diff options
Diffstat (limited to 'lib/private/appframework/middleware')
| -rw-r--r-- | lib/private/appframework/middleware/security/securitymiddleware.php | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php index 948a43ce0f4..0a694318634 100644 --- a/lib/private/appframework/middleware/security/securitymiddleware.php +++ b/lib/private/appframework/middleware/security/securitymiddleware.php @@ -34,6 +34,7 @@ use OCP\INavigationManager; use OCP\IURLGenerator; use OCP\IRequest; use OCP\ILogger; +use OCP\AppFramework\Controller; /** @@ -116,6 +117,16 @@ class SecurityMiddleware extends Middleware { } } + /** + * FIXME: Use DI once available + * Checks if app is enabled (also inclues a check whether user is allowed to access the resource) + * The getAppPath() check is here since components such as settings also use the AppFramework and + * therefore won't pass this check. + */ + if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) { + throw new SecurityException('App is not enabled', Http::STATUS_PRECONDITION_FAILED); + } + } |