From f7e1e79880261e62daad800c42c0b65ca593a223 Mon Sep 17 00:00:00 2001
From: Marcel Klehr <mklehr@gmx.net>
Date: Thu, 6 Jul 2023 12:41:42 +0200
Subject: [PATCH] LLM OCP API: Fix security issue

Signed-off-by: Marcel Klehr <mklehr@gmx.net>
---
 core/Controller/LanguageModelApiController.php | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/core/Controller/LanguageModelApiController.php b/core/Controller/LanguageModelApiController.php
index b31b8f66b4a..21954e7f1c7 100644
--- a/core/Controller/LanguageModelApiController.php
+++ b/core/Controller/LanguageModelApiController.php
@@ -85,6 +85,10 @@ class LanguageModelApiController extends \OCP\AppFramework\OCSController {
 		try {
 			$task = $this->languageModelManager->getTask($id);
 
+			if ($this->userId !== $task->getUserId()) {
+				return new DataResponse(['message' => $this->l->t('Task not found')], Http::STATUS_NOT_FOUND);
+			}
+
 			return new DataResponse([
 				'task' => $task,
 			]);