Show a broken lock icon for unencrypted subdirectory

The E2E application allows creating unencrypted subdirectories
in an encrypted parent. This is a big privacy problem.

This patch shows a red broken lock icon for these subdirectories
in the NC client UI.

Signed-off-by: Ivan Čukić <ivan.cukic@kde.org>

diff --git a/src/gui/folderstatusmodel.cpp b/src/gui/folderstatusmodel.cpp
index 350e5c3084fbebe2ab30215d7ebe6da7978b22e9..52370bfa562dc45e37af26487450d62da092dac2 100644 (file)
--- a/src/gui/folderstatusmodel.cpp
+++ b/src/gui/folderstatusmodel.cpp
@@ -158,6 +158,8 @@ QVariant FolderStatusModel::data(const QModelIndex &index, int role) const
         case Qt::DecorationRole:
             if (_accountState->account()->e2e()->isFolderEncrypted(x._path)) {
                 return QIcon(QLatin1String(":/client/theme/lock-https.svg"));
+            } else if (_accountState->account()->e2e()->isAnyParentFolderEncrypted(x._path)) {
+                return QIcon(QLatin1String(":/client/theme/lock-broken.svg"));
             }
             return QFileIconProvider().icon(x._isExternal ? QFileIconProvider::Network : QFileIconProvider::Folder);
         case Qt::ForegroundRole:

diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
index 83f6cbb03c94628ba71d9f8db03cc5258bf0babb..6401a22695940cfed1ac6cc916441552a7c722de 100644 (file)
--- a/src/libsync/clientsideencryption.cpp
+++ b/src/libsync/clientsideencryption.cpp
@@ -1482,6 +1482,22 @@ bool ClientSideEncryption::isFolderEncrypted(const QString& path) const {
   return (*it);
 }
 
+bool ClientSideEncryption::isAnyParentFolderEncrypted(const QString &path) const
+{
+    int slashPosition = 0;
+
+    while ((slashPosition = path.indexOf("/", slashPosition + 1)) != -1) {
+        // Ignore the last slash
+        if (slashPosition == path.length() - 1) break;
+
+        if (isFolderEncrypted(path.left(slashPosition + 1))) {
+            return true;
+        }
+    }
+
+    return false;
+}
+
 bool EncryptionHelper::fileEncryption(const QByteArray &key, const QByteArray &iv, QFile *input, QFile *output, QByteArray& returnTag)
 {
     if (!input->open(QIODevice::ReadOnly)) {

diff --git a/src/libsync/clientsideencryption.h b/src/libsync/clientsideencryption.h
index 05425a26f05bef8e295d5116b83727b69f013590..0c92ffa1c2e47b487c1bb39929baaf00a99cc5e2 100644 (file)
--- a/src/libsync/clientsideencryption.h
+++ b/src/libsync/clientsideencryption.h
@@ -83,6 +83,7 @@ public:
 
     // to be used together with FolderStatusModel::FolderInfo::_path.
     bool isFolderEncrypted(const QString& path) const;
+    bool isAnyParentFolderEncrypted(const QString &path) const;
     void setFolderEncryptedStatus(const QString& path, bool status);
 
     void forgetSensitiveData();

diff --git a/theme.qrc b/theme.qrc
index 8ec17e8b349935a8a1e4efccd717f3e824f66649..6adcfdc460a45d383230cd101fcf946a455362cb 100644 (file)
--- a/theme.qrc
+++ b/theme.qrc
@@ -153,6 +153,7 @@
         <file>theme/change.svg</file>
         <file>theme/lock-http.svg</file>
         <file>theme/lock-https.svg</file>
+        <file>theme/lock-broken.svg</file>
         <file>theme/network.svg</file>
         <file>theme/account.svg</file>
         <file>theme/colored/add.svg</file>

diff --git a/theme/lock-broken.svg b/theme/lock-broken.svg
new file mode 100644 (file)
index 0000000..c6cfce6
--- /dev/null
+++ b/theme/lock-broken.svg
@@ -0,0 +1 @@
+<svg width="64" height="64" version="1.1" viewBox="0 0 64 64" xmlns="http://www.w3.org/2000/svg"><path d="m32 4c-9.276 0-15.868 7.4576-16 16v10h-6v18.914l-6 6 5.6562 5.6562 50.914-50.914-5.6562-5.6562-8.7266 8.7266c-2.6278-5.2025-7.9771-8.6518-14.188-8.7266zm0 8c4.5949 0 7.4656 3.2614 7.9062 7.0078l-10.992 10.992h-4.9141v-10c0-4.696 2.988-8 8-8zm16.227 18-30 30h35.773v-30z" fill="#c13030"/></svg>