUMBER',
+            'mail_send' => '0'
+        ];
+        $expectedFields = array_merge($defaultExpectedFields, $body->getRowsHash());
+
+        if (!array_key_exists('uid_file_owner', $expectedFields)
+                && array_key_exists('uid_owner', $expectedFields)) {
+            $expectedFields['uid_file_owner'] = $expectedFields['uid_owner'];
+        }
+        if (!array_key_exists('displayname_file_owner', $expectedFields)
+                && array_key_exists('displayname_owner', $expectedFields)) {
+            $expectedFields['displayname_file_owner'] = $expectedFields['displayname_owner'];
+        }
+
+        if (array_key_exists('share_type', $expectedFields)
+                && $expectedFields['share_type'] == 10 /* IShare::TYPE_ROOM */
+                && array_key_exists('share_with', $expectedFields)) {
+            if ($expectedFields['share_with'] === 'private_conversation') {
+                $expectedFields['share_with'] = 'REGEXP /^private_conversation_[0-9a-f]{6}$/';
+            } else {
+                $expectedFields['share_with'] = FeatureContext::getTokenForIdentifier($expectedFields['share_with']);
+            }
+        }
+
+        foreach ($expectedFields as $field => $value) {
+            $this->assertFieldIsInReturnedShare($field, $value, $returnedShare);
+        }
+    }
+
+    /**
+     * @return SimpleXMLElement
+     */
+    private function getXmlResponse(): \SimpleXMLElement {
+        return simplexml_load_string($this->response->getBody());
+    }
+
+    /**
+     * @param string $field
+     * @param string $contentExpected
+     * @param \SimpleXMLElement $returnedShare
+     */
+    private function assertFieldIsInReturnedShare(string $field, string $contentExpected, \SimpleXMLElement $returnedShare) {
+        if ($contentExpected === 'IGNORE') {
+            return;
+        }
+
+        if (!property_exists($returnedShare, $field)) {
+            Assert::fail("$field was not found in response");
+        }
+
+        if ($field === 'expiration' && !empty($contentExpected)) {
+            $contentExpected = date('Y-m-d', strtotime($contentExpected)) . ' 00:00:00';
+        }
+
+        if ($contentExpected === 'A_NUMBER') {
+            Assert::assertTrue(is_numeric((string)$returnedShare->$field), "Field '$field' is not a number: " . $returnedShare->$field);
+        } elseif ($contentExpected === 'A_TOKEN') {
+            // A token is composed by 15 characters from
+            // ISecureRandom::CHAR_HUMAN_READABLE.
+            Assert::assertRegExp('/^[abcdefgijkmnopqrstwxyzABCDEFGHJKLMNPQRSTWXYZ23456789]{15}$/', (string)$returnedShare->$field, "Field '$field' is not a token");
+        } elseif (strpos($contentExpected, 'REGEXP ') === 0) {
+            Assert::assertRegExp(substr($contentExpected, strlen('REGEXP ')), (string)$returnedShare->$field, "Field '$field' does not match");
+        } else {
+            Assert::assertEquals($contentExpected, (string)$returnedShare->$field, "Field '$field' does not match");
+        }
+    }
+
+    /**
+     * @Then As :user remove all shares from the file named :fileName
+     */
+    public function asRemoveAllSharesFromTheFileNamed($user, $fileName) {
+        $url = $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares?format=json";
+        $client = new \GuzzleHttp\Client();
+        $res = $client->get(
+            $url,
+            [
+                'auth' => [
+                    $user,
+                    '123456',
+                ],
+                'headers' => [
+                    'Content-Type' => 'application/json',
+                    'OCS-APIREQUEST' => 'true',
+                ],
+            ]
+        );
+        $json = json_decode($res->getBody()->getContents(), true);
+        $deleted = false;
+        foreach ($json['ocs']['data'] as $data) {
+            if (stripslashes($data['path']) === $fileName) {
+                $id = $data['id'];
+                $client->delete(
+                    $this->baseUrl . "v{$this->apiVersion}.php/apps/files_sharing/api/v{$this->sharingApiVersion}/shares/{$id}",
+                    [
+                        'auth' => [
+                            $user,
+                            '123456',
+                        ],
+                        'headers' => [
+                            'Content-Type' => 'application/json',
+                            'OCS-APIREQUEST' => 'true',
+                        ],
+                    ]
+                );
+                $deleted = true;
+            }
+        }
+
+        if ($deleted === false) {
+            throw new \Exception("Could not delete file $fileName");
+        }
+    }
+
+    /**
+     * @When save last share id
+     */
+    public function saveLastShareId() {
+        $this->savedShareId = ($this->lastShareData['data']['id'] ?? null);
+    }
+
+    /**
+     * @Then share ids should match
+     */
+    public function shareIdsShouldMatch() {
+        if ($this->savedShareId !== ($this->lastShareData['data']['id'] ?? null)) {
+            throw new \Exception('Expected the same link share to be returned');
+        }
+    }
+
+    /**
+     * @When /^getting sharees for$/
+     * @param TableNode $body
+     */
+    public function whenGettingShareesFor($body) {
+        $url = '/apps/files_sharing/api/v1/sharees';
+        if ($body instanceof TableNode) {
+            $parameters = [];
+            foreach ($body->getRowsHash() as $key => $value) {
+                $parameters[] = $key . '=' . $value;
+            }
+            if (!empty($parameters)) {
+                $url .= '?' . implode('&', $parameters);
+            }
+        }
+
+        $this->sendingTo('GET', $url);
+    }
+
+    /**
+     * @Then /^"([^"]*)" sharees returned (are|is empty)$/
+     * @param string $shareeType
+     * @param string $isEmpty
+     * @param TableNode|null $shareesList
+     */
+    public function thenListOfSharees($shareeType, $isEmpty, $shareesList = null) {
+        if ($isEmpty !== 'is empty') {
+            $sharees = $shareesList->getRows();
+            $respondedArray = $this->getArrayOfShareesResponded($this->response, $shareeType);
+            Assert::assertEquals($sharees, $respondedArray);
+        } else {
+            $respondedArray = $this->getArrayOfShareesResponded($this->response, $shareeType);
+            Assert::assertEmpty($respondedArray);
+        }
+    }
+
+    public function getArrayOfShareesResponded(ResponseInterface $response, $shareeType) {
+        $elements = simplexml_load_string($response->getBody())->data;
+        $elements = json_decode(json_encode($elements), 1);
+        if (strpos($shareeType, 'exact ') === 0) {
+            $elements = $elements['exact'];
+            $shareeType = substr($shareeType, 6);
+        }
+
+        $sharees = [];
+        foreach ($elements[$shareeType] as $element) {
+            $sharees[] = [$element['label'], $element['value']['shareType'], $element['value']['shareWith']];
+        }
+        return $sharees;
+    }
 }

Please login to merge, or discard this patch.

lib/private/AppFramework/Bootstrap/Coordinator.php 1 patch

Indentation +149 added lines, -149 removed lines patch added patch discarded remove patch

@@ -28,163 +28,163 @@
 block discarded – undo
 use function in_array;
 
 class Coordinator {
-	/** @var RegistrationContext|null */
-	private $registrationContext;
-
-	/** @var array<string,true> */
-	private array $bootedApps = [];
-
-	public function __construct(
-		private IServerContainer $serverContainer,
-		private Registry $registry,
-		private IManager $dashboardManager,
-		private IEventDispatcher $eventDispatcher,
-		private IEventLogger $eventLogger,
-		private IAppManager $appManager,
-		private LoggerInterface $logger,
-	) {
-	}
-
-	public function runInitialRegistration(): void {
-		$apps = OC_App::getEnabledApps();
-		if (!empty($apps)) {
-			// make sure to also register the core app
-			$apps = ['core', ...$apps];
-		}
-
-		$this->registerApps($apps);
-	}
-
-	public function runLazyRegistration(string $appId): void {
-		$this->registerApps([$appId]);
-	}
-
-	/**
-	 * @param string[] $appIds
-	 */
-	private function registerApps(array $appIds): void {
-		$this->eventLogger->start('bootstrap:register_apps', '');
-		if ($this->registrationContext === null) {
-			$this->registrationContext = new RegistrationContext($this->logger);
-		}
-		$apps = [];
-		foreach ($appIds as $appId) {
-			$this->eventLogger->start("bootstrap:register_app:$appId", "Register $appId");
-			$this->eventLogger->start("bootstrap:register_app:$appId:autoloader", "Setup autoloader for $appId");
-			/*
+    /** @var RegistrationContext|null */
+    private $registrationContext;
+
+    /** @var array<string,true> */
+    private array $bootedApps = [];
+
+    public function __construct(
+        private IServerContainer $serverContainer,
+        private Registry $registry,
+        private IManager $dashboardManager,
+        private IEventDispatcher $eventDispatcher,
+        private IEventLogger $eventLogger,
+        private IAppManager $appManager,
+        private LoggerInterface $logger,
+    ) {
+    }
+
+    public function runInitialRegistration(): void {
+        $apps = OC_App::getEnabledApps();
+        if (!empty($apps)) {
+            // make sure to also register the core app
+            $apps = ['core', ...$apps];
+        }
+
+        $this->registerApps($apps);
+    }
+
+    public function runLazyRegistration(string $appId): void {
+        $this->registerApps([$appId]);
+    }
+
+    /**
+     * @param string[] $appIds
+     */
+    private function registerApps(array $appIds): void {
+        $this->eventLogger->start('bootstrap:register_apps', '');
+        if ($this->registrationContext === null) {
+            $this->registrationContext = new RegistrationContext($this->logger);
+        }
+        $apps = [];
+        foreach ($appIds as $appId) {
+            $this->eventLogger->start("bootstrap:register_app:$appId", "Register $appId");
+            $this->eventLogger->start("bootstrap:register_app:$appId:autoloader", "Setup autoloader for $appId");
+            /*
 			 * First, we have to enable the app's autoloader
 			 */
-			try {
-				$path = $this->appManager->getAppPath($appId);
-				OC_App::registerAutoloading($appId, $path);
-			} catch (AppPathNotFoundException) {
-				// Ignore
-				continue;
-			}
-			$this->eventLogger->end("bootstrap:register_app:$appId:autoloader");
-
-			/*
+            try {
+                $path = $this->appManager->getAppPath($appId);
+                OC_App::registerAutoloading($appId, $path);
+            } catch (AppPathNotFoundException) {
+                // Ignore
+                continue;
+            }
+            $this->eventLogger->end("bootstrap:register_app:$appId:autoloader");
+
+            /*
 			 * Next we check if there is an application class, and it implements
 			 * the \OCP\AppFramework\Bootstrap\IBootstrap interface
 			 */
-			if ($appId === 'core') {
-				$appNameSpace = 'OC\\Core';
-			} else {
-				$appNameSpace = App::buildAppNamespace($appId);
-			}
-			$applicationClassName = $appNameSpace . '\\AppInfo\\Application';
-
-			try {
-				if (class_exists($applicationClassName) && is_a($applicationClassName, IBootstrap::class, true)) {
-					$this->eventLogger->start("bootstrap:register_app:$appId:application", "Load `Application` instance for $appId");
-					try {
-						/** @var IBootstrap&App $application */
-						$application = $this->serverContainer->query($applicationClassName);
-						$apps[$appId] = $application;
-					} catch (ContainerExceptionInterface $e) {
-						// Weird, but ok
-						$this->eventLogger->end("bootstrap:register_app:$appId");
-						continue;
-					}
-					$this->eventLogger->end("bootstrap:register_app:$appId:application");
-
-					$this->eventLogger->start("bootstrap:register_app:$appId:register", "`Application::register` for $appId");
-					$application->register($this->registrationContext->for($appId));
-					$this->eventLogger->end("bootstrap:register_app:$appId:register");
-				}
-			} catch (Throwable $e) {
-				$this->logger->emergency('Error during app service registration: ' . $e->getMessage(), [
-					'exception' => $e,
-					'app' => $appId,
-				]);
-				$this->eventLogger->end("bootstrap:register_app:$appId");
-				continue;
-			}
-			$this->eventLogger->end("bootstrap:register_app:$appId");
-		}
-
-		$this->eventLogger->start('bootstrap:register_apps:apply', 'Apply all the registered service by apps');
-		/**
-		 * Now that all register methods have been called, we can delegate the registrations
-		 * to the actual services
-		 */
-		$this->registrationContext->delegateCapabilityRegistrations($apps);
-		$this->registrationContext->delegateCrashReporterRegistrations($apps, $this->registry);
-		$this->registrationContext->delegateDashboardPanelRegistrations($this->dashboardManager);
-		$this->registrationContext->delegateEventListenerRegistrations($this->eventDispatcher);
-		$this->registrationContext->delegateContainerRegistrations($apps);
-		$this->eventLogger->end('bootstrap:register_apps:apply');
-		$this->eventLogger->end('bootstrap:register_apps');
-	}
-
-	public function getRegistrationContext(): ?RegistrationContext {
-		return $this->registrationContext;
-	}
-
-	public function bootApp(string $appId): void {
-		if (isset($this->bootedApps[$appId])) {
-			return;
-		}
-		$this->bootedApps[$appId] = true;
-
-		$appNameSpace = App::buildAppNamespace($appId);
-		$applicationClassName = $appNameSpace . '\\AppInfo\\Application';
-		if (!class_exists($applicationClassName)) {
-			// Nothing to boot
-			return;
-		}
-
-		/*
+            if ($appId === 'core') {
+                $appNameSpace = 'OC\\Core';
+            } else {
+                $appNameSpace = App::buildAppNamespace($appId);
+            }
+            $applicationClassName = $appNameSpace . '\\AppInfo\\Application';
+
+            try {
+                if (class_exists($applicationClassName) && is_a($applicationClassName, IBootstrap::class, true)) {
+                    $this->eventLogger->start("bootstrap:register_app:$appId:application", "Load `Application` instance for $appId");
+                    try {
+                        /** @var IBootstrap&App $application */
+                        $application = $this->serverContainer->query($applicationClassName);
+                        $apps[$appId] = $application;
+                    } catch (ContainerExceptionInterface $e) {
+                        // Weird, but ok
+                        $this->eventLogger->end("bootstrap:register_app:$appId");
+                        continue;
+                    }
+                    $this->eventLogger->end("bootstrap:register_app:$appId:application");
+
+                    $this->eventLogger->start("bootstrap:register_app:$appId:register", "`Application::register` for $appId");
+                    $application->register($this->registrationContext->for($appId));
+                    $this->eventLogger->end("bootstrap:register_app:$appId:register");
+                }
+            } catch (Throwable $e) {
+                $this->logger->emergency('Error during app service registration: ' . $e->getMessage(), [
+                    'exception' => $e,
+                    'app' => $appId,
+                ]);
+                $this->eventLogger->end("bootstrap:register_app:$appId");
+                continue;
+            }
+            $this->eventLogger->end("bootstrap:register_app:$appId");
+        }
+
+        $this->eventLogger->start('bootstrap:register_apps:apply', 'Apply all the registered service by apps');
+        /**
+         * Now that all register methods have been called, we can delegate the registrations
+         * to the actual services
+         */
+        $this->registrationContext->delegateCapabilityRegistrations($apps);
+        $this->registrationContext->delegateCrashReporterRegistrations($apps, $this->registry);
+        $this->registrationContext->delegateDashboardPanelRegistrations($this->dashboardManager);
+        $this->registrationContext->delegateEventListenerRegistrations($this->eventDispatcher);
+        $this->registrationContext->delegateContainerRegistrations($apps);
+        $this->eventLogger->end('bootstrap:register_apps:apply');
+        $this->eventLogger->end('bootstrap:register_apps');
+    }
+
+    public function getRegistrationContext(): ?RegistrationContext {
+        return $this->registrationContext;
+    }
+
+    public function bootApp(string $appId): void {
+        if (isset($this->bootedApps[$appId])) {
+            return;
+        }
+        $this->bootedApps[$appId] = true;
+
+        $appNameSpace = App::buildAppNamespace($appId);
+        $applicationClassName = $appNameSpace . '\\AppInfo\\Application';
+        if (!class_exists($applicationClassName)) {
+            // Nothing to boot
+            return;
+        }
+
+        /*
 		 * Now it is time to fetch an instance of the App class. For classes
 		 * that implement \OCP\AppFramework\Bootstrap\IBootstrap this means
 		 * the instance was already created for register, but any other
 		 * (legacy) code will now do their magic via the constructor.
 		 */
-		$this->eventLogger->start('bootstrap:boot_app:' . $appId, "Call `Application::boot` for $appId");
-		try {
-			/** @var App $application */
-			$application = $this->serverContainer->query($applicationClassName);
-			if ($application instanceof IBootstrap) {
-				/** @var BootContext $context */
-				$context = new BootContext($application->getContainer());
-				$application->boot($context);
-			}
-		} catch (QueryException $e) {
-			$this->logger->error("Could not boot $appId: " . $e->getMessage(), [
-				'exception' => $e,
-			]);
-		} catch (Throwable $e) {
-			$this->logger->emergency("Could not boot $appId: " . $e->getMessage(), [
-				'exception' => $e,
-			]);
-		}
-		$this->eventLogger->end('bootstrap:boot_app:' . $appId);
-	}
-
-	public function isBootable(string $appId) {
-		$appNameSpace = App::buildAppNamespace($appId);
-		$applicationClassName = $appNameSpace . '\\AppInfo\\Application';
-		return class_exists($applicationClassName)
-			&& in_array(IBootstrap::class, class_implements($applicationClassName), true);
-	}
+        $this->eventLogger->start('bootstrap:boot_app:' . $appId, "Call `Application::boot` for $appId");
+        try {
+            /** @var App $application */
+            $application = $this->serverContainer->query($applicationClassName);
+            if ($application instanceof IBootstrap) {
+                /** @var BootContext $context */
+                $context = new BootContext($application->getContainer());
+                $application->boot($context);
+            }
+        } catch (QueryException $e) {
+            $this->logger->error("Could not boot $appId: " . $e->getMessage(), [
+                'exception' => $e,
+            ]);
+        } catch (Throwable $e) {
+            $this->logger->emergency("Could not boot $appId: " . $e->getMessage(), [
+                'exception' => $e,
+            ]);
+        }
+        $this->eventLogger->end('bootstrap:boot_app:' . $appId);
+    }
+
+    public function isBootable(string $appId) {
+        $appNameSpace = App::buildAppNamespace($appId);
+        $applicationClassName = $appNameSpace . '\\AppInfo\\Application';
+        return class_exists($applicationClassName)
+            && in_array(IBootstrap::class, class_implements($applicationClassName), true);
+    }
 }

Please login to merge, or discard this patch.

lib/base.php 1 patch

Indentation +1145 added lines, -1145 removed lines patch added patch discarded remove patch

