summaryrefslogtreecommitdiffstats
path: root/settings
diff options
context:
space:
mode:
authorBjoern Schiessle <schiessle@owncloud.com>2015-08-04 18:33:19 +0200
committerBjoern Schiessle <schiessle@owncloud.com>2015-08-05 10:40:49 +0200
commit6534202573dd3dfdafb5c864c967cd9330ccc26d (patch)
treea287a14c2ea203f282c86efa2b0a220ffb8db0d0 /settings
parenta430e75425263913af1f322a9cffd43a7e38f766 (diff)
downloadnextcloud-server-6534202573dd3dfdafb5c864c967cd9330ccc26d.tar.gz
nextcloud-server-6534202573dd3dfdafb5c864c967cd9330ccc26d.zip
also block certificate management in the back-end if external storages are disabled for the user
Diffstat (limited to 'settings')
-rw-r--r--settings/application.php3
-rw-r--r--settings/controller/certificatecontroller.php34
2 files changed, 35 insertions, 2 deletions
diff --git a/settings/application.php b/settings/application.php
index 8da835c18d2..155cc39d041 100644
--- a/settings/application.php
+++ b/settings/application.php
@@ -107,7 +107,8 @@ class Application extends App {
$c->query('AppName'),
$c->query('Request'),
$c->query('CertificateManager'),
- $c->query('L10N')
+ $c->query('L10N'),
+ $c->query('IAppManager')
);
});
$container->registerService('GroupsController', function(IContainer $c) {
diff --git a/settings/controller/certificatecontroller.php b/settings/controller/certificatecontroller.php
index ea20b7c587f..92d0961efb7 100644
--- a/settings/controller/certificatecontroller.php
+++ b/settings/controller/certificatecontroller.php
@@ -21,6 +21,7 @@
namespace OC\Settings\Controller;
+use OCP\App\IAppManager;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\DataResponse;
@@ -36,20 +37,25 @@ class CertificateController extends Controller {
private $certificateManager;
/** @var IL10N */
private $l10n;
+ /** @var IAppManager */
+ private $appManager;
/**
* @param string $appName
* @param IRequest $request
* @param ICertificateManager $certificateManager
* @param IL10N $l10n
+ * @param IAppManager $appManager
*/
public function __construct($appName,
IRequest $request,
ICertificateManager $certificateManager,
- IL10N $l10n) {
+ IL10N $l10n,
+ IAppManager $appManager) {
parent::__construct($appName, $request);
$this->certificateManager = $certificateManager;
$this->l10n = $l10n;
+ $this->appManager = $appManager;
}
/**
@@ -60,6 +66,11 @@ class CertificateController extends Controller {
* @return array
*/
public function addPersonalRootCertificate() {
+
+ if ($this->isCertificateImportAllowed() === false) {
+ return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
+ }
+
$file = $this->request->getUploadedFile('rootcert_import');
if(empty($file)) {
return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY);
@@ -92,8 +103,29 @@ class CertificateController extends Controller {
* @return DataResponse
*/
public function removePersonalRootCertificate($certificateIdentifier) {
+
+ if ($this->isCertificateImportAllowed() === false) {
+ return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
+ }
+
$this->certificateManager->removeCertificate($certificateIdentifier);
return new DataResponse();
}
+ /**
+ * check if certificate import is allowed
+ *
+ * @return bool
+ */
+ protected function isCertificateImportAllowed() {
+ $externalStorageEnabled = $this->appManager->isEnabledForUser('files_external');
+ if ($externalStorageEnabled) {
+ $backends = \OC_Mount_Config::getPersonalBackends();
+ if (!empty($backends)) {
+ return true;
+ }
+ }
+ return false;
+ }
+
}