feat(files): Add appconfig value to disable fixed userfolder permissi…

…ons optimization Signed-off-by: Robin Appelman <[email protected]> Signed-off-by: Louis Chemineau <[email protected]>
nextcloud · artonge · Oct 1, 2025 · Sep 25, 2025 · Sep 26, 2025 · Sep 26, 2025
commit bd8a0ec3cfd0af9f6d7183d7753ea52ef772c1df
@@ -50,6 +50,7 @@
     'OCA\\Files\\Command\\ScanAppData' => $baseDir . '/../lib/Command/ScanAppData.php',
     'OCA\\Files\\Command\\TransferOwnership' => $baseDir . '/../lib/Command/TransferOwnership.php',
     'OCA\\Files\\Command\\WindowsCompatibleFilenames' => $baseDir . '/../lib/Command/WindowsCompatibleFilenames.php',
+    'OCA\\Files\\ConfigLexicon' => $baseDir . '/../lib/ConfigLexicon.php',
     'OCA\\Files\\Controller\\ApiController' => $baseDir . '/../lib/Controller/ApiController.php',
     'OCA\\Files\\Controller\\ConversionApiController' => $baseDir . '/../lib/Controller/ConversionApiController.php',
     'OCA\\Files\\Controller\\DirectEditingController' => $baseDir . '/../lib/Controller/DirectEditingController.php',

@@ -65,6 +65,7 @@ class ComposerStaticInitFiles
         'OCA\\Files\\Command\\ScanAppData' => __DIR__ . '/..' . '/../lib/Command/ScanAppData.php',
         'OCA\\Files\\Command\\TransferOwnership' => __DIR__ . '/..' . '/../lib/Command/TransferOwnership.php',
         'OCA\\Files\\Command\\WindowsCompatibleFilenames' => __DIR__ . '/..' . '/../lib/Command/WindowsCompatibleFilenames.php',
+        'OCA\\Files\\ConfigLexicon' => __DIR__ . '/..' . '/../lib/ConfigLexicon.php',
         'OCA\\Files\\Controller\\ApiController' => __DIR__ . '/..' . '/../lib/Controller/ApiController.php',
         'OCA\\Files\\Controller\\ConversionApiController' => __DIR__ . '/..' . '/../lib/Controller/ConversionApiController.php',
         'OCA\\Files\\Controller\\DirectEditingController' => __DIR__ . '/..' . '/../lib/Controller/DirectEditingController.php',

@@ -13,6 +13,7 @@
 use OCA\Files\Capabilities;
 use OCA\Files\Collaboration\Resources\Listener;
 use OCA\Files\Collaboration\Resources\ResourceProvider;
+use OCA\Files\ConfigLexicon;
 use OCA\Files\Controller\ApiController;
 use OCA\Files\Dashboard\FavoriteWidget;
 use OCA\Files\DirectEditingCapabilities;
@@ -124,6 +125,9 @@ public function register(IRegistrationContext $context): void {
 
 		$context->registerNotifierService(Notifier::class);
 		$context->registerDashboardWidget(FavoriteWidget::class);
+
+		$context->registerConfigLexicon(ConfigLexicon::class);
+
 	}
 
 	public function boot(IBootContext $context): void {

@@ -0,0 +1,46 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Files;
+
+use OCP\Config\Lexicon\Entry;
+use OCP\Config\Lexicon\ILexicon;
+use OCP\Config\Lexicon\Strictness;
+use OCP\Config\ValueType;
+
+/**
+ * Config Lexicon for files.
+ *
+ * Please Add & Manage your Config Keys in that file and keep the Lexicon up to date!
+ *
+ * {@see ILexicon}
+ */
+class ConfigLexicon implements ILexicon {
+	public const OVERWRITES_HOME_FOLDERS = 'overwrites_home_folders';
+
+	public function getStrictness(): Strictness {
+		return Strictness::NOTICE;
+	}
+
+	public function getAppConfigs(): array {
+		return [
+			new Entry(
+				self::OVERWRITES_HOME_FOLDERS,
+				ValueType::ARRAY,
+				defaultRaw: [],
+				definition: 'List of applications overwriting home folders',
+				lazy: false,
+				note: 'It will be populated with app IDs of mount providers that overwrite home folders. Currently, only files_external and groupfolders.',
+			),
+		];
+	}
+
+	public function getUserConfigs(): array {
+		return [];
+	}
+}
@@ -19,38 +19,50 @@
 use Psr\Log\LoggerInterface;
 
