Merge pull request #4738 from nextcloud/backport/4712/stable30

[stable30] fix(Wopi): fall back to super share if share token is not available

Author: elzody

lib/Controller/AssetsController.php

@@ -6,9 +6,9 @@
 
 namespace OCA\Richdocuments\Controller;
 
-use OCA\Files_Sharing\SharedStorage;
 use OCA\Richdocuments\Controller\Attribute\RestrictToWopiServer;
 use OCA\Richdocuments\Db\AssetMapper;
+use OCA\Richdocuments\Helper;
 use OCA\Richdocuments\Service\UserScopeService;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Db\DoesNotExistException;
@@ -30,20 +30,25 @@ class AssetsController extends Controller {
 	private UserScopeService $userScopeService;
 	private IURLGenerator $urlGenerator;
 
+	private Helper $helper;
+
 	public function __construct($appName,
 		IRequest $request,
 		AssetMapper $assetMapper,
 		IRootFolder $rootFolder,
 		$userId,
 		UserScopeService $userScopeService,
-		IURLGenerator $urlGenerator) {
+		IURLGenerator $urlGenerator,
+		Helper $helper,
+	) {
 		parent::__construct($appName, $request);
 
 		$this->assetMapper = $assetMapper;
 		$this->rootFolder = $rootFolder;
 		$this->userId = $userId;
 		$this->userScopeService = $userScopeService;
 		$this->urlGenerator = $urlGenerator;
+		$this->helper = $helper;
 	}
 
 	/**
@@ -63,14 +68,12 @@ public function create($path) {
 				return new JSONResponse([], Http::STATUS_NOT_FOUND);
 			}
 
-			$storage = $node->getStorage();
-			if ($storage->instanceOfStorage(SharedStorage::class)) {
-				/** @var SharedStorage $storage */
-				$share = $storage->getShare();
-				$attributes = $share->getAttributes();
-				if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {
-					throw new NotPermittedException();
-				}
+			$share = $this->helper->getShareFromNode($node);
+			$attributes = $share?->getAttributes();
+			if ($attributes !== null
+				&& $attributes->getAttribute('permissions', 'download') === false
+			) {
+				throw new NotPermittedException();
 			}
 		} catch (NotFoundException $e) {
 			return new JSONResponse([], Http::STATUS_NOT_FOUND);

lib/Controller/WopiController.php

@@ -82,7 +82,8 @@ public function __construct(
 		private IEncryptionManager $encryptionManager,
 		private IGroupManager $groupManager,
 		private ILockManager $lockManager,
-		private IEventDispatcher $eventDispatcher
+		private IEventDispatcher $eventDispatcher,
+		private Helper $helper,
 	) {
 		parent::__construct($appName, $request);
 	}
@@ -187,7 +188,7 @@ public function checkFileInfo($fileId, $access_token) {
 			$response['TemplateSource'] = $this->getWopiUrlForTemplate($wopi);
 		}
 
-		$share = $this->getShareForWopiToken($wopi);
+		$share = $this->getShareForWopiToken($wopi, $file);
 		if ($this->permissionManager->shouldWatermark($file, $wopi->getEditorUid(), $share)) {
 			$email = $user !== null && !$isPublic ? $user->getEMailAddress() : '';
 			$replacements = [
@@ -804,10 +805,14 @@ private function getFileForWopiToken(Wopi $wopi) {
 		return array_shift($files);
 	}
 
-	private function getShareForWopiToken(Wopi $wopi): ?IShare {
+	private function getShareForWopiToken(Wopi $wopi, File $file): ?IShare {
 		try {
-			return $wopi->getShare() ? $this->shareManager->getShareByToken($wopi->getShare()) : null;
-		} catch (ShareNotFound $e) {
+			$shareToken = $wopi->getShare();
+			if ($shareToken) {
+				return $this->shareManager->getShareByToken($shareToken);
+			}
+			return $this->helper->getShareFromNode($file);
+		} catch (ShareNotFound) {
 		}
 
 		return null;

lib/Helper.php

@@ -7,7 +7,11 @@
 
 use DateTime;
 use DateTimeZone;
+use OCA\Files_Sharing\SharedStorage;
 use OCP\Files\Folder;
+use OCP\Files\Node;
+use OCP\Files\NotFoundException;
+use OCP\Share\IShare;
 
 class Helper {
 	/** @var string|null */
@@ -81,4 +85,17 @@ public function getGuestNameFromCookie() {
 		}
 		return $_COOKIE['guestUser'];
 	}
+
+	public function getShareFromNode(Node $node): ?IShare {
+		try {
+			$storage = $node->getStorage();
+		} catch (NotFoundException) {
+			return null;
+		}
+		if ($storage->instanceOfStorage(SharedStorage::class)) {
+			/** @var SharedStorage $storage */
+			return $storage->getShare();
+		}
+		return null;
+	}
 }

lib/Listener/BeforeFetchPreviewListener.php

@@ -10,7 +10,7 @@
 
 namespace OCA\Richdocuments\Listener;
 
