Check if app is enabled for user

Fixes https://github.com/owncloud/core/issues/12188 for AppFramework apps

lib/private/appframework/middleware/security/securitymiddleware.php

@@ -34,6 +34,7 @@ use OCP\INavigationManager;
 use OCP\IURLGenerator;
 use OCP\IRequest;
 use OCP\ILogger;
+use OCP\AppFramework\Controller;
 
 
 /**
@@ -116,6 +117,16 @@ class SecurityMiddleware extends Middleware {
 			}
 		}
 
+		/**
+		 * FIXME: Use DI once available
+		 * Checks if app is enabled (also inclues a check whether user is allowed to access the resource)
+		 * The getAppPath() check is here since components such as settings also use the AppFramework and
+		 * therefore won't pass this check.
+		 */
+		if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
+			throw new SecurityException('App is not enabled', Http::STATUS_PRECONDITION_FAILED);
+		}
+
 	}
 
 

tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php

@@ -77,7 +77,7 @@ class SecurityMiddlewareTest extends \PHPUnit_Framework_TestCase {
 			$this->navigationManager,
 			$this->urlGenerator,
 			$this->logger,
-			'test',
+			'files',
 			$isLoggedIn,
 			$isAdminUser
 		);
@@ -91,7 +91,7 @@ class SecurityMiddlewareTest extends \PHPUnit_Framework_TestCase {
 	public function testSetNavigationEntry(){
 		$this->navigationManager->expects($this->once())
 			->method('setActiveEntry')
-			->with($this->equalTo('test'));
+			->with($this->equalTo('files'));
 
 		$this->reader->reflect(__CLASS__, __FUNCTION__);
 		$this->middleware->beforeController(__CLASS__, __FUNCTION__);