PrivatePageController.php 1.2 KiB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
  1. <?php
  2. namespace OCA\Raw\Controller;
  3. use OCP\IRequest;
  4. use OCP\IServerContainer;
  5. use OCP\AppFramework\Http\NotFoundResponse;
  6. use OCP\AppFramework\Controller;
  7. use OCP\Files\Folder;
  8. use OCP\Files\NotFoundException;
  9. class PrivatePageController extends Controller {
  10. use RawResponse;
  11. private $loggedInUserId;
  12. private $serverContainer;
  13. public function __construct(
  14. $AppName,
  15. $UserId,
  16. IRequest $request,
  17. IServerContainer $serverContainer
  18. ) {
  19. parent::__construct($AppName, $request);
  20. $this->loggedInUserId = $UserId;
  21. $this->serverContainer = $serverContainer;
  22. }
  23. /**
  24. * @NoAdminRequired
  25. * @NoCSRFRequired
  26. */
  27. public function getByPath($userId, $path) {
  28. if ($userId !== $this->loggedInUserId) {
  29. // TODO Currently, we only allow access to one's own files. I suppose we could implement
  30. // authorisation checks and give the user access to files that have been shared with them.
  31. return new NotFoundResponse(); // would 403 Forbidden be better?
  32. }
  33. $userFolder = $this->serverContainer->getUserFolder($userId);
  34. if (!$userFolder) {
  35. return new NotFoundResponse();
  36. }
  37. try {
  38. $node = $userFolder->get($path);
  39. } catch (NotFoundException $e) {
  40. return new NotFoundResponse();
  41. }
  42. $this->returnRawResponse($node);
  43. }
  44. }