fix: attachment visibility for authenticated users via shared links #6878
Conversation
lib/Middleware/SessionMiddleware.php
Outdated
| // Check if user has access to document | ||
| if ($this->rootFolder->getUserFolder($userId)->getFirstNodeById($documentId) === null) { | ||
| throw new InvalidSessionException(); | ||
| if (count($this->rootFolder->getUserFolder($userId)->getById($documentId)) !== 0) { |
There was a problem hiding this comment.
Any reason to move away from getFirstNodeById? It would be the more performant approach and I'd prefer to keep that.
Signed-off-by: ailkiv <a.ilkiv.ye@gmail.com>
AIlkiv
force-pushed
the
fix/attachments-authenticated-view
branch
from
2a7b772 to
e089475
Compare
|
The failed tests seem unrelated to my changes. Please rerun tests. |
|
Hello there, We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process. Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6 Thank you for contributing to Nextcloud and we hope to hear from you soon! (If you believe you should not receive this message, you can add yourself to the blocklist.) |
📝 Summary
Bug description and steps to reproduce:
admin: Created a Collective.
admin: Added a page with attached images.
admin: Enabled "access via link."
admin: Shared the link with Alice.
alice: Logged into Nextcloud.
alice: Opens the link.
Result: The Collective opens, but the images return a 403 error code.
🖼️ Screenshots
🏁 Checklist
npm run lint/npm run stylelint/composer run cs:check)