From 51377570530fa299cf96cc60eaa26dbf14cf0872 Mon Sep 17 00:00:00 2001
From: Louis Chemineau <louis@chmn.me>
Date: Mon, 26 Feb 2024 16:57:30 +0100
Subject: [PATCH] fix(dav): Init ViewOnlyPlugin after auth

Signed-off-by: Louis Chemineau <louis@chmn.me>
---
 apps/dav/lib/Server.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php
index 2bff8e7ebd6..3c7e0936735 100644
--- a/apps/dav/lib/Server.php
+++ b/apps/dav/lib/Server.php
@@ -241,11 +241,6 @@ class Server {
 			$this->server->addPlugin(new FakeLockerPlugin());
 		}
 
-		// Allow view-only plugin for webdav requests
-		$this->server->addPlugin(new ViewOnlyPlugin(
-			\OC::$server->getUserFolder(),
-		));
-
 		if (BrowserErrorPagePlugin::isBrowserRequest($request)) {
 			$this->server->addPlugin(new BrowserErrorPagePlugin());
 		}
@@ -255,6 +250,11 @@ class Server {
 
 		// wait with registering these until auth is handled and the filesystem is setup
 		$this->server->on('beforeMethod:*', function () use ($root, $lazySearchBackend, $logger) {
+			// Allow view-only plugin for webdav requests
+			$this->server->addPlugin(new ViewOnlyPlugin(
+				\OC::$server->getUserFolder(),
+			));
+
 			// custom properties plugin must be the last one
 			$userSession = \OC::$server->getUserSession();
 			$user = $userSession->getUser();