RPJosh
/
memories
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

albums: redirect public to local link

pull/465/head
Varun Patil 2023-03-09 18:13:29 -08:00
parent f3bdccb1ce
commit 0b62dc4aee
2 changed files with 48 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
lib/Controller/PublicAlbumController.php
View File

@ -5,12 +5,15 @@ namespace OCA\Memories\Controller;
use OCA\Memories\Db\TimelineQuery; use OCA\Memories\Db\TimelineQuery;
use OCP\App\IAppManager; use OCP\App\IAppManager;
use OCP\AppFramework\Controller; use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\RedirectResponse;
use OCP\AppFramework\Http\Template\PublicTemplateResponse; use OCP\AppFramework\Http\Template\PublicTemplateResponse;
use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Services\IInitialState; use OCP\AppFramework\Services\IInitialState;
use OCP\EventDispatcher\IEventDispatcher; use OCP\EventDispatcher\IEventDispatcher;
use OCP\IConfig; use OCP\IConfig;
use OCP\IDBConnection; use OCP\IDBConnection;
use OCP\IURLGenerator;
use OCP\IUserSession;
use OCP\Util; use OCP\Util;
class PublicAlbumController extends Controller class PublicAlbumController extends Controller
@ -21,6 +24,8 @@ class PublicAlbumController extends Controller
protected IAppManager $appManager; protected IAppManager $appManager;
protected IConfig $config; protected IConfig $config;
protected IDBConnection $connection; protected IDBConnection $connection;
protected IUserSession $userSession;
protected IURLGenerator $urlGenerator;
public function __construct( public function __construct(
string $appName, string $appName,
@ -28,7 +33,9 @@ class PublicAlbumController extends Controller
IInitialState $initialState, IInitialState $initialState,
IAppManager $appManager, IAppManager $appManager,
IConfig $config, IConfig $config,
IDBConnection $connection IDBConnection $connection,
IUserSession $userSession,
IURLGenerator $urlGenerator
) { ) {
$this->appName = $appName; $this->appName = $appName;
$this->eventDispatcher = $eventDispatcher; $this->eventDispatcher = $eventDispatcher;
@ -36,6 +43,8 @@ class PublicAlbumController extends Controller
$this->appManager = $appManager; $this->appManager = $appManager;
$this->config = $config; $this->config = $config;
$this->connection = $connection; $this->connection = $connection;
$this->userSession = $userSession;
$this->urlGenerator = $urlGenerator;
} }
/** /**
@ -43,10 +52,8 @@ class PublicAlbumController extends Controller
* *
* @NoCSRFRequired * @NoCSRFRequired
*/ */
public function showShare(string $token): TemplateResponse public function showShare(string $token)
{ {
\OC_User::setIncognitoMode(true);
// Validate token exists // Validate token exists
$timelineQuery = new TimelineQuery($this->connection); $timelineQuery = new TimelineQuery($this->connection);
$album = $timelineQuery->getAlbumByLink($token); $album = $timelineQuery->getAlbumByLink($token);
@ -54,6 +61,23 @@ class PublicAlbumController extends Controller
return new TemplateResponse('core', '404', [], 'guest'); return new TemplateResponse('core', '404', [], 'guest');
} }
// Check if the current user has access to the album
// Just redirect to the user's page if the user is the owner or a collaborator
if ($user = $this->userSession->getUser()) {
$uid = $user->getUID();
$albumId = (int) $album['album_id'];
if ($uid === $album['user'] || $timelineQuery->userIsAlbumCollaborator($uid, $albumId)) {
$idStr = $album['user'].'/'.$album['name'];
$url = $this->urlGenerator->linkToRoute('memories.Page.albums', ['id' => $idStr]);
return new RedirectResponse($url);
}
}
// Browse anonymously if the album is accessed as a link
\OC_User::setIncognitoMode(true);
// Scripts // Scripts
Util::addScript($this->appName, 'memories-main'); Util::addScript($this->appName, 'memories-main');
PageController::provideCommonInitialState($this->initialState); PageController::provideCommonInitialState($this->initialState);

24
lib/Db/TimelineQueryAlbums.php
View File

@ -207,18 +207,34 @@ trait TimelineQueryAlbums
} }
// Check in collaborators instead // Check in collaborators instead
$albumNumId = (int) $album['album_id'];
if ($this->userIsAlbumCollaborator($uid, $albumNumId)) {
return $album;
}
return null;
}
/**
* Check if user is a collaborator by numeric ID.
* Also checks if a group is a collaborator.
* Does not check if the user is the owner.
*
* @param string $uid User ID
* @param int $albumId Album ID (numeric)
*/
public function userIsAlbumCollaborator(string $uid, int $albumId): bool
{
$query = $this->connection->getQueryBuilder(); $query = $this->connection->getQueryBuilder();
$ids = $this->getSelfCollaborators($uid); $ids = $this->getSelfCollaborators($uid);
$query->select('album_id')->from($this->collaboratorsTable())->where( $query->select('album_id')->from($this->collaboratorsTable())->where(
$query->expr()->andX( $query->expr()->andX(
$query->expr()->eq('album_id', $query->createNamedParameter($album['album_id'])), $query->expr()->eq('album_id', $query->createNamedParameter($albumId, IQueryBuilder::PARAM_INT)),
$query->expr()->in('collaborator_id', $query->createNamedParameter($ids, IQueryBuilder::PARAM_STR_ARRAY)), $query->expr()->in('collaborator_id', $query->createNamedParameter($ids, IQueryBuilder::PARAM_STR_ARRAY)),
) )
); );
if (false !== $query->executeQuery()->fetchOne()) { return false !== $query->executeQuery()->fetchOne();
return $album;
}
} }
/** /**