summaryrefslogtreecommitdiffstats
path: root/apps/files_external/controller/storagescontroller.php
diff options
context:
space:
mode:
authorRobin McCorkell <rmccorkell@owncloud.com>2015-08-28 16:15:21 +0100
committerRobin McCorkell <rmccorkell@owncloud.com>2015-08-28 17:28:44 +0100
commitf0c8cfa9a6a5db7134a2490cc562ff2623ce685d (patch)
tree6670e881866d4503fb96b4ba269e1e7edd7fe0af /apps/files_external/controller/storagescontroller.php
parentcc88c5f4b84da57c425cbdb7dc8b391b1942b503 (diff)
downloadnextcloud-server-f0c8cfa9a6a5db7134a2490cc562ff2623ce685d.tar.gz
nextcloud-server-f0c8cfa9a6a5db7134a2490cc562ff2623ce685d.zip
Validate permissions for created admin storages, auth mechanism
Backend and auth mechanism permissions are checked on storage creation, both for personal storages and for admin storages
Diffstat (limited to 'apps/files_external/controller/storagescontroller.php')
-rw-r--r--apps/files_external/controller/storagescontroller.php34
1 files changed, 33 insertions, 1 deletions
diff --git a/apps/files_external/controller/storagescontroller.php b/apps/files_external/controller/storagescontroller.php
index 613f22c0331..d99b8b5f2c5 100644
--- a/apps/files_external/controller/storagescontroller.php
+++ b/apps/files_external/controller/storagescontroller.php
@@ -36,6 +36,7 @@ use \OCA\Files_External\Lib\Backend\Backend;
use \OCA\Files_External\Lib\Auth\AuthMechanism;
use \OCP\Files\StorageNotAvailableException;
use \OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
+use \OCA\Files_External\Service\BackendService;
/**
* Base class for storages controllers
@@ -157,12 +158,36 @@ abstract class StoragesController extends Controller {
return new DataResponse(
array(
'message' => (string)$this->l10n->t('Invalid storage backend "%s"', [
- $storage->getBackend()->getIdentifier()
+ $backend->getIdentifier()
])
),
Http::STATUS_UNPROCESSABLE_ENTITY
);
}
+
+ if (!$backend->isPermitted($this->getUserType(), BackendService::PERMISSION_CREATE)) {
+ // not permitted to use backend
+ return new DataResponse(
+ array(
+ 'message' => (string)$this->l10n->t('Not permitted to use backend "%s"', [
+ $backend->getIdentifier()
+ ])
+ ),
+ Http::STATUS_UNPROCESSABLE_ENTITY
+ );
+ }
+ if (!$authMechanism->isPermitted($this->getUserType(), BackendService::PERMISSION_CREATE)) {
+ // not permitted to use auth mechanism
+ return new DataResponse(
+ array(
+ 'message' => (string)$this->l10n->t('Not permitted to use authentication mechanism "%s"', [
+ $authMechanism->getIdentifier()
+ ])
+ ),
+ Http::STATUS_UNPROCESSABLE_ENTITY
+ );
+ }
+
if (!$backend->validateStorage($storage)) {
// unsatisfied parameters
return new DataResponse(
@@ -186,6 +211,13 @@ abstract class StoragesController extends Controller {
}
/**
+ * Get the user type for this controller, used in validation
+ *
+ * @return string BackendService::USER_* constants
+ */
+ abstract protected function getUserType();
+
+ /**
* Check whether the given storage is available / valid.
*
* Note that this operation can be time consuming depending