[Pkg-owncloud-commits] [owncloud] 13/74: Check if app is enabled for user

Tue Dec 2 22:04:33 UTC 2014

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository owncloud.

commit 32401b42f1c5122c4aaa4e868599702c36d3c51d
Author: Lukas Reschke <lukas at owncloud.com>
Date:   Fri Nov 14 17:20:51 2014 +0100

    Check if app is enabled for user
    
    Fixes https://github.com/owncloud/core/issues/12188 for AppFramework apps
---
 .../appframework/middleware/security/securitymiddleware.php   | 11 +++++++++++
 .../middleware/security/SecurityMiddlewareTest.php            |  4 ++--
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php
index 948a43c..0a69431 100644
--- a/lib/private/appframework/middleware/security/securitymiddleware.php
+++ b/lib/private/appframework/middleware/security/securitymiddleware.php
@@ -34,6 +34,7 @@ use OCP\INavigationManager;
 use OCP\IURLGenerator;
 use OCP\IRequest;
 use OCP\ILogger;
+use OCP\AppFramework\Controller;
 
 
 /**
@@ -116,6 +117,16 @@ class SecurityMiddleware extends Middleware {
 			}
 		}
 
+		/**
+		 * FIXME: Use DI once available
+		 * Checks if app is enabled (also inclues a check whether user is allowed to access the resource)
+		 * The getAppPath() check is here since components such as settings also use the AppFramework and
+		 * therefore won't pass this check.
+		 */
+		if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
+			throw new SecurityException('App is not enabled', Http::STATUS_PRECONDITION_FAILED);
+		}
+
 	}
 
 
diff --git a/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php b/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php
index 74fc790..cc7704f 100644
--- a/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php
+++ b/tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php
@@ -77,7 +77,7 @@ class SecurityMiddlewareTest extends \PHPUnit_Framework_TestCase {
 			$this->navigationManager,
 			$this->urlGenerator,
 			$this->logger,
-			'test',
+			'files',
 			$isLoggedIn,
 			$isAdminUser
 		);
@@ -91,7 +91,7 @@ class SecurityMiddlewareTest extends \PHPUnit_Framework_TestCase {
 	public function testSetNavigationEntry(){
 		$this->navigationManager->expects($this->once())
 			->method('setActiveEntry')
-			->with($this->equalTo('test'));
+			->with($this->equalTo('files'));
 
 		$this->reader->reflect(__CLASS__, __FUNCTION__);
 		$this->middleware->beforeController(__CLASS__, __FUNCTION__);

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

