]> source.dussan.org Git - nextcloud-server.git/commitdiff
fix(workflow): Check tag attribute 37253/head
authorJoas Schilling <coding@schilljs.com>
Thu, 16 Mar 2023 07:41:18 +0000 (08:41 +0100)
committerJoas Schilling <coding@schilljs.com>
Thu, 16 Mar 2023 07:47:29 +0000 (08:47 +0100)
Signed-off-by: Joas Schilling <coding@schilljs.com>
apps/workflowengine/lib/Check/FileSystemTags.php

index 008f47eca786ee8b9caa00a49031959a27cb2678..351364c5562e8c42d5d728d23e0a8c29edb42039 100644 (file)
@@ -30,7 +30,10 @@ use OCA\Files_Sharing\SharedStorage;
 use OCA\WorkflowEngine\Entity\File;
 use OCP\Files\Cache\ICache;
 use OCP\Files\IHomeStorage;
+use OCP\IGroupManager;
 use OCP\IL10N;
+use OCP\IUser;
+use OCP\IUserSession;
 use OCP\SystemTag\ISystemTagManager;
 use OCP\SystemTag\ISystemTagObjectMapper;
 use OCP\SystemTag\TagNotFoundException;
@@ -55,16 +58,23 @@ class FileSystemTags implements ICheck, IFileCheck {
 
        /** @var ISystemTagObjectMapper */
        protected $systemTagObjectMapper;
-
-       /**
-        * @param IL10N $l
-        * @param ISystemTagManager $systemTagManager
-        * @param ISystemTagObjectMapper $systemTagObjectMapper
-        */
-       public function __construct(IL10N $l, ISystemTagManager $systemTagManager, ISystemTagObjectMapper $systemTagObjectMapper) {
+       /** @var IUserSession */
+       protected $userSession;
+       /** @var IGroupManager */
+       protected $groupManager;
+
+       public function __construct(
+               IL10N $l,
+               ISystemTagManager $systemTagManager,
+               ISystemTagObjectMapper $systemTagObjectMapper,
+               IUserSession $userSession,
+               IGroupManager $groupManager
+       ) {
                $this->l = $l;
                $this->systemTagManager = $systemTagManager;
                $this->systemTagObjectMapper = $systemTagObjectMapper;
+               $this->userSession = $userSession;
+               $this->groupManager = $groupManager;
        }
 
        /**
@@ -88,7 +98,18 @@ class FileSystemTags implements ICheck, IFileCheck {
                }
 
                try {
-                       $this->systemTagManager->getTagsByIds($value);
+                       $tags = $this->systemTagManager->getTagsByIds($value);
+
+                       $user = $this->userSession->getUser();
+                       $isAdmin = $user instanceof IUser && $this->groupManager->isAdmin($user->getUID());
+
+                       if (!$isAdmin) {
+                               foreach ($tags as $tag) {
+                                       if (!$tag->isUserVisible()) {
+                                               throw new \UnexpectedValueException($this->l->t('The given tag id is invalid'), 4);
+                                       }
+                               }
+                       }
                } catch (TagNotFoundException $e) {
                        throw new \UnexpectedValueException($this->l->t('The given tag id is invalid'), 2);
                } catch (\InvalidArgumentException $e) {