Merge branch 'dev/4288-Fix_regression_for_nc29' into 'main'

FROM nextcloud:29.0.16-fpm AS nextcloud

ARG BASE_DIR="/usr/src/nextcloud"

ARG TMP_PATCH_DIR="/tmp/build_patches"

ARG THEME_HELPER_JOB_ID="1210583"

ARG THEME_HELPER_JOB_ID="1233399"

ARG NOTES_VERSION="4.11.0"

ARG CONTACTS_JOB_ID="881946"

ARG CALENDAR_JOB_ID="991372"

ARG MEMORIES_VERSION="7.5.2"

ARG DROP_ACCOUNT_VERSION="2.7.1"

RUN sed -i 's/29,0,16,1/29,0,16,2/' ${BASE_DIR}/version.php

RUN sed -i 's/29,0,16,1/29,0,16,3/' ${BASE_DIR}/version.php

COPY custom_entrypoint.sh /

RUN chmod +x /custom_entrypoint.sh

RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images

# Fix API call in files script

RUN sed -i "s/ajax\/getstoragestats/api\/v1\/stats/g" ${BASE_DIR}/apps/files/js/files.js

#fix for who can access data- its needed with 011-privacy-settings.patch

RUN sed -i 's|Your home storage is encrypted using {linkopen}server-side-encryption ↗{linkclose} with a master key\. It means that administrators can access your files, but not read their content\.|Like in most cloud services, a reduced number of administrators can see your files and all the information in the database as they need to make backups, perform upgrades, reset passwords, etc.<br>{linkopen1}Learn more about this topic here.  ↗{linkclose1}|g' ${BASE_DIR}/apps/privacy/js/privacy-main.js

RUN sed -i 's/t((0,n\.Iu)("privacy","Your files on external storages may be encrypted using {linkopen}server-side-encryption ↗{linkclose} with a master key based on their configuration\."))/t("{linkopen}"+(0,n\.Iu)("privacy","To protect your data, we have implemented server-side-encryption on our servers which hides by default the content of your files and notes even to these administrators")+"↗{linkclose}")/g' ${BASE_DIR}/apps/privacy/js/privacy-main.js

RUN sed -i 's|t=t=>e.push(t.replace("{linkopen}",'"'"'<a href="https://nextcloud.com/blog/encryption-in-nextcloud/" target="_blank" rel="noreferrer noopener" class="encryption__link">'"'"').replace("{linkclose}","</a>"))|t=t=>e.push(t.replace("{linkopen}",'"'"'<a href="https://nextcloud.com/blog/encryption-in-nextcloud/" target="_blank" rel="noreferrer noopener" class="encryption__link">'"'"').replace("{linkclose}","</a>"))|g'  ${BASE_DIR}/apps/privacy/js/privacy-main.js

RUN sed -i 's|.replace("{linkclose}","</a>")|.replace("{linkclose}","</a>").replace("{linkopen1}",'"'"'<a href="https://doc.e.foundation/support-topics/services#can-the-ecloud-admin-access-my-data" target="_blank" rel="noreferrer noopener" class="encryption__link">'"'"').replace("{linkclose1}","</a>")|g' ${BASE_DIR}/apps/privacy/js/privacy-main.js

From selfhost as ecloud

ARG BASE_DIR="/usr/src/nextcloud"

ARG TMP_PATCH_DIR="/tmp/build_patches"

ARG THEME_VERSION="29.0.16-beta"

ARG LDAP_WRITE_SUPPORT_VERSION="1.11.0"

ARG THEME_VERSION="29.0.16-beta.2"

ARG LDAP_WRITE_SUPPORT_VERSION="1.11.1"

ARG IS_SELFHOST=false

RUN curl -fsSL -o ldap_write_support.tar.gz \

RUN patch -u ${BASE_DIR}/lib/private/User/Manager.php -i ${TMP_PATCH_DIR}/025-optimize-get-by-email.patch

RUN patch -u ${BASE_DIR}/apps/dav/lib/Connector/Sabre/Principal.php -i ${TMP_PATCH_DIR}/027-displayname-user-leak-dav.patch

RUN patch -u ${BASE_DIR}/apps/dav/lib/HookManager.php -i ${TMP_PATCH_DIR}/028-default-task-calendar.patch

# RUN patch -u ${BASE_DIR}/apps/provisioning_api/lib/Controller/UsersController.php -i ${TMP_PATCH_DIR}/029-restrict-user-to-change-primary-email.patch

RUN patch -u ${BASE_DIR}/apps/provisioning_api/lib/Controller/UsersController.php -i ${TMP_PATCH_DIR}/029-restrict-user-to-change-primary-email.patch

RUN patch -u ${BASE_DIR}/lib/private/Security/VerificationToken/VerificationToken.php -i ${TMP_PATCH_DIR}/033-verification-token-private.patch

RUN patch -u ${BASE_DIR}/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php -i ${TMP_PATCH_DIR}/034-oidc-bearer-token-auth.patch

