fix(auth/scope): fix nested resource check when creating a new resource

When creating a reource (e.g a document via the app/new endpoint) below a next folder structure of a public link, we can't stat the resource itself (it doesn't exit yet) for checking if it is a descendant of the share root. We now stat the resource's parent instead in that case. Fixes: owncloud/ocis#8957
rhafer · Apr 25, 2024 · 87097fd · 87097fd
1 parent 4bb1bbd
commit 87097fd
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 0 deletions.
diff --git a/changelog/unreleased/fix-publicshare-nested-appnew.md b/changelog/unreleased/fix-publicshare-nested-appnew.md
@@ -0,0 +1,6 @@
+Bugfix: Fix creating documents in nested folders of public shares
+
+We fixed a bug that prevented creating new documented in a nested folder
+of a public share.
+
+https://github.com/cs3org/reva/pull/xxxx
diff --git a/internal/grpc/interceptors/auth/scope.go b/internal/grpc/interceptors/auth/scope.go
@@ -313,6 +313,14 @@ func checkIfNestedResource(ctx context.Context, ref *provider.Reference, parent
 	if err != nil {
 		return false, err
 	}
+	if childStat.Status.Code == rpc.Code_CODE_NOT_FOUND && ref.GetPath() != "" && ref.GetPath() != "." {
+		// The resource does not seem to exist (yet?). We might be part of an initiate upload request.
+		// Stat the parent to get its path and check that against the root path.
+		childStat, err = client.Stat(ctx, &provider.StatRequest{Ref: &provider.Reference{ResourceId: ref.GetResourceId()}})
+		if err != nil {
+			return false, err
+		}
+	}
 	if childStat.Status.Code != rpc.Code_CODE_OK {
 		return false, statuspkg.NewErrorFromCode(childStat.Status.Code, "auth interceptor")
 	}