Skip to content

Commit 7db4d26

Browse files
juliusknorrjuliusknorr
committed
fixup! feat: Add storage wrappert to block download on secure view
1 parent 88c39a2 commit 7db4d26

3 files changed

Lines changed: 15 additions & 13 deletions

File tree

lib/AppConfig.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -205,10 +205,10 @@ public function useSecureViewAdditionalMimes(): bool {
205205
}
206206

207207
public function getMimeTypes(): array {
208-
return array_merge([
208+
return array_merge(
209209
Capabilities::MIMETYPES,
210210
Capabilities::MIMETYPES_MSOFFICE,
211-
]);
211+
);
212212
}
213213

214214
public function getDomainList(): array {

lib/Controller/WopiController.php

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -135,6 +135,9 @@ public function checkFileInfo(string $fileId, string $access_token): JSONRespons
135135
$isSmartPickerEnabled = (bool)$wopi->getCanwrite() && !$isPublic && !$wopi->getDirect();
136136
$isTaskProcessingEnabled = $isSmartPickerEnabled && $this->taskProcessingManager->isTaskProcessingEnabled();
137137

138+
$share = $this->getShareForWopiToken($wopi, $file);
139+
$shouldUseSecureView = $this->permissionManager->shouldWatermark($file, $wopi->getEditorUid(), $share);
140+
138141
// If the file is locked manually by a user we want to open it read only for all others
139142
$canWriteThroughLock = true;
140143
try {
@@ -156,7 +159,7 @@ public function checkFileInfo(string $fileId, string $access_token): JSONRespons
156159
'UserExtraInfo' => [],
157160
'UserPrivateInfo' => [],
158161
'UserCanWrite' => $canWriteThroughLock && (bool)$wopi->getCanwrite(),
159-
'UserCanNotWriteRelative' => $isPublic || $this->encryptionManager->isEnabled() || $wopi->getHideDownload() || $wopi->isRemoteToken(),
162+
'UserCanNotWriteRelative' => $isPublic || $this->encryptionManager->isEnabled() || $wopi->getHideDownload() || $wopi->isRemoteToken() || $shouldUseSecureView,
160163
'PostMessageOrigin' => $wopi->getServerHost(),
161164
'LastModifiedTime' => Helper::toISO8601($file->getMTime()),
162165
'SupportsRename' => !$isVersion && !$wopi->isRemoteToken(),
@@ -166,11 +169,11 @@ public function checkFileInfo(string $fileId, string $access_token): JSONRespons
166169
'EnableShare' => $file->isShareable() && !$isVersion && !$isPublic,
167170
'HideUserList' => '',
168171
'EnableOwnerTermination' => $wopi->getCanwrite() && !$isPublic,
169-
'DisablePrint' => $wopi->getHideDownload(),
170-
'DisableExport' => $wopi->getHideDownload(),
171-
'DisableCopy' => $wopi->getHideDownload(),
172-
'HideExportOption' => $wopi->getHideDownload(),
173-
'HidePrintOption' => $wopi->getHideDownload(),
172+
'DisablePrint' => $wopi->getHideDownload() || $shouldUseSecureView,
173+
'DisableExport' => $wopi->getHideDownload() || $shouldUseSecureView,
174+
'DisableCopy' => $wopi->getHideDownload() || $shouldUseSecureView,
175+
'HideExportOption' => $wopi->getHideDownload() || $shouldUseSecureView,
176+
'HidePrintOption' => $wopi->getHideDownload() || $shouldUseSecureView,
174177
'DownloadAsPostMessage' => $wopi->getDirect(),
175178
'SupportsLocks' => $this->lockManager->isLockProviderAvailable(),
176179
'IsUserLocked' => $this->permissionManager->userIsFeatureLocked($wopi->getEditorUid()),
@@ -223,8 +226,7 @@ public function checkFileInfo(string $fileId, string $access_token): JSONRespons
223226
$response['TemplateSource'] = $this->getWopiUrlForTemplate($wopi);
224227
}
225228

226-
$share = $this->getShareForWopiToken($wopi, $file);
227-
if ($this->permissionManager->shouldWatermark($file, $wopi->getEditorUid(), $share)) {
229+
if ($shouldUseSecureView) {
228230
$email = $user !== null && !$isPublic ? $user->getEMailAddress() : '';
229231
$currentDateTime = new \DateTime(
230232
'now',

lib/Storage/SecureViewWrapper.php

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -84,17 +84,17 @@ private function checkFileAccess(string $path): void {
8484
}
8585

8686
private function shouldSecure(string $path, ?IStorage $sourceStorage = null): bool {
87-
if ($sourceStorage !== $this) {
87+
if ($sourceStorage !== $this && $sourceStorage !== null) {
8888
$fp = $sourceStorage->fopen($path, 'r');
8989
fclose($fp);
9090
}
9191

9292
$storage = $sourceStorage ?? $this;
9393

94-
$isSharedStorage = $this->instanceOfStorage(ISharedStorage::class);
94+
$isSharedStorage = $storage->instanceOfStorage(ISharedStorage::class);
9595
$mountNode = $this->rootFolder->get($storage->getMountPoint());
9696
$node = $mountNode instanceof Folder ? $mountNode->get($path) : $mountNode;
97-
$share = $isSharedStorage && method_exists($this, 'getShare') ? $this->getShare() : null;
97+
$share = $isSharedStorage ? $node->getStorage()->getShare() : null;
9898
$userId = $this->userSession->getUser()?->getUID();
9999

100100
return $this->permissionManager->shouldWatermark($node, $userId, $share);

0 commit comments

Comments
 (0)