Skip to content

Refactor attachment loading #5042

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
juliusknorr merged 23 commits into from
Nov 29, 2023
Merged

Refactor attachment loading #5042

Changes from 1 commit
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
271a59a
refactor(AttachmentService): Some code style cleanup
mejo- Oct 25, 2023
df3e4df
chore(attachments): Remove support for obsolete `text://` format
mejo- Oct 31, 2023
8c1c6e8
feat(attachments): API endpoint to get list of attachments for a docu…
mejo- Oct 25, 2023
73cb49b
chore(attachments): Remove obsolete metadata API endpoint
mejo- Nov 15, 2023
153a85f
feat(attachments): Use getAttachmentList API endpoint in resolver
mejo- Oct 31, 2023
680ca1d
fix(attachment): Remove candidate logic from ImageView node
mejo- Nov 15, 2023
86e2b97
fix(attachments): Fix some issues with the showimage modal
mejo- Nov 21, 2023
b274e37
chore(attachments): Remove obsolete code
mejo- Nov 21, 2023
a2813ae
feat(editor): Allow to pass fileId to MarkdownContentEditor
mejo- Nov 21, 2023
bd54a68
feat(attachments): Allow to get attachments without document session
mejo- Nov 22, 2023
d15781c
chore(attachments): Remove special-handling for preview URLs
mejo- Nov 22, 2023
e4108d4
fix(attachments): Open non-image attachments in viewer or download
mejo- Nov 22, 2023
98ba0de
fix(AttachmentController): Set fileName of returned attachments
mejo- Nov 27, 2023
dade37e
chore(composer): Update autoloader maps
mejo- Nov 27, 2023
7743591
fix(attachments): Fix encoding of attachment URI component
mejo- Nov 27, 2023
ec91074
test(cy): Test to open image in modal and download attachment
mejo- Nov 28, 2023
b01c547
chore(middleware): Rename to RequireDocumentSessionOrUserOrShareToken
mejo- Nov 28, 2023
a1f8308
fix(attachments): use `getRelativePath` from userFolder for `davPath`
mejo- Nov 28, 2023
3ce2e44
test(AttachmentResolver): Refactor jest tests after parent class refa…
mejo- Nov 28, 2023
6796170
fix(attachments): Show all loaded images in ShowImageModal
mejo- Nov 28, 2023
c7e0cf0
fix(SessionMiddleware): Check if user/share have access to document
mejo- Nov 29, 2023
978cbc6
fix(AttachmentResolver): Require either fileId or session
mejo- Nov 29, 2023
77a0d4a
reactor(ImageView): Simplify attachmentType/isMediaAttachment logic
mejo- Nov 29, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fix(SessionMiddleware): Check if user/share have access to document 
Signed-off-by: Jonas <[email protected]>
  • Loading branch information
@mejo-
mejo- committed Nov 29, 2023
commit c7e0cf07ca3ca2b0a4e5aee32a89171dfba273ab
33 changes: 30 additions & 3 deletions lib/Middleware/SessionMiddleware.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@

namespace OCA\Text\Middleware;

use OC\User\NoUserException;
use OCA\Text\Controller\ISessionAwareController;
use OCA\Text\Exception\InvalidSessionException;
use OCA\Text\Middleware\Attribute\RequireDocumentSession;
Expand All @@ -11,17 +12,24 @@
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Middleware;
use OCP\Files\IRootFolder;
use OCP\Files\NotPermittedException;
use OCP\IRequest;
use OCP\IUserSession;
use OCP\Share\Exceptions\ShareNotFound;
use OCP\Share\IManager as ShareManager;
use ReflectionException;

class SessionMiddleware extends \OCP\AppFramework\Middleware {
class SessionMiddleware extends Middleware {

public function __construct(
private IRequest $request,
private SessionService $sessionService,
private DocumentService $documentService,
private IUserSession $userSession,
private IRootFolder $rootFolder,
private ShareManager $shareManager,
) {
}

Expand Down Expand Up @@ -49,6 +57,9 @@ public function beforeController(Controller $controller, string $methodName): vo
}
}

/**
* @throws InvalidSessionException
*/
private function assertDocumentSession(ISessionAwareController $controller): void {
$documentId = (int)$this->request->getParam('documentId');
$sessionId = (int)$this->request->getParam('sessionId');
Expand All @@ -72,13 +83,29 @@ private function assertDocumentSession(ISessionAwareController $controller): voi
}
}

/**
* @throws NotPermittedException
* @throws NoUserException
* @throws InvalidSessionException
*/
private function assertUserOrShareToken(ISessionAwareController $controller): void {
$documentId = (int)$this->request->getParam('documentId');
if (null !== $userId = $this->userSession->getUser()?->getUID()) {
// Check if user has access to document
if (count($this->rootFolder->getUserFolder($userId)->getById($documentId)) === 0) {
throw new InvalidSessionException();
}
$controller->setUserId($userId);
// TODO: check if user has access to document
} elseif ('' !== $shareToken = (string)$this->request->getParam('shareToken')) {
// TODO: check if shareToken has access to document
try {
$share = $this->shareManager->getShareByToken($shareToken);
} catch (ShareNotFound) {
throw new InvalidSessionException();
}
// Check if shareToken has access to document
if (count($this->rootFolder->getUserFolder($share->getShareOwner())->getById($documentId)) === 0) {
throw new InvalidSessionException();
}
} else {
throw new InvalidSessionException();
}
Expand Down