|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* CMS Pico - Create websites using Pico CMS for Nextcloud. |
|
4
|
|
|
* |
|
5
|
|
|
* @copyright Copyright (c) 2020, Daniel Rudolf (<[email protected]>) |
|
6
|
|
|
* |
|
7
|
|
|
* @license GNU AGPL version 3 or any later version |
|
8
|
|
|
* |
|
9
|
|
|
* This program is free software: you can redistribute it and/or modify |
|
10
|
|
|
* it under the terms of the GNU Affero General Public License as |
|
11
|
|
|
* published by the Free Software Foundation, either version 3 of the |
|
12
|
|
|
* License, or (at your option) any later version. |
|
13
|
|
|
* |
|
14
|
|
|
* This program is distributed in the hope that it will be useful, |
|
15
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of |
|
16
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
|
17
|
|
|
* GNU Affero General Public License for more details. |
|
18
|
|
|
* |
|
19
|
|
|
* You should have received a copy of the GNU Affero General Public License |
|
20
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>. |
|
21
|
|
|
*/ |
|
22
|
|
|
|
|
23
|
|
|
declare(strict_types=1); |
|
24
|
|
|
|
|
25
|
|
|
namespace OCA\CMSPico\Model; |
|
26
|
|
|
|
|
27
|
|
|
use OCA\CMSPico\Exceptions\WebsiteInvalidFilesystemException; |
|
28
|
|
|
use OCA\CMSPico\Exceptions\WebsiteNotPermittedException; |
|
29
|
|
|
use OCA\CMSPico\Files\StorageFile; |
|
30
|
|
|
use OCA\CMSPico\Files\StorageFolder; |
|
31
|
|
|
use OCA\CMSPico\Service\MiscService; |
|
32
|
|
|
use OCP\Files\Folder as OCFolder; |
|
33
|
|
|
use OCP\Files\InvalidPathException; |
|
34
|
|
|
use OCP\Files\Node as OCNode; |
|
35
|
|
|
use OCP\Files\NotFoundException; |
|
36
|
|
|
use OCP\Files\NotPermittedException; |
|
37
|
|
|
use OCP\IGroupManager; |
|
38
|
|
|
|
|
39
|
|
|
class WebsiteRequest |
|
40
|
|
|
{ |
|
41
|
|
|
/** @var Website */ |
|
42
|
|
|
private $website; |
|
43
|
|
|
|
|
44
|
|
|
/** @var string|null */ |
|
45
|
|
|
private $viewer; |
|
46
|
|
|
|
|
47
|
|
|
/** @var string */ |
|
48
|
|
|
private $page; |
|
49
|
|
|
|
|
50
|
|
|
/** @var bool */ |
|
51
|
|
|
private $proxyRequest; |
|
52
|
|
|
|
|
53
|
|
|
/** @var IGroupManager */ |
|
54
|
|
|
private $groupManager; |
|
55
|
|
|
|
|
56
|
|
|
/** @var MiscService */ |
|
57
|
|
|
private $miscService; |
|
58
|
|
|
|
|
59
|
|
|
/** |
|
60
|
|
|
* WebsiteRequest constructor. |
|
61
|
|
|
* |
|
62
|
|
|
* @param Website $website |
|
63
|
|
|
* @param string|null $viewer |
|
64
|
|
|
* @param string $page |
|
65
|
|
|
* @param bool $proxyRequest |
|
66
|
|
|
*/ |
|
67
|
9 |
|
public function __construct(Website $website, string $viewer = null, string $page = '', bool $proxyRequest = false) |
|
68
