Change private URLs to /u/{userId}/...

To stay true to the "Universal" in URL.

Still only allow access to one's own files for now.

appinfo/routes.php

@@ -5,7 +5,7 @@ return [
     ['name' => 'pubPage#getByToken', 'url' => '/s/{token}'],
     ['name' => 'pubPage#getByTokenAndPath', 'url' => '/s/{token}/{path}',
       'requirements' => array('path' => '.+')],
-    ['name' => 'privatePage#getByPath', 'url' => '/files/{path}',
+    ['name' => 'privatePage#getByPath', 'url' => '/u/{userId}/{path}',
       'requirements' => array('path' => '.+')],
   ]
 ];

lib/Controller/PrivatePageController.php

@@ -11,7 +11,8 @@ use OCP\Files\NotFoundException;
 class PrivatePageController extends Controller {
 	use RawResponse;
 
-	private $userFolder;
+	private $loggedInUserId;
+	private $serverContainer;
 
 	public function __construct(
 		$AppName,
@@ -20,19 +21,28 @@ class PrivatePageController extends Controller {
 		IServerContainer $serverContainer
 	) {
 		parent::__construct($AppName, $request);
-		$this->userFolder = $serverContainer->getUserFolder($UserId);
+		$this->loggedInUserId = $UserId;
+		$this->serverContainer = $serverContainer;
 	}
 
 	/**
 	 * @NoAdminRequired
 	 * @NoCSRFRequired
 	 */
-	public function getByPath($path) {
-		if (!$this->userFolder) {
+	public function getByPath($userId, $path) {
+		if ($userId !== $this->loggedInUserId) {
+			// TODO Currently, we only allow access to one's own files. I suppose we could implement
+			// authorisation checks and give the user access to files that have been shared with them.
+			return new NotFoundResponse(); // would 403 Forbidden be better?
+		}
+
+		$userFolder = $this->serverContainer->getUserFolder($userId);
+		if (!$userFolder) {
 			return new NotFoundResponse();
 		}
+
 		try {
-			$node = $this->userFolder->get($path);
+			$node = $userFolder->get($path);
 		} catch (NotFoundException $e) {
 			return new NotFoundResponse();
 		}