ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Merge pull request #4485 from nextcloud/fix/permission-userid

Browse Source 
fix: Pass user id along to properly check permissions in background jobs
This commit is contained in:
Joas Schilling
2023-02-27 12:48:15 +01:00
committed by GitHub
parent ff2ad61b6d 1beff8945b
commit 2c96108b2e
1 changed files with 15 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
lib/Service/PermissionService.php
View File

@@ -97,21 +97,26 @@ class PermissionService {
* @param $boardId * @param $boardId
* @return bool|array * @return bool|array
*/ */
public function getPermissions($boardId) { public function getPermissions($boardId, ?string $userId = null) {
if ($cached = $this->permissionCache->get($boardId)) { if ($userId === null) {
$userId = $this->userId;
}
$cacheKey = $boardId . '-' . $userId;
if ($cached = $this->permissionCache->get($cacheKey)) {
return $cached; return $cached;
} }
$owner = $this->userIsBoardOwner($boardId); $owner = $this->userIsBoardOwner($boardId, $userId);
$acls = $this->aclMapper->findAll($boardId); $acls = $this->aclMapper->findAll($boardId);
$permissions = [ $permissions = [
Acl::PERMISSION_READ => $owner || $this->userCan($acls, Acl::PERMISSION_READ), Acl::PERMISSION_READ => $owner || $this->userCan($acls, Acl::PERMISSION_READ, $userId),
Acl::PERMISSION_EDIT => $owner || $this->userCan($acls, Acl::PERMISSION_EDIT), Acl::PERMISSION_EDIT => $owner || $this->userCan($acls, Acl::PERMISSION_EDIT, $userId),
Acl::PERMISSION_MANAGE => $owner || $this->userCan($acls, Acl::PERMISSION_MANAGE), Acl::PERMISSION_MANAGE => $owner || $this->userCan($acls, Acl::PERMISSION_MANAGE, $userId),
Acl::PERMISSION_SHARE => ($owner || $this->userCan($acls, Acl::PERMISSION_SHARE)) Acl::PERMISSION_SHARE => ($owner || $this->userCan($acls, Acl::PERMISSION_SHARE, $userId))
&& (!$this->shareManager->sharingDisabledForUser($this->userId)) && (!$this->shareManager->sharingDisabledForUser($userId))
]; ];
$this->permissionCache->set($boardId, $permissions); $this->permissionCache->set($cacheKey, $permissions);
return $permissions; return $permissions;
} }
@@ -153,7 +158,7 @@ class PermissionService {
throw new NoPermissionException('Permission denied'); throw new NoPermissionException('Permission denied');
} }
$permissions = $this->getPermissions($boardId); $permissions = $this->getPermissions($boardId, $userId);
if ($permissions[$permission] === true) { if ($permissions[$permission] === true) {
return true; return true;
} }