From 6648bce5bf50b4bdf137a8221e04ada94a79c83f Mon Sep 17 00:00:00 2001
From: Hamza Mahjoubi <hamzamahjoubi221@gmail.com>
Date: Mon, 22 Apr 2024 20:14:26 +0200
Subject: [PATCH] enh: add backend check for download permission for cloud
 attachements

Signed-off-by: Hamza Mahjoubi <hamzamahjoubi221@gmail.com>
---
 lib/Service/Attachment/AttachmentService.php      | 15 +++++++++++++++
 .../Service/Attachment/AttachmentServiceTest.php  |  4 +++-
 tests/psalm-baseline.xml                          |  8 ++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/lib/Service/Attachment/AttachmentService.php b/lib/Service/Attachment/AttachmentService.php
index 717312db8a..e03516827f 100644
--- a/lib/Service/Attachment/AttachmentService.php
+++ b/lib/Service/Attachment/AttachmentService.php
@@ -27,6 +27,7 @@
 
 use finfo;
 use InvalidArgumentException;
+use OCA\Files_Sharing\SharedStorage;
 use OCA\Mail\Account;
 use OCA\Mail\Contracts\IAttachmentService;
 use OCA\Mail\Contracts\IMailManager;
@@ -363,6 +364,20 @@ private function handleCloudAttachment(Account $account, array $attachment): ?in
 			return null;
 		}
 
+		$storage = $file->getStorage();
+		if ($storage->instanceOfStorage(SharedStorage::class)) {
+
+			/** @var SharedStorage $storage */
+			$share = $storage->getShare();
+			$attributes = $share->getAttributes();
+
+			if($attributes->getAttribute('permissions', 'download') === false) {
+				$this->logger->warning("Could not create attachment, no download permission for file: ".$attachment['fileName']);
+				return null;
+
+			}
+		}
+
 		try {
 			$localAttachment = $this->addFileFromString($account->getUserId(), $file->getName(), $file->getMimeType(), $file->getContent());
 		} catch (UploadException $e) {
diff --git a/tests/Unit/Service/Attachment/AttachmentServiceTest.php b/tests/Unit/Service/Attachment/AttachmentServiceTest.php
index b186a63e09..2b07134cd1 100644
--- a/tests/Unit/Service/Attachment/AttachmentServiceTest.php
+++ b/tests/Unit/Service/Attachment/AttachmentServiceTest.php
@@ -25,6 +25,7 @@
 use ChristophWurst\Nextcloud\Testing\TestCase;
 use Horde_Imap_Client_Socket;
 use OC\Files\Node\File;
+use OCA\Files_Sharing\SharedStorage;
 use OCA\Mail\Account;
 use OCA\Mail\Contracts\IMailManager;
 use OCA\Mail\Db\LocalAttachment;
@@ -394,7 +395,8 @@ public function testHandleAttachmentsCloudAttachment(): void {
 		$file = $this->createConfiguredMock(File::class, [
 			'getName' => 'cat.jpg',
 			'getMimeType' => 'text/plain',
-			'getContent' => 'sjdhfkjsdhfkjsdhfkjdshfjhdskfjhds'
+			'getContent' => 'sjdhfkjsdhfkjsdhfkjdshfjhdskfjhds',
+			'getStorage' => $this->createMock(SharedStorage::class)
 		]);
 		$account = $this->createConfiguredMock(Account::class, [
 			'getUserId' => $userId
diff --git a/tests/psalm-baseline.xml b/tests/psalm-baseline.xml
index c787ffca25..9c373d1676 100644
--- a/tests/psalm-baseline.xml
+++ b/tests/psalm-baseline.xml
@@ -41,6 +41,14 @@
       <code>IAPIWidgetV2</code>
     </UndefinedClass>
   </file>
+  <file src="lib/Service/Attachment/AttachmentService.php">
+    <UndefinedDocblockClass occurrences="2">
+      <code>OCA\Files_Sharing\SharedStorage</code>
+    </UndefinedDocblockClass>
+    <UndefinedClass occurrences="1">
+      <code>SharedStorage</code>
+    </UndefinedClass>
+  </file>
   <file src="lib/Dashboard/UnreadMailWidgetV2.php">
     <MissingDependency>
       <code>MailWidgetV2</code>