Skip to content

Commit

Permalink
Merge pull request #5533 from nextcloud/bugfix/noid/fix-permission-ch…
Browse files Browse the repository at this point in the history 
…eck-in-background-job

fix(activity): Fix permission checks when rendering activities in bac…
  • Loading branch information
@juliusknorr
juliusknorr authored Feb 2, 2024
2 parents c0d5633 + 16078a3 commit 74cf8d8
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
8 changes: 4 additions & 4 deletions lib/Activity/ActivityManager.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -566,19 +566,19 @@ private function findDetailsForAcl($aclId) {
];
}

public function canSeeCardActivity(int $cardId): bool {
public function canSeeCardActivity(int $cardId, string $userId): bool {
try {
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ);
$this->permissionService->checkPermission($this->cardMapper, $cardId, Acl::PERMISSION_READ, $userId);
$card = $this->cardMapper->find($cardId);
return $card->getDeletedAt() === 0;
} catch (NoPermissionException $e) {
return false;
}
}

public function canSeeBoardActivity(int $boardId): bool {
public function canSeeBoardActivity(int $boardId, string $userId): bool {
try {
$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ);
$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ, $userId);
$board = $this->boardMapper->find($boardId);
return $board->getDeletedAt() === 0;
} catch (NoPermissionException $e) {
Expand Down
4 changes: 2 additions & 2 deletions lib/Activity/DeckProvider.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ public function parse($language, IEvent $event, IEvent $previousEvent = null): I
$event->setAuthor($author);
}
if ($event->getObjectType() === ActivityManager::DECK_OBJECT_BOARD) {
if (!$this->activityManager->canSeeBoardActivity($event->getObjectId())) {
if (!$this->activityManager->canSeeBoardActivity($event->getObjectId(), $event->getAffectedUser())) {
throw new \InvalidArgumentException();
}
if (isset($subjectParams['board']) && $event->getObjectName() === '') {
Expand All @@ -128,7 +128,7 @@ public function parse($language, IEvent $event, IEvent $previousEvent = null): I
}

if (isset($subjectParams['card']) && $event->getObjectType() === ActivityManager::DECK_OBJECT_CARD) {
if (!$this->activityManager->canSeeCardActivity($event->getObjectId())) {
if (!$this->activityManager->canSeeCardActivity($event->getObjectId(), $event->getAffectedUser())) {
throw new \InvalidArgumentException();
}
if ($event->getObjectName() === '') {
Expand Down

0 comments on commit 74cf8d8

Please sign in to comment.