fix: visibility for local storage for the admin based on flag

Without the visibility, the admin won't be able to create local
storages, and the previously created local mounts will be hidden and
inaccessible

Author: jvillafanez

lib/private/Files/External/StoragesBackendChecker.php

@@ -24,7 +24,7 @@ public function __construct(IConfig $config) {
 	 * Checks if the regular users are allowed to mount external storages
 	 * @return bool
 	 */
-	public function isUserMountingAllowed() {
+	public function isUserMountingAllowed(): bool {
 		if ($this->allowUserMounting === null) {
 			$this->allowUserMounting = $this->config->getAppValue('files_external', 'allow_user_mounting', 'no') === 'yes';
 			// if no backend is in the list an empty string is in the array and user mounting is disabled
@@ -49,9 +49,10 @@ private function allowedBackendsForUsers() {
 	/**
 	 * Checks if the regular users are allowed to mount the specified backend.
 	 * Note that the admin might still mount the backend.
+	 * @param Backend $backend
 	 * @return bool
 	 */
-	public function isAllowedUserBackend(Backend $backend) {
+	public function isAllowedUserBackend(Backend $backend): bool {
 		$blacklistedBackendsForUsers = ['\OC\Files\Storage\Local'];
 		if (\in_array($backend->getStorageClass(), $blacklistedBackendsForUsers, true)) {
 			return false;
@@ -62,4 +63,17 @@ public function isAllowedUserBackend(Backend $backend) {
 		}
 		return false;
 	}
+
+	/**
+	 * Checks if the admin is allowed to mount the specified backend.
+	 * @param Backend $backend
+	 * @return bool
+	 */
+	public function isAllowedAdminBackend(Backend $backend): bool {
+		$canCreateNewLocalStorage = $this->config->getSystemValue('files_external_allow_create_new_local', false);
+		if ($backend->getStorageClass() === '\OC\Files\Storage\Local' && !$canCreateNewLocalStorage) {
+			return false;
+		}
+		return true;
+	}
 }

lib/private/Files/External/StoragesBackendService.php

@@ -104,6 +104,9 @@ public function registerBackend(Backend $backend) {
 		if (!$this->isAllowedUserBackend($backend)) {
 			$backend->removeVisibility(IStoragesBackendService::VISIBILITY_PERSONAL);
 		}
+		if (!$this->isAllowedAdminBackend($backend)) {
+			$backend->removeVisibility(IStoragesBackendService::VISIBILITY_ADMIN);
+		}
 		foreach ($backend->getIdentifierAliases() as $alias) {
 			$this->backends[$alias] = $backend;
 		}
@@ -237,6 +240,15 @@ protected function isAllowedUserBackend(Backend $backend) {
 		return $this->storagesBackendChecker->isAllowedUserBackend($backend);
 	}
 
+	/**
+	 * Checks if the admin is allowed to mount the backend
+	 * @param Backend $backend
+	 * @return bool
+	 */
+	protected function isAllowedAdminBackend(Backend $backend) {
+		return $this->storagesBackendChecker->isAllowedAdminBackend($backend);
+	}
+
 	/**
 	 * Check an authentication mechanism if a user is allowed to use it
 	 *

tests/lib/Files/External/StoragesBackendServiceTest.php

@@ -35,6 +35,7 @@ protected function setUp(): void {
 		$this->storagesBackendChecker = $this->createMock(StoragesBackendChecker::class);
 		$this->storagesBackendChecker->method('isUserMountingAllowed')->willReturn(false);
 		$this->storagesBackendChecker->method('isAllowedUserBackend')->willReturn(false);
+		$this->storagesBackendChecker->method('isAllowedAdminBackend')->willReturn(true);
 	}
 
 	/**
@@ -157,6 +158,7 @@ public function testMultipleBackendProviders() {
 	public function testUserMountingBackends() {
 		$storagesBackendChecker = $this->createMock(StoragesBackendChecker::class);
 		$storagesBackendChecker->method('isUserMountingAllowed')->willReturn(true);
+		$storagesBackendChecker->method('isAllowedAdminBackend')->willReturn(true);
 		$storagesBackendChecker->method('isAllowedUserBackend')->willReturnCallback(function (Backend $backend) {
 			$backendAliases = $backend->getIdentifierAliases();
 			if (\in_array('identifier:\User\Mount\Allowed', $backendAliases, true) || \in_array('identifier_alias', $backendAliases, true)) {
@@ -188,6 +190,87 @@ public function testUserMountingBackends() {
 		$service->registerBackend($backendAlias);
 	}
 
