diff options
| author | Bjoern Schiessle <bjoern@schiessle.org> | 2017-05-30 11:59:49 +0200 |
|---|---|---|
| committer | Bjoern Schiessle <bjoern@schiessle.org> | 2017-07-06 11:33:08 +0200 |
| commit | da51ec38f4174532e83a4fde21f4c523e4f0bc7c (patch) | |
| tree | 3939c7805a222e0e180a8999b47632a5e76674fb | |
| parent | 9c5ba2f12cf8f3a7b3587fd8ef304aed86e703e1 (diff) | |
| download | nextcloud-server-da51ec38f4174532e83a4fde21f4c523e4f0bc7c.tar.gz nextcloud-server-da51ec38f4174532e83a4fde21f4c523e4f0bc7c.zip | |
only collect detailed access list if it is really needed
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
| -rw-r--r-- | apps/encryption/lib/Crypto/Encryption.php | 9 | ||||
| -rw-r--r-- | lib/private/Encryption/Update.php | 10 | ||||
| -rw-r--r-- | lib/private/Files/Stream/Encryption.php | 5 | ||||
| -rw-r--r-- | lib/public/Encryption/IEncryptionModule.php | 10 |
4 files changed, 32 insertions, 2 deletions
diff --git a/apps/encryption/lib/Crypto/Encryption.php b/apps/encryption/lib/Crypto/Encryption.php index 7f7665a24fc..6869177ac31 100644 --- a/apps/encryption/lib/Crypto/Encryption.php +++ b/apps/encryption/lib/Crypto/Encryption.php @@ -569,4 +569,13 @@ class Encryption implements IEncryptionModule { public function isReadyForUser($user) { return $this->keyManager->userHasKeys($user); } + + /** + * We only need a detailed access list if the master key is not enabled + * + * @return bool + */ + public function needDetailedAccessList() { + return !$this->util->isMasterKeyEnabled(); + } } diff --git a/lib/private/Encryption/Update.php b/lib/private/Encryption/Update.php index ad40183767b..94d64b73504 100644 --- a/lib/private/Encryption/Update.php +++ b/lib/private/Encryption/Update.php @@ -168,6 +168,14 @@ class Update { */ public function update($path) { + $encryptionModule = $this->encryptionManager->getEncryptionModule(); + + // if the encryption module doesn't encrypt the files on a per-user basis + // we have nothing to do here. + if ($encryptionModule->needDetailedAccessList() === false) { + return; + } + // if a folder was shared, get a list of all (sub-)folders if ($this->view->is_dir($path)) { $allFiles = $this->util->getAllFiles($path); @@ -175,7 +183,7 @@ class Update { $allFiles = array($path); } - $encryptionModule = $this->encryptionManager->getEncryptionModule(); + foreach ($allFiles as $file) { $usersSharing = $this->file->getAccessList($file); diff --git a/lib/private/Files/Stream/Encryption.php b/lib/private/Files/Stream/Encryption.php index d1f68696848..b68917ce76e 100644 --- a/lib/private/Files/Stream/Encryption.php +++ b/lib/private/Files/Stream/Encryption.php @@ -254,7 +254,10 @@ class Encryption extends Wrapper { $sharePath = dirname($sharePath); } - $accessList = $this->file->getAccessList($sharePath); + $accessList = []; + if ($this->encryptionModule->needDetailedAccessList()) { + $accessList = $this->file->getAccessList($sharePath); + } $this->newHeader = $this->encryptionModule->begin($this->fullPath, $this->uid, $mode, $this->header, $accessList); if ( diff --git a/lib/public/Encryption/IEncryptionModule.php b/lib/public/Encryption/IEncryptionModule.php index 6be9763c9c8..d96c6c8ba06 100644 --- a/lib/public/Encryption/IEncryptionModule.php +++ b/lib/public/Encryption/IEncryptionModule.php @@ -182,4 +182,14 @@ interface IEncryptionModule { */ public function isReadyForUser($user); + /** + * Does the encryption module needs a detailed list of users with access to the file? + * For example if the encryption module uses per-user encryption keys and needs to know + * the users with access to the file to encrypt/decrypt it. + * + * @since 13.0.0 + * @return bool + */ + public function needDetailedAccessList(); + } |