policy engine does not apply on all upload endpoints

[butonic]

Describe the bug

When trying to prevent e.g. exe uploads the polisy engine does not affect url without remote.php

Steps to reproduce

1. create a single file share
2. use a PUT request to update the file

since the we are not using tus and single file shares have no extension in the url AND the check expects the url to contain '/remote.php/dav/spaces' the upload will go through.

Expected behavior

exe files should be detected by the mimetype detection

Actual behavior

PUT requests to /remote.php/webdav/file still work when the policy engine should prevent them

Setup

enable the policy eingine and configure it to prevent exe uploads

Context

I was originally under the impression that the current code had a bug because it would only apply the policies to url without the remote.php part in the policies.go proxy middleware:

if resource.Name == "" && filepath.Ext(r.URL.Path) == "" && r.Method == http.MethodPut && strings.HasPrefix(r.URL.Path, "/remote.php/dav/spaces") {

The final check should be true for all possible upload endpoints, eg: (/remote.php)/(webdav|dav/(files|spaces)) and ... the public upload endpoint AFAICT.