aboutsummaryrefslogtreecommitdiffstats
path: root/apps/files_sharing
diff options
context:
space:
mode:
Diffstat (limited to 'apps/files_sharing')
-rw-r--r--apps/files_sharing/lib/Controller/PublicPreviewController.php16
-rw-r--r--apps/files_sharing/lib/ViewOnly.php13
-rw-r--r--apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php121
3 files changed, 128 insertions, 22 deletions
diff --git a/apps/files_sharing/lib/Controller/PublicPreviewController.php b/apps/files_sharing/lib/Controller/PublicPreviewController.php
index 9678aa67888..da71aca904c 100644
--- a/apps/files_sharing/lib/Controller/PublicPreviewController.php
+++ b/apps/files_sharing/lib/Controller/PublicPreviewController.php
@@ -78,6 +78,8 @@ class PublicPreviewController extends PublicShareController {
int $y = 32,
$a = false,
) {
+ $cacheForSeconds = 60 * 60 * 24; // 1 day
+
if ($token === '' || $x === 0 || $y === 0) {
return new DataResponse([], Http::STATUS_BAD_REQUEST);
}
@@ -93,7 +95,17 @@ class PublicPreviewController extends PublicShareController {
}
$attributes = $share->getAttributes();
- if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {
+ // Only explicitly set to false will forbid the download!
+ $downloadForbidden = $attributes?->getAttribute('permissions', 'download') === false;
+ // Is this header is set it means our UI is doing a preview for no-download shares
+ // we check a header so we at least prevent people from using the link directly (obfuscation)
+ $isPublicPreview = $this->request->getHeader('X-NC-Preview') === 'true';
+
+ if ($isPublicPreview && $downloadForbidden) {
+ // Only cache for 15 minutes on public preview requests to quickly remove from cache
+ $cacheForSeconds = 15 * 60;
+ } elseif ($downloadForbidden) {
+ // This is not a public share preview so we only allow a preview if download permissions are granted
return new DataResponse([], Http::STATUS_FORBIDDEN);
}
@@ -107,7 +119,7 @@ class PublicPreviewController extends PublicShareController {
$f = $this->previewManager->getPreview($file, $x, $y, !$a);
$response = new FileDisplayResponse($f, Http::STATUS_OK, ['Content-Type' => $f->getMimeType()]);
- $response->cacheFor(3600 * 24);
+ $response->cacheFor($cacheForSeconds);
return $response;
} catch (NotFoundException $e) {
return new DataResponse([], Http::STATUS_NOT_FOUND);
diff --git a/apps/files_sharing/lib/ViewOnly.php b/apps/files_sharing/lib/ViewOnly.php
index 9cd18f968f6..2204d26388b 100644
--- a/apps/files_sharing/lib/ViewOnly.php
+++ b/apps/files_sharing/lib/ViewOnly.php
@@ -89,17 +89,10 @@ class ViewOnly {
/** @var SharedStorage $storage */
$share = $storage->getShare();
- $canDownload = true;
-
- // Check if read-only and on whether permission can download is both set and disabled.
+ // Check whether download-permission was denied (granted if not set)
$attributes = $share->getAttributes();
- if ($attributes !== null) {
- $canDownload = $attributes->getAttribute('permissions', 'download');
- }
+ $canDownload = $attributes?->getAttribute('permissions', 'download');
- if ($canDownload !== null && !$canDownload) {
- return false;
- }
- return true;
+ return $canDownload !== false;
}
}
diff --git a/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php b/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php
index 700406c97ba..bd64cfc60b4 100644
--- a/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php
+++ b/apps/files_sharing/tests/Controller/PublicPreviewControllerTest.php
@@ -19,6 +19,7 @@ use OCP\IPreview;
use OCP\IRequest;
use OCP\ISession;
use OCP\Share\Exceptions\ShareNotFound;
+use OCP\Share\IAttributes;
use OCP\Share\IManager;
use OCP\Share\IShare;
use PHPUnit\Framework\MockObject\MockObject;
@@ -26,15 +27,12 @@ use Test\TestCase;
class PublicPreviewControllerTest extends TestCase {
- /** @var IPreview|\PHPUnit\Framework\MockObject\MockObject */
- private $previewManager;
- /** @var IManager|\PHPUnit\Framework\MockObject\MockObject */
- private $shareManager;
- /** @var ITimeFactory|MockObject */
- private $timeFactory;
+ private IPreview&MockObject $previewManager;
+ private IManager&MockObject $shareManager;
+ private ITimeFactory&MockObject $timeFactory;
+ private IRequest&MockObject $request;
- /** @var PublicPreviewController */
- private $controller;
+ private PublicPreviewController $controller;
