Merge remote-tracking branch 'remotes/origin/develop' into feature/wi…

…ndow-size # Conflicts: # CHANGELOG.md # js/editor.js
ONLYOFFICE · Mar 4, 2024 · 051ca2b · 051ca2b
2 parents dbff74a + 5a7ecf6
commit 051ca2b
Show file tree

Hide file tree

Showing 44 changed files with 247 additions and 101 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,7 @@
 - offline viewer for share link
 - updatable list of supported formats
 - filling pdf instead oform
+- fixed guest redirect when limiting the app to groups
 - fixed mobile editor size
 
 ## Added
@@ -15,6 +16,7 @@
 - opening a reference data source
 - changing a reference data source
 - setting for disable editors cron check
+- support of user avatar in editor
 
 ## 8.2.3
 ## Added

diff --git a/appinfo/routes.php b/appinfo/routes.php
@@ -27,6 +27,7 @@
 	   ["name" => "editor#download", "url" => "/downloadas", "verb" => "GET"],
 	   ["name" => "editor#index", "url" => "/{fileId}", "verb" => "GET"],
 	   ["name" => "editor#public_page", "url" => "/s/{shareToken}", "verb" => "GET"],
+	   ["name" => "editor#user_info", "url" => "/ajax/userInfo", "verb" => "GET"],
 	   ["name" => "editor#users", "url" => "/ajax/users", "verb" => "GET"],
 	   ["name" => "editor#mention", "url" => "/ajax/mention", "verb" => "POST"],
 	   ["name" => "editor#reference", "url" => "/ajax/reference", "verb" => "POST"],

diff --git a/controller/callbackcontroller.php b/controller/callbackcontroller.php
@@ -42,6 +42,7 @@
 use OCA\Onlyoffice\Crypt;
 use OCA\Onlyoffice\DocumentService;
 use OCA\Onlyoffice\FileVersions;
+use OCA\Onlyoffice\FileUtility;
 use OCA\Onlyoffice\VersionManager;
 use OCA\Onlyoffice\KeyManager;
 use OCA\Onlyoffice\RemoteInstance;
@@ -242,13 +243,24 @@ public function download($doc) {
 		}
 
 		$shareToken = isset($hashData->shareToken) ? $hashData->shareToken : null;
-		list($file, $error) = empty($shareToken) ? $this->getFile($userId, $fileId, null, $changes ? null : $version, $template) : $this->getFileByToken($fileId, $shareToken, $changes ? null : $version);
+		list($file, $error, $share) = empty($shareToken) ? $this->getFile($userId, $fileId, null, $changes ? null : $version, $template) : $this->getFileByToken($fileId, $shareToken, $changes ? null : $version);
 
 		if (isset($error)) {
 			return $error;
 		}
 
-		if ($this->userSession->isLoggedIn() && !$file->isReadable()) {
+		$canDownload = true;
+
+		$fileStorage = $file->getStorage();
+		if ($fileStorage->instanceOfStorage("\OCA\Files_Sharing\SharedStorage") || !empty($shareToken)) {
+			$share = empty($share) ? $fileStorage->getShare() : $share;
+			$canDownload = FileUtility::canShareDownload($share);
+			if (!$canDownload && !empty($this->config->getDocumentServerSecret())) {
+				$canDownload = true;
+			}
+		}
+
+		if ($this->userSession->isLoggedIn() && !$file->isReadable() || !$canDownload) {
 			$this->logger->error("Download without access right", ["app" => $this->appName]);
 			return new JSONResponse(["message" => $this->trans->t("Access denied")], Http::STATUS_FORBIDDEN);
 		}
@@ -504,7 +516,7 @@ public function track($doc, $users, $key, $status, $url, $token, $history, $chan
 						\OC_Util::setupFS($userId);
 					}
 
