Skip to content

Commit

Permalink
Merge pull request #5979 from nextcloud/fix/attachment_user_no_session
Browse files Browse the repository at this point in the history
fix(attachments): Don't require document session for getting attachments
  • Loading branch information
max-nextcloud authored Jul 2, 2024
2 parents 1f2e45d + c13614b commit 5cca1ab
Show file tree
Hide file tree
Showing 4 changed files with 33 additions and 10 deletions.
8 changes: 4 additions & 4 deletions lib/Controller/AttachmentController.php
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ public function __construct(
#[PublicPage]
#[RequireDocumentSessionOrUserOrShareToken]
public function getAttachmentList(string $shareToken = ''): DataResponse {
$documentId = $this->getDocument()->getId();
$documentId = $this->getDocumentId();
try {
$session = $this->getSession();
} catch (InvalidSessionException) {
Expand Down Expand Up @@ -178,7 +178,7 @@ private function getUploadedFile(string $key): array {
#[RequireDocumentSessionOrUserOrShareToken]
public function getImageFile(string $imageFileName, string $shareToken = '',
int $preferRawImage = 0): DataResponse|DataDownloadResponse {
$documentId = $this->getDocument()->getId();
$documentId = $this->getDocumentId();

try {
if ($shareToken) {
Expand Down Expand Up @@ -212,7 +212,7 @@ public function getImageFile(string $imageFileName, string $shareToken = '',
#[NoCSRFRequired]
#[RequireDocumentSessionOrUserOrShareToken]
public function getMediaFile(string $mediaFileName, string $shareToken = ''): DataResponse|DataDownloadResponse {
$documentId = $this->getDocument()->getId();
$documentId = $this->getDocumentId();

try {
if ($shareToken) {
Expand Down Expand Up @@ -243,7 +243,7 @@ public function getMediaFile(string $mediaFileName, string $shareToken = ''): Da
#[NoCSRFRequired]
#[RequireDocumentSessionOrUserOrShareToken]
public function getMediaFilePreview(string $mediaFileName, string $shareToken = '') {
$documentId = $this->getDocument()->getId();
$documentId = $this->getDocumentId();

try {
if ($shareToken) {
Expand Down
2 changes: 2 additions & 0 deletions lib/Controller/ISessionAwareController.php
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,8 @@
interface ISessionAwareController {
public function getSession(): Session;
public function setSession(Session $session): void;
public function getDocumentId(): int;
public function setDocumentId(int $documentId): void;
public function getDocument(): Document;
public function setDocument(Document $document): void;
public function getUserId(): string;
Expand Down
25 changes: 25 additions & 0 deletions lib/Controller/TSessionAwareController.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,13 +15,18 @@

trait TSessionAwareController {
private ?Session $textSession = null;
private ?int $documentId = null;
private ?Document $document = null;
private ?string $userId = null;

public function setSession(?Session $session): void {
$this->textSession = $session;
}

public function setDocumentId(int $documentId): void {
$this->documentId = $documentId;
}

public function setDocument(?Document $document): void {
$this->document = $document;
}
Expand All @@ -30,6 +35,9 @@ public function setUserId(?string $userId): void {
$this->userId = $userId;
}

/**
* @throws InvalidSessionException
*/
public function getSession(): Session {
if ($this->textSession === null) {
throw new InvalidSessionException();
Expand All @@ -38,6 +46,20 @@ public function getSession(): Session {
return $this->textSession;
}

/**
* @throws InvalidSessionException
*/
public function getDocumentId(): int {
if ($this->documentId === null) {
throw new InvalidSessionException();
}

return $this->documentId;
}

/**
* @throws InvalidSessionException
*/
public function getDocument(): Document {
if ($this->document === null) {
throw new InvalidSessionException();
Expand All @@ -46,6 +68,9 @@ public function getDocument(): Document {
return $this->document;
}

/**
* @throws InvalidSessionException
*/
public function getUserId(): string {
if ($this->userId === null) {
throw new InvalidSessionException();
Expand Down
8 changes: 2 additions & 6 deletions lib/Middleware/SessionMiddleware.php
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,7 @@ private function assertDocumentSession(ISessionAwareController $controller): voi
}

$controller->setSession($session);
$controller->setDocumentId($documentId);
$controller->setDocument($document);
if (!$shareToken) {
$controller->setUserId($session->getUserId());
Expand Down Expand Up @@ -138,12 +139,7 @@ private function assertUserOrShareToken(ISessionAwareController $controller): vo
throw new InvalidSessionException();
}

$document = $this->documentService->getDocument($documentId);
if (!$document) {
throw new InvalidSessionException();
}

$controller->setDocument($document);
$controller->setDocumentId($documentId);
}

public function afterException($controller, $methodName, \Exception $exception): JSONResponse|Response {
Expand Down

0 comments on commit 5cca1ab

Please sign in to comment.