Return empty user status list if user enumeration is disabled (Fixes: #…

…27122) The functions to find statuses from other users listed other users even if with disabled enumeration (`shareapi_allow_share_dialog_user_enumeration` setting in core app settings). Now the functions respect `shareapi_allow_share_dialog_user_enumeration` and return empty lists if it is not set to `yes`. Fixes: #27122
nextcloud · Jul 8, 2021 · cf9f932 · cf9f932
1 parent 27fb46c
commit cf9f932
Showing 1 changed file with 12 additions and 5 deletions.
diff --git a/apps/user_status/lib/Service/StatusService.php b/apps/user_status/lib/Service/StatusService.php
@@ -35,6 +35,7 @@
 use OCA\UserStatus\Exception\StatusMessageTooLongException;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Utility\ITimeFactory;
+use OCP\IConfig;
 use OCP\UserStatus\IUserStatus;
 
 /**
@@ -83,22 +84,28 @@ class StatusService {
 	/** @var int */
 	public const MAXIMUM_MESSAGE_LENGTH = 80;
 
+	/** @var bool */
+	private $allowEnumeration;
+
 	/**
 	 * StatusService constructor.
 	 *
 	 * @param UserStatusMapper $mapper
 	 * @param ITimeFactory $timeFactory
-	 * @param PredefinedStatusService $defaultStatusService,
+	 * @param PredefinedStatusService $defaultStatusService
 	 * @param EmojiService $emojiService
+	 * @param IConfig $config
 	 */
 	public function __construct(UserStatusMapper $mapper,
 								ITimeFactory $timeFactory,
 								PredefinedStatusService $defaultStatusService,
-								EmojiService $emojiService) {
+								EmojiService $emojiService,
+								IConfig $config) {
 		$this->mapper = $mapper;
 		$this->timeFactory = $timeFactory;
 		$this->predefinedStatusService = $defaultStatusService;
 		$this->emojiService = $emojiService;
+		$this->allowEnumeration = $config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
 	}
 
 	/**
@@ -109,7 +116,7 @@ public function __construct(UserStatusMapper $mapper,
 	public function findAll(?int $limit = null, ?int $offset = null): array {
 		return array_map(function ($status) {
 			return $this->processStatus($status);
-		}, $this->mapper->findAll($limit, $offset));
+		}, $this->allowEnumeration ? $this->mapper->findAll($limit, $offset) : []);
 	}
 
 	/**
@@ -120,8 +127,8 @@ public function findAll(?int $limit = null, ?int $offset = null): array {
 	public function findAllRecentStatusChanges(?int $limit = null, ?int $offset = null): array {
 		return array_map(function ($status) {
 			return $this->processStatus($status);
-		}, $this->mapper->findAllRecent($limit, $offset));
-	}
+		}, $this->allowEnumeration ? $this->mapper->findAllRecent($limit, $offset) : []);
+}
 
 	/**
 	 * @param string $userId