Improve polling and add checks for read only

Signed-off-by: Julius Härtl <jus@bitgrid.net>

4 files changed, 42 insertions, 16 deletions

diff --git a/lib/Controller/PublicSessionController.php b/lib/Controller/PublicSessionController.php
index 9abb5170d..c5e430eab 100644
--- a/lib/Controller/PublicSessionController.php
+++ b/lib/Controller/PublicSessionController.php
@@ -74,7 +74,7 @@ class PublicSessionController extends PublicShareController {
 	 * @NoAdminRequired
 	 * @PublicPage
 	 */
-	public function create(string $token, string $file = null, $guestName = null, $forceRecreate = false): DataResponse {
+	public function create(string $token, string $file = null, $guestName = null, bool $forceRecreate = false): DataResponse {
 		return $this->apiService->create(null, $file, $token, $guestName, $forceRecreate);
 	}
 
@@ -90,8 +90,16 @@ class PublicSessionController extends PublicShareController {
 	 * @NoAdminRequired
 	 * @PublicPage
 	 */
-	public function push(int $documentId, int $sessionId, string $sessionToken, int $version, array $steps): DataResponse {
-		return $this->apiService->push($documentId, $sessionId, $sessionToken, $version, $steps);
+	public function close(int $documentId, int $sessionId, string $sessionToken): DataResponse {
+		return $this->apiService->close($documentId, $sessionId, $sessionToken);
+	}
+
+	/**
+	 * @NoAdminRequired
+	 * @PublicPage
+	 */
+	public function push(int $documentId, int $sessionId, string $sessionToken, int $version, array $steps, string $token): DataResponse {
+		return $this->apiService->push($documentId, $sessionId, $sessionToken, $version, $steps, $token);
 	}
 
 	/**
diff --git a/lib/Controller/SessionController.php b/lib/Controller/SessionController.php
index 380353a6f..941f4bba7 100644
--- a/lib/Controller/SessionController.php
+++ b/lib/Controller/SessionController.php
@@ -25,7 +25,7 @@ class SessionController extends Controller {
 	/**
 	 * @NoAdminRequired
 	 */
-	public function create(int $fileId = null, string $file = null, $forceRecreate = false): DataResponse {
+	public function create(int $fileId = null, string $file = null, bool $forceRecreate = false): DataResponse {
 		return $this->apiService->create($fileId, $file, null, null, $forceRecreate);
 	}
 
diff --git a/lib/Service/ApiService.php b/lib/Service/ApiService.php
index 1d0c517ba..a98d957ee 100644
--- a/lib/Service/ApiService.php
+++ b/lib/Service/ApiService.php
@@ -51,7 +51,7 @@ class ApiService {
 		$this->documentService = $documentService;
 	}
 
-	public function create($fileId = null, $filePath = null, $token = null, $guestName = null, $forceRecreate = false): DataResponse {
+	public function create($fileId = null, $filePath = null, $token = null, $guestName = null, bool $forceRecreate = false): DataResponse {
 		try {
 			$readOnly = true;
 			/** @var File $file */
@@ -74,7 +74,7 @@ class ApiService {
 
 			$this->sessionService->removeInactiveSessions($file->getId());
 			$activeSessions = $this->sessionService->getActiveSessions($file->getId());
-			if (count($activeSessions) === 0) {
+			if (count($activeSessions) === 0 || $forceRecreate) {
 				try {
 					$this->documentService->resetDocument($file->getId(), $forceRecreate);
 				} catch (DocumentHasUnsavedChangesException $e) {}
@@ -118,9 +118,13 @@ class ApiService {
 		return new DataResponse([]);
 	}
 
-	public function push($documentId, $sessionId, $sessionToken, $version, $steps): DataResponse {
-		// TODO block if readonly
-		if ($this->sessionService->isValidSession($documentId, $sessionId, $sessionToken)) {
+	public function push($documentId, $sessionId, $sessionToken, $version, $steps, $token = null): DataResponse {
+		if ($token) {
+			$file = $this->documentService->getFileByShareToken($token);
+		} else {
+			$file = $this->documentService->getFileById($documentId);
+		}
+		if ($this->sessionService->isValidSession($documentId, $sessionId, $sessionToken) && !$this->documentService->isReadOnly($file, $token)) {
 			try {
 				$steps = $this->documentService->addStep($documentId, $sessionId, $steps, $version);
 			} catch (VersionMismatchException $e) {
@@ -140,7 +144,6 @@ class ApiService {
 		}
 
 		try {
-			// TODO block if readonly
 			$document = $this->documentService->autosave($documentId, $version, $autosaveContent, $force, $manualSave, $token);
 		} catch (DocumentSaveConflictException $e) {
 			if ($token) {
diff --git a/lib/Service/DocumentService.php b/lib/Service/DocumentService.php
index 33062c327..513b4116b 100644
--- a/lib/Service/DocumentService.php
+++ b/lib/Service/DocumentService.php
@@ -227,10 +227,13 @@ class DocumentService {
 
 		/** @var File $file */
 		if (!$token) {
-			$file = $this->rootFolder->getUserFolder($this->userId)->getById($documentId)[0];
+			$file = $this->getFileById($documentId);
 		} else {
-			$share = $this->shareManager->getShareByToken($token);
-			$file = $share->getNode();
+			 $file = $this->getFileByShareToken($token);
+		}
+
+		if ($this->isReadOnly($file, $token)) {
+			return $document;
 		}
 
 		$lastMTime = $document->getLastSavedVersionTime();
@@ -275,9 +278,7 @@ class DocumentService {
 				} catch (NotFoundException $e) {
 				} catch (NotPermittedException $e) {
 				}
-			}
-
-			if ($this->hasUnsavedChanges($document)) {
+			} else if ($this->hasUnsavedChanges($document)) {
 				throw new DocumentHasUnsavedChangesException('Did not reset document, as it has unsaved changes');
 			}
 		} catch (DoesNotExistException $e) {
@@ -316,6 +317,20 @@ class DocumentService {
 		throw new \InvalidArgumentException('No proper share data');
 	}
 
+
+	public function isReadOnly($file, $token) {
+		$readOnly = true;
+		if ($token) {
+			try {
+				$this->checkSharePermissions($token, Constants::PERMISSION_UPDATE);
+				$readOnly = false;
+			} catch (NotFoundException $e) {}
+		} else {
+			$readOnly = !$file->isUpdateable();
+		}
+		return $readOnly;
+	}
+
 	/**
 	 * @param $shareToken
 	 * @return void