|
|
|
{ |
|
69
|
9 |
|
$this->groupManager = \OC::$server->getGroupManager(); |
|
|
|
|
|
|
70
|
9 |
|
$this->miscService = \OC::$server->query(MiscService::class); |
|
|
|
|
|
|
71
|
|
|
|
|
72
|
9 |
|
$this->website = $website; |
|
73
|
9 |
|
$this->viewer = $viewer; |
|
74
|
9 |
|
$this->page = $page; |
|
75
|
9 |
|
$this->proxyRequest = $proxyRequest; |
|
76
|
|
|
|
|
77
|
9 |
|
if ($this->viewer === null) { |
|
78
|
2 |
|
$userSession = \OC::$server->getUserSession(); |
|
|
|
|
|
|
79
|
2 |
|
$this->viewer = $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : null; |
|
80
|
|
|
} |
|
81
|
9 |
|
} |
|
82
|
|
|
|
|
83
|
|
|
/** |
|
84
|
|
|
* @param string $path |
|
85
|
|
|
* @param array $meta |
|
86
|
|
|
* |
|
87
|
|
|
* @throws InvalidPathException |
|
88
|
|
|
* @throws WebsiteInvalidFilesystemException |
|
89
|
|
|
* @throws WebsiteNotPermittedException |
|
90
|
|
|
* @throws NotPermittedException |
|
91
|
|
|
*/ |
|
92
|
9 |
|
public function assertViewerAccess(string $path, array $meta = []): void |
|
93
|
|
|
{ |
|
94
|
9 |
|
if ($this->website->getType() === Website::TYPE_PUBLIC) { |
|
95
|
7 |
|
if (empty($meta['access'])) { |
|
96
|
7 |
|
return; |
|
97
|
|
|
} |
|
98
|
|
|
|
|
99
|
|
|
$groupPageAccess = $meta['access']; |
|
100
|
|
|
if (!is_array($groupPageAccess)) { |
|
101
|
|
|
$groupPageAccess = explode(',', $groupPageAccess); |
|
102
|
|
|
} |
|
103
|
|
|
|
|
104
|
|
|
foreach ($groupPageAccess as $group) { |
|
105
|
|
|
$group = trim($group); |
|
106
|
|
|
|
|
107
|
|
|
if ($group === 'public') { |
|
108
|
|
|
return; |
|
109
|
|
|
} elseif ($group === 'private') { |
|
110
|
|
|
continue; |
|
111
|
|
|
} |
|
112
|
|
|
|
|
113
|
|
|
if ($this->getViewer() && $this->groupManager->groupExists($group)) { |
|
114
|
|
|
if ($this->groupManager->isInGroup($this->getViewer(), $group)) { |
|
115
|
|
|
return; |
|
116
|
|
|
} |
|
117
|
|
|
} |
|
118
|
|
|
} |
|
119
|
|
|
} |
|
120
|
|
|
|
|
121
|
2 |
|
if ($this->getViewer()) { |
|
122
|
2 |
|
if ($this->getViewer() === $this->website->getUserId()) { |
|
123
|
1 |
|
return; |
|
124
|
|
|
} |
|
125
|
|
|
|
|
126
|
1 |
|
$groupAccess = $this->website->getGroupAccess(); |
|
127
|
1 |
|
foreach ($groupAccess as $group) { |
|
128
|
|
|
if ($this->groupManager->groupExists($group)) { |
|
129
|
|
|
if ($this->groupManager->isInGroup($this->getViewer(), $group)) { |
|
130
|
|
|
return; |
|
131
|
|
|
} |
|
132
|
|
|
} |
|
133
|
|
|
} |
|
134
|
|
|
|
|
135
|
|
|
/** @var OCFolder $viewerOCFolder */ |
|
136
|
1 |
|
$viewerOCFolder = \OC::$server->getUserFolder($this->getViewer()); |
|
|
|
|
|
|
137
|
|
|
$viewerAccessClosure = function (OCNode $node) use ($viewerOCFolder) { |
|
138
|
1 |
|
$nodeId = $node->getId(); |
|
139
|
|
|
|
|
140
|
1 |
|
$viewerNodes = $viewerOCFolder->getById($nodeId); |
|
141
|
1 |
|
foreach ($viewerNodes as $viewerNode) { |
|
142
|
|
|
if ($viewerNode->isReadable()) { |
|
143
|
|
|
return true; |
|
144
|
|
|
} |
|
145
|
|
|
} |
|
146
|
|
|
|
|
147
|
1 |
|
return false; |
|
148
|
1 |
|
}; |
|
149
|
|
|
|
|
150
|
1 |
|
$websiteFolder = $this->website->getWebsiteFolder(); |
|
151
|
|
|
|
|
152
|
1 |
|
$path = $this->miscService->normalizePath($path); |
|
153
|
1 |
|
while ($path && ($path !== '.')) { |
|
154
|
|
|
try { |
|
155
|
|
|
/** @var StorageFile|StorageFolder $file */ |
|
156
|
1 |
|
$file = $websiteFolder->get($path); |
|
157
|
|
|
} catch (NotFoundException $e) { |
|
158
|
|
|
$file = null; |
|
159
|
|
|
} |
|
160
|
|
|
|
|
161
|
1 |
|
if ($file) { |
|
162
|
1 |
|
if ($viewerAccessClosure($file->getOCNode())) { |
|
163
|
|
|
return; |
|
164
|
|
|
} |
|
165
|
|
|
|
|
166
|
1 |
|
if ($this->website->getType() === Website::TYPE_PRIVATE) { |
|
167
|
1 |
|
throw new WebsiteNotPermittedException($this->getWebsite()->getSite()); |
|
168
|
|
|
} |
|
169
|
|
|
|
|
170
|
|
|
throw new NotPermittedException(); |
|
171
|
|
|
} |
|
172
|
|
|
|
|
173
|
|
|
$path = dirname($path); |
|
174
|
|
|
} |
|
175
|
|
|
|
|
176
|
|
|
if ($viewerAccessClosure($websiteFolder->getOCNode())) { |
|
177
|
|
|
return; |
|
178
|
|
|
} |
|
179
|
|
|
} |
|
180
|
|
|
|
|
181
|
|
|
if ($this->website->getType() === Website::TYPE_PRIVATE) { |
|
182
|
|
|
throw new WebsiteNotPermittedException($this->getWebsite()->getSite()); |
|
183
|
|
|
} |
|
184
|
|
|
|
|
185
|
|
|
throw new NotPermittedException(); |
|
186
|
|
|
} |
|
187
|
|
|
|
|
188
|
|
|
/** |
|
189
|
|
|
* @return Website |
|
190
|
|
|
*/ |
|
191
|
9 |
|
public function getWebsite(): Website |
|
192
|
|
|
{ |
|
193
|
9 |
|
return $this->website; |
|
194
|
|
|
} |
|
195
|
|
|
|
|
196
|
|
|
/** |
|
197
|
|
|
* @return string|null |
|
198
|
|
|
*/ |
|
199
|
2 |
|
public function getViewer(): ?string |
|
200
|
|
|
{ |
|
201
|
2 |
|
return $this->viewer; |
|
202
|
|
|
} |
|
203
|
|
|
|
|
204
|
|
|
/** |
|
205
|
|
|
* @return string |
|
206
|
|
|
*/ |
|
207
|
9 |
|
public function getPage(): string |
|
208
|
|
|
{ |
|
209
|
9 |
|
return $this->page; |
|
210
|
|
|
} |
|
211
|
|
|
|
|
212
|
|
|
/** |
|
213
|
|
|
* @return bool |
|
214
|
|
|
*/ |
|
215
|
5 |
|
public function isProxyRequest(): bool |
|
216
|
|
|
{ |
|
217
|
5 |
|
return $this->proxyRequest; |
|
218
|
|
|
} |
|
219
|
|
|
} |
|
220
|
|
|
|
nextcloud /
cms_pico
Loading history...
This function has been deprecated. The supplier of the function has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.