RPJosh
/
memories
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

base: validate no-read shares

cap
Varun Patil 2022-12-04 09:20:46 -08:00
parent 93da22e0fa
commit d8af8ae3ba
2 changed files with 36 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/Controller/ApiBase.php
View File

@ -252,6 +252,9 @@ class ApiBase extends Controller
// Get share by token // Get share by token
$share = $this->shareManager->getShareByToken($token); $share = $this->shareManager->getShareByToken($token);
if (!PublicController::validateShare($share)) {
return null;
}
// Check if share is password protected // Check if share is password protected
if (($password = $share->getPassword()) !== null) { if (($password = $share->getPassword()) !== null) {

58
lib/Controller/PublicController.php
View File

@ -95,7 +95,7 @@ class PublicController extends AuthPublicShareController
throw new NotFoundException(); throw new NotFoundException();
} }
if (!$this->validateShare($share)) { if (!self::validateShare($share)) {
throw new NotFoundException(); throw new NotFoundException();
} }
@ -134,6 +134,38 @@ class PublicController extends AuthPublicShareController
return $response; return $response;
} }
/**
* Validate the permissions of the share.
*/
public static function validateShare(?IShare $share): bool
{
if (null === $share) {
return false;
}
// Get user manager
$userManager = \OC::$server->getUserManager();
// Check if share read is allowed
if (!($share->getPermissions() & \OCP\Constants::PERMISSION_READ)) {
return false;
}
// If the owner is disabled no access to the linke is granted
$owner = $userManager->get($share->getShareOwner());
if (null === $owner || !$owner->isEnabled()) {
return false;
}
// If the initiator of the share is disabled no access is granted
$initiator = $userManager->get($share->getSharedBy());
if (null === $initiator || !$initiator->isEnabled()) {
return false;
}
return $share->getNode()->isReadable() && $share->getNode()->isShareable();
}
protected function showAuthFailed(): TemplateResponse protected function showAuthFailed(): TemplateResponse
{ {
$templateParameters = ['share' => $this->share, 'wrongpw' => true]; $templateParameters = ['share' => $this->share, 'wrongpw' => true];
@ -155,28 +187,4 @@ class PublicController extends AuthPublicShareController
{ {
return null !== $this->share->getPassword(); return null !== $this->share->getPassword();
} }
/**
* Validate the permissions of the share.
*
* @param Share\IShare $share
*
* @return bool
*/
private function validateShare(IShare $share)
{
// If the owner is disabled no access to the linke is granted
$owner = $this->userManager->get($share->getShareOwner());
if (null === $owner || !$owner->isEnabled()) {
return false;
}
// If the initiator of the share is disabled no access is granted
$initiator = $this->userManager->get($share->getSharedBy());
if (null === $initiator || !$initiator->isEnabled()) {
return false;
}
return $share->getNode()->isReadable() && $share->getNode()->isShareable();
}
} }