summaryrefslogtreecommitdiffstats
path: root/apps/files_external/controller
diff options
context:
space:
mode:
authorRobin McCorkell <rmccorkell@owncloud.com>2015-08-28 16:15:21 +0100
committerRobin McCorkell <rmccorkell@owncloud.com>2015-08-28 17:28:44 +0100
commitf0c8cfa9a6a5db7134a2490cc562ff2623ce685d (patch)
tree6670e881866d4503fb96b4ba269e1e7edd7fe0af /apps/files_external/controller
parentcc88c5f4b84da57c425cbdb7dc8b391b1942b503 (diff)
downloadnextcloud-server-f0c8cfa9a6a5db7134a2490cc562ff2623ce685d.tar.gz
nextcloud-server-f0c8cfa9a6a5db7134a2490cc562ff2623ce685d.zip
Validate permissions for created admin storages, auth mechanism
Backend and auth mechanism permissions are checked on storage creation, both for personal storages and for admin storages
Diffstat (limited to 'apps/files_external/controller')
-rw-r--r--apps/files_external/controller/globalstoragescontroller.php11
-rw-r--r--apps/files_external/controller/storagescontroller.php34
-rw-r--r--apps/files_external/controller/userstoragescontroller.php42
3 files changed, 54 insertions, 33 deletions
diff --git a/apps/files_external/controller/globalstoragescontroller.php b/apps/files_external/controller/globalstoragescontroller.php
index 756a34fc5d4..32408420039 100644
--- a/apps/files_external/controller/globalstoragescontroller.php
+++ b/apps/files_external/controller/globalstoragescontroller.php
@@ -32,6 +32,7 @@ use \OCP\AppFramework\Http;
use \OCA\Files_external\Service\GlobalStoragesService;
use \OCA\Files_external\NotFoundException;
use \OCA\Files_external\Lib\StorageConfig;
+use \OCA\Files_External\Service\BackendService;
/**
* Global storages controller
@@ -178,4 +179,14 @@ class GlobalStoragesController extends StoragesController {
}
+ /**
+ * Get the user type for this controller, used in validation
+ *
+ * @return string BackendService::USER_* constants
+ */
+ protected function getUserType() {
+ return BackendService::USER_ADMIN;
+ }
+
+
}
diff --git a/apps/files_external/controller/storagescontroller.php b/apps/files_external/controller/storagescontroller.php
index 613f22c0331..d99b8b5f2c5 100644
--- a/apps/files_external/controller/storagescontroller.php
+++ b/apps/files_external/controller/storagescontroller.php
@@ -36,6 +36,7 @@ use \OCA\Files_External\Lib\Backend\Backend;
use \OCA\Files_External\Lib\Auth\AuthMechanism;
use \OCP\Files\StorageNotAvailableException;
use \OCA\Files_External\Lib\InsufficientDataForMeaningfulAnswerException;
+use \OCA\Files_External\Service\BackendService;
/**
* Base class for storages controllers
@@ -157,12 +158,36 @@ abstract class StoragesController extends Controller {
return new DataResponse(
array(
'message' => (string)$this->l10n->t('Invalid storage backend "%s"', [
- $storage->getBackend()->getIdentifier()
+ $backend->getIdentifier()
])
),
Http::STATUS_UNPROCESSABLE_ENTITY
);
}
+
+ if (!$backend->isPermitted($this->getUserType(), BackendService::PERMISSION_CREATE)) {
+ // not permitted to use backend
+ return new DataResponse(
+ array(
+ 'message' => (string)$this->l10n->t('Not permitted to use backend "%s"', [
+ $backend->getIdentifier()
+ ])
+ ),
+ Http::STATUS_UNPROCESSABLE_ENTITY
+ );
+ }
+ if (!$authMechanism->isPermitted($this->getUserType(), BackendService::PERMISSION_CREATE)) {
+ // not permitted to use auth mechanism
+ return new DataResponse(
+ array(
+ 'message' => (string)$this->l10n->t('Not permitted to use authentication mechanism "%s"', [
+ $authMechanism->getIdentifier()
+ ])
+ ),
+ Http::STATUS_UNPROCESSABLE_ENTITY
+ );
+ }
+
if (!$backend->validateStorage($storage)) {
// unsatisfied parameters
return new DataResponse(
@@ -186,6 +211,13 @@ abstract class StoragesController extends Controller {
}
/**
+ * Get the user type for this controller, used in validation
+ *
+ * @return string BackendService::USER_* constants
+ */
+ abstract protected function getUserType();
+
+ /**
* Check whether the given storage is available / valid.
*
* Note that this operation can be time consuming depending
diff --git a/apps/files_external/controller/userstoragescontroller.php b/apps/files_external/controller/userstoragescontroller.php
index 9baac3a8031..585ff8eeb00 100644
--- a/apps/files_external/controller/userstoragescontroller.php
+++ b/apps/files_external/controller/userstoragescontroller.php
@@ -62,38 +62,6 @@ class UserStoragesController extends StoragesController {
}
/**
- * Validate storage config
- *
- * @param StorageConfig $storage storage config
- *
- * @return DataResponse|null returns response in case of validation error
- */
- protected function validate(StorageConfig $storage) {
- $result = parent::validate($storage);
-
- if ($result !== null) {
- return $result;
- }
-
- // Verify that the mount point applies for the current user
- // Prevent non-admin users from mounting local storage and other disabled backends
- /** @var Backend */
- $backend = $storage->getBackend();
- if (!$backend->isPermitted(BackendService::USER_PERSONAL, BackendService::PERMISSION_MOUNT)) {
- return new DataResponse(
- array(
- 'message' => (string)$this->l10n->t('Admin-only storage backend "%s"', [
- $storage->getBackend()->getIdentifier()
- ])
- ),
- Http::STATUS_UNPROCESSABLE_ENTITY
- );
- }
-
- return null;
- }
-
- /**
* Return storage
*
* @NoAdminRequired
@@ -218,4 +186,14 @@ class UserStoragesController extends StoragesController {
public function destroy($id) {
return parent::destroy($id);
}
+
+ /**
+ * Get the user type for this controller, used in validation
+ *
+ * @return string BackendService::USER_* constants
+ */
+ protected function getUserType() {
+ return BackendService::USER_PERSONAL;
+ }
+
}