Merge pull request #2509 from nextcloud/sudo-mode-for-app-enabling

Add sudo mode to enabling and disabling apps

5 files changed, 38 insertions, 0 deletions

diff --git a/settings/ajax/disableapp.php b/settings/ajax/disableapp.php
index 1a000672e6e..8edd1c1453e 100644
--- a/settings/ajax/disableapp.php
+++ b/settings/ajax/disableapp.php
@@ -24,6 +24,13 @@
 OCP\JSON::checkAdminUser();
 OCP\JSON::callCheck();
 
+$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
+if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
+	$l = \OC::$server->getL10N('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
+	exit();
+}
+
 if (!array_key_exists('appid', $_POST)) {
 	OC_JSON::error();
 	exit;
diff --git a/settings/ajax/enableapp.php b/settings/ajax/enableapp.php
index cf1b7f29db5..b6d62671a63 100644
--- a/settings/ajax/enableapp.php
+++ b/settings/ajax/enableapp.php
@@ -28,6 +28,13 @@
 OC_JSON::checkAdminUser();
 OCP\JSON::callCheck();
 
+$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
+if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
+	$l = \OC::$server->getL10N('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
+	exit();
+}
+
 $groups = isset($_POST['groups']) ? (array)$_POST['groups'] : null;
 
 try {
diff --git a/settings/ajax/installapp.php b/settings/ajax/installapp.php
index 75f3fea83b7..17e5eadf50e 100644
--- a/settings/ajax/installapp.php
+++ b/settings/ajax/installapp.php
@@ -24,6 +24,13 @@
 OCP\JSON::checkAdminUser();
 OCP\JSON::callCheck();
 
+$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
+if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
+	$l = \OC::$server->getL10N('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
+	exit();
+}
+
 if (!array_key_exists('appid', $_POST)) {
 	OC_JSON::error();
 	exit;
diff --git a/settings/ajax/uninstallapp.php b/settings/ajax/uninstallapp.php
index be8196f4b33..0e68a893ef4 100644
--- a/settings/ajax/uninstallapp.php
+++ b/settings/ajax/uninstallapp.php
@@ -24,6 +24,13 @@
 OCP\JSON::checkAdminUser();
 OCP\JSON::callCheck();
 
+$lastConfirm = (int) \OC::$server->getSession()->get('last-password-confirm');
+if ($lastConfirm < (time() - 30 * 60 + 15)) { // allow 15 seconds delay
+	$l = \OC::$server->getL10N('core');
+	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Password confirmation is required'))));
+	exit();
+}
+
 if (!array_key_exists('appid', $_POST)) {
 	OC_JSON::error();
 	exit;
diff --git a/settings/js/apps.js b/settings/js/apps.js
index b52fb3d11ab..de35cd53672 100644
--- a/settings/js/apps.js
+++ b/settings/js/apps.js
@@ -262,6 +262,11 @@ OC.Settings.Apps = OC.Settings.Apps || {
 	},
 
 	enableApp:function(appId, active, element, groups) {
+		if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
+			OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.enableApp, this, appId, active, element, groups));
+			return;
+		}
+
 		var self = this;
 		OC.Settings.Apps.hideErrorMessage(appId);
 		groups = groups || [];
@@ -402,6 +407,11 @@ OC.Settings.Apps = OC.Settings.Apps || {
 	},
 
 	uninstallApp:function(appId, element) {
+		if (OC.PasswordConfirmation.requiresPasswordConfirmation()) {
+			OC.PasswordConfirmation.requirePasswordConfirmation(_.bind(this.uninstallApp, this, appId, element));
+			return;
+		}
+
 		OC.Settings.Apps.hideErrorMessage(appId);
 		element.val(t('settings','Uninstalling ....'));
 		$.post(OC.filePath('settings','ajax','uninstallapp.php'),{appid:appId},function(result) {