b0esche/b0esche_cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance file sharing handlers to support user ownership checks and improve error handling

Browse Source
This commit is contained in:
Leon Bösche
2026-01-24 22:13:23 +01:00
parent d8133347f0
commit 1cf778366f
3 changed files with 30 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
b0esche_cloud/lib/widgets/share_file_dialog.dart
View File

@@ -139,6 +139,8 @@ class _ShareFileDialogState extends State<ShareFileDialog> {
fontSize: 20, fontSize: 20,
fontWeight: FontWeight.bold, fontWeight: FontWeight.bold,
), ),
maxLines: 1,
overflow: TextOverflow.ellipsis,
), ),
const Spacer(), const Spacer(),
IconButton( IconButton(
@@ -169,10 +171,13 @@ class _ShareFileDialogState extends State<ShareFileDialog> {
textAlign: TextAlign.center, textAlign: TextAlign.center,
), ),
const SizedBox(height: 16), const SizedBox(height: 16),
ModernGlassButton( SizedBox(
width: 160,
child: ModernGlassButton(
onPressed: _loadShareLink, onPressed: _loadShareLink,
child: const Text('Retry'), child: const Text('Retry'),
), ),
),
], ],
), ),
) )

BIN
go_cloud/api
View File

Binary file not shown.

28
go_cloud/internal/http/routes.go
View File

@@ -2696,6 +2696,8 @@ func getMimeType(filename string) string {
// File share handlers // File share handlers
func getFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *database.DB) { func getFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *database.DB) {
userIDStr, _ := middleware.GetUserID(r.Context())
userID, _ := uuid.Parse(userIDStr)
orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
fileId := chi.URLParam(r, "fileId") fileId := chi.URLParam(r, "fileId")
@@ -2705,14 +2707,18 @@ func getFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *databas
return return
} }
// Check if file exists and belongs to org // Check if file exists and belongs to org or is owned by user (for personal files)
file, err := db.GetFileByID(r.Context(), fileUUID) file, err := db.GetFileByID(r.Context(), fileUUID)
if err != nil { if err != nil {
errors.LogError(r, err, "Failed to get file") errors.LogError(r, err, "Failed to get file")
errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound) errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
return return
} }
if file.OrgID == nil || *file.OrgID != orgID { if file.OrgID != nil && *file.OrgID != orgID {
errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
return
}
if file.OrgID == nil && file.UserID != nil && *file.UserID != userID {
errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound) errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
return return
} }
@@ -2765,14 +2771,18 @@ func createFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *data
return return
} }
// Check if file exists and belongs to org // Check if file exists and belongs to org or is owned by user (for personal files)
file, err := db.GetFileByID(r.Context(), fileUUID) file, err := db.GetFileByID(r.Context(), fileUUID)
if err != nil { if err != nil {
errors.LogError(r, err, "Failed to get file") errors.LogError(r, err, "Failed to get file")
errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound) errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
return return
} }
if file.OrgID == nil || *file.OrgID != orgID { if file.OrgID != nil && *file.OrgID != orgID {
errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
return
}
if file.OrgID == nil && file.UserID != nil && *file.UserID != userID {
errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound) errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
return return
} }
@@ -2816,6 +2826,8 @@ func createFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *data
} }
func revokeFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *database.DB) { func revokeFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *database.DB) {
userIDStr, _ := middleware.GetUserID(r.Context())
userID, _ := uuid.Parse(userIDStr)
orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID) orgID := r.Context().Value(middleware.OrgKey).(uuid.UUID)
fileId := chi.URLParam(r, "fileId") fileId := chi.URLParam(r, "fileId")
@@ -2825,14 +2837,18 @@ func revokeFileShareLinkHandler(w http.ResponseWriter, r *http.Request, db *data
return return
} }
// Check if file exists and belongs to org // Check if file exists and belongs to org or is owned by user (for personal files)
file, err := db.GetFileByID(r.Context(), fileUUID) file, err := db.GetFileByID(r.Context(), fileUUID)
if err != nil { if err != nil {
errors.LogError(r, err, "Failed to get file") errors.LogError(r, err, "Failed to get file")
errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound) errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
return return
} }
if file.OrgID == nil || *file.OrgID != orgID { if file.OrgID != nil && *file.OrgID != orgID {
errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
return
}
if file.OrgID == nil && file.UserID != nil && *file.UserID != userID {
errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound) errors.WriteError(w, errors.CodeNotFound, "File not found", http.StatusNotFound)
return return
} }