Showing sharing history and preventing accidental sharing

src/backend/middlewares/SharingMWs.ts

@@ -1,11 +1,11 @@
-import { NextFunction, Request, Response } from 'express';
-import { CreateSharingDTO, SharingDTO } from '../../common/entities/SharingDTO';
-import { ObjectManagers } from '../model/ObjectManagers';
-import { ErrorCodes, ErrorDTO } from '../../common/entities/Error';
-import { Config } from '../../common/config/private/Config';
-import { QueryParams } from '../../common/QueryParams';
+import {NextFunction, Request, Response} from 'express';
+import {CreateSharingDTO, SharingDTO} from '../../common/entities/SharingDTO';
+import {ObjectManagers} from '../model/ObjectManagers';
+import {ErrorCodes, ErrorDTO} from '../../common/entities/Error';
+import {Config} from '../../common/config/private/Config';
+import {QueryParams} from '../../common/QueryParams';
 import * as path from 'path';
-import { UserRoles } from '../../common/entities/UserDTO';
+import {UserRoles} from '../../common/entities/UserDTO';
 
 export class SharingMWs {
   public static async getSharing(
@@ -20,9 +20,7 @@ export class SharingMWs {
 
     try {
       req.resultPipe =
-        await ObjectManagers.getInstance().SharingManager.findOne({
-          sharingKey,
-        });
+        await ObjectManagers.getInstance().SharingManager.findOne(sharingKey);
       return next();
     } catch (err) {
       return next(
@@ -58,9 +56,7 @@ export class SharingMWs {
     // eslint-disable-next-line no-constant-condition
     while (true) {
       try {
-        await ObjectManagers.getInstance().SharingManager.findOne({
-          sharingKey,
-        });
+        await ObjectManagers.getInstance().SharingManager.findOne(sharingKey);
         sharingKey = this.generateKey();
       } catch (err) {
         break;
@@ -173,6 +169,13 @@ export class SharingMWs {
     const sharingKey: string = req.params['sharingKey'];
 
     try {
+      // Check if user has the right to delete sharing.
+      if (req.session['user'].role < UserRoles.Admin) {
+        const s = await ObjectManagers.getInstance().SharingManager.findOne(sharingKey);
+        if (s.creator.id !== req.session['user'].id) {
+          return next(new ErrorDTO(ErrorCodes.NOT_AUTHORISED, 'Can\'t delete sharing.'));
+        }
+      }
       req.resultPipe =
         await ObjectManagers.getInstance().SharingManager.deleteSharing(
           sharingKey
@@ -213,6 +216,36 @@ export class SharingMWs {
     }
   }
 
+  public static async listSharingForDir(
+    req: Request,
+    res: Response,
+    next: NextFunction
+  ): Promise<void> {
+    if (Config.Sharing.enabled === false) {
+      return next();
+    }
+
+    const dir = path.normalize(req.params['directory'] || '/');
+    try {
+      if (req.session['user'].role >= UserRoles.Admin) {
+        req.resultPipe =
+          await ObjectManagers.getInstance().SharingManager.listAllForDir(dir);
+      } else {
+        req.resultPipe =
+          await ObjectManagers.getInstance().SharingManager.listAllForDir(dir, req.session['user']);
+      }
+      return next();
+    } catch (err) {
+      return next(
+        new ErrorDTO(
+          ErrorCodes.GENERAL_ERROR,
+          'Error during listing shares',
+          err
+        )
+      );
+    }
+  }
+
   private static generateKey(): string {
     function s4(): string {
       return Math.floor((1 + Math.random()) * 0x10000)

src/backend/middlewares/user/AuthenticationMWs.ts

@@ -151,11 +151,7 @@ export class AuthenticationMWs {
       const sharingKey: string =
         (req.query[QueryParams.gallery.sharingKey_query] as string) ||
         (req.params[QueryParams.gallery.sharingKey_params] as string);
-      const sharing = await ObjectManagers.getInstance().SharingManager.findOne(
-        {
-          sharingKey,
-        }
-      );
+      const sharing = await ObjectManagers.getInstance().SharingManager.findOne(sharingKey);
 
       if (
         !sharing ||
@@ -264,11 +260,7 @@ export class AuthenticationMWs {
       const sharingKey: string =
         (req.query[QueryParams.gallery.sharingKey_query] as string) ||
         (req.params[QueryParams.gallery.sharingKey_params] as string);
-      const sharing = await ObjectManagers.getInstance().SharingManager.findOne(
-        {
-          sharingKey,
-        }
-      );
+      const sharing = await ObjectManagers.getInstance().SharingManager.findOne(sharingKey);
       if (!sharing || sharing.expires < Date.now()) {
         return null;
       }

