From 55351cfe32658dad4558cfe2793a7e5808e19193 Mon Sep 17 00:00:00 2001
From: Christopher Ng <chrng8@gmail.com>
Date: Thu, 6 Feb 2025 15:59:40 -0800
Subject: [PATCH] fix(files_reminders): Check for node access when retrieving
 or removing reminders

Signed-off-by: Christopher Ng <chrng8@gmail.com>
---
 .../lib/Controller/ApiController.php          |  4 ++--
 .../lib/Service/ReminderService.php           | 21 ++++++++++++++-----
 2 files changed, 18 insertions(+), 7 deletions(-)

diff --git a/apps/files_reminders/lib/Controller/ApiController.php b/apps/files_reminders/lib/Controller/ApiController.php
index dbc340610b2..523eca1b30c 100644
--- a/apps/files_reminders/lib/Controller/ApiController.php
+++ b/apps/files_reminders/lib/Controller/ApiController.php
@@ -57,7 +57,7 @@ class ApiController extends OCSController {
 				'dueDate' => $reminder->getDueDate()->format(DateTimeInterface::ATOM), // ISO 8601
 			];
 			return new DataResponse($reminderData, Http::STATUS_OK);
-		} catch (DoesNotExistException $e) {
+		} catch (NodeNotFoundException | DoesNotExistException $e) {
 			$reminderData = [
 				'dueDate' => null,
 			];
@@ -125,7 +125,7 @@ class ApiController extends OCSController {
 		try {
 			$this->reminderService->remove($user, $fileId);
 			return new DataResponse([], Http::STATUS_OK);
-		} catch (DoesNotExistException $e) {
+		} catch (NodeNotFoundException | DoesNotExistException $e) {
 			return new DataResponse([], Http::STATUS_NOT_FOUND);
 		}
 	}
diff --git a/apps/files_reminders/lib/Service/ReminderService.php b/apps/files_reminders/lib/Service/ReminderService.php
index e4e9aa7a5d8..32dbab6d2dc 100644
--- a/apps/files_reminders/lib/Service/ReminderService.php
+++ b/apps/files_reminders/lib/Service/ReminderService.php
@@ -47,9 +47,11 @@ class ReminderService {
 	}
 
 	/**
+	 * @throws NodeNotFoundException
 	 * @throws DoesNotExistException
 	 */
 	public function getDueForUser(IUser $user, int $fileId): RichReminder {
+		$this->checkNode($user, $fileId);
 		$reminder = $this->reminderMapper->findDueForUser($user, $fileId);
 		return new RichReminder($reminder, $this->root);
 	}
@@ -74,11 +76,7 @@ class ReminderService {
 	 */
 	public function createOrUpdate(IUser $user, int $fileId, DateTime $dueDate): bool {
 		$now = new DateTime('now', new DateTimeZone('UTC'));
-		$userFolder = $this->root->getUserFolder($user->getUID());
-		$node = $userFolder->getFirstNodeById($fileId);
-		if (!$node) {
-			throw new NodeNotFoundException();
-		}
+		$this->checkNode($user, $fileId);
 		try {
 			$reminder = $this->reminderMapper->findDueForUser($user, $fileId);
 			$reminder->setDueDate($dueDate);
@@ -99,9 +97,11 @@ class ReminderService {
 	}
 
 	/**
+	 * @throws NodeNotFoundException
 	 * @throws DoesNotExistException
 	 */
 	public function remove(IUser $user, int $fileId): void {
+		$this->checkNode($user, $fileId);
 		$reminder = $this->reminderMapper->findDueForUser($user, $fileId);
 		$this->reminderMapper->delete($reminder);
 	}
@@ -162,4 +162,15 @@ class ReminderService {
 			$this->reminderMapper->delete($reminder);
 		}
 	}
+
+	/**
+	 * @throws NodeNotFoundException
+	 */
+	private function checkNode(IUser $user, int $fileId): void {
+		$userFolder = $this->root->getUserFolder($user->getUID());
+		$node = $userFolder->getFirstNodeById($fileId);
+		if ($node === null) {
+			throw new NodeNotFoundException();
+		}
+	}
 }