ahtlon/deck
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Merge pull request #4173 from nextcloud/bugfix/noid/card-sanity-check

Browse Source
This commit is contained in:
Julius Härtl
2022-10-31 21:17:31 +01:00
committed by GitHub
parent a231061043 1f66c66ad3
commit 805f185191
7 changed files with 195 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
lib/Service/FilesAppService.php
View File

@@ -138,7 +138,7 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
public function extendData(Attachment $attachment) {
$userFolder = $this->rootFolder->getUserFolder($this->userId);
$share = $this->shareProvider->getShareById($attachment->getId());
$share = $this->getShareForAttachment($attachment);
$files = $userFolder->getById($share->getNode()->getId());
if (count($files) === 0) {
return $attachment;
@@ -161,7 +161,7 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
// Problem: Folders
/** @psalm-suppress InvalidCatch */
try {
$share = $this->shareProvider->getShareById($attachment->getId());
$share = $this->getShareForAttachment($attachment);
} catch (ShareNotFound $e) {
throw new NotFoundException('File not found');
}
@@ -241,7 +241,7 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
}
public function update(Attachment $attachment) {
$share = $this->shareProvider->getShareById($attachment->getId());
$share = $this->getShareForAttachment($attachment);
$target = $share->getNode();
$file = $this->getUploadedFile();
$fileName = $file['name'];
@@ -258,8 +258,13 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
return $attachment;
}
/**
* @throws NoPermissionException
* @throws NotFoundException
* @throws ShareNotFound
*/
public function delete(Attachment $attachment) {
$share = $this->shareProvider->getShareById($attachment->getId());
$share = $this->getShareForAttachment($attachment);
$file = $share->getNode();
$attachment->setData($file->getName());
@@ -282,4 +287,21 @@ class FilesAppService implements IAttachmentService, ICustomAttachmentService {
public function markAsDeleted(Attachment $attachment) {
throw new \Exception('Not implemented');
}
/**
* @throws NoPermissionException
*/
private function getShareForAttachment(Attachment $attachment): IShare {
try {
$share = $this->shareProvider->getShareById($attachment->getId());
} catch (ShareNotFound $e) {
throw new NoPermissionException('No permission to access the attachment from the card');
}
if ((int)$share->getSharedWith() !== (int)$attachment->getCardId()) {
throw new NoPermissionException('No permission to access the attachment from the card');
}
return $share;
}
}