Resolve "Selbst hochgeladene Dateien in Ordnern ohne Lesezugriff schlecht sichtbar"

Closes #2954

Merge request !1997

lib/classes/JsonApi/Routes/Files/RangeFileRefsIndex.php

@@ -13,7 +13,7 @@ class RangeFileRefsIndex extends AbstractRangeIndex
 
         $filerefs = [];
         foreach ($filesAndFolders['files'] as $file_object) {
-            if (method_exists($file_object, "getFileRef")) {
+            if (method_exists($file_object, 'getFileRef')) {
                 $filerefs[] = $file_object->getFileRef();
             }
         }

lib/classes/JsonApi/Routes/Files/SubfilerefsIndex.php

@@ -2,6 +2,7 @@
 
 namespace JsonApi\Routes\Files;
 
+use FileRef;
 use Psr\Http\Message\ServerRequestInterface as Request;
 use Psr\Http\Message\ResponseInterface as Response;
 use JsonApi\Errors\AuthorizationFailedException;
@@ -28,8 +29,14 @@ class SubfilerefsIndex extends JsonApiController
             throw new AuthorizationFailedException();
         }
 
-        $fileRefs = $folder->file_refs->getArrayCopy();
-        list($offset, $limit) = $this->getOffsetAndLimit();
+        $fileRefs = array_map(
+            function (\FileType $file): FileRef {
+                return $file->getFileRef();
+            },
+            $folder->getFiles()
+        );
+
+        [$offset, $limit] = $this->getOffsetAndLimit();
 
         return $this->getPaginatedContentResponse(
             array_slice($fileRefs, $offset, $limit),

lib/classes/JsonApi/Schemas/File.php

@@ -29,7 +29,7 @@ class File extends SchemaProvider
             'chdate' => date('c', $resource['chdate']),
         ];
 
-        if ($resource['metadata']['url']) {
+        if (!empty($resource['metadata']['url'])) {
             if (FilesAuthority::canUpdateFile($this->currentUser, $resource)) {
                 $attributes['url'] = $resource['metadata']['url'];
             }

lib/classes/JsonApi/Schemas/Folder.php

@@ -169,14 +169,24 @@ class Folder extends SchemaProvider
         return $relationships;
     }
 
+    /**
+     * @param \FolderType $resource
+     */
     private function getFilesRelationship(array $relationships, $resource)
     {
+        $fileRefs = array_map(
+            function (\FileType $file): \FileRef {
+                return $file->getFileRef();
+            },
+            $resource->getFiles()
+        );
+
         $relationships[self::REL_FILE_REFS] = [
             self::RELATIONSHIP_LINKS => [
                 Link::RELATED => $this->getRelationshipRelatedLink($resource, self::REL_FILE_REFS),
             ],
             self::RELATIONSHIP_META => [
-                'count' => count($resource->file_refs)
+                'count' => count($fileRefs),
             ],
         ];
 

lib/filesystem/HomeworkFolder.php

@@ -82,10 +82,6 @@ class HomeworkFolder extends PermissionEnabledFolder
         $template = $GLOBALS['template_factory']->open('filesystem/homework_folder/description.php');
         $template->folder     = $this;
         $template->folderdata = $this->folderdata;
-        if (!Seminar_Perm::get()->have_studip_perm('tutor', $this->range_id)) {
-            $files = new SimpleCollection($this->getFiles());
-            $template->own_files = $files->findBy('user_id', $GLOBALS['user']->id)->orderBy('name');
-        }
 
         return $template;
     }
@@ -100,6 +96,28 @@ class HomeworkFolder extends PermissionEnabledFolder
         return '';
     }
 
+    /**
+     * @param string $user_id
+     * @return bool
+     */
+    public function isReadable($user_id = null)
+    {
+        return StandardFolder::isReadable($user_id);
+    }
+
+    /**
+     * Determines if a user may see the file.
+     * @param FileRef|string $fileref_or_id
+     * @param string $user_id
+     * @return bool
+     */
+    public function isFileVisible($fileref_or_id, $user_id)
+    {
+        $fileref = FileRef::toObject($fileref_or_id);
+
+        return $fileref->user_id === $user_id || parent::isReadable($user_id);
+    }
+
     /**
      * @param FileRef|string $fileref_or_id
      * @param string $user_id

lib/filesystem/PermissionEnabledFolder.php

@@ -117,6 +117,27 @@ class PermissionEnabledFolder extends StandardFolder
         return '';
     }
 
