fix(files): check that node is in user root folder for view-in-folder action

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>

diff --git a/apps/files/src/actions/viewInFolderAction.spec.ts b/apps/files/src/actions/viewInFolderAction.spec.ts
index c75151a4c38d95138ef9e1b4433b308c1e08e855..59743c5a6979e2af0cdb37e3b7a250515cf37369 100644 (file)
--- a/apps/files/src/actions/viewInFolderAction.spec.ts
+++ b/apps/files/src/actions/viewInFolderAction.spec.ts
@@ -109,6 +109,18 @@ describe('View in folder action enabled tests', () => {
                expect(action.enabled).toBeDefined()
                expect(action.enabled!([folder], view)).toBe(false)
        })
+
+       test('Disabled for files outside the user root folder', () => {
+               const file = new Folder({
+                       id: 1,
+                       source: 'https://cloud.domain.com/remote.php/dav/trashbin/admin/trash/image.jpg.d1731053878',
+                       owner: 'admin',
+                       permissions: Permission.READ,
+               })
+
+               expect(action.enabled).toBeDefined()
+               expect(action.enabled!([file], view)).toBe(false)
+       })
 })
 
 describe('View in folder action execute tests', () => {

diff --git a/apps/files/src/actions/viewInFolderAction.ts b/apps/files/src/actions/viewInFolderAction.ts
index cc6873f4fa3fece639d60dab2b6ee87b53341bc1..1abbe086b12e972f9d9652670602d8690189b522 100644 (file)
--- a/apps/files/src/actions/viewInFolderAction.ts
+++ b/apps/files/src/actions/viewInFolderAction.ts
@@ -30,6 +30,11 @@ export const action = new FileAction({
                        return false
                }
 
+               // Can only view files that are in the user root folder
+               if (!node.root?.startsWith('/files')) {
+                       return false
+               }
+
                if (node.permissions === Permission.NONE) {
                        return false
                }