 class LazyUserFolder extends LazyFolder {
-	private IUser $user;
 	private string $path;
-	private IMountManager $mountManager;
 
-	public function __construct(IRootFolder $rootFolder, IUser $user, IMountManager $mountManager) {
-		$this->user = $user;
-		$this->mountManager = $mountManager;
+	public function __construct(
+		IRootFolder $rootFolder,
+		private IUser $user,
+		private IMountManager $mountManager,
+		bool $useDefaultHomeFoldersPermissions = true,
+	) {
 		$this->path = '/' . $user->getUID() . '/files';
-		parent::__construct($rootFolder, function () use ($user): Folder {
-			try {
-				$node = $this->getRootFolder()->get($this->path);
-				if ($node instanceof File) {
-					$e = new \RuntimeException();
-					\OCP\Server::get(LoggerInterface::class)->error('User root storage is not a folder: ' . $this->path, [
-						'exception' => $e,
-					]);
-					throw $e;
-				}
-				return $node;
-			} catch (NotFoundException $e) {
-				if (!$this->getRootFolder()->nodeExists('/' . $user->getUID())) {
-					$this->getRootFolder()->newFolder('/' . $user->getUID());
-				}
-				return $this->getRootFolder()->newFolder($this->path);
-			}
-		}, [
+		$data = [
 			'path' => $this->path,
-			// Sharing user root folder is not allowed
-			'permissions' => Constants::PERMISSION_ALL ^ Constants::PERMISSION_SHARE,
 			'type' => FileInfo::TYPE_FOLDER,
 			'mimetype' => FileInfo::MIMETYPE_FOLDER,
-		]);
+		];
+
+		// By default, we assume the permissions for the users' home folders.
+		// If a mount point is mounted on a user's home folder, the permissions cannot be assumed.
+		if ($useDefaultHomeFoldersPermissions) {
+			// Sharing user root folder is not allowed
+			$data['permissions'] = Constants::PERMISSION_ALL ^ Constants::PERMISSION_SHARE;
+		}
+
+		parent::__construct(
+			$rootFolder,
+			function () use ($user): Folder {
+				try {
+					$node = $this->getRootFolder()->get($this->path);
+					if ($node instanceof File) {
+						$e = new \RuntimeException();
+						\OCP\Server::get(LoggerInterface::class)->error('User root storage is not a folder: ' . $this->path, [
+							'exception' => $e,
+						]);
+						throw $e;
+					}
+					return $node;
+				} catch (NotFoundException $e) {
+					if (!$this->getRootFolder()->nodeExists('/' . $user->getUID())) {
+						$this->getRootFolder()->newFolder('/' . $user->getUID());
+					}
+					return $this->getRootFolder()->newFolder($this->path);
+				}
+			},
+			$data,
+		);
 	}
 
 	public function getMountPoint() {

@@ -14,6 +14,8 @@
 use OC\Files\View;
 use OC\Hooks\PublicEmitter;
 use OC\User\NoUserException;
+use OCA\Files\AppInfo\Application;
+use OCA\Files\ConfigLexicon;
 use OCP\Cache\CappedMemoryCache;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\Cache\ICacheEntry;
@@ -24,6 +26,7 @@
 use OCP\Files\Node as INode;
 use OCP\Files\NotFoundException;
 use OCP\Files\NotPermittedException;
+use OCP\IAppConfig;
 use OCP\ICache;
 use OCP\ICacheFactory;
 use OCP\IUser;
@@ -51,43 +54,30 @@
  * @package OC\Files\Node
  */
 class Root extends Folder implements IRootFolder {
-	private Manager $mountManager;
 	private PublicEmitter $emitter;
-	private ?IUser $user;
 	private CappedMemoryCache $userFolderCache;
-	private IUserMountCache $userMountCache;
-	private LoggerInterface $logger;
-	private IUserManager $userManager;
-	private IEventDispatcher $eventDispatcher;
 	private ICache $pathByIdCache;
+	private bool $useDefaultHomeFoldersPermissions = true;
 
