This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * ownCloud - Richdocuments App |
||
4 | * |
||
5 | * @author Victor Dubiniuk |
||
6 | * @copyright 2014 Victor Dubiniuk [email protected] |
||
7 | * |
||
8 | * This file is licensed under the Affero General Public License version 3 or |
||
9 | * later. |
||
10 | */ |
||
11 | |||
12 | namespace OCA\Richdocuments\Controller; |
||
13 | |||
14 | use OCA\Richdocuments\Events\BeforeFederationRedirectEvent; |
||
15 | use OCA\Richdocuments\Service\FederationService; |
||
16 | use OCA\Richdocuments\TokenManager; |
||
17 | use \OCP\AppFramework\Controller; |
||
18 | use OCP\AppFramework\Http; |
||
19 | use OCP\AppFramework\Http\JSONResponse; |
||
20 | use OCP\AppFramework\Http\RedirectResponse; |
||
21 | use OCP\Constants; |
||
22 | use OCP\Files\File; |
||
23 | use OCP\Files\Folder; |
||
24 | use OCP\Files\GenericFileException; |
||
25 | use OCP\Files\IRootFolder; |
||
26 | use OCP\Files\Node; |
||
27 | use OCP\Files\NotFoundException; |
||
28 | use OCP\Files\NotPermittedException; |
||
29 | use \OCP\IRequest; |
||
30 | use \OCP\IConfig; |
||
31 | use \OCP\IL10N; |
||
32 | use \OCP\ILogger; |
||
33 | use \OCP\AppFramework\Http\ContentSecurityPolicy; |
||
34 | use \OCP\AppFramework\Http\TemplateResponse; |
||
35 | use \OCA\Richdocuments\AppConfig; |
||
36 | use \OCA\Richdocuments\Helper; |
||
37 | use OCP\ISession; |
||
38 | use OCP\Share\Exceptions\ShareNotFound; |
||
39 | use OCP\Share\IManager; |
||
40 | use OC\Files\Type\TemplateManager; |
||
41 | |||
42 | class DocumentController extends Controller { |
||
43 | /** @var string */ |
||
44 | private $uid; |
||
45 | /** @var IL10N */ |
||
46 | private $l10n; |
||
47 | /** @var IConfig */ |
||
48 | private $settings; |
||
49 | /** @var AppConfig */ |
||
50 | private $appConfig; |
||
51 | /** @var ILogger */ |
||
52 | private $logger; |
||
53 | /** @var IManager */ |
||
54 | private $shareManager; |
||
55 | /** @var TokenManager */ |
||
56 | private $tokenManager; |
||
57 | /** @var ISession */ |
||
58 | private $session; |
||
59 | /** @var IRootFolder */ |
||
60 | private $rootFolder; |
||
61 | /** @var \OCA\Richdocuments\TemplateManager */ |
||
62 | private $templateManager; |
||
63 | /** @var FederationService */ |
||
64 | private $federationService; |
||
65 | /** @var Helper */ |
||
66 | private $helper; |
||
67 | |||
68 | const ODT_TEMPLATE_PATH = '/assets/odttemplate.odt'; |
||
69 | |||
70 | /** |
||
71 | * @param string $appName |
||
72 | * @param IRequest $request |
||
73 | * @param IConfig $settings |
||
74 | * @param AppConfig $appConfig |
||
75 | * @param IL10N $l10n |
||
76 | * @param IManager $shareManager |
||
77 | * @param TokenManager $tokenManager |
||
78 | * @param IRootFolder $rootFolder |
||
79 | * @param ISession $session |
||
80 | * @param string $UserId |
||
81 | * @param ILogger $logger |
||
82 | */ |
||
83 | View Code Duplication | public function __construct( |
|
84 | $appName, |
||
85 | IRequest $request, |
||
86 | IConfig $settings, |
||
87 | AppConfig $appConfig, |
||
88 | IL10N $l10n, |
||
89 | IManager $shareManager, |
||
90 | TokenManager $tokenManager, |
||
91 | IRootFolder $rootFolder, |
||
92 | ISession $session, |
||
93 | $UserId, |
||
94 | ILogger $logger, |
||
95 | \OCA\Richdocuments\TemplateManager $templateManager, |
||
96 | FederationService $federationService, |
||
97 | Helper $helper |
||
