Skip to content

Commit b18372e

Browse files
ArtificialOwlArtificialOwl
authored
Merge pull request #56668 from nextcloud/fix/noid/real-account-on-deleted-federation
fix(trashbin): deletedBy of a file from a federated folder
2 parents 86f0cbf + ea8b133 commit b18372e

File tree

1 file changed

+31
-1
lines changed

1 file changed

+31
-1
lines changed

apps/files_trashbin/lib/Trashbin.php

Lines changed: 31 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -40,12 +40,16 @@
4040
use OCP\FilesMetadata\IFilesMetadataManager;
4141
use OCP\IConfig;
4242
use OCP\IDBConnection;
43+
use OCP\IRequest;
4344
use OCP\IURLGenerator;
4445
use OCP\IUserManager;
4546
use OCP\Lock\ILockingProvider;
4647
use OCP\Lock\LockedException;
4748
use OCP\Server;
49+
use OCP\Share\Exceptions\ShareNotFound;
4850
use OCP\Util;
51+
use Psr\Container\ContainerExceptionInterface;
52+
use Psr\Container\NotFoundExceptionInterface;
4953
use Psr\Log\LoggerInterface;
5054

5155
/** @template-implements IEventListener<BeforeNodeDeletedEvent> */
@@ -326,13 +330,16 @@ public static function move2trash($file_path, $ownerOnly = false) {
326330
}
327331

328332
if ($moveSuccessful) {
333+
// there is still a possibility that the file has been deleted by a remote user
334+
$deletedBy = self::overwriteDeletedBy($user);
335+
329336
$query = Server::get(IDBConnection::class)->getQueryBuilder();
330337
$query->insert('files_trash')
331338
->setValue('id', $query->createNamedParameter($filename))
332339
->setValue('timestamp', $query->createNamedParameter($timestamp))
333340
->setValue('location', $query->createNamedParameter($location))
334341
->setValue('user', $query->createNamedParameter($owner))
335-
->setValue('deleted_by', $query->createNamedParameter($user));
342+
->setValue('deleted_by', $query->createNamedParameter($deletedBy));
336343
$result = $query->executeStatement();
337344
if (!$result) {
338345
Server::get(LoggerInterface::class)->error('trash bin database couldn\'t be updated', ['app' => 'files_trashbin']);
@@ -1182,6 +1189,29 @@ private static function getNodeForPath(string $user, string $path, string $baseD
11821189
}
11831190
}
11841191

1192+
/**
1193+
* in case the request is authed, and user token is from a federated share
1194+
* we use shared_with as initiator of the deletion
1195+
*/
1196+
private static function overwriteDeletedBy(string $user) {
1197+
try {
1198+
$request = Server::get(IRequest::class);
1199+
/** @psalm-suppress NoInterfaceProperties */
1200+
$token = $request->server['PHP_AUTH_USER'] ?? '';
1201+
if ($token === '') {
1202+
return $user;
1203+
}
1204+
1205+
$federatedShareProvider = Server::get(\OCA\FederatedFileSharing\FederatedShareProvider::class);
1206+
$share = $federatedShareProvider->getShareByToken($token);
1207+
1208+
return $share->getSharedWith();
1209+
} catch (NotFoundExceptionInterface|ContainerExceptionInterface|ShareNotFound) {
1210+
}
1211+
1212+
return $user;
1213+
}
1214+
11851215
public function handle(Event $event): void {
11861216
if ($event instanceof BeforeNodeDeletedEvent) {
11871217
self::ensureFileScannedHook($event->getNode());

0 commit comments

Comments
 (0)