|
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 |
- <?php
- namespace OCA\Raw\Controller;
-
- use OCP\IRequest;
- use OCP\IServerContainer;
- use OCP\AppFramework\Http\NotFoundResponse;
- use OCP\AppFramework\Controller;
- use OCP\Files\Folder;
- use OCP\Files\NotFoundException;
-
- class PrivatePageController extends Controller {
- use RawResponse;
-
- private $loggedInUserId;
- private $serverContainer;
-
- public function __construct(
- $AppName,
- $UserId,
- IRequest $request,
- IServerContainer $serverContainer
- ) {
- parent::__construct($AppName, $request);
- $this->loggedInUserId = $UserId;
- $this->serverContainer = $serverContainer;
- }
-
- /**
- * @NoAdminRequired
- * @NoCSRFRequired
- */
- public function getByPath($userId, $path) {
- if ($userId !== $this->loggedInUserId) {
- // TODO Currently, we only allow access to one's own files. I suppose we could implement
- // authorisation checks and give the user access to files that have been shared with them.
- return new NotFoundResponse(); // would 403 Forbidden be better?
- }
-
- $userFolder = $this->serverContainer->getUserFolder($userId);
- if (!$userFolder) {
- return new NotFoundResponse();
- }
-
- try {
- $node = $userFolder->get($path);
- } catch (NotFoundException $e) {
- return new NotFoundResponse();
- }
- $this->returnRawResponse($node);
- }
- }
|