feat: Add allowed_view_extensions config node

Signed-off-by: Kostiantyn Miakshyn <[email protected]>
nextcloud · Oct 26, 2024 · bf2f624 · bf2f624
1 parent 6ce11f8
commit bf2f624
Show file tree

Hide file tree

Showing 3 changed files with 20 additions and 2 deletions.
diff --git a/lib/Service/ApiService.php b/lib/Service/ApiService.php
@@ -81,8 +81,13 @@ public function create(?int $fileId = null, ?string $filePath = null, ?string $b
 			if ($storage->instanceOfStorage(SharedStorage::class)) {
 				/** @var IShare $share */
 				$share = $storage->getShare();
-				$shareAttribtues = $share->getAttributes();
-				if ($shareAttribtues !== null && $shareAttribtues->getAttribute('permissions', 'download') === false) {
+
+				$allowedFileExtensions = $this->configService->getAllowedViewFileExtensions();
+				$isAllowedToViewForExtension = $allowedFileExtensions && in_array($file->getExtension(), $allowedFileExtensions, true);
+				$shareAttributes = $share->getAttributes();
+				$isAllowedByShare = $shareAttributes === null || $shareAttributes->getAttribute('permissions', 'download') !== false;
+
+				if (!$isAllowedToViewForExtension && !$isAllowedByShare) {
 					return new DataResponse(['error' => $this->l10n->t('This file cannot be displayed as download is disabled by the share')], Http::STATUS_FORBIDDEN);
 				}
 			}

diff --git a/lib/Service/AttachmentService.php b/lib/Service/AttachmentService.php
@@ -39,6 +39,7 @@ public function __construct(
 		private IMimeTypeDetector $mimeTypeDetector,
 		private IURLGenerator $urlGenerator,
 		private IFilenameValidator $filenameValidator,
+		private ConfigService $configService,
 	) {
 	}
 
@@ -464,6 +465,12 @@ private function isDownloadDisabled(File $file): bool {
 		if ($storage->instanceOfStorage(SharedStorage::class)) {
 			/** @var SharedStorage $storage */
 			$share = $storage->getShare();
+
+			$allowedFileExtensions = $this->configService->getAllowedViewFileExtensions();
+			if ($allowedFileExtensions && in_array($file->getExtension(), $allowedFileExtensions, true)) {
+				return false;
+			}
+
 			$attributes = $share->getAttributes();
 			if ($attributes !== null && $attributes->getAttribute('permissions', 'download') === false) {
 				return true;

diff --git a/lib/Service/ConfigService.php b/lib/Service/ConfigService.php
@@ -42,6 +42,12 @@ public function isRichWorkspaceEnabledForUser(?string $userId): bool {
 
 	public function isNotifyPushSyncEnabled(): bool {
 		return $this->appConfig->getValueBool(Application::APP_NAME, 'notify_push');
+	}
 
+	/**
+	 * @return string[]
+	 */
+	public function getAllowedViewFileExtensions(): array {
+		return $this->config->getSystemValue('allowed_view_extensions', []);
 	}
 }