diff options
| author | skjnldsv <skjnldsv@protonmail.com> | 2024-12-26 13:50:01 +0100 |
|---|---|---|
| committer | John Molakvoæ <skjnldsv@users.noreply.github.com> | 2024-12-28 09:27:30 +0100 |
| commit | bc0ad5efbf692b0d8ebe27387f8e5ce528f39306 (patch) | |
| tree | 33ca234b0c807e4f91735bb78b828ab440d372bd /apps/files_sharing/lib | |
| parent | 895a93921f7ee39ffe3774e2c26817aa11b84e78 (diff) | |
| download | nextcloud-server-backport/49973/master.tar.gz nextcloud-server-backport/49973/master.zip | |
fix(federatedfilesharing): get share by token fallbackbackport/49973/master
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
Diffstat (limited to 'apps/files_sharing/lib')
| -rw-r--r-- | apps/files_sharing/lib/External/Manager.php | 62 |
1 files changed, 58 insertions, 4 deletions
diff --git a/apps/files_sharing/lib/External/Manager.php b/apps/files_sharing/lib/External/Manager.php index e10b6c1c91f..a69755edf2c 100644 --- a/apps/files_sharing/lib/External/Manager.php +++ b/apps/files_sharing/lib/External/Manager.php @@ -177,6 +177,23 @@ class Manager { return $share; } + /** + * get share by token + * + * @param string $token + * @return mixed share of false + */ + private function fetchShareByToken($token) { + $getShare = $this->connection->prepare(' + SELECT `id`, `remote`, `remote_id`, `share_token`, `name`, `owner`, `user`, `mountpoint`, `accepted`, `parent`, `share_type`, `password`, `mountpoint_hash` + FROM `*PREFIX*share_external` + WHERE `share_token` = ?'); + $result = $getShare->execute([$token]); + $share = $result->fetch(); + $result->closeCursor(); + return $share; + } + private function fetchUserShare($parentId, $uid) { $getShare = $this->connection->prepare(' SELECT `id`, `remote`, `remote_id`, `share_token`, `name`, `owner`, `user`, `mountpoint`, `accepted`, `parent`, `share_type`, `password`, `mountpoint_hash` @@ -199,12 +216,48 @@ class Manager { */ public function getShare($id) { $share = $this->fetchShare($id); - $validShare = is_array($share) && isset($share['share_type']) && isset($share['user']); // check if the user is allowed to access it - if ($validShare && (int)$share['share_type'] === IShare::TYPE_USER && $share['user'] === $this->uid) { + if ($this->canAccessShare($share)) { return $share; - } elseif ($validShare && (int)$share['share_type'] === IShare::TYPE_GROUP) { + } + + return false; + } + + /** + * Get share by token + * + * @param string $token + * @return array|false + */ + public function getShareByToken(string $token): array|false { + $share = $this->fetchShareByToken($token); + + // We do not check if the user is allowed to access it here, + // as this is not used from a user context. + if ($share === false) { + return false; + } + + return $share; + } + + private function canAccessShare(array $share): bool { + $validShare = isset($share['share_type']) && isset($share['user']); + + if (!$validShare) { + return false; + } + + // If the share is a user share, check if the user is the recipient + if ((int)$share['share_type'] === IShare::TYPE_USER + && $share['user'] === $this->uid) { + return true; + } + + // If the share is a group share, check if the user is in the group + if ((int)$share['share_type'] === IShare::TYPE_GROUP) { $parentId = (int)$share['parent']; if ($parentId !== -1) { // we just retrieved a sub-share, switch to the parent entry for verification @@ -212,9 +265,10 @@ class Manager { } else { $groupShare = $share; } + $user = $this->userManager->get($this->uid); if ($this->groupManager->get($groupShare['user'])->inGroup($user)) { - return $share; + return true; } } |