public function getPathForToken($fileId, $version, $token)
{
$wopi = new Wopi();
$row = $wopi->loadBy('token', $token)->getData();
\OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', ['row' => $row]);
if (count($row) == 0) {
// Invalid token.
http_response_code(401);
return false;
}
//TODO: validate.
if ($row['expiry'] > time()) {
// Expired token!
//http_response_code(404);
//$wopi->deleteBy('id', $row['id']);
//return false;
}
if ($row['fileid'] != $fileId || $row['version'] != $version) {
// File unknown / user unauthorized (for the requested file).
http_response_code(404);
return false;
}
return array('owner' => $row['owner_uid'], 'editor' => $row['editor_uid'], 'path' => $row['path']);
}
/**
* @NoAdminRequired
* @NoCSRFRequired
* @PublicPage
* Given an access token and a fileId, replaces the files with the request body.
* Expects a valid token in access_token parameter.
*/
public function wopiPutFile($fileId)
{
$token = $this->request->getParam('access_token');
$arr = explode('_', $fileId, 2);
$version = '0';
if (count($arr) == 2) {
$fileId = $arr[0];
$version = $arr[1];
}
// Changing a previous version of the file is not possible
// Ignore WOPI put if such a request is encountered
if ($version !== '0') {
return array('status' => 'success');
}
\OC::$server->getLogger()->debug('Putting contents of file {fileId}, version {version} by token {token}.', ['app' => $this->appName, 'fileId' => $fileId, 'version' => $version, 'token' => $token]);
$row = new Db\Wopi();
$row->loadBy('token', $token);
$res = $row->getPathForToken($fileId, $version, $token);
// Log-in as the user to regiser the change under her name.
$editorid = $res['editor'];
// This call is made from loolwsd, so we need to initialize the
// session before we can make the user who opened the document
// login. This is necessary to make activity app register the
// change made to this file under this user's (editorid) name.
$this->loginUser($editorid);
// Set up the filesystem view for the owner (where the file actually is).
$userid = $res['owner'];
$root = '/' . $userid . '/files';
$view = new \OC\Files\View($root);
// Read the contents of the file from the POST body and store.
$content = fopen('php://input', 'r');
\OC::$server->getLogger()->debug('Storing file {fileId} by {editor} owned by {owner}.', ['app' => $this->appName, 'fileId' => $fileId, 'editor' => $editorid, 'owner' => $userid]);
// Setup the FS which is needed to emit hooks (versioning).
\OC_Util::tearDownFS();
\OC_Util::setupFS($userid, $root);
$view->file_put_contents($res['path'], $content);
\OC_Util::tearDownFS();
// clear any session created before
\OC::$server->getSession()->close();
return array('status' => 'success');
}
