* * @author Robin Appelman * * @license GNU AGPL version 3 or any later version * * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as * published by the Free Software Foundation, either version 3 of the * License, or (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . * */ namespace OC\Lockdown; use OC\Authentication\Token\IToken; use OCP\ISession; use OCP\Lockdown\ILockdownManager; class LockdownManager implements ILockdownManager { /** @var ISession */ private $sessionCallback; private $enabled = false; /** @var array|null */ private $scope; /** * LockdownManager constructor. * * @param callable $sessionCallback we need to inject the session lazily to avoid dependency loops */ public function __construct(callable $sessionCallback) { $this->sessionCallback = $sessionCallback; } public function enable() { $this->enabled = true; } /** * @return ISession */ private function getSession() { $callback = $this->sessionCallback; return $callback(); } private function getScopeAsArray() { if (!$this->scope) { $session = $this->getSession(); $sessionScope = $session->get('token_scope'); if ($sessionScope) { $this->scope = $sessionScope; } } return $this->scope; } public function setToken(IToken $token) { $this->scope = $token->getScopeAsArray(); $session = $this->getSession(); $session->set('token_scope', $this->scope); $this->enable(); } public function canAccessFilesystem() { $scope = $this->getScopeAsArray(); return !$scope || $scope['filesystem']; } }