saving with extra permissions

Author: LinneyS

controller/callbackcontroller.php

@@ -466,11 +466,6 @@ public function track($doc, $users, $key, $status, $url, $token, $history, $chan
                     $user = $this->userManager->get($userId);
                     if (!empty($user)) {
                         \OC_User::setUserId($userId);
-                        \OC_Util::setupFS($userId);
-
-                        if ($userId === $hashData->userId) {
-                            $filePath = $hashData->filePath;
-                        }
                     } else {
                         if (empty($shareToken)) {
                             $this->logger->error("Track without token: $fileId status $status", ["app" => $this->appName]);
@@ -480,20 +475,36 @@ public function track($doc, $users, $key, $status, $url, $token, $history, $chan
                         $this->logger->debug("Track $fileId by token for $userId", ["app" => $this->appName]);
                     }
 
+                    // owner of file from the callback link
+                    $ownerId = $hashData->ownerId;
+                    $owner = $this->userManager->get($ownerId);
+
+                    if (!empty($owner)) {
+                        $userId = $ownerId;
+                    } else {
+                        $callbackUserId = $hashData->userId;
+                        $callbackUser = $this->userManager->get($callbackUserId);
+
+                        if (!empty($callbackUser)) {
+                            // author of the callback link
+                            $userId = $callbackUserId;
+
+                            // path for author of the callback link
+                            $filePath = $hashData->filePath;
+                        }
+                    }
+
+                    if (!empty($userId)) {
+                        \OC_Util::setupFS($userId);
+                    }
+
                     list ($file, $error) = empty($shareToken) ? $this->getFile($userId, $fileId, $filePath) : $this->getFileByToken($fileId, $shareToken);
 
                     if (isset($error)) {
                         $this->logger->error("track error $fileId " . json_encode($error->getData()),  ["app" => $this->appName]);
                         return $error;
                     }
 
-                    if (empty($user)) {
-                        $owner = $file->getFileInfo()->getOwner();
-                        if ($owner !== null) {
-                            \OC_Util::setupFS($owner->getUID());
-                        }
-                    }
-
                     $url = $this->config->ReplaceDocumentServerUrlToInternal($url);
 
                     $prevVersion = $file->getFileInfo()->getMtime();

controller/editorapicontroller.php

@@ -391,7 +391,13 @@ public function config($fileId, $filePath = null, $shareToken = null, $directTok
                     && (empty($shareToken) || ($share->getPermissions() & Constants::PERMISSION_UPDATE) === Constants::PERMISSION_UPDATE);
         $params["document"]["permissions"]["edit"] = $editable;
         if (($editable || $restrictedEditing) && ($canEdit || $canFillForms)) {
-            $hashCallback = $this->crypt->GetHash(["userId" => $userId, "fileId" => $file->getId(), "filePath" => $filePath, "shareToken" => $shareToken, "action" => "track"]);
+            $ownerId = null;
+            $owner = $file->getOwner();
+            if (!empty($owner)) {
+                $ownerId = $owner->getUID();
+            }
+
+            $hashCallback = $this->crypt->GetHash(["userId" => $userId, "ownerId" => $ownerId, "fileId" => $file->getId(), "filePath" => $filePath, "shareToken" => $shareToken, "action" => "track"]);
             $callback = $this->urlGenerator->linkToRouteAbsolute($this->appName . ".callback.track", ["doc" => $hashCallback]);
 
             if (!empty($this->config->GetStorageUrl())) {