diff options
author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2019-07-31 12:01:47 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-07-31 12:01:47 +0300 |
commit | fa14b86d9ebdf4d935ce0a0a063a7ce2b2f2309e (patch) | |
tree | c074f0eedc3bd2efc6170b2f3fff37d5971b3f58 /lib | |
parent | 1094facdfdbe2101b8b22758aed6af7f7ae5c5f8 (diff) | |
parent | fc68af7340b14df4a8c79d1a954ff15559f37598 (diff) |
Merge pull request #2048 from nextcloud/bugfix/noid/collections
Correctly check if a user has access to a conversation
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Collaboration/Resources/ConversationProvider.php | 17 | ||||
-rw-r--r-- | lib/Migration/ClearResourceAccessCache.php | 67 |
2 files changed, 82 insertions, 2 deletions
diff --git a/lib/Collaboration/Resources/ConversationProvider.php b/lib/Collaboration/Resources/ConversationProvider.php index 549034325..6621a13b6 100644 --- a/lib/Collaboration/Resources/ConversationProvider.php +++ b/lib/Collaboration/Resources/ConversationProvider.php @@ -22,8 +22,10 @@ declare(strict_types=1); namespace OCA\Spreed\Collaboration\Resources; +use OCA\Spreed\Exceptions\ParticipantNotFoundException; use OCA\Spreed\Exceptions\RoomNotFoundException; use OCA\Spreed\Manager; +use OCA\Spreed\Participant; use OCA\Spreed\Room; use OCP\Collaboration\Resources\IProvider; use OCP\Collaboration\Resources\IResource; @@ -76,14 +78,25 @@ class ConversationProvider implements IProvider { } public function canAccessResource(IResource $resource, IUser $user = null): bool { + $userId = $user instanceof IUser ? $user->getUID() : null; + if ($userId === null) { + throw new ResourceException('Guests are not supported at the moment'); + } + try { $room = $this->manager->getRoomForParticipantByToken( $resource->getId(), - $user instanceof IUser ? $user->getUID() : null + $userId ); - return $user instanceof IUser || $room->getType() === Room::PUBLIC_CALL; + + // Logged in users need to have a regular participant, + // before they can do anything with the room. + $participant = $room->getParticipant($userId); + return $participant->getParticipantType() !== Participant::USER_SELF_JOINED; } catch (RoomNotFoundException $e) { throw new ResourceException('Conversation not found'); + } catch (ParticipantNotFoundException $e) { + throw new ResourceException('Participant not found'); } } diff --git a/lib/Migration/ClearResourceAccessCache.php b/lib/Migration/ClearResourceAccessCache.php new file mode 100644 index 000000000..9a2d45ad9 --- /dev/null +++ b/lib/Migration/ClearResourceAccessCache.php @@ -0,0 +1,67 @@ +<?php +declare(strict_types=1); +/** + * @copyright Copyright (c) 2019, Joas Schilling <coding@schilljs.com> + * + * @author Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Spreed\Migration; + +use OCA\Spreed\Collaboration\Resources\ConversationProvider; +use OCP\Collaboration\Resources\IManager; +use OCP\IConfig; +use OCP\Migration\IOutput; +use OCP\Migration\IRepairStep; + +class ClearResourceAccessCache implements IRepairStep { + + protected const INVALIDATIONS = 1; + + /** @var IConfig */ + protected $config; + /** @var IManager */ + protected $manager; + /** @var ConversationProvider */ + protected $provider; + + public function __construct(IConfig $config, + IManager $manager, + ConversationProvider $provider) { + $this->config = $config; + $this->manager = $manager; + $this->provider = $provider; + } + + public function getName(): string { + return 'Invalidate access cache for projects conversation provider'; + } + + public function run(IOutput $output): void { + $invalidatedCache = (int) $this->config->getAppValue('spreed', 'project_access_invalidated', '0'); + + if ($invalidatedCache === self::INVALIDATIONS) { + $output->info('Invalidation not required'); + return; + } + + $this->manager->invalidateAccessCacheForProvider($this->provider); + $this->config->setAppValue('spreed', 'project_access_invalidated', (string) self::INVALIDATIONS); + } +} |