Enhance file sharing handlers to support user ownership checks and improve error handling

2026-01-24 22:13:23 +01:00
parent d8133347f0
commit 1cf778366f
3 changed files with 30 additions and 9 deletions
--- a/b0esche_cloud/lib/widgets/share_file_dialog.dart
+++ b/b0esche_cloud/lib/widgets/share_file_dialog.dart
@@ -139,6 +139,8 @@ class _ShareFileDialogState extends State<ShareFileDialog> {
                    fontSize: 20,
                    fontWeight: FontWeight.bold,
                  ),
+                  maxLines: 1,
+                  overflow: TextOverflow.ellipsis,
                ),
                const Spacer(),
                IconButton(
@@ -169,9 +171,12 @@ class _ShareFileDialogState extends State<ShareFileDialog> {
                      textAlign: TextAlign.center,
                    ),
                    const SizedBox(height: 16),
-                    ModernGlassButton(
-                      onPressed: _loadShareLink,
-                      child: const Text('Retry'),
+                    SizedBox(
+                      width: 160,
+                      child: ModernGlassButton(
+                        onPressed: _loadShareLink,
+                        child: const Text('Retry'),
+                      ),
                    ),
                  ],
                ),
--- a/go_cloud/api
+++ b/go_cloud/api
--- a/go_cloud/internal/http/routes.go
+++ b/go_cloud/internal/http/routes.go
@@ -2696,6 +2696,8 @@ func getMimeType(filename string) string {
 // File share handlers

 func getFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *database.DB) {
+	userIDStr, _ := middleware.GetUserID(r.Context())
+	userID, _ := uuid.Parse(userIDStr)
 	orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
 	fileId := chi.URLParam(r, "fileId")

@@ -2705,14 +2707,18 @@ func getFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *databas
 		return
 	}

-	// Check if file exists and belongs to org
+	// Check if file exists and belongs to org or is owned by user (for personal files)
 	file, err := db.GetFileByID(r.Context(), fileUUID)
 	if err != nil {
 		errors.LogError(r, err, "Failed to get file")
 		errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
 		return
 	}
-	if file.OrgID == nil || *file.OrgID != orgID {
+	if file.OrgID != nil && *file.OrgID != orgID {
+		errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
+		return
+	}
+	if file.OrgID == nil && file.UserID != nil && *file.UserID != userID {
 		errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
 		return
 	}
@@ -2765,14 +2771,18 @@ func createFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *data
 		return
 	}

-	// Check if file exists and belongs to org
+	// Check if file exists and belongs to org or is owned by user (for personal files)
 	file, err := db.GetFileByID(r.Context(), fileUUID)
 	if err != nil {
 		errors.LogError(r, err, "Failed to get file")
 		errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
 		return
 	}
-	if file.OrgID == nil || *file.OrgID != orgID {
+	if file.OrgID != nil && *file.OrgID != orgID {
+		errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
+		return
+	}
+	if file.OrgID == nil && file.UserID != nil && *file.UserID != userID {
 		errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
 		return
 	}
@@ -2816,6 +2826,8 @@ func createFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *data
 }

 func revokeFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *database.DB) {
+	userIDStr, _ := middleware.GetUserID(r.Context())
+	userID, _ := uuid.Parse(userIDStr)
 	orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
 	fileId := chi.URLParam(r, "fileId")

@@ -2825,14 +2837,18 @@ func revokeFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *data
 		return
 	}

-	// Check if file exists and belongs to org
+	// Check if file exists and belongs to org or is owned by user (for personal files)
 	file, err := db.GetFileByID(r.Context(), fileUUID)
 	if err != nil {
 		errors.LogError(r, err, "Failed to get file")
 		errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
 		return
 	}
-	if file.OrgID == nil || *file.OrgID != orgID {
+	if file.OrgID != nil && *file.OrgID != orgID {
+		errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
+		return
+	}
+	if file.OrgID == nil && file.UserID != nil && *file.UserID != userID {
 		errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
 		return
 	}