Add sabredav plugin to check if a user has access to an app

diff --git a/lib/private/connector/sabre/appenabledplugin.php b/lib/private/connector/sabre/appenabledplugin.php
new file mode 100644 (file)
index 0000000..73fed94
--- /dev/null
+++ b/lib/private/connector/sabre/appenabledplugin.php
@@ -0,0 +1,75 @@
+<?php
+
+/**
+ * Copyright (c) 2014 Robin Appelman <icewind@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Connector\Sabre;
+
+use OCP\App\IManager;
+use Sabre\DAV\Exception\Forbidden;
+use Sabre\DAV\ServerPlugin;
+
+/**
+ * Plugin to check if an app is enabled for the current user
+ */
+class AppEnabledPlugin extends ServerPlugin {
+
+       /**
+        * Reference to main server object
+        *
+        * @var \Sabre\DAV\Server
+        */
+       private $server;
+
+       /**
+        * @var string
+        */
+       private $app;
+
+       /**
+        * @var \OCP\App\IManager
+        */
+       private $appManager;
+
+       /**
+        * @param string $app
+        * @param \OCP\App\IManager $appManager
+        */
+       public function __construct($app, IManager $appManager) {
+               $this->app = $app;
+               $this->appManager = $appManager;
+       }
+
+       /**
+        * This initializes the plugin.
+        *
+        * This function is called by \Sabre\DAV\Server, after
+        * addPlugin is called.
+        *
+        * This method should set up the required event subscriptions.
+        *
+        * @param \Sabre\DAV\Server $server
+        * @return void
+        */
+       public function initialize(\Sabre\DAV\Server $server) {
+
+               $this->server = $server;
+               $this->server->subscribeEvent('beforeMethod', array($this, 'checkAppEnabled'), 30);
+       }
+
+       /**
+        * This method is called before any HTTP after auth and checks if the user has access to the app
+        *
+        * @throws \Sabre\DAV\Exception\Forbidden
+        * @return bool
+        */
+       public function checkAppEnabled() {
+               if (!$this->appManager->isEnabledForUser($this->app)) {
+                       throw new Forbidden();
+               }
+       }
+}

diff --git a/public.php b/public.php
index 0e04db66da79c6ada33e45b12f58363afb3e3082..c5c227ef46042e3b46b5bca11200e45c5ead80be 100644 (file)
--- a/public.php
+++ b/public.php
@@ -37,7 +37,9 @@ try {
        OC_App::loadApps(array('authentication'));
        OC_App::loadApps(array('filesystem', 'logging'));
 
-       OC_Util::checkAppEnabled($app);
+       if (!\OC::$server->getAppManager()->isInstalled($app)) {
+               throw new Exception('App not installed: ' . $app);
+       }
        OC_App::loadApp($app);
        OC_User::setIncognitoMode(true);
 

diff --git a/remote.php b/remote.php
index d854b1d65a6ab8c33a1b261fa6e8096f98dff363..7993566afec0b6bf35011eb23e1782f062c4d75f 100644 (file)
--- a/remote.php
+++ b/remote.php
@@ -43,7 +43,9 @@ try {
                        $file =  OC::$SERVERROOT .'/'. $file;
                        break;
                default:
-                       OC_Util::checkAppEnabled($app);
+                       if (!\OC::$server->getAppManager()->isInstalled($app)) {
+                               throw new Exception('App not installed: ' . $app);
+                       }
                        OC_App::loadApp($app);
                        $file = OC_App::getAppPath($app) .'/'. $parts[1];
                        break;