aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Lockdown/LockdownManager.php
diff options
context:
space:
mode:
Diffstat (limited to 'lib/private/Lockdown/LockdownManager.php')
-rw-r--r--lib/private/Lockdown/LockdownManager.php66
1 files changed, 66 insertions, 0 deletions
diff --git a/lib/private/Lockdown/LockdownManager.php b/lib/private/Lockdown/LockdownManager.php
new file mode 100644
index 00000000000..4f351812bad
--- /dev/null
+++ b/lib/private/Lockdown/LockdownManager.php
@@ -0,0 +1,66 @@
+<?php
+
+/**
+ * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OC\Lockdown;
+
+use OCP\Authentication\Token\IToken;
+use OCP\ISession;
+use OCP\Lockdown\ILockdownManager;
+
+class LockdownManager implements ILockdownManager {
+ /** @var ISession */
+ private $sessionCallback;
+
+ private $enabled = false;
+
+ /** @var array|null */
+ private $scope;
+
+ /**
+ * LockdownManager constructor.
+ *
+ * @param callable $sessionCallback we need to inject the session lazily to avoid dependency loops
+ */
+ public function __construct(callable $sessionCallback) {
+ $this->sessionCallback = $sessionCallback;
+ }
+
+
+ public function enable() {
+ $this->enabled = true;
+ }
+
+ /**
+ * @return ISession
+ */
+ private function getSession() {
+ $callback = $this->sessionCallback;
+ return $callback();
+ }
+
+ private function getScopeAsArray() {
+ if (!$this->scope) {
+ $session = $this->getSession();
+ $sessionScope = $session->get('token_scope');
+ if ($sessionScope) {
+ $this->scope = $sessionScope;
+ }
+ }
+ return $this->scope;
+ }
+
+ public function setToken(IToken $token) {
+ $this->scope = $token->getScopeAsArray();
+ $session = $this->getSession();
+ $session->set('token_scope', $this->scope);
+ $this->enable();
+ }
+
+ public function canAccessFilesystem() {
+ $scope = $this->getScopeAsArray();
+ return !$scope || $scope[IToken::SCOPE_FILESYSTEM];
+ }
+}
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-15 22:22:05 +0000