fix: check admin before file read

Signed-off-by: Elizabeth Danzberger <elizabeth@elzody.dev>

Author: elzody

lib/Controller/WopiController.php

@@ -448,6 +448,13 @@ public function uploadSettingsFile(string $fileId, string $access_token): JSONRe
 				throw new \Exception('UserID is empty');
 			}
 
+			$isUserAdmin = $this->groupManager->isAdmin($userId);
+			// Use the fileId as a file path URL (e.g., "/settings/systemconfig/wordbook/en_US%20(1).dic")
+			$settingsUrl = new SettingsUrl($fileId);
+			if ($settingsUrl->isSystemConfig() && !$isUserAdmin) {
+				throw new NotPermittedException();
+			}
+
 			$content = fopen('php://input', 'rb');
 			if (!$content) {
 				throw new \Exception('Failed to read input stream.');
@@ -456,12 +463,6 @@ public function uploadSettingsFile(string $fileId, string $access_token): JSONRe
 			$fileContent = stream_get_contents($content);
 			fclose($content);
 
-			$isUserAdmin = $this->groupManager->isAdmin($userId);
-			// Use the fileId as a file path URL (e.g., "/settings/systemconfig/wordbook/en_US%20(1).dic")
-			$settingsUrl = new SettingsUrl($fileId);
-			if ($settingsUrl->isSystemConfig() && !$isUserAdmin) {
-				throw new NotPermittedException();
-			}
 
 			$result = $this->settingsService->uploadFile($settingsUrl, $fileContent, $userId);