diff options
| author | Vincent Petry <vincent@nextcloud.com> | 2021-03-22 12:08:53 +0100 |
|---|---|---|
| committer | Vincent Petry <vincent@nextcloud.com> | 2021-03-26 13:07:05 +0100 |
| commit | b81a1c1bdbf7c7ca3e71a7c7cd7eb21edd0a3fb9 (patch) | |
| tree | f323c594c53cd5699c4a21ecb247f73e6662bc20 /lib/private/Avatar | |
| parent | a75f0e62fa0b9e140ba0dd8ffb2e928a5d3007dd (diff) | |
| download | nextcloud-server-b81a1c1bdbf7c7ca3e71a7c7cd7eb21edd0a3fb9.tar.gz nextcloud-server-b81a1c1bdbf7c7ca3e71a7c7cd7eb21edd0a3fb9.zip | |
Add new v2-private account scope
Added new v2-private account manager scope that restricts the scope
further by excluding public link access.
Avatars with v2-private account scope are now showing the guest avatar
instead of the real avatar.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Diffstat (limited to 'lib/private/Avatar')
| -rw-r--r-- | lib/private/Avatar/AvatarManager.php | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/lib/private/Avatar/AvatarManager.php b/lib/private/Avatar/AvatarManager.php index 5102396224d..03f3d89e5f6 100644 --- a/lib/private/Avatar/AvatarManager.php +++ b/lib/private/Avatar/AvatarManager.php @@ -36,6 +36,7 @@ namespace OC\Avatar; use OC\User\Manager; use OC\User\NoUserException; +use OCP\Accounts\IAccountManager; use OCP\Files\IAppData; use OCP\Files\NotFoundException; use OCP\Files\NotPermittedException; @@ -44,12 +45,16 @@ use OCP\IAvatarManager; use OCP\IConfig; use OCP\IL10N; use OCP\ILogger; +use OCP\IUserSession; /** * This class implements methods to access Avatar functionality */ class AvatarManager implements IAvatarManager { + /** @var IUserSession */ + private $userSession; + /** @var Manager */ private $userManager; @@ -65,6 +70,9 @@ class AvatarManager implements IAvatarManager { /** @var IConfig */ private $config; + /** @var IAccountManager */ + private $accountManager; + /** * AvatarManager constructor. * @@ -73,18 +81,23 @@ class AvatarManager implements IAvatarManager { * @param IL10N $l * @param ILogger $logger * @param IConfig $config + * @param IUserSession $userSession */ public function __construct( + IUserSession $userSession, Manager $userManager, IAppData $appData, IL10N $l, ILogger $logger, - IConfig $config) { + IConfig $config, + IAccountManager $accountManager) { + $this->userSession = $userSession; $this->userManager = $userManager; $this->appData = $appData; $this->l = $l; $this->logger = $logger; $this->config = $config; + $this->accountManager = $accountManager; } /** @@ -104,6 +117,27 @@ class AvatarManager implements IAvatarManager { // sanitize userID - fixes casing issue (needed for the filesystem stuff that is done below) $userId = $user->getUID(); + $requestingUser = null; + if ($this->userSession !== null) { + $requestingUser = $this->userSession->getUser(); + } + + $canShowRealAvatar = true; + + // requesting in public page + if ($requestingUser === null) { + $account = $this->accountManager->getAccount($user); + $avatarProperties = $account->getProperty(IAccountManager::PROPERTY_AVATAR); + $avatarScope = $avatarProperties->getScope(); + + // v2-private scope hides the avatar from public access + if ($avatarScope === IAccountManager::SCOPE_PRIVATE) { + // FIXME: guest avatar is re-generated every time, use a cache instead + // see how UserAvatar caches the generated one + return $this->getGuestAvatar($userId); + } + } + try { $folder = $this->appData->getFolder($userId); } catch (NotFoundException $e) { |