Also check the scope when reading operations from the database

Signed-off-by: Joas Schilling <coding@schilljs.com>

apps/workflowengine/lib/Manager.php

@@ -189,6 +189,13 @@ class Manager implements IManager {
 			return $scopesByOperation[$operationClass];
 		}
 
+		try {
+			/** @var IOperation $operation */
+			$operation = $this->container->query($operationClass);
+		} catch (QueryException $e) {
+			return [];
+		}
+
 		$query = $this->connection->getQueryBuilder();
 
 		$query->selectDistinct('s.type')
@@ -203,6 +210,11 @@ class Manager implements IManager {
 		$scopesByOperation[$operationClass] = [];
 		while ($row = $result->fetch()) {
 			$scope = new ScopeContext($row['type'], $row['value']);
+
+			if (!$operation->isAvailableForScope((int) $row['type'])) {
+				continue;
+			}
+
 			$scopesByOperation[$operationClass][$scope->getHash()] = $scope;
 		}
 
@@ -232,6 +244,17 @@ class Manager implements IManager {
 
 		$this->operations[$scopeContext->getHash()] = [];
 		while ($row = $result->fetch()) {
+			try {
+				/** @var IOperation $operation */
+				$operation = $this->container->query($row['class']);
+			} catch (QueryException $e) {
+				continue;
+			}
+
+			if (!$operation->isAvailableForScope((int) $row['scope_type'])) {
+				continue;
+			}
+
 			if (!isset($this->operations[$scopeContext->getHash()][$row['class']])) {
 				$this->operations[$scopeContext->getHash()][$row['class']] = [];
 			}

apps/workflowengine/tests/ManagerTest.php

@@ -30,6 +30,7 @@ use OC\L10N\L10N;
 use OCA\WorkflowEngine\Entity\File;
 use OCA\WorkflowEngine\Helper\ScopeContext;
 use OCA\WorkflowEngine\Manager;
+use OCP\AppFramework\QueryException;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\IRootFolder;
 use OCP\IConfig;
@@ -199,6 +200,32 @@ class ManagerTest extends TestCase {
 		$userScope = $this->buildScope('jackie');
 		$entity = File::class;
 
+		$adminOperation = $this->createMock(IOperation::class);
+		$adminOperation->expects($this->any())
+			->method('isAvailableForScope')
+			->willReturnMap([
+				[IManager::SCOPE_ADMIN, true],
+				[IManager::SCOPE_USER, false],
+			]);
+		$userOperation = $this->createMock(IOperation::class);
+		$userOperation->expects($this->any())
+			->method('isAvailableForScope')
+			->willReturnMap([
+				[IManager::SCOPE_ADMIN, false],
+				[IManager::SCOPE_USER, true],
+			]);
+
+		$this->container->expects($this->any())
+			->method('query')
+			->willReturnCallback(function ($className) use ($adminOperation, $userOperation) {
+				switch ($className) {
+					case 'OCA\WFE\TestAdminOp':
+						return $adminOperation;
+					case 'OCA\WFE\TestUserOp':
+						return $userOperation;
+				}
+			});
+
 		$opId1 = $this->invokePrivate(
 			$this->manager,
 			'insertOperation',
@@ -219,6 +246,13 @@ class ManagerTest extends TestCase {
 		);
 		$this->invokePrivate($this->manager, 'addScope', [$opId3, $userScope]);
 
+		$opId4 = $this->invokePrivate(
+			$this->manager,
+			'insertOperation',
+			['OCA\WFE\TestAdminOp', 'Test04', [41, 10, 4], 'NoBar', $entity, []]
+		);
+		$this->invokePrivate($this->manager, 'addScope', [$opId4, $userScope]);
+
 		$adminOps = $this->manager->getAllOperations($adminScope);
 		$userOps = $this->manager->getAllOperations($userScope);
 
@@ -269,6 +303,25 @@ class ManagerTest extends TestCase {
 		);
 		$this->invokePrivate($this->manager, 'addScope', [$opId5, $userScope]);
 
+		$operation = $this->createMock(IOperation::class);
+		$operation->expects($this->any())
+			->method('isAvailableForScope')
+			->willReturnMap([
+				[IManager::SCOPE_ADMIN, true],
+				[IManager::SCOPE_USER, true],
+			]);
+
+		$this->container->expects($this->any())
+			->method('query')
+			->willReturnCallback(function ($className) use ($operation) {
+				switch ($className) {
+					case 'OCA\WFE\TestOp':
+						return $operation;
+					case 'OCA\WFE\OtherTestOp':
+						throw new QueryException();
+				}
+			});
+
 		$adminOps = $this->manager->getOperations('OCA\WFE\TestOp', $adminScope);
 		$userOps = $this->manager->getOperations('OCA\WFE\TestOp', $userScope);