nextcloud/settings/Middleware/SubadminMiddleware.php

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Lukas Reschke <lukas@statuscode.ch>
 * @author Morris Jobke <hey@morrisjobke.de>
 * @author Roeland Jago Douma <roeland@famdouma.nl>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */

namespace OC\Settings\Middleware;

use OC\AppFramework\Http;
use OC\AppFramework\Middleware\Security\Exceptions\NotAdminException;
use OC\AppFramework\Utility\ControllerMethodReflector;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Middleware;
use OCP\IL10N;

/**
 * Verifies whether an user has at least subadmin rights.
 * To bypass use the `@NoSubadminRequired` annotation
 *
 * @package OC\Settings\Middleware
 */
class SubadminMiddleware extends Middleware {
	/** @var bool */
	protected $isSubAdmin;
	/** @var ControllerMethodReflector */
	protected $reflector;
	/** @var IL10N */
	private $l10n;

	/**
	 * @param ControllerMethodReflector $reflector
	 * @param bool $isSubAdmin
	 * @param IL10N $l10n
	 */
	public function __construct(ControllerMethodReflector $reflector,
								$isSubAdmin,
								IL10N $l10n) {
		$this->reflector = $reflector;
		$this->isSubAdmin = $isSubAdmin;
		$this->l10n = $l10n;
	}

	/**
	 * Check if sharing is enabled before the controllers is executed
	 * @param Controller $controller
	 * @param string $methodName
	 * @throws \Exception
	 */
	public function beforeController($controller, $methodName) {
		if(!$this->reflector->hasAnnotation('NoSubadminRequired')) {
			if(!$this->isSubAdmin) {
				throw new NotAdminException($this->l10n->t('Logged in user must be a subadmin'));
			}
		}
	}

	/**
	 * Return 403 page in case of an exception
	 * @param Controller $controller
	 * @param string $methodName
	 * @param \Exception $exception
	 * @return TemplateResponse
	 * @throws \Exception
	 */
	public function afterException($controller, $methodName, \Exception $exception) {
		if($exception instanceof NotAdminException) {
			$response = new TemplateResponse('core', '403', array(), 'guest');
			$response->setStatus(Http::STATUS_FORBIDDEN);
			return $response;
		}

		throw $exception;
	}

}
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`<?php`
			`/**`
Fix others 2016-07-21 18:07:57 +03:00			`* @copyright Copyright (c) 2016, ownCloud, Inc.`
			`*`
Update license headers 2016-05-26 20:56:05 +03:00			`* @author Lukas Reschke <lukas@statuscode.ch>`
Update license headers 2015-03-26 13:44:34 +03:00			`* @author Morris Jobke <hey@morrisjobke.de>`
Fix others 2016-07-21 18:07:57 +03:00			`* @author Roeland Jago Douma <roeland@famdouma.nl>`
Update license headers 2015-03-26 13:44:34 +03:00			`*`
			`* @license AGPL-3.0`
			`*`
			`* This code is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License, version 3,`
			`* as published by the Free Software Foundation.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License, version 3,`
			`* along with this program. If not, see <http://www.gnu.org/licenses/>`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`*`
			`*/`
Revert "Updating license headers" This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36. 2015-02-26 13:37:37 +03:00
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`namespace OC\Settings\Middleware;`

			`use OC\AppFramework\Http;`
Fix inconsistent nameing of AppFramework 2016-04-22 16:28:48 +03:00			`use OC\AppFramework\Middleware\Security\Exceptions\NotAdminException;`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`use OC\AppFramework\Utility\ControllerMethodReflector;`
Fix middleware implementations signatures Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-07-26 10:03:04 +03:00			`use OCP\AppFramework\Controller;`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`use OCP\AppFramework\Http\TemplateResponse;`
			`use OCP\AppFramework\Middleware;`
Provide translated error message for permission error Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2018-02-26 17:32:17 +03:00			`use OCP\IL10N;`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00
			`/**`
			`* Verifies whether an user has at least subadmin rights.`
			* To bypass use the `@NoSubadminRequired` annotation
			`*`
			`* @package OC\Settings\Middleware`
			`*/`
			`class SubadminMiddleware extends Middleware {`
			`/** @var bool */`
			`protected $isSubAdmin;`
			`/** @var ControllerMethodReflector */`
			`protected $reflector;`
Provide translated error message for permission error Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2018-02-26 17:32:17 +03:00			`/** @var IL10N */`
			`private $l10n;`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00
			`/**`
			`* @param ControllerMethodReflector $reflector`
			`* @param bool $isSubAdmin`
Provide translated error message for permission error Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2018-02-26 17:32:17 +03:00			`* @param IL10N $l10n`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`*/`
			`public function __construct(ControllerMethodReflector $reflector,`
Provide translated error message for permission error Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2018-02-26 17:32:17 +03:00			`$isSubAdmin,`
			`IL10N $l10n) {`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`$this->reflector = $reflector;`
			`$this->isSubAdmin = $isSubAdmin;`
Provide translated error message for permission error Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2018-02-26 17:32:17 +03:00			`$this->l10n = $l10n;`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`}`

			`/**`
			`* Check if sharing is enabled before the controllers is executed`
Fix middleware implementations signatures Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-07-26 10:03:04 +03:00			`* @param Controller $controller`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`* @param string $methodName`
			`* @throws \Exception`
			`*/`
Remove explicit type hints for Controller This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-08-01 18:32:03 +03:00			`public function beforeController($controller, $methodName) {`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`if(!$this->reflector->hasAnnotation('NoSubadminRequired')) {`
			`if(!$this->isSubAdmin) {`
Provide translated error message for permission error Signed-off-by: Morris Jobke <hey@morrisjobke.de> 2018-02-26 17:32:17 +03:00			`throw new NotAdminException($this->l10n->t('Logged in user must be a subadmin'));`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`}`
			`}`
			`}`

			`/**`
			`* Return 403 page in case of an exception`
Fix middleware implementations signatures Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2017-07-26 10:03:04 +03:00			`* @param Controller $controller`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`* @param string $methodName`
			`* @param \Exception $exception`
			`* @return TemplateResponse`
Throw normal exceptions instead of eating them Partially addresses https://github.com/owncloud/core/issues/22550 Replaces https://github.com/owncloud/core/pull/20185 2016-02-22 11:41:56 +03:00			`* @throws \Exception`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`*/`
Remove explicit type hints for Controller This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change. Signed-off-by: Lukas Reschke <lukas@statuscode.ch> 2017-08-01 18:32:03 +03:00			`public function afterException($controller, $methodName, \Exception $exception) {`
Throw normal exceptions instead of eating them Partially addresses https://github.com/owncloud/core/issues/22550 Replaces https://github.com/owncloud/core/pull/20185 2016-02-22 11:41:56 +03:00			`if($exception instanceof NotAdminException) {`
			`$response = new TemplateResponse('core', '403', array(), 'guest');`
			`$response->setStatus(Http::STATUS_FORBIDDEN);`
			`return $response;`
			`}`

			`throw $exception;`
Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future. 2014-12-04 16:15:55 +03:00			`}`

			`}`