98 | ) { |
||
99 | parent::__construct($appName, $request); |
||
100 | $this->uid = $UserId; |
||
101 | $this->l10n = $l10n; |
||
102 | $this->settings = $settings; |
||
103 | $this->appConfig = $appConfig; |
||
104 | $this->shareManager = $shareManager; |
||
105 | $this->tokenManager = $tokenManager; |
||
106 | $this->rootFolder = $rootFolder; |
||
107 | $this->session = $session; |
||
108 | $this->logger = $logger; |
||
109 | $this->templateManager = $templateManager; |
||
110 | $this->federationService = $federationService; |
||
111 | $this->helper = $helper; |
||
112 | } |
||
113 | |||
114 | /** |
||
115 | * @PublicPage |
||
116 | * @NoCSRFRequired |
||
117 | * |
||
118 | * Returns the access_token and urlsrc for WOPI access for given $fileId |
||
119 | * Requests is accepted only when a secret_token is provided set by admin in |
||
120 | * settings page |
||
121 | * |
||
122 | * @param string $fileId |
||
123 | * @return array access_token, urlsrc |
||
124 | */ |
||
125 | public function extAppGetData($fileId) { |
||
126 | $secretToken = $this->request->getParam('secret_token'); |
||
127 | $apps = array_filter(explode(',', $this->appConfig->getAppValue('external_apps'))); |
||
128 | foreach($apps as $app) { |
||
129 | if ($app !== '' && $secretToken === $app) { |
||
130 | $appName = explode(':', $app); |
||
131 | $this->logger->debug('External app "{extApp}" authenticated; issuing access token for fileId {fileId}', [ |
||
132 | 'app' => $this->appName, |
||
133 | 'extApp' => $appName[0], |
||
134 | 'fileId' => $fileId |
||
135 | ]); |
||
136 | try { |
||
137 | $folder = $this->rootFolder->getUserFolder($this->uid); |
||
138 | $item = $folder->getById($fileId)[0]; |
||
139 | if(!($item instanceof Node)) { |
||
140 | throw new \Exception(); |
||
141 | } |
||
142 | list($urlSrc, $token) = $this->tokenManager->getToken($item->getId()); |
||
143 | return [ |
||
144 | 'status' => 'success', |
||
145 | 'urlsrc' => $urlSrc, |
||
146 | 'token' => $token |
||
147 | ]; |
||
148 | } catch (\Exception $e) { |
||
149 | $this->logger->logException($e, ['app'=>'richdocuments']); |
||
150 | $params = [ |
||
151 | 'errors' => [['error' => $e->getMessage()]] |
||
152 | ]; |
||
153 | return new TemplateResponse('core', 'error', $params, 'guest'); |
||
154 | } |
||
155 | } |
||
156 | } |
||
157 | return [ |
||
158 | 'status' => 'error', |
||
159 | 'message' => 'Permission denied' |
||
160 | ]; |
||
161 | } |
||
162 | |||
163 | /** |
||
164 | * Strips the path and query parameters from the URL. |
||
165 | * |
||
166 | * @param string $url |
||
167 | * @return string |
||
168 | */ |
||
169 | private function domainOnly($url) { |
||
170 | $parsed_url = parse_url($url); |
||
171 | $scheme = isset($parsed_url['scheme']) ? $parsed_url['scheme'] . '://' : ''; |
||
172 | $host = isset($parsed_url['host']) ? $parsed_url['host'] : ''; |
||
173 | $port = isset($parsed_url['port']) ? ':' . $parsed_url['port'] : ''; |
||
174 | return "$scheme$host$port"; |
||
175 | } |
||
176 | |||
177 | /** |
||
178 | * Redirect to the files app with proper CSP headers set for federated editing |
||
179 | * This is a workaround since we cannot set a nonce for allowing dynamic URLs in the richdocument iframe |
||
180 | * |
||
181 | * @NoAdminRequired |
||
182 | * @NoCSRFRequired |
||
183 | */ |
||
184 | public function open($fileId) { |
||
185 | try { |
||
