public function getPathForToken($fileId, $version, $token) { $wopi = new Wopi(); $row = $wopi->loadBy('token', $token)->getData(); \OC::$server->getLogger()->debug('Loaded WOPI Token record: {row}.', ['row' => $row]); if (count($row) == 0) { // Invalid token. http_response_code(401); return false; } //TODO: validate. if ($row['expiry'] > time()) { // Expired token! //http_response_code(404); //$wopi->deleteBy('id', $row['id']); //return false; } if ($row['fileid'] != $fileId || $row['version'] != $version) { // File unknown / user unauthorized (for the requested file). http_response_code(404); return false; } return array('owner' => $row['owner_uid'], 'editor' => $row['editor_uid'], 'path' => $row['path']); }
/** * @NoAdminRequired * @NoCSRFRequired * @PublicPage * Given an access token and a fileId, replaces the files with the request body. * Expects a valid token in access_token parameter. */ public function wopiPutFile($fileId) { $token = $this->request->getParam('access_token'); $arr = explode('_', $fileId, 2); $version = '0'; if (count($arr) == 2) { $fileId = $arr[0]; $version = $arr[1]; } // Changing a previous version of the file is not possible // Ignore WOPI put if such a request is encountered if ($version !== '0') { return array('status' => 'success'); } \OC::$server->getLogger()->debug('Putting contents of file {fileId}, version {version} by token {token}.', ['app' => $this->appName, 'fileId' => $fileId, 'version' => $version, 'token' => $token]); $row = new Db\Wopi(); $row->loadBy('token', $token); $res = $row->getPathForToken($fileId, $version, $token); // Log-in as the user to regiser the change under her name. $editorid = $res['editor']; // This call is made from loolwsd, so we need to initialize the // session before we can make the user who opened the document // login. This is necessary to make activity app register the // change made to this file under this user's (editorid) name. $this->loginUser($editorid); // Set up the filesystem view for the owner (where the file actually is). $userid = $res['owner']; $root = '/' . $userid . '/files'; $view = new \OC\Files\View($root); // Read the contents of the file from the POST body and store. $content = fopen('php://input', 'r'); \OC::$server->getLogger()->debug('Storing file {fileId} by {editor} owned by {owner}.', ['app' => $this->appName, 'fileId' => $fileId, 'editor' => $editorid, 'owner' => $userid]); // Setup the FS which is needed to emit hooks (versioning). \OC_Util::tearDownFS(); \OC_Util::setupFS($userid, $root); $view->file_put_contents($res['path'], $content); \OC_Util::tearDownFS(); // clear any session created before \OC::$server->getSession()->close(); return array('status' => 'success'); }