diff options
| author | Robin Appelman <robin@icewind.nl> | 2017-02-17 15:40:20 +0100 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2017-04-05 17:58:33 +0200 |
| commit | baec42e80a74543543064f3af9946b9c4dafddeb (patch) | |
| tree | 780c007ecb83b192c090d8a6018fe7a2cb86de43 /lib/private/Lockdown | |
| parent | 6bdd3a167d9872c315236a09233f4a161ae48797 (diff) | |
| download | nextcloud-server-baec42e80a74543543064f3af9946b9c4dafddeb.tar.gz nextcloud-server-baec42e80a74543543064f3af9946b9c4dafddeb.zip | |
Save the scope of an auth token in the session
Signed-off-by: Robin Appelman <robin@icewind.nl>
Diffstat (limited to 'lib/private/Lockdown')
| -rw-r--r-- | lib/private/Lockdown/LockdownManager.php | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/lib/private/Lockdown/LockdownManager.php b/lib/private/Lockdown/LockdownManager.php index 5ce52a03683..93752dc922f 100644 --- a/lib/private/Lockdown/LockdownManager.php +++ b/lib/private/Lockdown/LockdownManager.php @@ -20,27 +20,60 @@ namespace OC\Lockdown; use OC\Authentication\Token\IToken; +use OCP\ISession; use OCP\Lockdown\ILockdownManager; class LockdownManager implements ILockdownManager { + /** @var ISession */ + private $sessionCallback; + private $enabled = false; /** @var array|null */ private $scope; + /** + * LockdownManager constructor. + * + * @param callable $sessionCallback we need to inject the session lazily to avoid dependency loops + */ + public function __construct(callable $sessionCallback) { + $this->sessionCallback = $sessionCallback; + } + + public function enable() { $this->enabled = true; } + /** + * @return ISession + */ + private function getSession() { + $callback = $this->sessionCallback; + return $callback(); + } + + private function getScopeAsArray() { + if (!$this->scope) { + $session = $this->getSession(); + $sessionScope = $session->get('token_scope'); + if ($sessionScope) { + $this->scope = $sessionScope; + } + } + return $this->scope; + } + public function setToken(IToken $token) { $this->scope = $token->getScopeAsArray(); + $session = $this->getSession(); + $session->set('token_scope', $this->scope); $this->enable(); } public function canAccessFilesystem() { - if (!$this->enabled) { - return true; - } - return !$this->scope || $this->scope['filesystem']; + $scope = $this->getScopeAsArray(); + return !$scope || $scope['filesystem']; } } |