diff options
| author | Marcel Klehr <mklehr@gmx.net> | 2024-05-06 10:03:24 +0200 |
|---|---|---|
| committer | Marcel Klehr <mklehr@gmx.net> | 2024-05-14 11:38:40 +0200 |
| commit | 6203c1c7da21041717e0ec2ecb3ba7f957822c74 (patch) | |
| tree | 2015a28fb15602d37de686ebb3aebee4cf0aee7c /lib/private | |
| parent | 996e5074ca43fbb049f496292a921012c3a49d63 (diff) | |
| download | nextcloud-server-6203c1c7da21041717e0ec2ecb3ba7f957822c74.tar.gz nextcloud-server-6203c1c7da21041717e0ec2ecb3ba7f957822c74.zip | |
fix: Check if user is authorized to use the files they mentioned
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
Diffstat (limited to 'lib/private')
| -rw-r--r-- | lib/private/TaskProcessing/Manager.php | 30 |
1 files changed, 29 insertions, 1 deletions
diff --git a/lib/private/TaskProcessing/Manager.php b/lib/private/TaskProcessing/Manager.php index a72c0813e89..2a09efacdf1 100644 --- a/lib/private/TaskProcessing/Manager.php +++ b/lib/private/TaskProcessing/Manager.php @@ -52,6 +52,7 @@ use OCP\TaskProcessing\Events\TaskFailedEvent; use OCP\TaskProcessing\Events\TaskSuccessfulEvent; use OCP\TaskProcessing\Exception\NotFoundException; use OCP\TaskProcessing\Exception\ProcessingException; +use OCP\TaskProcessing\Exception\UnauthorizedException; use OCP\TaskProcessing\Exception\ValidationException; use OCP\TaskProcessing\IManager; use OCP\TaskProcessing\IProvider; @@ -93,6 +94,7 @@ class Manager implements IManager { private \OCP\TextProcessing\IManager $textProcessingManager, private \OCP\TextToImage\IManager $textToImageManager, private \OCP\SpeechToText\ISpeechToTextManager $speechToTextManager, + private \OCP\Share\IManager $shareManager, ) { $this->appData = $appDataFactory->get('core'); } @@ -553,7 +555,7 @@ class Manager implements IManager { public function scheduleTask(Task $task): void { if (!$this->canHandleTask($task)) { - throw new PreConditionNotMetException('No task processing provider is installed that can handle this task type: ' . $task->getTaskTypeId()); + throw new \OCP\TaskProcessing\Exception\PreConditionNotMetException('No task processing provider is installed that can handle this task type: ' . $task->getTaskTypeId()); } $taskTypes = $this->getAvailableTaskTypes(); $inputShape = $taskTypes[$task->getTaskTypeId()]['inputShape']; @@ -561,6 +563,32 @@ class Manager implements IManager { // validate input $this->validateInput($inputShape, $task->getInput()); $this->validateInput($optionalInputShape, $task->getInput(), true); + // authenticate access to mentioned files + $ids = []; + foreach ($inputShape + $optionalInputShape as $key => $descriptor) { + if (in_array(EShapeType::getScalarType($descriptor->getShapeType()), [EShapeType::File, EShapeType::Image, EShapeType::Audio, EShapeType::Video], true)) { + if (is_array($task->getInput()[$key])) { + $ids += $task->getInput()[$key]; + } else { + $ids[] = $task->getInput()[$key]; + } + } + } + foreach ($ids as $fileId) { + $node = $this->rootFolder->getFirstNodeById($fileId); + if ($node === null) { + $node = $this->rootFolder->getFirstNodeByIdInPath($fileId, '/' . $this->rootFolder->getAppDataDirectoryName() . '/'); + if ($node === null) { + throw new ValidationException('Could not find file ' . $fileId); + } + } + /** @var array{users:array<string,array{node_id:int, node_path: string}>, remote: array<string,array{node_id:int, node_path: string}>, mail: array<string,array{node_id:int, node_path: string}>} $accessList */ + $accessList = $this->shareManager->getAccessList($node, true, true); + $userIds = array_map(fn ($id) => strval($id), array_keys($accessList['users'])); + if (!in_array($task->getUserId(), $userIds)) { + throw new UnauthorizedException('User ' . $task->getUserId() . ' does not have access to file ' . $fileId); + } + } // remove superfluous keys and set input $task->setInput($this->removeSuperfluousArrayKeys($task->getInput(), $inputShape, $optionalInputShape)); $task->setStatus(Task::STATUS_SCHEDULED); |