@@ -40,1151 +40,1151 @@
 block discarded – undo
  * OC_autoload!
  */
 class OC {
-	/**
-	 * The installation path for Nextcloud  on the server (e.g. /srv/http/nextcloud)
-	 */
-	public static string $SERVERROOT = '';
-	/**
-	 * the current request path relative to the Nextcloud root (e.g. files/index.php)
-	 */
-	private static string $SUBURI = '';
-	/**
-	 * the Nextcloud root path for http requests (e.g. /nextcloud)
-	 */
-	public static string $WEBROOT = '';
-	/**
-	 * The installation path array of the apps folder on the server (e.g. /srv/http/nextcloud) 'path' and
-	 * web path in 'url'
-	 */
-	public static array $APPSROOTS = [];
-
-	public static string $configDir;
-
-	/**
-	 * requested app
-	 */
-	public static string $REQUESTEDAPP = '';
-
-	/**
-	 * check if Nextcloud runs in cli mode
-	 */
-	public static bool $CLI = false;
-
-	public static \Composer\Autoload\ClassLoader $composerAutoloader;
-
-	public static \OC\Server $server;
-
-	private static \OC\Config $config;
-
-	/**
-	 * @throws \RuntimeException when the 3rdparty directory is missing or
-	 *                           the app path list is empty or contains an invalid path
-	 */
-	public static function initPaths(): void {
-		if (defined('PHPUNIT_CONFIG_DIR')) {
-			self::$configDir = OC::$SERVERROOT . '/' . PHPUNIT_CONFIG_DIR . '/';
-		} elseif (defined('PHPUNIT_RUN') and PHPUNIT_RUN and is_dir(OC::$SERVERROOT . '/tests/config/')) {
-			self::$configDir = OC::$SERVERROOT . '/tests/config/';
-		} elseif ($dir = getenv('NEXTCLOUD_CONFIG_DIR')) {
-			self::$configDir = rtrim($dir, '/') . '/';
-		} else {
-			self::$configDir = OC::$SERVERROOT . '/config/';
-		}
-		self::$config = new \OC\Config(self::$configDir);
-
-		OC::$SUBURI = str_replace('\\', '/', substr(realpath($_SERVER['SCRIPT_FILENAME'] ?? ''), strlen(OC::$SERVERROOT)));
-		/**
-		 * FIXME: The following lines are required because we can't yet instantiate
-		 *        Server::get(\OCP\IRequest::class) since \OC::$server does not yet exist.
-		 */
-		$params = [
-			'server' => [
-				'SCRIPT_NAME' => $_SERVER['SCRIPT_NAME'] ?? null,
-				'SCRIPT_FILENAME' => $_SERVER['SCRIPT_FILENAME'] ?? null,
-			],
-		];
-		if (isset($_SERVER['REMOTE_ADDR'])) {
-			$params['server']['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
-		}
-		$fakeRequest = new \OC\AppFramework\Http\Request(
-			$params,
-			new \OC\AppFramework\Http\RequestId($_SERVER['UNIQUE_ID'] ?? '', new \OC\Security\SecureRandom()),
-			new \OC\AllConfig(new \OC\SystemConfig(self::$config))
-		);
-		$scriptName = $fakeRequest->getScriptName();
-		if (substr($scriptName, -1) == '/') {
-			$scriptName .= 'index.php';
-			//make sure suburi follows the same rules as scriptName
-			if (substr(OC::$SUBURI, -9) != 'index.php') {
-				if (substr(OC::$SUBURI, -1) != '/') {
-					OC::$SUBURI = OC::$SUBURI . '/';
-				}
-				OC::$SUBURI = OC::$SUBURI . 'index.php';
-			}
-		}
-
-		if (OC::$CLI) {
-			OC::$WEBROOT = self::$config->getValue('overwritewebroot', '');
-		} else {
-			if (substr($scriptName, 0 - strlen(OC::$SUBURI)) === OC::$SUBURI) {
-				OC::$WEBROOT = substr($scriptName, 0, 0 - strlen(OC::$SUBURI));
-
-				if (OC::$WEBROOT != '' && OC::$WEBROOT[0] !== '/') {
-					OC::$WEBROOT = '/' . OC::$WEBROOT;
-				}
-			} else {
-				// The scriptName is not ending with OC::$SUBURI
-				// This most likely means that we are calling from CLI.
-				// However some cron jobs still need to generate
-				// a web URL, so we use overwritewebroot as a fallback.
-				OC::$WEBROOT = self::$config->getValue('overwritewebroot', '');
-			}
-
-			// Resolve /nextcloud to /nextcloud/ to ensure to always have a trailing
-			// slash which is required by URL generation.
-			if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT
-					&& substr($_SERVER['REQUEST_URI'], -1) !== '/') {
-				header('Location: ' . \OC::$WEBROOT . '/');
-				exit();
-			}
-		}
-
-		// search the apps folder
-		$config_paths = self::$config->getValue('apps_paths', []);
-		if (!empty($config_paths)) {
-			foreach ($config_paths as $paths) {
-				if (isset($paths['url']) && isset($paths['path'])) {
-					$paths['url'] = rtrim($paths['url'], '/');
-					$paths['path'] = rtrim($paths['path'], '/');
-					OC::$APPSROOTS[] = $paths;
-				}
-			}
-		} elseif (file_exists(OC::$SERVERROOT . '/apps')) {
-			OC::$APPSROOTS[] = ['path' => OC::$SERVERROOT . '/apps', 'url' => '/apps', 'writable' => true];
-		}
-
-		if (empty(OC::$APPSROOTS)) {
-			throw new \RuntimeException('apps directory not found! Please put the Nextcloud apps folder in the Nextcloud folder'
-				. '. You can also configure the location in the config.php file.');
-		}
-		$paths = [];
-		foreach (OC::$APPSROOTS as $path) {
-			$paths[] = $path['path'];
-			if (!is_dir($path['path'])) {
-				throw new \RuntimeException(sprintf('App directory "%s" not found! Please put the Nextcloud apps folder in the'
-					. ' Nextcloud folder. You can also configure the location in the config.php file.', $path['path']));
-			}
-		}
-
-		// set the right include path
-		set_include_path(
-			implode(PATH_SEPARATOR, $paths)
-		);
-	}
-
-	public static function checkConfig(): void {
-		// Create config if it does not already exist
-		$configFilePath = self::$configDir . '/config.php';
-		if (!file_exists($configFilePath)) {
-			@touch($configFilePath);
-		}
-
-		// Check if config is writable
-		$configFileWritable = is_writable($configFilePath);
-		$configReadOnly = Server::get(IConfig::class)->getSystemValueBool('config_is_read_only');
-		if (!$configFileWritable && !$configReadOnly
-			|| !$configFileWritable && \OCP\Util::needUpgrade()) {
-			$urlGenerator = Server::get(IURLGenerator::class);
-			$l = Server::get(\OCP\L10N\IFactory::class)->get('lib');
-
-			if (self::$CLI) {
-				echo $l->t('Cannot write into "config" directory!') . "\n";
-				echo $l->t('This can usually be fixed by giving the web server write access to the config directory.') . "\n";
-				echo "\n";
-				echo $l->t('But, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.') . "\n";
-				echo $l->t('See %s', [ $urlGenerator->linkToDocs('admin-config') ]) . "\n";
-				exit;
-			} else {
-				Server::get(ITemplateManager::class)->printErrorPage(
-					$l->t('Cannot write into "config" directory!'),
-					$l->t('This can usually be fixed by giving the web server write access to the config directory.') . ' '
-					. $l->t('But, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.') . ' '
-					. $l->t('See %s', [ $urlGenerator->linkToDocs('admin-config') ]),
-					503
-				);
-			}
-		}
-	}
-
-	public static function checkInstalled(\OC\SystemConfig $systemConfig): void {
-		if (defined('OC_CONSOLE')) {
-			return;
-		}
-		// Redirect to installer if not installed
-		if (!$systemConfig->getValue('installed', false) && OC::$SUBURI !== '/index.php' && OC::$SUBURI !== '/status.php') {
-			if (OC::$CLI) {
-				throw new Exception('Not installed');
-			} else {
-				$url = OC::$WEBROOT . '/index.php';
-				header('Location: ' . $url);
-			}
-			exit();
-		}
-	}
-
-	public static function checkMaintenanceMode(\OC\SystemConfig $systemConfig): void {
-		// Allow ajax update script to execute without being stopped
-		if (((bool)$systemConfig->getValue('maintenance', false)) && OC::$SUBURI != '/core/ajax/update.php') {
-			// send http status 503
-			http_response_code(503);
-			header('X-Nextcloud-Maintenance-Mode: 1');
-			header('Retry-After: 120');
-
-			// render error page
-			$template = Server::get(ITemplateManager::class)->getTemplate('', 'update.user', 'guest');
-			\OCP\Util::addScript('core', 'maintenance');
-			\OCP\Util::addStyle('core', 'guest');
-			$template->printPage();
-			die();
-		}
-	}
-
-	/**
-	 * Prints the upgrade page
-	 */
-	private static function printUpgradePage(\OC\SystemConfig $systemConfig): void {
-		$cliUpgradeLink = $systemConfig->getValue('upgrade.cli-upgrade-link', '');
-		$disableWebUpdater = $systemConfig->getValue('upgrade.disable-web', false);
-		$tooBig = false;
-		if (!$disableWebUpdater) {
-			$apps = Server::get(\OCP\App\IAppManager::class);
-			if ($apps->isEnabledForAnyone('user_ldap')) {
-				$qb = Server::get(\OCP\IDBConnection::class)->getQueryBuilder();
-
-				$result = $qb->select($qb->func()->count('*', 'user_count'))
-					->from('ldap_user_mapping')
-					->executeQuery();
-				$row = $result->fetch();
-				$result->closeCursor();
-
-				$tooBig = ($row['user_count'] > 50);
-			}
-			if (!$tooBig && $apps->isEnabledForAnyone('user_saml')) {
-				$qb = Server::get(\OCP\IDBConnection::class)->getQueryBuilder();
-
-				$result = $qb->select($qb->func()->count('*', 'user_count'))
-					->from('user_saml_users')
-					->executeQuery();
-				$row = $result->fetch();
-				$result->closeCursor();
-
-				$tooBig = ($row['user_count'] > 50);
-			}
-			if (!$tooBig) {
-				// count users
-				$totalUsers = Server::get(\OCP\IUserManager::class)->countUsersTotal(51);
-				$tooBig = ($totalUsers > 50);
-			}
-		}
-		$ignoreTooBigWarning = isset($_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup'])
-			&& $_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup'] === 'IAmSuperSureToDoThis';
-
-		if ($disableWebUpdater || ($tooBig && !$ignoreTooBigWarning)) {
-			// send http status 503
-			http_response_code(503);
-			header('Retry-After: 120');
-
-			$serverVersion = \OCP\Server::get(\OCP\ServerVersion::class);
-
-			// render error page
-			$template = Server::get(ITemplateManager::class)->getTemplate('', 'update.use-cli', 'guest');
-			$template->assign('productName', 'nextcloud'); // for now
-			$template->assign('version', $serverVersion->getVersionString());
-			$template->assign('tooBig', $tooBig);
-			$template->assign('cliUpgradeLink', $cliUpgradeLink);
-
-			$template->printPage();
-			die();
-		}
-
-		// check whether this is a core update or apps update
-		$installedVersion = $systemConfig->getValue('version', '0.0.0');
-		$currentVersion = implode('.', \OCP\Util::getVersion());
-
-		// if not a core upgrade, then it's apps upgrade
-		$isAppsOnlyUpgrade = version_compare($currentVersion, $installedVersion, '=');
-
-		$oldTheme = $systemConfig->getValue('theme');
-		$systemConfig->setValue('theme', '');
-		\OCP\Util::addScript('core', 'common');
-		\OCP\Util::addScript('core', 'main');
-		\OCP\Util::addTranslations('core');
-		\OCP\Util::addScript('core', 'update');
-
-		/** @var \OC\App\AppManager $appManager */
-		$appManager = Server::get(\OCP\App\IAppManager::class);
-
-		$tmpl = Server::get(ITemplateManager::class)->getTemplate('', 'update.admin', 'guest');
-		$tmpl->assign('version', \OCP\Server::get(\OCP\ServerVersion::class)->getVersionString());
-		$tmpl->assign('isAppsOnlyUpgrade', $isAppsOnlyUpgrade);
-
-		// get third party apps
-		$ocVersion = \OCP\Util::getVersion();
-		$ocVersion = implode('.', $ocVersion);
-		$incompatibleApps = $appManager->getIncompatibleApps($ocVersion);
-		$incompatibleOverwrites = $systemConfig->getValue('app_install_overwrite', []);
-		$incompatibleShippedApps = [];
-		$incompatibleDisabledApps = [];
-		foreach ($incompatibleApps as $appInfo) {
-			if ($appManager->isShipped($appInfo['id'])) {
-				$incompatibleShippedApps[] = $appInfo['name'] . ' (' . $appInfo['id'] . ')';
-			}
-			if (!in_array($appInfo['id'], $incompatibleOverwrites)) {
-				$incompatibleDisabledApps[] = $appInfo;
-			}
-		}
-
-		if (!empty($incompatibleShippedApps)) {
-			$l = Server::get(\OCP\L10N\IFactory::class)->get('core');
-			$hint = $l->t('Application %1$s is not present or has a non-compatible version with this server. Please check the apps directory.', [implode(', ', $incompatibleShippedApps)]);
-			throw new \OCP\HintException('Application ' . implode(', ', $incompatibleShippedApps) . ' is not present or has a non-compatible version with this server. Please check the apps directory.', $hint);
-		}
-
-		$tmpl->assign('appsToUpgrade', $appManager->getAppsNeedingUpgrade($ocVersion));
-		$tmpl->assign('incompatibleAppsList', $incompatibleDisabledApps);
-		try {
-			$defaults = new \OC_Defaults();
-			$tmpl->assign('productName', $defaults->getName());
-		} catch (Throwable $error) {
-			$tmpl->assign('productName', 'Nextcloud');
-		}
-		$tmpl->assign('oldTheme', $oldTheme);
-		$tmpl->printPage();
-	}
-
-	public static function initSession(): void {
-		$request = Server::get(IRequest::class);
-
-		// TODO: Temporary disabled again to solve issues with CalDAV/CardDAV clients like DAVx5 that use cookies
-		// TODO: See https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147 and the other comments
-		// TODO: for further information.
-		// $isDavRequest = strpos($request->getRequestUri(), '/remote.php/dav') === 0 || strpos($request->getRequestUri(), '/remote.php/webdav') === 0;
-		// if ($request->getHeader('Authorization') !== '' && is_null($request->getCookie('cookie_test')) && $isDavRequest && !isset($_COOKIE['nc_session_id'])) {
-		// setcookie('cookie_test', 'test', time() + 3600);
-		// // Do not initialize the session if a request is authenticated directly
-		// // unless there is a session cookie already sent along
-		// return;
-		// }
-
-		if ($request->getServerProtocol() === 'https') {
-			ini_set('session.cookie_secure', 'true');
-		}
-
-		// prevents javascript from accessing php session cookies
-		ini_set('session.cookie_httponly', 'true');
-
-		// Do not initialize sessions for 'status.php' requests
-		// Monitoring endpoints can quickly flood session handlers
-		// and 'status.php' doesn't require sessions anyway
-		if (str_ends_with($request->getScriptName(), '/status.php')) {
-			return;
-		}
-
-		// set the cookie path to the Nextcloud directory
-		$cookie_path = OC::$WEBROOT ? : '/';
-		ini_set('session.cookie_path', $cookie_path);
-
-		// set the cookie domain to the Nextcloud domain
-		$cookie_domain = self::$config->getValue('cookie_domain', '');
-		if ($cookie_domain) {
-			ini_set('session.cookie_domain', $cookie_domain);
-		}
-
-		// Let the session name be changed in the initSession Hook
-		$sessionName = OC_Util::getInstanceId();
-
-		try {
-			$logger = null;
-			if (Server::get(\OC\SystemConfig::class)->getValue('installed', false)) {
-				$logger = logger('core');
-			}
-
-			// set the session name to the instance id - which is unique
-			$session = new \OC\Session\Internal(
-				$sessionName,
-				$logger,
-			);
-
-			$cryptoWrapper = Server::get(\OC\Session\CryptoWrapper::class);
-			$session = $cryptoWrapper->wrapSession($session);
-			self::$server->setSession($session);
-
-			// if session can't be started break with http 500 error
-		} catch (Exception $e) {
-			Server::get(LoggerInterface::class)->error($e->getMessage(), ['app' => 'base','exception' => $e]);
-			//show the user a detailed error page
-			Server::get(ITemplateManager::class)->printExceptionErrorPage($e, 500);
-			die();
-		}
-
-		//try to set the session lifetime
-		$sessionLifeTime = self::getSessionLifeTime();
-
-		// session timeout
-		if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
-			if (isset($_COOKIE[session_name()])) {
-				setcookie(session_name(), '', -1, self::$WEBROOT ? : '/');
-			}
-			Server::get(IUserSession::class)->logout();
-		}
-
-		if (!self::hasSessionRelaxedExpiry()) {
-			$session->set('LAST_ACTIVITY', time());
-		}
-		$session->close();
-	}
-
-	private static function getSessionLifeTime(): int {
-		return Server::get(\OC\AllConfig::class)->getSystemValueInt('session_lifetime', 60 * 60 * 24);
-	}
-
-	/**
-	 * @return bool true if the session expiry should only be done by gc instead of an explicit timeout
-	 */
-	public static function hasSessionRelaxedExpiry(): bool {
-		return Server::get(\OC\AllConfig::class)->getSystemValueBool('session_relaxed_expiry', false);
-	}
-
-	/**
-	 * Try to set some values to the required Nextcloud default
-	 */
-	public static function setRequiredIniValues(): void {
-		// Don't display errors and log them
-		@ini_set('display_errors', '0');
-		@ini_set('log_errors', '1');
-
-		// Try to configure php to enable big file uploads.
-		// This doesn't work always depending on the webserver and php configuration.
-		// Let's try to overwrite some defaults if they are smaller than 1 hour
-
-		if (intval(@ini_get('max_execution_time') ?: 0) < 3600) {
-			@ini_set('max_execution_time', strval(3600));
-		}
-
-		if (intval(@ini_get('max_input_time') ?: 0) < 3600) {
-			@ini_set('max_input_time', strval(3600));
-		}
-
-		// Try to set the maximum execution time to the largest time limit we have
-		if (strpos(@ini_get('disable_functions'), 'set_time_limit') === false) {
-			@set_time_limit(max(intval(@ini_get('max_execution_time')), intval(@ini_get('max_input_time'))));
-		}
-
-		@ini_set('default_charset', 'UTF-8');
-		@ini_set('gd.jpeg_ignore_warning', '1');
-	}
-
-	/**
-	 * Send the same site cookies
-	 */
-	private static function sendSameSiteCookies(): void {
-		$cookieParams = session_get_cookie_params();
-		$secureCookie = ($cookieParams['secure'] === true) ? 'secure; ' : '';
-		$policies = [
-			'lax',
-			'strict',
-		];
-
-		// Append __Host to the cookie if it meets the requirements
-		$cookiePrefix = '';
-		if ($cookieParams['secure'] === true && $cookieParams['path'] === '/') {
-			$cookiePrefix = '__Host-';
-		}
-
-		foreach ($policies as $policy) {
-			header(
-				sprintf(
-					'Set-Cookie: %snc_sameSiteCookie%s=true; path=%s; httponly;' . $secureCookie . 'expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=%s',
-					$cookiePrefix,
-					$policy,
-					$cookieParams['path'],
-					$policy
-				),
-				false
-			);
-		}
-	}
-
-	/**
-	 * Same Site cookie to further mitigate CSRF attacks. This cookie has to
-	 * be set in every request if cookies are sent to add a second level of
-	 * defense against CSRF.
-	 *
-	 * If the cookie is not sent this will set the cookie and reload the page.
-	 * We use an additional cookie since we want to protect logout CSRF and
-	 * also we can't directly interfere with PHP's session mechanism.
-	 */
-	private static function performSameSiteCookieProtection(IConfig $config): void {
-		$request = Server::get(IRequest::class);
-
-		// Some user agents are notorious and don't really properly follow HTTP
-		// specifications. For those, have an automated opt-out. Since the protection
-		// for remote.php is applied in base.php as starting point we need to opt out
-		// here.
-		$incompatibleUserAgents = $config->getSystemValue('csrf.optout');
-
-		// Fallback, if csrf.optout is unset
-		if (!is_array($incompatibleUserAgents)) {
-			$incompatibleUserAgents = [
-				// OS X Finder
-				'/^WebDAVFS/',
-				// Windows webdav drive
-				'/^Microsoft-WebDAV-MiniRedir/',
-			];
-		}
-
-		if ($request->isUserAgent($incompatibleUserAgents)) {
-			return;
-		}
-
-		if (count($_COOKIE) > 0) {
-			$requestUri = $request->getScriptName();
-			$processingScript = explode('/', $requestUri);
-			$processingScript = $processingScript[count($processingScript) - 1];
-
-			if ($processingScript === 'index.php' // index.php routes are handled in the middleware
-				|| $processingScript === 'cron.php' // and cron.php does not need any authentication at all
-				|| $processingScript === 'public.php' // For public.php, auth for password protected shares is done in the PublicAuth plugin
-			) {
-				return;
-			}
-
-			// All other endpoints require the lax and the strict cookie
-			if (!$request->passesStrictCookieCheck()) {
-				logger('core')->warning('Request does not pass strict cookie check');
-				self::sendSameSiteCookies();
-				// Debug mode gets access to the resources without strict cookie
-				// due to the fact that the SabreDAV browser also lives there.
-				if (!$config->getSystemValueBool('debug', false)) {
-					http_response_code(\OCP\AppFramework\Http::STATUS_PRECONDITION_FAILED);
-					header('Content-Type: application/json');
-					echo json_encode(['error' => 'Strict Cookie has not been found in request']);
-					exit();
-				}
-			}
-		} elseif (!isset($_COOKIE['nc_sameSiteCookielax']) || !isset($_COOKIE['nc_sameSiteCookiestrict'])) {
-			self::sendSameSiteCookies();
-		}
-	}
-
-	public static function init(): void {
-		// First handle PHP configuration and copy auth headers to the expected
-		// $_SERVER variable before doing anything Server object related
-		self::setRequiredIniValues();
-		self::handleAuthHeaders();
-
-		// prevent any XML processing from loading external entities
-		libxml_set_external_entity_loader(static function () {
-			return null;
-		});
-
-		// Set default timezone before the Server object is booted
-		if (!date_default_timezone_set('UTC')) {
-			throw new \RuntimeException('Could not set timezone to UTC');
-		}
-
-		// calculate the root directories
-		OC::$SERVERROOT = str_replace('\\', '/', substr(__DIR__, 0, -4));
-
-		// register autoloader
-		$loaderStart = microtime(true);
-
-		self::$CLI = (php_sapi_name() == 'cli');
-
-		// Add default composer PSR-4 autoloader, ensure apcu to be disabled
-		self::$composerAutoloader = require_once OC::$SERVERROOT . '/lib/composer/autoload.php';
-		self::$composerAutoloader->setApcuPrefix(null);
-
-
-		try {
-			self::initPaths();
-			// setup 3rdparty autoloader
-			$vendorAutoLoad = OC::$SERVERROOT . '/3rdparty/autoload.php';
-			if (!file_exists($vendorAutoLoad)) {
-				throw new \RuntimeException('Composer autoloader not found, unable to continue. Check the folder "3rdparty". Running "git submodule update --init" will initialize the git submodule that handles the subfolder "3rdparty".');
-			}
-			require_once $vendorAutoLoad;
-		} catch (\RuntimeException $e) {
-			if (!self::$CLI) {
-				http_response_code(503);
-			}
-			// we can't use the template error page here, because this needs the
-			// DI container which isn't available yet
-			print($e->getMessage());
-			exit();
-		}
-		$loaderEnd = microtime(true);
-
-		// Enable lazy loading if activated
-		\OC\AppFramework\Utility\SimpleContainer::$useLazyObjects = (bool)self::$config->getValue('enable_lazy_objects', true);
-
-		// setup the basic server
-		self::$server = new \OC\Server(\OC::$WEBROOT, self::$config);
-		self::$server->boot();
-
-		try {
-			$profiler = new BuiltInProfiler(
-				Server::get(IConfig::class),
-				Server::get(IRequest::class),
-			);
-			$profiler->start();
-		} catch (\Throwable $e) {
-			logger('core')->error('Failed to start profiler: ' . $e->getMessage(), ['app' => 'base']);
-		}
-
-		if (self::$CLI && in_array('--' . \OCP\Console\ReservedOptions::DEBUG_LOG, $_SERVER['argv'])) {
-			\OC\Core\Listener\BeforeMessageLoggedEventListener::setup();
-		}
-
-		$eventLogger = Server::get(\OCP\Diagnostics\IEventLogger::class);
-		$eventLogger->log('autoloader', 'Autoloader', $loaderStart, $loaderEnd);
-		$eventLogger->start('boot', 'Initialize');
-
-		// Override php.ini and log everything if we're troubleshooting
-		if (self::$config->getValue('loglevel') === ILogger::DEBUG) {
-			error_reporting(E_ALL);
-		}
-
-		// initialize intl fallback if necessary
-		OC_Util::isSetLocaleWorking();
-
-		$config = Server::get(IConfig::class);
-		if (!defined('PHPUNIT_RUN')) {
-			$errorHandler = new OC\Log\ErrorHandler(
-				\OCP\Server::get(\Psr\Log\LoggerInterface::class),
-			);
-			$exceptionHandler = [$errorHandler, 'onException'];
-			if ($config->getSystemValueBool('debug', false)) {
-				set_error_handler([$errorHandler, 'onAll'], E_ALL);
-				if (\OC::$CLI) {
-					$exceptionHandler = [Server::get(ITemplateManager::class), 'printExceptionErrorPage'];
-				}
-			} else {
-				set_error_handler([$errorHandler, 'onError']);
-			}
-			register_shutdown_function([$errorHandler, 'onShutdown']);
-			set_exception_handler($exceptionHandler);
-		}
-
-		/** @var \OC\AppFramework\Bootstrap\Coordinator $bootstrapCoordinator */
-		$bootstrapCoordinator = Server::get(\OC\AppFramework\Bootstrap\Coordinator::class);
-		$bootstrapCoordinator->runInitialRegistration();
-
-		$eventLogger->start('init_session', 'Initialize session');
-
-		// Check for PHP SimpleXML extension earlier since we need it before our other checks and want to provide a useful hint for web users
-		// see https://github.com/nextcloud/server/pull/2619
-		if (!function_exists('simplexml_load_file')) {
-			throw new \OCP\HintException('The PHP SimpleXML/PHP-XML extension is not installed.', 'Install the extension or make sure it is enabled.');
-		}
-
-		$systemConfig = Server::get(\OC\SystemConfig::class);
-		$appManager = Server::get(\OCP\App\IAppManager::class);
-		if ($systemConfig->getValue('installed', false)) {
-			$appManager->loadApps(['session']);
-		}
-		if (!self::$CLI) {
-			self::initSession();
-		}
-		$eventLogger->end('init_session');
-		self::checkConfig();
-		self::checkInstalled($systemConfig);
-
-		OC_Response::addSecurityHeaders();
-
-		self::performSameSiteCookieProtection($config);
-
-		if (!defined('OC_CONSOLE')) {
-			$eventLogger->start('check_server', 'Run a few configuration checks');
-			$errors = OC_Util::checkServer($systemConfig);
-			if (count($errors) > 0) {
-				if (!self::$CLI) {
-					http_response_code(503);
-					Util::addStyle('guest');
-					try {
-						Server::get(ITemplateManager::class)->printGuestPage('', 'error', ['errors' => $errors]);
-						exit;
-					} catch (\Exception $e) {
-						// In case any error happens when showing the error page, we simply fall back to posting the text.
-						// This might be the case when e.g. the data directory is broken and we can not load/write SCSS to/from it.
-					}
-				}
-
-				// Convert l10n string into regular string for usage in database
-				$staticErrors = [];
-				foreach ($errors as $error) {
-					echo $error['error'] . "\n";
-					echo $error['hint'] . "\n\n";
-					$staticErrors[] = [
-						'error' => (string)$error['error'],
-						'hint' => (string)$error['hint'],
-					];
-				}
-
-				try {
-					$config->setAppValue('core', 'cronErrors', json_encode($staticErrors));
-				} catch (\Exception $e) {
-					echo('Writing to database failed');
-				}
-				exit(1);
-			} elseif (self::$CLI && $config->getSystemValueBool('installed', false)) {
-				$config->deleteAppValue('core', 'cronErrors');
-			}
-			$eventLogger->end('check_server');
-		}
-
-		// User and Groups
-		if (!$systemConfig->getValue('installed', false)) {
-			self::$server->getSession()->set('user_id', '');
-		}
-
-		$eventLogger->start('setup_backends', 'Setup group and user backends');
-		Server::get(\OCP\IUserManager::class)->registerBackend(new \OC\User\Database());
-		Server::get(\OCP\IGroupManager::class)->addBackend(new \OC\Group\Database());
-
-		// Subscribe to the hook
-		\OCP\Util::connectHook(
-			'\OCA\Files_Sharing\API\Server2Server',
-			'preLoginNameUsedAsUserName',
-			'\OC\User\Database',
-			'preLoginNameUsedAsUserName'
-		);
-
-		//setup extra user backends
-		if (!\OCP\Util::needUpgrade()) {
-			OC_User::setupBackends();
-		} else {
-			// Run upgrades in incognito mode
-			OC_User::setIncognitoMode(true);
-		}
-		$eventLogger->end('setup_backends');
-
-		self::registerCleanupHooks($systemConfig);
-		self::registerShareHooks($systemConfig);
-		self::registerEncryptionWrapperAndHooks();
-		self::registerAccountHooks();
-		self::registerResourceCollectionHooks();
-		self::registerFileReferenceEventListener();
-		self::registerRenderReferenceEventListener();
-		self::registerAppRestrictionsHooks();
-
-		// Make sure that the application class is not loaded before the database is setup
-		if ($systemConfig->getValue('installed', false)) {
-			$appManager->loadApp('settings');
-		}
-
-		//make sure temporary files are cleaned up
-		$tmpManager = Server::get(\OCP\ITempManager::class);
-		register_shutdown_function([$tmpManager, 'clean']);
-		$lockProvider = Server::get(\OCP\Lock\ILockingProvider::class);
-		register_shutdown_function([$lockProvider, 'releaseAll']);
-
-		// Check whether the sample configuration has been copied
-		if ($systemConfig->getValue('copied_sample_config', false)) {
-			$l = Server::get(\OCP\L10N\IFactory::class)->get('lib');
-			Server::get(ITemplateManager::class)->printErrorPage(
-				$l->t('Sample configuration detected'),
-				$l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php'),
-				503
-			);
-			return;
-		}
-
-		$request = Server::get(IRequest::class);
-		$host = $request->getInsecureServerHost();
-		/**
-		 * if the host passed in headers isn't trusted
-		 * FIXME: Should not be in here at all :see_no_evil:
-		 */
-		if (!OC::$CLI
-			&& !Server::get(\OC\Security\TrustedDomainHelper::class)->isTrustedDomain($host)
-			&& $config->getSystemValueBool('installed', false)
-		) {
-			// Allow access to CSS resources
-			$isScssRequest = false;
-			if (strpos($request->getPathInfo() ?: '', '/css/') === 0) {
-				$isScssRequest = true;
-			}
-
-			if (substr($request->getRequestUri(), -11) === '/status.php') {
-				http_response_code(400);
-				header('Content-Type: application/json');
-				echo '{"error": "Trusted domain error.", "code": 15}';
-				exit();
-			}
-
-			if (!$isScssRequest) {
-				http_response_code(400);
-				Server::get(LoggerInterface::class)->info(
-					'Trusted domain error. "{remoteAddress}" tried to access using "{host}" as host.',
-					[
-						'app' => 'core',
-						'remoteAddress' => $request->getRemoteAddress(),
-						'host' => $host,
-					]
-				);
-
-				$tmpl = Server::get(ITemplateManager::class)->getTemplate('core', 'untrustedDomain', 'guest');
-				$tmpl->assign('docUrl', Server::get(IURLGenerator::class)->linkToDocs('admin-trusted-domains'));
-				$tmpl->printPage();
-
-				exit();
-			}
-		}
-		$eventLogger->end('boot');
-		$eventLogger->log('init', 'OC::init', $loaderStart, microtime(true));
-		$eventLogger->start('runtime', 'Runtime');
-		$eventLogger->start('request', 'Full request after boot');
-		register_shutdown_function(function () use ($eventLogger) {
-			$eventLogger->end('request');
-		});
-
-		register_shutdown_function(function () {
-			$memoryPeak = memory_get_peak_usage();
-			$logLevel = match (true) {
-				$memoryPeak > 500_000_000 => ILogger::FATAL,
-				$memoryPeak > 400_000_000 => ILogger::ERROR,
-				$memoryPeak > 300_000_000 => ILogger::WARN,
-				default => null,
-			};
-			if ($logLevel !== null) {
-				$message = 'Request used more than 300 MB of RAM: ' . Util::humanFileSize($memoryPeak);
-				$logger = Server::get(LoggerInterface::class);
-				$logger->log($logLevel, $message, ['app' => 'core']);
-			}
-		});
-	}
-
-	/**
-	 * register hooks for the cleanup of cache and bruteforce protection
-	 */
-	public static function registerCleanupHooks(\OC\SystemConfig $systemConfig): void {
-		//don't try to do this before we are properly setup
-		if ($systemConfig->getValue('installed', false) && !\OCP\Util::needUpgrade()) {
-			// NOTE: This will be replaced to use OCP
-			$userSession = Server::get(\OC\User\Session::class);
-			$userSession->listen('\OC\User', 'postLogin', function () use ($userSession) {
-				if (!defined('PHPUNIT_RUN') && $userSession->isLoggedIn()) {
-					// reset brute force delay for this IP address and username
-					$uid = $userSession->getUser()->getUID();
-					$request = Server::get(IRequest::class);
-					$throttler = Server::get(IThrottler::class);
-					$throttler->resetDelay($request->getRemoteAddress(), 'login', ['user' => $uid]);
-				}
-
-				try {
-					$cache = new \OC\Cache\File();
-					$cache->gc();
-				} catch (\OC\ServerNotAvailableException $e) {
-					// not a GC exception, pass it on
-					throw $e;
-				} catch (\OC\ForbiddenException $e) {
-					// filesystem blocked for this request, ignore
-				} catch (\Exception $e) {
-					// a GC exception should not prevent users from using OC,
-					// so log the exception
-					Server::get(LoggerInterface::class)->warning('Exception when running cache gc.', [
-						'app' => 'core',
-						'exception' => $e,
-					]);
-				}
-			});
-		}
-	}
-
-	private static function registerEncryptionWrapperAndHooks(): void {
-		/** @var \OC\Encryption\Manager */
-		$manager = Server::get(\OCP\Encryption\IManager::class);
-		Server::get(IEventDispatcher::class)->addListener(
-			BeforeFileSystemSetupEvent::class,
-			$manager->setupStorage(...),
-		);
-
-		$enabled = $manager->isEnabled();
-		if ($enabled) {
-			\OC\Encryption\EncryptionEventListener::register(Server::get(IEventDispatcher::class));
-		}
-	}
-
-	private static function registerAccountHooks(): void {
-		/** @var IEventDispatcher $dispatcher */
-		$dispatcher = Server::get(IEventDispatcher::class);
-		$dispatcher->addServiceListener(UserChangedEvent::class, \OC\Accounts\Hooks::class);
-	}
-
-	private static function registerAppRestrictionsHooks(): void {
-		/** @var \OC\Group\Manager $groupManager */
-		$groupManager = Server::get(\OCP\IGroupManager::class);
-		$groupManager->listen('\OC\Group', 'postDelete', function (\OCP\IGroup $group) {
-			$appManager = Server::get(\OCP\App\IAppManager::class);
-			$apps = $appManager->getEnabledAppsForGroup($group);
-			foreach ($apps as $appId) {
-				$restrictions = $appManager->getAppRestriction($appId);
-				if (empty($restrictions)) {
-					continue;
-				}
-				$key = array_search($group->getGID(), $restrictions);
-				unset($restrictions[$key]);
-				$restrictions = array_values($restrictions);
-				if (empty($restrictions)) {
-					$appManager->disableApp($appId);
-				} else {
-					$appManager->enableAppForGroups($appId, $restrictions);
-				}
-			}
-		});
-	}
-
-	private static function registerResourceCollectionHooks(): void {
-		\OC\Collaboration\Resources\Listener::register(Server::get(IEventDispatcher::class));
-	}
-
-	private static function registerFileReferenceEventListener(): void {
-		\OC\Collaboration\Reference\File\FileReferenceEventListener::register(Server::get(IEventDispatcher::class));
-	}
-
-	private static function registerRenderReferenceEventListener() {
-		\OC\Collaboration\Reference\RenderReferenceEventListener::register(Server::get(IEventDispatcher::class));
-	}
-
-	/**
-	 * register hooks for sharing
-	 */
-	public static function registerShareHooks(\OC\SystemConfig $systemConfig): void {
-		if ($systemConfig->getValue('installed')) {
-
-			$dispatcher = Server::get(IEventDispatcher::class);
-			$dispatcher->addServiceListener(UserRemovedEvent::class, UserRemovedListener::class);
-			$dispatcher->addServiceListener(GroupDeletedEvent::class, GroupDeletedListener::class);
-			$dispatcher->addServiceListener(UserDeletedEvent::class, UserDeletedListener::class);
-		}
-	}
-
-	/**
-	 * Handle the request
-	 */
-	public static function handleRequest(): void {
-		Server::get(\OCP\Diagnostics\IEventLogger::class)->start('handle_request', 'Handle request');
-		$systemConfig = Server::get(\OC\SystemConfig::class);
-
-		// Check if Nextcloud is installed or in maintenance (update) mode
-		if (!$systemConfig->getValue('installed', false)) {
-			\OC::$server->getSession()->clear();
-			$controller = Server::get(\OC\Core\Controller\SetupController::class);
-			$controller->run($_POST);
-			exit();
-		}
-
-		$request = Server::get(IRequest::class);
-		$request->throwDecodingExceptionIfAny();
-		$requestPath = $request->getRawPathInfo();
-		if ($requestPath === '/heartbeat') {
-			return;
-		}
-		if (substr($requestPath, -3) !== '.js') { // we need these files during the upgrade
-			self::checkMaintenanceMode($systemConfig);
-
-			if (\OCP\Util::needUpgrade()) {
-				if (function_exists('opcache_reset')) {
-					opcache_reset();
-				}
-				if (!((bool)$systemConfig->getValue('maintenance', false))) {
-					self::printUpgradePage($systemConfig);
-					exit();
-				}
-			}
-		}
-
-		$appManager = Server::get(\OCP\App\IAppManager::class);
-
-		// Always load authentication apps
-		$appManager->loadApps(['authentication']);
-		$appManager->loadApps(['extended_authentication']);
-
-		// Load minimum set of apps
-		if (!\OCP\Util::needUpgrade()
-			&& !((bool)$systemConfig->getValue('maintenance', false))) {
-			// For logged-in users: Load everything
-			if (Server::get(IUserSession::class)->isLoggedIn()) {
-				$appManager->loadApps();
-			} else {
-				// For guests: Load only filesystem and logging
-				$appManager->loadApps(['filesystem', 'logging']);
-
-				// Don't try to login when a client is trying to get a OAuth token.
-				// OAuth needs to support basic auth too, so the login is not valid
-				// inside Nextcloud and the Login exception would ruin it.
-				if ($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token') {
-					try {
-						self::handleLogin($request);
-					} catch (DisabledUserException $e) {
-						// Disabled users would not be seen as logged in and
-						// trying to log them in would fail, so the login
-						// exception is ignored for the themed stylesheets and
-						// images.
-						if ($request->getRawPathInfo() !== '/apps/theming/theme/default.css'
-							&& $request->getRawPathInfo() !== '/apps/theming/theme/light.css'
-							&& $request->getRawPathInfo() !== '/apps/theming/theme/dark.css'
-							&& $request->getRawPathInfo() !== '/apps/theming/theme/light-highcontrast.css'
-							&& $request->getRawPathInfo() !== '/apps/theming/theme/dark-highcontrast.css'
-							&& $request->getRawPathInfo() !== '/apps/theming/theme/opendyslexic.css'
-							&& $request->getRawPathInfo() !== '/apps/theming/image/background'
-							&& $request->getRawPathInfo() !== '/apps/theming/image/logo'
-							&& $request->getRawPathInfo() !== '/apps/theming/image/logoheader'
-							&& !str_starts_with($request->getRawPathInfo(), '/apps/theming/favicon')
-							&& !str_starts_with($request->getRawPathInfo(), '/apps/theming/icon')) {
-							throw $e;
-						}
-					}
-				}
-			}
-		}
-
-		if (!self::$CLI) {
-			try {
-				if (!\OCP\Util::needUpgrade()) {
-					$appManager->loadApps(['filesystem', 'logging']);
-					$appManager->loadApps();
-				}
-				Server::get(\OC\Route\Router::class)->match($request->getRawPathInfo());
-				return;
-			} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
-				//header('HTTP/1.0 404 Not Found');
-			} catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
-				http_response_code(405);
-				return;
-			}
-		}
-
-		// Handle WebDAV
-		if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PROPFIND') {
-			// not allowed any more to prevent people
-			// mounting this root directly.
-			// Users need to mount remote.php/webdav instead.
-			http_response_code(405);
-			return;
-		}
-
-		// Handle requests for JSON or XML
-		$acceptHeader = $request->getHeader('Accept');
-		if (in_array($acceptHeader, ['application/json', 'application/xml'], true)) {
-			http_response_code(404);
-			return;
-		}
-
-		// Handle resources that can't be found
-		// This prevents browsers from redirecting to the default page and then
-		// attempting to parse HTML as CSS and similar.
-		$destinationHeader = $request->getHeader('Sec-Fetch-Dest');
-		if (in_array($destinationHeader, ['font', 'script', 'style'])) {
-			http_response_code(404);
-			return;
-		}
-
-		// Redirect to the default app or login only as an entry point
-		if ($requestPath === '') {
-			// Someone is logged in
-			if (Server::get(IUserSession::class)->isLoggedIn()) {
-				header('Location: ' . Server::get(IURLGenerator::class)->linkToDefaultPageUrl());
-			} else {
-				// Not handled and not logged in
-				header('Location: ' . Server::get(IURLGenerator::class)->linkToRouteAbsolute('core.login.showLoginForm'));
-			}
-			return;
-		}
-
-		try {
-			Server::get(\OC\Route\Router::class)->match('/error/404');
-		} catch (\Exception $e) {
-			if (!$e instanceof MethodNotAllowedException) {
-				logger('core')->emergency($e->getMessage(), ['exception' => $e]);
-			}
-			$l = Server::get(\OCP\L10N\IFactory::class)->get('lib');
-			Server::get(ITemplateManager::class)->printErrorPage(
-				'404',
-				$l->t('The page could not be found on the server.'),
-				404
-			);
-		}
-	}
-
-	/**
-	 * Check login: apache auth, auth token, basic auth
-	 */
-	public static function handleLogin(OCP\IRequest $request): bool {
-		if ($request->getHeader('X-Nextcloud-Federation')) {
-			return false;
-		}
-		$userSession = Server::get(\OC\User\Session::class);
-		if (OC_User::handleApacheAuth()) {
-			return true;
-		}
-		if (self::tryAppAPILogin($request)) {
-			return true;
-		}
-		if ($userSession->tryTokenLogin($request)) {
-			return true;
-		}
-		if (isset($_COOKIE['nc_username'])
-			&& isset($_COOKIE['nc_token'])
-			&& isset($_COOKIE['nc_session_id'])
-			&& $userSession->loginWithCookie($_COOKIE['nc_username'], $_COOKIE['nc_token'], $_COOKIE['nc_session_id'])) {
-			return true;
-		}
-		if ($userSession->tryBasicAuthLogin($request, Server::get(IThrottler::class))) {
-			return true;
-		}
-		return false;
-	}
-
-	protected static function handleAuthHeaders(): void {
-		//copy http auth headers for apache+php-fcgid work around
-		if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
-			$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
-		}
-
-		// Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary.
-		$vars = [
-			'HTTP_AUTHORIZATION', // apache+php-cgi work around
-			'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative
-		];
-		foreach ($vars as $var) {
-			if (isset($_SERVER[$var]) && is_string($_SERVER[$var]) && preg_match('/Basic\s+(.*)$/i', $_SERVER[$var], $matches)) {
-				$credentials = explode(':', base64_decode($matches[1]), 2);
-				if (count($credentials) === 2) {
-					$_SERVER['PHP_AUTH_USER'] = $credentials[0];
-					$_SERVER['PHP_AUTH_PW'] = $credentials[1];
-					break;
-				}
-			}
-		}
-	}
-
-	protected static function tryAppAPILogin(OCP\IRequest $request): bool {
-		if (!$request->getHeader('AUTHORIZATION-APP-API')) {
-			return false;
-		}
-		$appManager = Server::get(OCP\App\IAppManager::class);
-		if (!$appManager->isEnabledForAnyone('app_api')) {
-			return false;
-		}
-		try {
-			$appAPIService = Server::get(OCA\AppAPI\Service\AppAPIService::class);
-			return $appAPIService->validateExAppRequestToNC($request);
-		} catch (\Psr\Container\NotFoundExceptionInterface|\Psr\Container\ContainerExceptionInterface $e) {
-			return false;
-		}
-	}
+    /**
+     * The installation path for Nextcloud  on the server (e.g. /srv/http/nextcloud)
+     */
+    public static string $SERVERROOT = '';
+    /**
+     * the current request path relative to the Nextcloud root (e.g. files/index.php)
+     */
+    private static string $SUBURI = '';
+    /**
+     * the Nextcloud root path for http requests (e.g. /nextcloud)
+     */
+    public static string $WEBROOT = '';
+    /**
+     * The installation path array of the apps folder on the server (e.g. /srv/http/nextcloud) 'path' and
+     * web path in 'url'
+     */
+    public static array $APPSROOTS = [];
+
+    public static string $configDir;
+
+    /**
+     * requested app
+     */
+    public static string $REQUESTEDAPP = '';
+
+    /**
+     * check if Nextcloud runs in cli mode
+     */
+    public static bool $CLI = false;
+
+    public static \Composer\Autoload\ClassLoader $composerAutoloader;
+
+    public static \OC\Server $server;
+
+    private static \OC\Config $config;
+
+    /**
+     * @throws \RuntimeException when the 3rdparty directory is missing or
+     *                           the app path list is empty or contains an invalid path
+     */
+    public static function initPaths(): void {
+        if (defined('PHPUNIT_CONFIG_DIR')) {
+            self::$configDir = OC::$SERVERROOT . '/' . PHPUNIT_CONFIG_DIR . '/';
+        } elseif (defined('PHPUNIT_RUN') and PHPUNIT_RUN and is_dir(OC::$SERVERROOT . '/tests/config/')) {
+            self::$configDir = OC::$SERVERROOT . '/tests/config/';
+        } elseif ($dir = getenv('NEXTCLOUD_CONFIG_DIR')) {
+            self::$configDir = rtrim($dir, '/') . '/';
+        } else {
+            self::$configDir = OC::$SERVERROOT . '/config/';
+        }
+        self::$config = new \OC\Config(self::$configDir);
+
+        OC::$SUBURI = str_replace('\\', '/', substr(realpath($_SERVER['SCRIPT_FILENAME'] ?? ''), strlen(OC::$SERVERROOT)));
+        /**
+         * FIXME: The following lines are required because we can't yet instantiate
+         *        Server::get(\OCP\IRequest::class) since \OC::$server does not yet exist.
+         */
+        $params = [
+            'server' => [
+                'SCRIPT_NAME' => $_SERVER['SCRIPT_NAME'] ?? null,
+                'SCRIPT_FILENAME' => $_SERVER['SCRIPT_FILENAME'] ?? null,
+            ],
+        ];
+        if (isset($_SERVER['REMOTE_ADDR'])) {
+            $params['server']['REMOTE_ADDR'] = $_SERVER['REMOTE_ADDR'];
+        }
+        $fakeRequest = new \OC\AppFramework\Http\Request(
+            $params,
+            new \OC\AppFramework\Http\RequestId($_SERVER['UNIQUE_ID'] ?? '', new \OC\Security\SecureRandom()),
+            new \OC\AllConfig(new \OC\SystemConfig(self::$config))
+        );
+        $scriptName = $fakeRequest->getScriptName();
+        if (substr($scriptName, -1) == '/') {
+            $scriptName .= 'index.php';
+            //make sure suburi follows the same rules as scriptName
+            if (substr(OC::$SUBURI, -9) != 'index.php') {
+                if (substr(OC::$SUBURI, -1) != '/') {
+                    OC::$SUBURI = OC::$SUBURI . '/';
+                }
+                OC::$SUBURI = OC::$SUBURI . 'index.php';
+            }
+        }
+
+        if (OC::$CLI) {
+            OC::$WEBROOT = self::$config->getValue('overwritewebroot', '');
+        } else {
+            if (substr($scriptName, 0 - strlen(OC::$SUBURI)) === OC::$SUBURI) {
+                OC::$WEBROOT = substr($scriptName, 0, 0 - strlen(OC::$SUBURI));
+
+                if (OC::$WEBROOT != '' && OC::$WEBROOT[0] !== '/') {
+                    OC::$WEBROOT = '/' . OC::$WEBROOT;
+                }
+            } else {
+                // The scriptName is not ending with OC::$SUBURI
+                // This most likely means that we are calling from CLI.
+                // However some cron jobs still need to generate
+                // a web URL, so we use overwritewebroot as a fallback.
+                OC::$WEBROOT = self::$config->getValue('overwritewebroot', '');
+            }
+
+            // Resolve /nextcloud to /nextcloud/ to ensure to always have a trailing
+            // slash which is required by URL generation.
+            if (isset($_SERVER['REQUEST_URI']) && $_SERVER['REQUEST_URI'] === \OC::$WEBROOT
+                    && substr($_SERVER['REQUEST_URI'], -1) !== '/') {
+                header('Location: ' . \OC::$WEBROOT . '/');
+                exit();
+            }
+        }
+
+        // search the apps folder
+        $config_paths = self::$config->getValue('apps_paths', []);
+        if (!empty($config_paths)) {
+            foreach ($config_paths as $paths) {
+                if (isset($paths['url']) && isset($paths['path'])) {
+                    $paths['url'] = rtrim($paths['url'], '/');
+                    $paths['path'] = rtrim($paths['path'], '/');
+                    OC::$APPSROOTS[] = $paths;
+                }
+            }
+        } elseif (file_exists(OC::$SERVERROOT . '/apps')) {
+            OC::$APPSROOTS[] = ['path' => OC::$SERVERROOT . '/apps', 'url' => '/apps', 'writable' => true];
+        }
+
+        if (empty(OC::$APPSROOTS)) {
+            throw new \RuntimeException('apps directory not found! Please put the Nextcloud apps folder in the Nextcloud folder'
+                . '. You can also configure the location in the config.php file.');
+        }
+        $paths = [];
+        foreach (OC::$APPSROOTS as $path) {
+            $paths[] = $path['path'];
+            if (!is_dir($path['path'])) {
+                throw new \RuntimeException(sprintf('App directory "%s" not found! Please put the Nextcloud apps folder in the'
+                    . ' Nextcloud folder. You can also configure the location in the config.php file.', $path['path']));
+            }
+        }
+
+        // set the right include path
+        set_include_path(
+            implode(PATH_SEPARATOR, $paths)
+        );
+    }
+
+    public static function checkConfig(): void {
+        // Create config if it does not already exist
+        $configFilePath = self::$configDir . '/config.php';
+        if (!file_exists($configFilePath)) {
+            @touch($configFilePath);
+        }
+
+        // Check if config is writable
+        $configFileWritable = is_writable($configFilePath);
+        $configReadOnly = Server::get(IConfig::class)->getSystemValueBool('config_is_read_only');
+        if (!$configFileWritable && !$configReadOnly
+            || !$configFileWritable && \OCP\Util::needUpgrade()) {
+            $urlGenerator = Server::get(IURLGenerator::class);
+            $l = Server::get(\OCP\L10N\IFactory::class)->get('lib');
+
+            if (self::$CLI) {
+                echo $l->t('Cannot write into "config" directory!') . "\n";
+                echo $l->t('This can usually be fixed by giving the web server write access to the config directory.') . "\n";
+                echo "\n";
+                echo $l->t('But, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.') . "\n";
+                echo $l->t('See %s', [ $urlGenerator->linkToDocs('admin-config') ]) . "\n";
+                exit;
+            } else {
+                Server::get(ITemplateManager::class)->printErrorPage(
+                    $l->t('Cannot write into "config" directory!'),
+                    $l->t('This can usually be fixed by giving the web server write access to the config directory.') . ' '
+                    . $l->t('But, if you prefer to keep config.php file read only, set the option "config_is_read_only" to true in it.') . ' '
+                    . $l->t('See %s', [ $urlGenerator->linkToDocs('admin-config') ]),
+                    503
+                );
+            }
+        }
+    }
+
+    public static function checkInstalled(\OC\SystemConfig $systemConfig): void {
+        if (defined('OC_CONSOLE')) {
+            return;
+        }
+        // Redirect to installer if not installed
+        if (!$systemConfig->getValue('installed', false) && OC::$SUBURI !== '/index.php' && OC::$SUBURI !== '/status.php') {
+            if (OC::$CLI) {
+                throw new Exception('Not installed');
+            } else {
+                $url = OC::$WEBROOT . '/index.php';
+                header('Location: ' . $url);
+            }
+            exit();
+        }
+    }
+
+    public static function checkMaintenanceMode(\OC\SystemConfig $systemConfig): void {
+        // Allow ajax update script to execute without being stopped
+        if (((bool)$systemConfig->getValue('maintenance', false)) && OC::$SUBURI != '/core/ajax/update.php') {
+            // send http status 503
+            http_response_code(503);
+            header('X-Nextcloud-Maintenance-Mode: 1');
+            header('Retry-After: 120');
+
+            // render error page
+            $template = Server::get(ITemplateManager::class)->getTemplate('', 'update.user', 'guest');
+            \OCP\Util::addScript('core', 'maintenance');
+            \OCP\Util::addStyle('core', 'guest');
+            $template->printPage();
+            die();
+        }
+    }
+
+    /**
+     * Prints the upgrade page
+     */
+    private static function printUpgradePage(\OC\SystemConfig $systemConfig): void {
+        $cliUpgradeLink = $systemConfig->getValue('upgrade.cli-upgrade-link', '');
+        $disableWebUpdater = $systemConfig->getValue('upgrade.disable-web', false);
+        $tooBig = false;
+        if (!$disableWebUpdater) {
+            $apps = Server::get(\OCP\App\IAppManager::class);
+            if ($apps->isEnabledForAnyone('user_ldap')) {
+                $qb = Server::get(\OCP\IDBConnection::class)->getQueryBuilder();
+
+                $result = $qb->select($qb->func()->count('*', 'user_count'))
+                    ->from('ldap_user_mapping')
+                    ->executeQuery();
+                $row = $result->fetch();
+                $result->closeCursor();
+
+                $tooBig = ($row['user_count'] > 50);
+            }
+            if (!$tooBig && $apps->isEnabledForAnyone('user_saml')) {
+                $qb = Server::get(\OCP\IDBConnection::class)->getQueryBuilder();
+
+                $result = $qb->select($qb->func()->count('*', 'user_count'))
+                    ->from('user_saml_users')
+                    ->executeQuery();
+                $row = $result->fetch();
+                $result->closeCursor();
+
+                $tooBig = ($row['user_count'] > 50);
+            }
+            if (!$tooBig) {
+                // count users
+                $totalUsers = Server::get(\OCP\IUserManager::class)->countUsersTotal(51);
+                $tooBig = ($totalUsers > 50);
+            }
+        }
+        $ignoreTooBigWarning = isset($_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup'])
+            && $_GET['IKnowThatThisIsABigInstanceAndTheUpdateRequestCouldRunIntoATimeoutAndHowToRestoreABackup'] === 'IAmSuperSureToDoThis';
+
+        if ($disableWebUpdater || ($tooBig && !$ignoreTooBigWarning)) {
+            // send http status 503
+            http_response_code(503);
+            header('Retry-After: 120');
+
+            $serverVersion = \OCP\Server::get(\OCP\ServerVersion::class);
+
+            // render error page
+            $template = Server::get(ITemplateManager::class)->getTemplate('', 'update.use-cli', 'guest');
+            $template->assign('productName', 'nextcloud'); // for now
+            $template->assign('version', $serverVersion->getVersionString());
+            $template->assign('tooBig', $tooBig);
+            $template->assign('cliUpgradeLink', $cliUpgradeLink);
+
+            $template->printPage();
+            die();
+        }
+
+        // check whether this is a core update or apps update
+        $installedVersion = $systemConfig->getValue('version', '0.0.0');
+        $currentVersion = implode('.', \OCP\Util::getVersion());
+
+        // if not a core upgrade, then it's apps upgrade
+        $isAppsOnlyUpgrade = version_compare($currentVersion, $installedVersion, '=');
+
+        $oldTheme = $systemConfig->getValue('theme');
+        $systemConfig->setValue('theme', '');
+        \OCP\Util::addScript('core', 'common');
+        \OCP\Util::addScript('core', 'main');
+        \OCP\Util::addTranslations('core');
+        \OCP\Util::addScript('core', 'update');
+
+        /** @var \OC\App\AppManager $appManager */
+        $appManager = Server::get(\OCP\App\IAppManager::class);
+
+        $tmpl = Server::get(ITemplateManager::class)->getTemplate('', 'update.admin', 'guest');
+        $tmpl->assign('version', \OCP\Server::get(\OCP\ServerVersion::class)->getVersionString());
+        $tmpl->assign('isAppsOnlyUpgrade', $isAppsOnlyUpgrade);
+
+        // get third party apps
+        $ocVersion = \OCP\Util::getVersion();
+        $ocVersion = implode('.', $ocVersion);
+        $incompatibleApps = $appManager->getIncompatibleApps($ocVersion);
+        $incompatibleOverwrites = $systemConfig->getValue('app_install_overwrite', []);
+        $incompatibleShippedApps = [];
+        $incompatibleDisabledApps = [];
+        foreach ($incompatibleApps as $appInfo) {
+            if ($appManager->isShipped($appInfo['id'])) {
+                $incompatibleShippedApps[] = $appInfo['name'] . ' (' . $appInfo['id'] . ')';
+            }
+            if (!in_array($appInfo['id'], $incompatibleOverwrites)) {
+                $incompatibleDisabledApps[] = $appInfo;
+            }
+        }
+
+        if (!empty($incompatibleShippedApps)) {
+            $l = Server::get(\OCP\L10N\IFactory::class)->get('core');
+            $hint = $l->t('Application %1$s is not present or has a non-compatible version with this server. Please check the apps directory.', [implode(', ', $incompatibleShippedApps)]);
+            throw new \OCP\HintException('Application ' . implode(', ', $incompatibleShippedApps) . ' is not present or has a non-compatible version with this server. Please check the apps directory.', $hint);
+        }
+
+        $tmpl->assign('appsToUpgrade', $appManager->getAppsNeedingUpgrade($ocVersion));
+        $tmpl->assign('incompatibleAppsList', $incompatibleDisabledApps);
+        try {
+            $defaults = new \OC_Defaults();
+            $tmpl->assign('productName', $defaults->getName());
+        } catch (Throwable $error) {
+            $tmpl->assign('productName', 'Nextcloud');
+        }
+        $tmpl->assign('oldTheme', $oldTheme);
+        $tmpl->printPage();
+    }
+
+    public static function initSession(): void {
+        $request = Server::get(IRequest::class);
+
+        // TODO: Temporary disabled again to solve issues with CalDAV/CardDAV clients like DAVx5 that use cookies
+        // TODO: See https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147 and the other comments
+        // TODO: for further information.
+        // $isDavRequest = strpos($request->getRequestUri(), '/remote.php/dav') === 0 || strpos($request->getRequestUri(), '/remote.php/webdav') === 0;
+        // if ($request->getHeader('Authorization') !== '' && is_null($request->getCookie('cookie_test')) && $isDavRequest && !isset($_COOKIE['nc_session_id'])) {
+        // setcookie('cookie_test', 'test', time() + 3600);
+        // // Do not initialize the session if a request is authenticated directly
+        // // unless there is a session cookie already sent along
+        // return;
+        // }
+
+        if ($request->getServerProtocol() === 'https') {
+            ini_set('session.cookie_secure', 'true');
+        }
+
+        // prevents javascript from accessing php session cookies
+        ini_set('session.cookie_httponly', 'true');
+
+        // Do not initialize sessions for 'status.php' requests
+        // Monitoring endpoints can quickly flood session handlers
+        // and 'status.php' doesn't require sessions anyway
+        if (str_ends_with($request->getScriptName(), '/status.php')) {
+            return;
+        }
+
+        // set the cookie path to the Nextcloud directory
+        $cookie_path = OC::$WEBROOT ? : '/';
+        ini_set('session.cookie_path', $cookie_path);
+
+        // set the cookie domain to the Nextcloud domain
+        $cookie_domain = self::$config->getValue('cookie_domain', '');
+        if ($cookie_domain) {
+            ini_set('session.cookie_domain', $cookie_domain);
+        }
+
+        // Let the session name be changed in the initSession Hook
+        $sessionName = OC_Util::getInstanceId();
+
+        try {
+            $logger = null;
+            if (Server::get(\OC\SystemConfig::class)->getValue('installed', false)) {
+                $logger = logger('core');
+            }
+
+            // set the session name to the instance id - which is unique
+            $session = new \OC\Session\Internal(
+                $sessionName,
+                $logger,
+            );
+
+            $cryptoWrapper = Server::get(\OC\Session\CryptoWrapper::class);
+            $session = $cryptoWrapper->wrapSession($session);
+            self::$server->setSession($session);
+
+            // if session can't be started break with http 500 error
+        } catch (Exception $e) {
+            Server::get(LoggerInterface::class)->error($e->getMessage(), ['app' => 'base','exception' => $e]);
+            //show the user a detailed error page
+            Server::get(ITemplateManager::class)->printExceptionErrorPage($e, 500);
+            die();
+        }
+
+        //try to set the session lifetime
+        $sessionLifeTime = self::getSessionLifeTime();
+
+        // session timeout
+        if ($session->exists('LAST_ACTIVITY') && (time() - $session->get('LAST_ACTIVITY') > $sessionLifeTime)) {
+            if (isset($_COOKIE[session_name()])) {
+                setcookie(session_name(), '', -1, self::$WEBROOT ? : '/');
+            }
+            Server::get(IUserSession::class)->logout();
+        }
+
+        if (!self::hasSessionRelaxedExpiry()) {
+            $session->set('LAST_ACTIVITY', time());
+        }
+        $session->close();
+    }
+
+    private static function getSessionLifeTime(): int {
+        return Server::get(\OC\AllConfig::class)->getSystemValueInt('session_lifetime', 60 * 60 * 24);
+    }
+
+    /**
+     * @return bool true if the session expiry should only be done by gc instead of an explicit timeout
+     */
+    public static function hasSessionRelaxedExpiry(): bool {
+        return Server::get(\OC\AllConfig::class)->getSystemValueBool('session_relaxed_expiry', false);
+    }
+
+    /**
+     * Try to set some values to the required Nextcloud default
+     */
+    public static function setRequiredIniValues(): void {
+        // Don't display errors and log them
+        @ini_set('display_errors', '0');
+        @ini_set('log_errors', '1');
+
+        // Try to configure php to enable big file uploads.
+        // This doesn't work always depending on the webserver and php configuration.
+        // Let's try to overwrite some defaults if they are smaller than 1 hour
+
+        if (intval(@ini_get('max_execution_time') ?: 0) < 3600) {
+            @ini_set('max_execution_time', strval(3600));
+        }
+
+        if (intval(@ini_get('max_input_time') ?: 0) < 3600) {
+            @ini_set('max_input_time', strval(3600));
+        }
+
+        // Try to set the maximum execution time to the largest time limit we have
+        if (strpos(@ini_get('disable_functions'), 'set_time_limit') === false) {
+            @set_time_limit(max(intval(@ini_get('max_execution_time')), intval(@ini_get('max_input_time'))));
+        }
+
+        @ini_set('default_charset', 'UTF-8');
+        @ini_set('gd.jpeg_ignore_warning', '1');
+    }
+
+    /**
+     * Send the same site cookies
+     */
+    private static function sendSameSiteCookies(): void {
+        $cookieParams = session_get_cookie_params();
+        $secureCookie = ($cookieParams['secure'] === true) ? 'secure; ' : '';
+        $policies = [
+            'lax',
+            'strict',
+        ];
+
+        // Append __Host to the cookie if it meets the requirements
+        $cookiePrefix = '';
+        if ($cookieParams['secure'] === true && $cookieParams['path'] === '/') {
+            $cookiePrefix = '__Host-';
+        }
+
+        foreach ($policies as $policy) {
+            header(
+                sprintf(
+                    'Set-Cookie: %snc_sameSiteCookie%s=true; path=%s; httponly;' . $secureCookie . 'expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=%s',
+                    $cookiePrefix,
+                    $policy,
+                    $cookieParams['path'],
+                    $policy
+                ),
+                false
+            );
+        }
+    }
+
+    /**
+     * Same Site cookie to further mitigate CSRF attacks. This cookie has to
+     * be set in every request if cookies are sent to add a second level of
+     * defense against CSRF.
+     *
+     * If the cookie is not sent this will set the cookie and reload the page.
+     * We use an additional cookie since we want to protect logout CSRF and
+     * also we can't directly interfere with PHP's session mechanism.
+     */
+    private static function performSameSiteCookieProtection(IConfig $config): void {
+        $request = Server::get(IRequest::class);
+
+        // Some user agents are notorious and don't really properly follow HTTP
+        // specifications. For those, have an automated opt-out. Since the protection
+        // for remote.php is applied in base.php as starting point we need to opt out
+        // here.
+        $incompatibleUserAgents = $config->getSystemValue('csrf.optout');
+
+        // Fallback, if csrf.optout is unset
+        if (!is_array($incompatibleUserAgents)) {
+            $incompatibleUserAgents = [
+                // OS X Finder
+                '/^WebDAVFS/',
+                // Windows webdav drive
+                '/^Microsoft-WebDAV-MiniRedir/',
+            ];
+        }
+
+        if ($request->isUserAgent($incompatibleUserAgents)) {
+            return;
+        }
+
+        if (count($_COOKIE) > 0) {
+            $requestUri = $request->getScriptName();
+            $processingScript = explode('/', $requestUri);
+            $processingScript = $processingScript[count($processingScript) - 1];
+
+            if ($processingScript === 'index.php' // index.php routes are handled in the middleware
+                || $processingScript === 'cron.php' // and cron.php does not need any authentication at all
+                || $processingScript === 'public.php' // For public.php, auth for password protected shares is done in the PublicAuth plugin
+            ) {
+                return;
+            }
+
+            // All other endpoints require the lax and the strict cookie
+            if (!$request->passesStrictCookieCheck()) {
+                logger('core')->warning('Request does not pass strict cookie check');
+                self::sendSameSiteCookies();
+                // Debug mode gets access to the resources without strict cookie
+                // due to the fact that the SabreDAV browser also lives there.
+                if (!$config->getSystemValueBool('debug', false)) {
+                    http_response_code(\OCP\AppFramework\Http::STATUS_PRECONDITION_FAILED);
+                    header('Content-Type: application/json');
+                    echo json_encode(['error' => 'Strict Cookie has not been found in request']);
+                    exit();
+                }
+            }
+        } elseif (!isset($_COOKIE['nc_sameSiteCookielax']) || !isset($_COOKIE['nc_sameSiteCookiestrict'])) {
+            self::sendSameSiteCookies();
+        }
+    }
+
+    public static function init(): void {
+        // First handle PHP configuration and copy auth headers to the expected
+        // $_SERVER variable before doing anything Server object related
+        self::setRequiredIniValues();
+        self::handleAuthHeaders();
+
+        // prevent any XML processing from loading external entities
+        libxml_set_external_entity_loader(static function () {
+            return null;
+        });
+
+        // Set default timezone before the Server object is booted
+        if (!date_default_timezone_set('UTC')) {
+            throw new \RuntimeException('Could not set timezone to UTC');
+        }
+
+        // calculate the root directories
+        OC::$SERVERROOT = str_replace('\\', '/', substr(__DIR__, 0, -4));
+
+        // register autoloader
+        $loaderStart = microtime(true);
+
+        self::$CLI = (php_sapi_name() == 'cli');
+
+        // Add default composer PSR-4 autoloader, ensure apcu to be disabled
+        self::$composerAutoloader = require_once OC::$SERVERROOT . '/lib/composer/autoload.php';
+        self::$composerAutoloader->setApcuPrefix(null);
+
+
+        try {
+            self::initPaths();
+            // setup 3rdparty autoloader
+            $vendorAutoLoad = OC::$SERVERROOT . '/3rdparty/autoload.php';
+            if (!file_exists($vendorAutoLoad)) {
+                throw new \RuntimeException('Composer autoloader not found, unable to continue. Check the folder "3rdparty". Running "git submodule update --init" will initialize the git submodule that handles the subfolder "3rdparty".');
+            }
+            require_once $vendorAutoLoad;
+        } catch (\RuntimeException $e) {
+            if (!self::$CLI) {
+                http_response_code(503);
+            }
+            // we can't use the template error page here, because this needs the
+            // DI container which isn't available yet
+            print($e->getMessage());
+            exit();
+        }
+        $loaderEnd = microtime(true);
+
+        // Enable lazy loading if activated
+        \OC\AppFramework\Utility\SimpleContainer::$useLazyObjects = (bool)self::$config->getValue('enable_lazy_objects', true);
+
+        // setup the basic server
+        self::$server = new \OC\Server(\OC::$WEBROOT, self::$config);
+        self::$server->boot();
+
+        try {
+            $profiler = new BuiltInProfiler(
+                Server::get(IConfig::class),
+                Server::get(IRequest::class),
+            );
+            $profiler->start();
+        } catch (\Throwable $e) {
+            logger('core')->error('Failed to start profiler: ' . $e->getMessage(), ['app' => 'base']);
+        }
+
+        if (self::$CLI && in_array('--' . \OCP\Console\ReservedOptions::DEBUG_LOG, $_SERVER['argv'])) {
+            \OC\Core\Listener\BeforeMessageLoggedEventListener::setup();
+        }
+
+        $eventLogger = Server::get(\OCP\Diagnostics\IEventLogger::class);
+        $eventLogger->log('autoloader', 'Autoloader', $loaderStart, $loaderEnd);
+        $eventLogger->start('boot', 'Initialize');
+
+        // Override php.ini and log everything if we're troubleshooting
+        if (self::$config->getValue('loglevel') === ILogger::DEBUG) {
+            error_reporting(E_ALL);
+        }
+
+        // initialize intl fallback if necessary
+        OC_Util::isSetLocaleWorking();
+
+        $config = Server::get(IConfig::class);
+        if (!defined('PHPUNIT_RUN')) {
+            $errorHandler = new OC\Log\ErrorHandler(
+                \OCP\Server::get(\Psr\Log\LoggerInterface::class),
+            );
+            $exceptionHandler = [$errorHandler, 'onException'];
+            if ($config->getSystemValueBool('debug', false)) {
+                set_error_handler([$errorHandler, 'onAll'], E_ALL);
+                if (\OC::$CLI) {
+                    $exceptionHandler = [Server::get(ITemplateManager::class), 'printExceptionErrorPage'];
+                }
+            } else {
+                set_error_handler([$errorHandler, 'onError']);
+            }
+            register_shutdown_function([$errorHandler, 'onShutdown']);
+            set_exception_handler($exceptionHandler);
+        }
+
+        /** @var \OC\AppFramework\Bootstrap\Coordinator $bootstrapCoordinator */
+        $bootstrapCoordinator = Server::get(\OC\AppFramework\Bootstrap\Coordinator::class);
+        $bootstrapCoordinator->runInitialRegistration();
+
+        $eventLogger->start('init_session', 'Initialize session');
+
+        // Check for PHP SimpleXML extension earlier since we need it before our other checks and want to provide a useful hint for web users
+        // see https://github.com/nextcloud/server/pull/2619
+        if (!function_exists('simplexml_load_file')) {
+            throw new \OCP\HintException('The PHP SimpleXML/PHP-XML extension is not installed.', 'Install the extension or make sure it is enabled.');
+        }
+
+        $systemConfig = Server::get(\OC\SystemConfig::class);
+        $appManager = Server::get(\OCP\App\IAppManager::class);
+        if ($systemConfig->getValue('installed', false)) {
+            $appManager->loadApps(['session']);
+        }
+        if (!self::$CLI) {
+            self::initSession();
+        }
+        $eventLogger->end('init_session');
+        self::checkConfig();
+        self::checkInstalled($systemConfig);
+
+        OC_Response::addSecurityHeaders();
+
+        self::performSameSiteCookieProtection($config);
+
+        if (!defined('OC_CONSOLE')) {
+            $eventLogger->start('check_server', 'Run a few configuration checks');
+            $errors = OC_Util::checkServer($systemConfig);
+            if (count($errors) > 0) {
+                if (!self::$CLI) {
+                    http_response_code(503);
+                    Util::addStyle('guest');
+                    try {
+                        Server::get(ITemplateManager::class)->printGuestPage('', 'error', ['errors' => $errors]);
+                        exit;
+                    } catch (\Exception $e) {
+                        // In case any error happens when showing the error page, we simply fall back to posting the text.
+                        // This might be the case when e.g. the data directory is broken and we can not load/write SCSS to/from it.
+                    }
+                }
+
+                // Convert l10n string into regular string for usage in database
+                $staticErrors = [];
+                foreach ($errors as $error) {
+                    echo $error['error'] . "\n";
+                    echo $error['hint'] . "\n\n";
+                    $staticErrors[] = [
+                        'error' => (string)$error['error'],
+                        'hint' => (string)$error['hint'],
+                    ];
+                }
+
+                try {
+                    $config->setAppValue('core', 'cronErrors', json_encode($staticErrors));
+                } catch (\Exception $e) {
+                    echo('Writing to database failed');
+                }
+                exit(1);
+            } elseif (self::$CLI && $config->getSystemValueBool('installed', false)) {
+                $config->deleteAppValue('core', 'cronErrors');
+            }
+            $eventLogger->end('check_server');
+        }
+
+        // User and Groups
+        if (!$systemConfig->getValue('installed', false)) {
+            self::$server->getSession()->set('user_id', '');
+        }
+
+        $eventLogger->start('setup_backends', 'Setup group and user backends');
+        Server::get(\OCP\IUserManager::class)->registerBackend(new \OC\User\Database());
+        Server::get(\OCP\IGroupManager::class)->addBackend(new \OC\Group\Database());
+
+        // Subscribe to the hook
+        \OCP\Util::connectHook(
+            '\OCA\Files_Sharing\API\Server2Server',
+            'preLoginNameUsedAsUserName',
+            '\OC\User\Database',
+            'preLoginNameUsedAsUserName'
+        );
+
+        //setup extra user backends
+        if (!\OCP\Util::needUpgrade()) {
+            OC_User::setupBackends();
+        } else {
+            // Run upgrades in incognito mode
+            OC_User::setIncognitoMode(true);
+        }
+        $eventLogger->end('setup_backends');
+
+        self::registerCleanupHooks($systemConfig);
+        self::registerShareHooks($systemConfig);
+        self::registerEncryptionWrapperAndHooks();
+        self::registerAccountHooks();
+        self::registerResourceCollectionHooks();
+        self::registerFileReferenceEventListener();
+        self::registerRenderReferenceEventListener();
+        self::registerAppRestrictionsHooks();
+
+        // Make sure that the application class is not loaded before the database is setup
+        if ($systemConfig->getValue('installed', false)) {
+            $appManager->loadApp('settings');
+        }
+
+        //make sure temporary files are cleaned up
+        $tmpManager = Server::get(\OCP\ITempManager::class);
+        register_shutdown_function([$tmpManager, 'clean']);
+        $lockProvider = Server::get(\OCP\Lock\ILockingProvider::class);
+        register_shutdown_function([$lockProvider, 'releaseAll']);
+
+        // Check whether the sample configuration has been copied
+        if ($systemConfig->getValue('copied_sample_config', false)) {
+            $l = Server::get(\OCP\L10N\IFactory::class)->get('lib');
+            Server::get(ITemplateManager::class)->printErrorPage(
+                $l->t('Sample configuration detected'),
+                $l->t('It has been detected that the sample configuration has been copied. This can break your installation and is unsupported. Please read the documentation before performing changes on config.php'),
+                503
+            );
+            return;
+        }
+
+        $request = Server::get(IRequest::class);
+        $host = $request->getInsecureServerHost();
+        /**
+         * if the host passed in headers isn't trusted
+         * FIXME: Should not be in here at all :see_no_evil:
+         */
+        if (!OC::$CLI
+            && !Server::get(\OC\Security\TrustedDomainHelper::class)->isTrustedDomain($host)
+            && $config->getSystemValueBool('installed', false)
+        ) {
+            // Allow access to CSS resources
+            $isScssRequest = false;
+            if (strpos($request->getPathInfo() ?: '', '/css/') === 0) {
+                $isScssRequest = true;
+            }
+
+            if (substr($request->getRequestUri(), -11) === '/status.php') {
+                http_response_code(400);
+                header('Content-Type: application/json');
+                echo '{"error": "Trusted domain error.", "code": 15}';
+                exit();
+            }
+
+            if (!$isScssRequest) {
+                http_response_code(400);
+                Server::get(LoggerInterface::class)->info(
+                    'Trusted domain error. "{remoteAddress}" tried to access using "{host}" as host.',
+                    [
+                        'app' => 'core',
+                        'remoteAddress' => $request->getRemoteAddress(),
+                        'host' => $host,
+                    ]
+                );
+
+                $tmpl = Server::get(ITemplateManager::class)->getTemplate('core', 'untrustedDomain', 'guest');
+                $tmpl->assign('docUrl', Server::get(IURLGenerator::class)->linkToDocs('admin-trusted-domains'));
+                $tmpl->printPage();
+
+                exit();
+            }
+        }
+        $eventLogger->end('boot');
+        $eventLogger->log('init', 'OC::init', $loaderStart, microtime(true));
+        $eventLogger->start('runtime', 'Runtime');
+        $eventLogger->start('request', 'Full request after boot');
+        register_shutdown_function(function () use ($eventLogger) {
+            $eventLogger->end('request');
+        });
+
+        register_shutdown_function(function () {
+            $memoryPeak = memory_get_peak_usage();
+            $logLevel = match (true) {
+                $memoryPeak > 500_000_000 => ILogger::FATAL,
+                $memoryPeak > 400_000_000 => ILogger::ERROR,
+                $memoryPeak > 300_000_000 => ILogger::WARN,
+                default => null,
+            };
+            if ($logLevel !== null) {
+                $message = 'Request used more than 300 MB of RAM: ' . Util::humanFileSize($memoryPeak);
+                $logger = Server::get(LoggerInterface::class);
+                $logger->log($logLevel, $message, ['app' => 'core']);
+            }
+        });
+    }
+
+    /**
+     * register hooks for the cleanup of cache and bruteforce protection
+     */
+    public static function registerCleanupHooks(\OC\SystemConfig $systemConfig): void {
+        //don't try to do this before we are properly setup
+        if ($systemConfig->getValue('installed', false) && !\OCP\Util::needUpgrade()) {
+            // NOTE: This will be replaced to use OCP
+            $userSession = Server::get(\OC\User\Session::class);
+            $userSession->listen('\OC\User', 'postLogin', function () use ($userSession) {
+                if (!defined('PHPUNIT_RUN') && $userSession->isLoggedIn()) {
+                    // reset brute force delay for this IP address and username
+                    $uid = $userSession->getUser()->getUID();
+                    $request = Server::get(IRequest::class);
+                    $throttler = Server::get(IThrottler::class);
+                    $throttler->resetDelay($request->getRemoteAddress(), 'login', ['user' => $uid]);
+                }
+
+                try {
+                    $cache = new \OC\Cache\File();
+                    $cache->gc();
+                } catch (\OC\ServerNotAvailableException $e) {
+                    // not a GC exception, pass it on
+                    throw $e;
+                } catch (\OC\ForbiddenException $e) {
+                    // filesystem blocked for this request, ignore
+                } catch (\Exception $e) {
+                    // a GC exception should not prevent users from using OC,
+                    // so log the exception
+                    Server::get(LoggerInterface::class)->warning('Exception when running cache gc.', [
+                        'app' => 'core',
+                        'exception' => $e,
+                    ]);
+                }
+            });
+        }
+    }
+
+    private static function registerEncryptionWrapperAndHooks(): void {
+        /** @var \OC\Encryption\Manager */
+        $manager = Server::get(\OCP\Encryption\IManager::class);
+        Server::get(IEventDispatcher::class)->addListener(
+            BeforeFileSystemSetupEvent::class,
+            $manager->setupStorage(...),
+        );
+
+        $enabled = $manager->isEnabled();
+        if ($enabled) {
+            \OC\Encryption\EncryptionEventListener::register(Server::get(IEventDispatcher::class));
+        }
+    }
+
+    private static function registerAccountHooks(): void {
+        /** @var IEventDispatcher $dispatcher */
+        $dispatcher = Server::get(IEventDispatcher::class);
+        $dispatcher->addServiceListener(UserChangedEvent::class, \OC\Accounts\Hooks::class);
+    }
+
+    private static function registerAppRestrictionsHooks(): void {
+        /** @var \OC\Group\Manager $groupManager */
+        $groupManager = Server::get(\OCP\IGroupManager::class);
+        $groupManager->listen('\OC\Group', 'postDelete', function (\OCP\IGroup $group) {
+            $appManager = Server::get(\OCP\App\IAppManager::class);
+            $apps = $appManager->getEnabledAppsForGroup($group);
+            foreach ($apps as $appId) {
+                $restrictions = $appManager->getAppRestriction($appId);
+                if (empty($restrictions)) {
+                    continue;
+                }
+                $key = array_search($group->getGID(), $restrictions);
+                unset($restrictions[$key]);
+                $restrictions = array_values($restrictions);
+                if (empty($restrictions)) {
+                    $appManager->disableApp($appId);
+                } else {
+                    $appManager->enableAppForGroups($appId, $restrictions);
+                }
+            }
+        });
+    }
+
+    private static function registerResourceCollectionHooks(): void {
+        \OC\Collaboration\Resources\Listener::register(Server::get(IEventDispatcher::class));
+    }
+
+    private static function registerFileReferenceEventListener(): void {
+        \OC\Collaboration\Reference\File\FileReferenceEventListener::register(Server::get(IEventDispatcher::class));
+    }
+
+    private static function registerRenderReferenceEventListener() {
+        \OC\Collaboration\Reference\RenderReferenceEventListener::register(Server::get(IEventDispatcher::class));
+    }
+
+    /**
+     * register hooks for sharing
+     */
+    public static function registerShareHooks(\OC\SystemConfig $systemConfig): void {
+        if ($systemConfig->getValue('installed')) {
+
+            $dispatcher = Server::get(IEventDispatcher::class);
+            $dispatcher->addServiceListener(UserRemovedEvent::class, UserRemovedListener::class);
+            $dispatcher->addServiceListener(GroupDeletedEvent::class, GroupDeletedListener::class);
+            $dispatcher->addServiceListener(UserDeletedEvent::class, UserDeletedListener::class);
+        }
+    }
+
+    /**
+     * Handle the request
+     */
+    public static function handleRequest(): void {
+        Server::get(\OCP\Diagnostics\IEventLogger::class)->start('handle_request', 'Handle request');
+        $systemConfig = Server::get(\OC\SystemConfig::class);
+
+        // Check if Nextcloud is installed or in maintenance (update) mode
+        if (!$systemConfig->getValue('installed', false)) {
+            \OC::$server->getSession()->clear();
+            $controller = Server::get(\OC\Core\Controller\SetupController::class);
+            $controller->run($_POST);
+            exit();
+        }
+
+        $request = Server::get(IRequest::class);
+        $request->throwDecodingExceptionIfAny();
+        $requestPath = $request->getRawPathInfo();
+        if ($requestPath === '/heartbeat') {
+            return;
+        }
+        if (substr($requestPath, -3) !== '.js') { // we need these files during the upgrade
+            self::checkMaintenanceMode($systemConfig);
+
+            if (\OCP\Util::needUpgrade()) {
+                if (function_exists('opcache_reset')) {
+                    opcache_reset();
+                }
+                if (!((bool)$systemConfig->getValue('maintenance', false))) {
+                    self::printUpgradePage($systemConfig);
+                    exit();
+                }
+            }
+        }
+
+        $appManager = Server::get(\OCP\App\IAppManager::class);
+
+        // Always load authentication apps
+        $appManager->loadApps(['authentication']);
+        $appManager->loadApps(['extended_authentication']);
+
+        // Load minimum set of apps
+        if (!\OCP\Util::needUpgrade()
+            && !((bool)$systemConfig->getValue('maintenance', false))) {
+            // For logged-in users: Load everything
+            if (Server::get(IUserSession::class)->isLoggedIn()) {
+                $appManager->loadApps();
+            } else {
+                // For guests: Load only filesystem and logging
+                $appManager->loadApps(['filesystem', 'logging']);
+
+                // Don't try to login when a client is trying to get a OAuth token.
+                // OAuth needs to support basic auth too, so the login is not valid
+                // inside Nextcloud and the Login exception would ruin it.
+                if ($request->getRawPathInfo() !== '/apps/oauth2/api/v1/token') {
+                    try {
+                        self::handleLogin($request);
+                    } catch (DisabledUserException $e) {
+                        // Disabled users would not be seen as logged in and
+                        // trying to log them in would fail, so the login
+                        // exception is ignored for the themed stylesheets and
+                        // images.
+                        if ($request->getRawPathInfo() !== '/apps/theming/theme/default.css'
+                            && $request->getRawPathInfo() !== '/apps/theming/theme/light.css'
+                            && $request->getRawPathInfo() !== '/apps/theming/theme/dark.css'
+                            && $request->getRawPathInfo() !== '/apps/theming/theme/light-highcontrast.css'
+                            && $request->getRawPathInfo() !== '/apps/theming/theme/dark-highcontrast.css'
+                            && $request->getRawPathInfo() !== '/apps/theming/theme/opendyslexic.css'
+                            && $request->getRawPathInfo() !== '/apps/theming/image/background'
+                            && $request->getRawPathInfo() !== '/apps/theming/image/logo'
+                            && $request->getRawPathInfo() !== '/apps/theming/image/logoheader'
+                            && !str_starts_with($request->getRawPathInfo(), '/apps/theming/favicon')
+                            && !str_starts_with($request->getRawPathInfo(), '/apps/theming/icon')) {
+                            throw $e;
+                        }
+                    }
+                }
+            }
+        }
+
+        if (!self::$CLI) {
+            try {
+                if (!\OCP\Util::needUpgrade()) {
+                    $appManager->loadApps(['filesystem', 'logging']);
+                    $appManager->loadApps();
+                }
+                Server::get(\OC\Route\Router::class)->match($request->getRawPathInfo());
+                return;
+            } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {
+                //header('HTTP/1.0 404 Not Found');
+            } catch (Symfony\Component\Routing\Exception\MethodNotAllowedException $e) {
+                http_response_code(405);
+                return;
+            }
+        }
+
+        // Handle WebDAV
+        if (isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'PROPFIND') {
+            // not allowed any more to prevent people
+            // mounting this root directly.
+            // Users need to mount remote.php/webdav instead.
+            http_response_code(405);
+            return;
+        }
+
+        // Handle requests for JSON or XML
+        $acceptHeader = $request->getHeader('Accept');
+        if (in_array($acceptHeader, ['application/json', 'application/xml'], true)) {
+            http_response_code(404);
+            return;
+        }
+
+        // Handle resources that can't be found
+        // This prevents browsers from redirecting to the default page and then
+        // attempting to parse HTML as CSS and similar.
+        $destinationHeader = $request->getHeader('Sec-Fetch-Dest');
+        if (in_array($destinationHeader, ['font', 'script', 'style'])) {
+            http_response_code(404);
+            return;
+        }
+
+        // Redirect to the default app or login only as an entry point
+        if ($requestPath === '') {
+            // Someone is logged in
+            if (Server::get(IUserSession::class)->isLoggedIn()) {
+                header('Location: ' . Server::get(IURLGenerator::class)->linkToDefaultPageUrl());
+            } else {
+                // Not handled and not logged in
+                header('Location: ' . Server::get(IURLGenerator::class)->linkToRouteAbsolute('core.login.showLoginForm'));
+            }
+            return;
+        }
+
+        try {
+            Server::get(\OC\Route\Router::class)->match('/error/404');
+        } catch (\Exception $e) {
+            if (!$e instanceof MethodNotAllowedException) {
+                logger('core')->emergency($e->getMessage(), ['exception' => $e]);
+            }
+            $l = Server::get(\OCP\L10N\IFactory::class)->get('lib');
+            Server::get(ITemplateManager::class)->printErrorPage(
+                '404',
+                $l->t('The page could not be found on the server.'),
+                404
+            );
+        }
+    }
+
+    /**
+     * Check login: apache auth, auth token, basic auth
+     */
+    public static function handleLogin(OCP\IRequest $request): bool {
+        if ($request->getHeader('X-Nextcloud-Federation')) {
+            return false;
+        }
+        $userSession = Server::get(\OC\User\Session::class);
+        if (OC_User::handleApacheAuth()) {
+            return true;
+        }
+        if (self::tryAppAPILogin($request)) {
+            return true;
+        }
+        if ($userSession->tryTokenLogin($request)) {
+            return true;
+        }
+        if (isset($_COOKIE['nc_username'])
+            && isset($_COOKIE['nc_token'])
+            && isset($_COOKIE['nc_session_id'])
+            && $userSession->loginWithCookie($_COOKIE['nc_username'], $_COOKIE['nc_token'], $_COOKIE['nc_session_id'])) {
+            return true;
+        }
+        if ($userSession->tryBasicAuthLogin($request, Server::get(IThrottler::class))) {
+            return true;
+        }
+        return false;
+    }
+
+    protected static function handleAuthHeaders(): void {
+        //copy http auth headers for apache+php-fcgid work around
+        if (isset($_SERVER['HTTP_XAUTHORIZATION']) && !isset($_SERVER['HTTP_AUTHORIZATION'])) {
+            $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['HTTP_XAUTHORIZATION'];
+        }
+
+        // Extract PHP_AUTH_USER/PHP_AUTH_PW from other headers if necessary.
+        $vars = [
+            'HTTP_AUTHORIZATION', // apache+php-cgi work around
+            'REDIRECT_HTTP_AUTHORIZATION', // apache+php-cgi alternative
+        ];
+        foreach ($vars as $var) {
+            if (isset($_SERVER[$var]) && is_string($_SERVER[$var]) && preg_match('/Basic\s+(.*)$/i', $_SERVER[$var], $matches)) {
+                $credentials = explode(':', base64_decode($matches[1]), 2);
+                if (count($credentials) === 2) {
+                    $_SERVER['PHP_AUTH_USER'] = $credentials[0];
+                    $_SERVER['PHP_AUTH_PW'] = $credentials[1];
+                    break;
+                }
+            }
+        }
+    }
+
+    protected static function tryAppAPILogin(OCP\IRequest $request): bool {
+        if (!$request->getHeader('AUTHORIZATION-APP-API')) {
+            return false;
+        }
+        $appManager = Server::get(OCP\App\IAppManager::class);
+        if (!$appManager->isEnabledForAnyone('app_api')) {
+            return false;
+        }
+        try {
+            $appAPIService = Server::get(OCA\AppAPI\Service\AppAPIService::class);
+            return $appAPIService->validateExAppRequestToNC($request);
+        } catch (\Psr\Container\NotFoundExceptionInterface|\Psr\Container\ContainerExceptionInterface $e) {
+            return false;
+        }
+    }
 }
 
