From de6940352a2f708376219a89ec84a8e6d25ca59e Mon Sep 17 00:00:00 2001 From: Christoph Wurst Date: Tue, 17 Sep 2019 16:33:27 +0200 Subject: Move settings to an app Signed-off-by: Christoph Wurst Signed-off-by: npmbuildbot[bot] --- .../settings/lib/Middleware/SubadminMiddleware.php | 92 ++++++++++++++++++++++ 1 file changed, 92 insertions(+) create mode 100644 apps/settings/lib/Middleware/SubadminMiddleware.php (limited to 'apps/settings/lib/Middleware') diff --git a/apps/settings/lib/Middleware/SubadminMiddleware.php b/apps/settings/lib/Middleware/SubadminMiddleware.php new file mode 100644 index 00000000000..c6f77ac04fe --- /dev/null +++ b/apps/settings/lib/Middleware/SubadminMiddleware.php @@ -0,0 +1,92 @@ + + * @author Morris Jobke + * @author Roeland Jago Douma + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ + +namespace OCA\Settings\Middleware; + +use OC\AppFramework\Http; +use OC\AppFramework\Middleware\Security\Exceptions\NotAdminException; +use OC\AppFramework\Utility\ControllerMethodReflector; +use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\TemplateResponse; +use OCP\AppFramework\Middleware; +use OCP\IL10N; + +/** + * Verifies whether an user has at least subadmin rights. + * To bypass use the `@NoSubadminRequired` annotation + */ +class SubadminMiddleware extends Middleware { + /** @var bool */ + protected $isSubAdmin; + /** @var ControllerMethodReflector */ + protected $reflector; + /** @var IL10N */ + private $l10n; + + /** + * @param ControllerMethodReflector $reflector + * @param bool $isSubAdmin + * @param IL10N $l10n + */ + public function __construct(ControllerMethodReflector $reflector, + $isSubAdmin, + IL10N $l10n) { + $this->reflector = $reflector; + $this->isSubAdmin = $isSubAdmin; + $this->l10n = $l10n; + } + + /** + * Check if sharing is enabled before the controllers is executed + * @param Controller $controller + * @param string $methodName + * @throws \Exception + */ + public function beforeController($controller, $methodName) { + if(!$this->reflector->hasAnnotation('NoSubadminRequired')) { + if(!$this->isSubAdmin) { + throw new NotAdminException($this->l10n->t('Logged in user must be a subadmin')); + } + } + } + + /** + * Return 403 page in case of an exception + * @param Controller $controller + * @param string $methodName + * @param \Exception $exception + * @return TemplateResponse + * @throws \Exception + */ + public function afterException($controller, $methodName, \Exception $exception) { + if($exception instanceof NotAdminException) { + $response = new TemplateResponse('core', '403', array(), 'guest'); + $response->setStatus(Http::STATUS_FORBIDDEN); + return $response; + } + + throw $exception; + } + +} -- cgit v1.2.3