instanceof cannot be used to check the instance of a storage, doing so
breaks the check in certain cases. In this case, enabling the
`files_accesscontrol` app breaks the check.
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
The isPublicShare was set to false in one instance where it should have
been true. Flipping the value to true, would break the functionality for
PROPFIND /public.php/webdav/ which returns properties of files in a
share identified by the username being the share token.
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
The `$path` argument was added in https://github.com/nextcloud/server/pull/48612, but was never actually used by the callers. The path was therefore missing in the favorite/unfavorite events, which lead to a broken activity information.
I also added a fallback to handle `addToFavorites` and `removeFromFavorites`, which are part of a public API, and are calling `tagAs` and `untag` without `$path`.
Fix https://github.com/nextcloud/activity/issues/2134
Signed-off-by: Louis Chemineau <louis@chmn.me>
Emits a `preloadCollection` event in the DAV server, so that plugins can listen to it and preload DAV properties for files inside a collection, to avoid the N+1 issue that would follow if loading properties on a per-file basis.
This allows plugins to preload the content of a Collection to speed-up
subsequent per-node PROPFINDs and reduce database load.
Signed-off-by: Salvatore Martire <4652631+salmart-dev@users.noreply.github.com>
We already do that for files, we are now also doing for calendars.
With relatively small amount of calendars, I managed to reduce the
number of DB requests by 35% and from 23 DB requests touching the
oc_properties table to only 3.
Signed-off-by: Carl Schwan <carl.schwan@nextclound.com>
Directories should also have the correct mtime set and not the current
time. For this the `Streamer` class needs to support passing a time
attribute for creating folders, the underlying library already supports
this.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
This currently prevent directly accessing a ressource when clicking on a link on a third party site. Example, clicking on `https://example.com/public.php/dav/files/pqLWcA269zfzXez/?accept=zip` in a GitHub comment.
Skipping the check is an issue with password protected shares, as it allows third party sites to request the ressource when the user already entered the password, aka CSRF. So after removing the check from `base.php`, we need to add the it again in the `PublicAuth` plugin.
We also add a redirect to be helpful to the user.
**Warning**: this adds the limitation that clicking on a direct download link for password protected shares will redirect you to the password form, and then to the main share view.
Fix#52482
Signed-off-by: Louis Chemineau <louis@chmn.me>
The function was already there but called the legacy version.
So moved the implementation and migrated all usages of it.
Sadly the interface was slightly different so adjusted it to be
compatible with both legacy and the OCP one.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
nextcloud-command
Salvatore Martire
provokateurin
Ferdinand Thiessen
skjnldsv
Joas Schilling
Carl Schwan
Joas Schilling
Louis Chemineau
Carl Schwan
Richard Steinmetz
Git'Fellow
Carl Schwan
Robin Appelman
Jyrki Gadinger
John Molakvoæ
Julius Knorr
Maxence Lange
Daniel