mirror of
https://github.com/nextcloud/server.git
synced 2026-05-28 04:32:30 -04:00
fix(files_reminders): Check for node access when retrieving or removing reminders
Signed-off-by: Christopher Ng <chrng8@gmail.com>
This commit is contained in:
Christopher Ng
Andy Scherzinger
parent
cdf6db0016
commit
55351cfe32
2 changed files with 18 additions and 7 deletions
|
|
@ -57,7 +57,7 @@ class ApiController extends OCSController {
|
|||
'dueDate' => $reminder->getDueDate()->format(DateTimeInterface::ATOM), // ISO 8601
|
||||
];
|
||||
return new DataResponse($reminderData, Http::STATUS_OK);
|
||||
} catch (DoesNotExistException $e) {
|
||||
} catch (NodeNotFoundException | DoesNotExistException $e) {
|
||||
$reminderData = [
|
||||
'dueDate' => null,
|
||||
];
|
||||
|
|
@ -125,7 +125,7 @@ class ApiController extends OCSController {
|
|||
try {
|
||||
$this->reminderService->remove($user, $fileId);
|
||||
return new DataResponse([], Http::STATUS_OK);
|
||||
} catch (DoesNotExistException $e) {
|
||||
} catch (NodeNotFoundException | DoesNotExistException $e) {
|
||||
return new DataResponse([], Http::STATUS_NOT_FOUND);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -47,9 +47,11 @@ class ReminderService {
|
|||
}
|
||||
|
||||
/**
|
||||
* @throws NodeNotFoundException
|
||||
* @throws DoesNotExistException
|
||||
*/
|
||||
public function getDueForUser(IUser $user, int $fileId): RichReminder {
|
||||
$this->checkNode($user, $fileId);
|
||||
$reminder = $this->reminderMapper->findDueForUser($user, $fileId);
|
||||
return new RichReminder($reminder, $this->root);
|
||||
}
|
||||
|
|
@ -74,11 +76,7 @@ class ReminderService {
|
|||
*/
|
||||
public function createOrUpdate(IUser $user, int $fileId, DateTime $dueDate): bool {
|
||||
$now = new DateTime('now', new DateTimeZone('UTC'));
|
||||
$userFolder = $this->root->getUserFolder($user->getUID());
|
||||
$node = $userFolder->getFirstNodeById($fileId);
|
||||
if (!$node) {
|
||||
throw new NodeNotFoundException();
|
||||
}
|
||||
$this->checkNode($user, $fileId);
|
||||
try {
|
||||
$reminder = $this->reminderMapper->findDueForUser($user, $fileId);
|
||||
$reminder->setDueDate($dueDate);
|
||||
|
|
@ -99,9 +97,11 @@ class ReminderService {
|
|||
}
|
||||
|
||||
/**
|
||||
* @throws NodeNotFoundException
|
||||
* @throws DoesNotExistException
|
||||
*/
|
||||
public function remove(IUser $user, int $fileId): void {
|
||||
$this->checkNode($user, $fileId);
|
||||
$reminder = $this->reminderMapper->findDueForUser($user, $fileId);
|
||||
$this->reminderMapper->delete($reminder);
|
||||
}
|
||||
|
|
@ -162,4 +162,15 @@ class ReminderService {
|
|||
$this->reminderMapper->delete($reminder);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @throws NodeNotFoundException
|
||||
*/
|
||||
private function checkNode(IUser $user, int $fileId): void {
|
||||
$userFolder = $this->root->getUserFolder($user->getUID());
|
||||
$node = $userFolder->getFirstNodeById($fileId);
|
||||
if ($node === null) {
|
||||
throw new NodeNotFoundException();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue