diff options
| author | Andy Scherzinger <info@andy-scherzinger.de> | 2025-02-20 17:42:29 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-02-20 17:42:29 +0100 |
| commit | 047378e7b0aafc6268d3df44bb46c02df49b6458 (patch) | |
| tree | aa8c8ed2cc875ac92cb41f14554ed7e958e7e71a | |
| parent | 74c2579078ef0414a5b0db465edbb21e585eae67 (diff) | |
| parent | fd591b0b9b9209d88b19ca5d0a9302b4b1e6028e (diff) | |
| download | nextcloud-server-047378e7b0aafc6268d3df44bb46c02df49b6458.tar.gz nextcloud-server-047378e7b0aafc6268d3df44bb46c02df49b6458.zip | |
Merge pull request #50711 from nextcloud/fix/reminder-node-access
fix(files_reminders): Only allow updating reminders if the file is accessible
| -rw-r--r-- | apps/files_reminders/lib/Controller/ApiController.php | 4 | ||||
| -rw-r--r-- | apps/files_reminders/lib/Service/ReminderService.php | 20 |
2 files changed, 18 insertions, 6 deletions
diff --git a/apps/files_reminders/lib/Controller/ApiController.php b/apps/files_reminders/lib/Controller/ApiController.php index dbc340610b2..ee29b7ce494 100644 --- a/apps/files_reminders/lib/Controller/ApiController.php +++ b/apps/files_reminders/lib/Controller/ApiController.php @@ -57,7 +57,7 @@ class ApiController extends OCSController { 'dueDate' => $reminder->getDueDate()->format(DateTimeInterface::ATOM), // ISO 8601 ]; return new DataResponse($reminderData, Http::STATUS_OK); - } catch (DoesNotExistException $e) { + } catch (NodeNotFoundException|DoesNotExistException $e) { $reminderData = [ 'dueDate' => null, ]; @@ -125,7 +125,7 @@ class ApiController extends OCSController { try { $this->reminderService->remove($user, $fileId); return new DataResponse([], Http::STATUS_OK); - } catch (DoesNotExistException $e) { + } catch (NodeNotFoundException|DoesNotExistException $e) { return new DataResponse([], Http::STATUS_NOT_FOUND); } } diff --git a/apps/files_reminders/lib/Service/ReminderService.php b/apps/files_reminders/lib/Service/ReminderService.php index 8bd6887e754..32dbab6d2dc 100644 --- a/apps/files_reminders/lib/Service/ReminderService.php +++ b/apps/files_reminders/lib/Service/ReminderService.php @@ -47,9 +47,11 @@ class ReminderService { } /** + * @throws NodeNotFoundException * @throws DoesNotExistException */ public function getDueForUser(IUser $user, int $fileId): RichReminder { + $this->checkNode($user, $fileId); $reminder = $this->reminderMapper->findDueForUser($user, $fileId); return new RichReminder($reminder, $this->root); } @@ -74,6 +76,7 @@ class ReminderService { */ public function createOrUpdate(IUser $user, int $fileId, DateTime $dueDate): bool { $now = new DateTime('now', new DateTimeZone('UTC')); + $this->checkNode($user, $fileId); try { $reminder = $this->reminderMapper->findDueForUser($user, $fileId); $reminder->setDueDate($dueDate); @@ -81,10 +84,6 @@ class ReminderService { $this->reminderMapper->update($reminder); return false; } catch (DoesNotExistException $e) { - $node = $this->root->getUserFolder($user->getUID())->getFirstNodeById($fileId); - if (!$node) { - throw new NodeNotFoundException(); - } // Create new reminder if no reminder is found $reminder = new Reminder(); $reminder->setUserId($user->getUID()); @@ -98,9 +97,11 @@ class ReminderService { } /** + * @throws NodeNotFoundException * @throws DoesNotExistException */ public function remove(IUser $user, int $fileId): void { + $this->checkNode($user, $fileId); $reminder = $this->reminderMapper->findDueForUser($user, $fileId); $this->reminderMapper->delete($reminder); } @@ -161,4 +162,15 @@ class ReminderService { $this->reminderMapper->delete($reminder); } } + + /** + * @throws NodeNotFoundException + */ + private function checkNode(IUser $user, int $fileId): void { + $userFolder = $this->root->getUserFolder($user->getUID()); + $node = $userFolder->getFirstNodeById($fileId); + if ($node === null) { + throw new NodeNotFoundException(); + } + } } |