plugins-nextcloud-mirror/richdocuments
1
0
Fork 0
mirror of https://github.com/nextcloud/richdocuments.git synced 2025-12-17 21:12:14 +01:00
Code Projects Releases Activity

fix(SecureView): node cannot be found when within groupfolder

Browse source 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon 2025-10-02 10:39:34 +02:00 committed by backportbot[bot]
parent 609068353f
commit 924baded11
2 changed files with 26 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
lib/PermissionManager.php
View file

@ -9,6 +9,7 @@ declare(strict_types=1);
namespace OCA\Richdocuments;
use OCP\Constants;
use OCP\Files\Cache\ICacheEntry;
use OCP\Files\Node;
use OCP\IConfig;
use OCP\IGroupManager;
@ -112,18 +113,21 @@ class PermissionManager {
return false;
}
public function shouldWatermark(Node $node, ?string $userId = null, ?IShare $share = null): bool {
public function shouldWatermark(Node|ICacheEntry $nodeOrCacheEntry, ?string $userId = null, ?IShare $share = null, ?string $ownerId = null): bool {
if ($this->config->getAppValue(AppConfig::WATERMARK_APP_NAMESPACE, 'watermark_enabled', 'no') === 'no') {
return false;
}
if (!in_array($node->getMimetype(), $this->appConfig->getMimeTypes(), true)) {
if (!in_array($nodeOrCacheEntry->getMimetype(), $this->appConfig->getMimeTypes(), true)) {
return false;
}
$fileId = $node->getId();
$fileId = $nodeOrCacheEntry->getId();
$isUpdatable = $node->isUpdateable() && (!$share || $share->getPermissions() & Constants::PERMISSION_UPDATE);
$isUpdatable = $nodeOrCacheEntry instanceof Node
? $nodeOrCacheEntry->isUpdateable()
: $nodeOrCacheEntry->getPermissions() & Constants::PERMISSION_UPDATE;
$isUpdatable = $isUpdatable && (!$share || $share->getPermissions() & Constants::PERMISSION_UPDATE);
$hasShareAttributes = $share && method_exists($share, 'getAttributes') && $share->getAttributes() instanceof IAttributes;
$isDisabledDownload = $hasShareAttributes && $share->getAttributes()->getAttribute('permissions', 'download') === false;
@ -153,7 +157,10 @@ class PermissionManager {
}
if ($this->config->getAppValue(AppConfig::WATERMARK_APP_NAMESPACE, 'watermark_shareAll', 'no') === 'yes') {
if ($userId === null || $node->getOwner()?->getUID() !== $userId) {
if (!$ownerId && $nodeOrCacheEntry instanceof Node) {
$ownerId = $nodeOrCacheEntry->getOwner()?->getUID();
}
if ($userId === null || $ownerId !== $userId) {
return true;
}
}

22
lib/Storage/SecureViewWrapper.php
View file

@ -89,19 +89,25 @@ class SecureViewWrapper extends Wrapper {
fclose($fp);
}
try {
$node = $this->rootFolder->get($this->mountPoint . $path);
} catch (NotFoundException) {
// If the file is just created we may need to check the parent as this is only just about figuring out if it is a share
$node = $this->rootFolder->get(dirname($this->mountPoint . $path));
$storage = $sourceStorage ?? $this;
$cacheEntry = $storage->getCache()->get($path);
if (!$cacheEntry) {
$parent = dirname($path);
if ($parent === '.') {
$parent = '';
}
$cacheEntry = $storage->getCache()->get($parent);
if (!$cacheEntry) {
throw new NotFoundException(sprintf('Could not find cache entry for path and parent of %s within storage %s ', $path, $storage->getId()));
}
}
$isSharedStorage = $node->getStorage()->instanceOfStorage(ISharedStorage::class);
$isSharedStorage = $storage->instanceOfStorage(ISharedStorage::class);
$share = $isSharedStorage ? $node->getStorage()->getShare() : null;
$share = $isSharedStorage ? $storage->getShare() : null;
$userId = $this->userSession->getUser()?->getUID();
return $this->permissionManager->shouldWatermark($node, $userId, $share);
return $this->permissionManager->shouldWatermark($cacheEntry, $userId, $share, $storage->getOwner($path) ?: null);
}