diff options
Diffstat (limited to 'apps/settings/lib/Middleware')
| -rw-r--r-- | apps/settings/lib/Middleware/SubadminMiddleware.php | 32 |
1 files changed, 19 insertions, 13 deletions
diff --git a/apps/settings/lib/Middleware/SubadminMiddleware.php b/apps/settings/lib/Middleware/SubadminMiddleware.php index fe92661d24e..02d68e138da 100644 --- a/apps/settings/lib/Middleware/SubadminMiddleware.php +++ b/apps/settings/lib/Middleware/SubadminMiddleware.php @@ -1,9 +1,13 @@ <?php + +declare(strict_types=1); + /** * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors/** * SPDX-FileCopyrightText: 2016 ownCloud, Inc. * SPDX-License-Identifier: AGPL-3.0-only */ + namespace OCA\Settings\Middleware; use OC\AppFramework\Http; @@ -12,27 +16,29 @@ use OC\AppFramework\Utility\ControllerMethodReflector; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Middleware; +use OCP\Group\ISubAdmin; use OCP\IL10N; +use OCP\IUserSession; /** * Verifies whether an user has at least subadmin rights. * To bypass use the `@NoSubAdminRequired` annotation */ class SubadminMiddleware extends Middleware { - /** @var ControllerMethodReflector */ - protected $reflector; - - /** - * @param ControllerMethodReflector $reflector - * @param bool $isSubAdmin - * @param IL10N $l10n - */ public function __construct( - ControllerMethodReflector $reflector, - protected $isSubAdmin, + protected ControllerMethodReflector $reflector, + protected IUserSession $userSession, + protected ISubAdmin $subAdminManager, private IL10N $l10n, ) { - $this->reflector = $reflector; + } + + private function isSubAdmin(): bool { + $userObject = $this->userSession->getUser(); + if ($userObject === null) { + return false; + } + return $this->subAdminManager->isSubAdmin($userObject); } /** @@ -43,8 +49,8 @@ class SubadminMiddleware extends Middleware { */ public function beforeController($controller, $methodName) { if (!$this->reflector->hasAnnotation('NoSubAdminRequired') && !$this->reflector->hasAnnotation('AuthorizedAdminSetting')) { - if (!$this->isSubAdmin) { - throw new NotAdminException($this->l10n->t('Logged in account must be a subadmin')); + if (!$this->isSubAdmin()) { + throw new NotAdminException($this->l10n->t('Logged in account must be a sub admin')); } } } |