diff options
| author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2019-05-22 10:48:51 +0200 |
|---|---|---|
| committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2019-05-23 20:31:40 +0200 |
| commit | 22ae6828237a516b1cd36a3dad623b8046dfd76a (patch) | |
| tree | c00361d0747e295f98e1e089114b8bf48bcc0e57 /lib/private/AppFramework | |
| parent | 09974ae92d6f3bc20143dab43baef9fc75139585 (diff) | |
| download | nextcloud-server-22ae6828237a516b1cd36a3dad623b8046dfd76a.tar.gz nextcloud-server-22ae6828237a516b1cd36a3dad623b8046dfd76a.zip | |
Make it possible to show admin settings for sub admins
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Diffstat (limited to 'lib/private/AppFramework')
| -rw-r--r-- | lib/private/AppFramework/DependencyInjection/DIContainer.php | 2 | ||||
| -rw-r--r-- | lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php | 13 |
2 files changed, 14 insertions, 1 deletions
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php index 209ea5c876d..a6a9b205747 100644 --- a/lib/private/AppFramework/DependencyInjection/DIContainer.php +++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php @@ -56,6 +56,7 @@ use OCP\AppFramework\Utility\ITimeFactory; use OCP\Files\Folder; use OCP\Files\IAppData; use OCP\GlobalScale\IConfig; +use OCP\Group\ISubAdmin; use OCP\IL10N; use OCP\ILogger; use OCP\INavigationManager; @@ -218,6 +219,7 @@ class DIContainer extends SimpleContainer implements IAppContainer { $c['AppName'], $server->getUserSession()->isLoggedIn(), $server->getGroupManager()->isAdmin($this->getUserId()), + $server->getUserSession()->getUser() !== null && $server->query(ISubAdmin::class)->isSubAdmin($server->getUserSession()->getUser()), $server->getContentSecurityPolicyManager(), $server->getCsrfTokenManager(), $server->getContentSecurityPolicyNonceManager(), diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index 87954ccc1cb..fef3f226e15 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -82,6 +82,8 @@ class SecurityMiddleware extends Middleware { private $isLoggedIn; /** @var bool */ private $isAdminUser; + /** @var bool */ + private $isSubAdmin; /** @var ContentSecurityPolicyManager */ private $contentSecurityPolicyManager; /** @var CsrfTokenManager */ @@ -101,6 +103,7 @@ class SecurityMiddleware extends Middleware { string $appName, bool $isLoggedIn, bool $isAdminUser, + bool $isSubAdmin, ContentSecurityPolicyManager $contentSecurityPolicyManager, CsrfTokenManager $csrfTokenManager, ContentSecurityPolicyNonceManager $cspNonceManager, @@ -115,6 +118,7 @@ class SecurityMiddleware extends Middleware { $this->logger = $logger; $this->isLoggedIn = $isLoggedIn; $this->isAdminUser = $isAdminUser; + $this->isSubAdmin = $isSubAdmin; $this->contentSecurityPolicyManager = $contentSecurityPolicyManager; $this->csrfTokenManager = $csrfTokenManager; $this->cspNonceManager = $cspNonceManager; @@ -143,7 +147,14 @@ class SecurityMiddleware extends Middleware { throw new NotLoggedInException(); } - if(!$this->reflector->hasAnnotation('NoAdminRequired') && !$this->isAdminUser) { + if($this->reflector->hasAnnotation('SubAdminRequired') + && !$this->isSubAdmin + && !$this->isAdminUser) { + throw new NotAdminException($this->l10n->t('Logged in user must be an admin or sub admin')); + } + if(!$this->reflector->hasAnnotation('SubAdminRequired') + && !$this->reflector->hasAnnotation('NoAdminRequired') + && !$this->isAdminUser) { throw new NotAdminException($this->l10n->t('Logged in user must be an admin')); } } |