diff options
| author | Julius Härtl <jus@bitgrid.net> | 2022-10-26 15:11:01 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-10-26 15:11:01 +0200 |
| commit | aec8dce61acb4e0b6ce1019fd0136fab7885bb23 (patch) | |
| tree | 8be9c9b975f7c14d063f239838cb8d8a9e765d4e /core | |
| parent | 1e450407f6106c3690f1b25cfdcf8ce1442d35e5 (diff) | |
| parent | 8629d8e44f31dbcc0d8237391aa2fbaeea2d13f1 (diff) | |
| download | nextcloud-server-aec8dce61acb4e0b6ce1019fd0136fab7885bb23.tar.gz nextcloud-server-aec8dce61acb4e0b6ce1019fd0136fab7885bb23.zip | |
Merge pull request #34788 from nextcloud/bugfix/noid/preview-attributes
Diffstat (limited to 'core')
| -rw-r--r-- | core/Controller/PreviewController.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/core/Controller/PreviewController.php b/core/Controller/PreviewController.php index 85dedd0bf68..9b3acaae013 100644 --- a/core/Controller/PreviewController.php +++ b/core/Controller/PreviewController.php @@ -27,6 +27,7 @@ declare(strict_types=1); */ namespace OC\Core\Controller; +use OCA\Files_Sharing\SharedStorage; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; @@ -129,6 +130,16 @@ class PreviewController extends Controller { return new DataResponse([], Http::STATUS_FORBIDDEN); } + $storage = $node->getStorage(); + if ($storage->instanceOfStorage(SharedStorage::class)) { + /** @var SharedStorage $storage */ + $share = $storage->getShare(); + $attributes = $share->getAttributes(); + if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) { + return new DataResponse([], Http::STATUS_FORBIDDEN); + } + } + try { $f = $this->preview->getPreview($node, $x, $y, !$a, $mode); $response = new FileDisplayResponse($f, Http::STATUS_OK, [ |