fixup! feat: improve ZipFolderPlugin behaviour for different cases

salmart-dev · salmart-dev · commit d90be1a24f9f · 2026-03-30T12:49:08.000+02:00
Signed-off-by: Salvatore Martire &lt;4652631+salmart-dev@users.noreply.github.com&gt;
diff --git a/apps/files_sharing/lib/Listener/BeforeDirectFileDownloadListener.php b/apps/files_sharing/lib/Listener/BeforeDirectFileDownloadListener.php
@@ -37,8 +37,8 @@ public function handle(Event $event): void {
 		// Check only for user/group shares. Don't restrict e.g. share links
 		if (!$user) {
 			return;
-
 		}
+
 		$userFolder = $this->rootFolder->getUserFolder($user->getUID());
 		$node = $userFolder->get($event->getPath());
 		if (!$this->viewOnly->isDownloadable($node)) {
diff --git a/apps/files_sharing/lib/Listener/BeforeZipCreatedListener.php b/apps/files_sharing/lib/Listener/BeforeZipCreatedListener.php
@@ -9,12 +9,18 @@
 
 namespace OCA\Files_Sharing\Listener;
 
+use OC\User\NoUserException;
+use OCA\DAV\Connector\Sabre\Directory;
 use OCA\Files_Sharing\ViewOnly;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
 use OCP\Files\Events\BeforeZipCreatedEvent;
+use OCP\Files\Folder;
 use OCP\Files\IRootFolder;
 use OCP\Files\Node;
+use OCP\Files\NotFoundException;
+use OCP\Files\NotPermittedException;
+use OCP\IUser;
 use OCP\IUserSession;
 
 /**
@@ -46,24 +52,15 @@ public function handle(Event $event): void {
 			}
 		}
 
-		// Check only for user/group shares. Don't restrict e.g. share links
 		$user = $this->userSession->getUser();
-		if (!$user) {
-			$folder = $event->getFolder();
-			// there is no session, allow downloads only if the owner of the share has permissions!
-			$user = $folder?->getOwner();
-			if (!$user) {
-				// block download as there is no way to determine whether the files should be publicly downloadable or not
-				$event->setSuccessful(false);
-				return;
-			}
+		$folder = $this->getFolderOrFallback($user, $event);
+		if ($folder === null) {
+			// folder is not a directory
+			return;
 		}
 
-		$userFolder = $this->rootFolder->getUserFolder($user->getUID());
-		$viewOnlyHandler = new ViewOnly($userFolder);
-
-		$node = $userFolder->get($dir);
-		$isRootDownloadable = $viewOnlyHandler->isDownloadable($node);
+		$viewOnlyHandler = new ViewOnly($folder);
+		$isRootDownloadable = $viewOnlyHandler->isDownloadable($folder);
 
 		if (!$isRootDownloadable) {
 			$message = $event->allowPartialArchive ? 'Access to this resource and its children has been denied.' : 'Access to this resource or one of its sub-items has been denied.';
@@ -86,4 +83,26 @@ public function handle(Event $event): void {
 			$event->setSuccessful(false);
 		}
 	}
+
+	/**
+	 * Gets the folder containing the files to be downloaded from the POV of the
+	 * logged-in user, or if no logged-in user is present (e.g. link shares),
+	 * from the POV of the owner of the folder.
+	 *
+	 * @return ?Folder A Folder or null if the Node is a File.
+	 * @throws NotFoundException
+	 * @throws NotPermittedException
+	 * @throws NoUserException
+	 */
+	private function getFolderOrFallback(?IUser $user, BeforeZipCreatedEvent $event): ?Folder {
+		// if no user (in public links for example), use the owner's POV to determine if files should be downloadable
+		$folder = $user ? $this->rootFolder->getUserFolder($user->getUID()) : $event->getFolder();
+		if ($folder !== null) {
+			return $folder instanceof Folder ? $folder : null;
+		}
+
+		$folder = $this->rootFolder->get($event->getDirectory());
+
+		return $folder instanceof Folder ? $folder : null;
+	}
 }