 OC::init();

Please login to merge, or discard this patch.

core/AppInfo/Application.php 1 patch

Indentation +38 added lines, -38 removed lines patch added patch discarded remove patch

@@ -41,50 +41,50 @@
 block discarded – undo
  */
 class Application extends App implements IBootstrap {
 
-	public const APP_ID = 'core';
+    public const APP_ID = 'core';
 
-	/**
-	 * Application constructor.
-	 */
-	public function __construct(array $urlParams = []) {
-		parent::__construct(self::APP_ID, $urlParams);
-	}
+    /**
+     * Application constructor.
+     */
+    public function __construct(array $urlParams = []) {
+        parent::__construct(self::APP_ID, $urlParams);
+    }
 
-	public function register(IRegistrationContext $context): void {
-		$context->registerService('defaultMailAddress', function () {
-			return Util::getDefaultEmailAddress('lostpassword-noreply');
-		});
+    public function register(IRegistrationContext $context): void {
+        $context->registerService('defaultMailAddress', function () {
+            return Util::getDefaultEmailAddress('lostpassword-noreply');
+        });
 
-		// register notifier
-		$context->registerNotifierService(CoreNotifier::class);
-		$context->registerNotifierService(AuthenticationNotifier::class);
+        // register notifier
+        $context->registerNotifierService(CoreNotifier::class);
+        $context->registerNotifierService(AuthenticationNotifier::class);
 
-		// register event listeners
-		$context->registerEventListener(AddMissingIndicesEvent::class, AddMissingIndicesListener::class);
-		$context->registerEventListener(AddMissingPrimaryKeyEvent::class, AddMissingPrimaryKeyListener::class);
-		$context->registerEventListener(BeforeTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class);
-		$context->registerEventListener(BeforeLoginTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class);
-		$context->registerEventListener(RemoteWipeStarted::class, RemoteWipeActivityListener::class);
-		$context->registerEventListener(RemoteWipeStarted::class, RemoteWipeNotificationsListener::class);
-		$context->registerEventListener(RemoteWipeStarted::class, RemoteWipeEmailListener::class);
-		$context->registerEventListener(RemoteWipeFinished::class, RemoteWipeActivityListener::class);
-		$context->registerEventListener(RemoteWipeFinished::class, RemoteWipeNotificationsListener::class);
-		$context->registerEventListener(RemoteWipeFinished::class, RemoteWipeEmailListener::class);
-		$context->registerEventListener(UserDeletedEvent::class, UserDeletedStoreCleanupListener::class);
-		$context->registerEventListener(UserDeletedEvent::class, UserDeletedTokenCleanupListener::class);
-		$context->registerEventListener(BeforeUserDeletedEvent::class, UserDeletedFilesCleanupListener::class);
-		$context->registerEventListener(UserDeletedEvent::class, UserDeletedFilesCleanupListener::class);
-		$context->registerEventListener(UserDeletedEvent::class, UserDeletedWebAuthnCleanupListener::class);
+        // register event listeners
+        $context->registerEventListener(AddMissingIndicesEvent::class, AddMissingIndicesListener::class);
+        $context->registerEventListener(AddMissingPrimaryKeyEvent::class, AddMissingPrimaryKeyListener::class);
+        $context->registerEventListener(BeforeTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class);
+        $context->registerEventListener(BeforeLoginTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class);
+        $context->registerEventListener(RemoteWipeStarted::class, RemoteWipeActivityListener::class);
+        $context->registerEventListener(RemoteWipeStarted::class, RemoteWipeNotificationsListener::class);
+        $context->registerEventListener(RemoteWipeStarted::class, RemoteWipeEmailListener::class);
+        $context->registerEventListener(RemoteWipeFinished::class, RemoteWipeActivityListener::class);
+        $context->registerEventListener(RemoteWipeFinished::class, RemoteWipeNotificationsListener::class);
+        $context->registerEventListener(RemoteWipeFinished::class, RemoteWipeEmailListener::class);
+        $context->registerEventListener(UserDeletedEvent::class, UserDeletedStoreCleanupListener::class);
+        $context->registerEventListener(UserDeletedEvent::class, UserDeletedTokenCleanupListener::class);
+        $context->registerEventListener(BeforeUserDeletedEvent::class, UserDeletedFilesCleanupListener::class);
+        $context->registerEventListener(UserDeletedEvent::class, UserDeletedFilesCleanupListener::class);
+        $context->registerEventListener(UserDeletedEvent::class, UserDeletedWebAuthnCleanupListener::class);
 
-		// Tags
-		$context->registerEventListener(UserDeletedEvent::class, TagManager::class);
+        // Tags
+        $context->registerEventListener(UserDeletedEvent::class, TagManager::class);
 
-		// config lexicon
-		$context->registerConfigLexicon(ConfigLexicon::class);
-	}
+        // config lexicon
+        $context->registerConfigLexicon(ConfigLexicon::class);
+    }
 
-	public function boot(IBootContext $context): void {
-		// ...
-	}
+    public function boot(IBootContext $context): void {
+        // ...
+    }
 
 }

Please login to merge, or discard this patch.

core/AppInfo/ConfigLexicon.php 1 patch

Indentation +18 added lines, -18 removed lines patch added patch discarded remove patch

@@ -19,25 +19,25 @@
 block discarded – undo
  * Please Add & Manage your Config Keys in that file and keep the Lexicon up to date!
  */
 class ConfigLexicon implements IConfigLexicon {
-	public const SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES = 'shareapi_allow_federation_on_public_shares';
+    public const SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES = 'shareapi_allow_federation_on_public_shares';
 
-	public function getStrictness(): ConfigLexiconStrictness {
-		return ConfigLexiconStrictness::IGNORE;
-	}
+    public function getStrictness(): ConfigLexiconStrictness {
+        return ConfigLexiconStrictness::IGNORE;
+    }
 
-	public function getAppConfigs(): array {
-		return [
-			new ConfigLexiconEntry(
-				key: self::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES,
-				type: ValueType::BOOL,
-				lazy: true,
-				defaultRaw: true,
-				definition: 'adds share permission to public shares to allow adding them to your Nextcloud (federation)',
-			),
-		];
-	}
+    public function getAppConfigs(): array {
+        return [
+            new ConfigLexiconEntry(
+                key: self::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES,
+                type: ValueType::BOOL,
+                lazy: true,
+                defaultRaw: true,
+                definition: 'adds share permission to public shares to allow adding them to your Nextcloud (federation)',
+            ),
+        ];
+    }
 
-	public function getUserConfigs(): array {
-		return [];
-	}
+    public function getUserConfigs(): array {
+        return [];
+    }
 }

Please login to merge, or discard this patch.

apps/settings/lib/Settings/Admin/Sharing.php 1 patch

Indentation +93 added lines, -93 removed lines patch added patch discarded remove patch

@@ -20,106 +20,106 @@
 block discarded – undo
 use OCP\Util;
 
 class Sharing implements IDelegatedSettings {
-	public function __construct(
-		private IConfig $config,
-		private IAppConfig $appConfig,
-		private IL10N $l,
-		private IManager $shareManager,
-		private IAppManager $appManager,
-		private IURLGenerator $urlGenerator,
-		private IInitialState $initialState,
-		private string $appName,
-	) {
-	}
+    public function __construct(
+        private IConfig $config,
+        private IAppConfig $appConfig,
+        private IL10N $l,
+        private IManager $shareManager,
+        private IAppManager $appManager,
+        private IURLGenerator $urlGenerator,
+        private IInitialState $initialState,
+        private string $appName,
+    ) {
+    }
 
-	/**
-	 * @return TemplateResponse
-	 */
-	public function getForm() {
-		$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
-		$linksExcludedGroups = $this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '');
-		$excludedPasswordGroups = $this->config->getAppValue('core', 'shareapi_enforce_links_password_excluded_groups', '');
-		$onlyShareWithGroupMembersExcludeGroupList = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', '');
+    /**
+     * @return TemplateResponse
+     */
+    public function getForm() {
+        $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
+        $linksExcludedGroups = $this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '');
+        $excludedPasswordGroups = $this->config->getAppValue('core', 'shareapi_enforce_links_password_excluded_groups', '');
+        $onlyShareWithGroupMembersExcludeGroupList = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', '');
 
-		$parameters = [
-			// Built-In Sharing
-			'enabled' => $this->getHumanBooleanConfig('core', 'shareapi_enabled', true),
-			'allowGroupSharing' => $this->getHumanBooleanConfig('core', 'shareapi_allow_group_sharing', true),
-			'allowLinks' => $this->getHumanBooleanConfig('core', 'shareapi_allow_links', true),
-			'allowLinksExcludeGroups' => json_decode($linksExcludedGroups, true) ?? [],
-			'allowPublicUpload' => $this->getHumanBooleanConfig('core', 'shareapi_allow_public_upload', true),
-			'allowResharing' => $this->getHumanBooleanConfig('core', 'shareapi_allow_resharing', true),
-			'allowShareDialogUserEnumeration' => $this->getHumanBooleanConfig('core', 'shareapi_allow_share_dialog_user_enumeration', true),
-			'allowFederationOnPublicShares' => $this->appConfig->getValueBool('core', ConfigLexicon::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES),
-			'restrictUserEnumerationToGroup' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_group'),
-			'restrictUserEnumerationToPhone' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_phone'),
-			'restrictUserEnumerationFullMatch' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match', true),
-			'restrictUserEnumerationFullMatchUserId' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_userid', true),
-			'restrictUserEnumerationFullMatchEmail' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_email', true),
-			'restrictUserEnumerationFullMatchIgnoreSecondDN' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn'),
-			'enforceLinksPassword' => Util::isPublicLinkPasswordRequired(false),
-			'enforceLinksPasswordExcludedGroups' => json_decode($excludedPasswordGroups) ?? [],
-			'enforceLinksPasswordExcludedGroupsEnabled' => $this->config->getSystemValueBool('sharing.allow_disabled_password_enforcement_groups', false),
-			'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(),
-			'onlyShareWithGroupMembersExcludeGroupList' => json_decode($onlyShareWithGroupMembersExcludeGroupList) ?? [],
-			'defaultExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_expire_date'),
-			'expireAfterNDays' => $this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7'),
-			'enforceExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_expire_date'),
-			'excludeGroups' => $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no'),
-			'excludeGroupsList' => json_decode($excludedGroups, true) ?? [],
-			'publicShareDisclaimerText' => $this->config->getAppValue('core', 'shareapi_public_link_disclaimertext'),
-			'enableLinkPasswordByDefault' => $this->getHumanBooleanConfig('core', 'shareapi_enable_link_password_by_default'),
-			'defaultPermissions' => (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL),
-			'defaultInternalExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_internal_expire_date'),
-			'internalExpireAfterNDays' => $this->config->getAppValue('core', 'shareapi_internal_expire_after_n_days', '7'),
-			'enforceInternalExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_internal_expire_date'),
-			'defaultRemoteExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_remote_expire_date'),
-			'remoteExpireAfterNDays' => $this->config->getAppValue('core', 'shareapi_remote_expire_after_n_days', '7'),
-			'enforceRemoteExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_remote_expire_date'),
-			'allowCustomTokens' => $this->shareManager->allowCustomTokens(),
-			'allowViewWithoutDownload' => $this->shareManager->allowViewWithoutDownload(),
-		];
+        $parameters = [
+            // Built-In Sharing
+            'enabled' => $this->getHumanBooleanConfig('core', 'shareapi_enabled', true),
+            'allowGroupSharing' => $this->getHumanBooleanConfig('core', 'shareapi_allow_group_sharing', true),
+            'allowLinks' => $this->getHumanBooleanConfig('core', 'shareapi_allow_links', true),
+            'allowLinksExcludeGroups' => json_decode($linksExcludedGroups, true) ?? [],
+            'allowPublicUpload' => $this->getHumanBooleanConfig('core', 'shareapi_allow_public_upload', true),
+            'allowResharing' => $this->getHumanBooleanConfig('core', 'shareapi_allow_resharing', true),
+            'allowShareDialogUserEnumeration' => $this->getHumanBooleanConfig('core', 'shareapi_allow_share_dialog_user_enumeration', true),
+            'allowFederationOnPublicShares' => $this->appConfig->getValueBool('core', ConfigLexicon::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES),
+            'restrictUserEnumerationToGroup' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_group'),
+            'restrictUserEnumerationToPhone' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_phone'),
+            'restrictUserEnumerationFullMatch' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match', true),
+            'restrictUserEnumerationFullMatchUserId' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_userid', true),
+            'restrictUserEnumerationFullMatchEmail' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_email', true),
+            'restrictUserEnumerationFullMatchIgnoreSecondDN' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn'),
+            'enforceLinksPassword' => Util::isPublicLinkPasswordRequired(false),
+            'enforceLinksPasswordExcludedGroups' => json_decode($excludedPasswordGroups) ?? [],
+            'enforceLinksPasswordExcludedGroupsEnabled' => $this->config->getSystemValueBool('sharing.allow_disabled_password_enforcement_groups', false),
+            'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(),
+            'onlyShareWithGroupMembersExcludeGroupList' => json_decode($onlyShareWithGroupMembersExcludeGroupList) ?? [],
+            'defaultExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_expire_date'),
+            'expireAfterNDays' => $this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7'),
+            'enforceExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_expire_date'),
+            'excludeGroups' => $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no'),
+            'excludeGroupsList' => json_decode($excludedGroups, true) ?? [],
+            'publicShareDisclaimerText' => $this->config->getAppValue('core', 'shareapi_public_link_disclaimertext'),
+            'enableLinkPasswordByDefault' => $this->getHumanBooleanConfig('core', 'shareapi_enable_link_password_by_default'),
+            'defaultPermissions' => (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL),
+            'defaultInternalExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_internal_expire_date'),
+            'internalExpireAfterNDays' => $this->config->getAppValue('core', 'shareapi_internal_expire_after_n_days', '7'),
+            'enforceInternalExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_internal_expire_date'),
+            'defaultRemoteExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_remote_expire_date'),
+            'remoteExpireAfterNDays' => $this->config->getAppValue('core', 'shareapi_remote_expire_after_n_days', '7'),
+            'enforceRemoteExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_remote_expire_date'),
+            'allowCustomTokens' => $this->shareManager->allowCustomTokens(),
+            'allowViewWithoutDownload' => $this->shareManager->allowViewWithoutDownload(),
+        ];
 
