Merge pull request #4481 from nextcloud/fix/download-attachment

blizzz · web-flow · commit 3b1951cdd170 · 2023-07-11T17:03:31.000+02:00
fix: Fetch attachment share permissions
diff --git a/lib/Service/AttachmentService.php b/lib/Service/AttachmentService.php
@@ -27,6 +27,7 @@
 namespace OCA\Text\Service;
 
 use OC\User\NoUserException;
+use OCA\Files_Sharing\SharedStorage;
 use OCA\Text\Controller\AttachmentController;
 use OCP\Constants;
 use OCP\Files\File;
@@ -155,7 +156,7 @@ public function getMediaFilePublic(int $documentId, string $mediaFileName, strin
 	private function getMediaFullFile(string $mediaFileName, File $textFile): ?File {
 		$attachmentFolder = $this->getAttachmentDirectoryForFile($textFile, true);
 		$mediaFile = $attachmentFolder->get($mediaFileName);
-		if ($mediaFile instanceof File) {
+		if ($mediaFile instanceof File && !$this->isDownloadDisabled($mediaFile)) {
 			return $mediaFile;
 		}
 		return null;
@@ -192,7 +193,7 @@ public function getMediaFilePreviewPublic(int $documentId, string $mediaFileName
 	private function getMediaFilePreviewFile(string $mediaFileName, File $textFile): ?array {
 		$attachmentFolder = $this->getAttachmentDirectoryForFile($textFile, true);
 		$mediaFile = $attachmentFolder->get($mediaFileName);
-		if ($mediaFile instanceof File) {
+		if ($mediaFile instanceof File && !$this->isDownloadDisabled($mediaFile)) {
 			if ($this->previewManager->isMimeSupported($mediaFile->getMimeType())) {
 				try {
 					return [
@@ -453,13 +454,27 @@ private function getFileFromPath(string $filePath, string $userId): ?File {
 		$userFolder = $this->rootFolder->getUserFolder($userId);
 		if ($userFolder->nodeExists($filePath)) {
 			$file = $userFolder->get($filePath);
-			if ($file instanceof File) {
+			if ($file instanceof File && !$this->isDownloadDisabled($file)) {
 				return $file;
 			}
 		}
 		return null;
 	}
 
+	private function isDownloadDisabled(File $file): bool {
+		$storage = $file->getStorage();
+		if ($storage->instanceOfStorage(SharedStorage::class)) {
+			/** @var SharedStorage $storage */
+			$share = $storage->getShare();
+			$attributes = $share->getAttributes();
+			if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {
+				return true;
+			}
+		}
+
+		return false;
+	}
+
 	/**
 	 * Get a user file from file ID
 	 *
@@ -472,9 +487,10 @@ private function getFileFromPath(string $filePath, string $userId): ?File {
 	 */
 	private function getTextFile(int $documentId, string $userId): File {
 		$userFolder = $this->rootFolder->getUserFolder($userId);
-		$textFile = $userFolder->getById($documentId);
-		if (count($textFile) > 0 && $textFile[0] instanceof File) {
-			return $textFile[0];
+		$files = $userFolder->getById($documentId);
+		$file = array_shift($files);
+		if ($file instanceof File && !$this->isDownloadDisabled($file)) {
+			return $file;
 		}
 		throw new NotFoundException('Text file with id=' . $documentId . ' was not found in storage of ' . $userId);
 	}
@@ -495,15 +511,16 @@ private function getTextFilePublic(?int $documentId, string $shareToken): File {
 				// shared file or folder?
 				if ($share->getNodeType() === 'file') {
 					$textFile = $share->getNode();
-					if ($textFile instanceof File) {
+					if ($textFile instanceof File && !$this->isDownloadDisabled($textFile)) {
 						return $textFile;
 					}
 				} elseif ($documentId !== null && $share->getNodeType() === 'folder') {
 					$folder = $share->getNode();
 					if ($folder instanceof Folder) {
 						$textFile = $folder->getById($documentId);
-						if (count($textFile) > 0 && $textFile[0] instanceof File) {
-							return $textFile[0];
+						$textFile = array_shift($textFile);
+						if ($textFile instanceof File && !$this->isDownloadDisabled($textFile)) {
+							return $textFile;
 						}
 					}
 				}
