nextcloud/passman
1
1
Fork 0
mirror of https://github.com/nextcloud/passman.git synced 2025-09-13 16:34:37 +08:00
Code Issues Projects Releases Packages Wiki Activity

fix/implement shared credential file upload for other users

Browse source
This commit is contained in:
binsky 2023-04-23 11:44:12 +02:00
parent 82efcde766
commit f97567d7f6
4 changed files with 69 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
appinfo/routes.php
View file

@ -64,6 +64,7 @@ return [
['name' => 'share#unshareCredentialFromUser', 'url' => '/api/v2/sharing/credential/{item_guid}/{user_id}', 'verb' => 'DELETE'],
['name' => 'share#getRevisions', 'url' => '/api/v2/sharing/credential/{item_guid}/revisions', 'verb' => 'GET'],
['name' => 'share#getItemAcl', 'url' => '/api/v2/sharing/credential/{item_guid}/acl', 'verb' => 'GET'],
['name' => 'share#uploadFile', 'url' => '/api/v2/sharing/credential/{item_guid}/file', 'verb' => 'POST'],
['name' => 'share#getFile', 'url' => '/api/v2/sharing/credential/{item_guid}/file/{file_guid}', 'verb' => 'GET'],
['name' => 'share#updateSharedCredentialACL', 'url' => '/api/v2/sharing/credential/{item_guid}/acl', 'verb' => 'PATCH'],
['name' => 'internal#getAppVersion', 'url' => '/api/v2/version', 'verb' => 'GET'],

34
controller/sharecontroller.php
View file

@ -489,6 +489,40 @@ class ShareController extends ApiController {
return new NotFoundJSONResponse();
}
/**
* @param $item_guid
* @param $data
* @param $filename
* @param $mimetype
* @param $size
* @return DataResponse|NotFoundJSONResponse|JSONResponse
* @throws \Exception
* @NoAdminRequired
* @NoCSRFRequired
*/
public function uploadFile($item_guid, $data, $filename, $mimetype, $size) {
try {
$credential = $this->credentialService->getCredentialByGUID($item_guid);
} catch (\Exception $e) {
return new NotFoundJSONResponse();
}
$acl = $this->shareService->getACL($this->userId->getUID(), $credential->getGuid());
if ($acl->hasPermission(SharingACL::FILES)) {
$file = array(
'filename' => $filename,
'size' => $size,
'mimetype' => $mimetype,
'file_data' => $data,
'user_id' => $credential->getUserId()
);
// save the file with the id of the user that owns the credential
return new JSONResponse($this->fileService->createFile($file, $credential->getUserId()));
}
return new DataResponse(['msg' => 'Not authorized'], Http::STATUS_UNAUTHORIZED);
}
/**
* @param $item_guid
* @param $user_id

49
js/app/controllers/edit_credential.js
View file

@ -161,26 +161,22 @@
$scope.selected_field_type = 'text';
_field.secret = (_field.field_type === 'password');
if(_field.field_type === 'file'){
var key = false;
var _file = $scope.new_custom_field.value;
if (!$scope.storedCredential.hasOwnProperty('acl') && $scope.storedCredential.hasOwnProperty('shared_key')) {
const key = CredentialService.getSharedKeyFromCredential($scope.storedCredential);
const file = $scope.new_custom_field.value;
if ($scope.storedCredential.shared_key) {
key = EncryptService.decryptString(angular.copy($scope.storedCredential.shared_key));
}
}
if ($scope.storedCredential.hasOwnProperty('acl')) {
key = EncryptService.decryptString(angular.copy($scope.storedCredential.acl.shared_key));
}
FileService.uploadFile(_file, key).then(function (result) {
const callback = function (result) {
delete result.file_data;
result.filename = EncryptService.decryptString(result.filename, key);
_field.value = result;
$scope.storedCredential.custom_fields.push(_field);
$scope.new_custom_field = angular.copy(_customField);
});
};
if (key) {
ShareService.uploadSharedFile($scope.storedCredential, file, key).then(callback);
} else {
FileService.uploadFile(file).then(callback);
}
} else {
$scope.storedCredential.custom_fields.push(_field);
$scope.new_custom_field = angular.copy(_customField);
@ -221,32 +217,25 @@
};
$scope.fileLoaded = function (file) {
var key;
var _file = {
const key = CredentialService.getSharedKeyFromCredential($scope.storedCredential);
const _file = {
filename: file.name,
size: file.size,
mimetype: file.type,
data: file.data
};
if (!$scope.storedCredential.hasOwnProperty('acl') && $scope.storedCredential.hasOwnProperty('shared_key')) {
if ($scope.storedCredential.shared_key) {
key = EncryptService.decryptString(angular.copy($scope.storedCredential.shared_key));
}
}
if ($scope.storedCredential.hasOwnProperty('acl')) {
key = EncryptService.decryptString(angular.copy($scope.storedCredential.acl.shared_key));
}
FileService.uploadFile(_file, key).then(function (result) {
const callback = function (result) {
delete result.file_data;
result.filename = EncryptService.decryptString(result.filename, key);
$scope.storedCredential.files.push(result);
});
};
if (key) {
ShareService.uploadSharedFile($scope.storedCredential, _file, key).then(callback);
} else {
FileService.uploadFile(_file).then(callback);
}
$scope.$digest();
};

16
js/app/services/shareservice.js
View file

@ -160,13 +160,27 @@
});
},
downloadSharedFile: function (credential, file) {
var queryUrl = OC.generateUrl('apps/passman/api/v2/sharing/credential/' + credential.guid + '/file/' + file.guid);
const queryUrl = OC.generateUrl('apps/passman/api/v2/sharing/credential/' + credential.guid + '/file/' + file.guid);
return $http.get(queryUrl).then(function (response) {
if (response.data) {
return response.data;
}
});
},
uploadSharedFile: function (credential, file, key) {
const queryUrl = OC.generateUrl('apps/passman/api/v2/sharing/credential/' + credential.guid + '/file');
let _file = angular.copy(file);
_file.filename = EncryptService.encryptString(_file.filename, key);
const data = EncryptService.encryptString(angular.copy(file.data), key);
_file.data = data;
return $http.post(queryUrl, _file).then(function (response) {
if (response.data) {
return response.data;
} else {
return response;
}
});
},
encryptSharedCredential: function (credential, sharedKey) {
var _credential = angular.copy(credential);
_credential.shared_key = EncryptService.encryptString(sharedKey);