+	public function testAdminMountingBackends() {
+		$storagesBackendChecker = $this->createMock(StoragesBackendChecker::class);
+		$storagesBackendChecker->method('isUserMountingAllowed')->willReturn(true);
+		$storagesBackendChecker->method('isAllowedUserBackend')->willReturn(true);
+		$storagesBackendChecker->method('isAllowedAdminBackend')->willReturnCallback(function (Backend $backend) {
+			$backendAliases = $backend->getIdentifierAliases();
+			if (\in_array('identifier:\User\Mount\Allowed', $backendAliases, true) || \in_array('identifier_alias', $backendAliases, true)) {
+				return true;
+			}
+			return false;
+		});
+
+		$service = new StoragesBackendService($storagesBackendChecker);
+
+		$backendAllowed = $this->getBackendMock('\User\Mount\Allowed');
+		$backendAllowed->expects($this->never())
+			->method('removeVisibility');
+		$backendNotAllowed = $this->getBackendMock('\User\Mount\NotAllowed');
+		$backendNotAllowed->expects($this->once())
+			->method('removeVisibility')
+			->with(IStoragesBackendService::VISIBILITY_ADMIN);
+
+		$backendAlias = $this->getMockBuilder('\OCP\Files\External\Backend\Backend')
+			->disableOriginalConstructor()
+			->getMock();
+		$backendAlias->method('getIdentifierAliases')
+			->willReturn(['identifier_real', 'identifier_alias']);
+		$backendAlias->expects($this->never())
+			->method('removeVisibility');
+
+		$service->registerBackend($backendAllowed);
+		$service->registerBackend($backendNotAllowed);
+		$service->registerBackend($backendAlias);
+	}
+
+	public function testAdminAndUserMountingBackends() {
+		$storagesBackendChecker = $this->createMock(StoragesBackendChecker::class);
+		$storagesBackendChecker->method('isUserMountingAllowed')->willReturn(true);
+		$storagesBackendChecker->method('isAllowedUserBackend')->willReturnCallback(function (Backend $backend) {
+			$backendAliases = $backend->getIdentifierAliases();
+			if (\in_array('identifier:\User\Mount\Allowed', $backendAliases, true) || \in_array('identifier_alias', $backendAliases, true)) {
+				return true;
+			}
+			return false;
+		});
+		$storagesBackendChecker->method('isAllowedAdminBackend')->willReturnCallback(function (Backend $backend) {
+			$backendAliases = $backend->getIdentifierAliases();
+			if (\in_array('identifier:\User\Mount\Allowed', $backendAliases, true) || \in_array('identifier_alias', $backendAliases, true)) {
+				return true;
+			}
+			return false;
+		});
+
+		$service = new StoragesBackendService($storagesBackendChecker);
+
+		$backendAllowed = $this->getBackendMock('\User\Mount\Allowed');
+		$backendAllowed->expects($this->never())
+			->method('removeVisibility');
+		$backendNotAllowed = $this->getBackendMock('\User\Mount\NotAllowed');
+		$backendNotAllowed->expects($this->exactly(2))
+			->method('removeVisibility')
+			->with(
+				$this->logicalOr(
+					$this->identicalTo(IStoragesBackendService::VISIBILITY_ADMIN),
+					$this->identicalTo(IStoragesBackendService::VISIBILITY_PERSONAL)
+				)
+			);
+
+		$backendAlias = $this->getMockBuilder('\OCP\Files\External\Backend\Backend')
+			->disableOriginalConstructor()
+			->getMock();
+		$backendAlias->method('getIdentifierAliases')
+			->willReturn(['identifier_real', 'identifier_alias']);
+		$backendAlias->expects($this->never())
+			->method('removeVisibility');
+
+		$service->registerBackend($backendAllowed);
+		$service->registerBackend($backendNotAllowed);
+		$service->registerBackend($backendAlias);
+	}
+
 	public function testGetAvailableBackends() {
 		$service = new StoragesBackendService($this->storagesBackendChecker);