Don't return files when accessing a share files drop

appinfo/application.php

@@ -126,7 +126,8 @@ public function __construct(array $urlParams = []) {
 				$c->query('ConfigService'),
 				$c->query('SearchMediaService'),
 				$c->query('DownloadService'),
-				$c->query('Logger')
+				$c->query('Logger'),
+				$c->query('OCP\Share\IManager')
 			);
 			}
 		);
@@ -140,7 +141,8 @@ public function __construct(array $urlParams = []) {
 				$c->query('ConfigService'),
 				$c->query('SearchMediaService'),
 				$c->query('DownloadService'),
-				$c->query('Logger')
+				$c->query('Logger'),
+				$c->query('OCP\Share\IManager')
 			);
 			}
 		);
@@ -154,7 +156,8 @@ public function __construct(array $urlParams = []) {
 				$c->query('ConfigService'),
 				$c->query('SearchMediaService'),
 				$c->query('DownloadService'),
-				$c->query('Logger')
+				$c->query('Logger'),
+				$c->query('OCP\Share\IManager')
 			);
 			}
 		);

controller/filesapicontroller.php

@@ -26,6 +26,7 @@
 use OCA\Gallery\Service\SearchMediaService;
 use OCA\Gallery\Service\DownloadService;
 use OCA\Gallery\Service\ServiceException;
+use OCP\Share\IManager;
 
 /**
  * Class FilesApiController
@@ -39,6 +40,9 @@ class FilesApiController extends ApiController {
 	/** @var IURLGenerator */
 	private $urlGenerator;
 
+	/** @var IManager */
+	private $shareManager;
+
 	/**
 	 * Constructor
 	 *
@@ -50,6 +54,7 @@ class FilesApiController extends ApiController {
 	 * @param SearchMediaService $searchMediaService
 	 * @param DownloadService $downloadService
 	 * @param ILogger $logger
+	 * @param IManager $shareManager
 	 */
 	public function __construct(
 		$appName,
@@ -59,7 +64,8 @@ public function __construct(
 		ConfigService $configService,
 		SearchMediaService $searchMediaService,
 		DownloadService $downloadService,
-		ILogger $logger
+		ILogger $logger,
+		IManager $shareManager
 	) {
 		parent::__construct($appName, $request);
 
@@ -69,6 +75,7 @@ public function __construct(
 		$this->searchMediaService = $searchMediaService;
 		$this->downloadService = $downloadService;
 		$this->logger = $logger;
+		$this->shareManager = $shareManager;
 	}
 
 	/**
@@ -90,6 +97,17 @@ public function __construct(
 	public function getList($location, $features, $etag, $mediatypes) {
 		$featuresArray = \explode(';', $features);
 		$mediaTypesArray = \explode(';', $mediatypes);
+
+		$token = $this->request->getParam('token');
+		if ($token) {
+			$share = $this->shareManager->getShareByToken($token);
+
+			// Prevent user to see directory content if share is a file drop
+			if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) !== \OCP\Constants::PERMISSION_READ) {
+				return $this->formatResults([], [], [], "", "");
+			}
+		}
+
 		try {
 			return $this->getFilesAndAlbums($location, $featuresArray, $etag, $mediaTypesArray);
 		} catch (\Exception $exception) {

controller/filescontroller.php

@@ -26,6 +26,7 @@
 use OCA\Gallery\Service\SearchMediaService;
 use OCA\Gallery\Service\DownloadService;
 use OCA\Gallery\Service\ServiceException;
+use OCP\Share\IManager;
 
 /**
  * Class FilesController
@@ -39,6 +40,9 @@ class FilesController extends Controller {
 	/** @var IURLGenerator */
 	private $urlGenerator;
 
+	/** @var IManager */
+	private $shareManager;
+
 	/**
 	 * Constructor
 	 *
@@ -50,6 +54,7 @@ class FilesController extends Controller {
 	 * @param SearchMediaService $searchMediaService
 	 * @param DownloadService $downloadService
 	 * @param ILogger $logger
+	 * @param IManager $shareManager
 	 */
 	public function __construct(
 		$appName,
@@ -59,7 +64,8 @@ public function __construct(
 		ConfigService $configService,
 		SearchMediaService $searchMediaService,
 		DownloadService $downloadService,
-		ILogger $logger
+		ILogger $logger,
+		IManager $shareManager
 	) {
 		parent::__construct($appName, $request);
 
