From faf2a3435686ecd0533b77552b5a8ed651f66ebf Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Sat, 8 Jul 2023 14:18:31 +0200 Subject: [PATCH 1/2] reuse the cache entry we already have when doing rule checking Signed-off-by: Robin Appelman --- lib/CacheWrapper.php | 2 +- lib/Operation.php | 39 +++++++++++++++++++++++++++++++-------- lib/StorageWrapper.php | 1 - 3 files changed, 32 insertions(+), 10 deletions(-) diff --git a/lib/CacheWrapper.php b/lib/CacheWrapper.php index b86373f4..ecaa37e5 100644 --- a/lib/CacheWrapper.php +++ b/lib/CacheWrapper.php @@ -57,7 +57,7 @@ public function __construct(ICache $cache, IStorage $storage, Operation $operati protected function formatCacheEntry($entry) { if (isset($entry['path']) && isset($entry['permissions'])) { try { - $this->operation->checkFileAccess($this->storage, $entry['path'], $entry['mimetype'] === 'httpd/unix-directory'); + $this->operation->checkFileAccess($this->storage, $entry['path'], $entry['mimetype'] === 'httpd/unix-directory', $entry); } catch (ForbiddenException $e) { $entry['permissions'] &= $this->mask; } diff --git a/lib/Operation.php b/lib/Operation.php index 22934b3b..8b215b68 100644 --- a/lib/Operation.php +++ b/lib/Operation.php @@ -22,11 +22,16 @@ namespace OCA\FilesAccessControl; use Exception; +use OC\Files\FileInfo; +use OC\Files\Node\Folder; +use OC\Files\View; use OCA\WorkflowEngine\Entity\File; use OCP\EventDispatcher\Event; +use OCP\Files\Cache\ICacheEntry; use OCP\Files\ForbiddenException; use OCP\Files\IRootFolder; use OCP\Files\Mount\IMountManager; +use OCP\Files\Mount\IMountPoint; use OCP\Files\Node; use OCP\Files\NotFoundException; use OCP\Files\Storage\IStorage; @@ -69,9 +74,10 @@ public function __construct( } /** + * @param array|ICacheEntry|null $cacheEntry * @throws ForbiddenException */ - public function checkFileAccess(IStorage $storage, string $path, bool $isDir = false): void { + public function checkFileAccess(IStorage $storage, string $path, bool $isDir = false, $cacheEntry = null): void { if (!$this->isBlockablePath($storage, $path) || $this->isCreatingSkeletonFiles() || $this->nestingLevel !== 0) { // Allow creating skeletons and theming // https://github.com/nextcloud/files_accesscontrol/issues/5 @@ -84,7 +90,7 @@ public function checkFileAccess(IStorage $storage, string $path, bool $isDir = f $filePath = $this->translatePath($storage, $path); $ruleMatcher = $this->manager->getRuleMatcher(); $ruleMatcher->setFileInfo($storage, $filePath, $isDir); - $node = $this->getNode($storage, $path); + $node = $this->getNode($storage, $path, $cacheEntry); if ($node !== null) { $ruleMatcher->setEntitySubject($this->fileEntity, $node); } @@ -280,16 +286,33 @@ public function onEvent(string $eventName, Event $event, IRuleMatcher $ruleMatch // Noop } - private function getNode(IStorage $storage, string $path): ?Node { + /** + * @param array|ICacheEntry|null $cacheEntry + */ + private function getNode(IStorage $storage, string $path, $cacheEntry = null): ?Node { + /** @var IMountPoint|false $mountPoint */ $mountPoint = current($this->mountManager->findByStorageId($storage->getId())); - if ($mountPoint === false) { + if (!$mountPoint) { return null; } + $fullPath = $mountPoint->getMountPoint() . $path; - try { - return $this->rootFolder->get($fullPath); - } catch (NotFoundException $e) { - return null; + if ($cacheEntry) { + // todo: LazyNode? + $info = new FileInfo($fullPath, $mountPoint->getStorage(), $path, $cacheEntry, $mountPoint); + $isDir = $info->getType() === FileInfo::TYPE_FOLDER; + $view = new View(''); + if ($isDir) { + return new Folder($this->rootFolder, $view, $path, $info); + } else { + return new \OC\Files\Node\File($this->rootFolder, $view, $path, $info); + } + } else { + try { + return $this->rootFolder->get($fullPath); + } catch (NotFoundException $e) { + return null; + } } } } diff --git a/lib/StorageWrapper.php b/lib/StorageWrapper.php index 5f0f418a..29b0786b 100644 --- a/lib/StorageWrapper.php +++ b/lib/StorageWrapper.php @@ -30,7 +30,6 @@ use OCP\Files\Storage\IWriteStreamStorage; class StorageWrapper extends Wrapper implements IWriteStreamStorage { - /** @var Operation */ protected $operation; From 80bafb2629fd580892b469ff7abc662a793e9144 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Wed, 20 Sep 2023 12:27:04 +0200 Subject: [PATCH 2/2] chore(release): Add changelog and bump version Signed-off-by: Joas Schilling --- CHANGELOG.md | 5 +++++ appinfo/info.xml | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index deac81da..6190444c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,11 @@ # Changelog All notable changes to this project will be documented in this file. +## 1.15.3 - 2023-09-20 +### Fixed +- Improve performance of checking the rules + [#424](https://github.com/nextcloud/files_accesscontrol/pull/424) + ## 1.15.2 - 2023-08-24 ### Fixed - Fix moving of mountpoints diff --git a/appinfo/info.xml b/appinfo/info.xml index 2cf71a62..ca7c9e76 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -13,7 +13,7 @@ An example would be to deny access to MS Excel/XLSX files owned by the "Human Re Learn more about File Access Control on [https://nextcloud.com/workflow](https://nextcloud.com/workflow) - 1.15.2 + 1.15.3 agpl Arthur Schiwon Joas Schilling