diff options
Diffstat (limited to 'controller')
| -rw-r--r-- | controller/callbackcontroller.php | 6 | ||||
| -rw-r--r-- | controller/editorcontroller.php | 45 | ||||
| -rw-r--r-- | controller/federationcontroller.php | 2 | ||||
| -rw-r--r-- | controller/settingscontroller.php | 3 |
4 files changed, 36 insertions, 20 deletions
diff --git a/controller/callbackcontroller.php b/controller/callbackcontroller.php index 4034752..6cfd234 100644 --- a/controller/callbackcontroller.php +++ b/controller/callbackcontroller.php @@ -1,7 +1,7 @@ <?php /** * - * (c) Copyright Ascensio System SIA 2019 + * (c) Copyright Ascensio System SIA 2020 * * This program is a free software product. * You can redistribute it and/or modify it under the terms of the GNU Affero General Public License @@ -393,6 +393,10 @@ class CallbackController extends Controller { $user = $this->userManager->get($userId); if (!empty($user)) { \OC_Util::setupFS($userId); + + if ($userId === $hashData->userId) { + $filePath = $hashData->filePath; + } } else { if (empty($shareToken)) { // author of the callback link diff --git a/controller/editorcontroller.php b/controller/editorcontroller.php index fd56257..adbca48 100644 --- a/controller/editorcontroller.php +++ b/controller/editorcontroller.php @@ -1,7 +1,7 @@ <?php /** * - * (c) Copyright Ascensio System SIA 2019 + * (c) Copyright Ascensio System SIA 2020 * * This program is a free software product. * You can redistribute it and/or modify it under the terms of the GNU Affero General Public License @@ -554,25 +554,35 @@ class EditorController extends Controller { */ public function config($fileId, $filePath = NULL, $shareToken = NULL, $directToken = null, $inframe = 0, $desktop = false) { - if (empty($shareToken) && !$this->config->isUserAllowedToUse()) { - if (empty($directToken)) { + if (!empty($directToken)) { + list ($directData, $error) = $this->crypt->ReadHash($directToken); + if ($directData === NULL) { + $this->logger->error("Config for directEditor with empty or not correct hash: $error", array("app" => $this->appName)); return ["error" => $this->trans->t("Not permitted")]; - } else { - list ($directData, $error) = $this->crypt->ReadHash($directToken); - if ($directData === NULL) { - $this->logger->error("Config for directEditor with empty or not correct hash: $error", array("app" => $this->appName)); - return ["error" => $this->trans->t("Not permitted")]; - } - if ($directData->action !== "direct") { - $this->logger->error("Config for directEditor with other data", array("app" => $this->appName)); - return ["error" => $this->trans->t("Invalid request")]; - } + } + if ($directData->action !== "direct") { + $this->logger->error("Config for directEditor with other data", array("app" => $this->appName)); + return ["error" => $this->trans->t("Invalid request")]; + } - $fileId = $directData->fileId; - $userId = $directData->userId; - $user = $this->userManager->get($userId); + $fileId = $directData->fileId; + $userId = $directData->userId; + if ($this->userSession->isLoggedIn() + && $userId === $this->userSession->getUser()->getUID()) { + $redirectUrl = $this->urlGenerator->linkToRouteAbsolute($this->appName . ".editor.index", + [ + "fileId" => $fileId, + "filePath" => $filePath + ]); + return ["redirectUrl" => $redirectUrl]; } + + $user = $this->userManager->get($userId); } else { + if (empty($shareToken) && !$this->config->isUserAllowedToUse()) { + return ["error" => $this->trans->t("Not permitted")]; + } + $user = $this->userSession->getUser(); $userId = NULL; if (!empty($user)) { @@ -962,7 +972,8 @@ class EditorController extends Controller { } } } else { - if ($watermarkSettings["shareAll"] && $file->getOwner()->getUID() !== $userId) { + if ($watermarkSettings["shareAll"] + && ($file->getOwner() === null || $file->getOwner()->getUID() !== $userId)) { return $watermarkText; } if ($watermarkSettings["shareRead"] && !$canEdit) { diff --git a/controller/federationcontroller.php b/controller/federationcontroller.php index a3117cb..36c9f50 100644 --- a/controller/federationcontroller.php +++ b/controller/federationcontroller.php @@ -1,7 +1,7 @@ <?php /** * - * (c) Copyright Ascensio System SIA 2019 + * (c) Copyright Ascensio System SIA 2020 * * This program is a free software product. * You can redistribute it and/or modify it under the terms of the GNU Affero General Public License diff --git a/controller/settingscontroller.php b/controller/settingscontroller.php index 4c70947..7292ce6 100644 --- a/controller/settingscontroller.php +++ b/controller/settingscontroller.php @@ -1,7 +1,7 @@ <?php /** * - * (c) Copyright Ascensio System SIA 2019 + * (c) Copyright Ascensio System SIA 2020 * * This program is a free software product. * You can redistribute it and/or modify it under the terms of the GNU Affero General Public License @@ -152,6 +152,7 @@ class SettingsController extends Controller { $secret, $demo ) { + $error = null; if (!$this->config->SelectDemo($demo === true)) { $error = $this->trans->t("The 30-day test period is over, you can no longer connect to demo ONLYOFFICE Document Server."); } |