diff options
| -rw-r--r-- | Makefile | 2 | ||||
| -rw-r--r-- | appinfo/database.xml | 10 | ||||
| -rw-r--r-- | controller/documentcontroller.php | 14 | ||||
| -rw-r--r-- | lib/db/wopi.php | 24 |
4 files changed, 31 insertions, 19 deletions
@@ -1,4 +1,4 @@ -VERSION=0.15.3 +VERSION=0.16.0 .PHONY: dist dist: owncloud-collabora-online.spec info.xml diff --git a/appinfo/database.xml b/appinfo/database.xml index 7d7c9fce..3d0eead9 100644 --- a/appinfo/database.xml +++ b/appinfo/database.xml @@ -287,10 +287,16 @@ <comments>Unique per token</comments> </field> <field> - <name>uid</name> + <name>owner_uid</name> + <type>text</type> + <length>64</length> + <comments>Document owner UserId - a textual user identifier (unique?)</comments> + </field> + <field> + <name>editor_uid</name> <type>text</type> <length>64</length> - <comments>UserId - a textual user identifier (unique?)</comments> + <comments>Document editor's UserId, can be different from uid if shared</comments> </field> <field> <name>fileid</name> diff --git a/controller/documentcontroller.php b/controller/documentcontroller.php index 42d8c042..e5f49d76 100644 --- a/controller/documentcontroller.php +++ b/controller/documentcontroller.php @@ -378,7 +378,7 @@ class DocumentController extends Controller { return false; } - $view = new \OC\Files\View('/' . $res['user'] . '/files'); + $view = new \OC\Files\View('/' . $res['owner'] . '/files'); $info = $view->getFileInfo($res['path']); \OC::$server->getLogger()->debug('File info: {info}.', [ 'app' => $this->appName, 'info' => $info ]); @@ -411,7 +411,7 @@ class DocumentController extends Controller { //TODO: Support X-WOPIMaxExpectedSize header. $res = $row->getPathForToken($fileId, $token); - return new DownloadResponse($this->request, $res['user'], '/files' . $res['path']); + return new DownloadResponse($this->request, $res['owner'], '/files' . $res['path']); } /** @@ -432,23 +432,25 @@ class DocumentController extends Controller { $res = $row->getPathForToken($fileId, $token); // Log-in as the user to regiser the change under her name. - $userid = $res['user']; - $users = \OC::$server->getUserManager()->search($userid, 1, 0); + $editorid = $res['editor']; + $users = \OC::$server->getUserManager()->search($editorid, 1, 0); if (count($users) > 0) { $user = array_shift($users); - if (strcasecmp($user->getUID(),$userid) === 0) + if (strcasecmp($user->getUID(),$editorid) === 0) { \OC::$server->getUserSession()->setUser($user); } } + // Set up the filesystem view for the owner (where the file actually is). + $userid = $res['owner']; $root = '/' . $userid . '/files'; $view = new \OC\Files\View($root); // Read the contents of the file from the POST body and store. $content = fopen('php://input', 'r'); - \OC::$server->getLogger()->debug('Putting {size} bytes.', [ 'app' => $this->appName ]); + \OC::$server->getLogger()->debug('Storing file {fileId} by {editor} owned by {owner}.', [ 'app' => $this->appName, 'fileId' => $fileId, 'editor' => $editorid, 'owner' => $userid ]); // Setup the FS which is needed to emit hooks (versioning). \OC_Util::tearDownFS(); diff --git a/lib/db/wopi.php b/lib/db/wopi.php index cc722774..01fade90 100644 --- a/lib/db/wopi.php +++ b/lib/db/wopi.php @@ -29,8 +29,8 @@ class Wopi extends \OCA\Richdocuments\Db{ protected $tableName = '`*PREFIX*richdocuments_wopi`'; - protected $insertStatement = 'INSERT INTO `*PREFIX*richdocuments_wopi` (`uid`, `fileid`, `path`, `token`, `expiry`) - VALUES (?, ?, ?, ?, ?)'; + protected $insertStatement = 'INSERT INTO `*PREFIX*richdocuments_wopi` (`owner_uid`, `editor_uid`, `fileid`, `path`, `token`, `expiry`) + VALUES (?, ?, ?, ?, ?, ?)'; protected $loadStatement = 'SELECT * FROM `*PREFIX*richdocuments_wopi` WHERE `token`= ?'; @@ -51,25 +51,28 @@ class Wopi extends \OCA\Richdocuments\Db{ } // Figure out the real owner, if not us. - $user = $view->getOwner($path); + $owner = $view->getOwner($path); // Create a view into the owner's FS. - $view = new \OC\Files\View('/' . $user . '/files'); + $view = new \OC\Files\View('/' . $owner . '/files'); // Find the real path. $path = $view->getPath($fileId); if (!$view->is_file($path)) { throw new \Exception('Invalid fileId.'); } + $editor = \OC::$server->getUserSession()->getUser()->getUID(); + $token = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(32, \OCP\Security\ISecureRandom::CHAR_LOWER . \OCP\Security\ISecureRandom::CHAR_UPPER . \OCP\Security\ISecureRandom::CHAR_DIGITS); - \OC::$server->getLogger()->debug('Issuing token for {user} file {fileId}, path {path}: {token}', - [ 'user' => $user, 'fileId' => $fileId, 'path' => $path, 'token' => $token ]); + \OC::$server->getLogger()->debug('Issuing token for {editor} file {fileId} owned by {owner}, path {path}: {token}', + [ 'owner' => $owner, 'editor' => $editor, 'fileId' => $fileId, 'path' => $path, 'token' => $token ]); $wopi = new \OCA\Richdocuments\Db\Wopi([ - $user, + $owner, + $editor, $fileId, $path, $token, @@ -113,14 +116,15 @@ class Wopi extends \OCA\Richdocuments\Db{ return false; } - $user = $row['uid']; - $view = new \OC\Files\View('/' . $user . '/files'); + $owner = $row['owner_uid']; + $view = new \OC\Files\View('/' . $owner . '/files'); $path = $row['path']; if (!$view->is_file($path)) { throw new \Exception('Invalid file path.'); } - return array('user' => $user, 'path' => $path); + $editor = $row['editor_uid']; + return array('owner' => $owner, 'editor' => $editor, 'path' => $path); } } |