Check permissions of all accessible file for versions

artonge · artonge · commit 9628bb1ea960 · 2024-03-20T16:27:27.000+01:00
Signed-off-by: Louis Chemineau &lt;louis@chmn.me&gt;
diff --git a/apps/files_versions/lib/Versions/LegacyVersionsBackend.php b/apps/files_versions/lib/Versions/LegacyVersionsBackend.php
@@ -275,15 +275,19 @@ private function currentUserHasPermissions(FileInfo $sourceFile, int $permission
 			throw new NotFoundException("No user logged in");
 		}
 
-		if ($sourceFile->getOwner()?->getUID() !== $currentUserId) {
-			$nodes = $this->rootFolder->getUserFolder($currentUserId)->getById($sourceFile->getId());
-			$sourceFile = array_pop($nodes);
-			if (!$sourceFile) {
-				throw new NotFoundException("Version file not accessible by current user");
+		$nodes = $this->rootFolder->getUserFolder($currentUserId)->getById($sourceFile->getId());
+
+		if (count($nodes) === 0) {
+			throw new NotFoundException("Version file not accessible by current user");
+		}
+
+		foreach ($nodes as $node) {
+			if (($node->getPermissions() & $permissions) === $permissions) {
+				return true;
 			}
 		}
 
-		return ($sourceFile->getPermissions() & $permissions) === $permissions;
+		return false;
 	}
 
 	public function setMetadataValue(Node $node, int $revision, string $key, string $value): void {

Original file line number	Diff line number	Diff line change
`@@ -275,15 +275,19 @@ private function currentUserHasPermissions(FileInfo $sourceFile, int $permission`
`275`	`275`	`throw new NotFoundException("No user logged in");`
`276`	`276`	`}`
`277`	`277`
`278`		`- if ($sourceFile->getOwner()?->getUID() !== $currentUserId) {`
`279`		`- $nodes = $this->rootFolder->getUserFolder($currentUserId)->getById($sourceFile->getId());`
`280`		`- $sourceFile = array_pop($nodes);`
`281`		`- if (!$sourceFile) {`
`282`		`- throw new NotFoundException("Version file not accessible by current user");`
	`278`	`+ $nodes = $this->rootFolder->getUserFolder($currentUserId)->getById($sourceFile->getId());`
	`279`	`+`
	`280`	`+ if (count($nodes) === 0) {`
	`281`	`+ throw new NotFoundException("Version file not accessible by current user");`
	`282`	`+ }`
	`283`	`+`
	`284`	`+ foreach ($nodes as $node) {`
	`285`	`+ if (($node->getPermissions() & $permissions) === $permissions) {`
	`286`	`+ return true;`
`283`	`287`	`}`
`284`	`288`	`}`
`285`	`289`
`286`		`- return ($sourceFile->getPermissions() & $permissions) === $permissions;`
	`290`	`+ return false;`
`287`	`291`	`}`
`288`	`292`
`289`	`293`	`public function setMetadataValue(Node $node, int $revision, string $key, string $value): void {`