src/backend/model/database/SharingManager.ts

@@ -3,7 +3,8 @@ import {SQLConnection} from './SQLConnection';
 import {SharingEntity} from './enitites/SharingEntity';
 import {Config} from '../../../common/config/private/Config';
 import {PasswordHelper} from '../PasswordHelper';
-import {DeleteResult, FindOptionsWhere} from 'typeorm';
+import {DeleteResult, SelectQueryBuilder} from 'typeorm';
+import {UserDTO} from '../../../common/entities/UserDTO';
 
 export class SharingManager {
   private static async removeExpiredLink(): Promise<DeleteResult> {
@@ -34,10 +35,29 @@ export class SharingManager {
       .getMany();
   }
 
-  async findOne(filter: FindOptionsWhere<SharingDTO>): Promise<SharingDTO> {
+
+  async listAllForDir(dir: string, user?: UserDTO): Promise<SharingDTO[]> {
     await SharingManager.removeExpiredLink();
     const connection = await SQLConnection.getConnection();
-    return await connection.getRepository(SharingEntity).findOneBy(filter);
+    const q: SelectQueryBuilder<SharingEntity> = connection
+      .getRepository(SharingEntity)
+      .createQueryBuilder('share')
+      .leftJoinAndSelect('share.creator', 'creator')
+      .where('path = :dir', {dir});
+    if (user) {
+      q.andWhere('share.creator = :user', {user: user.id});
+    }
+    return await q.getMany();
+  }
+
+  async findOne(sharingKey: string): Promise<SharingDTO> {
+    await SharingManager.removeExpiredLink();
+    const connection = await SQLConnection.getConnection();
+    return await connection.getRepository(SharingEntity)
+      .createQueryBuilder('share')
+      .leftJoinAndSelect('share.creator', 'creator')
+      .where('share.sharingKey = :sharingKey', {sharingKey})
+      .getOne();
   }
 
   async createSharing(sharing: SharingDTO): Promise<SharingDTO> {

src/backend/routes/SharingRouter.ts

@@ -14,6 +14,7 @@ export class SharingRouter {
     this.addCreateSharing(app);
     this.addUpdateSharing(app);
     this.addListSharing(app);
+    this.addListSharingForDir(app);
     this.addDeleteSharing(app);
   }
 
@@ -64,7 +65,7 @@ export class SharingRouter {
     app.delete(
       [Config.Server.apiPath + '/share/:' + QueryParams.gallery.sharingKey_params],
       AuthenticationMWs.authenticate,
-      AuthenticationMWs.authorise(UserRoles.Admin),
+      AuthenticationMWs.authorise(UserRoles.User),
       SharingMWs.deleteSharing,
       ServerTimingMWs.addServerTiming,
       RenderingMWs.renderResult
@@ -73,12 +74,25 @@ export class SharingRouter {
 
   private static addListSharing(app: express.Express): void {
     app.get(
-      [Config.Server.apiPath + '/share/list'],
+      [Config.Server.apiPath + '/share/listAll'],
       AuthenticationMWs.authenticate,
-      AuthenticationMWs.authorise(UserRoles.User),
+      AuthenticationMWs.authorise(UserRoles.Admin),
       SharingMWs.listSharing,
       ServerTimingMWs.addServerTiming,
       RenderingMWs.renderSharingList
     );
   }
+
+  private static addListSharingForDir(app: express.Express): void {
+    app.get(
+      [Config.Server.apiPath + '/share/list/:directory(*)',
+        Config.Server.apiPath + '/share/list//',
+        Config.Server.apiPath + '/share/list'],
+      AuthenticationMWs.authenticate,
+      AuthenticationMWs.authorise(UserRoles.User),
+      SharingMWs.listSharingForDir,
+      ServerTimingMWs.addServerTiming,
+      RenderingMWs.renderSharingList
+    );
+  }
 }

src/frontend/app/ui/gallery/share.service.ts

@@ -6,6 +6,8 @@ import {BehaviorSubject} from 'rxjs';
 import {distinctUntilChanged, filter} from 'rxjs/operators';
 import {QueryParams} from '../../../../common/QueryParams';
 import {UserDTO} from '../../../../common/entities/UserDTO';
+import {Utils} from '../../../../common/Utils';
+import {Config} from '../../../../common/config/public/Config';
 
