do not collect all credential guids for vault deletion; use custom file mass deletion endpoint

Signed-off-by: binsky <timo@binsky.org>

2 files changed, 42 insertions, 34 deletions

diff --git a/controller/filecontroller.php b/controller/filecontroller.php
index c2d151a8..1a865fe9 100644
--- a/controller/filecontroller.php
+++ b/controller/filecontroller.php
@@ -11,19 +11,20 @@
 
 namespace OCA\Passman\Controller;
 
+use OCA\Passman\Service\FileService;
+use OCP\AppFramework\ApiController;
 use OCP\AppFramework\Db\DoesNotExistException;
-use OCP\IRequest;
 use OCP\AppFramework\Http\JSONResponse;
-use OCP\AppFramework\ApiController;
-use OCA\Passman\Service\FileService;
+use OCP\IRequest;
 
 class FileController extends ApiController {
 	private $userId;
 	private $fileService;
+
 	public function __construct($AppName,
-								IRequest $request,
-								$UserId,
-								FileService $fileService){
+	                            IRequest $request,
+		$UserId,
+		                        FileService $fileService) {
 		parent::__construct(
 			$AppName,
 			$request,
@@ -57,6 +58,7 @@ class FileController extends ApiController {
 	public function getFile($file_id) {
 		return new JSONResponse($this->fileService->getFile($file_id, $this->userId));
 	}
+
 	/**
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
@@ -65,22 +67,39 @@ class FileController extends ApiController {
 		return new JSONResponse($this->fileService->deleteFile($file_id, $this->userId));
 	}
 
-	public function updateFile($file_id, $file_data, $filename){
-		try{
+	/**
+	 * @NoAdminRequired
+	 * @NoCSRFRequired
+	 */
+	public function deleteFiles($file_ids) {
+		if ($file_ids != null && !empty($file_ids)) {
+			foreach (json_decode($file_ids) as $file_id) {
+				try {
+					$this->fileService->deleteFile($file_id, $this->userId);
+				} catch (\Exception $e) {
+					continue;
+				}
+			}
+		}
+		return new JSONResponse(array('ok' => true));
+	}
+
+	public function updateFile($file_id, $file_data, $filename) {
+		try {
 			$file = $this->fileService->getFile($file_id, $this->userId);
-		} catch (\Exception $doesNotExistException){
+		} catch (\Exception $doesNotExistException) {
 
 		}
-		if($file){
-			if($file_data) {
+		if ($file) {
+			if ($file_data) {
 				$file->setFileData($file_data);
 			}
-			if($filename) {
+			if ($filename) {
 				$file->setFilename($filename);
 			}
-			if($filename || $file_data){
+			if ($filename || $file_data) {
 				new JSONResponse($this->fileService->updateFile($file));
 			}
 		}
 	}
-}
\ No newline at end of file
+}
diff --git a/controller/vaultcontroller.php b/controller/vaultcontroller.php
index f6e2a3c0..b0616bb5 100644
--- a/controller/vaultcontroller.php
+++ b/controller/vaultcontroller.php
@@ -168,11 +168,14 @@ class VaultController extends ApiController {
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
 	 */
-	public function deleteVaultContent($credential_guids, $file_ids) {
-		if ($credential_guids != null && !empty($credential_guids)) {
-			foreach (json_decode($credential_guids) as $credential_guid) {
+	public function delete($vault_guid) {
+		try {
+			$vault = $this->vaultService->getByGuid($vault_guid, $this->userId);
+			$credentials = $this->credentialService->getCredentialsByVaultId($vault->getId(), $this->userId);
+
+			foreach ($credentials as $credential) {
 				try {
-					$credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId);
+					// $credential = $this->credentialService->getCredentialByGUID($credential_guid, $this->userId);
 					if ($credential instanceof Credential) {
 						$this->credentialService->deleteCredentiaL($credential);
 						$this->credentialService->deleteCredentialParts($credential, $this->userId);
@@ -181,24 +184,10 @@ class VaultController extends ApiController {
 					continue;
 				}
 			}
+		} catch (\Exception $e) {
+			return new NotFoundJSONResponse();
 		}
-		if ($file_ids != null && !empty($file_ids)) {
-			foreach (json_decode($file_ids) as $file_id) {
-				try {
-					$this->fileService->deleteFile($file_id, $this->userId);
-				} catch (\Exception $e) {
-					continue;
-				}
-			}
-		}
-		return new JSONResponse(array('ok' => true));
-	}
 
-	/**
-	 * @NoAdminRequired
-	 * @NoCSRFRequired
-	 */
-	public function delete($vault_guid) {
 		$this->vaultService->deleteVault($vault_guid, $this->userId);
 		return new JSONResponse(array('ok' => true));
 	}