Add "single user mode" which restricts access to users in the admin group

This can be enabled by setting 'singleuser' to true in config.php
This commit is contained in:
Robin Appelman 2013-11-25 15:08:24 +01:00
parent de2b444030
commit 71c1327691
2 changed files with 19 additions and 1 deletions

View File

@ -230,6 +230,22 @@ class OC {
} }
} }
public static function checkSingleUserMode() {
$user = OC_User::getUserSession()->getUser();
$group = OC_Group::getManager()->get('admin');
if ($user && OC_Config::getValue('singleuser', false) && !$group->inGroup($user)) {
// send http status 503
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
header('Retry-After: 120');
// render error page
$tmpl = new OC_Template('', 'singleuser.user', 'guest');
$tmpl->printPage();
die();
}
}
public static function checkUpgrade($showTemplate = true) { public static function checkUpgrade($showTemplate = true) {
if (OC_Config::getValue('installed', false)) { if (OC_Config::getValue('installed', false)) {
$installedVersion = OC_Config::getValue('version', '0.0.0'); $installedVersion = OC_Config::getValue('version', '0.0.0');
@ -652,11 +668,12 @@ class OC {
// Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP // Test it the user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
OC::tryBasicAuthLogin(); OC::tryBasicAuthLogin();
if (!self::$CLI) { if (!self::$CLI and (!isset($_GET["logout"]) or ($_GET["logout"] !== 'true'))) {
try { try {
if (!OC_Config::getValue('maintenance', false)) { if (!OC_Config::getValue('maintenance', false)) {
OC_App::loadApps(); OC_App::loadApps();
} }
self::checkSingleUserMode();
OC::getRouter()->match(OC_Request::getRawPathInfo()); OC::getRouter()->match(OC_Request::getRawPathInfo());
return; return;
} catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) { } catch (Symfony\Component\Routing\Exception\ResourceNotFoundException $e) {

View File

@ -5,6 +5,7 @@ try {
require_once 'lib/base.php'; require_once 'lib/base.php';
OC::checkMaintenanceMode(); OC::checkMaintenanceMode();
OC::checkSingleUserMode();
if (!isset($_GET['service'])) { if (!isset($_GET['service'])) {
header('HTTP/1.0 404 Not Found'); header('HTTP/1.0 404 Not Found');
exit; exit;