diff options
author | Ashod Nakashian <ashod.nakashian@collabora.co.uk> | 2016-03-24 04:57:22 +0300 |
---|---|---|
committer | Ashod Nakashian <ashod.nakashian@collabora.co.uk> | 2016-03-24 04:58:13 +0300 |
commit | 38c1b87435f1562180af449a06da8c85a6e7c080 (patch) | |
tree | 9188b8af85e2c37807d3e878f3f4b6c984591a53 /lib/db | |
parent | 1a737b4f073caa3024284f3c650e897ed0139e6c (diff) |
wopi: support for file sharing and authentication
Diffstat (limited to 'lib/db')
-rw-r--r-- | lib/db/wopi.php | 29 |
1 files changed, 26 insertions, 3 deletions
diff --git a/lib/db/wopi.php b/lib/db/wopi.php index 306204d3..7fca0bca 100644 --- a/lib/db/wopi.php +++ b/lib/db/wopi.php @@ -40,10 +40,21 @@ class Wopi extends \OCA\Richdocuments\Db{ * Returns the token. */ public function generateFileToken($fileId){ - $user = \OC_User::getUser(); - $view = new \OC\Files\View('/' . $user . '/'); + + // Get the FS view of the current user. + $view = \OC\Files\Filesystem::getView(); + // Get the virtual path (if the file is shared). $path = $view->getPath($fileId); + if (!$view->is_file($path) || !$view->isUpdatable($path)) { + throw new \Exception('Invalid fileId.'); + } + // Figure out the real owner, if not us. + $user = $view->getOwner($path); + // Create a view into the owner's FS. + $view = new \OC\Files\View('/' . $user . '/'); + // Find the real path. + $path = $view->getPath($fileId); if (!$view->is_file($path)) { throw new \Exception('Invalid fileId.'); } @@ -80,13 +91,25 @@ class Wopi extends \OCA\Richdocuments\Db{ $wopi = new Wopi(); $row = $wopi->loadBy('token', $token)->getData(); \OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', [ 'row' => $row ]); + if (count($row) == 0) + { + // Invalid token. + http_response_code(401); + return false; + } //TODO: validate. - if ($row['expiry'] > time() || $row['fileid'] !== $fileId){ + if ($row['expiry'] > time()){ // Expired token! + //http_response_code(404); //$wopi->deleteBy('id', $row['id']); //return false; } + if ($row['fileid'] !== $fileId){ + // File unknown / user unauthorized (for the requested file). + http_response_code(404); + return false; + } $user = $row['uid']; $view = new \OC\Files\View('/' . $user . '/'); |