@@ -69,6 +75,7 @@ public function __construct(
 		$this->searchMediaService = $searchMediaService;
 		$this->downloadService = $downloadService;
 		$this->logger = $logger;
+		$this->shareManager = $shareManager;
 	}
 
 	/**
@@ -93,6 +100,17 @@ public function __construct(
 	public function getList($location, $features, $etag, $mediatypes) {
 		$featuresArray = \explode(';', $features);
 		$mediaTypesArray = \explode(';', $mediatypes);
+
+		$token = $this->request->getParam('token');
+		if ($token) {
+			$share = $this->shareManager->getShareByToken($token);
+
+			// Prevent user to see directory content if share is a file drop
+			if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) !== \OCP\Constants::PERMISSION_READ) {
+				return $this->formatResults([], [], [], "", "");
+			}
+		}
+
 		try {
 			return $this->getFilesAndAlbums($location, $featuresArray, $etag, $mediaTypesArray);
 		} catch (\Exception $exception) {

tests/unit/controller/FilesApiControllerTest.php

@@ -35,7 +35,8 @@ public function setUp(): void {
 			$this->configService,
 			$this->searchMediaService,
 			$this->downloadService,
-			$this->logger
+			$this->logger,
+			$this->shareManager
 		);
 	}
 

tests/unit/controller/FilesControllerTest.php

@@ -31,6 +31,8 @@
 use OCA\Gallery\Service\SearchMediaService;
 use OCA\Gallery\Service\DownloadService;
 use OCA\Gallery\Service\NotFoundServiceException;
+use OCP\Share\IManager;
+use OCP\Share\IShare;
 
 /**
  * Class FilesControllerTest
@@ -60,6 +62,8 @@ class FilesControllerTest extends \Test\GalleryUnitTest {
 	protected $downloadService;
 	/** @var ILogger */
 	protected $logger;
+	/** @var IManager */
+	protected $shareManager;
 
 	/**
 	 * Test set up
@@ -94,6 +98,10 @@ public function setUp(): void {
 		$this->logger = $this->getMockBuilder('\OCP\ILogger')
 							 ->disableOriginalConstructor()
 							 ->getMock();
+		$this->shareManager = $this->getMockBuilder('\OCP\Share\IManager')
+			->disableOriginalConstructor()
+			->getMock();
+
 		$this->controller = new FilesController(
 			$this->appName,
 			$this->request,
@@ -102,7 +110,8 @@ public function setUp(): void {
 			$this->configService,
 			$this->searchMediaService,
 			$this->downloadService,
-			$this->logger
+			$this->logger,
+			$this->shareManager
 		);
 	}
 
@@ -310,6 +319,38 @@ public function testGetReducedPath($file, $fixedPath, $folderPathFromRoot) {
 		$this->assertEquals($fixedPath, $response);
 	}
 
+	public function testGetFilesWithFileDropShare() {
+		$location = 'folder';
+		$etag = 1111222233334444;
+		$features = '';
+		$mediatypes = 'image/png';
+
+		$this->request->expects($this->once())
+			->method('getParam')
+			->willReturn('param');
+
+		$shareMock = $this->createMock(IShare::class);
+		$shareMock->expects($this->once())
+			->method('getPermissions')
+			->willReturn(\OCP\Constants::PERMISSION_CREATE);
+
+		$this->shareManager->expects($this->once())
+			->method('getShareByToken')
+			->willReturn($shareMock);
+
+		$response = $this->controller->getList($location, $features, $etag, $mediatypes);
+
+		$expectedResponse = [
+			'files'       => [],
+			'albums'      => [],
+			'albumconfig' => [],
+			'albumpath'   => "",
+			'updated'     => ""
+		];
+
+		$this->assertEquals($expectedResponse, $response);
+	}
+
 	/**
 	 * Mocks IURLGenerator->linkToRoute
 	 *

tests/unit/controller/FilesPublicControllerTest.php

@@ -30,7 +30,8 @@ public function setUp(): void {
 			$this->configService,
 			$this->searchMediaService,
 			$this->downloadService,
-			$this->logger
+			$this->logger,
+			$this->shareManager
 		);
 	}
 }