diff options
| author | Vincent Petry <vincent@nextcloud.com> | 2021-03-25 14:14:14 +0100 |
|---|---|---|
| committer | Vincent Petry <vincent@nextcloud.com> | 2021-03-26 13:07:10 +0100 |
| commit | cc54f718f561c73cf5e91a2a42cd8b1d878d02d2 (patch) | |
| tree | e7fc88e744d751a72a44fef44bf248bb0fb6bf7f /lib/private/Avatar | |
| parent | 5b7a94f84c34437170d1049f8562aa2785b7e68d (diff) | |
| download | nextcloud-server-cc54f718f561c73cf5e91a2a42cd8b1d878d02d2.tar.gz nextcloud-server-cc54f718f561c73cf5e91a2a42cd8b1d878d02d2.zip | |
Add known user check in avatar when v2-private scope
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'lib/private/Avatar')
| -rw-r--r-- | lib/private/Avatar/AvatarManager.php | 35 |
1 files changed, 23 insertions, 12 deletions
diff --git a/lib/private/Avatar/AvatarManager.php b/lib/private/Avatar/AvatarManager.php index 92cd502dacb..04d3a721022 100644 --- a/lib/private/Avatar/AvatarManager.php +++ b/lib/private/Avatar/AvatarManager.php @@ -34,6 +34,7 @@ declare(strict_types=1); namespace OC\Avatar; +use OC\KnownUser\KnownUserService; use OC\User\Manager; use OC\User\NoUserException; use OCP\Accounts\IAccountManager; @@ -73,6 +74,9 @@ class AvatarManager implements IAvatarManager { /** @var IAccountManager */ private $accountManager; + /** @var KnownUserService */ + private $knownUserService; + /** * AvatarManager constructor. * @@ -90,7 +94,9 @@ class AvatarManager implements IAvatarManager { IL10N $l, ILogger $logger, IConfig $config, - IAccountManager $accountManager) { + IAccountManager $accountManager, + KnownUserService $knownUserService + ) { $this->userSession = $userSession; $this->userManager = $userManager; $this->appData = $appData; @@ -98,6 +104,7 @@ class AvatarManager implements IAvatarManager { $this->logger = $logger; $this->config = $config; $this->accountManager = $accountManager; + $this->knownUserService = $knownUserService; } /** @@ -128,17 +135,21 @@ class AvatarManager implements IAvatarManager { $folder = $this->appData->newFolder($userId); } - // requesting in public page - if ($requestingUser === null) { - $account = $this->accountManager->getAccount($user); - $avatarProperties = $account->getProperty(IAccountManager::PROPERTY_AVATAR); - $avatarScope = $avatarProperties->getScope(); - - // v2-private scope hides the avatar from public access - if ($avatarScope === IAccountManager::SCOPE_PRIVATE) { - // use a placeholder avatar which caches the generated images - return new PlaceholderAvatar($folder, $user, $this->logger); - } + $account = $this->accountManager->getAccount($user); + $avatarProperties = $account->getProperty(IAccountManager::PROPERTY_AVATAR); + $avatarScope = $avatarProperties->getScope(); + + if ( + // v2-private scope hides the avatar from public access and from unknown users + $avatarScope === IAccountManager::SCOPE_PRIVATE + && ( + // accessing from public link + $requestingUser === null + // logged in, but unknown to user + || !$this->knownUserService->isKnownToUser($requestingUser->getUID(), $userId) + )) { + // use a placeholder avatar which caches the generated images + return new PlaceholderAvatar($folder, $user, $this->logger); } return new UserAvatar($folder, $this->l, $user, $this->logger, $this->config); |