DontSellMe/richdocuments
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

wopi: support for file sharing and authentication

Browse Source
This commit is contained in:
Ashod Nakashian 2016-03-23 21:57:22 -04:00
parent 1a737b4f07
commit 38c1b87435
2 changed files with 32 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
controller/documentcontroller.php
View File

@ -301,6 +301,7 @@ class DocumentController extends Controller{
}
/**
* @NoAdminRequired
* Generates and returns an access token for a given fileId.
* Only for authenticated users!
*/
@ -332,6 +333,10 @@ class DocumentController extends Controller{
$row->loadBy('token', $token);
$res = $row->getPathForToken($fileId, $token);
if ($res == false || http_response_code() != 200)
{
return false;
}
$view = new \OC\Files\View('/' . $res['user'] . '/');
$info = $view->getFileInfo($res['path']);

31
lib/db/wopi.php
View File

@ -40,10 +40,21 @@ class Wopi extends \OCA\Richdocuments\Db{
* Returns the token.
*/
public function generateFileToken($fileId){
$user = \OC_User::getUser();
$view = new \OC\Files\View('/' . $user . '/');
$path = $view->getPath($fileId);
// Get the FS view of the current user.
$view = \OC\Files\Filesystem::getView();
// Get the virtual path (if the file is shared).
$path = $view->getPath($fileId);
if (!$view->is_file($path) || !$view->isUpdatable($path)) {
throw new \Exception('Invalid fileId.');
}
// Figure out the real owner, if not us.
$user = $view->getOwner($path);
// Create a view into the owner's FS.
$view = new \OC\Files\View('/' . $user . '/');
// Find the real path.
$path = $view->getPath($fileId);
if (!$view->is_file($path)) {
throw new \Exception('Invalid fileId.');
}
@ -80,13 +91,25 @@ class Wopi extends \OCA\Richdocuments\Db{
$wopi = new Wopi();
$row = $wopi->loadBy('token', $token)->getData();
\OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', [ 'row' => $row ]);
if (count($row) == 0)
{
// Invalid token.
http_response_code(401);
return false;
}
//TODO: validate.
if ($row['expiry'] > time() || $row['fileid'] !== $fileId){
if ($row['expiry'] > time()){
// Expired token!
//http_response_code(404);
//$wopi->deleteBy('id', $row['id']);
//return false;
}
if ($row['fileid'] !== $fileId){
// File unknown / user unauthorized (for the requested file).
http_response_code(404);
return false;
}
$user = $row['uid'];
$view = new \OC\Files\View('/' . $user . '/');