fix: Prevent download of view-only files

[Koc]

Summary

This PR fixes 2 workarounds to download shared files without download permission.

1. Permission bypass via custom mount points

Shared files could be leaked if the recipient configured shared files to mount into a subfolder (e.g., /shares) rather than the root directory.

• Scenario: 1. Alice shares a file with Bob and disables download permissions.
  2. Bob configures his account to mount shared files into a custom /shares folder.
  3. Bob attempts to download the entire /shares folder as a ZIP.
• Actual Result: The restricted file is included in the ZIP.
• Expected Result: The restricted file is excluded; the ZIP contains only permitted files or an empty folder.

2. Permission bypass after moving files

A logic gap allowed files to remain downloadable if they were moved to a subfolder before permissions were revoked by the owner.

• Scenario: 1. Alice shares a file with Bob with download permissions.
  2. Bob moves that file into a subfolder (e.g., /work-folder).
  3. Alice updates the share to remove download permissions.
  4. Bob attempts to download the /work-folder as a ZIP.
• Actual Result: The file is still included in the ZIP despite the permission change.
• Expected Result: The restricted file is excluded.

TODO

• Check more edge-cases (e.g. shared and own files located in nested folder)
• Actualize tests

Checklist

• Code is properly formatted
• Sign-off message is added to all commits
• Tests (unit, integration, api and/or acceptance) are included
• Screenshots before/after for front-end changes
• Documentation (manuals or wiki) has been updated or is not required
• Backports requested where applicable (ex: critical bugfixes)
• Labels added where applicable (ex: bug/enhancement, 3. to review, feature component)
• Milestone added for target branch/version (ex: 32.x for stable32)

[come-nc]

I do not understand the PR, it checks the same files twice, once as paths, once as nodes?
Why is that needed? Why was it not working before?

[Koc]

@come-nc

Why was it not working before?

Good question, but I don't know. For some reason we're still able to download non-downloadable files using workarounds that I explained in the PR description. I've double-tested it on master branch before PR opening.

Regarding duplicated checks - I've added one more commit that simplifies this. So, now we recursively collecting files to download only once and perform check only once. Also in previous implementation non-downloaded files break whole download (check not works, but idea was the same). Now we're just skipping such files and not break download process.