186 | $folder = $this->rootFolder->getUserFolder($this->uid); |
||
187 | $item = $folder->getById($fileId)[0]; |
||
188 | if (!($item instanceof File)) { |
||
189 | throw new \Exception('Node is not a file'); |
||
190 | } |
||
191 | |||
192 | if ($item->getStorage()->instanceOfStorage(\OCA\Files_Sharing\External\Storage::class)) { |
||
193 | $remote = $item->getStorage()->getRemote(); |
||
194 | $remoteCollabora = $this->federationService->getRemoteCollaboraURL($remote); |
||
195 | if ($remoteCollabora !== '') { |
||
196 | $absolute = $item->getParent()->getPath(); |
||
197 | $relativeFolderPath = $folder->getRelativePath($absolute); |
||
198 | $relativeFilePath = $folder->getRelativePath($item->getPath()); |
||
199 | $url = '/index.php/apps/files/?dir=' . $relativeFolderPath . |
||
200 | '&richdocuments_open=' . $relativeFilePath . |
||
201 | '&richdocuments_fileId=' . $fileId . |
||
202 | '&richdocuments_remote_access=' . $remote; |
||
203 | |||
204 | $event = new BeforeFederationRedirectEvent( |
||
205 | $item, $relativeFolderPath, $remote |
||
206 | ); |
||
207 | $eventDispatcher = \OC::$server->getEventDispatcher(); |
||
208 | $eventDispatcher->dispatch(BeforeFederationRedirectEvent::class, $event); |
||
209 | if ($event->getRedirectUrl()) { |
||
210 | $url = $event->getRedirectUrl(); |
||
211 | } |
||
212 | return new RedirectResponse($url); |
||
213 | } |
||
214 | $this->logger->warning('Failed to connect to remote collabora instance for ' . $fileId); |
||
215 | } |
||
216 | } catch (\Exception $e) { |
||
217 | $this->logger->logException($e, ['app'=>'richdocuments']); |
||
218 | $params = [ |
||
219 | 'errors' => [['error' => $e->getMessage()]] |
||
220 | ]; |
||
221 | return new TemplateResponse('core', 'error', $params, 'guest'); |
||
222 | } |
||
223 | |||
224 | return new TemplateResponse('core', '403', [], 'guest'); |
||
225 | } |
||
226 | |||
227 | /** |
||
228 | * @NoAdminRequired |
||
229 | * |
||
230 | * @param string $fileId |
||
231 | * @param string|null $path |
||
232 | * @return RedirectResponse|TemplateResponse |
||
233 | */ |
||
234 | public function index($fileId, $path = null) { |
||
235 | try { |
||
236 | $folder = $this->rootFolder->getUserFolder($this->uid); |
||
237 | |||
238 | if ($path !== null) { |
||
239 | $item = $folder->get($path); |
||
240 | } else { |
||
241 | $item = $folder->getById($fileId)[0]; |
||
242 | } |
||
243 | |||
244 | if(!($item instanceof File)) { |
||
245 | throw new \Exception(); |
||
246 | } |
||
247 | |||
248 | /** Open file from remote collabora */ |
||
249 | $federatedUrl = $this->federationService->getRemoteRedirectURL($item); |
||
250 | View Code Duplication | if ($federatedUrl !== null) { |
|
251 | $response = new RedirectResponse($federatedUrl); |
||
252 | $response->addHeader('X-Frame-Options', 'ALLOW'); |
||
253 | return $response; |
||
254 | } |
||
255 | |||
256 | list($urlSrc, $token, $wopi) = $this->tokenManager->getToken($item->getId()); |
||
257 | $params = [ |
||
258 | 'permissions' => $item->getPermissions(), |
||
259 | 'title' => $item->getName(), |
||
260 | 'fileId' => $item->getId() . '_' . $this->settings->getSystemValue('instanceid'), |
||
261 | 'token' => $token, |
||
262 | 'urlsrc' => $urlSrc, |
||
263 | 'path' => $folder->getRelativePath($item->getPath()), |
||
264 | 'instanceId' => $this->settings->getSystemValue('instanceid'), |
||
