nextcloud · blizzz · Oct 8, 2025 · Oct 2, 2025
@@ -9,6 +9,7 @@
 namespace OCA\Richdocuments;
 
 use OCP\Constants;
+use OCP\Files\Cache\ICacheEntry;
 use OCP\Files\Node;
 use OCP\IConfig;
 use OCP\IGroupManager;
@@ -112,18 +113,21 @@ public function userIsFeatureLocked(?string $userId = null): bool {
 		return false;
 	}
 
-	public function shouldWatermark(Node $node, ?string $userId = null, ?IShare $share = null): bool {
+	public function shouldWatermark(Node|ICacheEntry $nodeOrCacheEntry, ?string $userId = null, ?IShare $share = null, ?string $ownerId = null): bool {
 		if ($this->config->getAppValue(AppConfig::WATERMARK_APP_NAMESPACE, 'watermark_enabled', 'no') === 'no') {
 			return false;
 		}
 
-		if (!in_array($node->getMimetype(), $this->appConfig->getMimeTypes(), true)) {
+		if (!in_array($nodeOrCacheEntry->getMimetype(), $this->appConfig->getMimeTypes(), true)) {
 			return false;
 		}
 
-		$fileId = $node->getId();
+		$fileId = $nodeOrCacheEntry->getId();
 
-		$isUpdatable = $node->isUpdateable() && (!$share || $share->getPermissions() & Constants::PERMISSION_UPDATE);
+		$isUpdatable = $nodeOrCacheEntry instanceof Node
+			? $nodeOrCacheEntry->isUpdateable()
+			: $nodeOrCacheEntry->getPermissions() & Constants::PERMISSION_UPDATE;
+		$isUpdatable = $isUpdatable && (!$share || $share->getPermissions() & Constants::PERMISSION_UPDATE);
 
 		$hasShareAttributes = $share && method_exists($share, 'getAttributes') && $share->getAttributes() instanceof IAttributes;
 		$isDisabledDownload = $hasShareAttributes && $share->getAttributes()->getAttribute('permissions', 'download') === false;
@@ -153,7 +157,10 @@ public function shouldWatermark(Node $node, ?string $userId = null, ?IShare $sha
 		}
 
 		if ($this->config->getAppValue(AppConfig::WATERMARK_APP_NAMESPACE, 'watermark_shareAll', 'no') === 'yes') {
-			if ($userId === null || $node->getOwner()?->getUID() !== $userId) {
+			if (!$ownerId && $nodeOrCacheEntry instanceof Node) {
+				$ownerId = $nodeOrCacheEntry->getOwner()?->getUID();
+			}
+			if ($userId === null || $ownerId !== $userId) {
 				return true;
 			}
 		}

@@ -89,19 +89,25 @@ private function shouldSecure(string $path, ?IStorage $sourceStorage = null): bo
 			fclose($fp);
 		}
 
-		try {
-			$node = $this->rootFolder->get($this->mountPoint . $path);
-		} catch (NotFoundException) {
-			// If the file is just created we may need to check the parent as this is only just about figuring out if it is a share
-			$node = $this->rootFolder->get(dirname($this->mountPoint . $path));
+		$storage = $sourceStorage ?? $this;
+		$cacheEntry = $storage->getCache()->get($path);
+		if (!$cacheEntry) {
+			$parent = dirname($path);
+			if ($parent === '.') {
+				$parent = '';
+			}
+			$cacheEntry = $storage->getCache()->get($parent);
+			if (!$cacheEntry) {
+				throw new NotFoundException(sprintf('Could not find cache entry for path and parent of %s within storage %s ', $path, $storage->getId()));
+			}
 		}
 
-		$isSharedStorage = $node->getStorage()->instanceOfStorage(ISharedStorage::class);
+		$isSharedStorage = $storage->instanceOfStorage(ISharedStorage::class);
 
-		$share = $isSharedStorage ? $node->getStorage()->getShare() : null;
+		$share = $isSharedStorage ? $storage->getShare() : null;
 		$userId = $this->userSession->getUser()?->getUID();
 
-		return $this->permissionManager->shouldWatermark($node, $userId, $share);
+		return $this->permissionManager->shouldWatermark($cacheEntry, $userId, $share, $storage->getOwner($path) ?: null);
 	}