9 files changed, 70 insertions, 22 deletions

diff --git a/src/server/api/endpoints/drive/files.ts b/src/server/api/endpoints/drive/files.ts
index 27f101562d..20955e0e4e 100644
--- a/src/server/api/endpoints/drive/files.ts
+++ b/src/server/api/endpoints/drive/files.ts
@@ -77,5 +77,5 @@ export default define(meta, (ps, user) => new Promise(async (res, rej) => {
 			sort: sort
 		});
 
-	res(await packMany(files));
+	res(await packMany(files, { detail: false, self: true }));
 }));
diff --git a/src/server/api/endpoints/drive/files/check_existence.ts b/src/server/api/endpoints/drive/files/check_existence.ts
index d3ba4b386d..6e986d4170 100644
--- a/src/server/api/endpoints/drive/files/check_existence.ts
+++ b/src/server/api/endpoints/drive/files/check_existence.ts
@@ -32,6 +32,6 @@ export default define(meta, (ps, user) => new Promise(async (res, rej) => {
 	if (file === null) {
 		res({ file: null });
 	} else {
-		res({ file: await pack(file) });
+		res({ file: await pack(file, { self: true }) });
 	}
 }));
diff --git a/src/server/api/endpoints/drive/files/create.ts b/src/server/api/endpoints/drive/files/create.ts
index 53c62dd868..0660627f08 100644
--- a/src/server/api/endpoints/drive/files/create.ts
+++ b/src/server/api/endpoints/drive/files/create.ts
@@ -74,7 +74,7 @@ export default define(meta, (ps, user, app, file, cleanup) => new Promise(async
 
 		cleanup();
 
-		res(pack(driveFile));
+		res(pack(driveFile, { self: true }));
 	} catch (e) {
 		console.error(e);
 
diff --git a/src/server/api/endpoints/drive/files/delete.ts b/src/server/api/endpoints/drive/files/delete.ts
index 7367c8fbb6..0c2799c708 100644
--- a/src/server/api/endpoints/drive/files/delete.ts
+++ b/src/server/api/endpoints/drive/files/delete.ts
@@ -32,14 +32,17 @@ export default define(meta, (ps, user) => new Promise(async (res, rej) => {
 	// Fetch file
 	const file = await DriveFile
 		.findOne({
-			_id: ps.fileId,
-			'metadata.userId': user._id
+			_id: ps.fileId
 		});
 
 	if (file === null) {
 		return rej('file-not-found');
 	}
 
+	if (!user.isAdmin && !user.isModerator && !file.metadata.userId.equals(user._id)) {
+		return rej('access denied');
+	}
+
 	// Delete
 	await del(file);
 
diff --git a/src/server/api/endpoints/drive/files/find.ts b/src/server/api/endpoints/drive/files/find.ts
index 8bc392fefe..25135e83a2 100644
--- a/src/server/api/endpoints/drive/files/find.ts
+++ b/src/server/api/endpoints/drive/files/find.ts
@@ -31,5 +31,5 @@ export default define(meta, (ps, user) => new Promise(async (res, rej) => {
 			'metadata.folderId': ps.folderId
 		});
 
-	res(await Promise.all(files.map(file => pack(file))));
+	res(await Promise.all(files.map(file => pack(file, { self: true }))));
 }));
diff --git a/src/server/api/endpoints/drive/files/show.ts b/src/server/api/endpoints/drive/files/show.ts
index 450a97065b..e6d85a5efb 100644
--- a/src/server/api/endpoints/drive/files/show.ts
+++ b/src/server/api/endpoints/drive/files/show.ts
@@ -1,6 +1,9 @@
-import $ from 'cafy'; import ID, { transform } from '../../../../../misc/cafy-id';
-import DriveFile, { pack } from '../../../../../models/drive-file';
+import $ from 'cafy';
+import * as mongo from 'mongodb';
+import ID, { transform } from '../../../../../misc/cafy-id';
+import DriveFile, { pack, IDriveFile } from '../../../../../models/drive-file';
 import define from '../../../define';
+import config from '../../../../../config';
 
 export const meta = {
 	stability: 'stable',
@@ -16,24 +19,62 @@ export const meta = {
 
 	params: {
 		fileId: {
-			validator: $.type(ID),
+			validator: $.type(ID).optional,
 			transform: transform,
 			desc: {
 				'ja-JP': '対象のファイルID',
 				'en-US': 'Target file ID'
 			}
+		},
+
+		url: {
+			validator: $.str.optional,
+			desc: {
+				'ja-JP': '対象のファイルのURL',
+				'en-US': 'Target file URL'
+			}
 		}
 	}
 };
 
