From 28fdcb9719770618c4e68e6340d1f49a3804a901 Mon Sep 17 00:00:00 2001 From: Jonas Date: Mon, 18 Sep 2023 16:20:17 +0200 Subject: [PATCH] fix(isLegitimatedForUserId): Setup mountpoints to check file access This fixes workflows on groupfolders, as it will consider access to files in groupfolders. It also fixes false positives where access to files was limited by other means not taken into account before, e.g. access control. For postDelete events, check for permissions of the parent folder instead, as the file itself no longer exists. Fixes: nextcloud/flow_notifications#71 Signed-off-by: Jonas --- apps/workflowengine/lib/Entity/File.php | 30 +++++++++++++++++------ apps/workflowengine/tests/ManagerTest.php | 3 ++- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/apps/workflowengine/lib/Entity/File.php b/apps/workflowengine/lib/Entity/File.php index 5a2549b1f6591..0f47928eb222a 100644 --- a/apps/workflowengine/lib/Entity/File.php +++ b/apps/workflowengine/lib/Entity/File.php @@ -26,6 +26,7 @@ */ namespace OCA\WorkflowEngine\Entity; +use OC\Files\Config\UserMountCache; use OCP\EventDispatcher\Event; use OCP\EventDispatcher\GenericEvent; use OCP\Files\InvalidPathException; @@ -37,7 +38,6 @@ use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; -use OCP\Share\IManager as ShareManager; use OCP\SystemTag\ISystemTag; use OCP\SystemTag\ISystemTagManager; use OCP\SystemTag\MapperEvent; @@ -62,8 +62,6 @@ class File implements IEntity, IDisplayText, IUrl, IIcon, IContextPortation { protected $eventName; /** @var Event */ protected $event; - /** @var ShareManager */ - private $shareManager; /** @var IUserSession */ private $userSession; /** @var ISystemTagManager */ @@ -74,23 +72,25 @@ class File implements IEntity, IDisplayText, IUrl, IIcon, IContextPortation { private $actingUser = null; /** @var IUserManager */ private $userManager; + /** @var UserMountCache */ + private $userMountCache; public function __construct( IL10N $l10n, IURLGenerator $urlGenerator, IRootFolder $root, - ShareManager $shareManager, IUserSession $userSession, ISystemTagManager $tagManager, - IUserManager $userManager + IUserManager $userManager, + UserMountCache $userMountCache ) { $this->l10n = $l10n; $this->urlGenerator = $urlGenerator; $this->root = $root; - $this->shareManager = $shareManager; $this->userSession = $userSession; $this->tagManager = $tagManager; $this->userManager = $userManager; + $this->userMountCache = $userMountCache; } public function getName(): string { @@ -135,8 +135,22 @@ public function isLegitimatedForUserId(string $uid): bool { if ($node->getOwner()->getUID() === $uid) { return true; } - $acl = $this->shareManager->getAccessList($node, true, true); - return isset($acl['users']) && array_key_exists($uid, $acl['users']); + + if ($this->eventName === self::EVENT_NAMESPACE . 'postDelete') { + // At postDelete, the file no longer exists. Check for parent folder instead. + $fileId = $node->getParentId(); + } else { + $fileId = $node->getId(); + } + + $mounts = $this->userMountCache->getMountsForFileId($fileId, $uid); + foreach ($mounts as $mount) { + $userFolder = $this->root->getUserFolder($uid); + if (!empty($userFolder->getById($fileId))) { + return true; + } + } + return false; } catch (NotFoundException $e) { return false; } diff --git a/apps/workflowengine/tests/ManagerTest.php b/apps/workflowengine/tests/ManagerTest.php index fd95f024acddc..7d25bdc1e5b6e 100644 --- a/apps/workflowengine/tests/ManagerTest.php +++ b/apps/workflowengine/tests/ManagerTest.php @@ -26,6 +26,7 @@ */ namespace OCA\WorkflowEngine\Tests; +use OC\Files\Config\UserMountCache; use OC\L10N\L10N; use OCA\WorkflowEngine\Entity\File; use OCA\WorkflowEngine\Helper\ScopeContext; @@ -403,10 +404,10 @@ public function testUpdateOperation() { $this->l, $this->createMock(IURLGenerator::class), $this->createMock(IRootFolder::class), - $this->createMock(\OCP\Share\IManager::class), $this->createMock(IUserSession::class), $this->createMock(ISystemTagManager::class), $this->createMock(IUserManager::class), + $this->createMock(UserMountCache::class), ]) ->setMethodsExcept(['getEvents']) ->getMock();