From a4d98c814e453c330b4abaeeed04b93cbb98f9d5 Mon Sep 17 00:00:00 2001 From: Jonas Date: Mon, 18 Sep 2023 16:20:17 +0200 Subject: [PATCH] fix(isLegitimatedForUserId): Setup mountpoints to check file access This fixes workflows on groupfolders, as it will consider access to files in groupfolders. It also fixes false positives where access to files was limited by other means not taken into account before, e.g. access control. Fixes: nextcloud/flow_notifications#71 Signed-off-by: Jonas --- apps/workflowengine/lib/Entity/File.php | 25 +++++++++++++---------- apps/workflowengine/tests/ManagerTest.php | 3 ++- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/apps/workflowengine/lib/Entity/File.php b/apps/workflowengine/lib/Entity/File.php index 3f09fcd24a146..83a18565bea67 100644 --- a/apps/workflowengine/lib/Entity/File.php +++ b/apps/workflowengine/lib/Entity/File.php @@ -26,6 +26,7 @@ */ namespace OCA\WorkflowEngine\Entity; +use OC\Files\Config\UserMountCache; use OCP\EventDispatcher\Event; use OCP\EventDispatcher\GenericEvent; use OCP\Files\InvalidPathException; @@ -38,7 +39,6 @@ use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; -use OCP\Share\IManager as ShareManager; use OCP\SystemTag\ISystemTag; use OCP\SystemTag\ISystemTagManager; use OCP\SystemTag\MapperEvent; @@ -65,8 +65,6 @@ class File implements IEntity, IDisplayText, IUrl, IIcon, IContextPortation { protected $eventName; /** @var Event */ protected $event; - /** @var ShareManager */ - private $shareManager; /** @var IUserSession */ private $userSession; /** @var ISystemTagManager */ @@ -77,25 +75,27 @@ class File implements IEntity, IDisplayText, IUrl, IIcon, IContextPortation { private $actingUser = null; /** @var IUserManager */ private $userManager; + /** @var UserMountCache */ + private $userMountCache; public function __construct( IL10N $l10n, IURLGenerator $urlGenerator, IRootFolder $root, ILogger $logger, - ShareManager $shareManager, IUserSession $userSession, ISystemTagManager $tagManager, - IUserManager $userManager + IUserManager $userManager, + UserMountCache $userMountCache ) { $this->l10n = $l10n; $this->urlGenerator = $urlGenerator; $this->root = $root; $this->logger = $logger; - $this->shareManager = $shareManager; $this->userSession = $userSession; $this->tagManager = $tagManager; $this->userManager = $userManager; + $this->userMountCache = $userMountCache; } public function getName(): string { @@ -136,12 +136,15 @@ public function prepareRuleMatcher(IRuleMatcher $ruleMatcher, string $eventName, public function isLegitimatedForUserId(string $uid): bool { try { - $node = $this->getNode(); - if ($node->getOwner()->getUID() === $uid) { - return true; + $fileId = $this->getNode()->getId(); + $mounts = $this->userMountCache->getMountsForFileId($fileId, $uid); + foreach ($mounts as $mount) { + $userFolder = $this->root->getUserFolder($uid); + if (!empty($userFolder->getById($fileId))) { + return true; + } } - $acl = $this->shareManager->getAccessList($node, true, true); - return isset($acl['users']) && array_key_exists($uid, $acl['users']); + return false; } catch (NotFoundException $e) { return false; } diff --git a/apps/workflowengine/tests/ManagerTest.php b/apps/workflowengine/tests/ManagerTest.php index 213daf49415f2..7d56b76ebbf79 100644 --- a/apps/workflowengine/tests/ManagerTest.php +++ b/apps/workflowengine/tests/ManagerTest.php @@ -26,6 +26,7 @@ */ namespace OCA\WorkflowEngine\Tests; +use OC\Files\Config\UserMountCache; use OC\L10N\L10N; use OCA\WorkflowEngine\Entity\File; use OCA\WorkflowEngine\Helper\ScopeContext; @@ -406,8 +407,8 @@ public function testUpdateOperation() { $this->createMock(ILogger::class), $this->createMock(\OCP\Share\IManager::class), $this->createMock(IUserSession::class), - $this->createMock(ISystemTagManager::class), $this->createMock(IUserManager::class), + $this->createMock(UserMountCache::class), ]) ->setMethodsExcept(['getEvents']) ->getMock();