Enable per-contact file sharing permissions

2024-04-16 11:33:56 -07:00 · 2024-04-16 11:33:56 -07:00 · b32b11c711
parent 0e96539f22
commit b32b11c711
3 changed files with 18 additions and 2 deletions
--- a/extensions/profile_value.go
+++ b/extensions/profile_value.go
@ -104,6 +104,15 @@ func (pne ProfileValueExtension) OnContactRequestValue(profile peer.CwtchPeer, c
 			val, exists = profile.GetScopedZonedAttribute(attr.PublicScope, attr.ProfileZone, constants.Name)
 		}

+		// NOTE: Cwtch 1.15+ requires that profiles be able to restrict file downloading to specific contacts. As such we need an ACL check here
+		// on the fileshareing zone.
+		// TODO: Split this functionality into FilesharingFunctionality, and restrict this function to only considering Profile zoned attributes?
+		if zone == attr.FilesharingZone {
+			if !conversation.GetPeerAC().ShareFiles {
+				return
+			}
+		}
+
 		// Construct a Response
 		resp := event.NewEvent(event.SendRetValMessageToPeer, map[event.Field]string{event.ConversationID: strconv.Itoa(conversation.ID), event.RemotePeer: conversation.Handle, event.Exists: strconv.FormatBool(exists)})
 		resp.EventID = eventID
--- a/functionality/filesharing/image_previews.go
+++ b/functionality/filesharing/image_previews.go
@ -62,7 +62,15 @@ func (i *ImagePreviewsFunctionality) OnEvent(ev event.Event, profile peer.CwtchP
 			if err == nil {
 				for _, ci := range conversations {
 					if profile.GetPeerState(ci.Handle) == connections.AUTHENTICATED {
-						profile.SendScopedZonedGetValToContact(ci.ID, attr.PublicScope, attr.ProfileZone, constants.CustomProfileImageKey)
+						// if we have enabled file shares for this contact, then send them our profile image
+						// NOTE: In the past, Cwtch treated "profile image" as a public file share. As such, anyone with the file key and who is able
+						// to authenticate with the profile (i.e. non-blocked peers) can download the file (if the global profile images experiment is enabled)
+						// To better allow for fine-grained permissions (and to support hybrid group permissions), we want to enable per-conversation file
+						// sharing permissions. As such, profile images are now only shared with contacts with that permission enabled.
+						// (i.e. all previous accepted contacts, new accepted contacts, and contacts who have this toggle set explictly)
+						if ci.GetPeerAC().ShareFiles {
+							profile.SendScopedZonedGetValToContact(ci.ID, attr.PublicScope, attr.ProfileZone, constants.CustomProfileImageKey)
+						}
 					}
 				}
 			}
--- a/peer/cwtch_peer.go
+++ b/peer/cwtch_peer.go
@ -1610,7 +1610,6 @@ func (cp *cwtchPeer) eventHandler() {
 			conversationInfo, err := cp.FetchConversationInfo(onion)

 			log.Debugf("confo info lookup newgetval %v %v %v", onion, conversationInfo, err)
-			// only accepted contacts can look up information
 			if conversationInfo != nil && conversationInfo.GetPeerAC().ExchangeAttributes {
 				// Type Safe Scoped/Zoned Path
 				zscope := attr.IntoScope(scope)