 
 @Injectable()
@@ -61,6 +63,11 @@ export class ShareService {
     });
   }
 
+  public getUrl(share: SharingDTO): string {
+    return Utils.concatUrls(Config.Server.publicUrl, '/share/', share.sharingKey);
+  }
+
+
   onNewUser = async (user: UserDTO) => {
     if (user && !!user.usedSharingKey) {
       if (
@@ -135,4 +142,23 @@ export class ShareService {
       console.error(e);
     }
   }
+
+  public async getSharingListForDir(
+    dir: string
+  ): Promise<SharingDTO[]> {
+    return this.networkService.getJson('/share/list/' + dir);
+  }
+
+
+
+  public getSharingList(): Promise<SharingDTO[]> {
+    if (!Config.Sharing.enabled) {
+      return Promise.resolve([]);
+    }
+    return this.networkService.getJson('/share/listAll');
+  }
+
+  public deleteSharing(sharing: SharingDTO): Promise<void> {
+    return this.networkService.deleteJson('/share/' + sharing.sharingKey);
+  }
 }

src/frontend/app/ui/gallery/share/share.gallery.component.css

@@ -24,3 +24,12 @@ a.dropdown-item, button.dropdown-item, div.dropdown-item {
 a.dropdown-item span, button.dropdown-item span, div.dropdown-item span {
   padding-right: 0.8rem;
 }
+
+a.list-shares-button {
+  cursor: pointer;
+  color: inherit;
+}
+
+a.list-shares-button:hover {
+  text-decoration: underline;
+}

src/frontend/app/ui/gallery/share/share.gallery.component.html

@@ -28,16 +28,25 @@ <h5 class="modal-title" i18n>Share</h5>
                  class="form-control input-md"
                  type="text"
                  readonly
-                 [disabled]="!shareForm.form.valid"
+                 [disabled]="!shareForm.form.valid || !urlValid"
                  [ngModel]="shareForm.form.valid ? url: invalidSettings">
         </div>
         <div class="col-5 col-sm-3">
-          <button id="copyButton" name="copyButton"
-                  ngxClipboard
-                  [cbContent]="url"
-                  (cbOnSuccess)="onCopy()"
-                  [disabled]="!shareForm.form.valid"
-                  class="btn btn-primary btn-block" i18n>Copy
+          <button
+            *ngIf="!sharing"
+            id="getShareButton" name="getShareButton"
+            (click)="share()"
+            [disabled]="!shareForm.form.valid"
+            class="btn btn-primary btn-block float-end" i18n>Share
+          </button>
+          <button
+            *ngIf="sharing"
+            id="copyButton" name="copyButton"
+            ngxClipboard
+            [cbContent]="url"
+            (cbOnSuccess)="onCopy()"
+            [disabled]="!shareForm.form.valid"
+            class="btn btn-primary btn-block float-end" i18n>Copy
           </button>
         </div>
       </div>
@@ -118,4 +127,38 @@ <h5 class="modal-title" i18n>Share</h5>
       </div>
     </form>
   </div>
+  <div class="modal-footer" *ngIf="activeShares && activeShares.length>0">
+    <a *ngIf="!showSharingList"
+       (click)="showSharingList = true"
+       class="list-shares-button m-0">
+      <span class="badge text-bg-secondary me-1">{{activeShares.length}}</span>
+      <ng-container i18n>active share(s) for this folder.
+      </ng-container>
+      <span class="oi oi-chevron-right ms-1"></span>
+    </a>
+    <table class="table table-hover table-sm" *ngIf="showSharingList">
+      <thead>
+      <tr>
+        <th i18n>Sharing</th>
+        <th *ngIf="IsAdmin" i18n>Creator</th>
+        <th i18n>Expires</th>
+        <th></th>
+      </tr>
+      </thead>
+      <tbody>
+      <tr *ngFor="let share of activeShares">
+        <td><a [href]="sharingService.getUrl(share)">{{share.sharingKey}}</a></td>
+        <td *ngIf="IsAdmin">{{share.creator.name}}</td>
+        <td>{{share.expires | date}}</td>
+        <td>
+          <button (click)="deleteSharing(share)"
+                  [disabled]="share.sharingKey == sharing?.sharingKey"
+                  class="btn btn-danger float-end">
+            <span class="oi oi-trash" aria-hidden="true" aria-label="Delete"></span>
+          </button>
+        </td>
+      </tr>
+      </tbody>
+    </table>
+  </div>
 </ng-template>