fix: Allow to opt-in loading image mimes on hide download shares

juliusknorr · juliusknorr · commit fe0c5034d6fc · 2023-08-24T08:29:09.000+02:00
Signed-off-by: Julius Härtl &lt;jus@bitgrid.net&gt;
diff --git a/lib/AppConfig.php b/lib/AppConfig.php
@@ -24,6 +24,10 @@ class AppConfig {
 
 	public const READ_ONLY_FEATURE_LOCK = 'read_only_feature_lock';
 
+	// Load additional mime types (like images) on public share links when hide download is enabled
+	// Default: 'no', set to 'yes' to enable
+	public const USE_SECURE_VIEW_ADDITIONAL_MIMES = 'use_secure_view_additional_mimes';
+
 	private $defaults = [
 		'wopi_url' => '',
 		'timeout' => 15,
@@ -178,4 +182,8 @@ public function getWopiOverride(): array {
 		}
 		return [];
 	}
+
+	public function useSecureViewAdditionalMimes(): bool {
+		return $this->config->getAppValue(Application::APPNAME, self::USE_SECURE_VIEW_ADDITIONAL_MIMES, 'no') === 'yes';
+	}
 }
diff --git a/lib/Capabilities.php b/lib/Capabilities.php
@@ -73,7 +73,26 @@ class Capabilities implements ICapability {
 		'image/svg+xml',
 		'application/pdf',
 		'text/plain',
-		'text/spreadsheet'
+		'text/spreadsheet',
+	];
+
+	public const SECURE_VIEW_ADDITIONAL_MIMES = [
+		'image/jpeg',
+		'image/svg+xml',
+		'image/cgm',
+		'image/vnd.dxf',
+		'image/x-emf',
+		'image/x-wmf',
+		'image/x-wpg',
+		'image/x-freehand',
+		'image/bmp',
+		'image/png',
+		'image/gif',
+		'image/tiff',
+		'image/jpg',
+		'image/jpeg',
+		'text/plain',
+		'application/pdf',
 	];
 
 	private IL10N $l10n;
@@ -124,6 +143,7 @@ public function getCapabilities() {
 					'version' => \OC::$server->getAppManager()->getAppVersion('richdocuments'),
 					'mimetypes' => array_values($filteredMimetypes),
 					'mimetypesNoDefaultOpen' => array_values($optionalMimetypes),
+					'mimetypesSecureView' => $this->config->useSecureViewAdditionalMimes() ? self::SECURE_VIEW_ADDITIONAL_MIMES : [],
 					'collabora' => $collaboraCapabilities,
 					'direct_editing' => isset($collaboraCapabilities['hasMobileSupport']) ?: false,
 					'templates' => isset($collaboraCapabilities['hasTemplateSaveAs']) || isset($collaboraCapabilities['hasTemplateSource']) ?: false,
diff --git a/src/files.js b/src/files.js
@@ -32,7 +32,7 @@ const odfViewer = {
 		|| (typeof OC.getCapabilities().richdocuments.collabora === 'object' && OC.getCapabilities().richdocuments.collabora.length !== 0)),
 	supportedMimes: OC.getCapabilities().richdocuments.mimetypes.concat(OC.getCapabilities().richdocuments.mimetypesNoDefaultOpen),
 	excludeMimeFromDefaultOpen: OC.getCapabilities().richdocuments.mimetypesNoDefaultOpen,
-	hideDownloadMimes: ['image/jpeg', 'image/svg+xml', 'image/cgm', 'image/vnd.dxf', 'image/x-emf', 'image/x-wmf', 'image/x-wpg', 'image/x-freehand', 'image/bmp', 'image/png', 'image/gif', 'image/tiff', 'image/jpg', 'image/jpeg', 'text/plain', 'application/pdf'],
+	hideDownloadMimes: OC.getCapabilities().richdocuments.mimetypesSecureView,
 
 	onEdit(fileName, context) {
 		let fileDir

Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,10 @@ class AppConfig {`
`24`	`24`
`25`	`25`	`public const READ_ONLY_FEATURE_LOCK = 'read_only_feature_lock';`
`26`	`26`
	`27`	`+ // Load additional mime types (like images) on public share links when hide download is enabled`
	`28`	`+ // Default: 'no', set to 'yes' to enable`
	`29`	`+ public const USE_SECURE_VIEW_ADDITIONAL_MIMES = 'use_secure_view_additional_mimes';`
	`30`	`+`
`27`	`31`	`private $defaults = [`
`28`	`32`	`'wopi_url' => '',`
`29`	`33`	`'timeout' => 15,`
`@@ -178,4 +182,8 @@ public function getWopiOverride(): array {`
`178`	`182`	`}`
`179`	`183`	`return [];`
`180`	`184`	`}`
	`185`	`+`
	`186`	`+ public function useSecureViewAdditionalMimes(): bool {`
	`187`	`+ return $this->config->getAppValue(Application::APPNAME, self::USE_SECURE_VIEW_ADDITIONAL_MIMES, 'no') === 'yes';`
	`188`	`+ }`
`181`	`189`	`}`