From 334400fcaaf8a0de9264669e4c04cd81c0ffb6ef Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Thu, 16 Mar 2023 08:41:18 +0100 Subject: [PATCH] fix(workflow): Check tag attribute Signed-off-by: Joas Schilling --- .../lib/Check/FileSystemTags.php | 37 +++++++++++++++---- 1 file changed, 29 insertions(+), 8 deletions(-) diff --git a/apps/workflowengine/lib/Check/FileSystemTags.php b/apps/workflowengine/lib/Check/FileSystemTags.php index 008f47eca78..351364c5562 100644 --- a/apps/workflowengine/lib/Check/FileSystemTags.php +++ b/apps/workflowengine/lib/Check/FileSystemTags.php @@ -30,7 +30,10 @@ use OCA\Files_Sharing\SharedStorage; use OCA\WorkflowEngine\Entity\File; use OCP\Files\Cache\ICache; use OCP\Files\IHomeStorage; +use OCP\IGroupManager; use OCP\IL10N; +use OCP\IUser; +use OCP\IUserSession; use OCP\SystemTag\ISystemTagManager; use OCP\SystemTag\ISystemTagObjectMapper; use OCP\SystemTag\TagNotFoundException; @@ -55,16 +58,23 @@ class FileSystemTags implements ICheck, IFileCheck { /** @var ISystemTagObjectMapper */ protected $systemTagObjectMapper; - - /** - * @param IL10N $l - * @param ISystemTagManager $systemTagManager - * @param ISystemTagObjectMapper $systemTagObjectMapper - */ - public function __construct(IL10N $l, ISystemTagManager $systemTagManager, ISystemTagObjectMapper $systemTagObjectMapper) { + /** @var IUserSession */ + protected $userSession; + /** @var IGroupManager */ + protected $groupManager; + + public function __construct( + IL10N $l, + ISystemTagManager $systemTagManager, + ISystemTagObjectMapper $systemTagObjectMapper, + IUserSession $userSession, + IGroupManager $groupManager + ) { $this->l = $l; $this->systemTagManager = $systemTagManager; $this->systemTagObjectMapper = $systemTagObjectMapper; + $this->userSession = $userSession; + $this->groupManager = $groupManager; } /** @@ -88,7 +98,18 @@ class FileSystemTags implements ICheck, IFileCheck { } try { - $this->systemTagManager->getTagsByIds($value); + $tags = $this->systemTagManager->getTagsByIds($value); + + $user = $this->userSession->getUser(); + $isAdmin = $user instanceof IUser && $this->groupManager->isAdmin($user->getUID()); + + if (!$isAdmin) { + foreach ($tags as $tag) { + if (!$tag->isUserVisible()) { + throw new \UnexpectedValueException($this->l->t('The given tag id is invalid'), 4); + } + } + } } catch (TagNotFoundException $e) { throw new \UnexpectedValueException($this->l->t('The given tag id is invalid'), 2); } catch (\InvalidArgumentException $e) { -- 2.39.5