265 | 'canonical_webroot' => $this->appConfig->getAppValue('canonical_webroot'), |
||
266 | 'userId' => $this->uid |
||
267 | ]; |
||
268 | |||
269 | $encryptionManager = \OC::$server->getEncryptionManager(); |
||
270 | if ($encryptionManager->isEnabled()) |
||
271 | { |
||
272 | // Update the current file to be accessible with system public shared key |
||
273 | $owner = $item->getOwner()->getUID(); |
||
274 | $absPath = '/' . $owner . '/' . $item->getInternalPath(); |
||
275 | $accessList = \OC::$server->getEncryptionFilesHelper()->getAccessList($absPath); |
||
276 | $accessList['public'] = true; |
||
277 | $encryptionManager->getEncryptionModule()->update($absPath, $owner, $accessList); |
||
278 | } |
||
279 | |||
280 | $response = new TemplateResponse('richdocuments', 'documents', $params, 'base'); |
||
281 | $policy = new ContentSecurityPolicy(); |
||
282 | $policy->addAllowedFrameDomain($this->domainOnly($this->appConfig->getAppValue('public_wopi_url'))); |
||
283 | $policy->allowInlineScript(true); |
||
284 | $response->setContentSecurityPolicy($policy); |
||
285 | return $response; |
||
286 | } catch (\Exception $e) { |
||
287 | $this->logger->logException($e, ['app'=>'richdocuments']); |
||
288 | $params = [ |
||
289 | 'errors' => [['error' => $e->getMessage()]] |
||
290 | ]; |
||
291 | return new TemplateResponse('core', 'error', $params, 'guest'); |
||
292 | } |
||
293 | |||
294 | return new TemplateResponse('core', '403', [], 'guest'); |
||
295 | } |
||
296 | |||
297 | /** |
||
298 | * @NoAdminRequired |
||
299 | * |
||
300 | * Create a new file from a template |
||
301 | * |
||
302 | * @param int $templateId |
||
303 | * @param string $fileName |
||
304 | * @param string $dir |
||
305 | * @return TemplateResponse |
||
306 | * @throws NotFoundException |
||
307 | * @throws NotPermittedException |
||
308 | * @throws \OCP\Files\InvalidPathException |
||
309 | */ |
||
310 | public function createFromTemplate($templateId, $fileName, $dir) { |
||
311 | if (!$this->templateManager->isTemplate($templateId)) { |
||
312 | return new TemplateResponse('core', '403', [], 'guest'); |
||
313 | } |
||
314 | |||
315 | $userFolder = $this->rootFolder->getUserFolder($this->uid); |
||
316 | try { |
||
317 | $folder = $userFolder->get($dir); |
||
318 | } catch (NotFoundException $e) { |
||
319 | return new TemplateResponse('core', '403', [], 'guest'); |
||
320 | } |
||
321 | |||
322 | if (!$folder instanceof Folder) { |
||
323 | return new TemplateResponse('core', '403', [], 'guest'); |
||
324 | } |
||
325 | |||
326 | $file = $folder->newFile($fileName); |
||
327 | |||
328 | $template = $this->templateManager->get($templateId); |
||
329 | list($urlSrc, $wopi) = $this->tokenManager->getTokenForTemplate($template, $this->uid, $file->getId()); |
||
330 | |||
331 | $wopiFileId = $template->getId() . '-' . $file->getId() . '_' . $this->settings->getSystemValue('instanceid'); |
||
332 | $wopiFileId = $wopi->getFileid() . '_' . $this->settings->getSystemValue('instanceid'); |
||
333 | |||
334 | $params = [ |
||
335 | 'permissions' => $template->getPermissions(), |
||
336 | 'title' => $fileName, |
||
337 | 'fileId' => $wopiFileId, |
||
338 | 'token' => $wopi->getToken(), |
||
339 | 'urlsrc' => $urlSrc, |
||
340 | 'path' => $userFolder->getRelativePath($file->getPath()), |
||
341 | 'instanceId' => $this->settings->getSystemValue('instanceid'), |
||
