diff options
| author | Marcel Klehr <mklehr@gmx.net> | 2024-05-06 10:03:24 +0200 |
|---|---|---|
| committer | Marcel Klehr <mklehr@gmx.net> | 2024-05-14 11:38:40 +0200 |
| commit | 6203c1c7da21041717e0ec2ecb3ba7f957822c74 (patch) | |
| tree | 2015a28fb15602d37de686ebb3aebee4cf0aee7c /core | |
| parent | 996e5074ca43fbb049f496292a921012c3a49d63 (diff) | |
| download | nextcloud-server-6203c1c7da21041717e0ec2ecb3ba7f957822c74.tar.gz nextcloud-server-6203c1c7da21041717e0ec2ecb3ba7f957822c74.zip | |
fix: Check if user is authorized to use the files they mentioned
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/TaskProcessingApiController.php | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/core/Controller/TaskProcessingApiController.php b/core/Controller/TaskProcessingApiController.php index d1084399b90..de452c30aaa 100644 --- a/core/Controller/TaskProcessingApiController.php +++ b/core/Controller/TaskProcessingApiController.php @@ -46,6 +46,7 @@ use OCP\Lock\LockedException; use OCP\PreConditionNotMetException; use OCP\TaskProcessing\EShapeType; use OCP\TaskProcessing\Exception\Exception; +use OCP\TaskProcessing\Exception\UnauthorizedException; use OCP\TaskProcessing\Exception\ValidationException; use OCP\TaskProcessing\ShapeDescriptor; use OCP\TaskProcessing\Task; @@ -124,10 +125,12 @@ class TaskProcessingApiController extends \OCP\AppFramework\OCSController { return new DataResponse([ 'task' => $json, ]); - } catch (PreConditionNotMetException) { + } catch (\OCP\TaskProcessing\Exception\PreConditionNotMetException) { return new DataResponse(['message' => $this->l->t('The given provider is not available')], Http::STATUS_PRECONDITION_FAILED); } catch (ValidationException $e) { return new DataResponse(['message' => $e->getMessage()], Http::STATUS_BAD_REQUEST); + } catch (UnauthorizedException $e) { + return new DataResponse(['message' => 'User does not have access to the files mentioned in the task input'], Http::STATUS_UNAUTHORIZED); } catch (\OCP\TaskProcessing\Exception\Exception $e) { return new DataResponse(['message' => 'Internal server error'], Http::STATUS_INTERNAL_SERVER_ERROR); } @@ -269,13 +272,21 @@ class TaskProcessingApiController extends \OCP\AppFramework\OCSController { $taskType = $taskTypes[$task->getTaskTypeId()]; foreach ($taskType['inputShape'] + $taskType['optionalInputShape'] as $key => $descriptor) { if (in_array(EShapeType::getScalarType($descriptor->getShapeType()), [EShapeType::File, EShapeType::Image, EShapeType::Audio, EShapeType::Video], true)) { - $ids[] = $task->getInput()[$key]; + if (is_array($task->getInput()[$key])) { + $ids += $task->getInput()[$key]; + } else { + $ids[] = $task->getInput()[$key]; + } } } if ($task->getOutput() !== null) { foreach ($taskType['outputShape'] + $taskType['optionalOutputShape'] as $key => $descriptor) { if (in_array(EShapeType::getScalarType($descriptor->getShapeType()), [EShapeType::File, EShapeType::Image, EShapeType::Audio, EShapeType::Video], true)) { - $ids[] = $task->getOutput()[$key]; + if (is_array($task->getInput()[$key])) { + $ids += $task->getOutput()[$key]; + } else { + $ids[] = $task->getOutput()[$key]; + } } } } |