Limit loading public page scripts to share owner with permissions

Signed-off-by: Julius Härtl <jus@bitgrid.net>

3 files changed, 114 insertions, 12 deletions

diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php
index 4d246388..c6b8f460 100644
--- a/lib/AppInfo/Application.php
+++ b/lib/AppInfo/Application.php
@@ -25,9 +25,11 @@
 namespace OCA\Richdocuments\AppInfo;
 
 use OC\EventDispatcher\SymfonyAdapter;
+use OCA\Files_Sharing\Event\ShareLinkAccessedEvent;
 use OCA\Richdocuments\AppConfig;
 use OCA\Richdocuments\Capabilities;
 use OCA\Richdocuments\Listener\CSPListener;
+use OCA\Richdocuments\Listener\ShareLinkListener;
 use OCA\Richdocuments\Middleware\WOPIMiddleware;
 use OCA\Richdocuments\Listener\FileCreatedFromTemplateListener;
 use OCA\Richdocuments\PermissionManager;
@@ -69,19 +71,13 @@ class Application extends App implements IBootstrap {
 		$context->registerMiddleWare(WOPIMiddleware::class);
 		$context->registerEventListener(FileCreatedFromTemplateEvent::class, FileCreatedFromTemplateListener::class);
 		$context->registerEventListener(AddContentSecurityPolicyEvent::class, CSPListener::class);
+		$context->registerEventListener(ShareLinkAccessedEvent::class, ShareLinkListener::class);
 	}
 
 	public function boot(IBootContext $context): void {
-		$currentUser = \OC::$server->getUserSession()->getUser();
-		if($currentUser !== null) {
-			/** @var PermissionManager $permissionManager */
-			$permissionManager = \OC::$server->query(PermissionManager::class);
-			if (!$permissionManager->isEnabledForUser($currentUser->getUID())) {
-				return;
-			}
-		}
 
-		$context->injectFn(function(ITemplateManager $templateManager, IL10N $l10n, IConfig $config, CapabilitiesService $capabilitiesService) {
+
+		$context->injectFn(function (ITemplateManager $templateManager, IL10N $l10n, IConfig $config, CapabilitiesService $capabilitiesService) {
 			if (empty($capabilitiesService->getCapabilities())) {
 				return;
 			}
@@ -139,12 +135,22 @@ class Application extends App implements IBootstrap {
 			});
 		});
 
-		$context->injectFn(function (SymfonyAdapter $symfonyAdapter, IEventDispatcher $eventDispatcher, InitialStateService $initialStateService) {
-			$eventDispatcher->addListener(LoadViewer::class, function () use ($initialStateService) {
+		$context->injectFn(function (SymfonyAdapter $symfonyAdapter, IEventDispatcher $eventDispatcher, InitialStateService $initialStateService, PermissionManager $permissionManager) {
+			$isEnabledForUser = $permissionManager->isEnabledForUser();
+			$eventDispatcher->addListener(LoadViewer::class, function () use ($initialStateService, $isEnabledForUser) {
+				if (!$isEnabledForUser) {
+					return;
+				}
+
 				$initialStateService->provideCapabilities();
 				\OCP\Util::addScript('richdocuments', 'richdocuments-viewer', 'viewer');
 			});
-			$eventDispatcher->addListener('OCA\Files_Sharing::loadAdditionalScripts', function () use ($initialStateService) {
+			$eventDispatcher->addListener('OCA\Files_Sharing::loadAdditionalScripts', function () use ($initialStateService, $isEnabledForUser) {
+				if (class_exists(ShareLinkAccessedEvent::class) || !$isEnabledForUser) {
+					return;
+				}
+
+				// Fallback for older releases than Nextcloud 22
 				$initialStateService->provideCapabilities();
 				\OCP\Util::addScript('richdocuments', 'richdocuments-files');
 			});
diff --git a/lib/Listener/ShareLinkListener.php b/lib/Listener/ShareLinkListener.php
new file mode 100644
index 00000000..4171c771
--- /dev/null
+++ b/lib/Listener/ShareLinkListener.php
@@ -0,0 +1,63 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright Copyright (c) 2022 Julius Härtl <jus@bitgrid.net>
+ *
+ * @author Julius Härtl <jus@bitgrid.net>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+
+namespace OCA\Richdocuments\Listener;
+
+use OCA\Files_Sharing\Event\ShareLinkAccessedEvent;
+use OCA\Richdocuments\PermissionManager;
+use OCA\Richdocuments\Service\InitialStateService;
+use OCP\EventDispatcher\Event;
+use OCP\Share\IShare;
+use OCP\Util;
+
+class ShareLinkListener implements \OCP\EventDispatcher\IEventListener {
+	/** @var PermissionManager */
+	private $permissionManager;
+	/** @var InitialStateService */
+	private $initialStateService;
+
+	public function __construct(PermissionManager $permissionManager, InitialStateService $initialStateService) {
+		$this->permissionManager = $permissionManager;
+		$this->initialStateService = $initialStateService;
+	}
+
+	public function handle(Event $event): void {
+		if (!$event instanceof ShareLinkAccessedEvent) {
+			return;
+		}
+
+		/** @var IShare $share */
+		$share = $event->getShare();
+		$owner = $share->getShareOwner();
+
+		if ($this->permissionManager->isEnabledForUser($owner)) {
+			$this->initialStateService->provideCapabilities();
+			Util::addScript('richdocuments', 'richdocuments-files');
+		}
+	}
+}
diff --git a/tests/stub.phpstub b/tests/stub.phpstub
index 965760a1..4506bfed 100644
--- a/tests/stub.phpstub
+++ b/tests/stub.phpstub
@@ -7,5 +7,38 @@ namespace OCA\Federation {
 		public function isTrustedServer(string $url) {}
 		/** @returns array */
 		public function getServers() {}
+		public function isTrustedServer($domainWithPort) {}
+    }
+}
+
+namespace OCA\Viewer\Event {
+	class LoadViewer extends \OCP\EventDispatcher\Event {}
+}
+
+namespace Doctrine\DBAL\Platforms {
+	class SqlitePlatform {}
+}
+
+
+namespace OCA\Files_Sharing\Event {
+	use \OCP\Share\IShare;
+	class ShareLinkAccessedEvent extends \OCP\EventDispatcher\Event {
+		public function __construct(IShare $share, string $step = '', int $errorCode = 200, string $errorMessage = '') {}
+
+		public function getShare(): IShare {
+		}
+
+		public function getStep(): string {
+		}
+
+		public function getErrorCode(): int {
+		}
+
+		public function getErrorMessage(): string {
+		}
 	}
 }
+
+class OC_Helper {
+	public static function getFileTemplateManager() {}
+}