diff options
author | Christopher Ng <chrng8@gmail.com> | 2022-06-02 04:37:18 +0300 |
---|---|---|
committer | backportbot-nextcloud[bot] <backportbot-nextcloud[bot]@users.noreply.github.com> | 2022-06-09 02:37:50 +0300 |
commit | 107c940f78791191645bcb77df3c7d0c4fb436f7 (patch) | |
tree | e3edbcf487f06a8ba5f12931a2ca27e682e5024c | |
parent | cba706c7a6d37ec48924a90ca6b950246a0420ff (diff) |
Fix get avatar authorization
Signed-off-by: Christopher Ng <chrng8@gmail.com>
-rw-r--r-- | lib/private/Avatar/AvatarManager.php | 25 | ||||
-rw-r--r-- | tests/lib/Avatar/AvatarManagerTest.php | 20 |
2 files changed, 34 insertions, 11 deletions
diff --git a/lib/private/Avatar/AvatarManager.php b/lib/private/Avatar/AvatarManager.php index c3afd8094c7..9e47a18cd95 100644 --- a/lib/private/Avatar/AvatarManager.php +++ b/lib/private/Avatar/AvatarManager.php @@ -135,20 +135,23 @@ class AvatarManager implements IAvatarManager { $avatarScope = ''; } - if ( + switch ($avatarScope) { // v2-private scope hides the avatar from public access and from unknown users - $avatarScope === IAccountManager::SCOPE_PRIVATE - && ( - // accessing from public link - $requestingUser === null - // logged in, but unknown to user - || !$this->knownUserService->isKnownToUser($requestingUser->getUID(), $userId) - )) { - // use a placeholder avatar which caches the generated images - return new PlaceholderAvatar($folder, $user, $this->logger); + case IAccountManager::SCOPE_PRIVATE: + if ($requestingUser !== null && $this->knownUserService->isKnownToUser($requestingUser->getUID(), $userId)) { + return new UserAvatar($folder, $this->l, $user, $this->logger, $this->config); + } + break; + case IAccountManager::SCOPE_LOCAL: + case IAccountManager::SCOPE_FEDERATED: + case IAccountManager::SCOPE_PUBLISHED: + return new UserAvatar($folder, $this->l, $user, $this->logger, $this->config); + default: + // use a placeholder avatar which caches the generated images + return new PlaceholderAvatar($folder, $user, $this->logger); } - return new UserAvatar($folder, $this->l, $user, $this->logger, $this->config); + return new PlaceholderAvatar($folder, $user, $this->logger); } /** diff --git a/tests/lib/Avatar/AvatarManagerTest.php b/tests/lib/Avatar/AvatarManagerTest.php index ce6981a2a21..6dfc664abe1 100644 --- a/tests/lib/Avatar/AvatarManagerTest.php +++ b/tests/lib/Avatar/AvatarManagerTest.php @@ -161,6 +161,10 @@ class AvatarManagerTest extends \Test\TestCase { ->method('getUID') ->willReturn('valid-user'); + $this->userSession->expects($this->once()) + ->method('getUser') + ->willReturn($user); + $folder = $this->createMock(ISimpleFolder::class); $this->appData ->expects($this->once()) @@ -168,6 +172,22 @@ class AvatarManagerTest extends \Test\TestCase { ->with('valid-user') ->willReturn($folder); + $account = $this->createMock(IAccount::class); + $this->accountManager->expects($this->once()) + ->method('getAccount') + ->with($user) + ->willReturn($account); + + $property = $this->createMock(IAccountProperty::class); + $account->expects($this->once()) + ->method('getProperty') + ->with(IAccountManager::PROPERTY_AVATAR) + ->willReturn($property); + + $property->expects($this->once()) + ->method('getScope') + ->willReturn(IAccountManager::SCOPE_FEDERATED); + $expected = new UserAvatar($folder, $this->l10n, $user, $this->logger, $this->config); $this->assertEquals($expected, $this->avatarManager->getAvatar('vaLid-USER')); } |