From fe3d6f4bfe92f628fe190394d1f038d009f919a3 Mon Sep 17 00:00:00 2001
From: Jonas <jonas@freesources.org>
Date: Mon, 18 Sep 2023 16:20:17 +0200
Subject: [PATCH] WIP: fix(isLegitimatedForUserId): Setup mountpoints to check
 file access

This fixes workflows on groupfolders, as it will consider access to
files in groupfolders.

It also fixes false positives where access to files was limited by other
means not taken into account before, e.g. access control.

Fixes: nextcloud/flow_notifications#71

TODO:
* [ ] Remove obsolete code that uses `shareManager`
* [ ] Maybe also remove check for file owner (?)

Signed-off-by: Jonas <jonas@freesources.org>
---
 apps/workflowengine/lib/Entity/File.php | 30 +++++++++++++++++++++++--
 1 file changed, 28 insertions(+), 2 deletions(-)

diff --git a/apps/workflowengine/lib/Entity/File.php b/apps/workflowengine/lib/Entity/File.php
index 3f09fcd24a146..9f76f16bd8666 100644
--- a/apps/workflowengine/lib/Entity/File.php
+++ b/apps/workflowengine/lib/Entity/File.php
@@ -26,6 +26,7 @@
  */
 namespace OCA\WorkflowEngine\Entity;
 
+use OC\Files\Config\UserMountCache;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\GenericEvent;
 use OCP\Files\InvalidPathException;
@@ -77,6 +78,8 @@ class File implements IEntity, IDisplayText, IUrl, IIcon, IContextPortation {
 	private $actingUser = null;
 	/** @var IUserManager */
 	private $userManager;
+	/** @var UserMountCache */
+	private $userMountCache;
 
 	public function __construct(
 		IL10N $l10n,
@@ -86,7 +89,8 @@ public function __construct(
 		ShareManager $shareManager,
 		IUserSession $userSession,
 		ISystemTagManager $tagManager,
-		IUserManager $userManager
+		IUserManager $userManager,
+		UserMountCache $userMountCache
 	) {
 		$this->l10n = $l10n;
 		$this->urlGenerator = $urlGenerator;
@@ -96,6 +100,7 @@ public function __construct(
 		$this->userSession = $userSession;
 		$this->tagManager = $tagManager;
 		$this->userManager = $userManager;
+		$this->userMountCache = $userMountCache;
 	}
 
 	public function getName(): string {
@@ -137,11 +142,32 @@ public function prepareRuleMatcher(IRuleMatcher $ruleMatcher, string $eventName,
 	public function isLegitimatedForUserId(string $uid): bool {
 		try {
 			$node = $this->getNode();
+			// Is owner
 			if ($node->getOwner()->getUID() === $uid) {
 				return true;
 			}
+			// Has access to file
+			$fileId = $node->getId();
+			$mounts = $this->userMountCache->getMountsForFileId($fileId);
+			foreach ($mounts as $mount) {
+				$mountUID = $mount->getUser()->getUID();
+				if ($mountUID !== $uid) {
+					continue;
+				}
+
+				$userFolder = $this->root->getUserFolder($uid);
+				if (!empty($userFolder->getById($fileId))) {
+					return true;
+				}
+			}
+			// Has access to share
+			/*
 			$acl = $this->shareManager->getAccessList($node, true, true);
-			return isset($acl['users']) && array_key_exists($uid, $acl['users']);
+			if (isset($acl['users']) && array_key_exists($uid, $acl['users'])) {
+				return true;
+			}
+			*/
+			return false;
 		} catch (NotFoundException $e) {
 			return false;
 		}