diff options
| author | Bjoern Schiessle <bjoern@schiessle.org> | 2016-07-12 14:03:29 +0200 |
|---|---|---|
| committer | Bjoern Schiessle <bjoern@schiessle.org> | 2016-07-14 16:39:48 +0200 |
| commit | 33a685bc41628e1236015bd79cc8f82b9cb6cabf (patch) | |
| tree | be3b1a6cd391db7f48e1111b4b96960e9ce53c3a /apps/federatedfilesharing/lib | |
| parent | 1394b0afb9b1d3d7c8952faea85873e731ccb801 (diff) | |
| download | nextcloud-server-33a685bc41628e1236015bd79cc8f82b9cb6cabf.tar.gz nextcloud-server-33a685bc41628e1236015bd79cc8f82b9cb6cabf.zip | |
continue to accept the URL of the remote server instead of the federated cloud id
Diffstat (limited to 'apps/federatedfilesharing/lib')
| -rw-r--r-- | apps/federatedfilesharing/lib/Controller/SaveToOwnCloudController.php | 40 |
1 files changed, 33 insertions, 7 deletions
diff --git a/apps/federatedfilesharing/lib/Controller/SaveToOwnCloudController.php b/apps/federatedfilesharing/lib/Controller/SaveToOwnCloudController.php index a20806e6abb..2318d21afb5 100644 --- a/apps/federatedfilesharing/lib/Controller/SaveToOwnCloudController.php +++ b/apps/federatedfilesharing/lib/Controller/SaveToOwnCloudController.php @@ -29,6 +29,7 @@ use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; use OCP\IRequest; +use OCP\ISession; use OCP\Share\IManager; class SaveToOwnCloudController extends Controller { @@ -42,16 +43,32 @@ class SaveToOwnCloudController extends Controller { /** @var IManager */ private $shareManager; + /** @var ISession */ + private $session; + + /** + * SaveToOwnCloudController constructor. + * + * @param string $appName + * @param IRequest $request + * @param FederatedShareProvider $federatedShareProvider + * @param IManager $shareManager + * @param AddressHandler $addressHandler + * @param ISession $session + */ public function __construct($appName, - IRequest $request, - FederatedShareProvider $federatedShareProvider, - IManager $shareManager, - AddressHandler $addressHandler) { + IRequest $request, + FederatedShareProvider $federatedShareProvider, + IManager $shareManager, + AddressHandler $addressHandler, + ISession $session + ) { parent::__construct($appName, $request); $this->federatedShareProvider = $federatedShareProvider; $this->shareManager = $shareManager; $this->addressHandler = $addressHandler; + $this->session = $session; } /** @@ -63,9 +80,10 @@ class SaveToOwnCloudController extends Controller { * * @param string $shareWith * @param string $token + * @param string $password * @return JSONResponse */ - public function saveToOwnCloud($shareWith, $token) { + public function saveToOwnCloud($shareWith, $token, $password = '') { try { list(, $server) = $this->addressHandler->splitUserRemote($shareWith); @@ -74,6 +92,14 @@ class SaveToOwnCloudController extends Controller { return new JSONResponse(['message' => $e->getHint()], Http::STATUS_BAD_REQUEST); } + // make sure that user is authenticated in case of a password protected link + $storedPassword = $share->getPassword(); + $authenticated = $this->session->get('public_link_authenticated') === $share->getId() || + $this->shareManager->checkPassword($share, $password); + if (!empty($storedPassword) && !$authenticated ) { + return new JSONResponse(['message' => 'No permission to access the share'], Http::STATUS_BAD_REQUEST); + } + $share->setSharedWith($shareWith); try { @@ -81,8 +107,8 @@ class SaveToOwnCloudController extends Controller { } catch (\Exception $e) { return new JSONResponse(['message' => $e->getMessage()], Http::STATUS_BAD_REQUEST); } - + return new JSONResponse(['remoteUrl' => $server]); } - + } |