From 4b4c0be6be66e1228d7e475fe9856f5be86930b0 Mon Sep 17 00:00:00 2001 From: Jonas Date: Mon, 18 Sep 2023 16:20:17 +0200 Subject: [PATCH] fix(isLegitimatedForUserId): Setup mountpoints to check file access This fixes workflows on groupfolders, as it will consider access to files in groupfolders. It also fixes false positives where access to files was limited by other means not taken into account before, e.g. access control. For postDelete events, check for permissions of the parent folder instead, as the file itself no longer exists. Fixes: nextcloud/flow_notifications#71 Signed-off-by: Jonas --- apps/workflowengine/lib/Entity/File.php | 30 +++++++++++++++++------ apps/workflowengine/tests/ManagerTest.php | 3 ++- 2 files changed, 24 insertions(+), 9 deletions(-) diff --git a/apps/workflowengine/lib/Entity/File.php b/apps/workflowengine/lib/Entity/File.php index 3f09fcd24a146..b6084266c5d98 100644 --- a/apps/workflowengine/lib/Entity/File.php +++ b/apps/workflowengine/lib/Entity/File.php @@ -26,6 +26,7 @@ */ namespace OCA\WorkflowEngine\Entity; +use OC\Files\Config\UserMountCache; use OCP\EventDispatcher\Event; use OCP\EventDispatcher\GenericEvent; use OCP\Files\InvalidPathException; @@ -38,7 +39,6 @@ use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; -use OCP\Share\IManager as ShareManager; use OCP\SystemTag\ISystemTag; use OCP\SystemTag\ISystemTagManager; use OCP\SystemTag\MapperEvent; @@ -65,8 +65,6 @@ class File implements IEntity, IDisplayText, IUrl, IIcon, IContextPortation { protected $eventName; /** @var Event */ protected $event; - /** @var ShareManager */ - private $shareManager; /** @var IUserSession */ private $userSession; /** @var ISystemTagManager */ @@ -77,25 +75,27 @@ class File implements IEntity, IDisplayText, IUrl, IIcon, IContextPortation { private $actingUser = null; /** @var IUserManager */ private $userManager; + /** @var UserMountCache */ + private $userMountCache; public function __construct( IL10N $l10n, IURLGenerator $urlGenerator, IRootFolder $root, ILogger $logger, - ShareManager $shareManager, IUserSession $userSession, ISystemTagManager $tagManager, - IUserManager $userManager + IUserManager $userManager, + UserMountCache $userMountCache ) { $this->l10n = $l10n; $this->urlGenerator = $urlGenerator; $this->root = $root; $this->logger = $logger; - $this->shareManager = $shareManager; $this->userSession = $userSession; $this->tagManager = $tagManager; $this->userManager = $userManager; + $this->userMountCache = $userMountCache; } public function getName(): string { @@ -140,8 +140,22 @@ public function isLegitimatedForUserId(string $uid): bool { if ($node->getOwner()->getUID() === $uid) { return true; } - $acl = $this->shareManager->getAccessList($node, true, true); - return isset($acl['users']) && array_key_exists($uid, $acl['users']); + + if ($this->eventName === self::EVENT_NAMESPACE . 'postDelete') { + // At postDelete, the file no longer exists. Check for parent folder instead. + $fileId = $node->getParent()->getId(); + } else { + $fileId = $node->getId(); + } + + $mounts = $this->userMountCache->getMountsForFileId($fileId, $uid); + foreach ($mounts as $mount) { + $userFolder = $this->root->getUserFolder($uid); + if (!empty($userFolder->getById($fileId))) { + return true; + } + } + return false; } catch (NotFoundException $e) { return false; } diff --git a/apps/workflowengine/tests/ManagerTest.php b/apps/workflowengine/tests/ManagerTest.php index 543b4550ca6aa..5f92c603e1475 100644 --- a/apps/workflowengine/tests/ManagerTest.php +++ b/apps/workflowengine/tests/ManagerTest.php @@ -26,6 +26,7 @@ */ namespace OCA\WorkflowEngine\Tests; +use OC\Files\Config\UserMountCache; use OC\L10N\L10N; use OCA\WorkflowEngine\Entity\File; use OCA\WorkflowEngine\Helper\ScopeContext; @@ -408,10 +409,10 @@ public function testUpdateOperation() { $this->createMock(IURLGenerator::class), $this->createMock(IRootFolder::class), $this->createMock(ILogger::class), - $this->createMock(\OCP\Share\IManager::class), $this->createMock(IUserSession::class), $this->createMock(ISystemTagManager::class), $this->createMock(IUserManager::class), + $this->createMock(UserMountCache::class), ]) ->setMethodsExcept(['getEvents']) ->getMock();