Fix #36114: Update documentation about uploadwriteonly permission

[skshetry]

Description

uploadwriteonly is something we created for only providing read and create but no update permissions. So, read(1) + create(4) = uploadwriteonly(5).

The following scenario makes it clearer.

    Given as user "user0"
    And the user has created a public link share with settings
      | path        | FOLDER          |
      | permissions | uploadwriteonly |
    When the public uploads file "test.txt" with content "test" using the <public-webdav-api-version> public WebDAV API
    Then the HTTP status code should be "201"
    When the public uploads file "test.txt" with content "test2" using the <public-webdav-api-version> public WebDAV API
    Then the HTTP status code should be "403"
    And the content of file "/FOLDER/test.txt" for user "user0" should be "test"

Notice the 403 when trying to update.

Also, SharingHelper::getPermissionSum() does not support derived permissions. So, the annotations/comments on SharingHelper::createShare() (which passes permissions to getPermissionSum()) is lying. This fixes it. Anything derived should be parsed first using Sharing::splitPermissionsString([array]).

#35825 changed Sharing::getPermissionSum() to not handle derived permissions.

Related Issue

• Fixes sortout "uploadwriteonly" permission in acceptance tests #36114

Motivation and Context

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Database schema changes (next release will require increase of minor version instead of patch)
• Breaking change (fix or feature that would cause existing functionality to change)
• Technical debt
• Tests only (no source changes)

Checklist:

• Code changes
• Unit tests added
• Acceptance tests added
• Documentation ticket raised:

Open tasks:

• Backport (if applicable set "backport-request" label and remove when the backport was done)

[phil-davis]

LGTM
I think uploadwriteonly might be what is called "file drop" or "upload only" in some places in the code. But they do not give read access, so I guess we refer to those as "create"

[phil-davis]

Rebased so that drone will try to start

[skshetry]

Drone failed at cache-restore step. Restarted.

[codecov]

Codecov Report

Merging #36215 into master will not change coverage.
The diff coverage is n/a.

@@            Coverage Diff            @@
##             master   #36215   +/-   ##
=========================================
  Coverage     64.83%   64.83%           
  Complexity    19756    19756           
=========================================
  Files          1270     1270           
  Lines         74650    74650           
  Branches       1309     1309           
=========================================
  Hits          48402    48402           
  Misses        25862    25862           
  Partials        386      386

Flag	Coverage Δ	Complexity Δ
#javascript	54% <ø> (ø)	0 <ø> (ø)	⬇️
#phpunit	66.03% <ø> (ø)	19756 <ø> (ø)	⬇️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d2eb8c2...12519e6. Read the comment docs.