diff options
| author | Vincent Petry <vincent@nextcloud.com> | 2022-06-09 13:03:29 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-09 13:03:29 +0300 |
| commit | 9cc8bba6637a5f0176a70ac4abb4cfff7e3551a8 (patch) | |
| tree | 2d7d32b4e30a8d601090e8a3c95841788d457825 | |
| parent | c2512594f2b60cafc3d2d4a3109bbe50c0717b6a (diff) | |
| parent | 4e04f4e883896ae519930566859c6bf847792ceb (diff) | |
Merge pull request #32771 from nextcloud/backport/32697/stable23
[stable23] Fix get avatar authorization
| -rw-r--r-- | lib/private/Avatar/AvatarManager.php | 25 | ||||
| -rw-r--r-- | tests/lib/Avatar/AvatarManagerTest.php | 33 |
2 files changed, 42 insertions, 16 deletions
diff --git a/lib/private/Avatar/AvatarManager.php b/lib/private/Avatar/AvatarManager.php index c3afd8094c7..9e47a18cd95 100644 --- a/lib/private/Avatar/AvatarManager.php +++ b/lib/private/Avatar/AvatarManager.php @@ -135,20 +135,23 @@ class AvatarManager implements IAvatarManager { $avatarScope = ''; } - if ( + switch ($avatarScope) { // v2-private scope hides the avatar from public access and from unknown users - $avatarScope === IAccountManager::SCOPE_PRIVATE - && ( - // accessing from public link - $requestingUser === null - // logged in, but unknown to user - || !$this->knownUserService->isKnownToUser($requestingUser->getUID(), $userId) - )) { - // use a placeholder avatar which caches the generated images - return new PlaceholderAvatar($folder, $user, $this->logger); + case IAccountManager::SCOPE_PRIVATE: + if ($requestingUser !== null && $this->knownUserService->isKnownToUser($requestingUser->getUID(), $userId)) { + return new UserAvatar($folder, $this->l, $user, $this->logger, $this->config); + } + break; + case IAccountManager::SCOPE_LOCAL: + case IAccountManager::SCOPE_FEDERATED: + case IAccountManager::SCOPE_PUBLISHED: + return new UserAvatar($folder, $this->l, $user, $this->logger, $this->config); + default: + // use a placeholder avatar which caches the generated images + return new PlaceholderAvatar($folder, $user, $this->logger); } - return new UserAvatar($folder, $this->l, $user, $this->logger, $this->config); + return new PlaceholderAvatar($folder, $user, $this->logger); } /** diff --git a/tests/lib/Avatar/AvatarManagerTest.php b/tests/lib/Avatar/AvatarManagerTest.php index ce6981a2a21..ae9c0e1671f 100644 --- a/tests/lib/Avatar/AvatarManagerTest.php +++ b/tests/lib/Avatar/AvatarManagerTest.php @@ -161,6 +161,10 @@ class AvatarManagerTest extends \Test\TestCase { ->method('getUID') ->willReturn('valid-user'); + $this->userSession->expects($this->once()) + ->method('getUser') + ->willReturn($user); + $folder = $this->createMock(ISimpleFolder::class); $this->appData ->expects($this->once()) @@ -168,26 +172,45 @@ class AvatarManagerTest extends \Test\TestCase { ->with('valid-user') ->willReturn($folder); + $account = $this->createMock(IAccount::class); + $this->accountManager->expects($this->once()) + ->method('getAccount') + ->with($user) + ->willReturn($account); + + $property = $this->createMock(IAccountProperty::class); + $account->expects($this->once()) + ->method('getProperty') + ->with(IAccountManager::PROPERTY_AVATAR) + ->willReturn($property); + + $property->expects($this->once()) + ->method('getScope') + ->willReturn(IAccountManager::SCOPE_FEDERATED); + $expected = new UserAvatar($folder, $this->l10n, $user, $this->logger, $this->config); $this->assertEquals($expected, $this->avatarManager->getAvatar('vaLid-USER')); } - public function knownUnknownProvider() { + public function dataGetAvatarScopes() { return [ - [IAccountManager::SCOPE_LOCAL, false, false, false], - [IAccountManager::SCOPE_LOCAL, true, false, false], - // public access cannot see real avatar [IAccountManager::SCOPE_PRIVATE, true, false, true], // unknown users cannot see real avatar [IAccountManager::SCOPE_PRIVATE, false, false, true], // known users can see real avatar [IAccountManager::SCOPE_PRIVATE, false, true, false], + [IAccountManager::SCOPE_LOCAL, false, false, false], + [IAccountManager::SCOPE_LOCAL, true, false, false], + [IAccountManager::SCOPE_FEDERATED, false, false, false], + [IAccountManager::SCOPE_FEDERATED, true, false, false], + [IAccountManager::SCOPE_PUBLISHED, false, false, false], + [IAccountManager::SCOPE_PUBLISHED, true, false, false], ]; } /** - * @dataProvider knownUnknownProvider + * @dataProvider dataGetAvatarScopes */ public function testGetAvatarScopes($avatarScope, $isPublicCall, $isKnownUser, $expectedPlaceholder) { if ($isPublicCall) { |