Skip to content

Commit

Permalink
fix: Skip disabled download files when requesting assets
Browse files Browse the repository at this point in the history
Signed-off-by: Julius Härtl <[email protected]>
  • Loading branch information
juliusknorr committed Oct 16, 2024
1 parent 46127d9 commit 432fa5e
Showing 1 changed file with 18 additions and 0 deletions.
18 changes: 18 additions & 0 deletions lib/Controller/AssetsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@

namespace OCA\Richdocuments\Controller;

use OCA\Files_Sharing\SharedStorage;
use OCA\Richdocuments\Db\AssetMapper;
use OCA\Richdocuments\Service\UserScopeService;
use OCP\AppFramework\Controller;
Expand All @@ -34,6 +35,7 @@
use OCP\Files\File;
use OCP\Files\IRootFolder;
use OCP\Files\NotFoundException;
use OCP\Files\NotPermittedException;
use OCP\IRequest;
use OCP\IURLGenerator;

Expand Down Expand Up @@ -72,8 +74,24 @@ public function create($path) {

try {
$node = $userFolder->get($path);

if (!($node instanceof File)) {
return new JSONResponse([], Http::STATUS_NOT_FOUND);
}

$storage = $node->getStorage();
if ($storage->instanceOfStorage(SharedStorage::class)) {
/** @var SharedStorage $storage */
$share = $storage->getShare();
$attributes = $share->getAttributes();
if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {
throw new NotPermittedException();
}
}
} catch (NotFoundException $e) {
return new JSONResponse([], Http::STATUS_NOT_FOUND);
} catch (NotPermittedException $e) {
return new JSONResponse([], Http::STATUS_FORBIDDEN);
}

$asset = $this->assetMapper->newAsset($this->userId, $node->getId());
Expand Down

0 comments on commit 432fa5e

Please sign in to comment.