diff options
author | Robin Appelman <icewind@owncloud.com> | 2014-09-04 15:23:55 +0200 |
---|---|---|
committer | Robin Appelman <icewind@owncloud.com> | 2014-11-17 15:50:24 +0100 |
commit | 7cb12d4bff80e91cb844b9ed0021c290455279ee (patch) | |
tree | a0f26f18966564800af59ab8fd309f99da900a91 | |
parent | 36528c6ef622876f9d89d3b0fbfafc8e44f569fb (diff) | |
download | nextcloud-server-7cb12d4bff80e91cb844b9ed0021c290455279ee.tar.gz nextcloud-server-7cb12d4bff80e91cb844b9ed0021c290455279ee.zip |
Add sabredav plugin to check if a user has access to an app
-rw-r--r-- | lib/private/connector/sabre/appenabledplugin.php | 75 | ||||
-rw-r--r-- | public.php | 4 | ||||
-rw-r--r-- | remote.php | 4 |
3 files changed, 81 insertions, 2 deletions
diff --git a/lib/private/connector/sabre/appenabledplugin.php b/lib/private/connector/sabre/appenabledplugin.php new file mode 100644 index 00000000000..73fed948f9b --- /dev/null +++ b/lib/private/connector/sabre/appenabledplugin.php @@ -0,0 +1,75 @@ +<?php + +/** + * Copyright (c) 2014 Robin Appelman <icewind@owncloud.com> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Connector\Sabre; + +use OCP\App\IManager; +use Sabre\DAV\Exception\Forbidden; +use Sabre\DAV\ServerPlugin; + +/** + * Plugin to check if an app is enabled for the current user + */ +class AppEnabledPlugin extends ServerPlugin { + + /** + * Reference to main server object + * + * @var \Sabre\DAV\Server + */ + private $server; + + /** + * @var string + */ + private $app; + + /** + * @var \OCP\App\IManager + */ + private $appManager; + + /** + * @param string $app + * @param \OCP\App\IManager $appManager + */ + public function __construct($app, IManager $appManager) { + $this->app = $app; + $this->appManager = $appManager; + } + + /** + * This initializes the plugin. + * + * This function is called by \Sabre\DAV\Server, after + * addPlugin is called. + * + * This method should set up the required event subscriptions. + * + * @param \Sabre\DAV\Server $server + * @return void + */ + public function initialize(\Sabre\DAV\Server $server) { + + $this->server = $server; + $this->server->subscribeEvent('beforeMethod', array($this, 'checkAppEnabled'), 30); + } + + /** + * This method is called before any HTTP after auth and checks if the user has access to the app + * + * @throws \Sabre\DAV\Exception\Forbidden + * @return bool + */ + public function checkAppEnabled() { + if (!$this->appManager->isEnabledForUser($this->app)) { + throw new Forbidden(); + } + } +} diff --git a/public.php b/public.php index 0e04db66da7..c5c227ef460 100644 --- a/public.php +++ b/public.php @@ -37,7 +37,9 @@ try { OC_App::loadApps(array('authentication')); OC_App::loadApps(array('filesystem', 'logging')); - OC_Util::checkAppEnabled($app); + if (!\OC::$server->getAppManager()->isInstalled($app)) { + throw new Exception('App not installed: ' . $app); + } OC_App::loadApp($app); OC_User::setIncognitoMode(true); diff --git a/remote.php b/remote.php index d854b1d65a6..7993566afec 100644 --- a/remote.php +++ b/remote.php @@ -43,7 +43,9 @@ try { $file = OC::$SERVERROOT .'/'. $file; break; default: - OC_Util::checkAppEnabled($app); + if (!\OC::$server->getAppManager()->isInstalled($app)) { + throw new Exception('App not installed: ' . $app); + } OC_App::loadApp($app); $file = OC_App::getAppPath($app) .'/'. $parts[1]; break; |