[Pkg-owncloud-commits] [owncloud] 53/55: Check whether the user has permissions to add personal storage backends

David Prévot taffit at moszumanska.debian.org
Wed Apr 23 19:52:02 UTC 2014 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v5.0.16RC1
in repository owncloud.

commit 5327b303e32b79792de8d84135db29cf724cd5fb
Author: Lukas Reschke <lukas at statuscode.ch>
Date:   Fri Apr 18 11:46:48 2014 +0200

    Check whether the user has permissions to add personal storage backends
    
    Quick’n dirty back port of #8182 - master has a better fix but that
    should be good enough…
    
    missing return - OCP\JSON::success does not terminate the PHP process - which is good ;-)
    
    Use error instead of success
    
    Revert "Use error instead of success"
    
    This reverts commit e2d5535a5aa436c3896e46f0b9e8ff1bd5640d4d.
    
    Use error instead of success
---
 apps/files_external/ajax/addMountPoint.php | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/apps/files_external/ajax/addMountPoint.php b/apps/files_external/ajax/addMountPoint.php
index fed2ddf..2423692 100644
--- a/apps/files_external/ajax/addMountPoint.php
+++ b/apps/files_external/ajax/addMountPoint.php
@@ -1,10 +1,15 @@
 <?php
 
 OCP\JSON::checkAppEnabled('files_external');
+OCP\JSON::checkLoggedIn();
 OCP\JSON::callCheck();
 
 if ($_POST['isPersonal'] == 'true') {
-	OCP\JSON::checkLoggedIn();
+	// Check whether the user has permissions to add personal storage backends
+	if(OCP\Config::getAppValue('files_external', 'allow_user_mounting', 'yes') !== 'yes') {
+		OCP\JSON::error(array('data' => array('message' => 'no permission')));
+		return;
+	}
 	$isPersonal = true;
 } else {
 	OCP\JSON::checkAdminUser();
@@ -16,4 +21,4 @@ $status = OC_Mount_Config::addMountPoint($_POST['mountPoint'],
 							   $_POST['mountType'],
 							   $_POST['applicable'],
 							   $isPersonal);
-OCP\JSON::success(array('data' => array('message' => $status)));
\ No newline at end of file
+OCP\JSON::success(array('data' => array('message' => $status)));

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

More information about the Pkg-owncloud-commits mailing list