diff options
author | Maxence Lange <maxence@artificial-owl.com> | 2022-11-09 14:18:17 +0300 |
---|---|---|
committer | Maxence Lange <maxence@artificial-owl.com> | 2022-11-09 14:18:32 +0300 |
commit | e87988f87b92a79c5c80f34a6c35f0edb48ce164 (patch) | |
tree | 6e09d8ebcf009dc148a05668f84bb19b863cd3eb | |
parent | 9b998c79ec981d408dccac81db90cf70fb269d97 (diff) |
verify acl enabled for mountpointenh/noid/check-groupfolders-acl
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
-rwxr-xr-x | lib/FilesHooks.php | 22 | ||||
-rw-r--r-- | psalm.xml | 1 |
2 files changed, 16 insertions, 7 deletions
diff --git a/lib/FilesHooks.php b/lib/FilesHooks.php index a416910f..5ab554b8 100755 --- a/lib/FilesHooks.php +++ b/lib/FilesHooks.php @@ -31,6 +31,7 @@ use OCA\Activity\BackgroundJob\RemoteActivity; use OCA\Activity\Extension\Files; use OCA\Activity\Extension\Files_Sharing; use OCP\Activity\IManager; +use OCP\Constants; use OCP\Files\Config\IUserMountCache; use OCP\Files\IRootFolder; use OCP\Files\Mount\IMountPoint; @@ -1251,8 +1252,10 @@ class FilesHooks { */ private function getUnrelatedUsers(int $fileId, array $cachedMounts): array { /** @var \OCA\GroupFolders\ACL\RuleManager $ruleManager */ + /** @var \OCA\GroupFolders\Folder\FolderManager $folderManager */ try { $ruleManager = \OC::$server->get(\OCA\GroupFolders\ACL\RuleManager::class); + $folderManager = \OC::$server->get(\OCA\GroupFolders\Folder\FolderManager::class); } catch (\Exception $e) { return []; // if we have no access to RuleManager, we cannot filter unrelated users } @@ -1279,18 +1282,24 @@ class FilesHooks { try { $node = $this->rootFolder->get($fullPath); $mountPoint = $node->getMountPoint(); - $folderId = $mountPoint->getFolderId(); + + if (!$mountPoint instanceof \OCA\GroupFolders\Mount\GroupMountPoint + || !$folderManager->getFolderAclEnabled($mountPoint->getFolderId())) { + continue; // acl are disable + } + + $folderPath = $mountPoint->getSourcePath(); $path = substr($fullPath, strlen($mountPoint->getMountPoint())); } catch (\Exception $e) { // in case of issue during the process, we can imagine the user have no access to the file - $usersToCheck[] = $fullPath; + $usersToCheck[] = $cachedMount['userId']; continue; // we'll catch rules on next user with access to the file } // we generate a list of path from top level of group folder to the file itself to get all rules - $paths = ['__groupfolders/' . $folderId]; + $paths = [$folderPath]; while ($path !== '') { - $paths[] = '__groupfolders/' . $folderId . '/' . $path; + $paths[] = $folderPath . '/' . $path; $path = dirname($path); if ($path === '.' || $path === '/') { $path = ''; @@ -1320,7 +1329,7 @@ class FilesHooks { // that might not have access to fileId foreach ($rules as $rule) { if (($rule->getMask() & 1) === 0 - || ($rule->getPermissions() & 1) !== 0) { + || ($rule->getPermissions() & Constants::PERMISSION_READ) !== 0) { continue; // not interested of rules with 'mask' not including read capability (1), or if 'permission' does } @@ -1351,7 +1360,7 @@ class FilesHooks { } - // now that we have a list of 'unstable' users, we confirm they have no access to the file + // now that we have a list of eventuals filtered users, we confirm they have no access to the file $filteredUsers = []; foreach ($usersToCheck as $userId) { try { @@ -1359,7 +1368,6 @@ class FilesHooks { if ($node->isReadable()) { continue; // overkill ? as rootFolder->get() would throw an exception if file is not available } - } catch (\Exception $e) { } @@ -41,6 +41,7 @@ <referencedClass name="OC\TagManager" /> <referencedClass name="OC\Hooks\Emitter" /> <referencedClass name="OCA\GroupFolders\ACL\RuleManager" /> + <referencedClass name="OCA\GroupFolders\Folder\FolderManager" /> </errorLevel> </UndefinedDocblockClass> </issueHandlers> |