From 7cb12d4bff80e91cb844b9ed0021c290455279ee Mon Sep 17 00:00:00 2001 From: Robin Appelman Date: Thu, 4 Sep 2014 15:23:55 +0200 Subject: [PATCH] Add sabredav plugin to check if a user has access to an app --- .../connector/sabre/appenabledplugin.php | 75 +++++++++++++++++++ public.php | 4 +- remote.php | 4 +- 3 files changed, 81 insertions(+), 2 deletions(-) create mode 100644 lib/private/connector/sabre/appenabledplugin.php diff --git a/lib/private/connector/sabre/appenabledplugin.php b/lib/private/connector/sabre/appenabledplugin.php new file mode 100644 index 0000000000..73fed948f9 --- /dev/null +++ b/lib/private/connector/sabre/appenabledplugin.php @@ -0,0 +1,75 @@ + + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Connector\Sabre; + +use OCP\App\IManager; +use Sabre\DAV\Exception\Forbidden; +use Sabre\DAV\ServerPlugin; + +/** + * Plugin to check if an app is enabled for the current user + */ +class AppEnabledPlugin extends ServerPlugin { + + /** + * Reference to main server object + * + * @var \Sabre\DAV\Server + */ + private $server; + + /** + * @var string + */ + private $app; + + /** + * @var \OCP\App\IManager + */ + private $appManager; + + /** + * @param string $app + * @param \OCP\App\IManager $appManager + */ + public function __construct($app, IManager $appManager) { + $this->app = $app; + $this->appManager = $appManager; + } + + /** + * This initializes the plugin. + * + * This function is called by \Sabre\DAV\Server, after + * addPlugin is called. + * + * This method should set up the required event subscriptions. + * + * @param \Sabre\DAV\Server $server + * @return void + */ + public function initialize(\Sabre\DAV\Server $server) { + + $this->server = $server; + $this->server->subscribeEvent('beforeMethod', array($this, 'checkAppEnabled'), 30); + } + + /** + * This method is called before any HTTP after auth and checks if the user has access to the app + * + * @throws \Sabre\DAV\Exception\Forbidden + * @return bool + */ + public function checkAppEnabled() { + if (!$this->appManager->isEnabledForUser($this->app)) { + throw new Forbidden(); + } + } +} diff --git a/public.php b/public.php index 0e04db66da..c5c227ef46 100644 --- a/public.php +++ b/public.php @@ -37,7 +37,9 @@ try { OC_App::loadApps(array('authentication')); OC_App::loadApps(array('filesystem', 'logging')); - OC_Util::checkAppEnabled($app); + if (!\OC::$server->getAppManager()->isInstalled($app)) { + throw new Exception('App not installed: ' . $app); + } OC_App::loadApp($app); OC_User::setIncognitoMode(true); diff --git a/remote.php b/remote.php index d854b1d65a..7993566afe 100644 --- a/remote.php +++ b/remote.php @@ -43,7 +43,9 @@ try { $file = OC::$SERVERROOT .'/'. $file; break; default: - OC_Util::checkAppEnabled($app); + if (!\OC::$server->getAppManager()->isInstalled($app)) { + throw new Exception('App not installed: ' . $app); + } OC_App::loadApp($app); $file = OC_App::getAppPath($app) .'/'. $parts[1]; break;