342 | 'canonical_webroot' => $this->appConfig->getAppValue('canonical_webroot'), |
||
343 | 'userId' => $this->uid |
||
344 | ]; |
||
345 | |||
346 | $response = new TemplateResponse('richdocuments', 'documents', $params, 'base'); |
||
347 | $policy = new ContentSecurityPolicy(); |
||
348 | $policy->addAllowedFrameDomain($this->domainOnly($this->appConfig->getAppValue('public_wopi_url'))); |
||
349 | $policy->allowInlineScript(true); |
||
350 | $response->setContentSecurityPolicy($policy); |
||
351 | return $response; |
||
352 | } |
||
353 | |||
354 | /** |
||
355 | * @PublicPage |
||
356 | * @NoCSRFRequired |
||
357 | * |
||
358 | * @param string $shareToken |
||
359 | * @param string $fileName |
||
360 | * @return TemplateResponse |
||
361 | * @throws \Exception |
||
362 | */ |
||
363 | public function publicPage($shareToken, $fileName, $fileId) { |
||
0 ignored issues
–
show
|
|||
364 | try { |
||
365 | $share = $this->shareManager->getShareByToken($shareToken); |
||
366 | // not authenticated ? |
||
367 | View Code Duplication | if($share->getPassword()){ |
|
368 | if (!$this->session->exists('public_link_authenticated') |
||
369 | || $this->session->get('public_link_authenticated') !== (string)$share->getId() |
||
370 | ) { |
||
371 | throw new \Exception('Invalid password'); |
||
372 | } |
||
373 | } |
||
374 | |||
375 | $node = $share->getNode(); |
||
376 | if($node instanceof Folder) { |
||
377 | $item = $node->getById($fileId)[0]; |
||
378 | } else { |
||
379 | $item = $node; |
||
380 | } |
||
381 | if ($item instanceof Node) { |
||
382 | $params = [ |
||
383 | 'permissions' => $share->getPermissions(), |
||
384 | 'title' => $item->getName(), |
||
385 | 'fileId' => $item->getId() . '_' . $this->settings->getSystemValue('instanceid'), |
||
386 | 'path' => '/', |
||
387 | 'instanceId' => $this->settings->getSystemValue('instanceid'), |
||
388 | 'canonical_webroot' => $this->appConfig->getAppValue('canonical_webroot'), |
||
389 | 'userId' => $this->uid, |
||
390 | ]; |
||
391 | |||
392 | if ($this->uid !== null || ($share->getPermissions() & \OCP\Constants::PERMISSION_UPDATE) === 0 || $this->helper->getGuestName() !== null) { |
||
393 | list($urlSrc, $token) = $this->tokenManager->getToken($item->getId(), $shareToken, $this->uid); |
||
394 | $params['token'] = $token; |
||
395 | $params['urlsrc'] = $urlSrc; |
||
396 | } |
||
397 | |||
398 | $response = new TemplateResponse('richdocuments', 'documents', $params, 'base'); |
||
399 | $policy = new ContentSecurityPolicy(); |
||
400 | $policy->addAllowedFrameDomain($this->domainOnly($this->appConfig->getAppValue('public_wopi_url'))); |
||
401 | $policy->allowInlineScript(true); |
||
402 | $response->setContentSecurityPolicy($policy); |
||
403 | return $response; |
||
404 | } |
||
405 | } catch (\Exception $e) { |
||
406 | $this->logger->logException($e, ['app'=>'richdocuments']); |
||
407 | $params = [ |
||
408 | 'errors' => [['error' => $e->getMessage()]] |
||
409 | ]; |
||
410 | return new TemplateResponse('core', 'error', $params, 'guest'); |
||
411 | } |
||
412 | |||
413 | return new TemplateResponse('core', '403', [], 'guest'); |
||
414 | } |
||
415 | |||
416 | /** |
||
417 | * @PublicPage |
||
418 | * @NoCSRFRequired |
||
419 | * |
||
420 | * @param string $shareToken |
||
421 | * @param $remoteServer |
||
422 | * @param $remoteServerToken |
||
423 | * @param null $filePath |
||