-	/**
-	 * @param Manager $manager
-	 * @param View $view
-	 * @param IUser|null $user
-	 */
 	public function __construct(
-		$manager,
-		$view,
-		$user,
-		IUserMountCache $userMountCache,
-		LoggerInterface $logger,
-		IUserManager $userManager,
+		private Manager $mountManager,
+		View $view,
+		private ?IUser $user,
+		private IUserMountCache $userMountCache,
+		private LoggerInterface $logger,
+		private IUserManager $userManager,
 		IEventDispatcher $eventDispatcher,
 		ICacheFactory $cacheFactory,
+		IAppConfig $appConfig,
 	) {
 		parent::__construct($this, $view, '');
-		$this->mountManager = $manager;
-		$this->user = $user;
 		$this->emitter = new PublicEmitter();
 		$this->userFolderCache = new CappedMemoryCache();
-		$this->userMountCache = $userMountCache;
-		$this->logger = $logger;
-		$this->userManager = $userManager;
 		$eventDispatcher->addListener(FilesystemTornDownEvent::class, function () {
 			$this->userFolderCache = new CappedMemoryCache();
 		});
 		$this->pathByIdCache = $cacheFactory->createLocal('path-by-id');
+		$this->useDefaultHomeFoldersPermissions = count($appConfig->getValueArray(Application::APP_ID, ConfigLexicon::OVERWRITES_HOME_FOLDERS)) === 0;
 	}
 
 	/**
@@ -367,7 +357,7 @@ public function getUserFolder($userId) {
 					$folder = $this->newFolder('/' . $userId . '/files');
 				}
 			} else {
-				$folder = new LazyUserFolder($this, $userObject, $this->mountManager);
+				$folder = new LazyUserFolder($this, $userObject, $this->mountManager, $this->useDefaultHomeFoldersPermissions);
 			}
 
 			$this->userFolderCache->set($userId, $folder);

@@ -402,6 +402,7 @@ public function __construct($webRoot, \OC\Config $config) {
 				$this->get(IUserManager::class),
 				$this->get(IEventDispatcher::class),
 				$this->get(ICacheFactory::class),
+				$this->get(IAppConfig::class),
 			);
 
 			$previewConnector = new \OC\Preview\WatcherConnector(

@@ -44,7 +44,7 @@ protected function getViewDeleteMethod() {
 	public function testGetContent(): void {
 		/** @var \OC\Files\Node\Root|\PHPUnit\Framework\MockObject\MockObject $root */
 		$root = $this->getMockBuilder(Root::class)
-			->setConstructorArgs([$this->manager, $this->view, $this->user, $this->userMountCache, $this->logger, $this->userManager, $this->eventDispatcher, $this->cacheFactory])
+			->setConstructorArgs([$this->manager, $this->view, $this->user, $this->userMountCache, $this->logger, $this->userManager, $this->eventDispatcher, $this->cacheFactory, $this->appConfig])
 			->getMock();
 
 		$hook = function ($file): void {
@@ -74,7 +74,7 @@ public function testGetContentNotPermitted(): void {
 
 		/** @var \OC\Files\Node\Root|\PHPUnit\Framework\MockObject\MockObject $root */
 		$root = $this->getMockBuilder(Root::class)
-			->setConstructorArgs([$this->manager, $this->view, $this->user, $this->userMountCache, $this->logger, $this->userManager, $this->eventDispatcher, $this->cacheFactory])
+			->setConstructorArgs([$this->manager, $this->view, $this->user, $this->userMountCache, $this->logger, $this->userManager, $this->eventDispatcher, $this->cacheFactory, $this->appConfig])
 			->getMock();
 
