basic lockdown logic

Signed-off-by: Robin Appelman <icewind@owncloud.com>

3 files changed, 345 insertions, 0 deletions

diff --git a/lib/private/Lockdown/Filesystem/NullCache.php b/lib/private/Lockdown/Filesystem/NullCache.php
new file mode 100644
index 00000000000..8c6b5258aa8
--- /dev/null
+++ b/lib/private/Lockdown/Filesystem/NullCache.php
@@ -0,0 +1,122 @@
+<?php
+
+/**
+ * @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Lockdown\Filesystem;
+
+use OC\Files\Cache\CacheEntry;
+use OCP\Constants;
+use OCP\Files\Cache\ICache;
+use OCP\Files\Cache\ICacheEntry;
+use OCP\Files\FileInfo;
+
+class NullCache implements ICache {
+	public function getNumericStorageId() {
+		return -1;
+	}
+
+	public function get($file) {
+		return $file !== '' ? null :
+			new CacheEntry([
+				'fileid' => -1,
+				'parent' => -1,
+				'name' => '',
+				'path' => '',
+				'size' => '0',
+				'mtime' => time(),
+				'storage_mtime' => time(),
+				'etag' => '',
+				'mimetype' => FileInfo::MIMETYPE_FOLDER,
+				'mimepart' => 'httpd',
+				'permissions' => Constants::PERMISSION_READ
+			]);
+	}
+
+	public function getFolderContents($folder) {
+		return [];
+	}
+
+	public function getFolderContentsById($fileId) {
+		return [];
+	}
+
+	public function put($file, array $data) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function insert($file, array $data) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function update($id, array $data) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function getId($file) {
+		return -1;
+	}
+
+	public function getParentId($file) {
+		return -1;
+	}
+
+	public function inCache($file) {
+		return $file === '';
+	}
+
+	public function remove($file) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function move($source, $target) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function moveFromCache(ICache $sourceCache, $sourcePath, $targetPath) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function getStatus($file) {
+		return ICache::COMPLETE;
+	}
+
+	public function search($pattern) {
+		return [];
+	}
+
+	public function searchByMime($mimetype) {
+		return [];
+	}
+
+	public function searchByTag($tag, $userId) {
+		return [];
+	}
+
+	public function getIncomplete() {
+		return [];
+	}
+
+	public function getPathById($id) {
+		return '';
+	}
+
+	public function normalize($path) {
+		return $path;
+	}
+
+}
diff --git a/lib/private/Lockdown/Filesystem/NullStorage.php b/lib/private/Lockdown/Filesystem/NullStorage.php
new file mode 100644
index 00000000000..967b6d2c6e7
--- /dev/null
+++ b/lib/private/Lockdown/Filesystem/NullStorage.php
@@ -0,0 +1,177 @@
+<?php
+
+/**
+ * @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Lockdown\Filesystem;
+
+use Icewind\Streams\IteratorDirectory;
+use OC\Files\Storage\Common;
+
+class NullStorage extends Common {
+	public function __construct($parameters) {
+		parent::__construct($parameters);
+	}
+
+	public function getId() {
+		return 'null';
+	}
+
+	public function mkdir($path) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function rmdir($path) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function opendir($path) {
+		return new IteratorDirectory([]);
+	}
+
+	public function is_dir($path) {
+		return $path === '';
+	}
+
+	public function is_file($path) {
+		return false;
+	}
+
+	public function stat($path) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function filetype($path) {
+		return ($path === '') ? 'dir' : false;
+	}
+
+	public function filesize($path) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function isCreatable($path) {
+		return false;
+	}
+
+	public function isReadable($path) {
+		return $path === '';
+	}
+
+	public function isUpdatable($path) {
+		return false;
+	}
+
+	public function isDeletable($path) {
+		return false;
+	}
+
+	public function isSharable($path) {
+		return false;
+	}
+
+	public function getPermissions($path) {
+		return null;
+	}
+
+	public function file_exists($path) {
+		return $path === '';
+	}
+
+	public function filemtime($path) {
+		return ($path === '') ? time() : false;
+	}
+
+	public function file_get_contents($path) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function file_put_contents($path, $data) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function unlink($path) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function rename($path1, $path2) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function copy($path1, $path2) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function fopen($path, $mode) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function getMimeType($path) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function hash($type, $path, $raw = false) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function free_space($path) {
+		return 0;
+	}
+
+	public function touch($path, $mtime = null) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function getLocalFile($path) {
+		return false;
+	}
+
+	public function hasUpdated($path, $time) {
+		return false;
+	}
+
+	public function getETag($path) {
+		return '';
+	}
+
+	public function isLocal() {
+		return false;
+	}
+
+	public function getDirectDownload($path) {
+		return false;
+	}
+
+	public function copyFromStorage(\OCP\Files\Storage $sourceStorage, $sourceInternalPath, $targetInternalPath) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function moveFromStorage(\OCP\Files\Storage $sourceStorage, $sourceInternalPath, $targetInternalPath) {
+		throw new \OC\ForbiddenException('This request is not allowed to access the filesystem');
+	}
+
+	public function test() {
+		return true;
+	}
+
+	public function getOwner($path) {
+		return null;
+	}
+
+	public function getCache($path = '', $storage = null) {
+		return new NullCache();
+	}
+}
diff --git a/lib/private/Lockdown/LockdownManager.php b/lib/private/Lockdown/LockdownManager.php
new file mode 100644
index 00000000000..9f10646a9dd
--- /dev/null
+++ b/lib/private/Lockdown/LockdownManager.php
@@ -0,0 +1,46 @@
+<?php
+
+/**
+ * @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Lockdown;
+
+use OC\Authentication\Token\IToken;
+use OCP\Lockdown\ILockdownManager;
+
+class LockdownManager implements ILockdownManager {
+	/** @var IToken|null */
+	private $token;
+
+	private $enabled = false;
+
+	public function enable() {
+		$this->enabled = true;
+	}
+
+	public function setToken(IToken $token) {
+		$this->token = $token;
+	}
+
+	public function canAccessFilesystem() {
+		return true;
+	}
+
+	public function canAccessApp($app) {
+		return $app === 'logreader' || $app === 'files' || $app === 'dav';
+	}
+}