Fix write-only workspace : wrong response header - do not show activi…

…ty log. Close #1367
pydio · Dec 11, 2017 · d269928 · d269928
1 parent 64bd811
commit d269928
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/core/src/core/src/pydio/Core/Controller/Controller.php b/core/src/core/src/pydio/Core/Controller/Controller.php
@@ -228,6 +228,7 @@ public static function run(ServerRequestInterface $request, &$actionNode = null)
                         && $loggedUser->canWrite($ctx->getRepositoryId()."")){
                         // Special case of "write only" right : return empty listing, no auth error.
                         $response = new Response();
+                        $response = $response->withHeader("Content-type", "text/xml");
                         $response->getBody()->write(XMLHelper::wrapDocument(""));
                         return $response;
                     }else{

diff --git a/core/src/plugins/core.notifications/NotificationCenter.php b/core/src/plugins/core.notifications/NotificationCenter.php
@@ -279,14 +279,19 @@ public function loadUserFeed(\Psr\Http\Message\ServerRequestInterface $requestIn
         $userGroup = $u->getGroupPath();
         $authRepos = array();
         $crtRepId = $ctx->getRepositoryId();
-        if (isSet($httpVars["repository_id"]) && $u->getMergedRole()->canRead($httpVars["repository_id"])) {
+        if (isSet($httpVars["repository_id"])) {
             $authRepos[] = $httpVars["repository_id"];
         } else if (isSet($httpVars["current_repository"]) && $httpVars['current_repository'] === 'true'){
             $authRepos[] = $crtRepId;
         } else {
             $accessibleRepos =  \Pydio\Core\Services\UsersService::getRepositoriesForUser($u, false);
             $authRepos = array_keys($accessibleRepos);
         }
+        foreach($authRepos as $key => $repoId){
+            if(!$u->getMergedRole()->canRead($repoId)){
+                unset($authRepos[$key]);
+            }
+        }
         $offset = isSet($httpVars["offset"]) ? intval($httpVars["offset"]): 0;
         $limit = isSet($httpVars["limit"]) ? intval($httpVars["limit"]): 15;
         if(!isSet($httpVars["feed_type"]) || $httpVars["feed_type"] == "notif" || $httpVars["feed_type"] == "all"){
@@ -454,12 +459,15 @@ public function loadUserAlerts(ServerRequestInterface $requestInterface, Respons
         $repositoryFilter = null;
         $httpVars = $requestInterface->getParsedBody();
 
-        if (isSet($httpVars["repository_id"]) && $u->getMergedRole()->canRead($httpVars["repository_id"])) {
+        if (isSet($httpVars["repository_id"])) {
             $repositoryFilter = $httpVars["repository_id"];
         }
         if ($repositoryFilter === null && isSet($httpVars['current_repository']) && $httpVars['current_repository'] === 'true') {
             $repositoryFilter = $ctx->getRepositoryId();
         }
+        if(!$u->getMergedRole()->canRead($repositoryFilter)){
+            return;
+        }
         $res = $this->eventStore->loadAlerts($u, $repositoryFilter);
         if(!count($res)) return;