-					list($file, $error) = empty($shareToken) ? $this->getFile($userId, $fileId, $filePath) : $this->getFileByToken($fileId, $shareToken);
+					list($file, $error, $share) = empty($shareToken) ? $this->getFile($userId, $fileId, $filePath) : $this->getFileByToken($fileId, $shareToken);
 
 					if (isset($error)) {
 						$this->logger->error("track error: $fileId " . json_encode($error->getData()), ["app" => $this->appName]);
@@ -613,20 +625,20 @@ function () use ($file, $newData) {
 	 */
 	private function getFile($userId, $fileId, $filePath = null, $version = 0, $template = false) {
 		if (empty($fileId)) {
-			return [null, new JSONResponse(["message" => $this->trans->t("FileId is empty")], Http::STATUS_BAD_REQUEST)];
+			return [null, new JSONResponse(["message" => $this->trans->t("FileId is empty")], Http::STATUS_BAD_REQUEST), null];
 		}
 
 		try {
 			$folder = !$template ? $this->root->getUserFolder($userId) : TemplateManager::getGlobalTemplateDir();
 			$files = $folder->getById($fileId);
 		} catch (\Exception $e) {
 			$this->logger->logException($e, ["message" => "getFile: $fileId", "app" => $this->appName]);
-			return [null, new JSONResponse(["message" => $this->trans->t("Invalid request")], Http::STATUS_BAD_REQUEST)];
+			return [null, new JSONResponse(["message" => $this->trans->t("Invalid request")], Http::STATUS_BAD_REQUEST), null];
 		}
 
 		if (empty($files)) {
 			$this->logger->error("Files not found: $fileId", ["app" => $this->appName]);
-			return [null, new JSONResponse(["message" => $this->trans->t("Files not found")], Http::STATUS_NOT_FOUND)];
+			return [null, new JSONResponse(["message" => $this->trans->t("Files not found")], Http::STATUS_NOT_FOUND), null];
 		}
 
 		$file = $files[0];
@@ -651,10 +663,10 @@ private function getFile($userId, $fileId, $filePath = null, $version = 0, $temp
 
 			if ($owner !== null) {
 				if ($owner->getUID() !== $userId) {
-					list($file, $error) = $this->getFile($owner->getUID(), $file->getId());
+					list($file, $error, $share) = $this->getFile($owner->getUID(), $file->getId());
 
 					if (isset($error)) {
-						return [null, $error];
+						return [null, $error, null];
 					}
 				}
 
@@ -667,7 +679,7 @@ private function getFile($userId, $fileId, $filePath = null, $version = 0, $temp
 			}
 		}
 
-		return [$file, null];
+		return [$file, null, null];
 	}
 
 	/**
@@ -683,26 +695,26 @@ private function getFileByToken($fileId, $shareToken, $version = 0) {
 		list($share, $error) = $this->getShare($shareToken);
 
 		if (isset($error)) {
-			return [null, $error];
+			return [null, $error, null];
 		}
 
 		try {
 			$node = $share->getNode();
 		} catch (NotFoundException $e) {
 			$this->logger->logException($e, ["message" => "getFileByToken error", "app" => $this->appName]);
-			return [null, new JSONResponse(["message" => $this->trans->t("File not found")], Http::STATUS_NOT_FOUND)];
+			return [null, new JSONResponse(["message" => $this->trans->t("File not found")], Http::STATUS_NOT_FOUND), null];
 		}
 
 		if ($node instanceof Folder) {
 			try {
 				$files = $node->getById($fileId);
 			} catch (\Exception $e) {
 				$this->logger->logException($e, ["message" => "getFileByToken: $fileId", "app" => $this->appName]);
-				return [null, new JSONResponse(["message" => $this->trans->t("Invalid request")], Http::STATUS_NOT_FOUND)];
+				return [null, new JSONResponse(["message" => $this->trans->t("Invalid request")], Http::STATUS_NOT_FOUND), null];
 			}
 
 			if (empty($files)) {
-				return [null, new JSONResponse(["message" => $this->trans->t("File not found")], Http::STATUS_NOT_FOUND)];
+				return [null, new JSONResponse(["message" => $this->trans->t("File not found")], Http::STATUS_NOT_FOUND), null];
 			}
 			$file = $files[0];
 		} else {
@@ -722,7 +734,7 @@ private function getFileByToken($fileId, $shareToken, $version = 0) {
 			}
 		}
 
