use OCP\AppFramework\IApi;
use OCP\AppFramework\IAppContainer;
use OCP\AppFramework\IMiddleWare;
+use OCP\AppFramework\Middleware;
use OCP\IServerContainer;
* Middleware
*/
$this['SecurityMiddleware'] = $this->share(function($c){
- return new SecurityMiddleware($c['API'], $c['Request']);
+ return new SecurityMiddleware($this, $c['Request']);
});
$this['MiddlewareDispatcher'] = $this->share(function($c){
}
/**
- * @param IMiddleWare $middleWare
+ * @param Middleware $middleWare
* @return boolean
*/
- function registerMiddleWare(IMiddleWare $middleWare) {
+ function registerMiddleWare(Middleware $middleWare) {
array_push($this->middleWares, $middleWare);
}
function getAppName() {
return $this->query('AppName');
}
+
+ /**
+ * @return boolean
+ */
+ function isLoggedIn() {
+ return \OC_User::isLoggedIn();
+ }
+
+ /**
+ * @return boolean
+ */
+ function isAdminUser() {
+ $uid = $this->getUserId();
+ return \OC_User::isAdminUser($uid);
+ }
+
+ private function getUserId() {
+ return \OC::$session->get('user_id');
+ }
+
+ /**
+ * @param $message
+ * @param $level
+ * @return mixed
+ */
+ function log($message, $level) {
+ switch($level){
+ case 'debug':
+ $level = \OCP\Util::DEBUG;
+ break;
+ case 'info':
+ $level = \OCP\Util::INFO;
+ break;
+ case 'warn':
+ $level = \OCP\Util::WARN;
+ break;
+ case 'fatal':
+ $level = \OCP\Util::FATAL;
+ break;
+ default:
+ $level = \OCP\Util::ERROR;
+ break;
+ }
+ \OCP\Util::writeLog($this->getAppName(), $message, $level);
+ }
}
namespace OC\AppFramework\Http;
-use \OC\AppFramework\Controller\Controller;
use \OC\AppFramework\Middleware\MiddlewareDispatcher;
+use OCP\AppFramework\Controller\Controller;
/**
namespace OC\AppFramework\Middleware;
-use OC\AppFramework\Controller\Controller;
+use OCP\AppFramework\Controller\Controller;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\MiddleWare;
namespace OC\AppFramework\Middleware\Security;
-use OC\AppFramework\Controller\Controller;
use OC\AppFramework\Http\Http;
-use OC\AppFramework\Http\Request;
use OC\AppFramework\Http\RedirectResponse;
use OC\AppFramework\Utility\MethodAnnotationReader;
-use OC\AppFramework\Core\API;
use OCP\AppFramework\Middleware;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Http\JSONResponse;
+use OCP\AppFramework\IAppContainer;
+use OCP\IRequest;
/**
*/
class SecurityMiddleware extends Middleware {
- private $api;
+ /**
+ * @var \OCP\AppFramework\IAppContainer
+ */
+ private $app;
/**
- * @var \OC\AppFramework\Http\Request
+ * @var \OCP\IRequest
*/
private $request;
/**
- * @param API $api an instance of the api
+ * @param IAppContainer $app
+ * @param IRequest $request
*/
- public function __construct(API $api, Request $request){
- $this->api = $api;
+ public function __construct(IAppContainer $app, IRequest $request){
+ $this->app = $app;
$this->request = $request;
}
// this will set the current navigation entry of the app, use this only
// for normal HTML requests and not for AJAX requests
- $this->api->activateNavigationEntry();
+ $this->app->getServer()->getNavigationManager()->setActiveEntry($this->api->getAppName());
// security checks
$isPublicPage = $annotationReader->hasAnnotation('PublicPage');
if(!$isPublicPage) {
- if(!$this->api->isLoggedIn()) {
+ if(!$this->app->isLoggedIn()) {
throw new SecurityException('Current user is not logged in', Http::STATUS_UNAUTHORIZED);
}
if(!$annotationReader->hasAnnotation('NoAdminRequired')) {
- if(!$this->api->isAdminUser($this->api->getUserId())) {
+ if(!$this->app->isAdminUser()) {
throw new SecurityException('Logged in user must be an admin', Http::STATUS_FORBIDDEN);
}
}
}
if(!$annotationReader->hasAnnotation('NoCSRFRequired')) {
- if(!$this->api->passesCSRFCheck()) {
+ if(!$this->request->passesCSRFCheck()) {
throw new SecurityException('CSRF check failed', Http::STATUS_PRECONDITION_FAILED);
}
}
array('message' => $exception->getMessage()),
$exception->getCode()
);
- $this->api->log($exception->getMessage(), 'debug');
+ $this->app->log($exception->getMessage(), 'debug');
} else {
- $url = $this->api->linkToAbsolute('index.php', ''); // TODO: replace with link to route
+ // TODO: replace with link to route
+ $url = $this->app->getServer()->getURLGenerator()->getAbsoluteURL('index.php');
$response = new RedirectResponse($url);
- $this->api->log($exception->getMessage(), 'debug');
+ $this->app->log($exception->getMessage(), 'debug');
}
return $response;
namespace OCP\AppFramework\Http;
-use OC\AppFramework\Core\API;
-
/**
* Response for a normal template
protected $templateName;
protected $params;
- protected $api;
protected $renderAs;
protected $appName;
/**
- * @param API $api an API instance
* @param string $templateName the name of the template
- * @param string $appName optional if you want to include a template from
- * a different app
+ * @param string $appName the name of the app to load the template from
*/
- public function __construct(API $api, $templateName, $appName=null) {
+ public function __construct($appName, $templateName) {
$this->templateName = $templateName;
$this->appName = $appName;
- $this->api = $api;
$this->params = array();
$this->renderAs = 'user';
}
*/
public function render(){
- if($this->appName !== null){
- $appName = $this->appName;
- } else {
- $appName = $this->api->getAppName();
- }
-
- $template = $this->api->getTemplate($this->templateName, $this->renderAs, $appName);
+ $template = new \OCP\Template($this->appName, $this->templateName, $this->renderAs);
foreach($this->params as $key => $value){
$template->assign($key, $value);
function getServer();
/**
- * @param IMiddleWare $middleWare
+ * @param Middleware $middleWare
* @return boolean
*/
- function registerMiddleWare(IMiddleWare $middleWare);
+ function registerMiddleWare(Middleware $middleWare);
+
+ /**
+ * @return boolean
+ */
+ function isLoggedIn();
+
+ /**
+ * @return boolean
+ */
+ function isAdminUser();
+
+ /**
+ * @param $message
+ * @param $level
+ * @return mixed
+ */
+ function log($message, $level);
+
}
namespace OCP\AppFramework;
+use OCP\AppFramework\Controller\Controller;
use OCP\AppFramework\Http\Response;
projects / nextcloud-server.git / commitdiff