Skip to content

Commit 00e9e70

Browse files
susnuxsusnux
committed
fix(db): Only query public shared forms if enabled by admin
Signed-off-by: Ferdinand Thiessen <[email protected]>
1 parent 2dbbee2 commit 00e9e70

File tree

1 file changed

+12
-6
lines changed

1 file changed

+12
-6
lines changed

lib/Db/FormMapper.php

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,7 @@
77
namespace OCA\Forms\Db;
88

99
use OCA\Forms\Constants;
10+
use OCA\Forms\Service\ConfigService;
1011
use OCP\AppFramework\Db\Entity;
1112
use OCP\AppFramework\Db\QBMapper;
1213
use OCP\DB\QueryBuilder\IQueryBuilder;
@@ -23,10 +24,11 @@ class FormMapper extends QBMapper {
2324
* @param IDBConnection $db
2425
*/
2526
public function __construct(
27+
IDBConnection $db,
2628
private QuestionMapper $questionMapper,
2729
private ShareMapper $shareMapper,
2830
private SubmissionMapper $submissionMapper,
29-
IDBConnection $db,
31+
private ConfigService $configService,
3032
) {
3133
parent::__construct($db, 'forms_v2_forms', Form::class);
3234
}
@@ -133,19 +135,23 @@ public function findSharedForms(string $userId, array $groups = [], array $teams
133135

134136
// build expression for publicly shared forms (default only directly shown)
135137
if ($filterShown) {
136-
// Only shown
137-
$access = $qbShares->expr()->in('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_ARRAY_SHOWN, IQueryBuilder::PARAM_INT_ARRAY, ':access_shown'));
138-
} else {
138+
// Only shown forms
139+
if ($this->configService->getAllowShowToAll()) {
140+
$access = $qbShares->expr()->in('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_ARRAY_SHOWN, IQueryBuilder::PARAM_INT_ARRAY, ':access_shown'));
141+
}
142+
} elseif ($this->configService->getAllowPermitAll()) {
139143
// All
140144
$access = $qbShares->expr()->neq('access_enum', $qbShares->createNamedParameter(Constants::FORM_ACCESS_NOPUBLICSHARE, IQueryBuilder::PARAM_INT, ':access_nopublicshare'));
141145
}
142146

147+
// Build the where clause for membership or public access
148+
$memberOrPublic = isset($access) ? $qbShares->expr()->orX($memberships, $access) : $memberships;
149+
143150
// Select all DISTINCT IDs of shared forms
144151
$qbShares->selectDistinct('forms.id')
145152
->from($this->getTableName(), 'forms')
146153
->leftJoin('forms', $this->shareMapper->getTableName(), 'shares', $qbShares->expr()->eq('forms.id', 'shares.form_id'))
147-
->where($memberships)
148-
->orWhere($access)
154+
->where($memberOrPublic)
149155
->andWhere($qbShares->expr()->neq('forms.owner_id', $qbShares->createNamedParameter($userId, IQueryBuilder::PARAM_STR, ':owner_id')));
150156

151157
// Select the whole forms for the DISTINCT shared forms IDs

0 commit comments

Comments
 (0)