nextcloud_server/apps/files_sharing/lib/ViewOnly.php

<?php
/**
 * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2019 ownCloud GmbH
 * SPDX-License-Identifier: AGPL-3.0-only
 */

namespace OCA\Files_Sharing;

use OCP\Files\File;
use OCP\Files\Folder;
use OCP\Files\Node;
use OCP\Files\NotFoundException;

/**
 * Handles restricting for download of files
 */
class ViewOnly {

	public function __construct(
		private Folder $userFolder,
	) {
	}

	/**
	 * @param string[] $pathsToCheck
	 * @return bool
	 */
	public function check(array $pathsToCheck): bool {
		// If any of elements cannot be downloaded, prevent whole download
		foreach ($pathsToCheck as $file) {
			try {
				$info = $this->userFolder->get($file);
				if ($info instanceof File) {
					// access to filecache is expensive in the loop
					if (!$this->checkFileInfo($info)) {
						return false;
					}
				} elseif ($info instanceof Folder) {
					// get directory content is rather cheap query
					if (!$this->dirRecursiveCheck($info)) {
						return false;
					}
				}
			} catch (NotFoundException $e) {
				continue;
			}
		}
		return true;
	}

	/**
	 * @param Folder $dirInfo
	 * @return bool
	 * @throws NotFoundException
	 */
	private function dirRecursiveCheck(Folder $dirInfo): bool {
		if (!$this->checkFileInfo($dirInfo)) {
			return false;
		}
		// If any of elements cannot be downloaded, prevent whole download
		$files = $dirInfo->getDirectoryListing();
		foreach ($files as $file) {
			if ($file instanceof File) {
				if (!$this->checkFileInfo($file)) {
					return false;
				}
			} elseif ($file instanceof Folder) {
				return $this->dirRecursiveCheck($file);
			}
		}

		return true;
	}

	/**
	 * @param Node $fileInfo
	 * @return bool
	 * @throws NotFoundException
	 */
	private function checkFileInfo(Node $fileInfo): bool {
		// Restrict view-only to nodes which are shared
		$storage = $fileInfo->getStorage();
		if (!$storage->instanceOfStorage(SharedStorage::class)) {
			return true;
		}

		// Extract extra permissions
		/** @var SharedStorage $storage */
		$share = $storage->getShare();

		// Check whether download-permission was denied (granted if not set)
		$attributes = $share->getAttributes();
		$canDownload = $attributes?->getAttribute('permissions', 'download');

		return $canDownload !== false;
	}
}
Add share attributes + prevent download permission Makes it possible to store download permission Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-18 14:54:27 +02:00			`<?php`
			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-06-06 19:48:28 +02:00			`* SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2019 ownCloud GmbH`
			`* SPDX-License-Identifier: AGPL-3.0-only`
Add share attributes + prevent download permission Makes it possible to store download permission Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-18 14:54:27 +02:00			`*/`

			`namespace OCA\Files_Sharing;`

			`use OCP\Files\File;`
			`use OCP\Files\Folder;`
			`use OCP\Files\Node;`
			`use OCP\Files\NotFoundException;`

			`/**`
			`* Handles restricting for download of files`
			`*/`
			`class ViewOnly {`

refactor(apps): Use constructor property promotion when possible Signed-off-by: provokateurin <kate@provokateurin.de> 2024-10-18 12:04:22 +02:00			`public function __construct(`
			`private Folder $userFolder,`
			`) {`
Add share attributes + prevent download permission Makes it possible to store download permission Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-18 14:54:27 +02:00			`}`

			`/**`
			`* @param string[] $pathsToCheck`
			`* @return bool`
			`*/`
Fix view-only code after code review comments Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-06-13 12:48:35 +02:00			`public function check(array $pathsToCheck): bool {`
Add share attributes + prevent download permission Makes it possible to store download permission Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-18 14:54:27 +02:00			`// If any of elements cannot be downloaded, prevent whole download`
			`foreach ($pathsToCheck as $file) {`
			`try {`
			`$info = $this->userFolder->get($file);`
			`if ($info instanceof File) {`
			`// access to filecache is expensive in the loop`
			`if (!$this->checkFileInfo($info)) {`
			`return false;`
			`}`
			`} elseif ($info instanceof Folder) {`
			`// get directory content is rather cheap query`
			`if (!$this->dirRecursiveCheck($info)) {`
			`return false;`
			`}`
			`}`
			`} catch (NotFoundException $e) {`
			`continue;`
			`}`
			`}`
			`return true;`
			`}`

