Merge pull request #46677 from nextcloud/backport/44295/stable27

[stable27] Allow injecting the user temporarily for direct editing

apps/files_external/lib/Migration/DummyUserSession.php

@@ -28,11 +28,7 @@ use OCP\IUser;
 use OCP\IUserSession;
 
 class DummyUserSession implements IUserSession {
-
-	/**
-	 * @var IUser
-	 */
-	private $user;
+	private ?IUser $user = null;
 
 	public function login($uid, $password) {
 	}
@@ -44,6 +40,10 @@ class DummyUserSession implements IUserSession {
 		$this->user = $user;
 	}
 
+	public function setVolatileActiveUser(?IUser $user): void {
+		$this->user = $user;
+	}
+
 	public function getUser() {
 		return $this->user;
 	}

lib/private/DirectEditing/Manager.php

@@ -272,13 +272,11 @@ class Manager implements IManager {
 	}
 
 	public function invokeTokenScope($userId): void {
-		\OC_User::setIncognitoMode(true);
 		\OC_User::setUserId($userId);
 	}
 
 	public function revertTokenScope(): void {
 		$this->userSession->setUser(null);
-		\OC_User::setIncognitoMode(false);
 	}
 
 	public function createToken($editorId, File $file, string $filePath, IShare $share = null): string {

lib/private/User/Session.php

@@ -181,6 +181,15 @@ class Session implements IUserSession, Emitter {
 		$this->activeUser = $user;
 	}
 
+	/**
+	 * Temporarily set the currently active user without persisting in the session
+	 *
+	 * @param IUser|null $user
+	 */
+	public function setVolatileActiveUser(?IUser $user): void {
+		$this->activeUser = $user;
+	}
+
 	/**
 	 * get the current active user
 	 *

lib/private/legacy/OC_User.php

@@ -39,7 +39,9 @@ use OC\Authentication\Token\IProvider;
 use OC\User\LoginException;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\ILogger;
+use OCP\ISession;
 use OCP\IUserManager;
+use OCP\Server;
 use OCP\User\Events\BeforeUserLoggedInEvent;
 use OCP\User\Events\UserLoggedInEvent;
 
@@ -349,7 +351,7 @@ class OC_User {
 	 * @return string|false uid or false
 	 */
 	public static function getUser() {
-		$uid = \OC::$server->getSession() ? \OC::$server->getSession()->get('user_id') : null;
+		$uid = Server::get(ISession::class)?->get('user_id');
 		if (!is_null($uid) && self::$incognitoMode === false) {
 			return $uid;
 		} else {

lib/public/IUserSession.php

@@ -63,6 +63,14 @@ interface IUserSession {
 	 */
 	public function setUser($user);
 
+	/**
+	 * Temporarily set the currently active user without persisting in the session
+	 *
+	 * @param IUser|null $user
+	 * @since 27.1.12
+	 */
+	public function setVolatileActiveUser(?IUser $user): void;
+
 	/**
 	 * get the current active user
 	 *