verify acl enabled for mountpointenh/noid/check-groupfolders-acl

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>

2 files changed, 16 insertions, 7 deletions

diff --git a/lib/FilesHooks.php b/lib/FilesHooks.php
index a416910f..5ab554b8 100755
--- a/lib/FilesHooks.php
+++ b/lib/FilesHooks.php
@@ -31,6 +31,7 @@ use OCA\Activity\BackgroundJob\RemoteActivity;
 use OCA\Activity\Extension\Files;
 use OCA\Activity\Extension\Files_Sharing;
 use OCP\Activity\IManager;
+use OCP\Constants;
 use OCP\Files\Config\IUserMountCache;
 use OCP\Files\IRootFolder;
 use OCP\Files\Mount\IMountPoint;
@@ -1251,8 +1252,10 @@ class FilesHooks {
 	 */
 	private function getUnrelatedUsers(int $fileId, array $cachedMounts): array {
 		/** @var \OCA\GroupFolders\ACL\RuleManager $ruleManager */
+		/** @var \OCA\GroupFolders\Folder\FolderManager $folderManager */
 		try {
 			$ruleManager = \OC::$server->get(\OCA\GroupFolders\ACL\RuleManager::class);
+			$folderManager = \OC::$server->get(\OCA\GroupFolders\Folder\FolderManager::class);
 		} catch (\Exception $e) {
 			return []; // if we have no access to RuleManager, we cannot filter unrelated users
 		}
@@ -1279,18 +1282,24 @@ class FilesHooks {
 				try {
 					$node = $this->rootFolder->get($fullPath);
 					$mountPoint = $node->getMountPoint();
-					$folderId = $mountPoint->getFolderId();
+
+					if (!$mountPoint instanceof \OCA\GroupFolders\Mount\GroupMountPoint
+						|| !$folderManager->getFolderAclEnabled($mountPoint->getFolderId())) {
+						continue; // acl are disable
+					}
+
+					$folderPath = $mountPoint->getSourcePath();
 					$path = substr($fullPath, strlen($mountPoint->getMountPoint()));
 				} catch (\Exception $e) {
 					// in case of issue during the process, we can imagine the user have no access to the file
-					$usersToCheck[] = $fullPath;
+					$usersToCheck[] = $cachedMount['userId'];
 					continue; // we'll catch rules on next user with access to the file
 				}
 
 				// we generate a list of path from top level of group folder to the file itself to get all rules
-				$paths = ['__groupfolders/' . $folderId];
+				$paths = [$folderPath];
 				while ($path !== '') {
-					$paths[] = '__groupfolders/' . $folderId . '/' . $path;
+					$paths[] = $folderPath . '/' . $path;
 					$path = dirname($path);
 					if ($path === '.' || $path === '/') {
 						$path = '';
@@ -1320,7 +1329,7 @@ class FilesHooks {
 		// that might not have access to fileId
 		foreach ($rules as $rule) {
 			if (($rule->getMask() & 1) === 0
-				|| ($rule->getPermissions() & 1) !== 0) {
+				|| ($rule->getPermissions() & Constants::PERMISSION_READ) !== 0) {
 				continue; // not interested of rules with 'mask' not including read capability (1), or if 'permission' does
 			}
 
@@ -1351,7 +1360,7 @@ class FilesHooks {
 		}
 
 
-		// now that we have a list of 'unstable' users, we confirm they have no access to the file
+		// now that we have a list of eventuals filtered users, we confirm they have no access to the file
 		$filteredUsers = [];
 		foreach ($usersToCheck as $userId) {
 			try {
@@ -1359,7 +1368,6 @@ class FilesHooks {
 				if ($node->isReadable()) {
 					continue; // overkill ? as rootFolder->get() would throw an exception if file is not available
 				}
-
 			} catch (\Exception $e) {
 			}
 
diff --git a/psalm.xml b/psalm.xml
index fbec5d15..b8e1039a 100644
--- a/psalm.xml
+++ b/psalm.xml
@@ -41,6 +41,7 @@
 				<referencedClass name="OC\TagManager" />
 				<referencedClass name="OC\Hooks\Emitter" />
 				<referencedClass name="OCA\GroupFolders\ACL\RuleManager" />
+				<referencedClass name="OCA\GroupFolders\Folder\FolderManager" />
 			</errorLevel>
 		</UndefinedDocblockClass>
 	</issueHandlers>