 export default define(meta, (ps, user) => new Promise(async (res, rej) => {
-	// Fetch file
-	const file = await DriveFile
-		.findOne({
+	let file: IDriveFile;
+
+	if (ps.fileId) {
+		file = await DriveFile.findOne({
 			_id: ps.fileId,
-			'metadata.userId': user._id,
 			'metadata.deletedAt': { $exists: false }
 		});
+	} else if (ps.url) {
+		const isInternalStorageUrl = ps.url.startsWith(config.drive_url);
+		if (isInternalStorageUrl) {
+			// Extract file ID from url
+			// e.g.
+			// http://misskey.local/files/foo?original=bar --> foo
+			const fileId = new mongo.ObjectID(ps.url.replace(config.drive_url, '').replace(/\?(.*)$/, '').replace(/\//g, ''));
+			file = await DriveFile.findOne({
+				_id: fileId,
+				'metadata.deletedAt': { $exists: false }
+			});
+		} else {
+			file = await DriveFile.findOne({
+				$or: [{
+					'metadata.url': ps.url
+				}, {
+					'metadata.webpublicUrl': ps.url
+				}, {
+					'metadata.thumbnailUrl': ps.url
+				}],
+				'metadata.deletedAt': { $exists: false }
+			});
+		}
+	} else {
+		return rej('fileId or url required');
+	}
+
+	if (!user.isAdmin && !user.isModerator && !file.metadata.userId.equals(user._id)) {
+		return rej('access denied');
+	}
 
 	if (file === null) {
 		return rej('file-not-found');
@@ -41,7 +82,8 @@ export default define(meta, (ps, user) => new Promise(async (res, rej) => {
 
 	// Serialize
 	const _file = await pack(file, {
-		detail: true
+		detail: true,
+		self: true
 	});
 
 	res(_file);
diff --git a/src/server/api/endpoints/drive/files/update.ts b/src/server/api/endpoints/drive/files/update.ts
index 4efec3dc2a..a17ff2bf34 100644
--- a/src/server/api/endpoints/drive/files/update.ts
+++ b/src/server/api/endpoints/drive/files/update.ts
@@ -57,14 +57,17 @@ export default define(meta, (ps, user) => new Promise(async (res, rej) => {
 	// Fetch file
 	const file = await DriveFile
 		.findOne({
-			_id: ps.fileId,
-			'metadata.userId': user._id
+			_id: ps.fileId
 		});
 
 	if (file === null) {
 		return rej('file-not-found');
 	}
 
+	if (!user.isAdmin && !user.isModerator && !file.metadata.userId.equals(user._id)) {
+		return rej('access denied');
+	}
+
 	if (ps.name) file.filename = ps.name;
 
 	if (ps.isSensitive !== undefined) file.metadata.isSensitive = ps.isSensitive;
@@ -100,18 +103,18 @@ export default define(meta, (ps, user) => new Promise(async (res, rej) => {
 	Note.find({
 		'_files._id': file._id
 	}).then(notes => {
-		notes.forEach(note => {
+		for (const note of notes) {
 			note._files[note._files.findIndex(f => f._id.equals(file._id))] = file;
 			Note.update({ _id: note._id }, {
 				$set: {
 					_files: note._files
 				}
 			});
-		});
+		}
 	});
 
 	// Serialize
-	const fileObj = await pack(file);
+	const fileObj = await pack(file, { self: true });
 
 	// Response
 	res(fileObj);
diff --git a/src/server/api/endpoints/drive/files/upload_from_url.ts b/src/server/api/endpoints/drive/files/upload_from_url.ts
index a8faab1d73..fc386e1638 100644
--- a/src/server/api/endpoints/drive/files/upload_from_url.ts
+++ b/src/server/api/endpoints/drive/files/upload_from_url.ts
@@ -26,7 +26,7 @@ export const meta = {
 
 		folderId: {
 			validator: $.type(ID).optional.nullable,
-			default: null as any as any,
+			default: null as any,
 			transform: transform
 		},
 
@@ -50,5 +50,5 @@ export const meta = {
 };
 
 export default define(meta, (ps, user) => new Promise(async (res, rej) => {
-	res(pack(await uploadFromUrl(ps.url, user, ps.folderId, null, ps.isSensitive, ps.force)));
+	res(pack(await uploadFromUrl(ps.url, user, ps.folderId, null, ps.isSensitive, ps.force), { self: true }));
 }));
diff --git a/src/server/api/endpoints/drive/stream.ts b/src/server/api/endpoints/drive/stream.ts
index 804ecf50d9..c8342c66b5 100644
--- a/src/server/api/endpoints/drive/stream.ts
+++ b/src/server/api/endpoints/drive/stream.ts
@@ -65,5 +65,5 @@ export default define(meta, (ps, user) => new Promise(async (res, rej) => {
 			sort: sort
 		});
 
-	res(await packMany(files));
+	res(await packMany(files, { self: true }));
 }));