fix(richdocuments): gate conversion with SecureViewService check

Server-side conversion bypassed the Secure View / watermark restriction
that the viewer enforces, allowing a user with view-only secure access
to download a clean copy via the conversion API. Reuse SecureViewService
(same logic the viewer uses) to deny conversion for files that should be
secured. Handle the documented NotFoundException so a cache miss surfaces
as a clear, translated error instead of a 500.

Signed-off-by: Christoph Schaefer <christoph.schaefer@nextcloud.com>

Author: chrip

lib/Conversion/ConversionProvider.php

@@ -10,9 +10,11 @@
 namespace OCA\Richdocuments\Conversion;
 
 use OCA\Richdocuments\Service\RemoteService;
+use OCA\Richdocuments\Service\SecureViewService;
 use OCP\Files\Conversion\ConversionMimeProvider;
 use OCP\Files\Conversion\IConversionProvider;
 use OCP\Files\File;
+use OCP\Files\NotFoundException;
 use OCP\IL10N;
 use OCP\L10N\IFactory;
 use Psr\Log\LoggerInterface;
@@ -53,6 +55,7 @@ public function __construct(
 		private RemoteService $remoteService,
 		private LoggerInterface $logger,
 		IFactory $l10nFactory,
+		private SecureViewService $secureViewService,
 	) {
 		$this->l10n = $l10nFactory->get('richdocuments');
 	}
@@ -144,6 +147,23 @@ public function convertFile(File $file, string $targetMimeType): mixed {
 			));
 		}
 
+		if ($this->secureViewService->isEnabled()) {
+			try {
+				$secured = $this->secureViewService->shouldSecure(
+					$file->getInternalPath(),
+					$file->getStorage(),
+				);
+			} catch (NotFoundException $e) {
+				$this->logger->warning('Could not determine Secure View status for conversion target', ['exception' => $e]);
+				throw new \Exception($this->l10n->t('Conversion is unavailable for this file.'));
+			}
+			if ($secured) {
+				throw new \Exception($this->l10n->t(
+					'Conversion is blocked because the file is protected by Secure View.'
+				));
+			}
+		}
+
 		return $this->remoteService->convertFileTo($file, $targetFileExtension);
 	}