diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-11-14 17:20:51 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-11-15 11:13:55 +0100 |
| commit | cd5925036a6cfb1f3f4e27a5d1893cbf7a10be47 (patch) | |
| tree | b98cf7853f08eeaa7daa0b5f41b78ba9a651b08c | |
| parent | 0f3c5d8541dcb41eebd00f22864a0a646c11124f (diff) | |
| download | nextcloud-server-cd5925036a6cfb1f3f4e27a5d1893cbf7a10be47.tar.gz nextcloud-server-cd5925036a6cfb1f3f4e27a5d1893cbf7a10be47.zip | |
Check if app is enabled for user
Fixes https://github.com/owncloud/core/issues/12188 for AppFramework apps
| -rw-r--r-- | lib/private/appframework/middleware/security/securitymiddleware.php | 11 | ||||
| -rw-r--r-- | tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php | 4 |
2 files changed, 13 insertions, 2 deletions
diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php index 948a43ce0f4..0a694318634 100644 --- a/lib/private/appframework/middleware/security/securitymiddleware.php +++ b/lib/private/appframework/middleware/security/securitymiddleware.php @@ -34,6 +34,7 @@ use OCP\INavigationManager; use OCP\IURLGenerator; use OCP\IRequest; use OCP\ILogger; +use OCP\AppFramework\Controller; /** @@ -116,6 +117,16 @@ class SecurityMiddleware extends Middleware { } } + /** + * FIXME: Use DI once available + * Checks if app is enabled (also inclues a check whether user is allowed to access the resource) + * The getAppPath() check is here since components such as settings also use the AppFramework and + * therefore won't pass this check. + */ + if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) { + throw new SecurityException('App is not enabled', Http::STATUS_PRECONDITION_FAILED); + } + } diff --git a/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php b/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php index 74fc7907fb5..cc7704f4d1a 100644 --- a/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php +++ b/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php @@ -77,7 +77,7 @@ class SecurityMiddlewareTest extends \PHPUnit_Framework_TestCase { $this->navigationManager, $this->urlGenerator, $this->logger, - 'test', + 'files', $isLoggedIn, $isAdminUser ); @@ -91,7 +91,7 @@ class SecurityMiddlewareTest extends \PHPUnit_Framework_TestCase { public function testSetNavigationEntry(){ $this->navigationManager->expects($this->once()) ->method('setActiveEntry') - ->with($this->equalTo('test')); + ->with($this->equalTo('files')); $this->reader->reflect(__CLASS__, __FUNCTION__); $this->middleware->beforeController(__CLASS__, __FUNCTION__); |