-		$this->initialState->provideInitialState('sharingAppEnabled', $this->appManager->isEnabledForUser('files_sharing'));
-		$this->initialState->provideInitialState('sharingDocumentation', $this->urlGenerator->linkToDocs('admin-sharing'));
-		$this->initialState->provideInitialState('sharingSettings', $parameters);
+        $this->initialState->provideInitialState('sharingAppEnabled', $this->appManager->isEnabledForUser('files_sharing'));
+        $this->initialState->provideInitialState('sharingDocumentation', $this->urlGenerator->linkToDocs('admin-sharing'));
+        $this->initialState->provideInitialState('sharingSettings', $parameters);
 
-		Util::addScript($this->appName, 'vue-settings-admin-sharing');
-		return new TemplateResponse($this->appName, 'settings/admin/sharing', [], '');
-	}
+        Util::addScript($this->appName, 'vue-settings-admin-sharing');
+        return new TemplateResponse($this->appName, 'settings/admin/sharing', [], '');
+    }
 
-	/**
-	 * Helper function to retrive boolean values from human readable strings ('yes' / 'no')
-	 */
-	private function getHumanBooleanConfig(string $app, string $key, bool $default = false): bool {
-		return $this->config->getAppValue($app, $key, $default ? 'yes' : 'no') === 'yes';
-	}
+    /**
+     * Helper function to retrive boolean values from human readable strings ('yes' / 'no')
+     */
+    private function getHumanBooleanConfig(string $app, string $key, bool $default = false): bool {
+        return $this->config->getAppValue($app, $key, $default ? 'yes' : 'no') === 'yes';
+    }
 
-	/**
-	 * @return string the section ID, e.g. 'sharing'
-	 */
-	public function getSection() {
-		return 'sharing';
-	}
+    /**
+     * @return string the section ID, e.g. 'sharing'
+     */
+    public function getSection() {
+        return 'sharing';
+    }
 
-	/**
-	 * @return int whether the form should be rather on the top or bottom of
-	 *             the admin section. The forms are arranged in ascending order of the
-	 *             priority values. It is required to return a value between 0 and 100.
-	 *
-	 * E.g.: 70
-	 */
-	public function getPriority() {
-		return 0;
-	}
+    /**
+     * @return int whether the form should be rather on the top or bottom of
+     *             the admin section. The forms are arranged in ascending order of the
+     *             priority values. It is required to return a value between 0 and 100.
+     *
+     * E.g.: 70
+     */
+    public function getPriority() {
+        return 0;
+    }
 
-	public function getAuthorizedAppConfig(): array {
-		return [
-			'core' => ['/shareapi_.*/'],
-		];
-	}
+    public function getAuthorizedAppConfig(): array {
+        return [
+            'core' => ['/shareapi_.*/'],
+        ];
+    }
 
-	public function getName(): ?string {
-		return null;
-	}
+    public function getName(): ?string {
+        return null;
+    }
 }

Please login to merge, or discard this patch.

apps/settings/tests/Settings/Admin/SharingTest.php 1 patch

Indentation +222 added lines, -222 removed lines patch added patch discarded remove patch

@@ -20,245 +20,245 @@
 block discarded – undo
 use Test\TestCase;
 
 class SharingTest extends TestCase {
-	private Sharing $admin;
+    private Sharing $admin;
 
-	private IConfig&MockObject $config;
-	private IAppConfig&MockObject $appConfig;
-	private IL10N&MockObject $l10n;
-	private IManager&MockObject $shareManager;
-	private IAppManager&MockObject $appManager;
-	private IURLGenerator&MockObject $urlGenerator;
-	private IInitialState&MockObject $initialState;
+    private IConfig&MockObject $config;
+    private IAppConfig&MockObject $appConfig;
+    private IL10N&MockObject $l10n;
+    private IManager&MockObject $shareManager;
+    private IAppManager&MockObject $appManager;
+    private IURLGenerator&MockObject $urlGenerator;
+    private IInitialState&MockObject $initialState;
 
-	protected function setUp(): void {
-		parent::setUp();
-		$this->config = $this->createMock(IConfig::class);
-		$this->appConfig = $this->createMock(IAppConfig::class);
-		$this->l10n = $this->createMock(IL10N::class);
+    protected function setUp(): void {
+        parent::setUp();
+        $this->config = $this->createMock(IConfig::class);
+        $this->appConfig = $this->createMock(IAppConfig::class);
+        $this->l10n = $this->createMock(IL10N::class);
 
-		$this->shareManager = $this->createMock(IManager::class);
-		$this->appManager = $this->createMock(IAppManager::class);
-		$this->urlGenerator = $this->createMock(IURLGenerator::class);
-		$this->initialState = $this->createMock(IInitialState::class);
+        $this->shareManager = $this->createMock(IManager::class);
+        $this->appManager = $this->createMock(IAppManager::class);
+        $this->urlGenerator = $this->createMock(IURLGenerator::class);
+        $this->initialState = $this->createMock(IInitialState::class);
 
-		$this->admin = new Sharing(
-			$this->config,
-			$this->appConfig,
-			$this->l10n,
-			$this->shareManager,
-			$this->appManager,
-			$this->urlGenerator,
-			$this->initialState,
-			'settings',
-		);
-	}
+        $this->admin = new Sharing(
+            $this->config,
+            $this->appConfig,
+            $this->l10n,
+            $this->shareManager,
+            $this->appManager,
+            $this->urlGenerator,
+            $this->initialState,
+            'settings',
+        );
+    }
 
-	public function testGetFormWithoutExcludedGroups(): void {
-		$this->appConfig
-			->method('getValueBool')
-			->willReturnMap([
-				['core', 'shareapi_allow_federation_on_public_shares', false, false, true],
-			]);
+    public function testGetFormWithoutExcludedGroups(): void {
+        $this->appConfig
+            ->method('getValueBool')
+            ->willReturnMap([
+                ['core', 'shareapi_allow_federation_on_public_shares', false, false, true],
+            ]);
 
-		$this->config
-			->method('getAppValue')
-			->willReturnMap([
-				['core', 'shareapi_exclude_groups_list', '', ''],
-				['core', 'shareapi_allow_links_exclude_groups', '', ''],
-				['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
-				['core', 'shareapi_allow_links', 'yes', 'yes'],
-				['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
-				['core', 'shareapi_allow_resharing', 'yes', 'yes'],
-				['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
-				['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
-				['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no', 'no'],
-				['core', 'shareapi_enabled', 'yes', 'yes'],
-				['core', 'shareapi_default_expire_date', 'no', 'no'],
-				['core', 'shareapi_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_expire_date', 'no', 'no'],
-				['core', 'shareapi_exclude_groups', 'no', 'no'],
-				['core', 'shareapi_public_link_disclaimertext', '', 'Lorem ipsum'],
-				['core', 'shareapi_enable_link_password_by_default', 'no', 'yes'],
-				['core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
-				['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
-				['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
-				['core', 'shareapi_default_remote_expire_date', 'no', 'no'],
-				['core', 'shareapi_remote_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_remote_expire_date', 'no', 'no'],
-				['core', 'shareapi_enforce_links_password_excluded_groups', '', ''],
-				['core', 'shareapi_only_share_with_group_members_exclude_group_list', '', '[]'],
-			]);
-		$this->shareManager->method('shareWithGroupMembersOnly')
-			->willReturn(false);
+        $this->config
+            ->method('getAppValue')
+            ->willReturnMap([
+                ['core', 'shareapi_exclude_groups_list', '', ''],
+                ['core', 'shareapi_allow_links_exclude_groups', '', ''],
+                ['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
+                ['core', 'shareapi_allow_links', 'yes', 'yes'],
+                ['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
+                ['core', 'shareapi_allow_resharing', 'yes', 'yes'],
+                ['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
+                ['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no', 'no'],
+                ['core', 'shareapi_enabled', 'yes', 'yes'],
+                ['core', 'shareapi_default_expire_date', 'no', 'no'],
+                ['core', 'shareapi_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_expire_date', 'no', 'no'],
+                ['core', 'shareapi_exclude_groups', 'no', 'no'],
+                ['core', 'shareapi_public_link_disclaimertext', '', 'Lorem ipsum'],
+                ['core', 'shareapi_enable_link_password_by_default', 'no', 'yes'],
+                ['core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
+                ['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
+                ['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
+                ['core', 'shareapi_default_remote_expire_date', 'no', 'no'],
+                ['core', 'shareapi_remote_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_remote_expire_date', 'no', 'no'],
+                ['core', 'shareapi_enforce_links_password_excluded_groups', '', ''],
+                ['core', 'shareapi_only_share_with_group_members_exclude_group_list', '', '[]'],
+            ]);
+        $this->shareManager->method('shareWithGroupMembersOnly')
+            ->willReturn(false);
 
-		$this->appManager->method('isEnabledForUser')->with('files_sharing')->willReturn(false);
+        $this->appManager->method('isEnabledForUser')->with('files_sharing')->willReturn(false);
 
-		$initialStateCalls = [];
-		$this->initialState
-			->expects($this->exactly(3))
-			->method('provideInitialState')
-			->willReturnCallback(function (string $key) use (&$initialStateCalls): void {
-				$initialStateCalls[$key] = func_get_args();
-			});
+        $initialStateCalls = [];
+        $this->initialState
+            ->expects($this->exactly(3))
+            ->method('provideInitialState')
+            ->willReturnCallback(function (string $key) use (&$initialStateCalls): void {
+                $initialStateCalls[$key] = func_get_args();
+            });
 
-		$expectedInitialStateCalls = [
-			'sharingAppEnabled' => false,
-			'sharingDocumentation' => '',
-			'sharingSettings' => [
-				'allowGroupSharing' => true,
-				'allowLinks' => true,
-				'allowPublicUpload' => true,
-				'allowResharing' => true,
-				'allowShareDialogUserEnumeration' => true,
-				'allowFederationOnPublicShares' => true,
-				'restrictUserEnumerationToGroup' => false,
-				'restrictUserEnumerationToPhone' => false,
-				'restrictUserEnumerationFullMatch' => true,
-				'restrictUserEnumerationFullMatchUserId' => true,
-				'restrictUserEnumerationFullMatchEmail' => true,
-				'restrictUserEnumerationFullMatchIgnoreSecondDN' => false,
-				'enforceLinksPassword' => false,
-				'onlyShareWithGroupMembers' => false,
-				'enabled' => true,
-				'defaultExpireDate' => false,
-				'expireAfterNDays' => '7',
-				'enforceExpireDate' => false,
-				'excludeGroups' => 'no',
-				'excludeGroupsList' => [],
-				'publicShareDisclaimerText' => 'Lorem ipsum',
-				'enableLinkPasswordByDefault' => true,
-				'defaultPermissions' => Constants::PERMISSION_ALL,
-				'defaultInternalExpireDate' => false,
-				'internalExpireAfterNDays' => '7',
-				'enforceInternalExpireDate' => false,
-				'defaultRemoteExpireDate' => false,
-				'remoteExpireAfterNDays' => '7',
-				'enforceRemoteExpireDate' => false,
-				'allowLinksExcludeGroups' => [],
-				'onlyShareWithGroupMembersExcludeGroupList' => [],
-				'enforceLinksPasswordExcludedGroups' => [],
-				'enforceLinksPasswordExcludedGroupsEnabled' => false,
-			]
-		];
+        $expectedInitialStateCalls = [
+            'sharingAppEnabled' => false,
+            'sharingDocumentation' => '',
+            'sharingSettings' => [
+                'allowGroupSharing' => true,
+                'allowLinks' => true,
+                'allowPublicUpload' => true,
+                'allowResharing' => true,
+                'allowShareDialogUserEnumeration' => true,
+                'allowFederationOnPublicShares' => true,
+                'restrictUserEnumerationToGroup' => false,
+                'restrictUserEnumerationToPhone' => false,
+                'restrictUserEnumerationFullMatch' => true,
+                'restrictUserEnumerationFullMatchUserId' => true,
+                'restrictUserEnumerationFullMatchEmail' => true,
+                'restrictUserEnumerationFullMatchIgnoreSecondDN' => false,
+                'enforceLinksPassword' => false,
+                'onlyShareWithGroupMembers' => false,
+                'enabled' => true,
+                'defaultExpireDate' => false,
+                'expireAfterNDays' => '7',
+                'enforceExpireDate' => false,
+                'excludeGroups' => 'no',
+                'excludeGroupsList' => [],
+                'publicShareDisclaimerText' => 'Lorem ipsum',
+                'enableLinkPasswordByDefault' => true,
+                'defaultPermissions' => Constants::PERMISSION_ALL,
+                'defaultInternalExpireDate' => false,
+                'internalExpireAfterNDays' => '7',
+                'enforceInternalExpireDate' => false,
+                'defaultRemoteExpireDate' => false,
+                'remoteExpireAfterNDays' => '7',
+                'enforceRemoteExpireDate' => false,
+                'allowLinksExcludeGroups' => [],
+                'onlyShareWithGroupMembersExcludeGroupList' => [],
+                'enforceLinksPasswordExcludedGroups' => [],
+                'enforceLinksPasswordExcludedGroupsEnabled' => false,
+            ]
+        ];
 
-		$expected = new TemplateResponse(
-			'settings',
-			'settings/admin/sharing',
-			[],
-			''
-		);
+        $expected = new TemplateResponse(
+            'settings',
+            'settings/admin/sharing',
+            [],
+            ''
+        );
 
-		$this->assertEquals($expected, $this->admin->getForm());
-		$this->assertEquals(sort($expectedInitialStateCalls), sort($initialStateCalls), 'Provided initial state does not match');
-	}
+        $this->assertEquals($expected, $this->admin->getForm());
+        $this->assertEquals(sort($expectedInitialStateCalls), sort($initialStateCalls), 'Provided initial state does not match');
+    }
 
-	public function testGetFormWithExcludedGroups(): void {
-		$this->config
-			->method('getAppValue')
-			->willReturnMap([
-				['core', 'shareapi_exclude_groups_list', '', '["NoSharers","OtherNoSharers"]'],
-				['core', 'shareapi_allow_links_exclude_groups', '', ''],
-				['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
-				['core', 'shareapi_allow_links', 'yes', 'yes'],
-				['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
-				['core', 'shareapi_allow_resharing', 'yes', 'yes'],
-				['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
-				['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
-				['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'],
-				['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no', 'no'],
-				['core', 'shareapi_enabled', 'yes', 'yes'],
-				['core', 'shareapi_default_expire_date', 'no', 'no'],
-				['core', 'shareapi_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_expire_date', 'no', 'no'],
-				['core', 'shareapi_exclude_groups', 'no', 'yes'],
-				['core', 'shareapi_public_link_disclaimertext', '', 'Lorem ipsum'],
-				['core', 'shareapi_enable_link_password_by_default', 'no', 'yes'],
-				['core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
-				['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
-				['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
-				['core', 'shareapi_default_remote_expire_date', 'no', 'no'],
-				['core', 'shareapi_remote_expire_after_n_days', '7', '7'],
-				['core', 'shareapi_enforce_remote_expire_date', 'no', 'no'],
-				['core', 'shareapi_enforce_links_password_excluded_groups', '', ''],
-				['core', 'shareapi_only_share_with_group_members_exclude_group_list', '', '[]'],
-			]);
-		$this->shareManager->method('shareWithGroupMembersOnly')
-			->willReturn(false);
+    public function testGetFormWithExcludedGroups(): void {
+        $this->config
+            ->method('getAppValue')
+            ->willReturnMap([
+                ['core', 'shareapi_exclude_groups_list', '', '["NoSharers","OtherNoSharers"]'],
+                ['core', 'shareapi_allow_links_exclude_groups', '', ''],
+                ['core', 'shareapi_allow_group_sharing', 'yes', 'yes'],
+                ['core', 'shareapi_allow_links', 'yes', 'yes'],
+                ['core', 'shareapi_allow_public_upload', 'yes', 'yes'],
+                ['core', 'shareapi_allow_resharing', 'yes', 'yes'],
+                ['core', 'shareapi_allow_share_dialog_user_enumeration', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_to_group', 'no', 'no'],
+                ['core', 'shareapi_restrict_user_enumeration_to_phone', 'no', 'no'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes', 'yes'],
+                ['core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no', 'no'],
+                ['core', 'shareapi_enabled', 'yes', 'yes'],
+                ['core', 'shareapi_default_expire_date', 'no', 'no'],
+                ['core', 'shareapi_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_expire_date', 'no', 'no'],
+                ['core', 'shareapi_exclude_groups', 'no', 'yes'],
+                ['core', 'shareapi_public_link_disclaimertext', '', 'Lorem ipsum'],
+                ['core', 'shareapi_enable_link_password_by_default', 'no', 'yes'],
+                ['core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL, Constants::PERMISSION_ALL],
+                ['core', 'shareapi_default_internal_expire_date', 'no', 'no'],
+                ['core', 'shareapi_internal_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_internal_expire_date', 'no', 'no'],
+                ['core', 'shareapi_default_remote_expire_date', 'no', 'no'],
+                ['core', 'shareapi_remote_expire_after_n_days', '7', '7'],
+                ['core', 'shareapi_enforce_remote_expire_date', 'no', 'no'],
+                ['core', 'shareapi_enforce_links_password_excluded_groups', '', ''],
+                ['core', 'shareapi_only_share_with_group_members_exclude_group_list', '', '[]'],
+            ]);
+        $this->shareManager->method('shareWithGroupMembersOnly')
+            ->willReturn(false);
 
-		$this->appManager->method('isEnabledForUser')->with('files_sharing')->willReturn(true);
+        $this->appManager->method('isEnabledForUser')->with('files_sharing')->willReturn(true);
 
-		$initialStateCalls = [];
-		$this->initialState
-			->expects($this->exactly(3))
-			->method('provideInitialState')
-			->willReturnCallback(function (string $key) use (&$initialStateCalls): void {
-				$initialStateCalls[$key] = func_get_args();
-			});
+        $initialStateCalls = [];
+        $this->initialState
+            ->expects($this->exactly(3))
+            ->method('provideInitialState')
+            ->willReturnCallback(function (string $key) use (&$initialStateCalls): void {
+                $initialStateCalls[$key] = func_get_args();
+            });
 
-		$expectedInitialStateCalls = [
-			'sharingAppEnabled' => true,
-			'sharingDocumentation' => '',
-			'sharingSettings' => [
-				'allowGroupSharing' => true,
-				'allowLinks' => true,
-				'allowPublicUpload' => true,
-				'allowResharing' => true,
-				'allowShareDialogUserEnumeration' => true,
-				'restrictUserEnumerationToGroup' => false,
-				'restrictUserEnumerationToPhone' => false,
-				'restrictUserEnumerationFullMatch' => true,
-				'restrictUserEnumerationFullMatchUserId' => true,
-				'restrictUserEnumerationFullMatchEmail' => true,
-				'restrictUserEnumerationFullMatchIgnoreSecondDN' => false,
-				'enforceLinksPassword' => false,
-				'onlyShareWithGroupMembers' => false,
-				'enabled' => true,
-				'defaultExpireDate' => false,
-				'expireAfterNDays' => '7',
-				'enforceExpireDate' => false,
-				'excludeGroups' => 'yes',
-				'excludeGroupsList' => ['NoSharers','OtherNoSharers'],
-				'publicShareDisclaimerText' => 'Lorem ipsum',
-				'enableLinkPasswordByDefault' => true,
-				'defaultPermissions' => Constants::PERMISSION_ALL,
-				'defaultInternalExpireDate' => false,
-				'internalExpireAfterNDays' => '7',
-				'enforceInternalExpireDate' => false,
-				'defaultRemoteExpireDate' => false,
-				'remoteExpireAfterNDays' => '7',
-				'enforceRemoteExpireDate' => false,
-				'allowLinksExcludeGroups' => [],
-				'onlyShareWithGroupMembersExcludeGroupList' => [],
-				'enforceLinksPasswordExcludedGroups' => [],
-				'enforceLinksPasswordExcludedGroupsEnabled' => false,
-			],
-		];
+        $expectedInitialStateCalls = [
+            'sharingAppEnabled' => true,
+            'sharingDocumentation' => '',
+            'sharingSettings' => [
+                'allowGroupSharing' => true,
+                'allowLinks' => true,
+                'allowPublicUpload' => true,
+                'allowResharing' => true,
+                'allowShareDialogUserEnumeration' => true,
+                'restrictUserEnumerationToGroup' => false,
+                'restrictUserEnumerationToPhone' => false,
+                'restrictUserEnumerationFullMatch' => true,
+                'restrictUserEnumerationFullMatchUserId' => true,
+                'restrictUserEnumerationFullMatchEmail' => true,
+                'restrictUserEnumerationFullMatchIgnoreSecondDN' => false,
+                'enforceLinksPassword' => false,
+                'onlyShareWithGroupMembers' => false,
+                'enabled' => true,
+                'defaultExpireDate' => false,
+                'expireAfterNDays' => '7',
+                'enforceExpireDate' => false,
+                'excludeGroups' => 'yes',
+                'excludeGroupsList' => ['NoSharers','OtherNoSharers'],
+                'publicShareDisclaimerText' => 'Lorem ipsum',
+                'enableLinkPasswordByDefault' => true,
+                'defaultPermissions' => Constants::PERMISSION_ALL,
+                'defaultInternalExpireDate' => false,
+                'internalExpireAfterNDays' => '7',
+                'enforceInternalExpireDate' => false,
+                'defaultRemoteExpireDate' => false,
+                'remoteExpireAfterNDays' => '7',
+                'enforceRemoteExpireDate' => false,
+                'allowLinksExcludeGroups' => [],
+                'onlyShareWithGroupMembersExcludeGroupList' => [],
+                'enforceLinksPasswordExcludedGroups' => [],
+                'enforceLinksPasswordExcludedGroupsEnabled' => false,
+            ],
+        ];
 
-		$expected = new TemplateResponse(
-			'settings',
-			'settings/admin/sharing',
-			[],
-			''
-		);
+        $expected = new TemplateResponse(
+            'settings',
+            'settings/admin/sharing',
+            [],
+            ''
+        );
 
-		$this->assertEquals($expected, $this->admin->getForm());
-		$this->assertEquals(sort($expectedInitialStateCalls), sort($initialStateCalls), 'Provided initial state does not match');
-	}
+        $this->assertEquals($expected, $this->admin->getForm());
+        $this->assertEquals(sort($expectedInitialStateCalls), sort($initialStateCalls), 'Provided initial state does not match');
+    }
 
-	public function testGetSection(): void {
-		$this->assertSame('sharing', $this->admin->getSection());
-	}
+    public function testGetSection(): void {
+        $this->assertSame('sharing', $this->admin->getSection());
+    }
 
-	public function testGetPriority(): void {
-		$this->assertSame(0, $this->admin->getPriority());
-	}
+    public function testGetPriority(): void {
+        $this->assertSame(0, $this->admin->getPriority());
+    }
 }

Please login to merge, or discard this patch.

apps/files_sharing/lib/Controller/ShareAPIController.php 1 patch

Indentation +2185 added lines, -2185 removed lines patch added patch discarded remove patch

@@ -75,2192 +75,2192 @@
 block discarded – undo
  */
 class ShareAPIController extends OCSController {
 
