diff --git a/appinfo/routes.php b/appinfo/routes.php index f7642f4b..3922dea9 100644 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -57,6 +57,7 @@ return [ ['name' => 'share#deleteShareRequest', 'url' => '/api/v2/sharing/decline/{share_request_id}', 'verb' => 'DELETE'], ['name' => 'share#getVaultItems', 'url' => '/api/v2/sharing/vault/{vault_guid}/get', 'verb' => 'GET'], ['name' => 'share#getRevisions', 'url' => '/api/v2/sharing/revisions/{item_guid}', 'verb' => 'GET'], + ['name' => 'share#getCredentialData', 'url' => '/api/v2/sharing/credential/{credential_guid}', 'verb' => 'GET'], //Internal API ['name' => 'internal#remind', 'url' => '/api/internal/notifications/remind/{credential_id}', 'verb' => 'POST'], diff --git a/controller/sharecontroller.php b/controller/sharecontroller.php index 1afdab0d..32ed3712 100644 --- a/controller/sharecontroller.php +++ b/controller/sharecontroller.php @@ -16,6 +16,8 @@ use OCA\Passman\Db\Vault; use OCA\Passman\Service\CredentialService; use OCA\Passman\Service\NotificationService; use OCA\Passman\Service\ShareService; +use OCP\AppFramework\Db\DoesNotExistException; +use OCP\AppFramework\Http\NotFoundResponse; use OCP\IRequest; use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\ApiController; @@ -221,6 +223,11 @@ class ShareController extends ApiController { return new JSONResponse($results); } + /** + * @param $item_guid + * @return JSONResponse + * @NoAdminRequired + */ public function getRevisions($item_guid){ return new JSONResponse($this->shareService->getItemHistory($this->userId, $item_guid)); } @@ -233,6 +240,11 @@ class ShareController extends ApiController { return new JSONResponse($this->shareService->getSharedItems($this->userId->getUID(), $vault_guid)); } + /** + * @param $share_request_id + * @return JSONResponse + * @NoAdminRequired + */ public function deleteShareRequest($share_request_id){ $sr = $this->shareService->getShareRequestById($share_request_id); $notification = array( @@ -258,4 +270,20 @@ class ShareController extends ApiController { return new JSONResponse(array('result'=> true)); } + /** + * @param $credential_guid + * @return JSONResponse + * @NoAdminRequired + * @NoCSRFRequired + * @PublicPage + */ + public function getCredentialData($credential_guid) { + try { + $credential = $this->shareService->getSharedItem($this->userId, $credential_guid); + return new JSONResponse($credential); + } + catch (DoesNotExistException $ex){ + return new NotFoundResponse(); + } + } } \ No newline at end of file diff --git a/lib/Db/SharingACLMapper.php b/lib/Db/SharingACLMapper.php index 13ee3c93..3ded3fc8 100644 --- a/lib/Db/SharingACLMapper.php +++ b/lib/Db/SharingACLMapper.php @@ -57,8 +57,16 @@ class SharingACLMapper extends Mapper { * @return SharingACL */ public function getItemACL($user_id, $item_guid) { - $q = "SELECT * FROM " . self::TABLE_NAME . " WHERE user_id = ? AND item_guid = ?"; - return $this->findEntity($q, [$user_id, $item_guid]); + $q = "SELECT * FROM " . self::TABLE_NAME . " WHERE item_guid = ? AND "; + $filter = [$item_guid]; + if ($user_id == null){ + $q .= 'user_id is null'; + } + else { + $q .= 'user_id = ? '; + $filter[] = $user_id; + } + return $this->findEntity($q, $filter); } /** diff --git a/lib/Service/ShareService.php b/lib/Service/ShareService.php index 1f7f9345..1010d996 100644 --- a/lib/Service/ShareService.php +++ b/lib/Service/ShareService.php @@ -119,6 +119,22 @@ class ShareService { return $return; } + public function getSharedItem($user_id, $item_guid){ + $acl = $this->sharingACL->getItemACL($user_id, $item_guid); + + // Check if the user can read the credential, probably unnecesary, but just to be sure + if (!$acl->hasPermission(SharingACL::READ)) return null; + + $return = $acl->jsonSerialize(); + $tmp['credential_data'] = $this->credential->getCredentialById($acl->getItemId())->jsonSerialize(); + + if (!$acl->hasPermission(SharingACL::FILES)) unset($tmp['credential_data']['files']); + unset($tmp['credential_data']['shared_key']); + $return[] = $tmp; + + return $return; + } + /** * Gets history from the given item checking the user's permissions to access it * @param $user_id