diff options
author | Julien Veyssier <eneiluj@posteo.net> | 2022-01-10 20:08:23 +0300 |
---|---|---|
committer | Julien Veyssier <eneiluj@posteo.net> | 2022-01-10 20:17:35 +0300 |
commit | 466a6b588d9e7770b1cbf278a63088e40d73b6e1 (patch) | |
tree | 3c5424f460e993bb0a866950b544713b732766be /lib | |
parent | 791250c174dbcd6c8171a4bf5d45f7ac6beb48d2 (diff) |
refs #1900 fix image serving in direct editing, avoid passing empty shareToken, use the edition session to get the user ID
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/Controller/ImageController.php | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/lib/Controller/ImageController.php b/lib/Controller/ImageController.php index c762328d0..c6be3535f 100644 --- a/lib/Controller/ImageController.php +++ b/lib/Controller/ImageController.php @@ -53,10 +53,6 @@ class ImageController extends Controller { ]; /** - * @var string|null - */ - private $userId; - /** * @var ImageService */ private $imageService; @@ -83,10 +79,8 @@ class ImageController extends Controller { LoggerInterface $logger, IMimeTypeDetector $mimeTypeDetector, ImageService $imageService, - SessionService $sessionService, - ?string $userId) { + SessionService $sessionService) { parent::__construct($appName, $request); - $this->userId = $userId; $this->imageService = $imageService; $this->request = $request; $this->logger = $logger; @@ -109,8 +103,7 @@ class ImageController extends Controller { if (!$this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) { return new DataResponse([], Http::STATUS_FORBIDDEN); } - $session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken); - $userId = $session->getUserId(); + $userId = $this->getUserIdFromSession($documentId, $sessionId, $sessionToken); try { $insertResult = $this->imageService->insertImageFile($documentId, $imagePath, $userId); @@ -141,8 +134,7 @@ class ImageController extends Controller { if ($shareToken) { $downloadResult = $this->imageService->insertImageLinkPublic($documentId, $link, $shareToken); } else { - $session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken); - $userId = $session->getUserId(); + $userId = $this->getUserIdFromSession($documentId, $sessionId, $sessionToken); $downloadResult = $this->imageService->insertImageLink($documentId, $link, $userId); } return new DataResponse($downloadResult); @@ -173,7 +165,6 @@ class ImageController extends Controller { if (!in_array($file['type'], self::IMAGE_MIME_TYPES, true)) { return new DataResponse(['error' => 'Image type not supported'], Http::STATUS_BAD_REQUEST); } - $newFileContent = file_get_contents($file['tmp_name']); $newFileResource = fopen($file['tmp_name'], 'rb'); if ($newFileResource === false) { throw new Exception('Could not read file'); @@ -182,8 +173,7 @@ class ImageController extends Controller { if ($shareToken) { $uploadResult = $this->imageService->uploadImagePublic($documentId, $newFileName, $newFileResource, $shareToken); } else { - $session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken); - $userId = $session->getUserId(); + $userId = $this->getUserIdFromSession($documentId, $sessionId, $sessionToken); $uploadResult = $this->imageService->uploadImage($documentId, $newFileName, $newFileResource, $userId); } return new DataResponse($uploadResult); @@ -246,7 +236,8 @@ class ImageController extends Controller { if ($shareToken) { $imageFile = $this->imageService->getImagePublic($documentId, $imageFileName, $shareToken); } else { - $imageFile = $this->imageService->getImage($documentId, $imageFileName, $this->userId); + $userId = $this->getUserIdFromSession($documentId, $sessionId, $sessionToken); + $imageFile = $this->imageService->getImage($documentId, $imageFileName, $userId); } return $imageFile !== null ? new DataDisplayResponse( @@ -260,4 +251,17 @@ class ImageController extends Controller { return new DataDisplayResponse('', Http::STATUS_NOT_FOUND); } } + + /** + * Extract the user ID from the edition session + * + * @param int $documentId + * @param int $sessionId + * @param string $sessionToken + * @return string + */ + private function getUserIdFromSession(int $documentId, int $sessionId, string $sessionToken): string { + $session = $this->sessionService->getSession($documentId, $sessionId, $sessionToken); + return $session->getUserId(); + } } |