+    /**
+     * @return FileType[]
+     */
+    public function getFiles()
+    {
+        return array_filter(parent::getFiles(), function($file) {
+            return $this->isFileVisible($file->getFileRef(), $GLOBALS['user']->id);
+        });
+    }
+
+    /**
+     * Determines if a user may see the file.
+     * @param FileRef|string $fileref_or_id
+     * @param string $user_id
+     * @return bool
+     */
+    public function isFileVisible($fileref_or_id, $user_id)
+    {
+        return $this->isReadable($user_id);
+    }
+
     /**
      * @param $fileref_or_id
      * @param $user_id
@@ -127,7 +148,7 @@ class PermissionEnabledFolder extends StandardFolder
         $fileref = FileRef::toObject($fileref_or_id);
 
         if (is_object($fileref)) {
-            if ($this->isVisible($user_id) && $this->isReadable($user_id)) {
+            if ($this->isVisible($user_id) && $this->isFileVisible($fileref, $user_id)) {
                 return $fileref->terms_of_use->isDownloadable($this->range_id, $this->range_type, true, $user_id);
             }
         }

lib/filesystem/TimedFolder.php

@@ -81,7 +81,7 @@ class TimedFolder extends PermissionEnabledFolder
                 ($this->end_time == 0 || $this->end_time >= $now)
                 ||
                 $GLOBALS['perm']->have_studip_perm($this->must_have_perm, $this->range_id, $user_id)) &&
-            parent::isReadable($user_id);
+            StandardFolder::isReadable($user_id);
     }
 
     public function isWritable($user_id = null)
@@ -95,6 +95,19 @@ class TimedFolder extends PermissionEnabledFolder
             parent::isWritable($user_id);
     }
 
+    /**
+     * Determines if a user may see the file.
+     * @param FileRef|string $fileref_or_id
+     * @param string $user_id
+     * @return bool
+     */
+    public function isFileVisible($fileref_or_id, $user_id)
+    {
+        $fileref = FileRef::toObject($fileref_or_id);
+
+        return $fileref->user_id === $user_id || parent::isReadable($user_id);
+    }
+
     /**
      * This function returns the suitable Icon for this folder type (TimedFolder)
      *
@@ -143,12 +156,6 @@ class TimedFolder extends PermissionEnabledFolder
         $template->folder     = $this;
         $template->folderdata = $this->folderdata;
 
-        if (!Seminar_Perm::get()->have_studip_perm('tutor', $this->range_id) &&
-                $this->isWritable($GLOBALS['user']->id) && !$this->isReadable($GLOBALS['user']->id)) {
-            $files = new SimpleCollection($this->getFiles());
-            $template->own_files = $files->findBy('user_id', $GLOBALS['user']->id)->orderBy('name');
-        }
-
         return $template;
     }
 

templates/filesystem/homework_folder/description.php

 <div style="font-style: italic">
     <?=_("Dieser Ordner ist ein Hausaufgabenordner. Es können nur Dateien eingestellt werden.")?>
 </div>
-<? if (!empty($own_files) && count($own_files) > 0) : ?>
-<?= _("Sie selbst haben folgende Dateien in diesen Ordner eingestellt:") ?>
-    <ul>
-        <? foreach ($own_files as $own_file) :?>
-            <li><?=htmlReady($own_file->name)?> - <?=strftime('%x %X', $own_file->chdate)?></li>
-        <? endforeach ?>
-    </ul>
-<? endif ?>
+
 <? if ($folderdata['description']) : ?>
 <hr>
     <div>

templates/filesystem/timed_folder/description.php

@@ -36,17 +36,6 @@
 <? endif ?>
 </div>
 
-<? if (!empty($own_files) && count($own_files) > 0) : ?>
-    <div>
-        <?= _('Sie selbst haben folgende Dateien in diesen Ordner eingestellt:') ?>
-        <ul>
-            <? foreach ($own_files as $own_file) : ?>
-                <li><?= htmlReady($own_file->name) ?> - <?= strftime('%x %X', $own_file->chdate) ?></li>
-            <? endforeach ?>
-        </ul>
-    </div>
-<? endif ?>
-
 <? if ($folderdata['description']) : ?>
 <hr>
     <div>