SubadminMiddleware.php 2.8 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Joas Schilling <coding@schilljs.com>
  7. * @author Lukas Reschke <lukas@statuscode.ch>
  8. * @author Morris Jobke <hey@morrisjobke.de>
  9. * @author Roeland Jago Douma <roeland@famdouma.nl>
  10. *
  11. * @license AGPL-3.0
  12. *
  13. * This code is free software: you can redistribute it and/or modify
  14. * it under the terms of the GNU Affero General Public License, version 3,
  15. * as published by the Free Software Foundation.
  16. *
  17. * This program is distributed in the hope that it will be useful,
  18. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  19. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  20. * GNU Affero General Public License for more details.
  21. *
  22. * You should have received a copy of the GNU Affero General Public License, version 3,
  23. * along with this program. If not, see <http://www.gnu.org/licenses/>
  24. *
  25. */
  26. namespace OCA\Settings\Middleware;
  27. use OC\AppFramework\Http;
  28. use OC\AppFramework\Middleware\Security\Exceptions\NotAdminException;
  29. use OC\AppFramework\Utility\ControllerMethodReflector;
  30. use OCP\AppFramework\Controller;
  31. use OCP\AppFramework\Http\TemplateResponse;
  32. use OCP\AppFramework\Middleware;
  33. use OCP\IL10N;
  34. /**
  35. * Verifies whether an user has at least subadmin rights.
  36. * To bypass use the `@NoSubAdminRequired` annotation
  37. */
  38. class SubadminMiddleware extends Middleware {
  39. /** @var bool */
  40. protected $isSubAdmin;
  41. /** @var ControllerMethodReflector */
  42. protected $reflector;
  43. /** @var IL10N */
  44. private $l10n;
  45. /**
  46. * @param ControllerMethodReflector $reflector
  47. * @param bool $isSubAdmin
  48. * @param IL10N $l10n
  49. */
  50. public function __construct(ControllerMethodReflector $reflector,
  51. $isSubAdmin,
  52. IL10N $l10n) {
  53. $this->reflector = $reflector;
  54. $this->isSubAdmin = $isSubAdmin;
  55. $this->l10n = $l10n;
  56. }
  57. /**
  58. * Check if sharing is enabled before the controllers is executed
  59. * @param Controller $controller
  60. * @param string $methodName
  61. * @throws \Exception
  62. */
  63. public function beforeController($controller, $methodName) {
  64. if (!$this->reflector->hasAnnotation('NoSubAdminRequired') && !$this->reflector->hasAnnotation('AuthorizedAdminSetting')) {
  65. if (!$this->isSubAdmin) {
  66. throw new NotAdminException($this->l10n->t('Logged in account must be a subadmin'));
  67. }
  68. }
  69. }
  70. /**
  71. * Return 403 page in case of an exception
  72. * @param Controller $controller
  73. * @param string $methodName
  74. * @param \Exception $exception
  75. * @return TemplateResponse
  76. * @throws \Exception
  77. */
  78. public function afterException($controller, $methodName, \Exception $exception) {
  79. if ($exception instanceof NotAdminException) {
  80. $response = new TemplateResponse('core', '403', [], 'guest');
  81. $response->setStatus(Http::STATUS_FORBIDDEN);
  82. return $response;
  83. }
  84. throw $exception;
  85. }
  86. }