Browse Source

Change private URLs to /u/{userId}/...

To stay true to the "Universal" in URL.

Still only allow access to one's own files for now.
tags/v0.1.0
Gerben 1 year ago
parent
commit
a7180a15c6
2 changed files with 16 additions and 6 deletions
  1. +1
    -1
      appinfo/routes.php
  2. +15
    -5
      lib/Controller/PrivatePageController.php

+ 1
- 1
appinfo/routes.php View File

@@ -5,7 +5,7 @@ return [
['name' => 'pubPage#getByToken', 'url' => '/s/{token}'],
['name' => 'pubPage#getByTokenAndPath', 'url' => '/s/{token}/{path}',
'requirements' => array('path' => '.+')],
['name' => 'privatePage#getByPath', 'url' => '/files/{path}',
['name' => 'privatePage#getByPath', 'url' => '/u/{userId}/{path}',
'requirements' => array('path' => '.+')],
]
];

+ 15
- 5
lib/Controller/PrivatePageController.php View File

@@ -11,7 +11,8 @@ use OCP\Files\NotFoundException;
class PrivatePageController extends Controller {
use RawResponse;

private $userFolder;
private $loggedInUserId;
private $serverContainer;

public function __construct(
$AppName,
@@ -20,19 +21,28 @@ class PrivatePageController extends Controller {
IServerContainer $serverContainer
) {
parent::__construct($AppName, $request);
$this->userFolder = $serverContainer->getUserFolder($UserId);
$this->loggedInUserId = $UserId;
$this->serverContainer = $serverContainer;
}

/**
* @NoAdminRequired
* @NoCSRFRequired
*/
public function getByPath($path) {
if (!$this->userFolder) {
public function getByPath($userId, $path) {
if ($userId !== $this->loggedInUserId) {
// TODO Currently, we only allow access to one's own files. I suppose we could implement
// authorisation checks and give the user access to files that have been shared with them.
return new NotFoundResponse(); // would 403 Forbidden be better?
}

$userFolder = $this->serverContainer->getUserFolder($userId);
if (!$userFolder) {
return new NotFoundResponse();
}

try {
$node = $this->userFolder->get($path);
$node = $userFolder->get($path);
} catch (NotFoundException $e) {
return new NotFoundResponse();
}


Loading…
Cancel
Save