Check that the owner of a link share still has share permissions on access
This commit is contained in:
parent
a6ade67dfb
commit
fd9166488b
|
@ -46,7 +46,9 @@ $serverFactory = new OCA\DAV\Connector\Sabre\ServerFactory(
|
|||
|
||||
$requestUri = \OC::$server->getRequest()->getRequestUri();
|
||||
|
||||
$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function () use ($authBackend) {
|
||||
$linkCheckPlugin = new \OCA\DAV\Files\Sharing\PublicLinkCheckPlugin();
|
||||
|
||||
$server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, function (\Sabre\DAV\Server $server) use ($authBackend, $linkCheckPlugin) {
|
||||
$isAjax = (isset($_SERVER['HTTP_X_REQUESTED_WITH']) && $_SERVER['HTTP_X_REQUESTED_WITH'] === 'XMLHttpRequest');
|
||||
if (OCA\Files_Sharing\Helper::isOutgoingServer2serverShareEnabled() === false && !$isAjax) {
|
||||
// this is what is thrown when trying to access a non-existing share
|
||||
|
@ -68,9 +70,13 @@ $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, func
|
|||
OC_Util::setupFS($owner);
|
||||
$ownerView = \OC\Files\Filesystem::getView();
|
||||
$path = $ownerView->getPath($fileId);
|
||||
$fileInfo = $ownerView->getFileInfo($path);
|
||||
$linkCheckPlugin->setFileInfo($fileInfo);
|
||||
|
||||
return new \OC\Files\View($ownerView->getAbsolutePath($path));
|
||||
});
|
||||
|
||||
$server->addPlugin($linkCheckPlugin);
|
||||
|
||||
// And off we go!
|
||||
$server->exec();
|
||||
|
|
|
@ -118,7 +118,7 @@ class ServerFactory {
|
|||
$userFolder = \OC::$server->getUserFolder();
|
||||
|
||||
/** @var \OC\Files\View $view */
|
||||
$view = $viewCallBack();
|
||||
$view = $viewCallBack($server);
|
||||
$rootInfo = $view->getFileInfo('');
|
||||
|
||||
// Create ownCloud Dir
|
||||
|
|
|
@ -0,0 +1,63 @@
|
|||
<?php
|
||||
/**
|
||||
* @author Robin Appelman <icewind@owncloud.com>
|
||||
*
|
||||
* @copyright Copyright (c) 2015, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
|
||||
namespace OCA\DAV\Files\Sharing;
|
||||
|
||||
use OCP\Files\FileInfo;
|
||||
use Sabre\DAV\Exception\NotFound;
|
||||
use Sabre\DAV\ServerPlugin;
|
||||
use Sabre\HTTP\RequestInterface;
|
||||
use Sabre\HTTP\ResponseInterface;
|
||||
|
||||
/**
|
||||
* Verify that the public link share is valid
|
||||
*/
|
||||
class PublicLinkCheckPlugin extends ServerPlugin {
|
||||
/**
|
||||
* @var FileInfo
|
||||
*/
|
||||
private $fileInfo;
|
||||
|
||||
/**
|
||||
* @param FileInfo $fileInfo
|
||||
*/
|
||||
public function setFileInfo($fileInfo) {
|
||||
$this->fileInfo = $fileInfo;
|
||||
}
|
||||
|
||||
/**
|
||||
* This initializes the plugin.
|
||||
*
|
||||
* @param \Sabre\DAV\Server $server Sabre server
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function initialize(\Sabre\DAV\Server $server) {
|
||||
$server->on('beforeMethod', [$this, 'beforeMethod']);
|
||||
}
|
||||
|
||||
public function beforeMethod(RequestInterface $request, ResponseInterface $response){
|
||||
// verify that the owner didn't have his share permissions revoked
|
||||
if ($this->fileInfo && !$this->fileInfo->isShareable()) {
|
||||
throw new NotFound();
|
||||
}
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue