These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * @copyright Copyright (c) 2018, Roeland Jago Douma <[email protected]> |
||
4 | * |
||
5 | * @author Roeland Jago Douma <[email protected]> |
||
6 | * |
||
7 | * @license GNU AGPL version 3 or any later version |
||
8 | * |
||
9 | * This program is free software: you can redistribute it and/or modify |
||
10 | * it under the terms of the GNU Affero General Public License as |
||
11 | * published by the Free Software Foundation, either version 3 of the |
||
12 | * License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU Affero General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU Affero General Public License |
||
20 | * along with this program. If not, see <http://www.gnu.org/licenses/>. |
||
21 | * |
||
22 | */ |
||
23 | namespace OCA\Richdocuments\Controller; |
||
24 | |||
25 | use OCA\Richdocuments\AppConfig; |
||
26 | use OCA\Richdocuments\Db\DirectMapper; |
||
27 | use OCA\Richdocuments\Service\FederationService; |
||
28 | use OCA\Richdocuments\TemplateManager; |
||
29 | use OCA\Richdocuments\TokenManager; |
||
30 | use OCP\AppFramework\Controller; |
||
31 | use OCP\AppFramework\Db\DoesNotExistException; |
||
32 | use OCP\AppFramework\Http; |
||
33 | use OCP\AppFramework\Http\ContentSecurityPolicy; |
||
34 | use OCP\AppFramework\Http\JSONResponse; |
||
35 | use OCP\AppFramework\Http\RedirectResponse; |
||
36 | use OCP\AppFramework\Http\TemplateResponse; |
||
37 | use OCP\Files\IRootFolder; |
||
38 | use OCP\Files\Node; |
||
39 | use OCP\Files\NotFoundException; |
||
40 | use OCP\IConfig; |
||
41 | use OCP\IRequest; |
||
42 | |||
43 | class DirectViewController extends Controller { |
||
44 | /** @var IRootFolder */ |
||
45 | private $rootFolder; |
||
46 | |||
47 | /** @var TokenManager */ |
||
48 | private $tokenManager; |
||
49 | |||
50 | /** @var DirectMapper */ |
||
51 | private $directMapper; |
||
52 | |||
53 | /** @var IConfig */ |
||
54 | private $config; |
||
55 | |||
56 | /** @var AppConfig */ |
||
57 | private $appConfig; |
||
58 | |||
59 | /** @var TemplateManager */ |
||
60 | private $templateManager; |
||
61 | |||
62 | /** @var FederationService */ |
||
63 | private $federationService; |
||
64 | |||
65 | View Code Duplication | public function __construct( |
|
66 | $appName, |
||
67 | IRequest $request, |
||
68 | IRootFolder $rootFolder, |
||
69 | TokenManager $tokenManager, |
||
70 | DirectMapper $directMapper, |
||
71 | IConfig $config, |
||
72 | AppConfig $appConfig, |
||
73 | TemplateManager $templateManager, |
||
74 | FederationService $federationService |
||
75 | ) { |
||
76 | parent::__construct($appName, $request); |
||
77 | |||
78 | $this->rootFolder = $rootFolder; |
||
79 | $this->tokenManager = $tokenManager; |
||
80 | $this->directMapper = $directMapper; |
||
81 | $this->config = $config; |
||
82 | $this->appConfig = $appConfig; |
||
83 | $this->templateManager = $templateManager; |
||
84 | $this->federationService = $federationService; |
||
85 | } |
||
86 | |||
87 | /** |
||
88 | * @NoAdminRequired |
||
89 | * @NoCSRFRequired |
||
90 | * @PublicPage |
||
91 | * |
||
92 | * @param string $token |
||
93 | * @return JSONResponse|RedirectResponse|TemplateResponse |
||
94 | * @throws NotFoundException |
||
95 | */ |
||
96 | public function show($token) { |
||
97 | try { |
||
98 | $direct = $this->directMapper->getByToken($token); |
||
99 | } catch (DoesNotExistException $e) { |
||
100 | $params = [ |
||
101 | 'errors' => [['error' => $e->getMessage()]] |
||
102 | ]; |
||
103 | return new TemplateResponse('core', 'error', $params, 'guest'); |
||
104 | } |
||
105 | |||
106 | // Delete the token. They are for 1 time use only |
||
107 | $this->directMapper->delete($direct); |
||
108 | |||
109 | $folder = $this->rootFolder->getUserFolder($direct->getUid()); |
||
110 | if ($this->templateManager->isTemplate($direct->getFileid())) { |
||
111 | $item = $this->templateManager->get($direct->getFileid()); |
||
112 | if ($direct->getTemplateDestination() === 0 || $direct->getTemplateDestination() === null) { |
||
113 | return new JSONResponse([], Http::STATUS_BAD_REQUEST); |
||
114 | } |
||
115 | |||
116 | try { |
||
117 | |||
118 | list($urlSrc, $wopi) = $this->tokenManager->getTokenForTemplate($item, $direct->getUid(), $direct->getTemplateDestination(), true); |
||
119 | } catch (\Exception $e) { |
||
120 | return new JSONResponse([], Http::STATUS_BAD_REQUEST); |
||
121 | } |
||
122 | |||
123 | $relativePath = '/new.odt'; |
||
124 | |||
125 | } else { |
||
126 | try { |
||
127 | $item = $folder->getById($direct->getFileid())[0]; |
||
128 | if(!($item instanceof Node)) { |
||
129 | throw new \Exception(); |
||
130 | } |
||
131 | |||
132 | /** Open file from remote collabora */ |
||
133 | $federatedUrl = $this->federationService->getRemoteRedirectURL($item, $direct); |
||
134 | View Code Duplication | if ($federatedUrl !== null) { |
|
135 | $response = new RedirectResponse($federatedUrl); |
||
136 | $response->addHeader('X-Frame-Options', 'ALLOW'); |
||
137 | return $response; |
||
138 | } |
||
139 | |||
140 | list($urlSrc, $token, $wopi) = $this->tokenManager->getToken($item->getId(), null, $direct->getUid(), true); |
||
0 ignored issues
–
show
|
|||
141 | } catch (\Exception $e) { |
||
142 | $params = [ |
||
143 | 'errors' => [['error' => $e->getMessage()]] |
||
144 | ]; |
||
145 | return new TemplateResponse('core', 'error', $params, 'guest'); |
||
146 | } |
||
147 | |||
148 | $relativePath = $folder->getRelativePath($item->getPath()); |
||
149 | } |
||
150 | |||
151 | try { |
||
152 | $params = [ |
||
153 | 'permissions' => $item->getPermissions(), |
||
154 | 'title' => $item->getName(), |
||
155 | 'fileId' => $wopi->getFileid() . '_' . $this->config->getSystemValue('instanceid'), |
||
156 | 'token' => $wopi->getToken(), |
||
157 | 'urlsrc' => $urlSrc, |
||
158 | 'path' => $relativePath, |
||
159 | 'instanceId' => $this->config->getSystemValue('instanceid'), |
||
160 | 'canonical_webroot' => $this->appConfig->getAppValue('canonical_webroot'), |
||
161 | 'direct' => true, |
||
162 | ]; |
||
163 | |||
164 | $response = new TemplateResponse('richdocuments', 'documents', $params, 'empty'); |
||
165 | $policy = new ContentSecurityPolicy(); |
||
166 | $policy->allowInlineScript(true); |
||
167 | $policy->addAllowedFrameDomain($this->appConfig->getAppValue('public_wopi_url')); |
||
168 | $response->setContentSecurityPolicy($policy); |
||
169 | return $response; |
||
170 | } catch (\Exception $e) { |
||
171 | $params = [ |
||
172 | 'errors' => [['error' => $e->getMessage()]] |
||
173 | ]; |
||
174 | return new TemplateResponse('core', 'error', $params, 'guest'); |
||
175 | } |
||
176 | |||
177 | } |
||
178 | } |
||
179 |
This checks looks for assignemnts to variables using the
list(...)
function, where not all assigned variables are subsequently used.Consider the following code example.
Only the variables
$a
and$c
are used. There was no need to assign$b
.Instead, the list call could have been.