Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/ONLYOFFICE/onlyoffice-nextcloud.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/controller/editorcontroller.php
diff options
context:
space:
mode:
Diffstat (limited to 'controller/editorcontroller.php')
-rw-r--r--controller/editorcontroller.php45
1 files changed, 28 insertions, 17 deletions
diff --git a/controller/editorcontroller.php b/controller/editorcontroller.php
index fd56257..adbca48 100644
--- a/controller/editorcontroller.php
+++ b/controller/editorcontroller.php
@@ -1,7 +1,7 @@
<?php
/**
*
- * (c) Copyright Ascensio System SIA 2019
+ * (c) Copyright Ascensio System SIA 2020
*
* This program is a free software product.
* You can redistribute it and/or modify it under the terms of the GNU Affero General Public License
@@ -554,25 +554,35 @@ class EditorController extends Controller {
*/
public function config($fileId, $filePath = NULL, $shareToken = NULL, $directToken = null, $inframe = 0, $desktop = false) {
- if (empty($shareToken) && !$this->config->isUserAllowedToUse()) {
- if (empty($directToken)) {
+ if (!empty($directToken)) {
+ list ($directData, $error) = $this->crypt->ReadHash($directToken);
+ if ($directData === NULL) {
+ $this->logger->error("Config for directEditor with empty or not correct hash: $error", array("app" => $this->appName));
return ["error" => $this->trans->t("Not permitted")];
- } else {
- list ($directData, $error) = $this->crypt->ReadHash($directToken);
- if ($directData === NULL) {
- $this->logger->error("Config for directEditor with empty or not correct hash: $error", array("app" => $this->appName));
- return ["error" => $this->trans->t("Not permitted")];
- }
- if ($directData->action !== "direct") {
- $this->logger->error("Config for directEditor with other data", array("app" => $this->appName));
- return ["error" => $this->trans->t("Invalid request")];
- }
+ }
+ if ($directData->action !== "direct") {
+ $this->logger->error("Config for directEditor with other data", array("app" => $this->appName));
+ return ["error" => $this->trans->t("Invalid request")];
+ }
- $fileId = $directData->fileId;
- $userId = $directData->userId;
- $user = $this->userManager->get($userId);
+ $fileId = $directData->fileId;
+ $userId = $directData->userId;
+ if ($this->userSession->isLoggedIn()
+ && $userId === $this->userSession->getUser()->getUID()) {
+ $redirectUrl = $this->urlGenerator->linkToRouteAbsolute($this->appName . ".editor.index",
+ [
+ "fileId" => $fileId,
+ "filePath" => $filePath
+ ]);
+ return ["redirectUrl" => $redirectUrl];
}
+
+ $user = $this->userManager->get($userId);
} else {
+ if (empty($shareToken) && !$this->config->isUserAllowedToUse()) {
+ return ["error" => $this->trans->t("Not permitted")];
+ }
+
$user = $this->userSession->getUser();
$userId = NULL;
if (!empty($user)) {
@@ -962,7 +972,8 @@ class EditorController extends Controller {
}
}
} else {
- if ($watermarkSettings["shareAll"] && $file->getOwner()->getUID() !== $userId) {
+ if ($watermarkSettings["shareAll"]
+ && ($file->getOwner() === null || $file->getOwner()->getUID() !== $userId)) {
return $watermarkText;
}
if ($watermarkSettings["shareRead"] && !$canEdit) {
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-21 18:20:16 +0300