Check download attribute when fetching previews

Signed-off-by: Louis Chemineau <louis@chmn.me>

lib/Controller/PreviewController.php

@@ -25,6 +25,7 @@
 
 namespace OCA\Photos\Controller;
 
+use OCA\Files_Sharing\SharedStorage;
 use OCA\Photos\Album\AlbumMapper;
 use OCA\Photos\AppInfo\Application;
 use OCP\AppFramework\Controller;
@@ -90,6 +91,21 @@ public function index(
 		}
 
 		$nodes = $this->userFolder->getById($fileId);
+		$nodes = array_filter(
+			$nodes,
+			function ($node) {
+				$storage = $node->getStorage();
+				if (!$storage->instanceOfStorage(SharedStorage::class)) {
+					return true;
+				}
+
+				/** @var SharedStorage $storage */
+				$share = $storage->getShare();
+				$attributes = $share->getAttributes();
+
+				return $attributes === null || $attributes->getAttribute('permissions', 'download') !== false;
+			},
+		);
 
 		/** @var \OCA\Photos\Album\AlbumInfo[] */
 		$checkedAlbums = [];
@@ -125,7 +141,7 @@ public function index(
 
 		$node = array_pop($nodes);
 
-		return $this->fetchPreview($node, $x, $y);
+		return new DataResponse([], Http::STATUS_FORBIDDEN);
 	}