diff options
| author | Carl Schwan <carl@carlschwan.eu> | 2022-08-01 09:44:31 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-01 09:44:31 +0200 |
| commit | f74e89bde5892a68500eeea3fa98a511b1d7f7e9 (patch) | |
| tree | a152cdabfedf9caf21483b5dfb9e3f2574cc3ca5 /apps/dav/lib/Controller/DirectController.php | |
| parent | 952acd4d276b3190d23e0597c5e01b1dfc4d72bc (diff) | |
| parent | 7b723813cef60e744ab14ab418c82e5ec67a9f2e (diff) | |
| download | nextcloud-server-f74e89bde5892a68500eeea3fa98a511b1d7f7e9.tar.gz nextcloud-server-f74e89bde5892a68500eeea3fa98a511b1d7f7e9.zip | |
Merge pull request #32482 from nextcloud/enh/noid/share-attributes
Add share attributes + prevent download permission
Diffstat (limited to 'apps/dav/lib/Controller/DirectController.php')
| -rw-r--r-- | apps/dav/lib/Controller/DirectController.php | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/apps/dav/lib/Controller/DirectController.php b/apps/dav/lib/Controller/DirectController.php index 955400998cf..f9c83488935 100644 --- a/apps/dav/lib/Controller/DirectController.php +++ b/apps/dav/lib/Controller/DirectController.php @@ -31,8 +31,12 @@ use OCA\DAV\Db\DirectMapper; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\AppFramework\OCS\OCSNotFoundException; +use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCSController; use OCP\AppFramework\Utility\ITimeFactory; +use OCP\EventDispatcher\GenericEvent; +use OCP\EventDispatcher\IEventDispatcher; +use OCP\Files\Events\BeforeDirectFileDownloadEvent; use OCP\Files\File; use OCP\Files\IRootFolder; use OCP\IRequest; @@ -59,6 +63,8 @@ class DirectController extends OCSController { /** @var IURLGenerator */ private $urlGenerator; + /** @var IEventDispatcher */ + private $eventDispatcher; public function __construct(string $appName, IRequest $request, @@ -67,7 +73,8 @@ class DirectController extends OCSController { DirectMapper $mapper, ISecureRandom $random, ITimeFactory $timeFactory, - IURLGenerator $urlGenerator) { + IURLGenerator $urlGenerator, + IEventDispatcher $eventDispatcher) { parent::__construct($appName, $request); $this->rootFolder = $rootFolder; @@ -76,6 +83,7 @@ class DirectController extends OCSController { $this->random = $random; $this->timeFactory = $timeFactory; $this->urlGenerator = $urlGenerator; + $this->eventDispatcher = $eventDispatcher; } /** @@ -99,6 +107,13 @@ class DirectController extends OCSController { throw new OCSBadRequestException('Direct download only works for files'); } + $event = new BeforeDirectFileDownloadEvent($userFolder->getRelativePath($file->getPath())); + $this->eventDispatcher->dispatchTyped($event); + + if ($event->isSuccessful() === false) { + throw new OCSForbiddenException('Permission denied to download file'); + } + //TODO: at some point we should use the directdownlaod function of storages $direct = new Direct(); $direct->setUserId($this->userId); |