424 | * @return TemplateResponse |
||
425 | */ |
||
426 | public function remote($shareToken, $remoteServer, $remoteServerToken, $filePath = null) { |
||
427 | try { |
||
428 | $share = $this->shareManager->getShareByToken($shareToken); |
||
429 | // not authenticated ? |
||
430 | View Code Duplication | if($share->getPassword()){ |
|
431 | if (!$this->session->exists('public_link_authenticated') |
||
432 | || $this->session->get('public_link_authenticated') !== (string)$share->getId() |
||
433 | ) { |
||
434 | throw new \Exception('Invalid password'); |
||
435 | } |
||
436 | } |
||
437 | |||
438 | $node = $share->getNode(); |
||
439 | if ($filePath !== null) { |
||
440 | $node = $node->get($filePath); |
||
441 | } |
||
442 | |||
443 | if ($node instanceof Node) { |
||
444 | list($urlSrc, $token, $wopi) = $this->tokenManager->getToken($node->getId(), $shareToken, $this->uid); |
||
445 | |||
446 | $remoteWopi = $this->federationService->getRemoteFileDetails($remoteServer, $remoteServerToken); |
||
447 | if ($remoteWopi === null) { |
||
448 | throw new \Exception('Invalid remote file details for ' . $remoteServerToken); |
||
449 | } |
||
450 | $this->tokenManager->updateToRemoteToken($wopi, $shareToken, $remoteServer, $remoteServerToken, $remoteWopi); |
||
451 | |||
452 | $permissions = $share->getPermissions(); |
||
453 | if (!$remoteWopi['canwrite']) { |
||
454 | $permissions = $permissions & ~ Constants::PERMISSION_UPDATE; |
||
455 | } |
||
456 | |||
457 | $params = [ |
||
458 | 'permissions' => $permissions, |
||
459 | 'title' => $node->getName(), |
||
460 | 'fileId' => $node->getId() . '_' . $this->settings->getSystemValue('instanceid'), |
||
461 | 'token' => $token, |
||
462 | 'urlsrc' => $urlSrc, |
||
463 | 'path' => '/', |
||
464 | 'instanceId' => $this->settings->getSystemValue('instanceid'), |
||
465 | 'canonical_webroot' => $this->appConfig->getAppValue('canonical_webroot'), |
||
466 | 'userId' => $remoteWopi['editorUid'] . '@' . $remoteServer |
||
467 | ]; |
||
468 | |||
469 | $response = new TemplateResponse('richdocuments', 'documents', $params, 'base'); |
||
470 | $policy = new ContentSecurityPolicy(); |
||
471 | $policy->addAllowedFrameDomain($this->domainOnly($this->appConfig->getAppValue('wopi_url'))); |
||
472 | $policy->allowInlineScript(true); |
||
473 | $policy->addAllowedFrameAncestorDomain('https://*'); |
||
474 | $response->setContentSecurityPolicy($policy); |
||
475 | $response->addHeader('X-Frame-Options', 'ALLOW'); |
||
476 | return $response; |
||
477 | } |
||
478 | } catch (ShareNotFound $e) { |
||
479 | return new TemplateResponse('core', '404', [], 'guest'); |
||
480 | } catch (\Exception $e) { |
||
481 | $this->logger->logException($e, ['app'=>'richdocuments']); |
||
482 | $params = [ |
||
483 | 'errors' => [['error' => $e->getMessage()]] |
||
484 | ]; |
||
485 | return new TemplateResponse('core', 'error', $params, 'guest'); |
||
486 | } |
||
487 | |||
488 | return new TemplateResponse('core', '403', [], 'guest'); |
||
489 | } |
||
490 | |||
491 | /** |
||
492 | * @NoAdminRequired |
||
493 | * |
||
494 | * @param string $mimetype |
||
495 | * @param string $filename |
||
496 | * @param string $dir |
||
497 | * @return JSONResponse |
||
498 | * @throws NotPermittedException |
||
499 | * @throws GenericFileException |
||
500 | */ |
||
501 | public function create($mimetype, |
||
502 | $filename, |
||
