summaryrefslogtreecommitdiffstats
path: root/apps/dav/lib/Controller
diff options
context:
space:
mode:
Diffstat (limited to 'apps/dav/lib/Controller')
-rw-r--r--apps/dav/lib/Controller/DirectController.php16
1 files changed, 15 insertions, 1 deletions
diff --git a/apps/dav/lib/Controller/DirectController.php b/apps/dav/lib/Controller/DirectController.php
index 955400998cf..260ef3bae04 100644
--- a/apps/dav/lib/Controller/DirectController.php
+++ b/apps/dav/lib/Controller/DirectController.php
@@ -31,8 +31,11 @@ use OCA\DAV\Db\DirectMapper;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSNotFoundException;
+use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCSController;
use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\EventDispatcher\GenericEvent;
+use OCP\EventDispatcher\IEventDispatcher;
use OCP\Files\File;
use OCP\Files\IRootFolder;
use OCP\IRequest;
@@ -59,6 +62,8 @@ class DirectController extends OCSController {
/** @var IURLGenerator */
private $urlGenerator;
+ /** @var IEventDispatcher */
+ private $eventDispatcher;
public function __construct(string $appName,
IRequest $request,
@@ -67,7 +72,8 @@ class DirectController extends OCSController {
DirectMapper $mapper,
ISecureRandom $random,
ITimeFactory $timeFactory,
- IURLGenerator $urlGenerator) {
+ IURLGenerator $urlGenerator,
+ IEventDispatcher $eventDispatcher) {
parent::__construct($appName, $request);
$this->rootFolder = $rootFolder;
@@ -76,6 +82,7 @@ class DirectController extends OCSController {
$this->random = $random;
$this->timeFactory = $timeFactory;
$this->urlGenerator = $urlGenerator;
+ $this->eventDispatcher = $eventDispatcher;
}
/**
@@ -99,6 +106,13 @@ class DirectController extends OCSController {
throw new OCSBadRequestException('Direct download only works for files');
}
+ $event = new GenericEvent(null, ['path' => $userFolder->getRelativePath($file->getPath())]);
+ $this->eventDispatcher->dispatch('file.beforeGetDirect', $event);
+
+ if ($event->getArgument('run') === false) {
+ throw new OCSForbiddenException('Permission denied to download file');
+ }
+
//TODO: at some point we should use the directdownlaod function of storages
$direct = new Direct();
$direct->setUserId($this->userId);
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-27 14:53:25 +0000