-use OCA\Files_Sharing\SharedStorage;
+use OCA\Richdocuments\Helper;
 use OCA\Richdocuments\PermissionManager;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
@@ -20,20 +20,21 @@
 use OCP\Preview\BeforePreviewFetchedEvent;
 use OCP\Share\Exceptions\ShareNotFound;
 use OCP\Share\IManager;
-use OCP\Share\IShare;
 
 /** @template-implements IEventListener<Event|BeforePreviewFetchedEvent> */
 class BeforeFetchPreviewListener implements IEventListener {
 	private PermissionManager $permissionManager;
 	private IUserSession $userSession;
 	private IRequest $request;
 	private IManager $shareManager;
+	private Helper $helper;
 
-	public function __construct(PermissionManager $permissionManager, IUserSession $userSession, IRequest $request, IManager $shareManager) {
+	public function __construct(PermissionManager $permissionManager, IUserSession $userSession, IRequest $request, IManager $shareManager, Helper $helper) {
 		$this->permissionManager = $permissionManager;
 		$this->userSession = $userSession;
 		$this->request = $request;
 		$this->shareManager = $shareManager;
+		$this->helper = $helper;
 	}
 
 	public function handle(Event $event): void {
@@ -42,21 +43,13 @@ public function handle(Event $event): void {
 		}
 		$shareToken = $this->request->getParam('token');
 
-		$share = null;
-
-		// Get share for internal shares
-		$storage = $event->getNode()->getStorage();
-		if (!$shareToken && $storage->instanceOfStorage(SharedStorage::class)) {
-			if (method_exists(IShare::class, 'getAttributes')) {
-				/** @var SharedStorage $storage */
-				$share = $storage->getShare();
-			}
-		}
-
-		// Get different share for public previews as the share from the node is only set for mounted shares
 		try {
-			$share = $shareToken ? $this->shareManager->getShareByToken($shareToken) : $share;
-		} catch (ShareNotFound $e) {
+			$share = $shareToken ?
+				// Get different share for public previews as the share from the node is only set for mounted shares
+				$this->shareManager->getShareByToken($shareToken)
+				// Get share for internal shares
+				: $this->helper->getShareFromNode($event->getNode());
+		} catch (ShareNotFound) {
 		}
 
 		$userId = $this->userSession->getUser() ? $this->userSession->getUser()->getUID() : null;

lib/TokenManager.php

@@ -7,7 +7,6 @@
 namespace OCA\Richdocuments;
 
 use Exception;
-use OCA\Files_Sharing\SharedStorage;
 use OCA\Richdocuments\Db\Direct;
 use OCA\Richdocuments\Db\Wopi;
 use OCA\Richdocuments\Db\WopiMapper;
@@ -24,7 +23,6 @@
 use OCP\IURLGenerator;
 use OCP\Share\Exceptions\ShareNotFound;
 use OCP\Share\IManager;
-use OCP\Share\IShare;
 use OCP\Util;
 use Psr\Log\LoggerInterface;
 
@@ -83,19 +81,13 @@ public function generateWopiToken(string $fileId, ?string $shareToken = null, ?s
 
 			// disable download if at least one shared access has it disabled
 			foreach ($files as $file) {
-				$storage = $file->getStorage();
-				// using string as we have no guarantee that "files_sharing" app is loaded
-				if ($storage->instanceOfStorage(SharedStorage::class)) {
-					if (!method_exists(IShare::class, 'getAttributes')) {
-						break;
-					}
-					/** @var SharedStorage $storage */
-					$share = $storage->getShare();
-					$attributes = $share->getAttributes();
-					if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {
-						$hideDownload = true;
-						break;
-					}
+				$share = $this->helper->getShareFromNode($file);
+				$attributes = $share?->getAttributes();
+				if ($attributes !== null
+					&& $attributes->getAttribute('permissions', 'download') === false
+				) {
+					$hideDownload = true;
+					break;
 				}
 			}
 		}