From dc5e89e624ca7bcc5ff4f9ce5068ccbc75cda7f6 Mon Sep 17 00:00:00 2001 From: Bjoern Schiessle Date: Tue, 4 Aug 2015 18:33:19 +0200 Subject: [PATCH] also block certificate management in the back-end if external storages are disabled for the user --- settings/application.php | 3 +- settings/controller/certificatecontroller.php | 34 ++++++++++++++++++- .../controller/CertificateControllerTest.php | 23 +++++++++---- 3 files changed, 52 insertions(+), 8 deletions(-) diff --git a/settings/application.php b/settings/application.php index 8da835c18d..155cc39d04 100644 --- a/settings/application.php +++ b/settings/application.php @@ -107,7 +107,8 @@ class Application extends App { $c->query('AppName'), $c->query('Request'), $c->query('CertificateManager'), - $c->query('L10N') + $c->query('L10N'), + $c->query('IAppManager') ); }); $container->registerService('GroupsController', function(IContainer $c) { diff --git a/settings/controller/certificatecontroller.php b/settings/controller/certificatecontroller.php index ea20b7c587..92d0961efb 100644 --- a/settings/controller/certificatecontroller.php +++ b/settings/controller/certificatecontroller.php @@ -21,6 +21,7 @@ namespace OC\Settings\Controller; +use OCP\App\IAppManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; @@ -36,20 +37,25 @@ class CertificateController extends Controller { private $certificateManager; /** @var IL10N */ private $l10n; + /** @var IAppManager */ + private $appManager; /** * @param string $appName * @param IRequest $request * @param ICertificateManager $certificateManager * @param IL10N $l10n + * @param IAppManager $appManager */ public function __construct($appName, IRequest $request, ICertificateManager $certificateManager, - IL10N $l10n) { + IL10N $l10n, + IAppManager $appManager) { parent::__construct($appName, $request); $this->certificateManager = $certificateManager; $this->l10n = $l10n; + $this->appManager = $appManager; } /** @@ -60,6 +66,11 @@ class CertificateController extends Controller { * @return array */ public function addPersonalRootCertificate() { + + if ($this->isCertificateImportAllowed() === false) { + return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN); + } + $file = $this->request->getUploadedFile('rootcert_import'); if(empty($file)) { return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY); @@ -92,8 +103,29 @@ class CertificateController extends Controller { * @return DataResponse */ public function removePersonalRootCertificate($certificateIdentifier) { + + if ($this->isCertificateImportAllowed() === false) { + return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN); + } + $this->certificateManager->removeCertificate($certificateIdentifier); return new DataResponse(); } + /** + * check if certificate import is allowed + * + * @return bool + */ + protected function isCertificateImportAllowed() { + $externalStorageEnabled = $this->appManager->isEnabledForUser('files_external'); + if ($externalStorageEnabled) { + $backends = \OC_Mount_Config::getPersonalBackends(); + if (!empty($backends)) { + return true; + } + } + return false; + } + } diff --git a/tests/settings/controller/CertificateControllerTest.php b/tests/settings/controller/CertificateControllerTest.php index b698119503..023d7753cc 100644 --- a/tests/settings/controller/CertificateControllerTest.php +++ b/tests/settings/controller/CertificateControllerTest.php @@ -21,6 +21,7 @@ namespace OC\Settings\Controller; +use OCP\App\IAppManager; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; @@ -41,6 +42,8 @@ class CertificateControllerTest extends \Test\TestCase { private $certificateManager; /** @var IL10N */ private $l10n; + /** @var IAppManager */ + private $appManager; public function setUp() { parent::setUp(); @@ -48,13 +51,21 @@ class CertificateControllerTest extends \Test\TestCase { $this->request = $this->getMock('\OCP\IRequest'); $this->certificateManager = $this->getMock('\OCP\ICertificateManager'); $this->l10n = $this->getMock('\OCP\IL10N'); + $this->appManager = $this->getMock('OCP\App\IAppManager'); - $this->certificateController = new CertificateController( - 'settings', - $this->request, - $this->certificateManager, - $this->l10n - ); + $this->certificateController = $this->getMockBuilder('OC\Settings\Controller\CertificateController') + ->setConstructorArgs( + [ + 'settings', + $this->request, + $this->certificateManager, + $this->l10n, + $this->appManager + ] + )->setMethods(['isCertificateImportAllowed'])->getMock(); + + $this->certificateController->expects($this->any()) + ->method('isCertificateImportAllowed')->willReturn(true); } public function testAddPersonalRootCertificateWithEmptyFile() {