-	private ?Node $lockedNode = null;
-
-	/**
-	 * Share20OCS constructor.
-	 */
-	public function __construct(
-		string $appName,
-		IRequest $request,
-		private IManager $shareManager,
-		private IGroupManager $groupManager,
-		private IUserManager $userManager,
-		private IRootFolder $rootFolder,
-		private IURLGenerator $urlGenerator,
-		private IL10N $l,
-		private IConfig $config,
-		private IAppConfig $appConfig,
-		private IAppManager $appManager,
-		private ContainerInterface $serverContainer,
-		private IUserStatusManager $userStatusManager,
-		private IPreview $previewManager,
-		private IDateTimeZone $dateTimeZone,
-		private LoggerInterface $logger,
-		private IProviderFactory $factory,
-		private IMailer $mailer,
-		private ITagManager $tagManager,
-		private ?string $userId = null,
-	) {
-		parent::__construct($appName, $request);
-	}
-
-	/**
-	 * Convert an IShare to an array for OCS output
-	 *
-	 * @param IShare $share
-	 * @param Node|null $recipientNode
-	 * @return Files_SharingShare
-	 * @throws NotFoundException In case the node can't be resolved.
-	 *
-	 * @suppress PhanUndeclaredClassMethod
-	 */
-	protected function formatShare(IShare $share, ?Node $recipientNode = null): array {
-		$sharedBy = $this->userManager->get($share->getSharedBy());
-		$shareOwner = $this->userManager->get($share->getShareOwner());
-
-		$isOwnShare = false;
-		if ($shareOwner !== null) {
-			$isOwnShare = $shareOwner->getUID() === $this->userId;
-		}
-
-		$result = [
-			'id' => $share->getId(),
-			'share_type' => $share->getShareType(),
-			'uid_owner' => $share->getSharedBy(),
-			'displayname_owner' => $sharedBy !== null ? $sharedBy->getDisplayName() : $share->getSharedBy(),
-			// recipient permissions
-			'permissions' => $share->getPermissions(),
-			// current user permissions on this share
-			'can_edit' => $this->canEditShare($share),
-			'can_delete' => $this->canDeleteShare($share),
-			'stime' => $share->getShareTime()->getTimestamp(),
-			'parent' => null,
-			'expiration' => null,
-			'token' => null,
-			'uid_file_owner' => $share->getShareOwner(),
-			'note' => $share->getNote(),
-			'label' => $share->getLabel(),
-			'displayname_file_owner' => $shareOwner !== null ? $shareOwner->getDisplayName() : $share->getShareOwner(),
-		];
-
-		$userFolder = $this->rootFolder->getUserFolder($this->userId);
-		if ($recipientNode) {
-			$node = $recipientNode;
-		} else {
-			$node = $userFolder->getFirstNodeById($share->getNodeId());
-			if (!$node) {
-				// fallback to guessing the path
-				$node = $userFolder->get($share->getTarget());
-				if ($node === null || $share->getTarget() === '') {
-					throw new NotFoundException();
-				}
-			}
-		}
-
-		$result['path'] = $userFolder->getRelativePath($node->getPath());
-		if ($node instanceof Folder) {
-			$result['item_type'] = 'folder';
-		} else {
-			$result['item_type'] = 'file';
-		}
-
-		// Get the original node permission if the share owner is the current user
-		if ($isOwnShare) {
-			$result['item_permissions'] = $node->getPermissions();
-		}
-
-		// If we're on the recipient side, the node permissions
-		// are bound to the share permissions. So we need to
-		// adjust the permissions to the share permissions if necessary.
-		if (!$isOwnShare) {
-			$result['item_permissions'] = $share->getPermissions();
-
-			// For some reason, single files share are forbidden to have the delete permission
-			// since we have custom methods to check those, let's adjust straight away.
-			// DAV permissions does not have that issue though.
-			if ($this->canDeleteShare($share) || $this->canDeleteShareFromSelf($share)) {
-				$result['item_permissions'] |= Constants::PERMISSION_DELETE;
-			}
-			if ($this->canEditShare($share)) {
-				$result['item_permissions'] |= Constants::PERMISSION_UPDATE;
-			}
-		}
-
-		// See MOUNT_ROOT_PROPERTYNAME dav property
-		$result['is-mount-root'] = $node->getInternalPath() === '';
-		$result['mount-type'] = $node->getMountPoint()->getMountType();
-
-		$result['mimetype'] = $node->getMimetype();
-		$result['has_preview'] = $this->previewManager->isAvailable($node);
-		$result['storage_id'] = $node->getStorage()->getId();
-		$result['storage'] = $node->getStorage()->getCache()->getNumericStorageId();
-		$result['item_source'] = $node->getId();
-		$result['file_source'] = $node->getId();
-		$result['file_parent'] = $node->getParent()->getId();
-		$result['file_target'] = $share->getTarget();
-		$result['item_size'] = $node->getSize();
-		$result['item_mtime'] = $node->getMTime();
-
-		$expiration = $share->getExpirationDate();
-		if ($expiration !== null) {
-			$expiration->setTimezone($this->dateTimeZone->getTimeZone());
-			$result['expiration'] = $expiration->format('Y-m-d 00:00:00');
-		}
-
-		if ($share->getShareType() === IShare::TYPE_USER) {
-			$sharedWith = $this->userManager->get($share->getSharedWith());
-			$result['share_with'] = $share->getSharedWith();
-			$result['share_with_displayname'] = $sharedWith !== null ? $sharedWith->getDisplayName() : $share->getSharedWith();
-			$result['share_with_displayname_unique'] = $sharedWith !== null ? (
-				!empty($sharedWith->getSystemEMailAddress()) ? $sharedWith->getSystemEMailAddress() : $sharedWith->getUID()
-			) : $share->getSharedWith();
-
-			$userStatuses = $this->userStatusManager->getUserStatuses([$share->getSharedWith()]);
-			$userStatus = array_shift($userStatuses);
-			if ($userStatus) {
-				$result['status'] = [
-					'status' => $userStatus->getStatus(),
-					'message' => $userStatus->getMessage(),
-					'icon' => $userStatus->getIcon(),
-					'clearAt' => $userStatus->getClearAt()
-						? (int)$userStatus->getClearAt()->format('U')
-						: null,
-				];
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_GROUP) {
-			$group = $this->groupManager->get($share->getSharedWith());
-			$result['share_with'] = $share->getSharedWith();
-			$result['share_with_displayname'] = $group !== null ? $group->getDisplayName() : $share->getSharedWith();
-		} elseif ($share->getShareType() === IShare::TYPE_LINK) {
-
-			// "share_with" and "share_with_displayname" for passwords of link
-			// shares was deprecated in Nextcloud 15, use "password" instead.
-			$result['share_with'] = $share->getPassword();
-			$result['share_with_displayname'] = '(' . $this->l->t('Shared link') . ')';
-
-			$result['password'] = $share->getPassword();
-
-			$result['send_password_by_talk'] = $share->getSendPasswordByTalk();
-
-			$result['token'] = $share->getToken();
-			$result['url'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $share->getToken()]);
-		} elseif ($share->getShareType() === IShare::TYPE_REMOTE) {
-			$result['share_with'] = $share->getSharedWith();
-			$result['share_with_displayname'] = $this->getCachedFederatedDisplayName($share->getSharedWith());
-			$result['token'] = $share->getToken();
-		} elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
-			$result['share_with'] = $share->getSharedWith();
-			$result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'CLOUD');
-			$result['token'] = $share->getToken();
-		} elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
-			$result['share_with'] = $share->getSharedWith();
-			$result['password'] = $share->getPassword();
-			$result['password_expiration_time'] = $share->getPasswordExpirationTime() !== null ? $share->getPasswordExpirationTime()->format(\DateTime::ATOM) : null;
-			$result['send_password_by_talk'] = $share->getSendPasswordByTalk();
-			$result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'EMAIL');
-			$result['token'] = $share->getToken();
-		} elseif ($share->getShareType() === IShare::TYPE_CIRCLE) {
-			// getSharedWith() returns either "name (type, owner)" or
-			// "name (type, owner) [id]", depending on the Teams app version.
-			$hasCircleId = (substr($share->getSharedWith(), -1) === ']');
-
-			$result['share_with_displayname'] = $share->getSharedWithDisplayName();
-			if (empty($result['share_with_displayname'])) {
-				$displayNameLength = ($hasCircleId ? strrpos($share->getSharedWith(), ' ') : strlen($share->getSharedWith()));
-				$result['share_with_displayname'] = substr($share->getSharedWith(), 0, $displayNameLength);
-			}
-
-			$result['share_with_avatar'] = $share->getSharedWithAvatar();
-
-			$shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
-			$shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
-			if ($shareWithLength === false) {
-				$result['share_with'] = substr($share->getSharedWith(), $shareWithStart);
-			} else {
-				$result['share_with'] = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_ROOM) {
-			$result['share_with'] = $share->getSharedWith();
-			$result['share_with_displayname'] = '';
-
-			try {
-				/** @var array{share_with_displayname: string, share_with_link: string, share_with?: string, token?: string} $roomShare */
-				$roomShare = $this->getRoomShareHelper()->formatShare($share);
-				$result = array_merge($result, $roomShare);
-			} catch (ContainerExceptionInterface $e) {
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_DECK) {
-			$result['share_with'] = $share->getSharedWith();
-			$result['share_with_displayname'] = '';
-
-			try {
-				/** @var array{share_with: string, share_with_displayname: string, share_with_link: string} $deckShare */
-				$deckShare = $this->getDeckShareHelper()->formatShare($share);
-				$result = array_merge($result, $deckShare);
-			} catch (ContainerExceptionInterface $e) {
-			}
-		} elseif ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
-			$result['share_with'] = $share->getSharedWith();
-			$result['share_with_displayname'] = '';
-
-			try {
-				/** @var array{share_with: string, share_with_displayname: string, token: string} $scienceMeshShare */
-				$scienceMeshShare = $this->getSciencemeshShareHelper()->formatShare($share);
-				$result = array_merge($result, $scienceMeshShare);
-			} catch (ContainerExceptionInterface $e) {
-			}
-		}
-
-
-		$result['mail_send'] = $share->getMailSend() ? 1 : 0;
-		$result['hide_download'] = $share->getHideDownload() ? 1 : 0;
-
-		$result['attributes'] = null;
-		if ($attributes = $share->getAttributes()) {
-			$result['attributes'] = (string)\json_encode($attributes->toArray());
-		}
-
-		return $result;
-	}
-
-	/**
-	 * Check if one of the users address books knows the exact property, if
-	 * not we return the full name.
-	 *
-	 * @param string $query
-	 * @param string $property
-	 * @return string
-	 */
-	private function getDisplayNameFromAddressBook(string $query, string $property): string {
-		// FIXME: If we inject the contacts manager it gets initialized before any address books are registered
-		try {
-			$result = Server::get(\OCP\Contacts\IManager::class)->search($query, [$property], [
-				'limit' => 1,
-				'enumeration' => false,
-				'strict_search' => true,
-			]);
-		} catch (Exception $e) {
-			$this->logger->error(
-				$e->getMessage(),
-				['exception' => $e]
-			);
-			return $query;
-		}
-
-		foreach ($result as $r) {
-			foreach ($r[$property] as $value) {
-				if ($value === $query && $r['FN']) {
-					return $r['FN'];
-				}
-			}
-		}
-
-		return $query;
-	}
-
-
-	/**
-	 * @param list<Files_SharingShare> $shares
-	 * @param array<string, string>|null $updatedDisplayName
-	 *
-	 * @return list<Files_SharingShare>
-	 */
-	private function fixMissingDisplayName(array $shares, ?array $updatedDisplayName = null): array {
-		$userIds = $updated = [];
-		foreach ($shares as $share) {
-			// share is federated and share have no display name yet
-			if ($share['share_type'] === IShare::TYPE_REMOTE
-				&& ($share['share_with'] ?? '') !== ''
-				&& ($share['share_with_displayname'] ?? '') === '') {
-				$userIds[] = $userId = $share['share_with'];
-
-				if ($updatedDisplayName !== null && array_key_exists($userId, $updatedDisplayName)) {
-					$share['share_with_displayname'] = $updatedDisplayName[$userId];
-				}
-			}
-
-			// prepping userIds with displayName to be updated
-			$updated[] = $share;
-		}
-
-		// if $updatedDisplayName is not null, it means we should have already fixed displayNames of the shares
-		if ($updatedDisplayName !== null) {
-			return $updated;
-		}
-
-		// get displayName for the generated list of userId with no displayName
-		$displayNames = $this->retrieveFederatedDisplayName($userIds);
-
-		// if no displayName are updated, we exit
-		if (empty($displayNames)) {
-			return $updated;
-		}
-
-		// let's fix missing display name and returns all shares
-		return $this->fixMissingDisplayName($shares, $displayNames);
-	}
-
-
-	/**
-	 * get displayName of a list of userIds from the lookup-server; through the globalsiteselector app.
-	 * returns an array with userIds as keys and displayName as values.
-	 *
-	 * @param array $userIds
-	 * @param bool $cacheOnly - do not reach LUS, get data from cache.
-	 *
-	 * @return array
-	 * @throws ContainerExceptionInterface
-	 */
-	private function retrieveFederatedDisplayName(array $userIds, bool $cacheOnly = false): array {
-		// check if gss is enabled and available
-		if (count($userIds) === 0
-			|| !$this->appManager->isEnabledForAnyone('globalsiteselector')
-			|| !class_exists('\OCA\GlobalSiteSelector\Service\SlaveService')) {
-			return [];
-		}
-
-		try {
-			$slaveService = Server::get(SlaveService::class);
-		} catch (\Throwable $e) {
-			$this->logger->error(
-				$e->getMessage(),
-				['exception' => $e]
-			);
-			return [];
-		}
-
-		return $slaveService->getUsersDisplayName($userIds, $cacheOnly);
-	}
-
-
-	/**
-	 * retrieve displayName from cache if available (should be used on federated shares)
-	 * if not available in cache/lus, try for get from address-book, else returns empty string.
-	 *
-	 * @param string $userId
-	 * @param bool $cacheOnly if true will not reach the lus but will only get data from cache
-	 *
-	 * @return string
-	 */
-	private function getCachedFederatedDisplayName(string $userId, bool $cacheOnly = true): string {
-		$details = $this->retrieveFederatedDisplayName([$userId], $cacheOnly);
-		if (array_key_exists($userId, $details)) {
-			return $details[$userId];
-		}
-
-		$displayName = $this->getDisplayNameFromAddressBook($userId, 'CLOUD');
-		return ($displayName === $userId) ? '' : $displayName;
-	}
-
-
-
-	/**
-	 * Get a specific share by id
-	 *
-	 * @param string $id ID of the share
-	 * @param bool $include_tags Include tags in the share
-	 * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
-	 * @throws OCSNotFoundException Share not found
-	 *
-	 * 200: Share returned
-	 */
-	#[NoAdminRequired]
-	public function getShare(string $id, bool $include_tags = false): DataResponse {
-		try {
-			$share = $this->getShareById($id);
-		} catch (ShareNotFound $e) {
-			throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
-		}
-
-		try {
-			if ($this->canAccessShare($share)) {
-				$share = $this->formatShare($share);
-
-				if ($include_tags) {
-					$share = $this->populateTags([$share]);
-				} else {
-					$share = [$share];
-				}
-
-				return new DataResponse($share);
-			}
-		} catch (NotFoundException $e) {
-			// Fall through
-		}
-
-		throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
-	}
-
-	/**
-	 * Delete a share
-	 *
-	 * @param string $id ID of the share
-	 * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
-	 * @throws OCSNotFoundException Share not found
-	 * @throws OCSForbiddenException Missing permissions to delete the share
-	 *
-	 * 200: Share deleted successfully
-	 */
-	#[NoAdminRequired]
-	public function deleteShare(string $id): DataResponse {
-		try {
-			$share = $this->getShareById($id);
-		} catch (ShareNotFound $e) {
-			throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
-		}
-
-		try {
-			$this->lock($share->getNode());
-		} catch (LockedException $e) {
-			throw new OCSNotFoundException($this->l->t('Could not delete share'));
-		}
-
-		if (!$this->canAccessShare($share)) {
-			throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
-		}
-
-		// if it's a group share or a room share
-		// we don't delete the share, but only the
-		// mount point. Allowing it to be restored
-		// from the deleted shares
-		if ($this->canDeleteShareFromSelf($share)) {
-			$this->shareManager->deleteFromSelf($share, $this->userId);
-		} else {
-			if (!$this->canDeleteShare($share)) {
-				throw new OCSForbiddenException($this->l->t('Could not delete share'));
-			}
-
-			$this->shareManager->deleteShare($share);
-		}
-
-		return new DataResponse();
-	}
-
-	/**
-	 * Create a share
-	 *
-	 * @param string|null $path Path of the share
-	 * @param int|null $permissions Permissions for the share
-	 * @param int $shareType Type of the share
-	 * @param ?string $shareWith The entity this should be shared with
-	 * @param 'true'|'false'|null $publicUpload If public uploading is allowed (deprecated)
-	 * @param string $password Password for the share
-	 * @param string|null $sendPasswordByTalk Send the password for the share over Talk
-	 * @param ?string $expireDate The expiry date of the share in the user's timezone at 00:00.
-	 *                            If $expireDate is not supplied or set to `null`, the system default will be used.
-	 * @param string $note Note for the share
-	 * @param string $label Label for the share (only used in link and email)
-	 * @param string|null $attributes Additional attributes for the share
-	 * @param 'false'|'true'|null $sendMail Send a mail to the recipient
-	 *
-	 * @return DataResponse<Http::STATUS_OK, Files_SharingShare, array{}>
-	 * @throws OCSBadRequestException Unknown share type
-	 * @throws OCSException
-	 * @throws OCSForbiddenException Creating the share is not allowed
-	 * @throws OCSNotFoundException Creating the share failed
-	 * @suppress PhanUndeclaredClassMethod
-	 *
-	 * 200: Share created
-	 */
-	#[NoAdminRequired]
-	#[UserRateLimit(limit: 20, period: 600)]
-	public function createShare(
-		?string $path = null,
-		?int $permissions = null,
-		int $shareType = -1,
-		?string $shareWith = null,
-		?string $publicUpload = null,
-		string $password = '',
-		?string $sendPasswordByTalk = null,
-		?string $expireDate = null,
-		string $note = '',
-		string $label = '',
-		?string $attributes = null,
-		?string $sendMail = null,
-	): DataResponse {
-		assert($this->userId !== null);
-
-		$share = $this->shareManager->newShare();
-		$hasPublicUpload = $this->getLegacyPublicUpload($publicUpload);
-
-		// Verify path
-		if ($path === null) {
-			throw new OCSNotFoundException($this->l->t('Please specify a file or folder path'));
-		}
-
-		$userFolder = $this->rootFolder->getUserFolder($this->userId);
-		try {
-			/** @var \OC\Files\Node\Node $node */
-			$node = $userFolder->get($path);
-		} catch (NotFoundException $e) {
-			throw new OCSNotFoundException($this->l->t('Wrong path, file/folder does not exist'));
-		}
-
-		// a user can have access to a file through different paths, with differing permissions
-		// combine all permissions to determine if the user can share this file
-		$nodes = $userFolder->getById($node->getId());
-		foreach ($nodes as $nodeById) {
-			/** @var FileInfo $fileInfo */
-			$fileInfo = $node->getFileInfo();
-			$fileInfo['permissions'] |= $nodeById->getPermissions();
-		}
-
-		$share->setNode($node);
-
-		try {
-			$this->lock($share->getNode());
-		} catch (LockedException $e) {
-			throw new OCSNotFoundException($this->l->t('Could not create share'));
-		}
-
-		// Set permissions
-		if ($shareType === IShare::TYPE_LINK || $shareType === IShare::TYPE_EMAIL) {
-			$permissions = $this->getLinkSharePermissions($permissions, $hasPublicUpload);
-			$this->validateLinkSharePermissions($node, $permissions, $hasPublicUpload);
-		} else {
-			// Use default permissions only for non-link shares to keep legacy behavior
-			if ($permissions === null) {
-				$permissions = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL);
-			}
-			// Non-link shares always require read permissions (link shares could be file drop)
-			$permissions |= Constants::PERMISSION_READ;
-		}
-
-		// For legacy reasons the API allows to pass PERMISSIONS_ALL even for single file shares (I look at you Talk)
-		if ($node instanceof File) {
-			// if this is a single file share we remove the DELETE and CREATE permissions
-			$permissions = $permissions & ~(Constants::PERMISSION_DELETE | Constants::PERMISSION_CREATE);
-		}
-
-		/**
-		 * Hack for https://github.com/owncloud/core/issues/22587
-		 * We check the permissions via webdav. But the permissions of the mount point
-		 * do not equal the share permissions. Here we fix that for federated mounts.
-		 */
-		if ($node->getStorage()->instanceOfStorage(Storage::class)) {
-			$permissions &= ~($permissions & ~$node->getPermissions());
-		}
-
-		if ($attributes !== null) {
-			$share = $this->setShareAttributes($share, $attributes);
-		}
-
-		// Expire date checks
-		// Normally, null means no expiration date but we still set the default for backwards compatibility
-		// If the client sends an empty string, we set noExpirationDate to true
-		if ($expireDate !== null) {
-			if ($expireDate !== '') {
-				try {
-					$expireDateTime = $this->parseDate($expireDate);
-					$share->setExpirationDate($expireDateTime);
-				} catch (\Exception $e) {
-					throw new OCSNotFoundException($e->getMessage(), $e);
-				}
-			} else {
-				// Client sent empty string for expire date.
-				// Set noExpirationDate to true so overwrite is prevented.
-				$share->setNoExpirationDate(true);
-			}
-		}
-
-		$share->setSharedBy($this->userId);
-
-		// Handle mail send
-		if (is_null($sendMail)) {
-			$allowSendMail = $this->config->getSystemValueBool('sharing.enable_share_mail', true);
-			if ($allowSendMail !== true || $shareType === IShare::TYPE_EMAIL) {
-				// Define a default behavior when sendMail is not provided
-				// For email shares with a valid recipient, the default is to send the mail
-				// For all other share types, the default is to not send the mail
-				$allowSendMail = ($shareType === IShare::TYPE_EMAIL && $shareWith !== null && $shareWith !== '');
-			}
-			$share->setMailSend($allowSendMail);
-		} else {
-			$share->setMailSend($sendMail === 'true');
-		}
-
-		if ($shareType === IShare::TYPE_USER) {
-			// Valid user is required to share
-			if ($shareWith === null || !$this->userManager->userExists($shareWith)) {
-				throw new OCSNotFoundException($this->l->t('Please specify a valid account to share with'));
-			}
-			$share->setSharedWith($shareWith);
-			$share->setPermissions($permissions);
-		} elseif ($shareType === IShare::TYPE_GROUP) {
-			if (!$this->shareManager->allowGroupSharing()) {
-				throw new OCSNotFoundException($this->l->t('Group sharing is disabled by the administrator'));
-			}
-
-			// Valid group is required to share
-			if ($shareWith === null || !$this->groupManager->groupExists($shareWith)) {
-				throw new OCSNotFoundException($this->l->t('Please specify a valid group'));
-			}
-			$share->setSharedWith($shareWith);
-			$share->setPermissions($permissions);
-		} elseif ($shareType === IShare::TYPE_LINK
-			|| $shareType === IShare::TYPE_EMAIL) {
-
-			// Can we even share links?
-			if (!$this->shareManager->shareApiAllowLinks()) {
-				throw new OCSNotFoundException($this->l->t('Public link sharing is disabled by the administrator'));
-			}
-
-			$this->validateLinkSharePermissions($node, $permissions, $hasPublicUpload);
-			$share->setPermissions($permissions);
-
-			// Set password
-			if ($password !== '') {
-				$share->setPassword($password);
-			}
-
-			// Only share by mail have a recipient
-			if (is_string($shareWith) && $shareType === IShare::TYPE_EMAIL) {
-				// If sending a mail have been requested, validate the mail address
-				if ($share->getMailSend() && !$this->mailer->validateMailAddress($shareWith)) {
-					throw new OCSNotFoundException($this->l->t('Please specify a valid email address'));
-				}
-				$share->setSharedWith($shareWith);
-			}
-
-			// If we have a label, use it
-			if ($label !== '') {
-				if (strlen($label) > 255) {
-					throw new OCSBadRequestException('Maximum label length is 255');
-				}
-				$share->setLabel($label);
-			}
-
-			if ($sendPasswordByTalk === 'true') {
-				if (!$this->appManager->isEnabledForUser('spreed')) {
-					throw new OCSForbiddenException($this->l->t('Sharing %s sending the password by Nextcloud Talk failed because Nextcloud Talk is not enabled', [$node->getPath()]));
-				}
-
-				$share->setSendPasswordByTalk(true);
-			}
-		} elseif ($shareType === IShare::TYPE_REMOTE) {
-			if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
-				throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType]));
-			}
-
-			if ($shareWith === null) {
-				throw new OCSNotFoundException($this->l->t('Please specify a valid federated account ID'));
-			}
-
-			$share->setSharedWith($shareWith);
-			$share->setPermissions($permissions);
-			$share->setSharedWithDisplayName($this->getCachedFederatedDisplayName($shareWith, false));
-		} elseif ($shareType === IShare::TYPE_REMOTE_GROUP) {
-			if (!$this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
-				throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType]));
-			}
-
-			if ($shareWith === null) {
-				throw new OCSNotFoundException($this->l->t('Please specify a valid federated group ID'));
-			}
-
-			$share->setSharedWith($shareWith);
-			$share->setPermissions($permissions);
-		} elseif ($shareType === IShare::TYPE_CIRCLE) {
-			if (!Server::get(IAppManager::class)->isEnabledForUser('circles') || !class_exists('\OCA\Circles\ShareByCircleProvider')) {
-				throw new OCSNotFoundException($this->l->t('You cannot share to a Team if the app is not enabled'));
-			}
-
-			$circle = Circles::detailsCircle($shareWith);
-
-			// Valid team is required to share
-			if ($circle === null) {
-				throw new OCSNotFoundException($this->l->t('Please specify a valid team'));
-			}
-			$share->setSharedWith($shareWith);
-			$share->setPermissions($permissions);
-		} elseif ($shareType === IShare::TYPE_ROOM) {
-			try {
-				$this->getRoomShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
-			} catch (ContainerExceptionInterface $e) {
-				throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()]));
-			}
-		} elseif ($shareType === IShare::TYPE_DECK) {
-			try {
-				$this->getDeckShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
-			} catch (ContainerExceptionInterface $e) {
-				throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()]));
-			}
-		} elseif ($shareType === IShare::TYPE_SCIENCEMESH) {
-			try {
-				$this->getSciencemeshShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
-			} catch (ContainerExceptionInterface $e) {
-				throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support ScienceMesh shares', [$node->getPath()]));
-			}
-		} else {
-			throw new OCSBadRequestException($this->l->t('Unknown share type'));
-		}
-
-		$share->setShareType($shareType);
-		$this->checkInheritedAttributes($share);
-
-		if ($note !== '') {
-			$share->setNote($note);
-		}
-
-		try {
-			$share = $this->shareManager->createShare($share);
-		} catch (HintException $e) {
-			$code = $e->getCode() === 0 ? 403 : $e->getCode();
-			throw new OCSException($e->getHint(), $code);
-		} catch (GenericShareException|\InvalidArgumentException $e) {
-			$this->logger->error($e->getMessage(), ['exception' => $e]);
-			throw new OCSForbiddenException($e->getMessage(), $e);
-		} catch (\Exception $e) {
-			$this->logger->error($e->getMessage(), ['exception' => $e]);
-			throw new OCSForbiddenException('Failed to create share.', $e);
-		}
-
-		$output = $this->formatShare($share);
-
-		return new DataResponse($output);
-	}
-
-	/**
-	 * @param null|Node $node
-	 * @param boolean $includeTags
-	 *
-	 * @return list<Files_SharingShare>
-	 */
-	private function getSharedWithMe($node, bool $includeTags): array {
-		$userShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_USER, $node, -1, 0);
-		$groupShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_GROUP, $node, -1, 0);
-		$circleShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_CIRCLE, $node, -1, 0);
-		$roomShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_ROOM, $node, -1, 0);
-		$deckShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_DECK, $node, -1, 0);
-		$sciencemeshShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_SCIENCEMESH, $node, -1, 0);
-
-		$shares = array_merge($userShares, $groupShares, $circleShares, $roomShares, $deckShares, $sciencemeshShares);
-
-		$filteredShares = array_filter($shares, function (IShare $share) {
-			return $share->getShareOwner() !== $this->userId;
-		});
-
-		$formatted = [];
-		foreach ($filteredShares as $share) {
-			if ($this->canAccessShare($share)) {
-				try {
-					$formatted[] = $this->formatShare($share);
-				} catch (NotFoundException $e) {
-					// Ignore this share
-				}
-			}
-		}
-
-		if ($includeTags) {
-			$formatted = $this->populateTags($formatted);
-		}
-
-		return $formatted;
-	}
-
-	/**
-	 * @param Node $folder
-	 *
-	 * @return list<Files_SharingShare>
-	 * @throws OCSBadRequestException
-	 * @throws NotFoundException
-	 */
-	private function getSharesInDir(Node $folder): array {
-		if (!($folder instanceof Folder)) {
-			throw new OCSBadRequestException($this->l->t('Not a directory'));
-		}
-
-		$nodes = $folder->getDirectoryListing();
-
-		/** @var IShare[] $shares */
-		$shares = array_reduce($nodes, function ($carry, $node) {
-			$carry = array_merge($carry, $this->getAllShares($node, true));
-			return $carry;
-		}, []);
-
-		// filter out duplicate shares
-		$known = [];
-
-		$formatted = $miniFormatted = [];
-		$resharingRight = false;
-		$known = [];
-		foreach ($shares as $share) {
-			if (in_array($share->getId(), $known) || $share->getSharedWith() === $this->userId) {
-				continue;
-			}
-
-			try {
-				$format = $this->formatShare($share);
-
-				$known[] = $share->getId();
-				$formatted[] = $format;
-				if ($share->getSharedBy() === $this->userId) {
-					$miniFormatted[] = $format;
-				}
-				if (!$resharingRight && $this->shareProviderResharingRights($this->userId, $share, $folder)) {
-					$resharingRight = true;
-				}
-			} catch (\Exception $e) {
-				//Ignore this share
-			}
-		}
-
-		if (!$resharingRight) {
-			$formatted = $miniFormatted;
-		}
-
-		return $formatted;
-	}
-
-	/**
-	 * Get shares of the current user
-	 *
-	 * @param string $shared_with_me Only get shares with the current user
-	 * @param string $reshares Only get shares by the current user and reshares
-	 * @param string $subfiles Only get all shares in a folder
-	 * @param string $path Get shares for a specific path
-	 * @param string $include_tags Include tags in the share
-	 *
-	 * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
-	 * @throws OCSNotFoundException The folder was not found or is inaccessible
-	 *
-	 * 200: Shares returned
-	 */
-	#[NoAdminRequired]
-	public function getShares(
-		string $shared_with_me = 'false',
-		string $reshares = 'false',
-		string $subfiles = 'false',
-		string $path = '',
-		string $include_tags = 'false',
-	): DataResponse {
-		$node = null;
-		if ($path !== '') {
-			$userFolder = $this->rootFolder->getUserFolder($this->userId);
-			try {
-				$node = $userFolder->get($path);
-				$this->lock($node);
-			} catch (NotFoundException $e) {
-				throw new OCSNotFoundException(
-					$this->l->t('Wrong path, file/folder does not exist')
-				);
-			} catch (LockedException $e) {
-				throw new OCSNotFoundException($this->l->t('Could not lock node'));
-			}
-		}
-
-		$shares = $this->getFormattedShares(
-			$this->userId,
-			$node,
-			($shared_with_me === 'true'),
-			($reshares === 'true'),
-			($subfiles === 'true'),
-			($include_tags === 'true')
-		);
-
-		return new DataResponse($shares);
-	}
-
-	private function getLinkSharePermissions(?int $permissions, ?bool $legacyPublicUpload): int {
-		$permissions = $permissions ?? Constants::PERMISSION_READ;
-
-		// Legacy option handling
-		if ($legacyPublicUpload !== null) {
-			$permissions = $legacyPublicUpload
-				? (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE)
-				: Constants::PERMISSION_READ;
-		}
-
-		if ($this->hasPermission($permissions, Constants::PERMISSION_READ)
-			&& $this->shareManager->outgoingServer2ServerSharesAllowed()
-			&& $this->appConfig->getValueBool('core', ConfigLexicon::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES)) {
-			$permissions |= Constants::PERMISSION_SHARE;
-		}
-
-		return $permissions;
-	}
-
-	/**
-	 * Helper to check for legacy "publicUpload" handling.
-	 * If the value is set to `true` or `false` then true or false are returned.
-	 * Otherwise null is returned to indicate that the option was not (or wrong) set.
-	 *
-	 * @param null|string $legacyPublicUpload The value of `publicUpload`
-	 */
-	private function getLegacyPublicUpload(?string $legacyPublicUpload): ?bool {
-		if ($legacyPublicUpload === 'true') {
-			return true;
-		} elseif ($legacyPublicUpload === 'false') {
-			return false;
-		}
-		// Not set at all
-		return null;
-	}
-
-	/**
-	 * For link and email shares validate that only allowed combinations are set.
-	 *
-	 * @throw OCSBadRequestException If permission combination is invalid.
-	 * @throw OCSForbiddenException If public upload was forbidden by the administrator.
-	 */
-	private function validateLinkSharePermissions(Node $node, int $permissions, ?bool $legacyPublicUpload): void {
-		if ($legacyPublicUpload && ($node instanceof File)) {
-			throw new OCSBadRequestException($this->l->t('Public upload is only possible for publicly shared folders'));
-		}
-
-		// We need at least READ or CREATE (file drop)
-		if (!$this->hasPermission($permissions, Constants::PERMISSION_READ)
-			&& !$this->hasPermission($permissions, Constants::PERMISSION_CREATE)) {
-			throw new OCSBadRequestException($this->l->t('Share must at least have READ or CREATE permissions'));
-		}
-
-		// UPDATE and DELETE require a READ permission
-		if (!$this->hasPermission($permissions, Constants::PERMISSION_READ)
-			&& ($this->hasPermission($permissions, Constants::PERMISSION_UPDATE) || $this->hasPermission($permissions, Constants::PERMISSION_DELETE))) {
-			throw new OCSBadRequestException($this->l->t('Share must have READ permission if UPDATE or DELETE permission is set'));
-		}
-
-		// Check if public uploading was disabled
-		if ($this->hasPermission($permissions, Constants::PERMISSION_CREATE)
-			&& !$this->shareManager->shareApiLinkAllowPublicUpload()) {
-			throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
-		}
-	}
-
-	/**
-	 * @param string $viewer
-	 * @param Node $node
-	 * @param bool $sharedWithMe
-	 * @param bool $reShares
-	 * @param bool $subFiles
-	 * @param bool $includeTags
-	 *
-	 * @return list<Files_SharingShare>
-	 * @throws NotFoundException
-	 * @throws OCSBadRequestException
-	 */
-	private function getFormattedShares(
-		string $viewer,
-		$node = null,
-		bool $sharedWithMe = false,
-		bool $reShares = false,
-		bool $subFiles = false,
-		bool $includeTags = false,
-	): array {
-		if ($sharedWithMe) {
-			return $this->getSharedWithMe($node, $includeTags);
-		}
-
-		if ($subFiles) {
-			return $this->getSharesInDir($node);
-		}
-
-		$shares = $this->getSharesFromNode($viewer, $node, $reShares);
-
-		$known = $formatted = $miniFormatted = [];
-		$resharingRight = false;
-		foreach ($shares as $share) {
-			try {
-				$share->getNode();
-			} catch (NotFoundException $e) {
-				/*
+    private ?Node $lockedNode = null;
+
+    /**
+     * Share20OCS constructor.
+     */
+    public function __construct(
+        string $appName,
+        IRequest $request,
+        private IManager $shareManager,
+        private IGroupManager $groupManager,
+        private IUserManager $userManager,
+        private IRootFolder $rootFolder,
+        private IURLGenerator $urlGenerator,
+        private IL10N $l,
+        private IConfig $config,
+        private IAppConfig $appConfig,
+        private IAppManager $appManager,
+        private ContainerInterface $serverContainer,
+        private IUserStatusManager $userStatusManager,
+        private IPreview $previewManager,
+        private IDateTimeZone $dateTimeZone,
+        private LoggerInterface $logger,
+        private IProviderFactory $factory,
+        private IMailer $mailer,
+        private ITagManager $tagManager,
+        private ?string $userId = null,
+    ) {
+        parent::__construct($appName, $request);
+    }
+
+    /**
+     * Convert an IShare to an array for OCS output
+     *
+     * @param IShare $share
+     * @param Node|null $recipientNode
+     * @return Files_SharingShare
+     * @throws NotFoundException In case the node can't be resolved.
+     *
+     * @suppress PhanUndeclaredClassMethod
+     */
+    protected function formatShare(IShare $share, ?Node $recipientNode = null): array {
+        $sharedBy = $this->userManager->get($share->getSharedBy());
+        $shareOwner = $this->userManager->get($share->getShareOwner());
+
+        $isOwnShare = false;
+        if ($shareOwner !== null) {
+            $isOwnShare = $shareOwner->getUID() === $this->userId;
+        }
+
+        $result = [
+            'id' => $share->getId(),
+            'share_type' => $share->getShareType(),
+            'uid_owner' => $share->getSharedBy(),
+            'displayname_owner' => $sharedBy !== null ? $sharedBy->getDisplayName() : $share->getSharedBy(),
+            // recipient permissions
+            'permissions' => $share->getPermissions(),
+            // current user permissions on this share
+            'can_edit' => $this->canEditShare($share),
+            'can_delete' => $this->canDeleteShare($share),
+            'stime' => $share->getShareTime()->getTimestamp(),
+            'parent' => null,
+            'expiration' => null,
+            'token' => null,
+            'uid_file_owner' => $share->getShareOwner(),
+            'note' => $share->getNote(),
+            'label' => $share->getLabel(),
+            'displayname_file_owner' => $shareOwner !== null ? $shareOwner->getDisplayName() : $share->getShareOwner(),
+        ];
+
+        $userFolder = $this->rootFolder->getUserFolder($this->userId);
+        if ($recipientNode) {
+            $node = $recipientNode;
+        } else {
+            $node = $userFolder->getFirstNodeById($share->getNodeId());
+            if (!$node) {
+                // fallback to guessing the path
+                $node = $userFolder->get($share->getTarget());
+                if ($node === null || $share->getTarget() === '') {
+                    throw new NotFoundException();
+                }
+            }
+        }
+
+        $result['path'] = $userFolder->getRelativePath($node->getPath());
+        if ($node instanceof Folder) {
+            $result['item_type'] = 'folder';
+        } else {
+            $result['item_type'] = 'file';
+        }
+
+        // Get the original node permission if the share owner is the current user
+        if ($isOwnShare) {
+            $result['item_permissions'] = $node->getPermissions();
+        }
+
+        // If we're on the recipient side, the node permissions
+        // are bound to the share permissions. So we need to
+        // adjust the permissions to the share permissions if necessary.
+        if (!$isOwnShare) {
+            $result['item_permissions'] = $share->getPermissions();
+
+            // For some reason, single files share are forbidden to have the delete permission
+            // since we have custom methods to check those, let's adjust straight away.
+            // DAV permissions does not have that issue though.
+            if ($this->canDeleteShare($share) || $this->canDeleteShareFromSelf($share)) {
+                $result['item_permissions'] |= Constants::PERMISSION_DELETE;
+            }
+            if ($this->canEditShare($share)) {
+                $result['item_permissions'] |= Constants::PERMISSION_UPDATE;
+            }
+        }
+
+        // See MOUNT_ROOT_PROPERTYNAME dav property
+        $result['is-mount-root'] = $node->getInternalPath() === '';
+        $result['mount-type'] = $node->getMountPoint()->getMountType();
+
+        $result['mimetype'] = $node->getMimetype();
+        $result['has_preview'] = $this->previewManager->isAvailable($node);
+        $result['storage_id'] = $node->getStorage()->getId();
+        $result['storage'] = $node->getStorage()->getCache()->getNumericStorageId();
+        $result['item_source'] = $node->getId();
+        $result['file_source'] = $node->getId();
+        $result['file_parent'] = $node->getParent()->getId();
+        $result['file_target'] = $share->getTarget();
+        $result['item_size'] = $node->getSize();
+        $result['item_mtime'] = $node->getMTime();
+
+        $expiration = $share->getExpirationDate();
+        if ($expiration !== null) {
+            $expiration->setTimezone($this->dateTimeZone->getTimeZone());
+            $result['expiration'] = $expiration->format('Y-m-d 00:00:00');
+        }
+
+        if ($share->getShareType() === IShare::TYPE_USER) {
+            $sharedWith = $this->userManager->get($share->getSharedWith());
+            $result['share_with'] = $share->getSharedWith();
+            $result['share_with_displayname'] = $sharedWith !== null ? $sharedWith->getDisplayName() : $share->getSharedWith();
+            $result['share_with_displayname_unique'] = $sharedWith !== null ? (
+                !empty($sharedWith->getSystemEMailAddress()) ? $sharedWith->getSystemEMailAddress() : $sharedWith->getUID()
+            ) : $share->getSharedWith();
+
+            $userStatuses = $this->userStatusManager->getUserStatuses([$share->getSharedWith()]);
+            $userStatus = array_shift($userStatuses);
+            if ($userStatus) {
+                $result['status'] = [
+                    'status' => $userStatus->getStatus(),
+                    'message' => $userStatus->getMessage(),
+                    'icon' => $userStatus->getIcon(),
+                    'clearAt' => $userStatus->getClearAt()
+                        ? (int)$userStatus->getClearAt()->format('U')
+                        : null,
+                ];
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_GROUP) {
+            $group = $this->groupManager->get($share->getSharedWith());
+            $result['share_with'] = $share->getSharedWith();
+            $result['share_with_displayname'] = $group !== null ? $group->getDisplayName() : $share->getSharedWith();
+        } elseif ($share->getShareType() === IShare::TYPE_LINK) {
+
+            // "share_with" and "share_with_displayname" for passwords of link
+            // shares was deprecated in Nextcloud 15, use "password" instead.
+            $result['share_with'] = $share->getPassword();
+            $result['share_with_displayname'] = '(' . $this->l->t('Shared link') . ')';
+
+            $result['password'] = $share->getPassword();
+
+            $result['send_password_by_talk'] = $share->getSendPasswordByTalk();
+
+            $result['token'] = $share->getToken();
+            $result['url'] = $this->urlGenerator->linkToRouteAbsolute('files_sharing.sharecontroller.showShare', ['token' => $share->getToken()]);
+        } elseif ($share->getShareType() === IShare::TYPE_REMOTE) {
+            $result['share_with'] = $share->getSharedWith();
+            $result['share_with_displayname'] = $this->getCachedFederatedDisplayName($share->getSharedWith());
+            $result['token'] = $share->getToken();
+        } elseif ($share->getShareType() === IShare::TYPE_REMOTE_GROUP) {
+            $result['share_with'] = $share->getSharedWith();
+            $result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'CLOUD');
+            $result['token'] = $share->getToken();
+        } elseif ($share->getShareType() === IShare::TYPE_EMAIL) {
+            $result['share_with'] = $share->getSharedWith();
+            $result['password'] = $share->getPassword();
+            $result['password_expiration_time'] = $share->getPasswordExpirationTime() !== null ? $share->getPasswordExpirationTime()->format(\DateTime::ATOM) : null;
+            $result['send_password_by_talk'] = $share->getSendPasswordByTalk();
+            $result['share_with_displayname'] = $this->getDisplayNameFromAddressBook($share->getSharedWith(), 'EMAIL');
+            $result['token'] = $share->getToken();
+        } elseif ($share->getShareType() === IShare::TYPE_CIRCLE) {
+            // getSharedWith() returns either "name (type, owner)" or
+            // "name (type, owner) [id]", depending on the Teams app version.
+            $hasCircleId = (substr($share->getSharedWith(), -1) === ']');
+
+            $result['share_with_displayname'] = $share->getSharedWithDisplayName();
+            if (empty($result['share_with_displayname'])) {
+                $displayNameLength = ($hasCircleId ? strrpos($share->getSharedWith(), ' ') : strlen($share->getSharedWith()));
+                $result['share_with_displayname'] = substr($share->getSharedWith(), 0, $displayNameLength);
+            }
+
+            $result['share_with_avatar'] = $share->getSharedWithAvatar();
+
+            $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
+            $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
+            if ($shareWithLength === false) {
+                $result['share_with'] = substr($share->getSharedWith(), $shareWithStart);
+            } else {
+                $result['share_with'] = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_ROOM) {
+            $result['share_with'] = $share->getSharedWith();
+            $result['share_with_displayname'] = '';
+
+            try {
+                /** @var array{share_with_displayname: string, share_with_link: string, share_with?: string, token?: string} $roomShare */
+                $roomShare = $this->getRoomShareHelper()->formatShare($share);
+                $result = array_merge($result, $roomShare);
+            } catch (ContainerExceptionInterface $e) {
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_DECK) {
+            $result['share_with'] = $share->getSharedWith();
+            $result['share_with_displayname'] = '';
+
+            try {
+                /** @var array{share_with: string, share_with_displayname: string, share_with_link: string} $deckShare */
+                $deckShare = $this->getDeckShareHelper()->formatShare($share);
+                $result = array_merge($result, $deckShare);
+            } catch (ContainerExceptionInterface $e) {
+            }
+        } elseif ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
+            $result['share_with'] = $share->getSharedWith();
+            $result['share_with_displayname'] = '';
+
+            try {
+                /** @var array{share_with: string, share_with_displayname: string, token: string} $scienceMeshShare */
+                $scienceMeshShare = $this->getSciencemeshShareHelper()->formatShare($share);
+                $result = array_merge($result, $scienceMeshShare);
+            } catch (ContainerExceptionInterface $e) {
+            }
+        }
+
+
+        $result['mail_send'] = $share->getMailSend() ? 1 : 0;
+        $result['hide_download'] = $share->getHideDownload() ? 1 : 0;
+
+        $result['attributes'] = null;
+        if ($attributes = $share->getAttributes()) {
+            $result['attributes'] = (string)\json_encode($attributes->toArray());
+        }
+
+        return $result;
+    }
+
+    /**
+     * Check if one of the users address books knows the exact property, if
+     * not we return the full name.
+     *
+     * @param string $query
+     * @param string $property
+     * @return string
+     */
+    private function getDisplayNameFromAddressBook(string $query, string $property): string {
+        // FIXME: If we inject the contacts manager it gets initialized before any address books are registered
+        try {
+            $result = Server::get(\OCP\Contacts\IManager::class)->search($query, [$property], [
+                'limit' => 1,
+                'enumeration' => false,
+                'strict_search' => true,
+            ]);
+        } catch (Exception $e) {
+            $this->logger->error(
+                $e->getMessage(),
+                ['exception' => $e]
+            );
+            return $query;
+        }
+
+        foreach ($result as $r) {
+            foreach ($r[$property] as $value) {
+                if ($value === $query && $r['FN']) {
+                    return $r['FN'];
+                }
+            }
+        }
+
+        return $query;
+    }
+
+
+    /**
+     * @param list<Files_SharingShare> $shares
+     * @param array<string, string>|null $updatedDisplayName
+     *
+     * @return list<Files_SharingShare>
+     */
+    private function fixMissingDisplayName(array $shares, ?array $updatedDisplayName = null): array {
+        $userIds = $updated = [];
+        foreach ($shares as $share) {
+            // share is federated and share have no display name yet
+            if ($share['share_type'] === IShare::TYPE_REMOTE
+                && ($share['share_with'] ?? '') !== ''
+                && ($share['share_with_displayname'] ?? '') === '') {
+                $userIds[] = $userId = $share['share_with'];
+
+                if ($updatedDisplayName !== null && array_key_exists($userId, $updatedDisplayName)) {
+                    $share['share_with_displayname'] = $updatedDisplayName[$userId];
+                }
+            }
+
+            // prepping userIds with displayName to be updated
+            $updated[] = $share;
+        }
+
+        // if $updatedDisplayName is not null, it means we should have already fixed displayNames of the shares
+        if ($updatedDisplayName !== null) {
+            return $updated;
+        }
+
+        // get displayName for the generated list of userId with no displayName
+        $displayNames = $this->retrieveFederatedDisplayName($userIds);
+
+        // if no displayName are updated, we exit
+        if (empty($displayNames)) {
+            return $updated;
+        }
+
+        // let's fix missing display name and returns all shares
+        return $this->fixMissingDisplayName($shares, $displayNames);
+    }
+
+
+    /**
+     * get displayName of a list of userIds from the lookup-server; through the globalsiteselector app.
+     * returns an array with userIds as keys and displayName as values.
+     *
+     * @param array $userIds
+     * @param bool $cacheOnly - do not reach LUS, get data from cache.
+     *
+     * @return array
+     * @throws ContainerExceptionInterface
+     */
+    private function retrieveFederatedDisplayName(array $userIds, bool $cacheOnly = false): array {
+        // check if gss is enabled and available
+        if (count($userIds) === 0
+            || !$this->appManager->isEnabledForAnyone('globalsiteselector')
+            || !class_exists('\OCA\GlobalSiteSelector\Service\SlaveService')) {
+            return [];
+        }
+
+        try {
+            $slaveService = Server::get(SlaveService::class);
+        } catch (\Throwable $e) {
+            $this->logger->error(
+                $e->getMessage(),
+                ['exception' => $e]
+            );
+            return [];
+        }
+
+        return $slaveService->getUsersDisplayName($userIds, $cacheOnly);
+    }
+
+
+    /**
+     * retrieve displayName from cache if available (should be used on federated shares)
+     * if not available in cache/lus, try for get from address-book, else returns empty string.
+     *
+     * @param string $userId
+     * @param bool $cacheOnly if true will not reach the lus but will only get data from cache
+     *
+     * @return string
+     */
+    private function getCachedFederatedDisplayName(string $userId, bool $cacheOnly = true): string {
+        $details = $this->retrieveFederatedDisplayName([$userId], $cacheOnly);
+        if (array_key_exists($userId, $details)) {
+            return $details[$userId];
+        }
+
+        $displayName = $this->getDisplayNameFromAddressBook($userId, 'CLOUD');
+        return ($displayName === $userId) ? '' : $displayName;
+    }
+
+
+
+    /**
+     * Get a specific share by id
+     *
+     * @param string $id ID of the share
+     * @param bool $include_tags Include tags in the share
+     * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
+     * @throws OCSNotFoundException Share not found
+     *
+     * 200: Share returned
+     */
+    #[NoAdminRequired]
+    public function getShare(string $id, bool $include_tags = false): DataResponse {
+        try {
+            $share = $this->getShareById($id);
+        } catch (ShareNotFound $e) {
+            throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
+        }
+
+        try {
+            if ($this->canAccessShare($share)) {
+                $share = $this->formatShare($share);
+
+                if ($include_tags) {
+                    $share = $this->populateTags([$share]);
+                } else {
+                    $share = [$share];
+                }
+
+                return new DataResponse($share);
+            }
+        } catch (NotFoundException $e) {
+            // Fall through
+        }
+
+        throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
+    }
+
+    /**
+     * Delete a share
+     *
+     * @param string $id ID of the share
+     * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
+     * @throws OCSNotFoundException Share not found
+     * @throws OCSForbiddenException Missing permissions to delete the share
+     *
+     * 200: Share deleted successfully
+     */
+    #[NoAdminRequired]
+    public function deleteShare(string $id): DataResponse {
+        try {
+            $share = $this->getShareById($id);
+        } catch (ShareNotFound $e) {
+            throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
+        }
+
+        try {
+            $this->lock($share->getNode());
+        } catch (LockedException $e) {
+            throw new OCSNotFoundException($this->l->t('Could not delete share'));
+        }
+
+        if (!$this->canAccessShare($share)) {
+            throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
+        }
+
+        // if it's a group share or a room share
+        // we don't delete the share, but only the
+        // mount point. Allowing it to be restored
+        // from the deleted shares
+        if ($this->canDeleteShareFromSelf($share)) {
+            $this->shareManager->deleteFromSelf($share, $this->userId);
+        } else {
+            if (!$this->canDeleteShare($share)) {
+                throw new OCSForbiddenException($this->l->t('Could not delete share'));
+            }
+
+            $this->shareManager->deleteShare($share);
+        }
+
+        return new DataResponse();
+    }
+
+    /**
+     * Create a share
+     *
+     * @param string|null $path Path of the share
+     * @param int|null $permissions Permissions for the share
+     * @param int $shareType Type of the share
+     * @param ?string $shareWith The entity this should be shared with
+     * @param 'true'|'false'|null $publicUpload If public uploading is allowed (deprecated)
+     * @param string $password Password for the share
+     * @param string|null $sendPasswordByTalk Send the password for the share over Talk
+     * @param ?string $expireDate The expiry date of the share in the user's timezone at 00:00.
+     *                            If $expireDate is not supplied or set to `null`, the system default will be used.
+     * @param string $note Note for the share
+     * @param string $label Label for the share (only used in link and email)
+     * @param string|null $attributes Additional attributes for the share
+     * @param 'false'|'true'|null $sendMail Send a mail to the recipient
+     *
+     * @return DataResponse<Http::STATUS_OK, Files_SharingShare, array{}>
+     * @throws OCSBadRequestException Unknown share type
+     * @throws OCSException
+     * @throws OCSForbiddenException Creating the share is not allowed
+     * @throws OCSNotFoundException Creating the share failed
+     * @suppress PhanUndeclaredClassMethod
+     *
+     * 200: Share created
+     */
+    #[NoAdminRequired]
+    #[UserRateLimit(limit: 20, period: 600)]
+    public function createShare(
+        ?string $path = null,
+        ?int $permissions = null,
+        int $shareType = -1,
+        ?string $shareWith = null,
+        ?string $publicUpload = null,
+        string $password = '',
+        ?string $sendPasswordByTalk = null,
+        ?string $expireDate = null,
+        string $note = '',
+        string $label = '',
+        ?string $attributes = null,
+        ?string $sendMail = null,
+    ): DataResponse {
+        assert($this->userId !== null);
+
+        $share = $this->shareManager->newShare();
+        $hasPublicUpload = $this->getLegacyPublicUpload($publicUpload);
+
+        // Verify path
+        if ($path === null) {
+            throw new OCSNotFoundException($this->l->t('Please specify a file or folder path'));
+        }
+
+        $userFolder = $this->rootFolder->getUserFolder($this->userId);
+        try {
+            /** @var \OC\Files\Node\Node $node */
+            $node = $userFolder->get($path);
+        } catch (NotFoundException $e) {
+            throw new OCSNotFoundException($this->l->t('Wrong path, file/folder does not exist'));
+        }
+
+        // a user can have access to a file through different paths, with differing permissions
+        // combine all permissions to determine if the user can share this file
+        $nodes = $userFolder->getById($node->getId());
+        foreach ($nodes as $nodeById) {
+            /** @var FileInfo $fileInfo */
+            $fileInfo = $node->getFileInfo();
+            $fileInfo['permissions'] |= $nodeById->getPermissions();
+        }
+
+        $share->setNode($node);
+
+        try {
+            $this->lock($share->getNode());
+        } catch (LockedException $e) {
+            throw new OCSNotFoundException($this->l->t('Could not create share'));
+        }
+
+        // Set permissions
+        if ($shareType === IShare::TYPE_LINK || $shareType === IShare::TYPE_EMAIL) {
+            $permissions = $this->getLinkSharePermissions($permissions, $hasPublicUpload);
+            $this->validateLinkSharePermissions($node, $permissions, $hasPublicUpload);
+        } else {
+            // Use default permissions only for non-link shares to keep legacy behavior
+            if ($permissions === null) {
+                $permissions = (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL);
+            }
+            // Non-link shares always require read permissions (link shares could be file drop)
+            $permissions |= Constants::PERMISSION_READ;
+        }
+
+        // For legacy reasons the API allows to pass PERMISSIONS_ALL even for single file shares (I look at you Talk)
+        if ($node instanceof File) {
+            // if this is a single file share we remove the DELETE and CREATE permissions
+            $permissions = $permissions & ~(Constants::PERMISSION_DELETE | Constants::PERMISSION_CREATE);
+        }
+
+        /**
+         * Hack for https://github.com/owncloud/core/issues/22587
+         * We check the permissions via webdav. But the permissions of the mount point
+         * do not equal the share permissions. Here we fix that for federated mounts.
+         */
+        if ($node->getStorage()->instanceOfStorage(Storage::class)) {
+            $permissions &= ~($permissions & ~$node->getPermissions());
+        }
+
+        if ($attributes !== null) {
+            $share = $this->setShareAttributes($share, $attributes);
+        }
+
+        // Expire date checks
+        // Normally, null means no expiration date but we still set the default for backwards compatibility
+        // If the client sends an empty string, we set noExpirationDate to true
+        if ($expireDate !== null) {
+            if ($expireDate !== '') {
+                try {
+                    $expireDateTime = $this->parseDate($expireDate);
+                    $share->setExpirationDate($expireDateTime);
+                } catch (\Exception $e) {
+                    throw new OCSNotFoundException($e->getMessage(), $e);
+                }
+            } else {
+                // Client sent empty string for expire date.
+                // Set noExpirationDate to true so overwrite is prevented.
+                $share->setNoExpirationDate(true);
+            }
+        }
+
+        $share->setSharedBy($this->userId);
+
+        // Handle mail send
+        if (is_null($sendMail)) {
+            $allowSendMail = $this->config->getSystemValueBool('sharing.enable_share_mail', true);
+            if ($allowSendMail !== true || $shareType === IShare::TYPE_EMAIL) {
+                // Define a default behavior when sendMail is not provided
+                // For email shares with a valid recipient, the default is to send the mail
+                // For all other share types, the default is to not send the mail
+                $allowSendMail = ($shareType === IShare::TYPE_EMAIL && $shareWith !== null && $shareWith !== '');
+            }
+            $share->setMailSend($allowSendMail);
+        } else {
+            $share->setMailSend($sendMail === 'true');
+        }
+
+        if ($shareType === IShare::TYPE_USER) {
+            // Valid user is required to share
+            if ($shareWith === null || !$this->userManager->userExists($shareWith)) {
+                throw new OCSNotFoundException($this->l->t('Please specify a valid account to share with'));
+            }
+            $share->setSharedWith($shareWith);
+            $share->setPermissions($permissions);
+        } elseif ($shareType === IShare::TYPE_GROUP) {
+            if (!$this->shareManager->allowGroupSharing()) {
+                throw new OCSNotFoundException($this->l->t('Group sharing is disabled by the administrator'));
+            }
+
+            // Valid group is required to share
+            if ($shareWith === null || !$this->groupManager->groupExists($shareWith)) {
+                throw new OCSNotFoundException($this->l->t('Please specify a valid group'));
+            }
+            $share->setSharedWith($shareWith);
+            $share->setPermissions($permissions);
+        } elseif ($shareType === IShare::TYPE_LINK
+            || $shareType === IShare::TYPE_EMAIL) {
+
+            // Can we even share links?
+            if (!$this->shareManager->shareApiAllowLinks()) {
+                throw new OCSNotFoundException($this->l->t('Public link sharing is disabled by the administrator'));
+            }
+
+            $this->validateLinkSharePermissions($node, $permissions, $hasPublicUpload);
+            $share->setPermissions($permissions);
+
+            // Set password
+            if ($password !== '') {
+                $share->setPassword($password);
+            }
+
+            // Only share by mail have a recipient
+            if (is_string($shareWith) && $shareType === IShare::TYPE_EMAIL) {
+                // If sending a mail have been requested, validate the mail address
+                if ($share->getMailSend() && !$this->mailer->validateMailAddress($shareWith)) {
+                    throw new OCSNotFoundException($this->l->t('Please specify a valid email address'));
+                }
+                $share->setSharedWith($shareWith);
+            }
+
+            // If we have a label, use it
+            if ($label !== '') {
+                if (strlen($label) > 255) {
+                    throw new OCSBadRequestException('Maximum label length is 255');
+                }
+                $share->setLabel($label);
+            }
+
+            if ($sendPasswordByTalk === 'true') {
+                if (!$this->appManager->isEnabledForUser('spreed')) {
+                    throw new OCSForbiddenException($this->l->t('Sharing %s sending the password by Nextcloud Talk failed because Nextcloud Talk is not enabled', [$node->getPath()]));
+                }
+
+                $share->setSendPasswordByTalk(true);
+            }
+        } elseif ($shareType === IShare::TYPE_REMOTE) {
+            if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
+                throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType]));
+            }
+
+            if ($shareWith === null) {
+                throw new OCSNotFoundException($this->l->t('Please specify a valid federated account ID'));
+            }
+
+            $share->setSharedWith($shareWith);
+            $share->setPermissions($permissions);
+            $share->setSharedWithDisplayName($this->getCachedFederatedDisplayName($shareWith, false));
+        } elseif ($shareType === IShare::TYPE_REMOTE_GROUP) {
+            if (!$this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
+                throw new OCSForbiddenException($this->l->t('Sharing %1$s failed because the back end does not allow shares from type %2$s', [$node->getPath(), $shareType]));
+            }
+
+            if ($shareWith === null) {
+                throw new OCSNotFoundException($this->l->t('Please specify a valid federated group ID'));
+            }
+
+            $share->setSharedWith($shareWith);
+            $share->setPermissions($permissions);
+        } elseif ($shareType === IShare::TYPE_CIRCLE) {
+            if (!Server::get(IAppManager::class)->isEnabledForUser('circles') || !class_exists('\OCA\Circles\ShareByCircleProvider')) {
+                throw new OCSNotFoundException($this->l->t('You cannot share to a Team if the app is not enabled'));
+            }
+
+            $circle = Circles::detailsCircle($shareWith);
+
+            // Valid team is required to share
+            if ($circle === null) {
+                throw new OCSNotFoundException($this->l->t('Please specify a valid team'));
+            }
+            $share->setSharedWith($shareWith);
+            $share->setPermissions($permissions);
+        } elseif ($shareType === IShare::TYPE_ROOM) {
+            try {
+                $this->getRoomShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
+            } catch (ContainerExceptionInterface $e) {
+                throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()]));
+            }
+        } elseif ($shareType === IShare::TYPE_DECK) {
+            try {
+                $this->getDeckShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
+            } catch (ContainerExceptionInterface $e) {
+                throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support room shares', [$node->getPath()]));
+            }
+        } elseif ($shareType === IShare::TYPE_SCIENCEMESH) {
+            try {
+                $this->getSciencemeshShareHelper()->createShare($share, $shareWith, $permissions, $expireDate ?? '');
+            } catch (ContainerExceptionInterface $e) {
+                throw new OCSForbiddenException($this->l->t('Sharing %s failed because the back end does not support ScienceMesh shares', [$node->getPath()]));
+            }
+        } else {
+            throw new OCSBadRequestException($this->l->t('Unknown share type'));
+        }
+
+        $share->setShareType($shareType);
+        $this->checkInheritedAttributes($share);
+
+        if ($note !== '') {
+            $share->setNote($note);
+        }
+
+        try {
+            $share = $this->shareManager->createShare($share);
+        } catch (HintException $e) {
+            $code = $e->getCode() === 0 ? 403 : $e->getCode();
+            throw new OCSException($e->getHint(), $code);
+        } catch (GenericShareException|\InvalidArgumentException $e) {
+            $this->logger->error($e->getMessage(), ['exception' => $e]);
+            throw new OCSForbiddenException($e->getMessage(), $e);
+        } catch (\Exception $e) {
+            $this->logger->error($e->getMessage(), ['exception' => $e]);
+            throw new OCSForbiddenException('Failed to create share.', $e);
+        }
+
+        $output = $this->formatShare($share);
+
+        return new DataResponse($output);
+    }
+
+    /**
+     * @param null|Node $node
+     * @param boolean $includeTags
+     *
+     * @return list<Files_SharingShare>
+     */
+    private function getSharedWithMe($node, bool $includeTags): array {
+        $userShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_USER, $node, -1, 0);
+        $groupShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_GROUP, $node, -1, 0);
+        $circleShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_CIRCLE, $node, -1, 0);
+        $roomShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_ROOM, $node, -1, 0);
+        $deckShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_DECK, $node, -1, 0);
+        $sciencemeshShares = $this->shareManager->getSharedWith($this->userId, IShare::TYPE_SCIENCEMESH, $node, -1, 0);
+
+        $shares = array_merge($userShares, $groupShares, $circleShares, $roomShares, $deckShares, $sciencemeshShares);
+
+        $filteredShares = array_filter($shares, function (IShare $share) {
+            return $share->getShareOwner() !== $this->userId;
+        });
+
+        $formatted = [];
+        foreach ($filteredShares as $share) {
+            if ($this->canAccessShare($share)) {
+                try {
+                    $formatted[] = $this->formatShare($share);
+                } catch (NotFoundException $e) {
+                    // Ignore this share
+                }
+            }
+        }
+
+        if ($includeTags) {
+            $formatted = $this->populateTags($formatted);
+        }
+
+        return $formatted;
+    }
+
+    /**
+     * @param Node $folder
+     *
+     * @return list<Files_SharingShare>
+     * @throws OCSBadRequestException
+     * @throws NotFoundException
+     */
+    private function getSharesInDir(Node $folder): array {
+        if (!($folder instanceof Folder)) {
+            throw new OCSBadRequestException($this->l->t('Not a directory'));
+        }
+
+        $nodes = $folder->getDirectoryListing();
+
+        /** @var IShare[] $shares */
+        $shares = array_reduce($nodes, function ($carry, $node) {
+            $carry = array_merge($carry, $this->getAllShares($node, true));
+            return $carry;
+        }, []);
+
+        // filter out duplicate shares
+        $known = [];
+
+        $formatted = $miniFormatted = [];
+        $resharingRight = false;
+        $known = [];
+        foreach ($shares as $share) {
+            if (in_array($share->getId(), $known) || $share->getSharedWith() === $this->userId) {
+                continue;
+            }
+
+            try {
+                $format = $this->formatShare($share);
+
+                $known[] = $share->getId();
+                $formatted[] = $format;
+                if ($share->getSharedBy() === $this->userId) {
+                    $miniFormatted[] = $format;
+                }
+                if (!$resharingRight && $this->shareProviderResharingRights($this->userId, $share, $folder)) {
+                    $resharingRight = true;
+                }
+            } catch (\Exception $e) {
+                //Ignore this share
+            }
+        }
+
+        if (!$resharingRight) {
+            $formatted = $miniFormatted;
+        }
+
+        return $formatted;
+    }
+
+    /**
+     * Get shares of the current user
+     *
+     * @param string $shared_with_me Only get shares with the current user
+     * @param string $reshares Only get shares by the current user and reshares
+     * @param string $subfiles Only get all shares in a folder
+     * @param string $path Get shares for a specific path
+     * @param string $include_tags Include tags in the share
+     *
+     * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
+     * @throws OCSNotFoundException The folder was not found or is inaccessible
+     *
+     * 200: Shares returned
+     */
+    #[NoAdminRequired]
+    public function getShares(
+        string $shared_with_me = 'false',
+        string $reshares = 'false',
+        string $subfiles = 'false',
+        string $path = '',
+        string $include_tags = 'false',
+    ): DataResponse {
+        $node = null;
+        if ($path !== '') {
+            $userFolder = $this->rootFolder->getUserFolder($this->userId);
+            try {
+                $node = $userFolder->get($path);
+                $this->lock($node);
+            } catch (NotFoundException $e) {
+                throw new OCSNotFoundException(
+                    $this->l->t('Wrong path, file/folder does not exist')
+                );
+            } catch (LockedException $e) {
+                throw new OCSNotFoundException($this->l->t('Could not lock node'));
+            }
+        }
+
+        $shares = $this->getFormattedShares(
+            $this->userId,
+            $node,
+            ($shared_with_me === 'true'),
+            ($reshares === 'true'),
+            ($subfiles === 'true'),
+            ($include_tags === 'true')
+        );
+
+        return new DataResponse($shares);
+    }
+
+    private function getLinkSharePermissions(?int $permissions, ?bool $legacyPublicUpload): int {
+        $permissions = $permissions ?? Constants::PERMISSION_READ;
+
+        // Legacy option handling
+        if ($legacyPublicUpload !== null) {
+            $permissions = $legacyPublicUpload
+                ? (Constants::PERMISSION_READ | Constants::PERMISSION_CREATE | Constants::PERMISSION_UPDATE | Constants::PERMISSION_DELETE)
+                : Constants::PERMISSION_READ;
+        }
+
+        if ($this->hasPermission($permissions, Constants::PERMISSION_READ)
+            && $this->shareManager->outgoingServer2ServerSharesAllowed()
+            && $this->appConfig->getValueBool('core', ConfigLexicon::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES)) {
+            $permissions |= Constants::PERMISSION_SHARE;
+        }
+
+        return $permissions;
+    }
+
+    /**
+     * Helper to check for legacy "publicUpload" handling.
+     * If the value is set to `true` or `false` then true or false are returned.
+     * Otherwise null is returned to indicate that the option was not (or wrong) set.
+     *
+     * @param null|string $legacyPublicUpload The value of `publicUpload`
+     */
+    private function getLegacyPublicUpload(?string $legacyPublicUpload): ?bool {
+        if ($legacyPublicUpload === 'true') {
+            return true;
+        } elseif ($legacyPublicUpload === 'false') {
+            return false;
+        }
+        // Not set at all
+        return null;
+    }
+
+    /**
+     * For link and email shares validate that only allowed combinations are set.
+     *
+     * @throw OCSBadRequestException If permission combination is invalid.
+     * @throw OCSForbiddenException If public upload was forbidden by the administrator.
+     */
+    private function validateLinkSharePermissions(Node $node, int $permissions, ?bool $legacyPublicUpload): void {
+        if ($legacyPublicUpload && ($node instanceof File)) {
+            throw new OCSBadRequestException($this->l->t('Public upload is only possible for publicly shared folders'));
+        }
+
+        // We need at least READ or CREATE (file drop)
+        if (!$this->hasPermission($permissions, Constants::PERMISSION_READ)
+            && !$this->hasPermission($permissions, Constants::PERMISSION_CREATE)) {
+            throw new OCSBadRequestException($this->l->t('Share must at least have READ or CREATE permissions'));
+        }
+
+        // UPDATE and DELETE require a READ permission
+        if (!$this->hasPermission($permissions, Constants::PERMISSION_READ)
+            && ($this->hasPermission($permissions, Constants::PERMISSION_UPDATE) || $this->hasPermission($permissions, Constants::PERMISSION_DELETE))) {
+            throw new OCSBadRequestException($this->l->t('Share must have READ permission if UPDATE or DELETE permission is set'));
+        }
+
+        // Check if public uploading was disabled
+        if ($this->hasPermission($permissions, Constants::PERMISSION_CREATE)
+            && !$this->shareManager->shareApiLinkAllowPublicUpload()) {
+            throw new OCSForbiddenException($this->l->t('Public upload disabled by the administrator'));
+        }
+    }
+
+    /**
+     * @param string $viewer
+     * @param Node $node
+     * @param bool $sharedWithMe
+     * @param bool $reShares
+     * @param bool $subFiles
+     * @param bool $includeTags
+     *
+     * @return list<Files_SharingShare>
+     * @throws NotFoundException
+     * @throws OCSBadRequestException
+     */
+    private function getFormattedShares(
+        string $viewer,
+        $node = null,
+        bool $sharedWithMe = false,
+        bool $reShares = false,
+        bool $subFiles = false,
+        bool $includeTags = false,
+    ): array {
+        if ($sharedWithMe) {
+            return $this->getSharedWithMe($node, $includeTags);
+        }
+
+        if ($subFiles) {
+            return $this->getSharesInDir($node);
+        }
+
+        $shares = $this->getSharesFromNode($viewer, $node, $reShares);
+
+        $known = $formatted = $miniFormatted = [];
+        $resharingRight = false;
+        foreach ($shares as $share) {
+            try {
+                $share->getNode();
+            } catch (NotFoundException $e) {
+                /*
 				 * Ignore shares where we can't get the node
 				 * For example deleted shares
 				 */
-				continue;
-			}
-
-			if (in_array($share->getId(), $known)
-				|| ($share->getSharedWith() === $this->userId && $share->getShareType() === IShare::TYPE_USER)) {
-				continue;
-			}
-
-			$known[] = $share->getId();
-			try {
-				/** @var IShare $share */
-				$format = $this->formatShare($share, $node);
-				$formatted[] = $format;
-
-				// let's also build a list of shares created
-				// by the current user only, in case
-				// there is no resharing rights
-				if ($share->getSharedBy() === $this->userId) {
-					$miniFormatted[] = $format;
-				}
-
-				// check if one of those share is shared with me
-				// and if I have resharing rights on it
-				if (!$resharingRight && $this->shareProviderResharingRights($this->userId, $share, $node)) {
-					$resharingRight = true;
-				}
-			} catch (InvalidPathException|NotFoundException $e) {
-			}
-		}
-
-		if (!$resharingRight) {
-			$formatted = $miniFormatted;
-		}
-
-		// fix eventual missing display name from federated shares
-		$formatted = $this->fixMissingDisplayName($formatted);
-
-		if ($includeTags) {
-			$formatted = $this->populateTags($formatted);
-		}
-
-		return $formatted;
-	}
-
-
-	/**
-	 * Get all shares relative to a file, including parent folders shares rights
-	 *
-	 * @param string $path Path all shares will be relative to
-	 *
-	 * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
-	 * @throws InvalidPathException
-	 * @throws NotFoundException
-	 * @throws OCSNotFoundException The given path is invalid
-	 * @throws SharingRightsException
-	 *
-	 * 200: Shares returned
-	 */
-	#[NoAdminRequired]
-	public function getInheritedShares(string $path): DataResponse {
-		// get Node from (string) path.
-		$userFolder = $this->rootFolder->getUserFolder($this->userId);
-		try {
-			$node = $userFolder->get($path);
-			$this->lock($node);
-		} catch (NotFoundException $e) {
-			throw new OCSNotFoundException($this->l->t('Wrong path, file/folder does not exist'));
-		} catch (LockedException $e) {
-			throw new OCSNotFoundException($this->l->t('Could not lock path'));
-		}
-
-		if (!($node->getPermissions() & Constants::PERMISSION_SHARE)) {
-			throw new SharingRightsException($this->l->t('no sharing rights on this item'));
-		}
-
-		// The current top parent we have access to
-		$parent = $node;
-
-		// initiate real owner.
