Resolve "Selbst hochgeladene Dateien in Ordnern ohne Lesezugriff schlecht sichtbar"

Closes #2954 Merge request studip/studip!1997
author: Philipp Schüttlöffel <schuettloeffel@zqs.uni-hannover.de> 2024-06-17 06:59:12 +0000
committer: Jan-Hendrik Willms <tleilax+studip@gmail.com> 2024-06-17 06:59:12 +0000
commit: a815a566e2fb858f692eb15950fc538d45231e0a (patch)
tree: ee8639cb2cd373cad0f59312077c75e9788fcbc1 /lib/filesystem
parent: 9d7610060f6b6befdb11ee559447d1e3d0b01a5c (diff)
3 files changed, 58 insertions, 12 deletions
diff --git a/lib/filesystem/HomeworkFolder.php b/lib/filesystem/HomeworkFolder.php
index 70447fb..fb93ef8 100644
--- a/lib/filesystem/HomeworkFolder.php
+++ b/lib/filesystem/HomeworkFolder.php
@@ -82,10 +82,6 @@ class HomeworkFolder extends PermissionEnabledFolder
         $template = $GLOBALS['template_factory']->open('filesystem/homework_folder/description.php');
         $template->folder     = $this;
         $template->folderdata = $this->folderdata;
-        if (!Seminar_Perm::get()->have_studip_perm('tutor', $this->range_id)) {
-            $files = new SimpleCollection($this->getFiles());
-            $template->own_files = $files->findBy('user_id', $GLOBALS['user']->id)->orderBy('name');
-        }
 
         return $template;
     }
@@ -101,6 +97,28 @@ class HomeworkFolder extends PermissionEnabledFolder
     }
 
     /**
+     * @param string $user_id
+     * @return bool
+     */
+    public function isReadable($user_id = null)
+    {
+        return StandardFolder::isReadable($user_id);
+    }
+
+    /**
+     * Determines if a user may see the file.
+     * @param FileRef|string $fileref_or_id
+     * @param string $user_id
+     * @return bool
+     */
+    public function isFileVisible($fileref_or_id, $user_id)
+    {
+        $fileref = FileRef::toObject($fileref_or_id);
+
+        return $fileref->user_id === $user_id || parent::isReadable($user_id);
+    }
+
+    /**
      * @param FileRef|string $fileref_or_id
      * @param string $user_id
      * @return bool
diff --git a/lib/filesystem/PermissionEnabledFolder.php b/lib/filesystem/PermissionEnabledFolder.php
index d41ebe3..c286c53 100644
--- a/lib/filesystem/PermissionEnabledFolder.php
+++ b/lib/filesystem/PermissionEnabledFolder.php
@@ -118,6 +118,27 @@ class PermissionEnabledFolder extends StandardFolder
     }
 
     /**
+     * @return FileType[]
+     */
+    public function getFiles()
+    {
+        return array_filter(parent::getFiles(), function($file) {
+            return $this->isFileVisible($file->getFileRef(), $GLOBALS['user']->id);
+        });
+    }
+
+    /**
+     * Determines if a user may see the file.
+     * @param FileRef|string $fileref_or_id
+     * @param string $user_id
+     * @return bool
+     */
+    public function isFileVisible($fileref_or_id, $user_id)
+    {
+        return $this->isReadable($user_id);
+    }
+
+    /**
      * @param $fileref_or_id
      * @param $user_id
      * @return bool
@@ -127,7 +148,7 @@ class PermissionEnabledFolder extends StandardFolder
         $fileref = FileRef::toObject($fileref_or_id);
 
         if (is_object($fileref)) {
-            if ($this->isVisible($user_id) && $this->isReadable($user_id)) {
+            if ($this->isVisible($user_id) && $this->isFileVisible($fileref, $user_id)) {
                 return $fileref->terms_of_use->isDownloadable($this->range_id, $this->range_type, true, $user_id);
             }
         }
diff --git a/lib/filesystem/TimedFolder.php b/lib/filesystem/TimedFolder.php
index d5f933b..0c159d6 100644
--- a/lib/filesystem/TimedFolder.php
+++ b/lib/filesystem/TimedFolder.php
@@ -81,7 +81,7 @@ class TimedFolder extends PermissionEnabledFolder
                 ($this->end_time == 0 || $this->end_time >= $now)
                 ||
                 $GLOBALS['perm']->have_studip_perm($this->must_have_perm, $this->range_id, $user_id)) &&
-            parent::isReadable($user_id);
+            StandardFolder::isReadable($user_id);
     }
 
     public function isWritable($user_id = null)
@@ -96,6 +96,19 @@ class TimedFolder extends PermissionEnabledFolder
     }
 
     /**
+     * Determines if a user may see the file.
+     * @param FileRef|string $fileref_or_id
+     * @param string $user_id
+     * @return bool
+     */
+    public function isFileVisible($fileref_or_id, $user_id)
+    {
+        $fileref = FileRef::toObject($fileref_or_id);
+
+        return $fileref->user_id === $user_id || parent::isReadable($user_id);
+    }
+
+    /**
      * This function returns the suitable Icon for this folder type (TimedFolder)
      *
      * @return Icon The icon object for this folder type
@@ -143,12 +156,6 @@ class TimedFolder extends PermissionEnabledFolder
         $template->folder     = $this;
         $template->folderdata = $this->folderdata;
 
-        if (!Seminar_Perm::get()->have_studip_perm('tutor', $this->range_id) &&
-                $this->isWritable($GLOBALS['user']->id) && !$this->isReadable($GLOBALS['user']->id)) {
-            $files = new SimpleCollection($this->getFiles());
-            $template->own_files = $files->findBy('user_id', $GLOBALS['user']->id)->orderBy('name');
-        }
-
         return $template;
     }
author	Philipp Schüttlöffel <schuettloeffel@zqs.uni-hannover.de>	2024-06-17 06:59:12 +0000
committer	Jan-Hendrik Willms <tleilax+studip@gmail.com>	2024-06-17 06:59:12 +0000
commit	a815a566e2fb858f692eb15950fc538d45231e0a (patch)
tree	ee8639cb2cd373cad0f59312077c75e9788fcbc1 /lib/filesystem
parent	9d7610060f6b6befdb11ee559447d1e3d0b01a5c (diff)