503 | $dir = '/'){ |
||
504 | |||
505 | $root = $this->rootFolder->getUserFolder($this->uid); |
||
506 | try { |
||
507 | /** @var Folder $folder */ |
||
508 | $folder = $root->get($dir); |
||
509 | } catch (NotFoundException $e) { |
||
510 | return new JSONResponse([ |
||
511 | 'status' => 'error', |
||
512 | 'message' => $this->l10n->t('Can\'t create document') |
||
513 | ], Http::STATUS_BAD_REQUEST); |
||
514 | } |
||
515 | |||
516 | View Code Duplication | if (!($folder instanceof Folder)) { |
|
517 | return new JSONResponse([ |
||
518 | 'status' => 'error', |
||
519 | 'message' => $this->l10n->t('Can\'t create document') |
||
520 | ], Http::STATUS_BAD_REQUEST); |
||
521 | } |
||
522 | |||
523 | $basename = $this->l10n->t('New Document.odt'); |
||
524 | switch ($mimetype) { |
||
525 | case 'application/vnd.oasis.opendocument.spreadsheet': |
||
526 | $basename = $this->l10n->t('New Spreadsheet.ods'); |
||
527 | break; |
||
528 | case 'application/vnd.oasis.opendocument.presentation': |
||
529 | $basename = $this->l10n->t('New Presentation.odp'); |
||
530 | break; |
||
531 | case 'application/vnd.openxmlformats-officedocument.wordprocessingml.document': |
||
532 | $basename = $this->l10n->t('New Document.docx'); |
||
533 | break; |
||
534 | case 'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet': |
||
535 | $basename = $this->l10n->t('New Spreadsheet.xlsx'); |
||
536 | break; |
||
537 | case 'application/vnd.openxmlformats-officedocument.presentationml.presentation': |
||
538 | $basename = $this->l10n->t('New Presentation.pptx'); |
||
539 | break; |
||
540 | default: |
||
541 | // to be safe |
||
542 | $mimetype = 'application/vnd.oasis.opendocument.text'; |
||
543 | break; |
||
544 | } |
||
545 | |||
546 | if (!$filename){ |
||
547 | $filename = Helper::getNewFileName($folder, $basename); |
||
548 | } |
||
549 | |||
550 | View Code Duplication | if ($folder->nodeExists($filename)) { |
|
551 | return new JSONResponse([ |
||
552 | 'status' => 'error', |
||
553 | 'message' => $this->l10n->t('Document already exists') |
||
554 | ], Http::STATUS_BAD_REQUEST); |
||
555 | } |
||
556 | |||
557 | try { |
||
558 | $file = $folder->newFile($filename); |
||
559 | } catch (NotPermittedException $e) { |
||
560 | return new JSONResponse([ |
||
561 | 'status' => 'error', |
||
562 | 'message' => $this->l10n->t('Not allowed to create document') |
||
563 | ], Http::STATUS_BAD_REQUEST); |
||
564 | } |
||
565 | |||
566 | $content = ''; |
||
567 | if (class_exists(TemplateManager::class)){ |
||
568 | $manager = \OC_Helper::getFileTemplateManager(); |
||
569 | $content = $manager->getTemplate($mimetype); |
||
570 | } |
||
571 | |||
572 | if (!$content){ |
||
573 | $content = file_get_contents(dirname(dirname(__DIR__)) . self::ODT_TEMPLATE_PATH); |
||
574 | } |
||
575 | |||
576 | if ($content) { |
||
577 | $file->putContent($content); |
||
578 | |||
579 | return new JSONResponse([ |
||
580 | 'status' => 'success', |
||
581 | 'data' => \OCA\Files\Helper::formatFileInfo($file->getFileInfo()) |
||
582 | ]); |
||
583 | } |
||
584 | |||
585 | |||
586 | return new JSONResponse([ |
||
587 | 'status' => 'error', |
||
588 | 'message' => $this->l10n->t('Can\'t create document') |
||
589 | ]); |
||
590 | } |
||
591 | } |
||
592 |
This check looks from parameters that have been defined for a function or method, but which are not used in the method body.