-		return [$file, null];
+		return [$file, null, $share];
 	}
 
 	/**

diff --git a/controller/editorapicontroller.php b/controller/editorapicontroller.php
@@ -113,6 +113,13 @@ class EditorApiController extends OCSController {
 	 */
 	private $versionManager;
 
+	/**
+	 * Avatar manager
+	 *
+	 * @var IAvatarManager
+	 */
+	private $avatarManager;
+
 	/**
 	 * Tag manager
 	 *
@@ -167,6 +174,7 @@ public function __construct(
 		$this->versionManager = new VersionManager($AppName, $root);
 
 		$this->fileUtility = new FileUtility($AppName, $trans, $logger, $config, $shareManager, $session);
+		$this->avatarManager = \OC::$server->getAvatarManager();
 	}
 
 	/**
@@ -325,11 +333,8 @@ public function config($fileId, $filePath = null, $shareToken = null, $version =
 			$storageShare = $fileStorage->getShare();
 			if (method_exists($storageShare, "getAttributes")) {
 				$attributes = $storageShare->getAttributes();
-
-				$permissionsDownload = $attributes->getAttribute("permissions", "download");
-				if ($permissionsDownload !== null) {
-					$params["document"]["permissions"]["download"] = $params["document"]["permissions"]["print"] = $params["document"]["permissions"]["copy"] = $permissionsDownload === true;
-				}
+				$canDownload = FileUtility::canShareDownload($storageShare);
+				$params["document"]["permissions"]["download"] = $params["document"]["permissions"]["print"] = $params["document"]["permissions"]["copy"] = $canDownload === true;
 
 				if (isset($format["review"]) && $format["review"]) {
 					$permissionsReviewOnly = $attributes->getAttribute($this->appName, "review");
@@ -436,6 +441,19 @@ public function config($fileId, $filePath = null, $shareToken = null, $version =
 				"id" => $this->buildUserId($userId),
 				"name" => $user->getDisplayName()
 			];
+			$avatar = $this->avatarManager->getAvatar($userId);
+			if ($avatar->exists()) {
+				$userAvatarUrl = $this->urlGenerator->getAbsoluteURL(
+					$this->urlGenerator->linkToRoute(
+						"core.avatar.getAvatar",
+						[
+							"userId" => $userId,
+							"size" => 64,
+						]
+					)
+				);
+				$params["editorConfig"]["user"]["image"] = $userAvatarUrl;
+			}
 		}
 
 		$folderLink = null;

diff --git a/controller/editorcontroller.php b/controller/editorcontroller.php
@@ -140,6 +140,13 @@ class EditorController extends Controller {
 	 */
 	private $groupManager;
 
+	/**
+	 * Avatar manager
+	 *
+	 * @var IAvatarManager
+	 */
+	private $avatarManager;
+
 	/**
 	 * @param string $AppName - application name
 	 * @param IRequest $request - request object
@@ -186,6 +193,7 @@ public function __construct(
 		$this->versionManager = new VersionManager($AppName, $root);
 
 		$this->fileUtility = new FileUtility($AppName, $trans, $logger, $config, $shareManager, $session);
+		$this->avatarManager = \OC::$server->getAvatarManager();
 	}
 
 	/**
@@ -415,6 +423,49 @@ public function users($fileId, $operationType = null) {
 		return $result;
 	}
 
