From 6f03703591c27f44ad6d1163126204d4ebeba632 Mon Sep 17 00:00:00 2001
From: Marcus Eibrink-Lunzenauer <lunzenauer@elan-ev.de>
Date: Tue, 12 Oct 2021 07:51:51 +0200
Subject: [PATCH] Allow users to see files that are downloadable to them.

If a user knows the ID of a file and that file is downloadable to them, they may see the metadata of that file too.

Fixes #285.
---
 lib/classes/JsonApi/Routes/Files/Authority.php | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/lib/classes/JsonApi/Routes/Files/Authority.php b/lib/classes/JsonApi/Routes/Files/Authority.php
index 14629fb0ce8..a98ea0f35f8 100644
--- a/lib/classes/JsonApi/Routes/Files/Authority.php
+++ b/lib/classes/JsonApi/Routes/Files/Authority.php
@@ -55,12 +55,7 @@ class Authority
 
     public static function canShowFileRef(User $user, \FileRef $fileRef)
     {
-        $folder = $fileRef->foldertype;
-
-        return
-            $folder
-            && $folder->isVisible($user->id)
-            && $folder->isReadable($user->id);
+        return $fileRef->getFileType()->isVisible($user->id) || $fileRef->getFileType()->isDownloadable($user->id);
     }
 
     public static function canUpdateFileRef(User $user, \FileRef $fileRef)
-- 
GitLab