From 131adde88fd9cd576bfdd14ab05789c4ba98076f Mon Sep 17 00:00:00 2001
From: Louis Chemineau <louis@chmn.me>
Date: Mon, 26 Feb 2024 16:57:30 +0100
Subject: [PATCH] fix(dav): Init ViewOnlyPlugin after auth

Signed-off-by: Louis Chemineau <louis@chmn.me>
---
 apps/dav/lib/Server.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php
index f59534f7b14ca..27cb8b7d79027 100644
--- a/apps/dav/lib/Server.php
+++ b/apps/dav/lib/Server.php
@@ -230,11 +230,6 @@ public function __construct(IRequest $request, string $baseUri) {
 			$this->server->addPlugin(new FakeLockerPlugin());
 		}
 
-		// Allow view-only plugin for webdav requests
-		$this->server->addPlugin(new ViewOnlyPlugin(
-			\OC::$server->getUserFolder(),
-		));
-
 		if (BrowserErrorPagePlugin::isBrowserRequest($request)) {
 			$this->server->addPlugin(new BrowserErrorPagePlugin());
 		}
@@ -244,6 +239,11 @@ public function __construct(IRequest $request, string $baseUri) {
 
 		// wait with registering these until auth is handled and the filesystem is setup
 		$this->server->on('beforeMethod:*', function () use ($root, $lazySearchBackend, $logger) {
+			// Allow view-only plugin for webdav requests
+			$this->server->addPlugin(new ViewOnlyPlugin(
+				\OC::$server->getUserFolder(),
+			));
+
 			// custom properties plugin must be the last one
 			$userSession = \OC::$server->getUserSession();
 			$user = $userSession->getUser();