diff options
| author | Marcos Zuriaga <wolfi@wolfi.es> | 2016-10-05 19:47:25 +0300 |
|---|---|---|
| committer | Marcos Zuriaga <wolfi@wolfi.es> | 2016-10-05 19:47:25 +0300 |
| commit | 77587e5598bf37e7e253d72ddf76929cc0dd8544 (patch) | |
| tree | 99f2897cd20e2a069dc334c7d64d24abf8cba90b /controller | |
| parent | 5ff5414f2c534b89674698dc8a760ebef1ef9849 (diff) | |
Added capability on the api revisions endpoint to get shared item revisions by target user
Diffstat (limited to 'controller')
| -rw-r--r-- | controller/credentialcontroller.php | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/controller/credentialcontroller.php b/controller/credentialcontroller.php index 6acd2011..53af6fbd 100644 --- a/controller/credentialcontroller.php +++ b/controller/credentialcontroller.php @@ -13,6 +13,7 @@ namespace OCA\Passman\Controller; use OCA\Files_External\NotFoundException; use OCA\Passman\Db\SharingACL; +use OCA\Passman\Utility\NotFoundJSONResponse; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; @@ -24,6 +25,7 @@ use OCA\Passman\Activity; use OCA\Passman\Service\ActivityService; use OCA\Passman\Service\CredentialRevisionService; use OCA\Passman\Service\ShareService; +use OCP\IUser; class CredentialController extends ApiController { private $userId; @@ -34,7 +36,7 @@ class CredentialController extends ApiController { public function __construct($AppName, IRequest $request, - $UserId, + IUser $UserId, CredentialService $credentialService, ActivityService $activityService, CredentialRevisionService $credentialRevisionService, @@ -244,8 +246,28 @@ class CredentialController extends ApiController { /** * @NoAdminRequired */ - public function getRevision($credential_id) { - $result = $this->credentialRevisionService->getRevisions($credential_id, $this->userId); + public function getRevision($credential_guid) { + try { + $credential = $this->credentialService->getCredentialByGUID($credential_guid); + } + catch (DoesNotExistException $ex){ + return new NotFoundJSONResponse(); + } + + // If the request was made by the owner of the credential + if ($this->userId->getUID() == $credential->getUserId()) { + $result = $this->credentialRevisionService->getRevisions($credential->getId(), $this->userId); + } + else { + $acl = $this->sharingService->getACL($this->userId->getUID(), $credential_guid); + if ($acl->hasPermission(SharingACL::HISTORY)){ + $result = $this->credentialRevisionService->getRevisions($credential->getId()); + } + else { + return new NotFoundJSONResponse(); + } + } + return new JSONResponse($result); } |