1
0

SharingCheckMiddleware.php 4.3 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Bjoern Schiessle <bjoern@schiessle.org>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Lukas Reschke <lukas@statuscode.ch>
  9. * @author Morris Jobke <hey@morrisjobke.de>
  10. * @author Roeland Jago Douma <roeland@famdouma.nl>
  11. * @author Thomas Müller <thomas.mueller@tmit.eu>
  12. *
  13. * @license AGPL-3.0
  14. *
  15. * This code is free software: you can redistribute it and/or modify
  16. * it under the terms of the GNU Affero General Public License, version 3,
  17. * as published by the Free Software Foundation.
  18. *
  19. * This program is distributed in the hope that it will be useful,
  20. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  22. * GNU Affero General Public License for more details.
  23. *
  24. * You should have received a copy of the GNU Affero General Public License, version 3,
  25. * along with this program. If not, see <http://www.gnu.org/licenses/>
  26. *
  27. */
  28. namespace OCA\Files_Sharing\Middleware;
  29. use OCA\Files_Sharing\Controller\ExternalSharesController;
  30. use OCA\Files_Sharing\Exceptions\S2SException;
  31. use OCP\App\IAppManager;
  32. use OCP\AppFramework\Controller;
  33. use OCP\AppFramework\Http\JSONResponse;
  34. use OCP\AppFramework\Http\NotFoundResponse;
  35. use OCP\AppFramework\Http\Response;
  36. use OCP\AppFramework\Middleware;
  37. use OCP\AppFramework\Utility\IControllerMethodReflector;
  38. use OCP\Files\NotFoundException;
  39. use OCP\IConfig;
  40. use OCP\IRequest;
  41. use OCP\Share\IManager;
  42. /**
  43. * Checks whether the "sharing check" is enabled
  44. *
  45. * @package OCA\Files_Sharing\Middleware
  46. */
  47. class SharingCheckMiddleware extends Middleware {
  48. /** @var string */
  49. protected $appName;
  50. /** @var IConfig */
  51. protected $config;
  52. /** @var IAppManager */
  53. protected $appManager;
  54. /** @var IControllerMethodReflector */
  55. protected $reflector;
  56. /** @var IManager */
  57. protected $shareManager;
  58. /** @var IRequest */
  59. protected $request;
  60. public function __construct(string $appName,
  61. IConfig $config,
  62. IAppManager $appManager,
  63. IControllerMethodReflector $reflector,
  64. IManager $shareManager,
  65. IRequest $request
  66. ) {
  67. $this->appName = $appName;
  68. $this->config = $config;
  69. $this->appManager = $appManager;
  70. $this->reflector = $reflector;
  71. $this->shareManager = $shareManager;
  72. $this->request = $request;
  73. }
  74. /**
  75. * Check if sharing is enabled before the controllers is executed
  76. *
  77. * @param Controller $controller
  78. * @param string $methodName
  79. * @throws NotFoundException
  80. * @throws S2SException
  81. */
  82. public function beforeController($controller, $methodName): void {
  83. if (!$this->isSharingEnabled()) {
  84. throw new NotFoundException('Sharing is disabled.');
  85. }
  86. if ($controller instanceof ExternalSharesController &&
  87. !$this->externalSharesChecks()) {
  88. throw new S2SException('Federated sharing not allowed');
  89. }
  90. }
  91. /**
  92. * Return 404 page in case of a not found exception
  93. *
  94. * @param Controller $controller
  95. * @param string $methodName
  96. * @param \Exception $exception
  97. * @return Response
  98. * @throws \Exception
  99. */
  100. public function afterException($controller, $methodName, \Exception $exception): Response {
  101. if (is_a($exception, NotFoundException::class)) {
  102. return new NotFoundResponse();
  103. }
  104. if (is_a($exception, S2SException::class)) {
  105. return new JSONResponse($exception->getMessage(), 405);
  106. }
  107. throw $exception;
  108. }
  109. /**
  110. * Checks for externalshares controller
  111. * @return bool
  112. */
  113. private function externalSharesChecks(): bool {
  114. if (!$this->reflector->hasAnnotation('NoIncomingFederatedSharingRequired') &&
  115. $this->config->getAppValue('files_sharing', 'incoming_server2server_share_enabled', 'yes') !== 'yes') {
  116. return false;
  117. }
  118. if (!$this->reflector->hasAnnotation('NoOutgoingFederatedSharingRequired') &&
  119. $this->config->getAppValue('files_sharing', 'outgoing_server2server_share_enabled', 'yes') !== 'yes') {
  120. return false;
  121. }
  122. return true;
  123. }
  124. /**
  125. * Check whether sharing is enabled
  126. * @return bool
  127. */
  128. private function isSharingEnabled(): bool {
  129. // FIXME: This check is done here since the route is globally defined and not inside the files_sharing app
  130. // Check whether the sharing application is enabled
  131. if (!$this->appManager->isEnabledForUser($this->appName)) {
  132. return false;
  133. }
  134. return true;
  135. }
  136. }