aboutsummaryrefslogtreecommitdiffstats
path: root/apps/files_sharing/lib/Controller/ShareAPIController.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/files_sharing/lib/Controller/ShareAPIController.php')
-rw-r--r--apps/files_sharing/lib/Controller/ShareAPIController.php36
1 files changed, 34 insertions, 2 deletions
diff --git a/apps/files_sharing/lib/Controller/ShareAPIController.php b/apps/files_sharing/lib/Controller/ShareAPIController.php
index a19eb50faf7..095a8a75963 100644
--- a/apps/files_sharing/lib/Controller/ShareAPIController.php
+++ b/apps/files_sharing/lib/Controller/ShareAPIController.php
@@ -10,10 +10,12 @@ declare(strict_types=1);
namespace OCA\Files_Sharing\Controller;
use Exception;
+use OC\Core\AppInfo\ConfigLexicon;
use OC\Files\FileInfo;
use OC\Files\Storage\Wrapper\Wrapper;
use OCA\Circles\Api\v1\Circles;
use OCA\Deck\Sharing\ShareAPIHelper;
+use OCA\Federation\TrustedServers;
use OCA\Files\Helper;
use OCA\Files_Sharing\Exceptions\SharingRightsException;
use OCA\Files_Sharing\External\Storage;
@@ -41,6 +43,7 @@ use OCP\Files\Mount\IShareOwnerlessMount;
use OCP\Files\Node;
use OCP\Files\NotFoundException;
use OCP\HintException;
+use OCP\IAppConfig;
use OCP\IConfig;
use OCP\IDateTimeZone;
use OCP\IGroupManager;
@@ -74,6 +77,7 @@ use Psr\Log\LoggerInterface;
class ShareAPIController extends OCSController {
private ?Node $lockedNode = null;
+ private array $trustedServerCache = [];
/**
* Share20OCS constructor.
@@ -88,6 +92,7 @@ class ShareAPIController extends OCSController {
private IURLGenerator $urlGenerator,
private IL10N $l,
private IConfig $config,
+ private IAppConfig $appConfig,
private IAppManager $appManager,
private ContainerInterface $serverContainer,
private IUserStatusManager $userStatusManager,
@@ -97,6 +102,7 @@ class ShareAPIController extends OCSController {
private IProviderFactory $factory,
private IMailer $mailer,
private ITagManager $tagManager,
+ private ?TrustedServers $trustedServers,
private ?string $userId = null,
) {
parent::__construct($appName, $request);
@@ -199,6 +205,32 @@ class ShareAPIController extends OCSController {
$result['item_size'] = $node->getSize();
$result['item_mtime'] = $node->getMTime();
+ if ($this->trustedServers !== null && in_array($share->getShareType(), [IShare::TYPE_REMOTE, IShare::TYPE_REMOTE_GROUP], true)) {
+ $result['is_trusted_server'] = false;
+ $sharedWith = $share->getSharedWith();
+ $remoteIdentifier = is_string($sharedWith) ? strrchr($sharedWith, '@') : false;
+ if ($remoteIdentifier !== false) {
+ $remote = substr($remoteIdentifier, 1);
+
+ if (isset($this->trustedServerCache[$remote])) {
+ $result['is_trusted_server'] = $this->trustedServerCache[$remote];
+ } else {
+ try {
+ $isTrusted = $this->trustedServers->isTrustedServer($remote);
+ $this->trustedServerCache[$remote] = $isTrusted;
+ $result['is_trusted_server'] = $isTrusted;
+ } catch (\Exception $e) {
+ // Server not found or other issue, we consider it not trusted
+ $this->trustedServerCache[$remote] = false;
+ $this->logger->error(
+ 'Error checking if remote server is trusted (treating as untrusted): ' . $e->getMessage(),
+ ['exception' => $e]
+ );
+ }
+ }
+ }
+ }
+
$expiration = $share->getExpirationDate();
if ($expiration !== null) {
$expiration->setTimezone($this->dateTimeZone->getTimeZone());
@@ -969,9 +1001,9 @@ class ShareAPIController extends OCSController {
: Constants::PERMISSION_READ;
}
- // TODO: It might make sense to have a dedicated setting to allow/deny converting link shares into federated ones
if ($this->hasPermission($permissions, Constants::PERMISSION_READ)
- && $this->shareManager->outgoingServer2ServerSharesAllowed()) {
+ && $this->shareManager->outgoingServer2ServerSharesAllowed()
+ && $this->appConfig->getValueBool('core', ConfigLexicon::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES)) {
$permissions |= Constants::PERMISSION_SHARE;
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-03 05:46:49 +0000