diff options
| author | Christopher Ng <chrng8@gmail.com> | 2025-02-06 15:59:40 -0800 |
|---|---|---|
| committer | Andy Scherzinger <info@andy-scherzinger.de> | 2025-02-20 15:34:48 +0100 |
| commit | 55351cfe32658dad4558cfe2793a7e5808e19193 (patch) | |
| tree | 1ca133cdf5032270031ecf517dff64bc2dcc8cbf | |
| parent | cdf6db001698b507f088b640f4aa329b02010e2f (diff) | |
| download | nextcloud-server-55351cfe32658dad4558cfe2793a7e5808e19193.tar.gz nextcloud-server-55351cfe32658dad4558cfe2793a7e5808e19193.zip | |
fix(files_reminders): Check for node access when retrieving or removing reminders
Signed-off-by: Christopher Ng <chrng8@gmail.com>
| -rw-r--r-- | apps/files_reminders/lib/Controller/ApiController.php | 4 | ||||
| -rw-r--r-- | apps/files_reminders/lib/Service/ReminderService.php | 21 |
2 files changed, 18 insertions, 7 deletions
diff --git a/apps/files_reminders/lib/Controller/ApiController.php b/apps/files_reminders/lib/Controller/ApiController.php index dbc340610b2..523eca1b30c 100644 --- a/apps/files_reminders/lib/Controller/ApiController.php +++ b/apps/files_reminders/lib/Controller/ApiController.php @@ -57,7 +57,7 @@ class ApiController extends OCSController { 'dueDate' => $reminder->getDueDate()->format(DateTimeInterface::ATOM), // ISO 8601 ]; return new DataResponse($reminderData, Http::STATUS_OK); - } catch (DoesNotExistException $e) { + } catch (NodeNotFoundException | DoesNotExistException $e) { $reminderData = [ 'dueDate' => null, ]; @@ -125,7 +125,7 @@ class ApiController extends OCSController { try { $this->reminderService->remove($user, $fileId); return new DataResponse([], Http::STATUS_OK); - } catch (DoesNotExistException $e) { + } catch (NodeNotFoundException | DoesNotExistException $e) { return new DataResponse([], Http::STATUS_NOT_FOUND); } } diff --git a/apps/files_reminders/lib/Service/ReminderService.php b/apps/files_reminders/lib/Service/ReminderService.php index e4e9aa7a5d8..32dbab6d2dc 100644 --- a/apps/files_reminders/lib/Service/ReminderService.php +++ b/apps/files_reminders/lib/Service/ReminderService.php @@ -47,9 +47,11 @@ class ReminderService { } /** + * @throws NodeNotFoundException * @throws DoesNotExistException */ public function getDueForUser(IUser $user, int $fileId): RichReminder { + $this->checkNode($user, $fileId); $reminder = $this->reminderMapper->findDueForUser($user, $fileId); return new RichReminder($reminder, $this->root); } @@ -74,11 +76,7 @@ class ReminderService { */ public function createOrUpdate(IUser $user, int $fileId, DateTime $dueDate): bool { $now = new DateTime('now', new DateTimeZone('UTC')); - $userFolder = $this->root->getUserFolder($user->getUID()); - $node = $userFolder->getFirstNodeById($fileId); - if (!$node) { - throw new NodeNotFoundException(); - } + $this->checkNode($user, $fileId); try { $reminder = $this->reminderMapper->findDueForUser($user, $fileId); $reminder->setDueDate($dueDate); @@ -99,9 +97,11 @@ class ReminderService { } /** + * @throws NodeNotFoundException * @throws DoesNotExistException */ public function remove(IUser $user, int $fileId): void { + $this->checkNode($user, $fileId); $reminder = $this->reminderMapper->findDueForUser($user, $fileId); $this->reminderMapper->delete($reminder); } @@ -162,4 +162,15 @@ class ReminderService { $this->reminderMapper->delete($reminder); } } + + /** + * @throws NodeNotFoundException + */ + private function checkNode(IUser $user, int $fileId): void { + $userFolder = $this->root->getUserFolder($user->getUID()); + $node = $userFolder->getFirstNodeById($fileId); + if ($node === null) { + throw new NodeNotFoundException(); + } + } } |