From: Robin Appelman Date: Mon, 25 Nov 2013 14:08:24 +0000 (+0100) Subject: Add "single user mode" which restricts access to users in the admin group X-Git-Tag: v6.0.0RC1~32^2~4 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=71c1327691225a0a517aa3929a48743f95b177d0;p=nextcloud-server.git Add "single user mode" which restricts access to users in the admin group This can be enabled by setting 'singleuser' to true in config.php --- diff --git a/lib/base.php b/lib/base.php index 865d174d212..b361ac3c71a 100644 --- a/lib/base.php +++ b/lib/base.php @@ -230,6 +230,22 @@ class OC { } } + public static function checkSingleUserMode() { + $user = OC_User::getUserSession()->getUser(); + $group = OC_Group::getManager()->get('admin'); + if ($user && OC_Config::getValue('singleuser', false) && !$group->inGroup($user)) { + // send http status 503 + header('HTTP/1.1 503 Service Temporarily Unavailable'); + header('Status: 503 Service Temporarily Unavailable'); + header('Retry-After: 120'); + + // render error page + $tmpl = new OC_Template('', 'singleuser.user', 'guest'); + $tmpl->printPage(); + die(); + } + } + public static function checkUpgrade($showTemplate = true) { if (OC_Config::getValue('installed', false)) { $installedVersion = OC_Config::getValue('version', '0.0.0'); @@ -652,11 +668,12 @@ class OC { // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP OC::tryBasicAuthLogin(); - if (!self::$CLI) { + if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) { try { if (!OC_Config::getValue('maintenance', false)) { OC_App::loadApps(); } + self::checkSingleUserMode(); OC::getRouter()->match(OC_Request::getRawPathInfo()); return; } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { diff --git a/public.php b/public.php index 203372fe1ea..767295b98db 100644 --- a/public.php +++ b/public.php @@ -5,6 +5,7 @@ try { require_once 'lib/base.php'; OC::checkMaintenanceMode(); + OC::checkSingleUserMode(); if (!isset($_GET['service'])) { header('HTTP/1.0 404 Not Found'); exit;