diff options
author | Vincent Petry <vincent@nextcloud.com> | 2022-06-13 15:50:43 +0200 |
---|---|---|
committer | Carl Schwan <carl@carlschwan.eu> | 2022-07-28 16:54:13 +0200 |
commit | 3cfb4cbf94be0f4da1fd7e84b0e37aeb623d9690 (patch) | |
tree | 1e9c7abda29b44b97915aac89164a5aecb4ce3b6 /apps/dav | |
parent | 2ee659e54787c938e57787261442ad4037270322 (diff) | |
download | nextcloud-server-3cfb4cbf94be0f4da1fd7e84b0e37aeb623d9690.tar.gz nextcloud-server-3cfb4cbf94be0f4da1fd7e84b0e37aeb623d9690.zip |
Block download when needed on direct download endpoint
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'apps/dav')
-rw-r--r-- | apps/dav/lib/Controller/DirectController.php | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/apps/dav/lib/Controller/DirectController.php b/apps/dav/lib/Controller/DirectController.php index 955400998cf..260ef3bae04 100644 --- a/apps/dav/lib/Controller/DirectController.php +++ b/apps/dav/lib/Controller/DirectController.php @@ -31,8 +31,11 @@ use OCA\DAV\Db\DirectMapper; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\AppFramework\OCS\OCSNotFoundException; +use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCSController; use OCP\AppFramework\Utility\ITimeFactory; +use OCP\EventDispatcher\GenericEvent; +use OCP\EventDispatcher\IEventDispatcher; use OCP\Files\File; use OCP\Files\IRootFolder; use OCP\IRequest; @@ -59,6 +62,8 @@ class DirectController extends OCSController { /** @var IURLGenerator */ private $urlGenerator; + /** @var IEventDispatcher */ + private $eventDispatcher; public function __construct(string $appName, IRequest $request, @@ -67,7 +72,8 @@ class DirectController extends OCSController { DirectMapper $mapper, ISecureRandom $random, ITimeFactory $timeFactory, - IURLGenerator $urlGenerator) { + IURLGenerator $urlGenerator, + IEventDispatcher $eventDispatcher) { parent::__construct($appName, $request); $this->rootFolder = $rootFolder; @@ -76,6 +82,7 @@ class DirectController extends OCSController { $this->random = $random; $this->timeFactory = $timeFactory; $this->urlGenerator = $urlGenerator; + $this->eventDispatcher = $eventDispatcher; } /** @@ -99,6 +106,13 @@ class DirectController extends OCSController { throw new OCSBadRequestException('Direct download only works for files'); } + $event = new GenericEvent(null, ['path' => $userFolder->getRelativePath($file->getPath())]); + $this->eventDispatcher->dispatch('file.beforeGetDirect', $event); + + if ($event->getArgument('run') === false) { + throw new OCSForbiddenException('Permission denied to download file'); + } + //TODO: at some point we should use the directdownlaod function of storages $direct = new Direct(); $direct->setUserId($this->userId); |