From a2a16936c3ce307b0043799a33572586cedb9eaa Mon Sep 17 00:00:00 2001 From: skjnldsv Date: Fri, 8 Nov 2024 09:23:12 +0100 Subject: [PATCH] fix(files): check that node is in user root folder for view-in-folder action Signed-off-by: skjnldsv --- apps/files/src/actions/viewInFolderAction.spec.ts | 12 ++++++++++++ apps/files/src/actions/viewInFolderAction.ts | 5 +++++ 2 files changed, 17 insertions(+) diff --git a/apps/files/src/actions/viewInFolderAction.spec.ts b/apps/files/src/actions/viewInFolderAction.spec.ts index 14b431f78cc..99ea1d23b8c 100644 --- a/apps/files/src/actions/viewInFolderAction.spec.ts +++ b/apps/files/src/actions/viewInFolderAction.spec.ts @@ -126,6 +126,18 @@ describe('View in folder action enabled tests', () => { expect(action.enabled).toBeDefined() expect(action.enabled!([folder], view)).toBe(false) }) + + test('Disabled for files outside the user root folder', () => { + const file = new Folder({ + id: 1, + source: 'https://cloud.domain.com/remote.php/dav/trashbin/admin/trash/image.jpg.d1731053878', + owner: 'admin', + permissions: Permission.READ, + }) + + expect(action.enabled).toBeDefined() + expect(action.enabled!([file], view)).toBe(false) + }) }) describe('View in folder action execute tests', () => { diff --git a/apps/files/src/actions/viewInFolderAction.ts b/apps/files/src/actions/viewInFolderAction.ts index 6498e9aa786..c1ad02135b2 100644 --- a/apps/files/src/actions/viewInFolderAction.ts +++ b/apps/files/src/actions/viewInFolderAction.ts @@ -47,6 +47,11 @@ export const action = new FileAction({ return false } + // Can only view files that are in the user root folder + if (!node.root?.startsWith('/files')) { + return false + } + if (node.permissions === Permission.NONE) { return false } -- 2.39.5