diff options
Diffstat (limited to 'apps/provisioning_api')
3 files changed, 103 insertions, 0 deletions
diff --git a/apps/provisioning_api/lib/AppInfo/Application.php b/apps/provisioning_api/lib/AppInfo/Application.php new file mode 100644 index 00000000000..2d6a82e2ff9 --- /dev/null +++ b/apps/provisioning_api/lib/AppInfo/Application.php @@ -0,0 +1,28 @@ +<?php + +namespace OCA\Provisioning_API\AppInfo; + +use OC\AppFramework\Utility\SimpleContainer; +use OCA\Provisioning_API\Middleware\ProvisioningApiMiddleware; +use OCP\AppFramework\App; + +class Application extends App { + public function __construct(array $urlParams = array()) { + parent::__construct('provisioning_api', $urlParams); + + $container = $this->getContainer(); + $server = $container->getServer(); + + $container->registerService('ProvisioningApiMiddleware', function(SimpleContainer $c) use ($server) { + $user = $server->getUserManager()->get($c['UserId']); + $isAdmin = $user !== null ? $server->getGroupManager()->isAdmin($user->getUID()) : false; + $isSubAdmin = $user !== null ? $server->getGroupManager()->getSubAdmin()->isSubAdmin($user) : false; + return new ProvisioningApiMiddleware( + $c['ControllerMethodReflector'], + $isAdmin, + $isSubAdmin + ); + }); + $container->registerMiddleWare('ProvisioningApiMiddleware'); + } +} diff --git a/apps/provisioning_api/lib/Middleware/Exceptions/NotSubAdminException.php b/apps/provisioning_api/lib/Middleware/Exceptions/NotSubAdminException.php new file mode 100644 index 00000000000..007ea04db46 --- /dev/null +++ b/apps/provisioning_api/lib/Middleware/Exceptions/NotSubAdminException.php @@ -0,0 +1,11 @@ +<?php + +namespace OCA\Provisioning_API\Middleware\Exceptions; + +use OCP\AppFramework\Http; + +class NotSubAdminException extends \Exception { + public function __construct() { + parent::__construct('Logged in user must be at least a sub admin', Http::STATUS_FORBIDDEN); + } +}
\ No newline at end of file diff --git a/apps/provisioning_api/lib/Middleware/ProvisioningApiMiddleware.php b/apps/provisioning_api/lib/Middleware/ProvisioningApiMiddleware.php new file mode 100644 index 00000000000..d9afe596027 --- /dev/null +++ b/apps/provisioning_api/lib/Middleware/ProvisioningApiMiddleware.php @@ -0,0 +1,64 @@ +<?php + +namespace OCA\Provisioning_API\Middleware; + +use OCA\Provisioning_API\Middleware\Exceptions\NotSubAdminException; +use OCP\AppFramework\Http\Response; +use OCP\AppFramework\Middleware; +use OCP\AppFramework\OCS\OCSException; +use OCP\AppFramework\Utility\IControllerMethodReflector; + +class ProvisioningApiMiddleware extends Middleware { + + /** @var IControllerMethodReflector */ + private $reflector; + + /** @var bool */ + private $isAdmin; + + /** @var bool */ + private $isSubAdmin; + + /** + * ProvisioningApiMiddleware constructor. + * + * @param IControllerMethodReflector $reflector + * @param bool $isAdmin + * @param bool $isSubAdmin + */ + public function __construct( + IControllerMethodReflector $reflector, + $isAdmin, + $isSubAdmin) { + $this->reflector = $reflector; + $this->isAdmin = $isAdmin; + $this->isSubAdmin = $isSubAdmin; + } + + /** + * @param \OCP\AppFramework\Controller $controller + * @param string $methodName + * + * @throws NotSubAdminException + */ + public function beforeController($controller, $methodName) { + if (!$this->isAdmin && !$this->reflector->hasAnnotation('NoSubAdminRequired') && !$this->isSubAdmin) { + throw new NotSubAdminException(); + } + } + + /** + * @param \OCP\AppFramework\Controller $controller + * @param string $methodName + * @param \Exception $exception + * @throws \Exception + * @return Response + */ + public function afterException($controller, $methodName, \Exception $exception) { + if ($exception instanceof NotSubAdminException) { + throw new OCSException($exception->getMessage(), \OCP\API::RESPOND_UNAUTHORISED); + } + + throw $exception; + } +}
\ No newline at end of file |