SubadminMiddleware.php 2.6 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Lukas Reschke <lukas@statuscode.ch>
  6. * @author Morris Jobke <hey@morrisjobke.de>
  7. * @author Roeland Jago Douma <roeland@famdouma.nl>
  8. *
  9. * @license AGPL-3.0
  10. *
  11. * This code is free software: you can redistribute it and/or modify
  12. * it under the terms of the GNU Affero General Public License, version 3,
  13. * as published by the Free Software Foundation.
  14. *
  15. * This program is distributed in the hope that it will be useful,
  16. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  17. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  18. * GNU Affero General Public License for more details.
  19. *
  20. * You should have received a copy of the GNU Affero General Public License, version 3,
  21. * along with this program. If not, see <http://www.gnu.org/licenses/>
  22. *
  23. */
  24. namespace OC\Settings\Middleware;
  25. use OC\AppFramework\Http;
  26. use OC\AppFramework\Middleware\Security\Exceptions\NotAdminException;
  27. use OC\AppFramework\Utility\ControllerMethodReflector;
  28. use OCP\AppFramework\Http\TemplateResponse;
  29. use OCP\AppFramework\Middleware;
  30. /**
  31. * Verifies whether an user has at least subadmin rights.
  32. * To bypass use the `@NoSubadminRequired` annotation
  33. *
  34. * @package OC\Settings\Middleware
  35. */
  36. class SubadminMiddleware extends Middleware {
  37. /** @var bool */
  38. protected $isSubAdmin;
  39. /** @var ControllerMethodReflector */
  40. protected $reflector;
  41. /**
  42. * @param ControllerMethodReflector $reflector
  43. * @param bool $isSubAdmin
  44. */
  45. public function __construct(ControllerMethodReflector $reflector,
  46. $isSubAdmin) {
  47. $this->reflector = $reflector;
  48. $this->isSubAdmin = $isSubAdmin;
  49. }
  50. /**
  51. * Check if sharing is enabled before the controllers is executed
  52. * @param \OCP\AppFramework\Controller $controller
  53. * @param string $methodName
  54. * @throws \Exception
  55. */
  56. public function beforeController($controller, $methodName) {
  57. if(!$this->reflector->hasAnnotation('NoSubadminRequired')) {
  58. if(!$this->isSubAdmin) {
  59. throw new NotAdminException('Logged in user must be a subadmin');
  60. }
  61. }
  62. }
  63. /**
  64. * Return 403 page in case of an exception
  65. * @param \OCP\AppFramework\Controller $controller
  66. * @param string $methodName
  67. * @param \Exception $exception
  68. * @return TemplateResponse
  69. * @throws \Exception
  70. */
  71. public function afterException($controller, $methodName, \Exception $exception) {
  72. if($exception instanceof NotAdminException) {
  73. $response = new TemplateResponse('core', '403', array(), 'guest');
  74. $response->setStatus(Http::STATUS_FORBIDDEN);
  75. return $response;
  76. }
  77. throw $exception;
  78. }
  79. }