diff options
author | Robin McCorkell <rmccorkell@owncloud.com> | 2015-08-28 16:15:21 +0100 |
---|---|---|
committer | Robin McCorkell <rmccorkell@owncloud.com> | 2015-08-28 17:28:44 +0100 |
commit | f0c8cfa9a6a5db7134a2490cc562ff2623ce685d (patch) | |
tree | 6670e881866d4503fb96b4ba269e1e7edd7fe0af /apps/files_external/controller/storagescontroller.php | |
parent | cc88c5f4b84da57c425cbdb7dc8b391b1942b503 (diff) | |
download | nextcloud-server-f0c8cfa9a6a5db7134a2490cc562ff2623ce685d.tar.gz nextcloud-server-f0c8cfa9a6a5db7134a2490cc562ff2623ce685d.zip |
Validate permissions for created admin storages, auth mechanism
Backend and auth mechanism permissions are checked on storage creation,
both for personal storages and for admin storages
Diffstat (limited to 'apps/files_external/controller/storagescontroller.php')
-rw-r--r-- | apps/files_external/controller/storagescontroller.php | 34 |
1 files changed, 33 insertions, 1 deletions
diff --git a/apps/files_external/controller/storagescontroller.php b/apps/files_external/controller/storagescontroller.php index 613f22c0331..d99b8b5f2c5 100644 --- a/apps/files_external/controller/storagescontroller.php +++ b/apps/files_external/controller/storagescontroller.php @@ -36,6 +36,7 @@ use \OCA\Files_External\Lib\Backend\Backend; use \OCA\Files_External\Lib\Auth\AuthMechanism; use \OCP\Files\StorageNotAvailableException; use \OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException; +use \OCA\Files_External\Service\BackendService; /** * Base class for storages controllers @@ -157,12 +158,36 @@ abstract class StoragesController extends Controller { return new DataResponse( array( 'message' => (string)$this->l10n->t('Invalid storage backend "%s"', [ - $storage->getBackend()->getIdentifier() + $backend->getIdentifier() ]) ), Http::STATUS_UNPROCESSABLE_ENTITY ); } + + if (!$backend->isPermitted($this->getUserType(), BackendService::PERMISSION_CREATE)) { + // not permitted to use backend + return new DataResponse( + array( + 'message' => (string)$this->l10n->t('Not permitted to use backend "%s"', [ + $backend->getIdentifier() + ]) + ), + Http::STATUS_UNPROCESSABLE_ENTITY + ); + } + if (!$authMechanism->isPermitted($this->getUserType(), BackendService::PERMISSION_CREATE)) { + // not permitted to use auth mechanism + return new DataResponse( + array( + 'message' => (string)$this->l10n->t('Not permitted to use authentication mechanism "%s"', [ + $authMechanism->getIdentifier() + ]) + ), + Http::STATUS_UNPROCESSABLE_ENTITY + ); + } + if (!$backend->validateStorage($storage)) { // unsatisfied parameters return new DataResponse( @@ -186,6 +211,13 @@ abstract class StoragesController extends Controller { } /** + * Get the user type for this controller, used in validation + * + * @return string BackendService::USER_* constants + */ + abstract protected function getUserType(); + + /** * Check whether the given storage is available / valid. * * Note that this operation can be time consuming depending |