diff --git a/appinfo/application.php b/appinfo/application.php index 2232d78bb1..595b0619db 100644 --- a/appinfo/application.php +++ b/appinfo/application.php @@ -126,7 +126,8 @@ public function __construct(array $urlParams = []) { $c->query('ConfigService'), $c->query('SearchMediaService'), $c->query('DownloadService'), - $c->query('Logger') + $c->query('Logger'), + $c->query('OCP\Share\IManager') ); } ); @@ -140,7 +141,8 @@ public function __construct(array $urlParams = []) { $c->query('ConfigService'), $c->query('SearchMediaService'), $c->query('DownloadService'), - $c->query('Logger') + $c->query('Logger'), + $c->query('OCP\Share\IManager') ); } ); @@ -154,7 +156,8 @@ public function __construct(array $urlParams = []) { $c->query('ConfigService'), $c->query('SearchMediaService'), $c->query('DownloadService'), - $c->query('Logger') + $c->query('Logger'), + $c->query('OCP\Share\IManager') ); } ); diff --git a/controller/filesapicontroller.php b/controller/filesapicontroller.php index 517107c18b..eb3bdb1c6e 100644 --- a/controller/filesapicontroller.php +++ b/controller/filesapicontroller.php @@ -26,6 +26,7 @@ use OCA\Gallery\Service\SearchMediaService; use OCA\Gallery\Service\DownloadService; use OCA\Gallery\Service\ServiceException; +use OCP\Share\IManager; /** * Class FilesApiController @@ -39,6 +40,9 @@ class FilesApiController extends ApiController { /** @var IURLGenerator */ private $urlGenerator; + /** @var IManager */ + private $shareManager; + /** * Constructor * @@ -50,6 +54,7 @@ class FilesApiController extends ApiController { * @param SearchMediaService $searchMediaService * @param DownloadService $downloadService * @param ILogger $logger + * @param IManager $shareManager */ public function __construct( $appName, @@ -59,7 +64,8 @@ public function __construct( ConfigService $configService, SearchMediaService $searchMediaService, DownloadService $downloadService, - ILogger $logger + ILogger $logger, + IManager $shareManager ) { parent::__construct($appName, $request); @@ -69,6 +75,7 @@ public function __construct( $this->searchMediaService = $searchMediaService; $this->downloadService = $downloadService; $this->logger = $logger; + $this->shareManager = $shareManager; } /** @@ -90,6 +97,17 @@ public function __construct( public function getList($location, $features, $etag, $mediatypes) { $featuresArray = \explode(';', $features); $mediaTypesArray = \explode(';', $mediatypes); + + $token = $this->request->getParam('token'); + if ($token) { + $share = $this->shareManager->getShareByToken($token); + + // Prevent user to see directory content if share is a file drop + if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) !== \OCP\Constants::PERMISSION_READ) { + return $this->formatResults([], [], [], "", ""); + } + } + try { return $this->getFilesAndAlbums($location, $featuresArray, $etag, $mediaTypesArray); } catch (\Exception $exception) { diff --git a/controller/filescontroller.php b/controller/filescontroller.php index e61f3800de..a32b7fe783 100644 --- a/controller/filescontroller.php +++ b/controller/filescontroller.php @@ -26,6 +26,7 @@ use OCA\Gallery\Service\SearchMediaService; use OCA\Gallery\Service\DownloadService; use OCA\Gallery\Service\ServiceException; +use OCP\Share\IManager; /** * Class FilesController @@ -39,6 +40,9 @@ class FilesController extends Controller { /** @var IURLGenerator */ private $urlGenerator; + /** @var IManager */ + private $shareManager; + /** * Constructor * @@ -50,6 +54,7 @@ class FilesController extends Controller { * @param SearchMediaService $searchMediaService * @param DownloadService $downloadService * @param ILogger $logger + * @param IManager $shareManager */ public function __construct( $appName, @@ -59,7 +64,8 @@ public function __construct( ConfigService $configService, SearchMediaService $searchMediaService, DownloadService $downloadService, - ILogger $logger + ILogger $logger, + IManager $shareManager ) { parent::__construct($appName, $request); @@ -69,6 +75,7 @@ public function __construct( $this->searchMediaService = $searchMediaService; $this->downloadService = $downloadService; $this->logger = $logger; + $this->shareManager = $shareManager; } /** @@ -93,6 +100,17 @@ public function __construct( public function getList($location, $features, $etag, $mediatypes) { $featuresArray = \explode(';', $features); $mediaTypesArray = \explode(';', $mediatypes); + + $token = $this->request->getParam('token'); + if ($token) { + $share = $this->shareManager->getShareByToken($token); + + // Prevent user to see directory content if share is a file drop + if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) !== \OCP\Constants::PERMISSION_READ) { + return $this->formatResults([], [], [], "", ""); + } + } + try { return $this->getFilesAndAlbums($location, $featuresArray, $etag, $mediaTypesArray); } catch (\Exception $exception) { diff --git a/tests/unit/controller/FilesApiControllerTest.php b/tests/unit/controller/FilesApiControllerTest.php index fc15b82a1c..04af6fe9bd 100644 --- a/tests/unit/controller/FilesApiControllerTest.php +++ b/tests/unit/controller/FilesApiControllerTest.php @@ -35,7 +35,8 @@ public function setUp(): void { $this->configService, $this->searchMediaService, $this->downloadService, - $this->logger + $this->logger, + $this->shareManager ); } diff --git a/tests/unit/controller/FilesControllerTest.php b/tests/unit/controller/FilesControllerTest.php index 437c573ba6..7d23c6f0db 100644 --- a/tests/unit/controller/FilesControllerTest.php +++ b/tests/unit/controller/FilesControllerTest.php @@ -31,6 +31,8 @@ use OCA\Gallery\Service\SearchMediaService; use OCA\Gallery\Service\DownloadService; use OCA\Gallery\Service\NotFoundServiceException; +use OCP\Share\IManager; +use OCP\Share\IShare; /** * Class FilesControllerTest @@ -60,6 +62,8 @@ class FilesControllerTest extends \Test\GalleryUnitTest { protected $downloadService; /** @var ILogger */ protected $logger; + /** @var IManager */ + protected $shareManager; /** * Test set up @@ -94,6 +98,10 @@ public function setUp(): void { $this->logger = $this->getMockBuilder('\OCP\ILogger') ->disableOriginalConstructor() ->getMock(); + $this->shareManager = $this->getMockBuilder('\OCP\Share\IManager') + ->disableOriginalConstructor() + ->getMock(); + $this->controller = new FilesController( $this->appName, $this->request, @@ -102,7 +110,8 @@ public function setUp(): void { $this->configService, $this->searchMediaService, $this->downloadService, - $this->logger + $this->logger, + $this->shareManager ); } @@ -310,6 +319,38 @@ public function testGetReducedPath($file, $fixedPath, $folderPathFromRoot) { $this->assertEquals($fixedPath, $response); } + public function testGetFilesWithFileDropShare() { + $location = 'folder'; + $etag = 1111222233334444; + $features = ''; + $mediatypes = 'image/png'; + + $this->request->expects($this->once()) + ->method('getParam') + ->willReturn('param'); + + $shareMock = $this->createMock(IShare::class); + $shareMock->expects($this->once()) + ->method('getPermissions') + ->willReturn(\OCP\Constants::PERMISSION_CREATE); + + $this->shareManager->expects($this->once()) + ->method('getShareByToken') + ->willReturn($shareMock); + + $response = $this->controller->getList($location, $features, $etag, $mediatypes); + + $expectedResponse = [ + 'files' => [], + 'albums' => [], + 'albumconfig' => [], + 'albumpath' => "", + 'updated' => "" + ]; + + $this->assertEquals($expectedResponse, $response); + } + /** * Mocks IURLGenerator->linkToRoute * diff --git a/tests/unit/controller/FilesPublicControllerTest.php b/tests/unit/controller/FilesPublicControllerTest.php index 2bc5e63e4a..96ad5a5a8d 100644 --- a/tests/unit/controller/FilesPublicControllerTest.php +++ b/tests/unit/controller/FilesPublicControllerTest.php @@ -30,7 +30,8 @@ public function setUp(): void { $this->configService, $this->searchMediaService, $this->downloadService, - $this->logger + $this->logger, + $this->shareManager ); } }