			`/**`
			`* @param Folder $dirInfo`
			`* @return bool`
			`* @throws NotFoundException`
			`*/`
Fix view-only code after code review comments Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-06-13 12:48:35 +02:00			`private function dirRecursiveCheck(Folder $dirInfo): bool {`
Add share attributes + prevent download permission Makes it possible to store download permission Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-18 14:54:27 +02:00			`if (!$this->checkFileInfo($dirInfo)) {`
			`return false;`
			`}`
			`// If any of elements cannot be downloaded, prevent whole download`
			`$files = $dirInfo->getDirectoryListing();`
			`foreach ($files as $file) {`
			`if ($file instanceof File) {`
			`if (!$this->checkFileInfo($file)) {`
			`return false;`
			`}`
			`} elseif ($file instanceof Folder) {`
			`return $this->dirRecursiveCheck($file);`
			`}`
			`}`

			`return true;`
			`}`

			`/**`
			`* @param Node $fileInfo`
			`* @return bool`
			`* @throws NotFoundException`
			`*/`
Fix view-only code after code review comments Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-06-13 12:48:35 +02:00			`private function checkFileInfo(Node $fileInfo): bool {`
Add share attributes + prevent download permission Makes it possible to store download permission Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-18 14:54:27 +02:00			`// Restrict view-only to nodes which are shared`
			`$storage = $fileInfo->getStorage();`
			`if (!$storage->instanceOfStorage(SharedStorage::class)) {`
			`return true;`
			`}`

			`// Extract extra permissions`
chore(apps): Apply new rector configuration to autouse classes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2024-10-10 12:40:31 +02:00			`/** @var SharedStorage $storage */`
Add share attributes + prevent download permission Makes it possible to store download permission Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-18 14:54:27 +02:00			`$share = $storage->getShare();`

fix: Adjust preview for view-only shares Previously there was a different behavior for public shares (link-shares) and internal shares, if the user disabled the view permission. The legacy UI for public shares simply "disabled" the context menu and hided all download actions. With Nextcloud 31 all share types use the consistent permissions attributes, which simplifies code, but caused a regression: Images can no longer been viewed. Because on 30 and before the attribute was not set, previews for view-only files were still allowed. Now with 31 we need a new way to allow "viewing" shares. So this is allowing previews for those files, but only for internal usage. This is done by settin a special header, which only works with custom requests, and not by opening the URL directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> 2024-09-09 00:21:50 +02:00			`// Check whether download-permission was denied (granted if not set)`
Fix view-only code after code review comments Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-06-13 12:48:35 +02:00			`$attributes = $share->getAttributes();`
fix: Adjust preview for view-only shares Previously there was a different behavior for public shares (link-shares) and internal shares, if the user disabled the view permission. The legacy UI for public shares simply "disabled" the context menu and hided all download actions. With Nextcloud 31 all share types use the consistent permissions attributes, which simplifies code, but caused a regression: Images can no longer been viewed. Because on 30 and before the attribute was not set, previews for view-only files were still allowed. Now with 31 we need a new way to allow "viewing" shares. So this is allowing previews for those files, but only for internal usage. This is done by settin a special header, which only works with custom requests, and not by opening the URL directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> 2024-09-09 00:21:50 +02:00			`$canDownload = $attributes?->getAttribute('permissions', 'download');`
Add share attributes + prevent download permission Makes it possible to store download permission Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-18 14:54:27 +02:00
fix: Adjust preview for view-only shares Previously there was a different behavior for public shares (link-shares) and internal shares, if the user disabled the view permission. The legacy UI for public shares simply "disabled" the context menu and hided all download actions. With Nextcloud 31 all share types use the consistent permissions attributes, which simplifies code, but caused a regression: Images can no longer been viewed. Because on 30 and before the attribute was not set, previews for view-only files were still allowed. Now with 31 we need a new way to allow "viewing" shares. So this is allowing previews for those files, but only for internal usage. This is done by settin a special header, which only works with custom requests, and not by opening the URL directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> 2024-09-09 00:21:50 +02:00			`return $canDownload !== false;`
Add share attributes + prevent download permission Makes it possible to store download permission Signed-off-by: Vincent Petry <vincent@nextcloud.com> 2022-05-18 14:54:27 +02:00			`}`
			`}`
No results found.