ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Fix not found acls and cleanup mappers

Browse Source
This commit is contained in:
Julius Haertl
2016-10-28 00:03:00 +02:00
parent 33714da18d
commit 1167ca14a8
7 changed files with 22 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
lib/Db/AclMapper.php
View File

@@ -42,7 +42,7 @@ class AclMapper extends DeckMapper implements IPermissionMapper {
} }
public function isOwner($userId, $aclId) { public function isOwner($userId, $aclId) {
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_board_acl` WHERE id = ?)'; $sql = 'SELECT owner FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_board_acl` WHERE id = ?)';
$stmt = $this->execute($sql, [$aclId]); $stmt = $this->execute($sql, [$aclId]);
$row = $stmt->fetch(); $row = $stmt->fetch();
return ($row['owner'] === $userId); return ($row['owner'] === $userId);

19
lib/Db/BoardMapper.php
View File

@@ -131,25 +131,6 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
return parent::delete($entity); return parent::delete($entity);
} }
public function userCanView($boardId, $userInfo) {
$board = $this->find($boardId);
if($board->getOwner()===$userInfo['user']) {
return true;
}
try {
$sql = 'SELECT acl.* FROM oc_deck_boards as boards ' .
'JOIN oc_deck_board_acl as acl ON boards.id=acl.board_id WHERE acl.participant=? AND acl.type=\'user\' AND boards.id = ? AND boards.owner != ?';
$acl = $this->find($sql, [$userInfo['user'], $boardId, $userInfo['user']], $limit, $offset);
return true;
} catch (Exception $e) { }
try {
$acl = $this->find($sql, [$userInfo['user'], $boardId, $userInfo['user']], $limit, $offset);
return true;
} catch (Exception $e) {
}
}
public function isOwner($userId, $boardId) { public function isOwner($userId, $boardId) {
$board = $this->find($boardId); $board = $this->find($boardId);
return ($board->getOwner() === $userId); return ($board->getOwner() === $userId);

4
lib/Db/CardMapper.php
View File

@@ -120,14 +120,14 @@ class CardMapper extends Mapper implements IPermissionMapper {
} }
public function isOwner($userId, $cardId) { public function isOwner($userId, $cardId) {
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id IN (SELECT stack_id FROM `*PREFIX*deck_cards` WHERE id = ?))'; $sql = 'SELECT owner FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id IN (SELECT stack_id FROM `*PREFIX*deck_cards` WHERE id = ?))';
$stmt = $this->execute($sql, [$cardId]); $stmt = $this->execute($sql, [$cardId]);
$row = $stmt->fetch(); $row = $stmt->fetch();
return ($row['owner'] === $userId); return ($row['owner'] === $userId);
} }
public function findBoardId($cardId) { public function findBoardId($cardId) {
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id IN (SELECT stack_id FROM `*PREFIX*deck_cards` WHERE id = ?))'; $sql = 'SELECT id FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id IN (SELECT stack_id FROM `*PREFIX*deck_cards` WHERE id = ?))';
$stmt = $this->execute($sql, [$cardId]); $stmt = $this->execute($sql, [$cardId]);
$row = $stmt->fetch(); $row = $stmt->fetch();
return $row['id']; return $row['id'];

3
lib/Db/LabelMapper.php
View File

@@ -25,7 +25,6 @@ namespace OCA\Deck\Db;
use OCP\AppFramework\Db\Entity; use OCP\AppFramework\Db\Entity;
use OCP\IDb; use OCP\IDb;
use OCP\AppFramework\Db\Mapper;
class LabelMapper extends DeckMapper implements IPermissionMapper { class LabelMapper extends DeckMapper implements IPermissionMapper {
@@ -84,7 +83,7 @@ class LabelMapper extends DeckMapper implements IPermissionMapper {
} }
public function isOwner($userId, $labelId) { public function isOwner($userId, $labelId) {
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_labels` WHERE id = ?)'; $sql = 'SELECT owner FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_labels` WHERE id = ?)';
$stmt = $this->execute($sql, [$labelId]); $stmt = $this->execute($sql, [$labelId]);
$row = $stmt->fetch(); $row = $stmt->fetch();
return ($row['owner'] === $userId); return ($row['owner'] === $userId);

2
lib/Db/StackMapper.php
View File

@@ -62,7 +62,7 @@ class StackMapper extends Mapper implements IPermissionMapper {
} }
public function isOwner($userId, $stackId) { public function isOwner($userId, $stackId) {
$sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id = ?)'; $sql = 'SELECT owner FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id = ?)';
$stmt = $this->execute($sql, [$stackId]); $stmt = $this->execute($sql, [$stackId]);
$row = $stmt->fetch(); $row = $stmt->fetch();
return ($row['owner'] === $userId); return ($row['owner'] === $userId);

20
lib/Middleware/SharingMiddleware.php
View File

@@ -29,6 +29,7 @@ use OCA\Deck\Controller\LabelController;
use OCA\Deck\Controller\PageController; use OCA\Deck\Controller\PageController;
use OCA\Deck\Controller\ShareController; use OCA\Deck\Controller\ShareController;
use OCA\Deck\NoPermissionException; use OCA\Deck\NoPermissionException;
use OCA\Deck\NotFoundException;
use \OCP\AppFramework\Middleware; use \OCP\AppFramework\Middleware;
use OCP\IContainer; use OCP\IContainer;
use OCP\IRequest; use OCP\IRequest;
@@ -192,15 +193,18 @@ class SharingMiddleware extends Middleware {
* @return bool * @return bool
*/ */
public function checkMapperPermission($permission, $userId, $mapper, $id) { public function checkMapperPermission($permission, $userId, $mapper, $id) {
// FIXME: This fails with no permission if $id doesn't exist // check if current user is owner
// We need some fallback to doesn't exist here
// is owner
if ($mapper->isOwner($userId, $id)) { if ($mapper->isOwner($userId, $id)) {
return true; return true;
} }
// check if is in acl
// find related board
$boardId = $mapper->findBoardId($id); $boardId = $mapper->findBoardId($id);
if(!$boardId) {
throw new NotFoundException("Entity not found");
}
// check if is in acl
$acls = $this->aclMapper->findAll($boardId); $acls = $this->aclMapper->findAll($boardId);
// check for users // check for users
foreach ($acls as $acl) { foreach ($acls as $acl) {
@@ -234,6 +238,12 @@ class SharingMiddleware extends Middleware {
"message" => $exception->getMessage() "message" => $exception->getMessage()
], 401); ], 401);
} }
if (is_a($exception, '\OCA\Deck\NotFoundException')) {
return new JSONResponse([
"status" => 404,
"message" => $exception->getMessage()
], 404);
}
throw $exception; throw $exception;
} }

7
lib/NotFoundException.php
View File

@@ -24,12 +24,9 @@
namespace OCA\Deck; namespace OCA\Deck;
class NoPermissionException extends \Exception { class NotFoundException extends \Exception {
public function __construct($message, $controller=null, $method=null) { public function __construct($message) {
parent::__construct($message); parent::__construct($message);
if($controller && $method) {
$this->message = get_class($controller) . "#" . $method . ": " . $message;
}
} }
} }