Fix check for single file

ente-io · Jan 7, 2025 · 2083632 · 2083632
1 parent 6898f0d
commit 2083632
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 8 deletions.
diff --git a/server/pkg/controller/filedata/controller.go b/server/pkg/controller/filedata/controller.go
@@ -123,10 +123,11 @@ func (c *Controller) InsertOrUpdateMetadata(ctx *gin.Context, req *fileData.PutF
 }
 
 func (c *Controller) GetFileData(ctx *gin.Context, req fileData.GetFileData) (*fileData.Entity, error) {
+	userID := auth.GetUserID(ctx.Request.Header)
 	if err := req.Validate(); err != nil {
 		return nil, stacktrace.Propagate(err, "validation failed")
 	}
-	if err := c._validateWritePermission(ctx, req.FileID, auth.GetUserID(ctx.Request.Header)); err != nil {
+	if err := c._validateReadPermission(ctx, userID, []int64{req.FileID}); err != nil {
 		return nil, stacktrace.Propagate(err, "")
 	}
 	doRows, err := c.Repo.GetFilesData(ctx, req.Type, []int64{req.FileID})
@@ -150,7 +151,10 @@ func (c *Controller) GetFileData(ctx *gin.Context, req fileData.GetFileData) (*f
 
 func (c *Controller) GetFilesData(ctx *gin.Context, req fileData.GetFilesData) (*fileData.GetFilesDataResponse, error) {
 	userID := auth.GetUserID(ctx.Request.Header)
-	if err := c._validateReadPermission(ctx, userID, req); err != nil {
+	if err := req.Validate(); err != nil {
+		return nil, stacktrace.Propagate(err, "req validation failed")
+	}
+	if err := c._validateReadPermission(ctx, userID, req.FileIDs); err != nil {
 		return nil, stacktrace.Propagate(err, "")
 	}
 
@@ -273,13 +277,10 @@ func (c *Controller) fetchS3FileMetadata(ctx context.Context, row fileData.Row,
 	return nil, stacktrace.Propagate(errors.New("failed to fetch object"), "")
 }
 
-func (c *Controller) _validateReadPermission(ctx *gin.Context, userID int64, req fileData.GetFilesData) error {
-	if err := req.Validate(); err != nil {
-		return stacktrace.Propagate(err, "validation failed")
-	}
+func (c *Controller) _validateReadPermission(ctx *gin.Context, userID int64, fileIDs []int64) error {
 	if err := c.AccessCtrl.CanAccessFile(ctx, &access.CanAccessFileParams{
 		ActorUserID: userID,
-		FileIDs:     req.FileIDs,
+		FileIDs:     fileIDs,
 	}); err != nil {
 		return stacktrace.Propagate(err, "User does not own some file(s)")
 	}

diff --git a/server/pkg/controller/filedata/preview_files.go b/server/pkg/controller/filedata/preview_files.go
@@ -13,7 +13,7 @@ func (c *Controller) GetPreviewUrl(ctx *gin.Context, request filedata.GetPreview
 		return nil, err
 	}
 	actorUser := auth.GetUserID(ctx.Request.Header)
-	if err := c._validateWritePermission(ctx, request.FileID, actorUser); err != nil {
+	if err := c._validateReadPermission(ctx, actorUser, []int64{request.FileID}); err != nil {
 		return nil, err
 	}
 	data, err := c.Repo.GetFilesData(ctx, request.Type, []int64{request.FileID})