-
Notifications
You must be signed in to change notification settings - Fork 88
/
Copy pathACLCacheWrapper.php
94 lines (74 loc) Β· 2.7 KB
/
ACLCacheWrapper.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\GroupFolders\ACL;
use OC\Files\Cache\Wrapper\CacheWrapper;
use OCP\Constants;
use OCP\Files\Cache\ICache;
use OCP\Files\Cache\ICacheEntry;
use OCP\Files\Search\ISearchQuery;
class ACLCacheWrapper extends CacheWrapper {
public function __construct(
ICache $cache,
private readonly ACLManager $aclManager,
private readonly bool $inShare,
) {
parent::__construct($cache);
}
private function getACLPermissionsForPath(string $path, array $rules = []): int {
if ($rules) {
$permissions = $this->aclManager->getPermissionsForPathFromRules($path, $rules);
} else {
$permissions = $this->aclManager->getACLPermissionsForPath($path);
}
// if there is no read permissions, than deny everything
if ($this->inShare) {
$minPermissions = Constants::PERMISSION_READ + Constants::PERMISSION_SHARE;
} else {
$minPermissions = Constants::PERMISSION_READ;
}
$canRead = ($permissions & $minPermissions) === $minPermissions;
return $canRead ? $permissions : 0;
}
protected function formatCacheEntry($entry, array $rules = []): ICacheEntry|false {
if (isset($entry['permissions'])) {
$entry['scan_permissions'] = $entry['permissions'];
$entry['permissions'] &= $this->getACLPermissionsForPath($entry['path'], $rules);
if (!$entry['permissions']) {
return false;
}
}
return $entry;
}
public function getFolderContentsById($fileId): array {
$results = $this->getCache()->getFolderContentsById($fileId);
$rules = $this->preloadEntries($results);
return array_filter(array_map(fn (ICacheEntry $entry): ICacheEntry|false => $this->formatCacheEntry($entry, $rules), $results));
}
public function search($pattern): array {
$results = $this->getCache()->search($pattern);
$this->preloadEntries($results);
return array_filter(array_map($this->formatCacheEntry(...), $results));
}
public function searchByMime($mimetype): array {
$results = $this->getCache()->searchByMime($mimetype);
$this->preloadEntries($results);
return array_filter(array_map($this->formatCacheEntry(...), $results));
}
public function searchQuery(ISearchQuery $query): array {
$results = $this->getCache()->searchQuery($query);
$this->preloadEntries($results);
return array_filter(array_map($this->formatCacheEntry(...), $results));
}
/**
* @param ICacheEntry[] $entries
* @return array<string, Rule[]>
*/
private function preloadEntries(array $entries): array {
$paths = array_map(fn (ICacheEntry $entry): string => $entry->getPath(), $entries);
return $this->aclManager->getRelevantRulesForPath($paths, false);
}
}