<?php
/*
* Copyright (C) Ascensio System SIA, 2009-2026
*
* This program is a free software product. You can redistribute it and/or
* modify it under the terms of the GNU Affero General Public License (AGPL)
* version 3 as published by the Free Software Foundation, together with the
* additional terms provided in the LICENSE file.
*
* This program is distributed WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For
* details, see the GNU AGPL at: https://www.gnu.org/licenses/agpl-3.0.html
*
* You can contact Ascensio System SIA by email at info@onlyoffice.com
* or by postal mail at 20A-6 Ernesta Birznieka-Upisha Street, Riga,
* LV-1050, Latvia, European Union.
*
* The interactive user interfaces in modified versions of the Program
* are required to display Appropriate Legal Notices in accordance with
* Section 5 of the GNU AGPL version 3.
*
* No trademark rights are granted under this License.
*
* All non-code elements of the Product, including illustrations,
* icon sets, and technical writing content, are licensed under the
* Creative Commons Attribution-ShareAlike 4.0 International License:
* https://creativecommons.org/licenses/by-sa/4.0/legalcode
*
* This license applies only to such non-code elements and does not
* modify or replace the licensing terms applicable to the Program's
* source code, which remains licensed under the GNU Affero General
* Public License v3.
*
* SPDX-License-Identifier: AGPL-3.0-only
*/
namespace OCA\Onlyoffice\Controller;
use OCA\Files_Sharing\SharedStorage;
use OCA\Onlyoffice\AppConfig;
use OCA\Onlyoffice\ExtraPermissions;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\OCSController;
use OCP\Files\File;
use OCP\Files\IRootFolder;
use OCP\IRequest;
use OCP\IUserSession;
use OCP\Share\IManager;
use OCP\Share\IShare;
use Psr\Log\LoggerInterface;
/**
* OCS handler
*/
class SharingApiController extends OCSController {
public function __construct(
string $appName,
IRequest $request,
private readonly IRootFolder $root,
private readonly LoggerInterface $logger,
private readonly IUserSession $userSession,
private readonly IManager $shareManager,
private readonly AppConfig $appConfig,
private readonly ExtraPermissions $extraPermissions
) {
parent::__construct($appName, $request);
}
/**
* Get shares for file
*
* @param integer $fileId - file identifier
*
* @return DataResponse
*/
#[NoAdminRequired]
#[NoCSRFRequired]
public function getShares(int $fileId): DataResponse {
if (!$this->appConfig->getAdvanced()) {
$this->logger->debug("extraPermissions isn't init");
return new DataResponse([], Http::STATUS_BAD_REQUEST);
}
$user = $this->userSession->getUser();
$userId = $user->getUID();
$sourceFile = $this->getFile($fileId, $userId);
$fileStorage = $sourceFile->getStorage();
if ($fileStorage->instanceOfStorage(SharedStorage::class)) {
return new DataResponse([]);
}
$shares = $this->getSharesByOwner($userId, $sourceFile);
$extras = $this->extraPermissions->getExtras($shares);
return new DataResponse($extras);
}
/**
* Set shares for file
*
* @param integer $extraId - extra permission identifier
* @param string $shareId - share identifier
* @param integer $fileId - file identifier
* @param integer $permissions - permissions bitmask
*
* @return DataResponse
*/
#[NoAdminRequired]
#[NoCSRFRequired]
public function setShares(int $extraId, string $shareId, int $fileId, int $permissions): DataResponse {
if (!$this->appConfig->getAdvanced()) {
$this->logger->debug("extraPermissions isn't init");
return new DataResponse([], Http::STATUS_BAD_REQUEST);
}
$user = $this->userSession->getUser();
$userId = $user->getUID();
$sourceFile = $this->getFile($fileId, $userId);
$fileStorage = $sourceFile->getStorage();
if ($fileStorage->instanceOfStorage(SharedStorage::class)) {
return new DataResponse([], Http::STATUS_BAD_REQUEST);
}
$shares = $this->getSharesByOwner($userId, $sourceFile);
if (!array_filter($shares, fn (IShare $share) => $share->getId() === $shareId)) {
$this->logger->error("setShares: share $shareId not found for file $fileId.");
return new DataResponse([], Http::STATUS_BAD_REQUEST);
}
if (!$this->extraPermissions->setExtra($shareId, $permissions, $extraId)) {
$this->logger->error("setShares: couldn't set extra permissions for: " . $shareId);
return new DataResponse([], Http::STATUS_BAD_REQUEST);
}
$extra = $this->extraPermissions->getExtra($shareId);
return new DataResponse($extra);
}
/**
* Get source file
*
* @param integer $fileId - file identifier
* @param string $userId - user identifier
*/
private function getFile(int $fileId, string $userId): ?File {
try {
$folder = $this->root->getUserFolder($userId);
$files = $folder->getById($fileId);
} catch (\Exception $e) {
$this->logger->error("getFile: $fileId", ["exception" => $e]);
return null;
}
if (empty($files)) {
$this->logger->error("getFile: file not found: " . $fileId);
return null;
}
return $files[0];
}
/**
* Get all shares for a file created by the given user
* @param string $userId
* @param File $file
* @return IShare[]
*/
private function getSharesByOwner(string $userId, File $file): array {
$shareTypes = [
IShare::TYPE_USER,
IShare::TYPE_GROUP,
IShare::TYPE_ROOM,
IShare::TYPE_LINK,
IShare::TYPE_CIRCLE,
];
$shares = [];
foreach ($shareTypes as $type) {
$shares = [...$shares, ...$this->shareManager->getSharesBy($userId, $type, $file)];
}
return $shares;
}
}
