Merge pull request #4137 from nextcloud/bugfix/noid/dont-leak-status-…

…when-app-is-disabled

Don't leak the status when the app is disabled for the user

lib/Controller/ChatController.php

@@ -33,6 +33,7 @@
 use OCA\Talk\Participant;
 use OCA\Talk\Room;
 use OCA\Talk\TalkSession;
+use OCP\App\IAppManager;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Utility\ITimeFactory;
@@ -58,6 +59,9 @@ class ChatController extends AEnvironmentAwareController {
 	/** @var TalkSession */
 	private $session;
 
+	/** @var IAppManager */
+	private $appManager;
+
 	/** @var ChatManager */
 	private $chatManager;
 
@@ -92,6 +96,7 @@ public function __construct(string $appName,
 								IRequest $request,
 								IUserManager $userManager,
 								TalkSession $session,
+								IAppManager $appManager,
 								ChatManager $chatManager,
 								GuestManager $guestManager,
 								MessageParser $messageParser,
@@ -106,6 +111,7 @@ public function __construct(string $appName,
 		$this->userId = $UserId;
 		$this->userManager = $userManager;
 		$this->session = $session;
+		$this->appManager = $appManager;
 		$this->chatManager = $chatManager;
 		$this->guestManager = $guestManager;
 		$this->messageParser = $messageParser;
@@ -428,7 +434,9 @@ public function mentions(string $search, int $limit = 20, bool $includeStatus =
 		]);
 
 		$statuses = [];
-		if ($this->userId !== null && $includeStatus) {
+		if ($this->userId !== null
+			&& $includeStatus
+			&& $this->appManager->isEnabledForUser('user_status')) {
 			$userIds = array_filter(array_map(static function (array $userResult) {
 				return $userResult['value']['shareWith'];
 			}, $results['users']));

lib/Controller/RoomController.php

@@ -842,7 +842,10 @@ public function getParticipants(bool $includeStatus = false): DataResponse {
 		$results = [];
 
 		$statuses = [];
-		if ($this->userId !== null && $includeStatus && count($participants['users']) < 100) {
+		if ($this->userId !== null
+			&& $includeStatus
+			&& count($participants['users']) < 100
+			&& $this->appManager->isEnabledForUser('user_status')) {
 			$userIds = array_map('strval', array_keys($participants['users']));
 			$statuses = $this->statusManager->getUserStatuses($userIds);
 		}

tests/php/Controller/ChatControllerTest.php

@@ -32,6 +32,7 @@
 use OCA\Talk\Participant;
 use OCA\Talk\Room;
 use OCA\Talk\TalkSession;
+use OCP\App\IAppManager;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Utility\ITimeFactory;
@@ -55,6 +56,8 @@ class ChatControllerTest extends TestCase {
 	protected $userManager;
 	/** @var TalkSession|MockObject */
 	private $session;
+	/** @var IAppManager|MockObject */
+	private $appManager;
 	/** @var ChatManager|MockObject */
 	protected $chatManager;
 	/** @var GuestManager|MockObject */
@@ -89,6 +92,7 @@ public function setUp(): void {
 		$this->userId = 'testUser';
 		$this->userManager = $this->createMock(IUserManager::class);
 		$this->session = $this->createMock(TalkSession::class);
+		$this->appManager = $this->createMock(IAppManager::class);
 		$this->chatManager = $this->createMock(ChatManager::class);
 		$this->guestManager = $this->createMock(GuestManager::class);
 		$this->messageParser = $this->createMock(MessageParser::class);
@@ -118,6 +122,7 @@ private function recreateChatController() {
 			$this->createMock(IRequest::class),
 			$this->userManager,
 			$this->session,
+			$this->appManager,
 			$this->chatManager,
 			$this->guestManager,
 			$this->messageParser,