Merge pull request #812 from nextcloud/bugfix/439/rebased

pref(storage): Optimize getNode() by using existing mount point info

Author: nickvergessen

lib/CacheWrapper.php

@@ -9,20 +9,24 @@
 namespace OCA\FilesAccessControl;
 
 use OC\Files\Cache\Wrapper\CacheWrapper as Wrapper;
+use OC\Files\Storage\Wrapper\Jail;
 use OCP\Constants;
 use OCP\Files\Cache\ICache;
 use OCP\Files\ForbiddenException;
+use OCP\Files\Mount\IMountPoint;
 use OCP\Files\Storage\IStorage;
 
 class CacheWrapper extends Wrapper {
 	protected readonly int $mask;
+	protected readonly ?IStorage $storage;
 
 	public function __construct(
 		ICache $cache,
-		protected readonly IStorage $storage,
+		protected readonly IMountPoint $mountPoint,
 		protected readonly Operation $operation,
 	) {
 		parent::__construct($cache);
+		$this->storage = $mountPoint->getStorage();
 		$this->mask = Constants::PERMISSION_ALL
 			& ~Constants::PERMISSION_READ
 			& ~Constants::PERMISSION_CREATE
@@ -34,7 +38,14 @@ public function __construct(
 	protected function formatCacheEntry($entry) {
 		if (isset($entry['path']) && isset($entry['permissions'])) {
 			try {
-				$this->operation->checkFileAccess($this->storage, $entry['path'], $entry['mimetype'] === 'httpd/unix-directory', $entry);
+				$storage = $this->storage;
+				$path = $entry['path'];
+				if ($storage?->instanceOfStorage(Jail::class)) {
+					/** @var Jail $storage */
+					$jailedPath = $storage->getJailedPath($path);
+					$path = $jailedPath ?? $path;
+				}
+				$this->operation->checkFileAccess($path, $this->mountPoint, $entry['mimetype'] === 'httpd/unix-directory', $entry);
 			} catch (ForbiddenException) {
 				$entry['permissions'] &= $this->mask;
 			}

lib/Operation.php

@@ -20,7 +20,6 @@
 use OCP\Files\Mount\IMountManager;
 use OCP\Files\Mount\IMountPoint;
 use OCP\Files\Node;
-use OCP\Files\NotFoundException;
 use OCP\Files\Storage\IStorage;
 use OCP\IL10N;
 use OCP\IURLGenerator;
@@ -29,7 +28,6 @@
 use OCP\WorkflowEngine\IRuleMatcher;
 use OCP\WorkflowEngine\ISpecificOperation;
 use Psr\Log\LoggerInterface;
-use ReflectionClass;
 use UnexpectedValueException;
 
 class Operation implements IComplexOperation, ISpecificOperation {
@@ -50,20 +48,24 @@ public function __construct(
 	 * @param array|ICacheEntry|null $cacheEntry
 	 * @throws ForbiddenException
 	 */
-	public function checkFileAccess(IStorage $storage, string $path, bool $isDir = false, $cacheEntry = null): void {
-		if (!$this->isBlockablePath($storage, $path) || $this->isCreatingSkeletonFiles() || $this->nestingLevel !== 0) {
+	public function checkFileAccess(string $path, IMountPoint $mountPoint, bool $isDir, $cacheEntry = null): void {
+		if (!$this->isBlockablePath($mountPoint, $path) || $this->isCreatingSkeletonFiles() || $this->nestingLevel !== 0) {
 			// Allow creating skeletons and theming
 			// https://github.com/nextcloud/files_accesscontrol/issues/5
 			// https://github.com/nextcloud/files_accesscontrol/issues/12
 			return;
 		}
+		$storage = $mountPoint->getStorage();
+		if ($storage === null) {
+			return;
+		}
 
 		$this->nestingLevel++;
 
 		$filePath = $this->translatePath($storage, $path);
 		$ruleMatcher = $this->manager->getRuleMatcher();
 		$ruleMatcher->setFileInfo($storage, $filePath, $isDir);
-		$node = $this->getNode($storage, $path, $cacheEntry);
+		$node = $this->getNode($path, $mountPoint, $cacheEntry);
 		if ($node !== null) {
 			$ruleMatcher->setEntitySubject($this->fileEntity, $node);
 		}
@@ -80,24 +82,8 @@ public function checkFileAccess(IStorage $storage, string $path, bool $isDir = f
 		}
 	}
 
-	protected function isBlockablePath(IStorage $storage, string $path): bool {
-		if (property_exists($storage, 'mountPoint')) {
-			$hasMountPoint = $storage instanceof StorageWrapper;
-			if (!$hasMountPoint) {
-				$ref = new ReflectionClass($storage);
-				$prop = $ref->getProperty('mountPoint');
-				$hasMountPoint = $prop->isPublic();
-			}
-
-			if ($hasMountPoint) {
-				/** @var StorageWrapper $storage */
-				$fullPath = $storage->mountPoint . ltrim($path, '/');
-			} else {
-				$fullPath = $path;
-			}
-		} else {
-			$fullPath = $path;
-		}
+	protected function isBlockablePath(IMountPoint $mountPoint, string $path): bool {
+		$fullPath = $mountPoint->getMountPoint() . ltrim($path, '/');
 
 		if (substr_count($fullPath, '/') < 3) {
 			return false;
@@ -297,40 +283,22 @@ public function onEvent(string $eventName, Event $event, IRuleMatcher $ruleMatch
 		// Noop
 	}
 
