aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller/PreviewController.php
diff options
context:
space:
mode:
Diffstat (limited to 'core/Controller/PreviewController.php')
-rw-r--r--core/Controller/PreviewController.php12
1 files changed, 9 insertions, 3 deletions
diff --git a/core/Controller/PreviewController.php b/core/Controller/PreviewController.php
index a3b826c19e6..a4983f2fbbe 100644
--- a/core/Controller/PreviewController.php
+++ b/core/Controller/PreviewController.php
@@ -21,6 +21,7 @@ use OCP\Files\File;
use OCP\Files\IRootFolder;
use OCP\Files\Node;
use OCP\Files\NotFoundException;
+use OCP\IConfig;
use OCP\IPreview;
use OCP\IRequest;
use OCP\Preview\IMimeIconProvider;
@@ -33,6 +34,7 @@ class PreviewController extends Controller {
private IRootFolder $root,
private ?string $userId,
private IMimeIconProvider $mimeIconProvider,
+ private IConfig $config,
) {
parent::__construct($appName, $request);
}
@@ -145,12 +147,16 @@ class PreviewController extends Controller {
return new DataResponse([], Http::STATUS_NOT_FOUND);
}
+ /** @var SharedStorage $storage */
$storage = $node->getStorage();
if ($storage->instanceOfStorage(SharedStorage::class)) {
- /** @var SharedStorage $storage */
$share = $storage->getShare();
- $attributes = $share->getAttributes();
- if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {
+ $allowedFileExtensions = $this->config->getSystemValue('allowed_view_extensions', []);
+ $isAllowedToViewForExtension = $allowedFileExtensions && in_array($node->getExtension(), $allowedFileExtensions, true);
+ $shareAttributes = $share->getAttributes();
+ $isAllowedByShare = $shareAttributes === null || $shareAttributes->getAttribute('permissions', 'download') !== false;
+
+ if (!$isAllowedToViewForExtension && !$isAllowedByShare) {
return new DataResponse([], Http::STATUS_FORBIDDEN);
}
}
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-05 20:02:45 +0000