# Add id to delete account settings section and hide it by default

RUN sed -i 's/"NcSettingsSection",{attrs:{/"NcSettingsSection",{attrs:{id:"delete-account-settings-section",style:"visibility:hidden;",/' ${BASE_DIR}/custom_apps/drop_account/js/drop_account-personal-settings.mjs

# Fix of https://github.com/nextcloud/server/commit/e727a3b00bd9b574279d25c006a0bc6b8fa4eec3 for availability setting

RUN sed -i 's/n.data/await n.text()/' ${BASE_DIR}/dist/dav-settings-personal-availability.js

# Hide personal settings of files_external

RUN sed -i "s/'externalstorages'/null/" ${BASE_DIR}/apps/files_external/lib/Settings/Personal.php

--- ./apps/provisioning_api/lib/Controller/UsersController.php	2023-10-03 07:14:02

+++ ./apps/provisioning_api/lib/Controller/UsersController-new.php	2023-10-11 05:34:04

@@ -613,10 +613,7 @@

 			) {

 				$permittedFields[] = IAccountManager::PROPERTY_DISPLAYNAME;

--- ./apps/provisioning_api/lib/Controller/UsersController.php	2025-06-10 18:21:13.822570507 +0600

+++ ./apps/provisioning_api/lib/Controller/UsersController-new.php	2025-06-16 18:43:19.135040688 +0600

@@ -721,7 +721,7 @@

 			$permittedFields[] = IAccountManager::PROPERTY_EMAIL;

 		}

-			$permittedFields[] = IAccountManager::PROPERTY_EMAIL;

 		}

-

-		$permittedFields[] = IAccountManager::COLLECTION_EMAIL;

+		//$permittedFields[] = IAccountManager::COLLECTION_EMAIL;

 		$permittedFields[] = IAccountManager::PROPERTY_PHONE;

 		$permittedFields[] = IAccountManager::PROPERTY_ADDRESS;

 		$permittedFields[] = IAccountManager::PROPERTY_WEBSITE;

@@ -756,14 +753,9 @@

 					$permittedFields[] = self::USER_FIELD_DISPLAYNAME;

 					$permittedFields[] = IAccountManager::PROPERTY_DISPLAYNAME;

 				}

-				$permittedFields[] = IAccountManager::PROPERTY_EMAIL;

@@ -776,8 +776,8 @@

 		$permittedFields = [];

 		if ($targetUser->getUID() === $currentLoggedInUser->getUID()) {

 			// Editing self (display, email)

-			$permittedFields[] = IAccountManager::COLLECTION_EMAIL;

-			$permittedFields[] = IAccountManager::COLLECTION_EMAIL . self::SCOPE_SUFFIX;

+			//$permittedFields[] = IAccountManager::COLLECTION_EMAIL;

+			//$permittedFields[] = IAccountManager::COLLECTION_EMAIL . self::SCOPE_SUFFIX;

 		} else {

 			// Check if admin / subadmin

 			if ($isAdminOrSubadmin) {

@@ -879,9 +879,9 @@

 			}

 			$permittedFields[] = IAccountManager::PROPERTY_DISPLAYNAME . self::SCOPE_SUFFIX;

-			$permittedFields[] = IAccountManager::PROPERTY_EMAIL . self::SCOPE_SUFFIX;

-

+			//$permittedFields[] = IAccountManager::PROPERTY_EMAIL . self::SCOPE_SUFFIX;

-			$permittedFields[] = IAccountManager::COLLECTION_EMAIL;

-

+			//$permittedFields[] = IAccountManager::COLLECTION_EMAIL;

 			$permittedFields[] = self::USER_FIELD_PASSWORD;

 			$permittedFields[] = self::USER_FIELD_NOTIFICATION_EMAIL;

 			if (

--- lib/private/legacy/OC_Helper.php	2025-02-20 10:12:51.017628329 +0100

+++ lib/private/legacy/OC_Helper-new.php	2025-02-21 15:50:32.660042704 +0100

@@ -539,6 +539,13 @@

 		if ($sourceStorage->instanceOfStorage('\OC\Files\Storage\Wrapper\Quota')) {

 			/** @var \OC\Files\Storage\Wrapper\Quota $storage */

 			$quota = $sourceStorage->getQuota();

+			$recoveryFolder =  \OC::$server->getConfig()->getSystemValue('murena_recovery_folder_path', '');

+			$rootFolder = \OC::$server->get(\OCP\Files\IRootFolder::class);

+			$userFolder = $rootFolder->getUserFolder($storage->getOwner($path));

+			if(!empty($recoveryFolder) && $userFolder->nodeExists($recoveryFolder)){

+				$recoverySize = $userFolder->get($recoveryFolder)->getSize();

+				$used = max($used - $recoverySize, 0);

+			}

 		}

 		try {

 			$free = $sourceStorage->free_space($rootInfo->getInternalPath());

 No newline at end of file