This is like what we have to DI and classes, but for callables.
The motivating factor is to get rid of *service locators* in the `boot`
method of apps as a new pattern is about to emerge where we have lots of
`query` calls on the app or server container in order to fetch some
services.
With this little helper it's possible to call another (public) method
and magically have everything injected.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.
Helps with #21474
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Some apps require the composer autoloader from app.php. If we run boot
before including that file, classes and functions from dependencies
won't be found.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
9 out of 10 cases apps want to access their own appconfig. Hence it
would be nice not to have to enter the app id all the time. This simple
wrapper just passes on the appid in all calls.
Basically this allows for simpler code in the apps.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
That leads to a false positive is not setup via query() but directly warning for every app because
the check does not work anymore.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
The external shares entry showed a "button" that, when pressed, replaced
the button with the input to set the remote share address. The "button"
was actually a label for the input, so when the label was focused it
transferred the focus to the input and thus pressing enter or space did
not show the input. Moreover, inputs inside links are not valid HTML,
and once shown there was no way to hide the input again.
Due to all this, and for consistency with the direct link input, the
external share input was moved to a different menu item that is shown
and hidden when the button, which nows is also a real button, is
clicked.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
this is triggerd (and not cought by the query arm) if an item from an app is queried before the app queries it's own Application instance
Signed-off-by: Robin Appelman <robin@icewind.nl>
The reflect method is (and should) only every be called internally.
Since if you call it again it would otherwise start mixing and matching
arguments etc.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
If there is no policy set we just take the default empty ones.
That way no obscure errors get thrown if the constructor is not called.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
If the token doesn't match (or isn't set) during the redirect. We should
properly set it. Else we might redirect to a later auth display that set
these values.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
For #14179
By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This for now uses the jsNonce. That way we can easily backport it.
For 17 I will fix it properly.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#13662
This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.
This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When id column has no autoincrement flag query for lastInsertId fails
on postgres because no value has been generated. Call lastInsertId only
if id is null.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
This way code using the DB mappers can have try catch blocks on this
type of exceptions if they do not care if there was non or to many.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This allows elegant upserts where the entity ID is provided (e.g. by an
external system) and when that data is fed into our database multiple
times.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Fixes#11035
Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Now this is in core so the basics (that 99% of the app will want to
use) looks always the same.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Deprecate our default CSP
* Add strict CSP that is always our strictest setting
* Add strict eval CSP (disable unsafe-eval)
* Add strict inline CSP (disables inline styles)
This is just to move forward and have a incremental improvement of our
CSP
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This avoids having to do it at all the places we want cached responses.
We can't inject the ITimeFactor without breaking public API.
However we can perfectly overwrite the service (resulting in the same
testable effect).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Joas Schilling
Christoph Wurst
Morris Jobke
Roeland Jago Douma
Julius Härtl
Roeland Jago Douma
Clement Wong
Daniel Kesselberg
Christoph Wurst
Pavel Krasikov
TimObert
Daniel Calviño Sánchez
Robin Appelman
Marius David Wieschollek
Jakob Sack