+	/**
+	 * Get user for Info
+	 *
+	 * @param string $userIds - users identifiers
+	 *
+	 * @return array
+	 *
+	 * @NoAdminRequired
+	 * @NoCSRFRequired
+	 */
+	public function userInfo($userIds) {
+		$result = [];
+		$userIds = json_decode($userIds, true);
+
+		if ($userIds !== null && is_array($userIds)) {
+			foreach ($userIds as $userId) {
+				$userData = [];
+				$user = $this->userManager->get($this->getUserId($userId));
+				if (!empty($user)) {
+					$userData = [
+						"name" => $user->getDisplayName(),
+						"id" => $userId
+					];
+					$avatar = $this->avatarManager->getAvatar($user->getUID());
+					if ($avatar->exists()) {
+						$userAvatarUrl = $this->urlGenerator->getAbsoluteURL(
+							$this->urlGenerator->linkToRoute(
+								"core.avatar.getAvatar",
+								[
+									"userId" => $user->getUID(),
+									"size" => 64,
+								]
+							)
+						);
+						$userData["image"] = $userAvatarUrl;
+					}
+					array_push($result, $userData);
+				}
+			}
+		}
+		return $result;
+	}
+
 	/**
 	 * Send notify about mention
 	 *
@@ -761,6 +812,18 @@ public function save($name, $dir, $url) {
 			return ["error" => $this->trans->t("You don't have enough permission to create")];
 		}
 
+		$documentServerUrl = $this->config->getDocumentServerUrl();
+
+		if (empty($documentServerUrl)) {
+			$this->logger->error("documentServerUrl is empty", ["app" => $this->appName]);
+			return ["error" => $this->trans->t("ONLYOFFICE app is not configured. Please contact admin")];
+		}
+
+		if (parse_url($url, PHP_URL_HOST) !== parse_url($documentServerUrl, PHP_URL_HOST)) {
+			$this->logger->error("Incorrect domain in file url", ["app" => $this->appName]);
+			return ["error" => $this->trans->t("The domain in the file url does not match the domain of the Document server")];
+		}
+
 		$url = $this->config->replaceDocumentServerUrlToInternal($url);
 
 		try {
@@ -1092,7 +1155,16 @@ public function url($filePath) {
 			$this->logger->error("File for generate presigned url was not found: $dir", ["app" => $this->appName]);
 			return ["error" => $this->trans->t("File not found")];
 		}
-		if (!$file->isReadable()) {
+
+		$canDownload = true;
+
+		$fileStorage = $file->getStorage();
+		if ($fileStorage->instanceOfStorage("\OCA\Files_Sharing\SharedStorage")) {
+			$share = $fileStorage->getShare();
+			$canDownload = FileUtility::canShareDownload($share);
+		}
+
+		if (!$file->isReadable() || !$canDownload) {
 			$this->logger->error("File without permission: $dir", ["app" => $this->appName]);
 			return ["error" => $this->trans->t("You do not have enough permissions to view the file")];
 		}
@@ -1162,6 +1234,14 @@ public function download($fileId, $toExtension = null, $template = false) {
 			return $this->renderError($this->trans->t("Not permitted"));
 		}
 
+		$fileStorage = $file->getStorage();
+		if ($fileStorage->instanceOfStorage("\OCA\Files_Sharing\SharedStorage")) {
+			$share = empty($share) ? $fileStorage->getShare() : $share;
+			if (!FileUtility::canShareDownload($share)) {
+				return $this->renderError($this->trans->t("Not permitted"));
+			}
+		}
+
 		$fileName = $file->getName();
 		$ext = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
 		$toExtension = strtolower($toExtension);
@@ -1460,6 +1540,21 @@ private function limitEnumerationToGroups() {
 		return false;
 	}
 
+	/**
+	 * Get Nextcloud userId from unique user identifier
+	 *
+	 * @param string $userId - current user identifier
+	 *
+	 * @return string
+	 */
+	private function getUserId($userId) {
+		if (str_contains($userId, "_")) {
+			$userIdExp = explode("_", $userId);
+			$userId = end($userIdExp);
+		}
+		return $userId;
+	}
+
 	/**
 	 * Print error page
 	 *