protected function setUp(): void {
parent::setUp();
@@ -42,6 +40,7 @@ class PublicPreviewControllerTest extends TestCase {
$this->previewManager = $this->createMock(IPreview::class);
$this->shareManager = $this->createMock(IManager::class);
$this->timeFactory = $this->createMock(ITimeFactory::class);
+ $this->request = $this->createMock(IRequest::class);
$this->timeFactory->method('getTime')
->willReturn(1337);
@@ -50,7 +49,7 @@ class PublicPreviewControllerTest extends TestCase {
$this->controller = new PublicPreviewController(
'files_sharing',
- $this->createMock(IRequest::class),
+ $this->request,
$this->shareManager,
$this->createMock(ISession::class),
$this->previewManager
@@ -104,7 +103,109 @@ class PublicPreviewControllerTest extends TestCase {
$this->assertEquals($expected, $res);
}
- public function testPreviewFile(): void {
+ public function testShareNoDownload() {
+ $share = $this->createMock(IShare::class);
+ $this->shareManager->method('getShareByToken')
+ ->with($this->equalTo('token'))
+ ->willReturn($share);
+
+ $share->method('getPermissions')
+ ->willReturn(Constants::PERMISSION_READ);
+
+ $attributes = $this->createMock(IAttributes::class);
+ $attributes->method('getAttribute')
+ ->with('permissions', 'download')
+ ->willReturn(false);
+ $share->method('getAttributes')
+ ->willReturn($attributes);
+
+ $res = $this->controller->getPreview('token', 'file', 10, 10);
+ $expected = new DataResponse([], Http::STATUS_FORBIDDEN);
+
+ $this->assertEquals($expected, $res);
+ }
+
+ public function testShareNoDownloadButPreviewHeader() {
+ $share = $this->createMock(IShare::class);
+ $this->shareManager->method('getShareByToken')
+ ->with($this->equalTo('token'))
+ ->willReturn($share);
+
+ $share->method('getPermissions')
+ ->willReturn(Constants::PERMISSION_READ);
+
+ $attributes = $this->createMock(IAttributes::class);
+ $attributes->method('getAttribute')
+ ->with('permissions', 'download')
+ ->willReturn(false);
+ $share->method('getAttributes')
+ ->willReturn($attributes);
+
+ $this->request->method('getHeader')
+ ->with('X-NC-Preview')
+ ->willReturn('true');
+
+ $file = $this->createMock(File::class);
+ $share->method('getNode')
+ ->willReturn($file);
+
+ $preview = $this->createMock(ISimpleFile::class);
+ $preview->method('getName')->willReturn('name');
+ $preview->method('getMTime')->willReturn(42);
+ $this->previewManager->method('getPreview')
+ ->with($this->equalTo($file), 10, 10, false)
+ ->willReturn($preview);
+
+ $preview->method('getMimeType')
+ ->willReturn('myMime');
+
+ $res = $this->controller->getPreview('token', 'file', 10, 10, true);
+ $expected = new FileDisplayResponse($preview, Http::STATUS_OK, ['Content-Type' => 'myMime']);
+ $expected->cacheFor(15 * 60);
+ $this->assertEquals($expected, $res);
+ }
+
+ public function testShareWithAttributes() {
+ $share = $this->createMock(IShare::class);
+ $this->shareManager->method('getShareByToken')
+ ->with($this->equalTo('token'))
+ ->willReturn($share);
+
+ $share->method('getPermissions')
+ ->willReturn(Constants::PERMISSION_READ);
+
+ $attributes = $this->createMock(IAttributes::class);
+ $attributes->method('getAttribute')
+ ->with('permissions', 'download')
+ ->willReturn(true);
+ $share->method('getAttributes')
+ ->willReturn($attributes);
+
+ $this->request->method('getHeader')
+ ->with('X-NC-Preview')
+ ->willReturn('true');
+
+ $file = $this->createMock(File::class);
+ $share->method('getNode')
+ ->willReturn($file);
+
+ $preview = $this->createMock(ISimpleFile::class);
+ $preview->method('getName')->willReturn('name');
+ $preview->method('getMTime')->willReturn(42);
+ $this->previewManager->method('getPreview')
+ ->with($this->equalTo($file), 10, 10, false)
+ ->willReturn($preview);
+
+ $preview->method('getMimeType')
+ ->willReturn('myMime');
+
+ $res = $this->controller->getPreview('token', 'file', 10, 10, true);
+ $expected = new FileDisplayResponse($preview, Http::STATUS_OK, ['Content-Type' => 'myMime']);
+ $expected->cacheFor(3600 * 24);
+ $this->assertEquals($expected, $res);
+ }
+
+ public function testPreviewFile() {
$share = $this->createMock(IShare::class);
$this->shareManager->method('getShareByToken')
->with($this->equalTo('token'))
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-05 16:38:25 +0000