SubadminMiddleware.php 2.7 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Lukas Reschke <lukas@statuscode.ch>
  6. * @author Morris Jobke <hey@morrisjobke.de>
  7. * @author Roeland Jago Douma <roeland@famdouma.nl>
  8. *
  9. * @license AGPL-3.0
  10. *
  11. * This code is free software: you can redistribute it and/or modify
  12. * it under the terms of the GNU Affero General Public License, version 3,
  13. * as published by the Free Software Foundation.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License, version 3,
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>
  22. *
  23. */
  24. namespace OC\Settings\Middleware;
  25. use OC\AppFramework\Http;
  26. use OC\AppFramework\Middleware\Security\Exceptions\NotAdminException;
  27. use OC\AppFramework\Utility\ControllerMethodReflector;
  28. use OCP\AppFramework\Controller;
  29. use OCP\AppFramework\Http\TemplateResponse;
  30. use OCP\AppFramework\Middleware;
  31. use OCP\IL10N;
  32. /**
  33. * Verifies whether an user has at least subadmin rights.
  34. * To bypass use the `@NoSubadminRequired` annotation
  35. *
  36. * @package OC\Settings\Middleware
  37. */
  38. class SubadminMiddleware extends Middleware {
  39. /** @var bool */
  40. protected $isSubAdmin;
  41. /** @var ControllerMethodReflector */
  42. protected $reflector;
  43. /** @var IL10N */
  44. private $l10n;
  45. /**
  46. * @param ControllerMethodReflector $reflector
  47. * @param bool $isSubAdmin
  48. * @param IL10N $l10n
  49. */
  50. public function __construct(ControllerMethodReflector $reflector,
  51. $isSubAdmin,
  52. IL10N $l10n) {
  53. $this->reflector = $reflector;
  54. $this->isSubAdmin = $isSubAdmin;
  55. $this->l10n = $l10n;
  56. }
  57. /**
  58. * Check if sharing is enabled before the controllers is executed
  59. * @param Controller $controller
  60. * @param string $methodName
  61. * @throws \Exception
  62. */
  63. public function beforeController($controller, $methodName) {
  64. if(!$this->reflector->hasAnnotation('NoSubadminRequired')) {
  65. if(!$this->isSubAdmin) {
  66. throw new NotAdminException($this->l10n->t('Logged in user must be a subadmin'));
  67. }
  68. }
  69. }
  70. /**
  71. * Return 403 page in case of an exception
  72. * @param Controller $controller
  73. * @param string $methodName
  74. * @param \Exception $exception
  75. * @return TemplateResponse
  76. * @throws \Exception
  77. */
  78. public function afterException($controller, $methodName, \Exception $exception) {
  79. if($exception instanceof NotAdminException) {
  80. $response = new TemplateResponse('core', '403', array(), 'guest');
  81. $response->setStatus(Http::STATUS_FORBIDDEN);
  82. return $response;
  83. }
  84. throw $exception;
  85. }
  86. }