-		$owner = $node->getOwner()
-			->getUID();
-		if (!$this->userManager->userExists($owner)) {
-			return new DataResponse([]);
-		}
-
-		// get node based on the owner, fix owner in case of external storage
-		$userFolder = $this->rootFolder->getUserFolder($owner);
-		if ($node->getId() !== $userFolder->getId() && !$userFolder->isSubNode($node)) {
-			$owner = $node->getOwner()
-				->getUID();
-			$userFolder = $this->rootFolder->getUserFolder($owner);
-			$node = $userFolder->getFirstNodeById($node->getId());
-		}
-		$basePath = $userFolder->getPath();
-
-		// generate node list for each parent folders
-		/** @var Node[] $nodes */
-		$nodes = [];
-		while (true) {
-			$node = $node->getParent();
-			if ($node->getPath() === $basePath) {
-				break;
-			}
-			$nodes[] = $node;
-		}
-
-		// The user that is requesting this list
-		$currentUserFolder = $this->rootFolder->getUserFolder($this->userId);
-
-		// for each nodes, retrieve shares.
-		$shares = [];
-
-		foreach ($nodes as $node) {
-			$getShares = $this->getFormattedShares($owner, $node, false, true);
-
-			$currentUserNode = $currentUserFolder->getFirstNodeById($node->getId());
-			if ($currentUserNode) {
-				$parent = $currentUserNode;
-			}
-
-			$subPath = $currentUserFolder->getRelativePath($parent->getPath());
-			foreach ($getShares as &$share) {
-				$share['via_fileid'] = $parent->getId();
-				$share['via_path'] = $subPath;
-			}
-			$this->mergeFormattedShares($shares, $getShares);
-		}
-
-		return new DataResponse(array_values($shares));
-	}
-
-	/**
-	 * Check whether a set of permissions contains the permissions to check.
-	 */
-	private function hasPermission(int $permissionsSet, int $permissionsToCheck): bool {
-		return ($permissionsSet & $permissionsToCheck) === $permissionsToCheck;
-	}
-
-	/**
-	 * Update a share
-	 *
-	 * @param string $id ID of the share
-	 * @param int|null $permissions New permissions
-	 * @param string|null $password New password
-	 * @param string|null $sendPasswordByTalk New condition if the password should be send over Talk
-	 * @param string|null $publicUpload New condition if public uploading is allowed
-	 * @param string|null $expireDate New expiry date
-	 * @param string|null $note New note
-	 * @param string|null $label New label
-	 * @param string|null $hideDownload New condition if the download should be hidden
-	 * @param string|null $attributes New additional attributes
-	 * @param string|null $sendMail if the share should be send by mail.
-	 *                              Considering the share already exists, no mail will be send after the share is updated.
-	 *                              You will have to use the sendMail action to send the mail.
-	 * @param string|null $shareWith New recipient for email shares
-	 * @param string|null $token New token
-	 * @return DataResponse<Http::STATUS_OK, Files_SharingShare, array{}>
-	 * @throws OCSBadRequestException Share could not be updated because the requested changes are invalid
-	 * @throws OCSForbiddenException Missing permissions to update the share
-	 * @throws OCSNotFoundException Share not found
-	 *
-	 * 200: Share updated successfully
-	 */
-	#[NoAdminRequired]
-	public function updateShare(
-		string $id,
-		?int $permissions = null,
-		?string $password = null,
-		?string $sendPasswordByTalk = null,
-		?string $publicUpload = null,
-		?string $expireDate = null,
-		?string $note = null,
-		?string $label = null,
-		?string $hideDownload = null,
-		?string $attributes = null,
-		?string $sendMail = null,
-		?string $token = null,
-	): DataResponse {
-		try {
-			$share = $this->getShareById($id);
-		} catch (ShareNotFound $e) {
-			throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
-		}
-
-		$this->lock($share->getNode());
-
-		if (!$this->canAccessShare($share, false)) {
-			throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
-		}
-
-		if (!$this->canEditShare($share)) {
-			throw new OCSForbiddenException($this->l->t('You are not allowed to edit incoming shares'));
-		}
-
-		if (
-			$permissions === null
-			&& $password === null
-			&& $sendPasswordByTalk === null
-			&& $publicUpload === null
-			&& $expireDate === null
-			&& $note === null
-			&& $label === null
-			&& $hideDownload === null
-			&& $attributes === null
-			&& $sendMail === null
-			&& $token === null
-		) {
-			throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
-		}
-
-		if ($note !== null) {
-			$share->setNote($note);
-		}
-
-		if ($attributes !== null) {
-			$share = $this->setShareAttributes($share, $attributes);
-		}
-
-		// Handle mail send
-		if ($sendMail === 'true' || $sendMail === 'false') {
-			$share->setMailSend($sendMail === 'true');
-		}
-
-		/**
-		 * expiration date, password and publicUpload only make sense for link shares
-		 */
-		if ($share->getShareType() === IShare::TYPE_LINK
-			|| $share->getShareType() === IShare::TYPE_EMAIL) {
-
-			// Update hide download state
-			if ($hideDownload === 'true') {
-				$share->setHideDownload(true);
-			} elseif ($hideDownload === 'false') {
-				$share->setHideDownload(false);
-			}
-
-			// If either manual permissions are specified or publicUpload
-			// then we need to also update the permissions of the share
-			if ($permissions !== null || $publicUpload !== null) {
-				$hasPublicUpload = $this->getLegacyPublicUpload($publicUpload);
-				$permissions = $this->getLinkSharePermissions($permissions ?? Constants::PERMISSION_READ, $hasPublicUpload);
-				$this->validateLinkSharePermissions($share->getNode(), $permissions, $hasPublicUpload);
-				$share->setPermissions($permissions);
-			}
-
-			if ($password === '') {
-				$share->setPassword(null);
-			} elseif ($password !== null) {
-				$share->setPassword($password);
-			}
-
-			if ($label !== null) {
-				if (strlen($label) > 255) {
-					throw new OCSBadRequestException('Maximum label length is 255');
-				}
-				$share->setLabel($label);
-			}
-
-			if ($sendPasswordByTalk === 'true') {
-				if (!$this->appManager->isEnabledForUser('spreed')) {
-					throw new OCSForbiddenException($this->l->t('"Sending the password by Nextcloud Talk" for sharing a file or folder failed because Nextcloud Talk is not enabled.'));
-				}
-
-				$share->setSendPasswordByTalk(true);
-			} elseif ($sendPasswordByTalk !== null) {
-				$share->setSendPasswordByTalk(false);
-			}
-
-			if ($token !== null) {
-				if (!$this->shareManager->allowCustomTokens()) {
-					throw new OCSForbiddenException($this->l->t('Custom share link tokens have been disabled by the administrator'));
-				}
-				if (!$this->validateToken($token)) {
-					throw new OCSBadRequestException($this->l->t('Tokens must contain at least 1 character and may only contain letters, numbers, or a hyphen'));
-				}
-				$share->setToken($token);
-			}
-		}
-
-		// NOT A LINK SHARE
-		else {
-			if ($permissions !== null) {
-				$share->setPermissions($permissions);
-			}
-		}
-
-		if ($expireDate === '') {
-			$share->setExpirationDate(null);
-		} elseif ($expireDate !== null) {
-			try {
-				$expireDateTime = $this->parseDate($expireDate);
-				$share->setExpirationDate($expireDateTime);
-			} catch (\Exception $e) {
-				throw new OCSBadRequestException($e->getMessage(), $e);
-			}
-		}
-
-		try {
-			$this->checkInheritedAttributes($share);
-			$share = $this->shareManager->updateShare($share);
-		} catch (HintException $e) {
-			$code = $e->getCode() === 0 ? 403 : $e->getCode();
-			throw new OCSException($e->getHint(), (int)$code);
-		} catch (\Exception $e) {
-			$this->logger->error($e->getMessage(), ['exception' => $e]);
-			throw new OCSBadRequestException('Failed to update share.', $e);
-		}
-
-		return new DataResponse($this->formatShare($share));
-	}
-
-	private function validateToken(string $token): bool {
-		if (mb_strlen($token) === 0) {
-			return false;
-		}
-		if (!preg_match('/^[a-z0-9-]+$/i', $token)) {
-			return false;
-		}
-		return true;
-	}
-
-	/**
-	 * Get all shares that are still pending
-	 *
-	 * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
-	 *
-	 * 200: Pending shares returned
-	 */
-	#[NoAdminRequired]
-	public function pendingShares(): DataResponse {
-		$pendingShares = [];
-
-		$shareTypes = [
-			IShare::TYPE_USER,
-			IShare::TYPE_GROUP
-		];
-
-		foreach ($shareTypes as $shareType) {
-			$shares = $this->shareManager->getSharedWith($this->userId, $shareType, null, -1, 0);
-
-			foreach ($shares as $share) {
-				if ($share->getStatus() === IShare::STATUS_PENDING || $share->getStatus() === IShare::STATUS_REJECTED) {
-					$pendingShares[] = $share;
-				}
-			}
-		}
-
-		$result = array_values(array_filter(array_map(function (IShare $share) {
-			$userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
-			$node = $userFolder->getFirstNodeById($share->getNodeId());
-			if (!$node) {
-				// fallback to guessing the path
-				$node = $userFolder->get($share->getTarget());
-				if ($node === null || $share->getTarget() === '') {
-					return null;
-				}
-			}
-
-			try {
-				$formattedShare = $this->formatShare($share, $node);
-				$formattedShare['path'] = '/' . $share->getNode()->getName();
-				$formattedShare['permissions'] = 0;
-				return $formattedShare;
-			} catch (NotFoundException $e) {
-				return null;
-			}
-		}, $pendingShares), function ($entry) {
-			return $entry !== null;
-		}));
-
-		return new DataResponse($result);
-	}
-
-	/**
-	 * Accept a share
-	 *
-	 * @param string $id ID of the share
-	 * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
-	 * @throws OCSNotFoundException Share not found
-	 * @throws OCSException
-	 * @throws OCSBadRequestException Share could not be accepted
-	 *
-	 * 200: Share accepted successfully
-	 */
-	#[NoAdminRequired]
-	public function acceptShare(string $id): DataResponse {
-		try {
-			$share = $this->getShareById($id);
-		} catch (ShareNotFound $e) {
-			throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
-		}
-
-		if (!$this->canAccessShare($share)) {
-			throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
-		}
-
-		try {
-			$this->shareManager->acceptShare($share, $this->userId);
-		} catch (HintException $e) {
-			$code = $e->getCode() === 0 ? 403 : $e->getCode();
-			throw new OCSException($e->getHint(), (int)$code);
-		} catch (\Exception $e) {
-			$this->logger->error($e->getMessage(), ['exception' => $e]);
-			throw new OCSBadRequestException('Failed to accept share.', $e);
-		}
-
-		return new DataResponse();
-	}
-
-	/**
-	 * Does the user have read permission on the share
-	 *
-	 * @param IShare $share the share to check
-	 * @param boolean $checkGroups check groups as well?
-	 * @return boolean
-	 * @throws NotFoundException
-	 *
-	 * @suppress PhanUndeclaredClassMethod
-	 */
-	protected function canAccessShare(IShare $share, bool $checkGroups = true): bool {
-		// A file with permissions 0 can't be accessed by us. So Don't show it
-		if ($share->getPermissions() === 0) {
-			return false;
-		}
-
-		// Owner of the file and the sharer of the file can always get share
-		if ($share->getShareOwner() === $this->userId
-			|| $share->getSharedBy() === $this->userId) {
-			return true;
-		}
-
-		// If the share is shared with you, you can access it!
-		if ($share->getShareType() === IShare::TYPE_USER
-			&& $share->getSharedWith() === $this->userId) {
-			return true;
-		}
-
-		// Have reshare rights on the shared file/folder ?
-		// Does the currentUser have access to the shared file?
-		$userFolder = $this->rootFolder->getUserFolder($this->userId);
-		$file = $userFolder->getFirstNodeById($share->getNodeId());
-		if ($file && $this->shareProviderResharingRights($this->userId, $share, $file)) {
-			return true;
-		}
-
-		// If in the recipient group, you can see the share
-		if ($checkGroups && $share->getShareType() === IShare::TYPE_GROUP) {
-			$sharedWith = $this->groupManager->get($share->getSharedWith());
-			$user = $this->userManager->get($this->userId);
-			if ($user !== null && $sharedWith !== null && $sharedWith->inGroup($user)) {
-				return true;
-			}
-		}
-
-		if ($share->getShareType() === IShare::TYPE_CIRCLE) {
-			// TODO: have a sanity check like above?
-			return true;
-		}
-
-		if ($share->getShareType() === IShare::TYPE_ROOM) {
-			try {
-				return $this->getRoomShareHelper()->canAccessShare($share, $this->userId);
-			} catch (ContainerExceptionInterface $e) {
-				return false;
-			}
-		}
-
-		if ($share->getShareType() === IShare::TYPE_DECK) {
-			try {
-				return $this->getDeckShareHelper()->canAccessShare($share, $this->userId);
-			} catch (ContainerExceptionInterface $e) {
-				return false;
-			}
-		}
-
-		if ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
-			try {
-				return $this->getSciencemeshShareHelper()->canAccessShare($share, $this->userId);
-			} catch (ContainerExceptionInterface $e) {
-				return false;
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * Does the user have edit permission on the share
-	 *
-	 * @param IShare $share the share to check
-	 * @return boolean
-	 */
-	protected function canEditShare(IShare $share): bool {
-		// A file with permissions 0 can't be accessed by us. So Don't show it
-		if ($share->getPermissions() === 0) {
-			return false;
-		}
-
-		// The owner of the file and the creator of the share
-		// can always edit the share
-		if ($share->getShareOwner() === $this->userId
-			|| $share->getSharedBy() === $this->userId
-		) {
-			return true;
-		}
-
-		$userFolder = $this->rootFolder->getUserFolder($this->userId);
-		$file = $userFolder->getFirstNodeById($share->getNodeId());
-		if ($file?->getMountPoint() instanceof IShareOwnerlessMount && $this->shareProviderResharingRights($this->userId, $share, $file)) {
-			return true;
-		}
-
-		//! we do NOT support some kind of `admin` in groups.
-		//! You cannot edit shares shared to a group you're
-		//! a member of if you're not the share owner or the file owner!
-
-		return false;
-	}
-
-	/**
-	 * Does the user have delete permission on the share
-	 *
-	 * @param IShare $share the share to check
-	 * @return boolean
-	 */
-	protected function canDeleteShare(IShare $share): bool {
-		// A file with permissions 0 can't be accessed by us. So Don't show it
-		if ($share->getPermissions() === 0) {
-			return false;
-		}
-
-		// if the user is the recipient, i can unshare
-		// the share with self
-		if ($share->getShareType() === IShare::TYPE_USER
-			&& $share->getSharedWith() === $this->userId
-		) {
-			return true;
-		}
-
-		// The owner of the file and the creator of the share
-		// can always delete the share
-		if ($share->getShareOwner() === $this->userId
-			|| $share->getSharedBy() === $this->userId
-		) {
-			return true;
-		}
-
-		$userFolder = $this->rootFolder->getUserFolder($this->userId);
-		$file = $userFolder->getFirstNodeById($share->getNodeId());
-		if ($file?->getMountPoint() instanceof IShareOwnerlessMount && $this->shareProviderResharingRights($this->userId, $share, $file)) {
-			return true;
-		}
-
-		return false;
-	}
-
-	/**
-	 * Does the user have delete permission on the share
-	 * This differs from the canDeleteShare function as it only
-	 * remove the share for the current user. It does NOT
-	 * completely delete the share but only the mount point.
-	 * It can then be restored from the deleted shares section.
-	 *
-	 * @param IShare $share the share to check
-	 * @return boolean
-	 *
-	 * @suppress PhanUndeclaredClassMethod
-	 */
-	protected function canDeleteShareFromSelf(IShare $share): bool {
-		if ($share->getShareType() !== IShare::TYPE_GROUP
-			&& $share->getShareType() !== IShare::TYPE_ROOM
-			&& $share->getShareType() !== IShare::TYPE_DECK
-			&& $share->getShareType() !== IShare::TYPE_SCIENCEMESH
-		) {
-			return false;
-		}
-
-		if ($share->getShareOwner() === $this->userId
-			|| $share->getSharedBy() === $this->userId
-		) {
-			// Delete the whole share, not just for self
-			return false;
-		}
-
-		// If in the recipient group, you can delete the share from self
-		if ($share->getShareType() === IShare::TYPE_GROUP) {
-			$sharedWith = $this->groupManager->get($share->getSharedWith());
-			$user = $this->userManager->get($this->userId);
-			if ($user !== null && $sharedWith !== null && $sharedWith->inGroup($user)) {
-				return true;
-			}
-		}
-
-		if ($share->getShareType() === IShare::TYPE_ROOM) {
-			try {
-				return $this->getRoomShareHelper()->canAccessShare($share, $this->userId);
-			} catch (ContainerExceptionInterface $e) {
-				return false;
-			}
-		}
-
-		if ($share->getShareType() === IShare::TYPE_DECK) {
-			try {
-				return $this->getDeckShareHelper()->canAccessShare($share, $this->userId);
-			} catch (ContainerExceptionInterface $e) {
-				return false;
-			}
-		}
-
-		if ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
-			try {
-				return $this->getSciencemeshShareHelper()->canAccessShare($share, $this->userId);
-			} catch (ContainerExceptionInterface $e) {
-				return false;
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * Make sure that the passed date is valid ISO 8601
-	 * So YYYY-MM-DD
-	 * If not throw an exception
-	 *
-	 * @param string $expireDate
-	 *
-	 * @throws \Exception
-	 * @return \DateTime
-	 */
-	private function parseDate(string $expireDate): \DateTime {
-		try {
-			$date = new \DateTime(trim($expireDate, '"'), $this->dateTimeZone->getTimeZone());
-			// Make sure it expires at midnight in owner timezone
-			$date->setTime(0, 0, 0);
-		} catch (\Exception $e) {
-			throw new \Exception($this->l->t('Invalid date. Format must be YYYY-MM-DD'));
-		}
-
-		return $date;
-	}
-
-	/**
-	 * Since we have multiple providers but the OCS Share API v1 does
-	 * not support this we need to check all backends.
-	 *
-	 * @param string $id
-	 * @return IShare
-	 * @throws ShareNotFound
-	 */
-	private function getShareById(string $id): IShare {
-		$share = null;
-
-		// First check if it is an internal share.
-		try {
-			$share = $this->shareManager->getShareById('ocinternal:' . $id, $this->userId);
-			return $share;
-		} catch (ShareNotFound $e) {
-			// Do nothing, just try the other share type
-		}
-
-
-		try {
-			if ($this->shareManager->shareProviderExists(IShare::TYPE_CIRCLE)) {
-				$share = $this->shareManager->getShareById('ocCircleShare:' . $id, $this->userId);
-				return $share;
-			}
-		} catch (ShareNotFound $e) {
-			// Do nothing, just try the other share type
-		}
-
-		try {
-			if ($this->shareManager->shareProviderExists(IShare::TYPE_EMAIL)) {
-				$share = $this->shareManager->getShareById('ocMailShare:' . $id, $this->userId);
-				return $share;
-			}
-		} catch (ShareNotFound $e) {
-			// Do nothing, just try the other share type
-		}
-
-		try {
-			$share = $this->shareManager->getShareById('ocRoomShare:' . $id, $this->userId);
-			return $share;
-		} catch (ShareNotFound $e) {
-			// Do nothing, just try the other share type
-		}
-
-		try {
-			if ($this->shareManager->shareProviderExists(IShare::TYPE_DECK)) {
-				$share = $this->shareManager->getShareById('deck:' . $id, $this->userId);
-				return $share;
-			}
-		} catch (ShareNotFound $e) {
-			// Do nothing, just try the other share type
-		}
-
-		try {
-			if ($this->shareManager->shareProviderExists(IShare::TYPE_SCIENCEMESH)) {
-				$share = $this->shareManager->getShareById('sciencemesh:' . $id, $this->userId);
-				return $share;
-			}
-		} catch (ShareNotFound $e) {
-			// Do nothing, just try the other share type
-		}
-
-		if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
-			throw new ShareNotFound();
-		}
-		$share = $this->shareManager->getShareById('ocFederatedSharing:' . $id, $this->userId);
-
-		return $share;
-	}
-
-	/**
-	 * Lock a Node
-	 *
-	 * @param Node $node
-	 * @throws LockedException
-	 */
-	private function lock(Node $node) {
-		$node->lock(ILockingProvider::LOCK_SHARED);
-		$this->lockedNode = $node;
-	}
-
-	/**
-	 * Cleanup the remaining locks
-	 * @throws LockedException
-	 */
-	public function cleanup() {
-		if ($this->lockedNode !== null) {
-			$this->lockedNode->unlock(ILockingProvider::LOCK_SHARED);
-		}
-	}
-
-	/**
-	 * Returns the helper of ShareAPIController for room shares.
-	 *
-	 * If the Talk application is not enabled or the helper is not available
-	 * a ContainerExceptionInterface is thrown instead.
-	 *
-	 * @return \OCA\Talk\Share\Helper\ShareAPIController
-	 * @throws ContainerExceptionInterface
-	 */
-	private function getRoomShareHelper() {
-		if (!$this->appManager->isEnabledForUser('spreed')) {
-			throw new QueryException();
-		}
-
-		return $this->serverContainer->get('\OCA\Talk\Share\Helper\ShareAPIController');
-	}
-
-	/**
-	 * Returns the helper of ShareAPIHelper for deck shares.
-	 *
-	 * If the Deck application is not enabled or the helper is not available
-	 * a ContainerExceptionInterface is thrown instead.
-	 *
-	 * @return ShareAPIHelper
-	 * @throws ContainerExceptionInterface
-	 */
-	private function getDeckShareHelper() {
-		if (!$this->appManager->isEnabledForUser('deck')) {
-			throw new QueryException();
-		}
-
-		return $this->serverContainer->get('\OCA\Deck\Sharing\ShareAPIHelper');
-	}
-
-	/**
-	 * Returns the helper of ShareAPIHelper for sciencemesh shares.
-	 *
-	 * If the sciencemesh application is not enabled or the helper is not available
-	 * a ContainerExceptionInterface is thrown instead.
-	 *
-	 * @return ShareAPIHelper
-	 * @throws ContainerExceptionInterface
-	 */
-	private function getSciencemeshShareHelper() {
-		if (!$this->appManager->isEnabledForUser('sciencemesh')) {
-			throw new QueryException();
-		}
-
-		return $this->serverContainer->get('\OCA\ScienceMesh\Sharing\ShareAPIHelper');
-	}
-
-	/**
-	 * @param string $viewer
-	 * @param Node $node
-	 * @param bool $reShares
-	 *
-	 * @return IShare[]
-	 */
-	private function getSharesFromNode(string $viewer, $node, bool $reShares): array {
-		$providers = [
-			IShare::TYPE_USER,
-			IShare::TYPE_GROUP,
-			IShare::TYPE_LINK,
-			IShare::TYPE_EMAIL,
-			IShare::TYPE_CIRCLE,
-			IShare::TYPE_ROOM,
-			IShare::TYPE_DECK,
-			IShare::TYPE_SCIENCEMESH
-		];
-
-		// Should we assume that the (currentUser) viewer is the owner of the node !?
-		$shares = [];
-		foreach ($providers as $provider) {
-			if (!$this->shareManager->shareProviderExists($provider)) {
-				continue;
-			}
-
-			$providerShares
-				= $this->shareManager->getSharesBy($viewer, $provider, $node, $reShares, -1, 0);
-			$shares = array_merge($shares, $providerShares);
-		}
-
-		if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
-			$federatedShares = $this->shareManager->getSharesBy(
-				$this->userId, IShare::TYPE_REMOTE, $node, $reShares, -1, 0
-			);
-			$shares = array_merge($shares, $federatedShares);
-		}
-
-		if ($this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
-			$federatedShares = $this->shareManager->getSharesBy(
-				$this->userId, IShare::TYPE_REMOTE_GROUP, $node, $reShares, -1, 0
-			);
-			$shares = array_merge($shares, $federatedShares);
-		}
-
-		return $shares;
-	}
-
-
-	/**
-	 * @param Node $node
-	 *
-	 * @throws SharingRightsException
-	 */
-	private function confirmSharingRights(Node $node): void {
-		if (!$this->hasResharingRights($this->userId, $node)) {
-			throw new SharingRightsException($this->l->t('No sharing rights on this item'));
-		}
-	}
-
-
-	/**
-	 * @param string $viewer
-	 * @param Node $node
-	 *
-	 * @return bool
-	 */
-	private function hasResharingRights($viewer, $node): bool {
-		if ($viewer === $node->getOwner()->getUID()) {
-			return true;
-		}
-
-		foreach ([$node, $node->getParent()] as $node) {
-			$shares = $this->getSharesFromNode($viewer, $node, true);
-			foreach ($shares as $share) {
-				try {
-					if ($this->shareProviderResharingRights($viewer, $share, $node)) {
-						return true;
-					}
-				} catch (InvalidPathException|NotFoundException $e) {
-				}
-			}
-		}
-
-		return false;
-	}
-
-
-	/**
-	 * Returns if we can find resharing rights in an IShare object for a specific user.
-	 *
-	 * @suppress PhanUndeclaredClassMethod
-	 *
-	 * @param string $userId
-	 * @param IShare $share
-	 * @param Node $node
-	 *
-	 * @return bool
-	 * @throws NotFoundException
-	 * @throws InvalidPathException
-	 */
-	private function shareProviderResharingRights(string $userId, IShare $share, $node): bool {
-		if ($share->getShareOwner() === $userId) {
-			return true;
-		}
-
-		// we check that current user have parent resharing rights on the current file
-		if ($node !== null && ($node->getPermissions() & Constants::PERMISSION_SHARE) !== 0) {
-			return true;
-		}
-
-		if ((Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) {
-			return false;
-		}
-
-		if ($share->getShareType() === IShare::TYPE_USER && $share->getSharedWith() === $userId) {
-			return true;
-		}
-
-		if ($share->getShareType() === IShare::TYPE_GROUP && $this->groupManager->isInGroup($userId, $share->getSharedWith())) {
-			return true;
-		}
-
-		if ($share->getShareType() === IShare::TYPE_CIRCLE && Server::get(IAppManager::class)->isEnabledForUser('circles')
-			&& class_exists('\OCA\Circles\Api\v1\Circles')) {
-			$hasCircleId = (str_ends_with($share->getSharedWith(), ']'));
-			$shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
-			$shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
-			if ($shareWithLength === false) {
-				$sharedWith = substr($share->getSharedWith(), $shareWithStart);
-			} else {
-				$sharedWith = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
-			}
-			try {
-				$member = Circles::getMember($sharedWith, $userId, 1);
-				if ($member->getLevel() >= 4) {
-					return true;
-				}
-				return false;
-			} catch (ContainerExceptionInterface $e) {
-				return false;
-			}
-		}
-
-		return false;
-	}
-
-	/**
-	 * Get all the shares for the current user
-	 *
-	 * @param Node|null $path
-	 * @param boolean $reshares
-	 * @return IShare[]
-	 */
-	private function getAllShares(?Node $path = null, bool $reshares = false) {
-		// Get all shares
-		$userShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_USER, $path, $reshares, -1, 0);
-		$groupShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_GROUP, $path, $reshares, -1, 0);
-		$linkShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_LINK, $path, $reshares, -1, 0);
-
-		// EMAIL SHARES
-		$mailShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_EMAIL, $path, $reshares, -1, 0);
-
-		// TEAM SHARES
-		$circleShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_CIRCLE, $path, $reshares, -1, 0);
-
-		// TALK SHARES
-		$roomShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_ROOM, $path, $reshares, -1, 0);
-
-		// DECK SHARES
-		$deckShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_DECK, $path, $reshares, -1, 0);
-
-		// SCIENCEMESH SHARES
-		$sciencemeshShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_SCIENCEMESH, $path, $reshares, -1, 0);
-
-		// FEDERATION
-		if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
-			$federatedShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_REMOTE, $path, $reshares, -1, 0);
-		} else {
-			$federatedShares = [];
-		}
-		if ($this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
-			$federatedGroupShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_REMOTE_GROUP, $path, $reshares, -1, 0);
-		} else {
-			$federatedGroupShares = [];
-		}
-
-		return array_merge($userShares, $groupShares, $linkShares, $mailShares, $circleShares, $roomShares, $deckShares, $sciencemeshShares, $federatedShares, $federatedGroupShares);
-	}
-
-
-	/**
-	 * merging already formatted shares.
-	 * We'll make an associative array to easily detect duplicate Ids.
-	 * Keys _needs_ to be removed after all shares are retrieved and merged.
-	 *
-	 * @param array $shares
-	 * @param array $newShares
-	 */
-	private function mergeFormattedShares(array &$shares, array $newShares) {
-		foreach ($newShares as $newShare) {
-			if (!array_key_exists($newShare['id'], $shares)) {
-				$shares[$newShare['id']] = $newShare;
-			}
-		}
-	}
-
-	/**
-	 * @param IShare $share
-	 * @param string|null $attributesString
-	 * @return IShare modified share
-	 */
-	private function setShareAttributes(IShare $share, ?string $attributesString) {
-		$newShareAttributes = null;
-		if ($attributesString !== null) {
-			$newShareAttributes = $this->shareManager->newShare()->newAttributes();
-			$formattedShareAttributes = \json_decode($attributesString, true);
-			if (is_array($formattedShareAttributes)) {
-				foreach ($formattedShareAttributes as $formattedAttr) {
-					$newShareAttributes->setAttribute(
-						$formattedAttr['scope'],
-						$formattedAttr['key'],
-						$formattedAttr['value'],
-					);
-				}
-			} else {
-				throw new OCSBadRequestException($this->l->t('Invalid share attributes provided: "%s"', [$attributesString]));
-			}
-		}
-		$share->setAttributes($newShareAttributes);
-
-		return $share;
-	}
-
-	private function checkInheritedAttributes(IShare $share): void {
-		if (!$share->getSharedBy()) {
-			return; // Probably in a test
-		}
-
-		$canDownload = false;
-		$hideDownload = true;
-
-		$userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
-		$nodes = $userFolder->getById($share->getNodeId());
-		foreach ($nodes as $node) {
-			// Owner always can download it - so allow it and break
-			if ($node->getOwner()?->getUID() === $share->getSharedBy()) {
-				$canDownload = true;
-				$hideDownload = false;
-				break;
-			}
-
-			if ($node->getStorage()->instanceOfStorage(SharedStorage::class)) {
-				$storage = $node->getStorage();
-				if ($storage instanceof Wrapper) {
-					$storage = $storage->getInstanceOfStorage(SharedStorage::class);
-					if ($storage === null) {
-						throw new \RuntimeException('Should not happen, instanceOfStorage but getInstanceOfStorage return null');
-					}
-				} else {
-					throw new \RuntimeException('Should not happen, instanceOfStorage but not a wrapper');
-				}
-
-				/** @var SharedStorage $storage */
-				$originalShare = $storage->getShare();
-				$inheritedAttributes = $originalShare->getAttributes();
-				// hide if hidden and also the current share enforces hide (can only be false if one share is false or user is owner)
-				$hideDownload = $hideDownload && $originalShare->getHideDownload();
-				// allow download if already allowed by previous share or when the current share allows downloading
-				$canDownload = $canDownload || $inheritedAttributes === null || $inheritedAttributes->getAttribute('permissions', 'download') !== false;
-			} elseif ($node->getStorage()->instanceOfStorage(Storage::class)) {
-				$canDownload = true; // in case of federation storage, we can expect the download to be activated by default
-			}
-		}
-
-		if ($hideDownload || !$canDownload) {
-			$share->setHideDownload(true);
-
-			if (!$canDownload) {
-				$attributes = $share->getAttributes() ?? $share->newAttributes();
-				$attributes->setAttribute('permissions', 'download', false);
-				$share->setAttributes($attributes);
-			}
-		}
-	}
-
-	/**
-	 * Send a mail notification again for a share.
-	 * The mail_send option must be enabled for the given share.
-	 * @param string $id the share ID
-	 * @param string $password the password to check against. Necessary for password protected shares.
-	 * @throws OCSNotFoundException Share not found
-	 * @throws OCSForbiddenException You are not allowed to send mail notifications
-	 * @throws OCSBadRequestException Invalid request or wrong password
-	 * @throws OCSException Error while sending mail notification
-	 * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
-	 *
-	 * 200: The email notification was sent successfully
-	 */
-	#[NoAdminRequired]
-	#[UserRateLimit(limit: 10, period: 600)]
-	public function sendShareEmail(string $id, $password = ''): DataResponse {
-		try {
-			$share = $this->getShareById($id);
-
-			if (!$this->canAccessShare($share, false)) {
-				throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
-			}
-
-			if (!$this->canEditShare($share)) {
-				throw new OCSForbiddenException($this->l->t('You are not allowed to send mail notifications'));
-			}
-
-			// For mail and link shares, the user must be
-			// the owner of the share, not only the file owner.
-			if ($share->getShareType() === IShare::TYPE_EMAIL
-				|| $share->getShareType() === IShare::TYPE_LINK) {
-				if ($share->getSharedBy() !== $this->userId) {
-					throw new OCSForbiddenException($this->l->t('You are not allowed to send mail notifications'));
-				}
-			}
-
-			try {
-				$provider = $this->factory->getProviderForType($share->getShareType());
-				if (!($provider instanceof IShareProviderWithNotification)) {
-					throw new OCSBadRequestException($this->l->t('No mail notification configured for this share type'));
-				}
-
-				// Circumvent the password encrypted data by
-				// setting the password clear. We're not storing
-				// the password clear, it is just a temporary
-				// object manipulation. The password will stay
-				// encrypted in the database.
-				if ($share->getPassword() !== null && $share->getPassword() !== $password) {
-					if (!$this->shareManager->checkPassword($share, $password)) {
-						throw new OCSBadRequestException($this->l->t('Wrong password'));
-					}
-					$share = $share->setPassword($password);
-				}
-
-				$provider->sendMailNotification($share);
-				return new DataResponse();
-			} catch (Exception $e) {
-				$this->logger->error($e->getMessage(), ['exception' => $e]);
-				throw new OCSException($this->l->t('Error while sending mail notification'));
-			}
-
-		} catch (ShareNotFound $e) {
-			throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
-		}
-	}
-
-	/**
-	 * Get a unique share token
-	 *
-	 * @throws OCSException Failed to generate a unique token
-	 *
-	 * @return DataResponse<Http::STATUS_OK, array{token: string}, array{}>
-	 *
-	 * 200: Token generated successfully
-	 */
-	#[ApiRoute(verb: 'GET', url: '/api/v1/token')]
-	#[NoAdminRequired]
-	public function generateToken(): DataResponse {
-		try {
-			$token = $this->shareManager->generateToken();
-			return new DataResponse([
-				'token' => $token,
-			]);
-		} catch (ShareTokenException $e) {
-			throw new OCSException($this->l->t('Failed to generate a unique token'));
-		}
-	}
-
-	/**
-	 * Populate the result set with file tags
-	 *
-	 * @psalm-template T of array{tags?: list<string>, file_source: int, ...array<string, mixed>}
-	 * @param list<T> $fileList
-	 * @return list<T> file list populated with tags
-	 */
-	private function populateTags(array $fileList): array {
-		$tagger = $this->tagManager->load('files');
-		$tags = $tagger->getTagsForObjects(array_map(static fn (array $fileData) => $fileData['file_source'], $fileList));
-
-		if (!is_array($tags)) {
-			throw new \UnexpectedValueException('$tags must be an array');
-		}
-
-		// Set empty tag array
-		foreach ($fileList as &$fileData) {
-			$fileData['tags'] = [];
-		}
-		unset($fileData);
-
-		if (!empty($tags)) {
-			foreach ($tags as $fileId => $fileTags) {
-				foreach ($fileList as &$fileData) {
-					if ($fileId !== $fileData['file_source']) {
-						continue;
-					}
-
-					$fileData['tags'] = $fileTags;
-				}
-				unset($fileData);
-			}
-		}
-
-		return $fileList;
-	}
+                continue;
+            }
+
+            if (in_array($share->getId(), $known)
+                || ($share->getSharedWith() === $this->userId && $share->getShareType() === IShare::TYPE_USER)) {
+                continue;
+            }
+
+            $known[] = $share->getId();
+            try {
+                /** @var IShare $share */
+                $format = $this->formatShare($share, $node);
+                $formatted[] = $format;
+
+                // let's also build a list of shares created
+                // by the current user only, in case
+                // there is no resharing rights
+                if ($share->getSharedBy() === $this->userId) {
+                    $miniFormatted[] = $format;
+                }
+
+                // check if one of those share is shared with me
+                // and if I have resharing rights on it
+                if (!$resharingRight && $this->shareProviderResharingRights($this->userId, $share, $node)) {
+                    $resharingRight = true;
+                }
+            } catch (InvalidPathException|NotFoundException $e) {
+            }
+        }
+
+        if (!$resharingRight) {
+            $formatted = $miniFormatted;
+        }
+
+        // fix eventual missing display name from federated shares
+        $formatted = $this->fixMissingDisplayName($formatted);
+
+        if ($includeTags) {
+            $formatted = $this->populateTags($formatted);
+        }
+
+        return $formatted;
+    }
+
+
+    /**
+     * Get all shares relative to a file, including parent folders shares rights
+     *
+     * @param string $path Path all shares will be relative to
+     *
+     * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
+     * @throws InvalidPathException
+     * @throws NotFoundException
+     * @throws OCSNotFoundException The given path is invalid
+     * @throws SharingRightsException
+     *
+     * 200: Shares returned
+     */
+    #[NoAdminRequired]
+    public function getInheritedShares(string $path): DataResponse {
+        // get Node from (string) path.
+        $userFolder = $this->rootFolder->getUserFolder($this->userId);
+        try {
+            $node = $userFolder->get($path);
+            $this->lock($node);
+        } catch (NotFoundException $e) {
+            throw new OCSNotFoundException($this->l->t('Wrong path, file/folder does not exist'));
+        } catch (LockedException $e) {
+            throw new OCSNotFoundException($this->l->t('Could not lock path'));
+        }
+
+        if (!($node->getPermissions() & Constants::PERMISSION_SHARE)) {
+            throw new SharingRightsException($this->l->t('no sharing rights on this item'));
+        }
+
+        // The current top parent we have access to
+        $parent = $node;
+
+        // initiate real owner.
+        $owner = $node->getOwner()
+            ->getUID();
+        if (!$this->userManager->userExists($owner)) {
+            return new DataResponse([]);
+        }
+
+        // get node based on the owner, fix owner in case of external storage
+        $userFolder = $this->rootFolder->getUserFolder($owner);
+        if ($node->getId() !== $userFolder->getId() && !$userFolder->isSubNode($node)) {
+            $owner = $node->getOwner()
+                ->getUID();
+            $userFolder = $this->rootFolder->getUserFolder($owner);
+            $node = $userFolder->getFirstNodeById($node->getId());
+        }
+        $basePath = $userFolder->getPath();
+
+        // generate node list for each parent folders
+        /** @var Node[] $nodes */
+        $nodes = [];
+        while (true) {
+            $node = $node->getParent();
+            if ($node->getPath() === $basePath) {
+                break;
+            }
+            $nodes[] = $node;
+        }
+
+        // The user that is requesting this list
+        $currentUserFolder = $this->rootFolder->getUserFolder($this->userId);
+
+        // for each nodes, retrieve shares.
+        $shares = [];
+
+        foreach ($nodes as $node) {
+            $getShares = $this->getFormattedShares($owner, $node, false, true);
+
+            $currentUserNode = $currentUserFolder->getFirstNodeById($node->getId());
+            if ($currentUserNode) {
+                $parent = $currentUserNode;
+            }
+
+            $subPath = $currentUserFolder->getRelativePath($parent->getPath());
+            foreach ($getShares as &$share) {
+                $share['via_fileid'] = $parent->getId();
+                $share['via_path'] = $subPath;
+            }
+            $this->mergeFormattedShares($shares, $getShares);
+        }
+
+        return new DataResponse(array_values($shares));
+    }
+
+    /**
+     * Check whether a set of permissions contains the permissions to check.
+     */
+    private function hasPermission(int $permissionsSet, int $permissionsToCheck): bool {
+        return ($permissionsSet & $permissionsToCheck) === $permissionsToCheck;
+    }
+
+    /**
+     * Update a share
+     *
+     * @param string $id ID of the share
+     * @param int|null $permissions New permissions
+     * @param string|null $password New password
+     * @param string|null $sendPasswordByTalk New condition if the password should be send over Talk
+     * @param string|null $publicUpload New condition if public uploading is allowed
+     * @param string|null $expireDate New expiry date
+     * @param string|null $note New note
+     * @param string|null $label New label
+     * @param string|null $hideDownload New condition if the download should be hidden
+     * @param string|null $attributes New additional attributes
+     * @param string|null $sendMail if the share should be send by mail.
+     *                              Considering the share already exists, no mail will be send after the share is updated.
+     *                              You will have to use the sendMail action to send the mail.
+     * @param string|null $shareWith New recipient for email shares
+     * @param string|null $token New token
+     * @return DataResponse<Http::STATUS_OK, Files_SharingShare, array{}>
+     * @throws OCSBadRequestException Share could not be updated because the requested changes are invalid
+     * @throws OCSForbiddenException Missing permissions to update the share
+     * @throws OCSNotFoundException Share not found
+     *
+     * 200: Share updated successfully
+     */
+    #[NoAdminRequired]
+    public function updateShare(
+        string $id,
+        ?int $permissions = null,
+        ?string $password = null,
+        ?string $sendPasswordByTalk = null,
+        ?string $publicUpload = null,
+        ?string $expireDate = null,
+        ?string $note = null,
+        ?string $label = null,
+        ?string $hideDownload = null,
+        ?string $attributes = null,
+        ?string $sendMail = null,
+        ?string $token = null,
+    ): DataResponse {
+        try {
+            $share = $this->getShareById($id);
+        } catch (ShareNotFound $e) {
+            throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
+        }
+
+        $this->lock($share->getNode());
+
+        if (!$this->canAccessShare($share, false)) {
+            throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
+        }
+
+        if (!$this->canEditShare($share)) {
+            throw new OCSForbiddenException($this->l->t('You are not allowed to edit incoming shares'));
+        }
+
+        if (
+            $permissions === null
+            && $password === null
+            && $sendPasswordByTalk === null
+            && $publicUpload === null
+            && $expireDate === null
+            && $note === null
+            && $label === null
+            && $hideDownload === null
+            && $attributes === null
+            && $sendMail === null
+            && $token === null
+        ) {
+            throw new OCSBadRequestException($this->l->t('Wrong or no update parameter given'));
+        }
+
+        if ($note !== null) {
+            $share->setNote($note);
+        }
+
+        if ($attributes !== null) {
+            $share = $this->setShareAttributes($share, $attributes);
+        }
+
+        // Handle mail send
+        if ($sendMail === 'true' || $sendMail === 'false') {
+            $share->setMailSend($sendMail === 'true');
+        }
+
+        /**
+         * expiration date, password and publicUpload only make sense for link shares
+         */
+        if ($share->getShareType() === IShare::TYPE_LINK
+            || $share->getShareType() === IShare::TYPE_EMAIL) {
+
+            // Update hide download state
+            if ($hideDownload === 'true') {
+                $share->setHideDownload(true);
+            } elseif ($hideDownload === 'false') {
+                $share->setHideDownload(false);
+            }
+
+            // If either manual permissions are specified or publicUpload
+            // then we need to also update the permissions of the share
+            if ($permissions !== null || $publicUpload !== null) {
+                $hasPublicUpload = $this->getLegacyPublicUpload($publicUpload);
+                $permissions = $this->getLinkSharePermissions($permissions ?? Constants::PERMISSION_READ, $hasPublicUpload);
+                $this->validateLinkSharePermissions($share->getNode(), $permissions, $hasPublicUpload);
+                $share->setPermissions($permissions);
+            }
+
+            if ($password === '') {
+                $share->setPassword(null);
+            } elseif ($password !== null) {
+                $share->setPassword($password);
+            }
+
+            if ($label !== null) {
+                if (strlen($label) > 255) {
+                    throw new OCSBadRequestException('Maximum label length is 255');
+                }
+                $share->setLabel($label);
+            }
+
+            if ($sendPasswordByTalk === 'true') {
+                if (!$this->appManager->isEnabledForUser('spreed')) {
+                    throw new OCSForbiddenException($this->l->t('"Sending the password by Nextcloud Talk" for sharing a file or folder failed because Nextcloud Talk is not enabled.'));
+                }
+
+                $share->setSendPasswordByTalk(true);
+            } elseif ($sendPasswordByTalk !== null) {
+                $share->setSendPasswordByTalk(false);
+            }
+
+            if ($token !== null) {
+                if (!$this->shareManager->allowCustomTokens()) {
+                    throw new OCSForbiddenException($this->l->t('Custom share link tokens have been disabled by the administrator'));
+                }
+                if (!$this->validateToken($token)) {
+                    throw new OCSBadRequestException($this->l->t('Tokens must contain at least 1 character and may only contain letters, numbers, or a hyphen'));
+                }
+                $share->setToken($token);
+            }
+        }
+
+        // NOT A LINK SHARE
+        else {
+            if ($permissions !== null) {
+                $share->setPermissions($permissions);
+            }
+        }
+
+        if ($expireDate === '') {
+            $share->setExpirationDate(null);
+        } elseif ($expireDate !== null) {
+            try {
+                $expireDateTime = $this->parseDate($expireDate);
+                $share->setExpirationDate($expireDateTime);
+            } catch (\Exception $e) {
+                throw new OCSBadRequestException($e->getMessage(), $e);
+            }
+        }
+
+        try {
+            $this->checkInheritedAttributes($share);
+            $share = $this->shareManager->updateShare($share);
+        } catch (HintException $e) {
+            $code = $e->getCode() === 0 ? 403 : $e->getCode();
+            throw new OCSException($e->getHint(), (int)$code);
+        } catch (\Exception $e) {
+            $this->logger->error($e->getMessage(), ['exception' => $e]);
+            throw new OCSBadRequestException('Failed to update share.', $e);
+        }
+
+        return new DataResponse($this->formatShare($share));
+    }
+
+    private function validateToken(string $token): bool {
+        if (mb_strlen($token) === 0) {
+            return false;
+        }
+        if (!preg_match('/^[a-z0-9-]+$/i', $token)) {
+            return false;
+        }
+        return true;
+    }
+
+    /**
+     * Get all shares that are still pending
+     *
+     * @return DataResponse<Http::STATUS_OK, list<Files_SharingShare>, array{}>
+     *
+     * 200: Pending shares returned
+     */
+    #[NoAdminRequired]
+    public function pendingShares(): DataResponse {
+        $pendingShares = [];
+
+        $shareTypes = [
+            IShare::TYPE_USER,
+            IShare::TYPE_GROUP
+        ];
+
+        foreach ($shareTypes as $shareType) {
+            $shares = $this->shareManager->getSharedWith($this->userId, $shareType, null, -1, 0);
+
+            foreach ($shares as $share) {
+                if ($share->getStatus() === IShare::STATUS_PENDING || $share->getStatus() === IShare::STATUS_REJECTED) {
+                    $pendingShares[] = $share;
+                }
+            }
+        }
+
+        $result = array_values(array_filter(array_map(function (IShare $share) {
+            $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
+            $node = $userFolder->getFirstNodeById($share->getNodeId());
+            if (!$node) {
+                // fallback to guessing the path
+                $node = $userFolder->get($share->getTarget());
+                if ($node === null || $share->getTarget() === '') {
+                    return null;
+                }
+            }
+
+            try {
+                $formattedShare = $this->formatShare($share, $node);
+                $formattedShare['path'] = '/' . $share->getNode()->getName();
+                $formattedShare['permissions'] = 0;
+                return $formattedShare;
+            } catch (NotFoundException $e) {
+                return null;
+            }
+        }, $pendingShares), function ($entry) {
+            return $entry !== null;
+        }));
+
+        return new DataResponse($result);
+    }
+
+    /**
+     * Accept a share
+     *
+     * @param string $id ID of the share
+     * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
+     * @throws OCSNotFoundException Share not found
+     * @throws OCSException
+     * @throws OCSBadRequestException Share could not be accepted
+     *
+     * 200: Share accepted successfully
+     */
+    #[NoAdminRequired]
+    public function acceptShare(string $id): DataResponse {
+        try {
+            $share = $this->getShareById($id);
+        } catch (ShareNotFound $e) {
+            throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
+        }
+
+        if (!$this->canAccessShare($share)) {
+            throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
+        }
+
+        try {
+            $this->shareManager->acceptShare($share, $this->userId);
+        } catch (HintException $e) {
+            $code = $e->getCode() === 0 ? 403 : $e->getCode();
+            throw new OCSException($e->getHint(), (int)$code);
+        } catch (\Exception $e) {
+            $this->logger->error($e->getMessage(), ['exception' => $e]);
+            throw new OCSBadRequestException('Failed to accept share.', $e);
+        }
+
+        return new DataResponse();
+    }
+
+    /**
+     * Does the user have read permission on the share
+     *
+     * @param IShare $share the share to check
+     * @param boolean $checkGroups check groups as well?
+     * @return boolean
+     * @throws NotFoundException
+     *
+     * @suppress PhanUndeclaredClassMethod
+     */
+    protected function canAccessShare(IShare $share, bool $checkGroups = true): bool {
+        // A file with permissions 0 can't be accessed by us. So Don't show it
+        if ($share->getPermissions() === 0) {
+            return false;
+        }
+
+        // Owner of the file and the sharer of the file can always get share
+        if ($share->getShareOwner() === $this->userId
+            || $share->getSharedBy() === $this->userId) {
+            return true;
+        }
+
+        // If the share is shared with you, you can access it!
+        if ($share->getShareType() === IShare::TYPE_USER
+            && $share->getSharedWith() === $this->userId) {
+            return true;
+        }
+
+        // Have reshare rights on the shared file/folder ?
+        // Does the currentUser have access to the shared file?
+        $userFolder = $this->rootFolder->getUserFolder($this->userId);
+        $file = $userFolder->getFirstNodeById($share->getNodeId());
+        if ($file && $this->shareProviderResharingRights($this->userId, $share, $file)) {
+            return true;
+        }
+
+        // If in the recipient group, you can see the share
+        if ($checkGroups && $share->getShareType() === IShare::TYPE_GROUP) {
+            $sharedWith = $this->groupManager->get($share->getSharedWith());
+            $user = $this->userManager->get($this->userId);
+            if ($user !== null && $sharedWith !== null && $sharedWith->inGroup($user)) {
+                return true;
+            }
+        }
+
+        if ($share->getShareType() === IShare::TYPE_CIRCLE) {
+            // TODO: have a sanity check like above?
+            return true;
+        }
+
+        if ($share->getShareType() === IShare::TYPE_ROOM) {
+            try {
+                return $this->getRoomShareHelper()->canAccessShare($share, $this->userId);
+            } catch (ContainerExceptionInterface $e) {
+                return false;
+            }
+        }
+
+        if ($share->getShareType() === IShare::TYPE_DECK) {
+            try {
+                return $this->getDeckShareHelper()->canAccessShare($share, $this->userId);
+            } catch (ContainerExceptionInterface $e) {
+                return false;
+            }
+        }
+
+        if ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
+            try {
+                return $this->getSciencemeshShareHelper()->canAccessShare($share, $this->userId);
+            } catch (ContainerExceptionInterface $e) {
+                return false;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Does the user have edit permission on the share
+     *
+     * @param IShare $share the share to check
+     * @return boolean
+     */
+    protected function canEditShare(IShare $share): bool {
+        // A file with permissions 0 can't be accessed by us. So Don't show it
+        if ($share->getPermissions() === 0) {
+            return false;
+        }
+
+        // The owner of the file and the creator of the share
+        // can always edit the share
+        if ($share->getShareOwner() === $this->userId
+            || $share->getSharedBy() === $this->userId
+        ) {
+            return true;
+        }
+
+        $userFolder = $this->rootFolder->getUserFolder($this->userId);
+        $file = $userFolder->getFirstNodeById($share->getNodeId());
+        if ($file?->getMountPoint() instanceof IShareOwnerlessMount && $this->shareProviderResharingRights($this->userId, $share, $file)) {
+            return true;
+        }
+
+        //! we do NOT support some kind of `admin` in groups.
+        //! You cannot edit shares shared to a group you're
+        //! a member of if you're not the share owner or the file owner!
+
+        return false;
+    }
+
+    /**
+     * Does the user have delete permission on the share
+     *
+     * @param IShare $share the share to check
+     * @return boolean
+     */
+    protected function canDeleteShare(IShare $share): bool {
+        // A file with permissions 0 can't be accessed by us. So Don't show it
+        if ($share->getPermissions() === 0) {
+            return false;
+        }
+
+        // if the user is the recipient, i can unshare
+        // the share with self
+        if ($share->getShareType() === IShare::TYPE_USER
+            && $share->getSharedWith() === $this->userId
+        ) {
+            return true;
+        }
+
+        // The owner of the file and the creator of the share
+        // can always delete the share
+        if ($share->getShareOwner() === $this->userId
+            || $share->getSharedBy() === $this->userId
+        ) {
+            return true;
+        }
+
+        $userFolder = $this->rootFolder->getUserFolder($this->userId);
+        $file = $userFolder->getFirstNodeById($share->getNodeId());
+        if ($file?->getMountPoint() instanceof IShareOwnerlessMount && $this->shareProviderResharingRights($this->userId, $share, $file)) {
+            return true;
+        }
+
+        return false;
+    }
+
+    /**
+     * Does the user have delete permission on the share
+     * This differs from the canDeleteShare function as it only
+     * remove the share for the current user. It does NOT
+     * completely delete the share but only the mount point.
+     * It can then be restored from the deleted shares section.
+     *
+     * @param IShare $share the share to check
+     * @return boolean
+     *
+     * @suppress PhanUndeclaredClassMethod
+     */
+    protected function canDeleteShareFromSelf(IShare $share): bool {
+        if ($share->getShareType() !== IShare::TYPE_GROUP
+            && $share->getShareType() !== IShare::TYPE_ROOM
+            && $share->getShareType() !== IShare::TYPE_DECK
+            && $share->getShareType() !== IShare::TYPE_SCIENCEMESH
+        ) {
+            return false;
+        }
+
+        if ($share->getShareOwner() === $this->userId
+            || $share->getSharedBy() === $this->userId
+        ) {
+            // Delete the whole share, not just for self
+            return false;
+        }
+
+        // If in the recipient group, you can delete the share from self
+        if ($share->getShareType() === IShare::TYPE_GROUP) {
+            $sharedWith = $this->groupManager->get($share->getSharedWith());
+            $user = $this->userManager->get($this->userId);
+            if ($user !== null && $sharedWith !== null && $sharedWith->inGroup($user)) {
+                return true;
+            }
+        }
+
+        if ($share->getShareType() === IShare::TYPE_ROOM) {
+            try {
+                return $this->getRoomShareHelper()->canAccessShare($share, $this->userId);
+            } catch (ContainerExceptionInterface $e) {
+                return false;
+            }
+        }
+
+        if ($share->getShareType() === IShare::TYPE_DECK) {
+            try {
+                return $this->getDeckShareHelper()->canAccessShare($share, $this->userId);
+            } catch (ContainerExceptionInterface $e) {
+                return false;
+            }
+        }
+
+        if ($share->getShareType() === IShare::TYPE_SCIENCEMESH) {
+            try {
+                return $this->getSciencemeshShareHelper()->canAccessShare($share, $this->userId);
+            } catch (ContainerExceptionInterface $e) {
+                return false;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Make sure that the passed date is valid ISO 8601
+     * So YYYY-MM-DD
+     * If not throw an exception
+     *
+     * @param string $expireDate
+     *
+     * @throws \Exception
+     * @return \DateTime
+     */
+    private function parseDate(string $expireDate): \DateTime {
+        try {
+            $date = new \DateTime(trim($expireDate, '"'), $this->dateTimeZone->getTimeZone());
+            // Make sure it expires at midnight in owner timezone
+            $date->setTime(0, 0, 0);
+        } catch (\Exception $e) {
+            throw new \Exception($this->l->t('Invalid date. Format must be YYYY-MM-DD'));
+        }
+
+        return $date;
+    }
+
+    /**
+     * Since we have multiple providers but the OCS Share API v1 does
+     * not support this we need to check all backends.
+     *
+     * @param string $id
+     * @return IShare
+     * @throws ShareNotFound
+     */
+    private function getShareById(string $id): IShare {
+        $share = null;
+
+        // First check if it is an internal share.
+        try {
+            $share = $this->shareManager->getShareById('ocinternal:' . $id, $this->userId);
+            return $share;
+        } catch (ShareNotFound $e) {
+            // Do nothing, just try the other share type
+        }
+
+
+        try {
+            if ($this->shareManager->shareProviderExists(IShare::TYPE_CIRCLE)) {
+                $share = $this->shareManager->getShareById('ocCircleShare:' . $id, $this->userId);
+                return $share;
+            }
+        } catch (ShareNotFound $e) {
+            // Do nothing, just try the other share type
+        }
+
+        try {
+            if ($this->shareManager->shareProviderExists(IShare::TYPE_EMAIL)) {
+                $share = $this->shareManager->getShareById('ocMailShare:' . $id, $this->userId);
+                return $share;
+            }
+        } catch (ShareNotFound $e) {
+            // Do nothing, just try the other share type
+        }
+
+        try {
+            $share = $this->shareManager->getShareById('ocRoomShare:' . $id, $this->userId);
+            return $share;
+        } catch (ShareNotFound $e) {
+            // Do nothing, just try the other share type
+        }
+
+        try {
+            if ($this->shareManager->shareProviderExists(IShare::TYPE_DECK)) {
+                $share = $this->shareManager->getShareById('deck:' . $id, $this->userId);
+                return $share;
+            }
+        } catch (ShareNotFound $e) {
+            // Do nothing, just try the other share type
+        }
+
+        try {
+            if ($this->shareManager->shareProviderExists(IShare::TYPE_SCIENCEMESH)) {
+                $share = $this->shareManager->getShareById('sciencemesh:' . $id, $this->userId);
+                return $share;
+            }
+        } catch (ShareNotFound $e) {
+            // Do nothing, just try the other share type
+        }
+
+        if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
+            throw new ShareNotFound();
+        }
+        $share = $this->shareManager->getShareById('ocFederatedSharing:' . $id, $this->userId);
+
+        return $share;
+    }
+
+    /**
+     * Lock a Node
+     *
+     * @param Node $node
+     * @throws LockedException
+     */
+    private function lock(Node $node) {
+        $node->lock(ILockingProvider::LOCK_SHARED);
+        $this->lockedNode = $node;
+    }
+
+    /**
+     * Cleanup the remaining locks
+     * @throws LockedException
+     */
+    public function cleanup() {
+        if ($this->lockedNode !== null) {
+            $this->lockedNode->unlock(ILockingProvider::LOCK_SHARED);
+        }
+    }
+
+    /**
+     * Returns the helper of ShareAPIController for room shares.
+     *
+     * If the Talk application is not enabled or the helper is not available
+     * a ContainerExceptionInterface is thrown instead.
+     *
+     * @return \OCA\Talk\Share\Helper\ShareAPIController
+     * @throws ContainerExceptionInterface
+     */
+    private function getRoomShareHelper() {
+        if (!$this->appManager->isEnabledForUser('spreed')) {
+            throw new QueryException();
+        }
+
+        return $this->serverContainer->get('\OCA\Talk\Share\Helper\ShareAPIController');
+    }
+
+    /**
+     * Returns the helper of ShareAPIHelper for deck shares.
+     *
+     * If the Deck application is not enabled or the helper is not available
+     * a ContainerExceptionInterface is thrown instead.
+     *
+     * @return ShareAPIHelper
+     * @throws ContainerExceptionInterface
+     */
+    private function getDeckShareHelper() {
+        if (!$this->appManager->isEnabledForUser('deck')) {
+            throw new QueryException();
+        }
+
+        return $this->serverContainer->get('\OCA\Deck\Sharing\ShareAPIHelper');
+    }
+
+    /**
+     * Returns the helper of ShareAPIHelper for sciencemesh shares.
+     *
+     * If the sciencemesh application is not enabled or the helper is not available
+     * a ContainerExceptionInterface is thrown instead.
+     *
+     * @return ShareAPIHelper
+     * @throws ContainerExceptionInterface
+     */
+    private function getSciencemeshShareHelper() {
+        if (!$this->appManager->isEnabledForUser('sciencemesh')) {
+            throw new QueryException();
+        }
+
+        return $this->serverContainer->get('\OCA\ScienceMesh\Sharing\ShareAPIHelper');
+    }
+
+    /**
+     * @param string $viewer
+     * @param Node $node
+     * @param bool $reShares
+     *
+     * @return IShare[]
+     */
+    private function getSharesFromNode(string $viewer, $node, bool $reShares): array {
+        $providers = [
+            IShare::TYPE_USER,
+            IShare::TYPE_GROUP,
+            IShare::TYPE_LINK,
+            IShare::TYPE_EMAIL,
+            IShare::TYPE_CIRCLE,
+            IShare::TYPE_ROOM,
+            IShare::TYPE_DECK,
+            IShare::TYPE_SCIENCEMESH
+        ];
+
+        // Should we assume that the (currentUser) viewer is the owner of the node !?
+        $shares = [];
+        foreach ($providers as $provider) {
+            if (!$this->shareManager->shareProviderExists($provider)) {
+                continue;
+            }
+
+            $providerShares
+                = $this->shareManager->getSharesBy($viewer, $provider, $node, $reShares, -1, 0);
+            $shares = array_merge($shares, $providerShares);
+        }
+
+        if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
+            $federatedShares = $this->shareManager->getSharesBy(
+                $this->userId, IShare::TYPE_REMOTE, $node, $reShares, -1, 0
+            );
+            $shares = array_merge($shares, $federatedShares);
+        }
+
+        if ($this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
+            $federatedShares = $this->shareManager->getSharesBy(
+                $this->userId, IShare::TYPE_REMOTE_GROUP, $node, $reShares, -1, 0
+            );
+            $shares = array_merge($shares, $federatedShares);
+        }
+
+        return $shares;
+    }
+
+
+    /**
+     * @param Node $node
+     *
+     * @throws SharingRightsException
+     */
+    private function confirmSharingRights(Node $node): void {
+        if (!$this->hasResharingRights($this->userId, $node)) {
+            throw new SharingRightsException($this->l->t('No sharing rights on this item'));
+        }
+    }
+
+
+    /**
+     * @param string $viewer
+     * @param Node $node
+     *
+     * @return bool
+     */
+    private function hasResharingRights($viewer, $node): bool {
+        if ($viewer === $node->getOwner()->getUID()) {
+            return true;
+        }
+
+        foreach ([$node, $node->getParent()] as $node) {
+            $shares = $this->getSharesFromNode($viewer, $node, true);
+            foreach ($shares as $share) {
+                try {
+                    if ($this->shareProviderResharingRights($viewer, $share, $node)) {
+                        return true;
+                    }
+                } catch (InvalidPathException|NotFoundException $e) {
+                }
+            }
+        }
+
+        return false;
+    }
+
+
+    /**
+     * Returns if we can find resharing rights in an IShare object for a specific user.
+     *
+     * @suppress PhanUndeclaredClassMethod
+     *
+     * @param string $userId
+     * @param IShare $share
+     * @param Node $node
+     *
+     * @return bool
+     * @throws NotFoundException
+     * @throws InvalidPathException
+     */
+    private function shareProviderResharingRights(string $userId, IShare $share, $node): bool {
+        if ($share->getShareOwner() === $userId) {
+            return true;
+        }
+
+        // we check that current user have parent resharing rights on the current file
+        if ($node !== null && ($node->getPermissions() & Constants::PERMISSION_SHARE) !== 0) {
+            return true;
+        }
+
+        if ((Constants::PERMISSION_SHARE & $share->getPermissions()) === 0) {
+            return false;
+        }
+
+        if ($share->getShareType() === IShare::TYPE_USER && $share->getSharedWith() === $userId) {
+            return true;
+        }
+
+        if ($share->getShareType() === IShare::TYPE_GROUP && $this->groupManager->isInGroup($userId, $share->getSharedWith())) {
+            return true;
+        }
+
+        if ($share->getShareType() === IShare::TYPE_CIRCLE && Server::get(IAppManager::class)->isEnabledForUser('circles')
+            && class_exists('\OCA\Circles\Api\v1\Circles')) {
+            $hasCircleId = (str_ends_with($share->getSharedWith(), ']'));
+            $shareWithStart = ($hasCircleId ? strrpos($share->getSharedWith(), '[') + 1 : 0);
+            $shareWithLength = ($hasCircleId ? -1 : strpos($share->getSharedWith(), ' '));
+            if ($shareWithLength === false) {
+                $sharedWith = substr($share->getSharedWith(), $shareWithStart);
+            } else {
+                $sharedWith = substr($share->getSharedWith(), $shareWithStart, $shareWithLength);
+            }
+            try {
+                $member = Circles::getMember($sharedWith, $userId, 1);
+                if ($member->getLevel() >= 4) {
+                    return true;
+                }
+                return false;
+            } catch (ContainerExceptionInterface $e) {
+                return false;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * Get all the shares for the current user
+     *
+     * @param Node|null $path
+     * @param boolean $reshares
+     * @return IShare[]
+     */
+    private function getAllShares(?Node $path = null, bool $reshares = false) {
+        // Get all shares
+        $userShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_USER, $path, $reshares, -1, 0);
+        $groupShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_GROUP, $path, $reshares, -1, 0);
+        $linkShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_LINK, $path, $reshares, -1, 0);
+
+        // EMAIL SHARES
+        $mailShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_EMAIL, $path, $reshares, -1, 0);
+
+        // TEAM SHARES
+        $circleShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_CIRCLE, $path, $reshares, -1, 0);
+
+        // TALK SHARES
+        $roomShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_ROOM, $path, $reshares, -1, 0);
+
+        // DECK SHARES
+        $deckShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_DECK, $path, $reshares, -1, 0);
+
+        // SCIENCEMESH SHARES
+        $sciencemeshShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_SCIENCEMESH, $path, $reshares, -1, 0);
+
+        // FEDERATION
+        if ($this->shareManager->outgoingServer2ServerSharesAllowed()) {
+            $federatedShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_REMOTE, $path, $reshares, -1, 0);
+        } else {
+            $federatedShares = [];
+        }
+        if ($this->shareManager->outgoingServer2ServerGroupSharesAllowed()) {
+            $federatedGroupShares = $this->shareManager->getSharesBy($this->userId, IShare::TYPE_REMOTE_GROUP, $path, $reshares, -1, 0);
+        } else {
+            $federatedGroupShares = [];
+        }
+
+        return array_merge($userShares, $groupShares, $linkShares, $mailShares, $circleShares, $roomShares, $deckShares, $sciencemeshShares, $federatedShares, $federatedGroupShares);
+    }
+
+
+    /**
+     * merging already formatted shares.
+     * We'll make an associative array to easily detect duplicate Ids.
+     * Keys _needs_ to be removed after all shares are retrieved and merged.
+     *
+     * @param array $shares
+     * @param array $newShares
+     */
+    private function mergeFormattedShares(array &$shares, array $newShares) {
+        foreach ($newShares as $newShare) {
+            if (!array_key_exists($newShare['id'], $shares)) {
+                $shares[$newShare['id']] = $newShare;
+            }
+        }
+    }
+
+    /**
+     * @param IShare $share
+     * @param string|null $attributesString
+     * @return IShare modified share
+     */
+    private function setShareAttributes(IShare $share, ?string $attributesString) {
+        $newShareAttributes = null;
+        if ($attributesString !== null) {
+            $newShareAttributes = $this->shareManager->newShare()->newAttributes();
+            $formattedShareAttributes = \json_decode($attributesString, true);
+            if (is_array($formattedShareAttributes)) {
+                foreach ($formattedShareAttributes as $formattedAttr) {
+                    $newShareAttributes->setAttribute(
+                        $formattedAttr['scope'],
+                        $formattedAttr['key'],
+                        $formattedAttr['value'],
+                    );
+                }
+            } else {
+                throw new OCSBadRequestException($this->l->t('Invalid share attributes provided: "%s"', [$attributesString]));
+            }
+        }
+        $share->setAttributes($newShareAttributes);
+
+        return $share;
+    }
+
+    private function checkInheritedAttributes(IShare $share): void {
+        if (!$share->getSharedBy()) {
+            return; // Probably in a test
+        }
+
+        $canDownload = false;
+        $hideDownload = true;
+
+        $userFolder = $this->rootFolder->getUserFolder($share->getSharedBy());
+        $nodes = $userFolder->getById($share->getNodeId());
+        foreach ($nodes as $node) {
+            // Owner always can download it - so allow it and break
+            if ($node->getOwner()?->getUID() === $share->getSharedBy()) {
+                $canDownload = true;
+                $hideDownload = false;
+                break;
+            }
+
+            if ($node->getStorage()->instanceOfStorage(SharedStorage::class)) {
+                $storage = $node->getStorage();
+                if ($storage instanceof Wrapper) {
+                    $storage = $storage->getInstanceOfStorage(SharedStorage::class);
+                    if ($storage === null) {
+                        throw new \RuntimeException('Should not happen, instanceOfStorage but getInstanceOfStorage return null');
+                    }
+                } else {
+                    throw new \RuntimeException('Should not happen, instanceOfStorage but not a wrapper');
+                }
+
+                /** @var SharedStorage $storage */
+                $originalShare = $storage->getShare();
+                $inheritedAttributes = $originalShare->getAttributes();
+                // hide if hidden and also the current share enforces hide (can only be false if one share is false or user is owner)
+                $hideDownload = $hideDownload && $originalShare->getHideDownload();
+                // allow download if already allowed by previous share or when the current share allows downloading
+                $canDownload = $canDownload || $inheritedAttributes === null || $inheritedAttributes->getAttribute('permissions', 'download') !== false;
+            } elseif ($node->getStorage()->instanceOfStorage(Storage::class)) {
+                $canDownload = true; // in case of federation storage, we can expect the download to be activated by default
+            }
+        }
+
+        if ($hideDownload || !$canDownload) {
+            $share->setHideDownload(true);
+
+            if (!$canDownload) {
+                $attributes = $share->getAttributes() ?? $share->newAttributes();
+                $attributes->setAttribute('permissions', 'download', false);
+                $share->setAttributes($attributes);
+            }
+        }
+    }
+
+    /**
+     * Send a mail notification again for a share.
+     * The mail_send option must be enabled for the given share.
+     * @param string $id the share ID
+     * @param string $password the password to check against. Necessary for password protected shares.
+     * @throws OCSNotFoundException Share not found
+     * @throws OCSForbiddenException You are not allowed to send mail notifications
+     * @throws OCSBadRequestException Invalid request or wrong password
+     * @throws OCSException Error while sending mail notification
+     * @return DataResponse<Http::STATUS_OK, list<empty>, array{}>
+     *
+     * 200: The email notification was sent successfully
+     */
+    #[NoAdminRequired]
+    #[UserRateLimit(limit: 10, period: 600)]
+    public function sendShareEmail(string $id, $password = ''): DataResponse {
+        try {
+            $share = $this->getShareById($id);
+
+            if (!$this->canAccessShare($share, false)) {
+                throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
+            }
+
+            if (!$this->canEditShare($share)) {
+                throw new OCSForbiddenException($this->l->t('You are not allowed to send mail notifications'));
+            }
+
+            // For mail and link shares, the user must be
+            // the owner of the share, not only the file owner.
+            if ($share->getShareType() === IShare::TYPE_EMAIL
+                || $share->getShareType() === IShare::TYPE_LINK) {
+                if ($share->getSharedBy() !== $this->userId) {
+                    throw new OCSForbiddenException($this->l->t('You are not allowed to send mail notifications'));
+                }
+            }
+
+            try {
+                $provider = $this->factory->getProviderForType($share->getShareType());
+                if (!($provider instanceof IShareProviderWithNotification)) {
+                    throw new OCSBadRequestException($this->l->t('No mail notification configured for this share type'));
+                }
+
+                // Circumvent the password encrypted data by
+                // setting the password clear. We're not storing
+                // the password clear, it is just a temporary
+                // object manipulation. The password will stay
+                // encrypted in the database.
+                if ($share->getPassword() !== null && $share->getPassword() !== $password) {
+                    if (!$this->shareManager->checkPassword($share, $password)) {
+                        throw new OCSBadRequestException($this->l->t('Wrong password'));
+                    }
+                    $share = $share->setPassword($password);
+                }
+
+                $provider->sendMailNotification($share);
+                return new DataResponse();
+            } catch (Exception $e) {
+                $this->logger->error($e->getMessage(), ['exception' => $e]);
+                throw new OCSException($this->l->t('Error while sending mail notification'));
+            }
+
+        } catch (ShareNotFound $e) {
+            throw new OCSNotFoundException($this->l->t('Wrong share ID, share does not exist'));
+        }
+    }
+
+    /**
+     * Get a unique share token
+     *
+     * @throws OCSException Failed to generate a unique token
+     *
+     * @return DataResponse<Http::STATUS_OK, array{token: string}, array{}>
+     *
+     * 200: Token generated successfully
+     */
+    #[ApiRoute(verb: 'GET', url: '/api/v1/token')]
+    #[NoAdminRequired]
+    public function generateToken(): DataResponse {
+        try {
+            $token = $this->shareManager->generateToken();
+            return new DataResponse([
+                'token' => $token,
+            ]);
+        } catch (ShareTokenException $e) {
+            throw new OCSException($this->l->t('Failed to generate a unique token'));
+        }
+    }
+
+    /**
+     * Populate the result set with file tags
+     *
+     * @psalm-template T of array{tags?: list<string>, file_source: int, ...array<string, mixed>}
+     * @param list<T> $fileList
+     * @return list<T> file list populated with tags
+     */
+    private function populateTags(array $fileList): array {
+        $tagger = $this->tagManager->load('files');
+        $tags = $tagger->getTagsForObjects(array_map(static fn (array $fileData) => $fileData['file_source'], $fileList));
+
+        if (!is_array($tags)) {
+            throw new \UnexpectedValueException('$tags must be an array');
+        }
+
+        // Set empty tag array
+        foreach ($fileList as &$fileData) {
+            $fileData['tags'] = [];
+        }
+        unset($fileData);
+
+        if (!empty($tags)) {
+            foreach ($tags as $fileId => $fileTags) {
+                foreach ($fileList as &$fileData) {
+                    if ($fileId !== $fileData['file_source']) {
+                        continue;
+                    }
+
+                    $fileData['tags'] = $fileTags;
+                }
+                unset($fileData);
+            }
+        }
+
+        return $fileList;
+    }
 }