-	/**
-	 * @param array|ICacheEntry|null $cacheEntry
-	 */
-	private function getNode(IStorage $storage, string $path, $cacheEntry = null): ?Node {
-		if ($storage->instanceOfStorage(StorageWrapper::class)) {
-			/** @var StorageWrapper $storage */
-			$mountPoint = $storage->getMount();
-		} else {
-			// fairly sure this branch is never taken, but not 100%
-
-			/** @var IMountPoint|false $mountPoint */
-			$mountPoint = current($this->mountManager->findByStorageId($storage->getId()));
-			if (!$mountPoint) {
-				return null;
-			}
+	private function getNode(string $path, IMountPoint $mountPoint, ICacheEntry|array|null $cacheEntry = null): ?Node {
+		$fullPath = $mountPoint->getMountPoint() . $path;
+		if (!$cacheEntry) {
+			$cacheEntry = $mountPoint->getStorage()?->getCache()->get($path);
+		}
+		if (!$cacheEntry) {
+			return null;
 		}
 
-		$fullPath = $mountPoint->getMountPoint() . $path;
-		if ($cacheEntry) {
-			// todo: LazyNode?
-			$info = new FileInfo($fullPath, $mountPoint->getStorage(), $path, $cacheEntry, $mountPoint);
-			$isDir = $info->getType() === \OCP\Files\FileInfo::TYPE_FOLDER;
-			$view = new View('');
-			if ($isDir) {
-				return new Folder($this->rootFolder, $view, $path, $info);
-			} else {
-				return new \OC\Files\Node\File($this->rootFolder, $view, $path, $info);
-			}
-		} else {
-			try {
-				return $this->rootFolder->get($fullPath);
-			} catch (NotFoundException $e) {
-				return null;
-			}
+		// todo: LazyNode?
+		$info = new FileInfo($fullPath, $mountPoint->getStorage(), $path, $cacheEntry, $mountPoint);
+		$isDir = $info->getType() === \OCP\Files\FileInfo::TYPE_FOLDER;
+		$view = new View('');
+		if ($isDir) {
+			return new Folder($this->rootFolder, $view, $path, $info);
 		}
+		return new \OC\Files\Node\File($this->rootFolder, $view, $path, $info);
 	}
 }

lib/StorageWrapper.php

@@ -21,7 +21,7 @@ class StorageWrapper extends Wrapper implements IWriteStreamStorage {
 	protected readonly Operation $operation;
 	public readonly string $mountPoint;
 	protected readonly int $mask;
-	private readonly IMountPoint $mount;
+	protected readonly IMountPoint $mount;
 
 	/**
 	 * @param array $parameters
@@ -43,7 +43,7 @@ public function __construct($parameters) {
 	 * @throws ForbiddenException
 	 */
 	protected function checkFileAccess(string $path, ?bool $isDir = null): void {
-		$this->operation->checkFileAccess($this, $path, is_bool($isDir) ? $isDir : $this->is_dir($path));
+		$this->operation->checkFileAccess($path, $this->mount, is_bool($isDir) ? $isDir : $this->is_dir($path));
 	}
 
 	/*
@@ -264,7 +264,7 @@ public function getCache($path = '', $storage = null): ICache {
 			$storage = $this;
 		}
 		$cache = $this->storage->getCache($path, $storage);
-		return new CacheWrapper($cache, $storage, $this->operation);
+		return new CacheWrapper($cache, $this->mount, $this->operation);
 	}
 
 	/**

psalm.xml

@@ -30,5 +30,6 @@
 		<file name="tests/stubs/oc_hooks_emitter.php" />
 		<file name="tests/stubs/oc_files_cache_wrapper_cachewrapper.php" />
 		<file name="tests/stubs/oc_files_storage_wrapper_wrapper.php" />
+		<file name="tests/stubs/oc_files_storage_wrapper_jail.php" />
 	</stubs>
 </psalm>

tests/Unit/StorageWrapperTest.php

@@ -20,24 +20,30 @@ class StorageWrapperTest extends TestCase {
 	protected IStorage&MockObject $storage;
 	protected Operation&MockObject $operation;
 
+	/** @var IMountPoint|MockObject */
+	protected $mountPoint;
+
 	protected function setUp(): void {
 		parent::setUp();
 
 		$this->storage = $this->createMock(IStorage::class);
 		$this->operation = $this->createMock(Operation::class);
+
+		$this->mountPoint = $this->createMock(IMountPoint::class);
+		$this->mountPoint->method('getMountPoint')
+			->willReturn('mountPoint');
+		$this->mountPoint->method('getStorage')
+			->willReturn($this->storage);
 	}
 
 	protected function getInstance(array $methods = []): StorageWrapper&MockObject {
-		$mount = $this->createMock(IMountPoint::class);
-		$mount->method('getMountPoint')
-			->willReturn('mountPoint');
 		return $this->getMockBuilder(StorageWrapper::class)
 			->setConstructorArgs([
 				[
 					'storage' => $this->storage,
 					'mountPoint' => 'mountPoint',
+					'mount' => $this->mountPoint,
 					'operation' => $this->operation,
-					'mount' => $mount,
 				]
 			])
 			->onlyMethods($methods)
@@ -59,7 +65,7 @@ public function testCheckFileAccess(string $path, bool $isDir): void {
 
 		$this->operation->expects($this->once())
 			->method('checkFileAccess')
-			->with($storage, $path);
+			->with($path, $this->mountPoint, $isDir);
 
 		self::invokePrivate($storage, 'checkFileAccess', [$path, $isDir]);
 	}

tests/stubs/oc_files_storage_wrapper_jail.php

@@ -0,0 +1,11 @@
+<?php
+
+/**
+ * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-only
+ */
+
+namespace OC\Files\Storage\Wrapper {
+	class Jail extends Wrapper {
+	}
+}