0013258: do not check download grant for record attachments
authorPhilipp Schüle <p.schuele@metaways.de>
Thu, 22 Jun 2017 14:53:28 +0000 (16:53 +0200)
committerPhilipp Schüle <p.schuele@metaways.de>
Thu, 22 Jun 2017 15:43:40 +0000 (17:43 +0200)
* as we already checked the acl for the record
* added a test assertion for the download

https://forge.tine20.org/view.php?id=13258

Change-Id: I311483c0a45c0ece5b7fcc0146612d9f148a3533
Reviewed-on: http://gerrit.tine20.com/customers/4933
Tested-by: Jenkins CI (http://ci.tine20.com/)
Reviewed-by: Philipp Schüle <p.schuele@metaways.de>
tests/tine20/Tinebase/Frontend/WebDAV/RecordTest.php
tine20/Tinebase/Frontend/WebDAV/File.php
tine20/Tinebase/Model/Tree/Node/Path.php

index a565532..8451de3 100644 (file)
@@ -45,7 +45,10 @@ class Tinebase_Frontend_WebDAV_RecordTest extends TestCase
         $node = $this->_getWebDAVTree()->getNodeForPath('/webdav/Calendar/records/Calendar_Model_Event/' . $savedEvent->getId() . '/' . $tempFile->name);
         $this->assertEquals('text/plain', $node->getContentType());
         $this->assertEquals(17, $node->getSize());
-        
+        $handle = $node->get();
+        self::assertTrue(is_resource($handle));
+        fclose($handle);
+
         return $savedEvent;
     }
     
@@ -59,7 +62,7 @@ class Tinebase_Frontend_WebDAV_RecordTest extends TestCase
         $this->assertEquals('text/plain', $node->getContentType());
         $this->assertEquals(17, $node->getSize());
     }
-    
+
     /**
      * 
      * @return \Sabre\DAV\ObjectTree
index ff6f2a0..0bf0817 100644 (file)
@@ -18,7 +18,12 @@ class Tinebase_Frontend_WebDAV_File extends Tinebase_Frontend_WebDAV_Node implem
 {
     public function get() 
     {
-        if (!Tinebase_Core::getUser()->hasGrant($this->_getContainer(), Tinebase_Model_Grants::GRANT_DOWNLOAD)) {
+        $pathRecord = Tinebase_Model_Tree_Node_Path::createFromStatPath($this->_path);
+        if (! $pathRecord->isRecordPath() && ! Tinebase_Core::getUser()->hasGrant(
+                $this->_getContainer(),
+                Tinebase_Model_Grants::GRANT_DOWNLOAD
+            )
+        ) {
             throw new Sabre\DAV\Exception\Forbidden('Forbidden to download file: ' . $this->_path);
         }
         $handle = Tinebase_FileSystem::getInstance()->fopen($this->_path, 'r');
index 670bf59..d025c0d 100644 (file)
@@ -58,6 +58,11 @@ class Tinebase_Model_Tree_Node_Path extends Tinebase_Record_Abstract
     const FOLDERS_PART = 'folders';
 
     /**
+     * records path part
+     */
+    const RECORDS_PART = 'records';
+
+    /**
      * key in $_validators/$_properties array for the field which 
      * represents the identifier
      * 
@@ -456,6 +461,18 @@ class Tinebase_Model_Tree_Node_Path extends Tinebase_Record_Abstract
     }
 
     /**
+     * returns true if path belongs to a record or record attachment
+     *
+     * @return bool
+     * @throws Tinebase_Exception_InvalidArgument
+     */
+    public function isRecordPath()
+    {
+        $parts = $this->_getPathParts();
+        return (count($parts) > 2 && $parts[2] === self::RECORDS_PART);
+    }
+
+    /**
      * validate node/container existance
      * 
      * @throws Tinebase_Exception_NotFound