Please login to merge, or discard this patch.

		@@ -14,25 +14,25 @@
		block discarded – undo
14	14	* Features context.
15	15	*/
16	16	class SharingContext implements Context, SnippetAcceptingContext {
17		- use WebDav;
18		- use Trashbin;
19		- use AppConfiguration;
20		- use CommandLine;
21		- use Activity;
	17	+ use WebDav;
	18	+ use Trashbin;
	19	+ use AppConfiguration;
	20	+ use CommandLine;
	21	+ use Activity;
22	22
23		- protected function resetAppConfigs() {
24		- $this->deleteServerConfig('core', 'shareapi_default_permissions');
25		- $this->deleteServerConfig('core', 'shareapi_default_internal_expire_date');
26		- $this->deleteServerConfig('core', 'shareapi_internal_expire_after_n_days');
27		- $this->deleteServerConfig('core', 'internal_defaultExpDays');
28		- $this->deleteServerConfig('core', 'shareapi_enforce_links_password');
29		- $this->deleteServerConfig('core', 'shareapi_default_expire_date');
30		- $this->deleteServerConfig('core', 'shareapi_expire_after_n_days');
31		- $this->deleteServerConfig('core', 'link_defaultExpDays');
32		- $this->deleteServerConfig('core', 'shareapi_allow_federation_on_public_shares');
33		- $this->deleteServerConfig('files_sharing', 'outgoing_server2server_share_enabled');
34		- $this->deleteServerConfig('core', 'shareapi_allow_view_without_download');
	23	+ protected function resetAppConfigs() {
	24	+ $this->deleteServerConfig('core', 'shareapi_default_permissions');
	25	+ $this->deleteServerConfig('core', 'shareapi_default_internal_expire_date');
	26	+ $this->deleteServerConfig('core', 'shareapi_internal_expire_after_n_days');
	27	+ $this->deleteServerConfig('core', 'internal_defaultExpDays');
	28	+ $this->deleteServerConfig('core', 'shareapi_enforce_links_password');
	29	+ $this->deleteServerConfig('core', 'shareapi_default_expire_date');
	30	+ $this->deleteServerConfig('core', 'shareapi_expire_after_n_days');
	31	+ $this->deleteServerConfig('core', 'link_defaultExpDays');
	32	+ $this->deleteServerConfig('core', 'shareapi_allow_federation_on_public_shares');
	33	+ $this->deleteServerConfig('files_sharing', 'outgoing_server2server_share_enabled');
	34	+ $this->deleteServerConfig('core', 'shareapi_allow_view_without_download');
35	35
36		- $this->runOcc(['config:system:delete', 'share_folder']);
37		- }
	36	+ $this->runOcc(['config:system:delete', 'share_folder']);
	37	+ }
38	38	}