 		$root->expects($this->any())
@@ -93,7 +93,7 @@ public function testGetContentNotPermitted(): void {
 	public function testPutContent(): void {
 		/** @var \OC\Files\Node\Root|\PHPUnit\Framework\MockObject\MockObject $root */
 		$root = $this->getMockBuilder(Root::class)
-			->setConstructorArgs([$this->manager, $this->view, $this->user, $this->userMountCache, $this->logger, $this->userManager, $this->eventDispatcher, $this->cacheFactory])
+			->setConstructorArgs([$this->manager, $this->view, $this->user, $this->userMountCache, $this->logger, $this->userManager, $this->eventDispatcher, $this->cacheFactory, $this->appConfig])
 			->getMock();
 
 		$root->expects($this->any())
@@ -120,7 +120,7 @@ public function testPutContentNotPermitted(): void {
 
 		/** @var \OC\Files\Node\Root|\PHPUnit\Framework\MockObject\MockObject $root */
 		$root = $this->getMockBuilder(Root::class)
-			->setConstructorArgs([$this->manager, $this->view, $this->user, $this->userMountCache, $this->logger, $this->userManager, $this->eventDispatcher, $this->cacheFactory])
+			->setConstructorArgs([$this->manager, $this->view, $this->user, $this->userMountCache, $this->logger, $this->userManager, $this->eventDispatcher, $this->cacheFactory, $this->appConfig])
 			->getMock();
 
 		$this->view->expects($this->once())
@@ -135,7 +135,7 @@ public function testPutContentNotPermitted(): void {
 	public function testGetMimeType(): void {
 		/** @var \OC\Files\Node\Root|\PHPUnit\Framework\MockObject\MockObject $root */
 		$root = $this->getMockBuilder(Root::class)
-			->setConstructorArgs([$this->manager, $this->view, $this->user, $this->userMountCache, $this->logger, $this->userManager, $this->eventDispatcher, $this->cacheFactory])
+			->setConstructorArgs([$this->manager, $this->view, $this->user, $this->userMountCache, $this->logger, $this->userManager, $this->eventDispatcher, $this->cacheFactory, $this->appConfig])
 			->getMock();
 
 		$this->view->expects($this->once())
@@ -161,6 +161,7 @@ public function testFOpenRead(): void {
 			$this->userManager,
 			$this->eventDispatcher,
 			$this->cacheFactory,
+			$this->appConfig,
 		);
 
 		$hook = function ($file): void {
@@ -198,6 +199,7 @@ public function testFOpenWrite(): void {
 			$this->userManager,
 			$this->eventDispatcher,
 			$this->cacheFactory,
+			$this->appConfig,
 		);
 		$hooksCalled = 0;
 		$hook = function ($file) use (&$hooksCalled): void {
@@ -239,6 +241,7 @@ public function testFOpenReadNotPermitted(): void {
 			$this->userManager,
 			$this->eventDispatcher,
 			$this->cacheFactory,
+			$this->appConfig,
 		);
 		$hook = function ($file): void {
 			throw new \Exception('Hooks are not supposed to be called');
@@ -266,6 +269,7 @@ public function testFOpenReadWriteNoReadPermissions(): void {
 			$this->userManager,
 			$this->eventDispatcher,
 			$this->cacheFactory,
+			$this->appConfig,
 		);
 		$hook = function (): void {
 			throw new \Exception('Hooks are not supposed to be called');
@@ -293,6 +297,7 @@ public function testFOpenReadWriteNoWritePermissions(): void {
 			$this->userManager,
 			$this->eventDispatcher,
 			$this->cacheFactory,
+			$this->appConfig,
 		);
 		$hook = function (): void {
 			throw new \Exception('Hooks are not supposed to be called');