From b9722e925c4cdb026e259a50f73c8bb4d390cc7e Mon Sep 17 00:00:00 2001 From: Varun Patil Date: Sat, 21 Jan 2023 08:53:45 -0800 Subject: [PATCH] download: fix wrong user context in one (fix #361) --- lib/Controller/DownloadController.php | 30 ++++++++++++++++++++++----- 1 file changed, 25 insertions(+), 5 deletions(-) diff --git a/lib/Controller/DownloadController.php b/lib/Controller/DownloadController.php index 12cb2c21..5ddb5924 100644 --- a/lib/Controller/DownloadController.php +++ b/lib/Controller/DownloadController.php @@ -123,16 +123,36 @@ class DownloadController extends ApiBase { $file = $this->getUserFile($fileid); if (null === $file) { - return new JSONResponse([], Http::STATUS_NOT_FOUND); + return new JSONResponse([ + 'message' => 'File not found', + ], Http::STATUS_NOT_FOUND); } - // Get DAV location of file - $userFolder = $this->rootFolder->getUserFolder($file->getOwner()->getUID()); - $path = $userFolder->getRelativePath($file->getPath()); + // Get the owner's root folder + $owner = $file->getOwner()->getUID(); + $userFolder = $this->rootFolder->getUserFolder($owner); + + // Get the file in the context of the owner + $ownerFile = $userFolder->getById($fileid); + if (0 === \count($ownerFile)) { + // This should never happen, since the file was already found earlier + // Except if it was deleted in the meantime ... + return new JSONResponse([ + 'message' => 'File not found in owner\'s root folder', + ], Http::STATUS_INTERNAL_SERVER_ERROR); + } + + // Get DAV path of file relative to owner's root folder + $path = $userFolder->getRelativePath($ownerFile[0]->getPath()); + if (null === $path) { + return new JSONResponse([ + 'message' => 'File path not found in owner\'s root folder', + ], Http::STATUS_INTERNAL_SERVER_ERROR); + } // Setup filesystem for owner \OC_Util::tearDownFS(); - \OC_Util::setupFS($file->getOwner()->getUID()); + \OC_Util::setupFS($owner); // HEAD and RANGE support $server_params = ['head' => 'HEAD' === $this->request->getMethod()];