fix(attachments): Don't require document session for getting attachments

In editors with a user or share token we don't want to depend on a document session for fetching attachments. This fixes fetching attachments in editors without a document session but with a user session or share token, e.g. in view mode of the Collectives app. Fixes: nextcloud/collectives#1201 Signed-off-by: Jonas <jonas@freesources.org>
nextcloud · Jul 2, 2024 · cfa91a7 · cfa91a7
1 parent 2c2e063
commit cfa91a7
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 10 deletions.
diff --git a/lib/Controller/AttachmentController.php b/lib/Controller/AttachmentController.php
@@ -87,7 +87,7 @@ public function __construct(
 	#[PublicPage]
 	#[RequireDocumentSessionOrUserOrShareToken]
 	public function getAttachmentList(?string $shareToken = null): DataResponse {
-		$documentId = $this->getDocument()->getId();
+		$documentId = $this->getDocumentId();
 		try {
 			$session = $this->getSession();
 		} catch (InvalidSessionException) {
@@ -195,7 +195,7 @@ private function getUploadedFile(string $key): array {
 	#[RequireDocumentSessionOrUserOrShareToken]
 	public function getImageFile(string $imageFileName, ?string $shareToken = null,
 		int $preferRawImage = 0): DataResponse|DataDownloadResponse {
-		$documentId = $this->getDocument()->getId();
+		$documentId = $this->getDocumentId();
 
 		try {
 			if ($shareToken) {
@@ -229,7 +229,7 @@ public function getImageFile(string $imageFileName, ?string $shareToken = null,
 	#[NoCSRFRequired]
 	#[RequireDocumentSessionOrUserOrShareToken]
 	public function getMediaFile(string $mediaFileName, ?string $shareToken = null): DataResponse|DataDownloadResponse {
-		$documentId = $this->getDocument()->getId();
+		$documentId = $this->getDocumentId();
 
 		try {
 			if ($shareToken) {
@@ -260,7 +260,7 @@ public function getMediaFile(string $mediaFileName, ?string $shareToken = null):
 	#[NoCSRFRequired]
 	#[RequireDocumentSessionOrUserOrShareToken]
 	public function getMediaFilePreview(string $mediaFileName, ?string $shareToken = null) {
-		$documentId = $this->getDocument()->getId();
+		$documentId = $this->getDocumentId();
 
 		try {
 			if ($shareToken) {

diff --git a/lib/Controller/ISessionAwareController.php b/lib/Controller/ISessionAwareController.php
@@ -8,6 +8,8 @@
 interface ISessionAwareController {
 	public function getSession(): Session;
 	public function setSession(Session $session): void;
+	public function getDocumentId(): int;
+	public function setDocumentId(int $documentId): void;
 	public function getDocument(): Document;
 	public function setDocument(Document $document): void;
 	public function getUserId(): string;

diff --git a/lib/Controller/TSessionAwareController.php b/lib/Controller/TSessionAwareController.php
@@ -10,13 +10,18 @@
 
 trait TSessionAwareController {
 	private ?Session $textSession = null;
+	private ?int $documentId = null;
 	private ?Document $document = null;
 	private ?string $userId = null;
 
 	public function setSession(?Session $session): void {
 		$this->textSession = $session;
 	}
 
+	public function setDocumentId(int $documentId): void {
+		$this->documentId = $documentId;
+	}
+
 	public function setDocument(?Document $document): void {
 		$this->document = $document;
 	}
@@ -25,6 +30,9 @@ public function setUserId(?string $userId): void {
 		$this->userId = $userId;
 	}
 
+	/**
+	 * @throws InvalidSessionException
+	 */
 	public function getSession(): Session {
 		if ($this->textSession === null) {
 			throw new InvalidSessionException();
@@ -33,6 +41,20 @@ public function getSession(): Session {
 		return $this->textSession;
 	}
 
+	/**
+	 * @throws InvalidSessionException
+	 */
+	public function getDocumentId(): int {
+		if ($this->documentId === null) {
+			throw new InvalidSessionException();
+		}
+
+		return $this->documentId;
+	}
+
+	/**
+	 * @throws InvalidSessionException
+	 */
 	public function getDocument(): Document {
 		if ($this->document === null) {
 			throw new InvalidSessionException();
@@ -41,6 +63,9 @@ public function getDocument(): Document {
 		return $this->document;
 	}
 
+	/**
+	 * @throws InvalidSessionException
+	 */
 	public function getUserId(): string {
 		if ($this->userId === null) {
 			throw new InvalidSessionException();

diff --git a/lib/Middleware/SessionMiddleware.php b/lib/Middleware/SessionMiddleware.php
@@ -100,6 +100,7 @@ private function assertDocumentSession(ISessionAwareController $controller): voi
 		}
 
 		$controller->setSession($session);
+		$controller->setDocumentId($documentId);
 		$controller->setDocument($document);
 		if (!$shareToken) {
 			$controller->setUserId($session->getUserId());
@@ -133,12 +134,7 @@ private function assertUserOrShareToken(ISessionAwareController $controller): vo
 			throw new InvalidSessionException();
 		}
 
-		$document = $this->documentService->getDocument($documentId);
-		if (!$document) {
-			throw new InvalidSessionException();
-		}
-
-		$controller->setDocument($document);
+		$controller->setDocumentId($documentId);
 	}
 
 	public function afterException($controller, $methodName, \Exception $exception): JSONResponse|Response {