		@@ -28,163 +28,163 @@
		block discarded – undo
28	28	use function in_array;
29	29
30	30	class Coordinator {
31		- /** @var RegistrationContext\|null */
32		- private $registrationContext;
33		-
34		- /** @var array<string,true> */
35		- private array $bootedApps = [];
36		-
37		- public function __construct(
38		- private IServerContainer $serverContainer,
39		- private Registry $registry,
40		- private IManager $dashboardManager,
41		- private IEventDispatcher $eventDispatcher,
42		- private IEventLogger $eventLogger,
43		- private IAppManager $appManager,
44		- private LoggerInterface $logger,
45		- ) {
46		- }
47		-
48		- public function runInitialRegistration(): void {
49		- $apps = OC_App::getEnabledApps();
50		- if (!empty($apps)) {
51		- // make sure to also register the core app
52		- $apps = ['core', ...$apps];
53		- }
54		-
55		- $this->registerApps($apps);
56		- }
57		-
58		- public function runLazyRegistration(string $appId): void {
59		- $this->registerApps([$appId]);
60		- }
61		-
62		- /**
63		- * @param string[] $appIds
64		- */
65		- private function registerApps(array $appIds): void {
66		- $this->eventLogger->start('bootstrap:register_apps', '');
67		- if ($this->registrationContext === null) {
68		- $this->registrationContext = new RegistrationContext($this->logger);
69		- }
70		- $apps = [];
71		- foreach ($appIds as $appId) {
72		- $this->eventLogger->start("bootstrap:register_app:$appId", "Register $appId");
73		- $this->eventLogger->start("bootstrap:register_app:$appId:autoloader", "Setup autoloader for $appId");
74		- /*
	31	+ /** @var RegistrationContext\|null */
	32	+ private $registrationContext;
	33	+
	34	+ /** @var array<string,true> */
	35	+ private array $bootedApps = [];
	36	+
	37	+ public function __construct(
	38	+ private IServerContainer $serverContainer,
	39	+ private Registry $registry,
	40	+ private IManager $dashboardManager,
	41	+ private IEventDispatcher $eventDispatcher,
	42	+ private IEventLogger $eventLogger,
	43	+ private IAppManager $appManager,
	44	+ private LoggerInterface $logger,
	45	+ ) {
	46	+ }
	47	+
	48	+ public function runInitialRegistration(): void {
	49	+ $apps = OC_App::getEnabledApps();
	50	+ if (!empty($apps)) {
	51	+ // make sure to also register the core app
	52	+ $apps = ['core', ...$apps];
	53	+ }
	54	+
	55	+ $this->registerApps($apps);
	56	+ }
	57	+
	58	+ public function runLazyRegistration(string $appId): void {
	59	+ $this->registerApps([$appId]);
	60	+ }
	61	+
	62	+ /**
	63	+ * @param string[] $appIds
	64	+ */
	65	+ private function registerApps(array $appIds): void {
	66	+ $this->eventLogger->start('bootstrap:register_apps', '');
	67	+ if ($this->registrationContext === null) {
	68	+ $this->registrationContext = new RegistrationContext($this->logger);
	69	+ }
	70	+ $apps = [];
	71	+ foreach ($appIds as $appId) {
	72	+ $this->eventLogger->start("bootstrap:register_app:$appId", "Register $appId");
	73	+ $this->eventLogger->start("bootstrap:register_app:$appId:autoloader", "Setup autoloader for $appId");
	74	+ /*
75	75	* First, we have to enable the app's autoloader
76	76	*/
77		- try {
78		- $path = $this->appManager->getAppPath($appId);
79		- OC_App::registerAutoloading($appId, $path);
80		- } catch (AppPathNotFoundException) {
81		- // Ignore
82		- continue;
83		- }
84		- $this->eventLogger->end("bootstrap:register_app:$appId:autoloader");
85		-
86		- /*
	77	+ try {
	78	+ $path = $this->appManager->getAppPath($appId);
	79	+ OC_App::registerAutoloading($appId, $path);
	80	+ } catch (AppPathNotFoundException) {
	81	+ // Ignore
	82	+ continue;
	83	+ }
	84	+ $this->eventLogger->end("bootstrap:register_app:$appId:autoloader");
	85	+
	86	+ /*
87	87	* Next we check if there is an application class, and it implements
88	88	* the \OCP\AppFramework\Bootstrap\IBootstrap interface
89	89	*/
90		- if ($appId === 'core') {
91		- $appNameSpace = 'OC\\Core';
92		- } else {
93		- $appNameSpace = App::buildAppNamespace($appId);
94		- }
95		- $applicationClassName = $appNameSpace . '\\AppInfo\\Application';
96		-
97		- try {
98		- if (class_exists($applicationClassName) && is_a($applicationClassName, IBootstrap::class, true)) {
99		- $this->eventLogger->start("bootstrap:register_app:$appId:application", "Load `Application` instance for $appId");
100		- try {
101		- /** @var IBootstrap&App $application */
102		- $application = $this->serverContainer->query($applicationClassName);
103		- $apps[$appId] = $application;
104		- } catch (ContainerExceptionInterface $e) {
105		- // Weird, but ok
106		- $this->eventLogger->end("bootstrap:register_app:$appId");
107		- continue;
108		- }
109		- $this->eventLogger->end("bootstrap:register_app:$appId:application");
110		-
111		- $this->eventLogger->start("bootstrap:register_app:$appId:register", "`Application::register` for $appId");
112		- $application->register($this->registrationContext->for($appId));
113		- $this->eventLogger->end("bootstrap:register_app:$appId:register");
114		- }
115		- } catch (Throwable $e) {
116		- $this->logger->emergency('Error during app service registration: ' . $e->getMessage(), [
117		- 'exception' => $e,
118		- 'app' => $appId,
119		- ]);
120		- $this->eventLogger->end("bootstrap:register_app:$appId");
121		- continue;
122		- }
123		- $this->eventLogger->end("bootstrap:register_app:$appId");
124		- }
125		-
126		- $this->eventLogger->start('bootstrap:register_apps:apply', 'Apply all the registered service by apps');
127		- /**
128		- * Now that all register methods have been called, we can delegate the registrations
129		- * to the actual services
130		- */
131		- $this->registrationContext->delegateCapabilityRegistrations($apps);
132		- $this->registrationContext->delegateCrashReporterRegistrations($apps, $this->registry);
133		- $this->registrationContext->delegateDashboardPanelRegistrations($this->dashboardManager);
134		- $this->registrationContext->delegateEventListenerRegistrations($this->eventDispatcher);
135		- $this->registrationContext->delegateContainerRegistrations($apps);
136		- $this->eventLogger->end('bootstrap:register_apps:apply');
137		- $this->eventLogger->end('bootstrap:register_apps');
138		- }
139		-
140		- public function getRegistrationContext(): ?RegistrationContext {
141		- return $this->registrationContext;
142		- }
143		-
144		- public function bootApp(string $appId): void {
145		- if (isset($this->bootedApps[$appId])) {
146		- return;
147		- }
148		- $this->bootedApps[$appId] = true;
149		-
150		- $appNameSpace = App::buildAppNamespace($appId);
151		- $applicationClassName = $appNameSpace . '\\AppInfo\\Application';
152		- if (!class_exists($applicationClassName)) {
153		- // Nothing to boot
154		- return;
155		- }
156		-
157		- /*
	90	+ if ($appId === 'core') {
	91	+ $appNameSpace = 'OC\\Core';
	92	+ } else {
	93	+ $appNameSpace = App::buildAppNamespace($appId);
	94	+ }
	95	+ $applicationClassName = $appNameSpace . '\\AppInfo\\Application';
	96	+
	97	+ try {
	98	+ if (class_exists($applicationClassName) && is_a($applicationClassName, IBootstrap::class, true)) {
	99	+ $this->eventLogger->start("bootstrap:register_app:$appId:application", "Load `Application` instance for $appId");
	100	+ try {
	101	+ /** @var IBootstrap&App $application */
	102	+ $application = $this->serverContainer->query($applicationClassName);
	103	+ $apps[$appId] = $application;
	104	+ } catch (ContainerExceptionInterface $e) {
	105	+ // Weird, but ok
	106	+ $this->eventLogger->end("bootstrap:register_app:$appId");
	107	+ continue;
	108	+ }
	109	+ $this->eventLogger->end("bootstrap:register_app:$appId:application");
	110	+
	111	+ $this->eventLogger->start("bootstrap:register_app:$appId:register", "`Application::register` for $appId");
	112	+ $application->register($this->registrationContext->for($appId));
	113	+ $this->eventLogger->end("bootstrap:register_app:$appId:register");
	114	+ }
	115	+ } catch (Throwable $e) {
	116	+ $this->logger->emergency('Error during app service registration: ' . $e->getMessage(), [
	117	+ 'exception' => $e,
	118	+ 'app' => $appId,
	119	+ ]);
	120	+ $this->eventLogger->end("bootstrap:register_app:$appId");
	121	+ continue;
	122	+ }
	123	+ $this->eventLogger->end("bootstrap:register_app:$appId");
	124	+ }
	125	+
	126	+ $this->eventLogger->start('bootstrap:register_apps:apply', 'Apply all the registered service by apps');
	127	+ /**
	128	+ * Now that all register methods have been called, we can delegate the registrations
	129	+ * to the actual services
	130	+ */
	131	+ $this->registrationContext->delegateCapabilityRegistrations($apps);
	132	+ $this->registrationContext->delegateCrashReporterRegistrations($apps, $this->registry);
	133	+ $this->registrationContext->delegateDashboardPanelRegistrations($this->dashboardManager);
	134	+ $this->registrationContext->delegateEventListenerRegistrations($this->eventDispatcher);
	135	+ $this->registrationContext->delegateContainerRegistrations($apps);
	136	+ $this->eventLogger->end('bootstrap:register_apps:apply');
	137	+ $this->eventLogger->end('bootstrap:register_apps');
	138	+ }
	139	+
	140	+ public function getRegistrationContext(): ?RegistrationContext {
	141	+ return $this->registrationContext;
	142	+ }
	143	+
	144	+ public function bootApp(string $appId): void {
	145	+ if (isset($this->bootedApps[$appId])) {
	146	+ return;
	147	+ }
	148	+ $this->bootedApps[$appId] = true;
	149	+
	150	+ $appNameSpace = App::buildAppNamespace($appId);
	151	+ $applicationClassName = $appNameSpace . '\\AppInfo\\Application';
	152	+ if (!class_exists($applicationClassName)) {
	153	+ // Nothing to boot
	154	+ return;
	155	+ }
	156	+
	157	+ /*
158	158	* Now it is time to fetch an instance of the App class. For classes
159	159	* that implement \OCP\AppFramework\Bootstrap\IBootstrap this means
160	160	* the instance was already created for register, but any other
161	161	* (legacy) code will now do their magic via the constructor.
162	162	*/
163		- $this->eventLogger->start('bootstrap:boot_app:' . $appId, "Call `Application::boot` for $appId");
164		- try {
165		- /** @var App $application */
166		- $application = $this->serverContainer->query($applicationClassName);
167		- if ($application instanceof IBootstrap) {
168		- /** @var BootContext $context */
169		- $context = new BootContext($application->getContainer());
170		- $application->boot($context);
171		- }
172		- } catch (QueryException $e) {
173		- $this->logger->error("Could not boot $appId: " . $e->getMessage(), [
174		- 'exception' => $e,
175		- ]);
176		- } catch (Throwable $e) {
177		- $this->logger->emergency("Could not boot $appId: " . $e->getMessage(), [
178		- 'exception' => $e,
179		- ]);
180		- }
181		- $this->eventLogger->end('bootstrap:boot_app:' . $appId);
182		- }
183		-
184		- public function isBootable(string $appId) {
185		- $appNameSpace = App::buildAppNamespace($appId);
186		- $applicationClassName = $appNameSpace . '\\AppInfo\\Application';
187		- return class_exists($applicationClassName)
188		- && in_array(IBootstrap::class, class_implements($applicationClassName), true);
189		- }
	163	+ $this->eventLogger->start('bootstrap:boot_app:' . $appId, "Call `Application::boot` for $appId");
	164	+ try {
	165	+ /** @var App $application */
	166	+ $application = $this->serverContainer->query($applicationClassName);
	167	+ if ($application instanceof IBootstrap) {
	168	+ /** @var BootContext $context */
	169	+ $context = new BootContext($application->getContainer());
	170	+ $application->boot($context);
	171	+ }
	172	+ } catch (QueryException $e) {
	173	+ $this->logger->error("Could not boot $appId: " . $e->getMessage(), [
	174	+ 'exception' => $e,
	175	+ ]);
	176	+ } catch (Throwable $e) {
	177	+ $this->logger->emergency("Could not boot $appId: " . $e->getMessage(), [
	178	+ 'exception' => $e,
	179	+ ]);
	180	+ }
	181	+ $this->eventLogger->end('bootstrap:boot_app:' . $appId);
	182	+ }
	183	+
	184	+ public function isBootable(string $appId) {
	185	+ $appNameSpace = App::buildAppNamespace($appId);
	186	+ $applicationClassName = $appNameSpace . '\\AppInfo\\Application';
	187	+ return class_exists($applicationClassName)
	188	+ && in_array(IBootstrap::class, class_implements($applicationClassName), true);
	189	+ }
190	190	}

		@@ -41,50 +41,50 @@
		block discarded – undo
41	41	*/
42	42	class Application extends App implements IBootstrap {
43	43
44		- public const APP_ID = 'core';
	44	+ public const APP_ID = 'core';
45	45
46		- /**
47		- * Application constructor.
48		- */
49		- public function __construct(array $urlParams = []) {
50		- parent::__construct(self::APP_ID, $urlParams);
51		- }
	46	+ /**
	47	+ * Application constructor.
	48	+ */
	49	+ public function __construct(array $urlParams = []) {
	50	+ parent::__construct(self::APP_ID, $urlParams);
	51	+ }
52	52
53		- public function register(IRegistrationContext $context): void {
54		- $context->registerService('defaultMailAddress', function () {
55		- return Util::getDefaultEmailAddress('lostpassword-noreply');
56		- });
	53	+ public function register(IRegistrationContext $context): void {
	54	+ $context->registerService('defaultMailAddress', function () {
	55	+ return Util::getDefaultEmailAddress('lostpassword-noreply');
	56	+ });
57	57
58		- // register notifier
59		- $context->registerNotifierService(CoreNotifier::class);
60		- $context->registerNotifierService(AuthenticationNotifier::class);
	58	+ // register notifier
	59	+ $context->registerNotifierService(CoreNotifier::class);
	60	+ $context->registerNotifierService(AuthenticationNotifier::class);
61	61
62		- // register event listeners
63		- $context->registerEventListener(AddMissingIndicesEvent::class, AddMissingIndicesListener::class);
64		- $context->registerEventListener(AddMissingPrimaryKeyEvent::class, AddMissingPrimaryKeyListener::class);
65		- $context->registerEventListener(BeforeTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class);
66		- $context->registerEventListener(BeforeLoginTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class);
67		- $context->registerEventListener(RemoteWipeStarted::class, RemoteWipeActivityListener::class);
68		- $context->registerEventListener(RemoteWipeStarted::class, RemoteWipeNotificationsListener::class);
69		- $context->registerEventListener(RemoteWipeStarted::class, RemoteWipeEmailListener::class);
70		- $context->registerEventListener(RemoteWipeFinished::class, RemoteWipeActivityListener::class);
71		- $context->registerEventListener(RemoteWipeFinished::class, RemoteWipeNotificationsListener::class);
72		- $context->registerEventListener(RemoteWipeFinished::class, RemoteWipeEmailListener::class);
73		- $context->registerEventListener(UserDeletedEvent::class, UserDeletedStoreCleanupListener::class);
74		- $context->registerEventListener(UserDeletedEvent::class, UserDeletedTokenCleanupListener::class);
75		- $context->registerEventListener(BeforeUserDeletedEvent::class, UserDeletedFilesCleanupListener::class);
76		- $context->registerEventListener(UserDeletedEvent::class, UserDeletedFilesCleanupListener::class);
77		- $context->registerEventListener(UserDeletedEvent::class, UserDeletedWebAuthnCleanupListener::class);
	62	+ // register event listeners
	63	+ $context->registerEventListener(AddMissingIndicesEvent::class, AddMissingIndicesListener::class);
	64	+ $context->registerEventListener(AddMissingPrimaryKeyEvent::class, AddMissingPrimaryKeyListener::class);
	65	+ $context->registerEventListener(BeforeTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class);
	66	+ $context->registerEventListener(BeforeLoginTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class);
	67	+ $context->registerEventListener(RemoteWipeStarted::class, RemoteWipeActivityListener::class);
	68	+ $context->registerEventListener(RemoteWipeStarted::class, RemoteWipeNotificationsListener::class);
	69	+ $context->registerEventListener(RemoteWipeStarted::class, RemoteWipeEmailListener::class);
	70	+ $context->registerEventListener(RemoteWipeFinished::class, RemoteWipeActivityListener::class);
	71	+ $context->registerEventListener(RemoteWipeFinished::class, RemoteWipeNotificationsListener::class);
	72	+ $context->registerEventListener(RemoteWipeFinished::class, RemoteWipeEmailListener::class);
	73	+ $context->registerEventListener(UserDeletedEvent::class, UserDeletedStoreCleanupListener::class);
	74	+ $context->registerEventListener(UserDeletedEvent::class, UserDeletedTokenCleanupListener::class);
	75	+ $context->registerEventListener(BeforeUserDeletedEvent::class, UserDeletedFilesCleanupListener::class);
	76	+ $context->registerEventListener(UserDeletedEvent::class, UserDeletedFilesCleanupListener::class);
	77	+ $context->registerEventListener(UserDeletedEvent::class, UserDeletedWebAuthnCleanupListener::class);
78	78
79		- // Tags
80		- $context->registerEventListener(UserDeletedEvent::class, TagManager::class);
	79	+ // Tags
	80	+ $context->registerEventListener(UserDeletedEvent::class, TagManager::class);
81	81
82		- // config lexicon
83		- $context->registerConfigLexicon(ConfigLexicon::class);
84		- }
	82	+ // config lexicon
	83	+ $context->registerConfigLexicon(ConfigLexicon::class);
	84	+ }
85	85
86		- public function boot(IBootContext $context): void {
87		- // ...
88		- }
	86	+ public function boot(IBootContext $context): void {
	87	+ // ...
	88	+ }
89	89
90	90	}

		@@ -19,25 +19,25 @@
		block discarded – undo
19	19	* Please Add & Manage your Config Keys in that file and keep the Lexicon up to date!
20	20	*/
21	21	class ConfigLexicon implements IConfigLexicon {
22		- public const SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES = 'shareapi_allow_federation_on_public_shares';
	22	+ public const SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES = 'shareapi_allow_federation_on_public_shares';
23	23
24		- public function getStrictness(): ConfigLexiconStrictness {
25		- return ConfigLexiconStrictness::IGNORE;
26		- }
	24	+ public function getStrictness(): ConfigLexiconStrictness {
	25	+ return ConfigLexiconStrictness::IGNORE;
	26	+ }
27	27
28		- public function getAppConfigs(): array {
29		- return [
30		- new ConfigLexiconEntry(
31		- key: self::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES,
32		- type: ValueType::BOOL,
33		- lazy: true,
34		- defaultRaw: true,
35		- definition: 'adds share permission to public shares to allow adding them to your Nextcloud (federation)',
36		- ),
37		- ];
38		- }
	28	+ public function getAppConfigs(): array {
	29	+ return [
	30	+ new ConfigLexiconEntry(
	31	+ key: self::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES,
	32	+ type: ValueType::BOOL,
	33	+ lazy: true,
	34	+ defaultRaw: true,
	35	+ definition: 'adds share permission to public shares to allow adding them to your Nextcloud (federation)',
	36	+ ),
	37	+ ];
	38	+ }
39	39
40		- public function getUserConfigs(): array {
41		- return [];
42		- }
	40	+ public function getUserConfigs(): array {
	41	+ return [];
	42	+ }
43	43	}

		@@ -20,106 +20,106 @@
		block discarded – undo
20	20	use OCP\Util;
21	21
22	22	class Sharing implements IDelegatedSettings {
23		- public function __construct(
24		- private IConfig $config,
25		- private IAppConfig $appConfig,
26		- private IL10N $l,
27		- private IManager $shareManager,
28		- private IAppManager $appManager,
29		- private IURLGenerator $urlGenerator,
30		- private IInitialState $initialState,
31		- private string $appName,
32		- ) {
33		- }
	23	+ public function __construct(
	24	+ private IConfig $config,
	25	+ private IAppConfig $appConfig,
	26	+ private IL10N $l,
	27	+ private IManager $shareManager,
	28	+ private IAppManager $appManager,
	29	+ private IURLGenerator $urlGenerator,
	30	+ private IInitialState $initialState,
	31	+ private string $appName,
	32	+ ) {
	33	+ }
34	34
35		- /**
36		- * @return TemplateResponse
37		- */
38		- public function getForm() {
39		- $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
40		- $linksExcludedGroups = $this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '');
41		- $excludedPasswordGroups = $this->config->getAppValue('core', 'shareapi_enforce_links_password_excluded_groups', '');
42		- $onlyShareWithGroupMembersExcludeGroupList = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', '');
	35	+ /**
	36	+ * @return TemplateResponse
	37	+ */
	38	+ public function getForm() {
	39	+ $excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
	40	+ $linksExcludedGroups = $this->config->getAppValue('core', 'shareapi_allow_links_exclude_groups', '');
	41	+ $excludedPasswordGroups = $this->config->getAppValue('core', 'shareapi_enforce_links_password_excluded_groups', '');
	42	+ $onlyShareWithGroupMembersExcludeGroupList = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', '');
43	43
44		- $parameters = [
45		- // Built-In Sharing
46		- 'enabled' => $this->getHumanBooleanConfig('core', 'shareapi_enabled', true),
47		- 'allowGroupSharing' => $this->getHumanBooleanConfig('core', 'shareapi_allow_group_sharing', true),
48		- 'allowLinks' => $this->getHumanBooleanConfig('core', 'shareapi_allow_links', true),
49		- 'allowLinksExcludeGroups' => json_decode($linksExcludedGroups, true) ?? [],
50		- 'allowPublicUpload' => $this->getHumanBooleanConfig('core', 'shareapi_allow_public_upload', true),
51		- 'allowResharing' => $this->getHumanBooleanConfig('core', 'shareapi_allow_resharing', true),
52		- 'allowShareDialogUserEnumeration' => $this->getHumanBooleanConfig('core', 'shareapi_allow_share_dialog_user_enumeration', true),
53		- 'allowFederationOnPublicShares' => $this->appConfig->getValueBool('core', ConfigLexicon::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES),
54		- 'restrictUserEnumerationToGroup' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_group'),
55		- 'restrictUserEnumerationToPhone' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_phone'),
56		- 'restrictUserEnumerationFullMatch' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match', true),
57		- 'restrictUserEnumerationFullMatchUserId' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_userid', true),
58		- 'restrictUserEnumerationFullMatchEmail' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_email', true),
59		- 'restrictUserEnumerationFullMatchIgnoreSecondDN' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn'),
60		- 'enforceLinksPassword' => Util::isPublicLinkPasswordRequired(false),
61		- 'enforceLinksPasswordExcludedGroups' => json_decode($excludedPasswordGroups) ?? [],
62		- 'enforceLinksPasswordExcludedGroupsEnabled' => $this->config->getSystemValueBool('sharing.allow_disabled_password_enforcement_groups', false),
63		- 'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(),
64		- 'onlyShareWithGroupMembersExcludeGroupList' => json_decode($onlyShareWithGroupMembersExcludeGroupList) ?? [],
65		- 'defaultExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_expire_date'),
66		- 'expireAfterNDays' => $this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7'),
67		- 'enforceExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_expire_date'),
68		- 'excludeGroups' => $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no'),
69		- 'excludeGroupsList' => json_decode($excludedGroups, true) ?? [],
70		- 'publicShareDisclaimerText' => $this->config->getAppValue('core', 'shareapi_public_link_disclaimertext'),
71		- 'enableLinkPasswordByDefault' => $this->getHumanBooleanConfig('core', 'shareapi_enable_link_password_by_default'),
72		- 'defaultPermissions' => (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL),
73		- 'defaultInternalExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_internal_expire_date'),
74		- 'internalExpireAfterNDays' => $this->config->getAppValue('core', 'shareapi_internal_expire_after_n_days', '7'),
75		- 'enforceInternalExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_internal_expire_date'),
76		- 'defaultRemoteExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_remote_expire_date'),
77		- 'remoteExpireAfterNDays' => $this->config->getAppValue('core', 'shareapi_remote_expire_after_n_days', '7'),
78		- 'enforceRemoteExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_remote_expire_date'),
79		- 'allowCustomTokens' => $this->shareManager->allowCustomTokens(),
80		- 'allowViewWithoutDownload' => $this->shareManager->allowViewWithoutDownload(),
81		- ];
	44	+ $parameters = [
	45	+ // Built-In Sharing
	46	+ 'enabled' => $this->getHumanBooleanConfig('core', 'shareapi_enabled', true),
	47	+ 'allowGroupSharing' => $this->getHumanBooleanConfig('core', 'shareapi_allow_group_sharing', true),
	48	+ 'allowLinks' => $this->getHumanBooleanConfig('core', 'shareapi_allow_links', true),
	49	+ 'allowLinksExcludeGroups' => json_decode($linksExcludedGroups, true) ?? [],
	50	+ 'allowPublicUpload' => $this->getHumanBooleanConfig('core', 'shareapi_allow_public_upload', true),
	51	+ 'allowResharing' => $this->getHumanBooleanConfig('core', 'shareapi_allow_resharing', true),
	52	+ 'allowShareDialogUserEnumeration' => $this->getHumanBooleanConfig('core', 'shareapi_allow_share_dialog_user_enumeration', true),
	53	+ 'allowFederationOnPublicShares' => $this->appConfig->getValueBool('core', ConfigLexicon::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES),
	54	+ 'restrictUserEnumerationToGroup' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_group'),
	55	+ 'restrictUserEnumerationToPhone' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_phone'),
	56	+ 'restrictUserEnumerationFullMatch' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match', true),
	57	+ 'restrictUserEnumerationFullMatchUserId' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_userid', true),
	58	+ 'restrictUserEnumerationFullMatchEmail' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_email', true),
	59	+ 'restrictUserEnumerationFullMatchIgnoreSecondDN' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn'),
	60	+ 'enforceLinksPassword' => Util::isPublicLinkPasswordRequired(false),
	61	+ 'enforceLinksPasswordExcludedGroups' => json_decode($excludedPasswordGroups) ?? [],
	62	+ 'enforceLinksPasswordExcludedGroupsEnabled' => $this->config->getSystemValueBool('sharing.allow_disabled_password_enforcement_groups', false),
	63	+ 'onlyShareWithGroupMembers' => $this->shareManager->shareWithGroupMembersOnly(),
	64	+ 'onlyShareWithGroupMembersExcludeGroupList' => json_decode($onlyShareWithGroupMembersExcludeGroupList) ?? [],
	65	+ 'defaultExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_expire_date'),
	66	+ 'expireAfterNDays' => $this->config->getAppValue('core', 'shareapi_expire_after_n_days', '7'),
	67	+ 'enforceExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_expire_date'),
	68	+ 'excludeGroups' => $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no'),
	69	+ 'excludeGroupsList' => json_decode($excludedGroups, true) ?? [],
	70	+ 'publicShareDisclaimerText' => $this->config->getAppValue('core', 'shareapi_public_link_disclaimertext'),
	71	+ 'enableLinkPasswordByDefault' => $this->getHumanBooleanConfig('core', 'shareapi_enable_link_password_by_default'),
	72	+ 'defaultPermissions' => (int)$this->config->getAppValue('core', 'shareapi_default_permissions', (string)Constants::PERMISSION_ALL),
	73	+ 'defaultInternalExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_internal_expire_date'),
	74	+ 'internalExpireAfterNDays' => $this->config->getAppValue('core', 'shareapi_internal_expire_after_n_days', '7'),
	75	+ 'enforceInternalExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_internal_expire_date'),
	76	+ 'defaultRemoteExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_default_remote_expire_date'),
	77	+ 'remoteExpireAfterNDays' => $this->config->getAppValue('core', 'shareapi_remote_expire_after_n_days', '7'),
	78	+ 'enforceRemoteExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_remote_expire_date'),
	79	+ 'allowCustomTokens' => $this->shareManager->allowCustomTokens(),
	80	+ 'allowViewWithoutDownload' => $this->shareManager->allowViewWithoutDownload(),
	81	+ ];
82	82
83		- $this->initialState->provideInitialState('sharingAppEnabled', $this->appManager->isEnabledForUser('files_sharing'));
84		- $this->initialState->provideInitialState('sharingDocumentation', $this->urlGenerator->linkToDocs('admin-sharing'));
85		- $this->initialState->provideInitialState('sharingSettings', $parameters);
	83	+ $this->initialState->provideInitialState('sharingAppEnabled', $this->appManager->isEnabledForUser('files_sharing'));
	84	+ $this->initialState->provideInitialState('sharingDocumentation', $this->urlGenerator->linkToDocs('admin-sharing'));
	85	+ $this->initialState->provideInitialState('sharingSettings', $parameters);
86	86
87		- Util::addScript($this->appName, 'vue-settings-admin-sharing');
88		- return new TemplateResponse($this->appName, 'settings/admin/sharing', [], '');
89		- }
	87	+ Util::addScript($this->appName, 'vue-settings-admin-sharing');
	88	+ return new TemplateResponse($this->appName, 'settings/admin/sharing', [], '');
	89	+ }
90	90
91		- /**
92		- * Helper function to retrive boolean values from human readable strings ('yes' / 'no')
93		- */
94		- private function getHumanBooleanConfig(string $app, string $key, bool $default = false): bool {
95		- return $this->config->getAppValue($app, $key, $default ? 'yes' : 'no') === 'yes';
96		- }
	91	+ /**
	92	+ * Helper function to retrive boolean values from human readable strings ('yes' / 'no')
	93	+ */
	94	+ private function getHumanBooleanConfig(string $app, string $key, bool $default = false): bool {
	95	+ return $this->config->getAppValue($app, $key, $default ? 'yes' : 'no') === 'yes';
	96	+ }
97	97
98		- /**
99		- * @return string the section ID, e.g. 'sharing'
100		- */
101		- public function getSection() {
102		- return 'sharing';
103		- }
	98	+ /**
	99	+ * @return string the section ID, e.g. 'sharing'
	100	+ */
	101	+ public function getSection() {
	102	+ return 'sharing';
	103	+ }
104	104
105		- /**
106		- * @return int whether the form should be rather on the top or bottom of
107		- * the admin section. The forms are arranged in ascending order of the
108		- * priority values. It is required to return a value between 0 and 100.
109		- *
110		- * E.g.: 70
111		- */
112		- public function getPriority() {
113		- return 0;
114		- }
	105	+ /**
	106	+ * @return int whether the form should be rather on the top or bottom of
	107	+ * the admin section. The forms are arranged in ascending order of the
	108	+ * priority values. It is required to return a value between 0 and 100.
	109	+ *
	110	+ * E.g.: 70
	111	+ */
	112	+ public function getPriority() {
	113	+ return 0;
	114	+ }
115	115
116		- public function getAuthorizedAppConfig(): array {
117		- return [
118		- 'core' => ['/shareapi_.*/'],
119		- ];
120		- }
	116	+ public function getAuthorizedAppConfig(): array {
	117	+ return [
	118	+ 'core' => ['/shareapi_.*/'],
	119	+ ];
	120	+ }
121	121
122		- public function getName(): ?string {
123		- return null;
124		- }
	122	+ public function getName(): ?string {
	123	+ return null;
	124	+ }
125	125	}

nextcloud / server

Push — master ( 2cbfdc...ebc5ae )

Status

Category

Indentation +19 added lines, -19 removed lines patch added patch discarded remove patch

Indentation +723 added lines, -723 removed lines patch added patch discarded remove patch

Indentation +149 added lines, -149 removed lines patch added patch discarded remove patch

Indentation +1145 added lines, -1145 removed lines patch added patch discarded remove patch

Indentation +38 added lines, -38 removed lines patch added patch discarded remove patch

Indentation +18 added lines, -18 removed lines patch added patch discarded remove patch

Indentation +93 added lines, -93 removed lines patch added patch discarded remove patch

Indentation +222 added lines, -222 removed lines patch added patch discarded remove patch

Indentation +2185 added lines, -2185 removed lines patch added patch discarded remove patch