[Pkg-owncloud-commits] [owncloud] 10/79: also block certificate management in the back-end if external storages are disabled for the user

Tue Sep 1 20:55:33 UTC 2015

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch stable8
in repository owncloud.

commit 6534202573dd3dfdafb5c864c967cd9330ccc26d
Author: Bjoern Schiessle <schiessle at owncloud.com>
Date:   Tue Aug 4 18:33:19 2015 +0200

    also block certificate management in the back-end if external storages are disabled for the user
---
 settings/application.php                           |  3 +-
 settings/controller/certificatecontroller.php      | 34 +++++++++++++++++++++-
 .../controller/CertificateControllerTest.php       | 25 +++++++++++-----
 3 files changed, 53 insertions(+), 9 deletions(-)

diff --git a/settings/application.php b/settings/application.php
index 8da835c..155cc39 100644
--- a/settings/application.php
+++ b/settings/application.php
@@ -107,7 +107,8 @@ class Application extends App {
 				$c->query('AppName'),
 				$c->query('Request'),
 				$c->query('CertificateManager'),
-				$c->query('L10N')
+				$c->query('L10N'),
+				$c->query('IAppManager')
 			);
 		});
 		$container->registerService('GroupsController', function(IContainer $c) {
diff --git a/settings/controller/certificatecontroller.php b/settings/controller/certificatecontroller.php
index ea20b7c..92d0961 100644
--- a/settings/controller/certificatecontroller.php
+++ b/settings/controller/certificatecontroller.php
@@ -21,6 +21,7 @@
 
 namespace OC\Settings\Controller;
 
+use OCP\App\IAppManager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
@@ -36,20 +37,25 @@ class CertificateController extends Controller {
 	private $certificateManager;
 	/** @var IL10N */
 	private $l10n;
+	/** @var IAppManager */
+	private $appManager;
 
 	/**
 	 * @param string $appName
 	 * @param IRequest $request
 	 * @param ICertificateManager $certificateManager
 	 * @param IL10N $l10n
+	 * @param IAppManager $appManager
 	 */
 	public function __construct($appName,
 								IRequest $request,
 								ICertificateManager $certificateManager,
-								IL10N $l10n) {
+								IL10N $l10n,
+								IAppManager $appManager) {
 		parent::__construct($appName, $request);
 		$this->certificateManager = $certificateManager;
 		$this->l10n = $l10n;
+		$this->appManager = $appManager;
 	}
 
 	/**
@@ -60,6 +66,11 @@ class CertificateController extends Controller {
 	 * @return array
 	 */
 	public function addPersonalRootCertificate() {
+
+		if ($this->isCertificateImportAllowed() === false) {
+			return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
+		}
+
 		$file = $this->request->getUploadedFile('rootcert_import');
 		if(empty($file)) {
 			return new DataResponse(['message' => 'No file uploaded'], Http::STATUS_UNPROCESSABLE_ENTITY);
@@ -92,8 +103,29 @@ class CertificateController extends Controller {
 	 * @return DataResponse
 	 */
 	public function removePersonalRootCertificate($certificateIdentifier) {
+
+		if ($this->isCertificateImportAllowed() === false) {
+			return new DataResponse('Individual certificate management disabled', Http::STATUS_FORBIDDEN);
+		}
+
 		$this->certificateManager->removeCertificate($certificateIdentifier);
 		return new DataResponse();
 	}
 
+	/**
+	 * check if certificate import is allowed
+	 *
+	 * @return bool
+	 */
+	protected function isCertificateImportAllowed() {
+		$externalStorageEnabled = $this->appManager->isEnabledForUser('files_external');
+		if ($externalStorageEnabled) {
+			$backends = \OC_Mount_Config::getPersonalBackends();
+			if (!empty($backends)) {
+				return true;
+			}
+		}
+		return false;
+	}
+
 }
diff --git a/tests/settings/controller/CertificateControllerTest.php b/tests/settings/controller/CertificateControllerTest.php
index b698119..023d775 100644
--- a/tests/settings/controller/CertificateControllerTest.php
+++ b/tests/settings/controller/CertificateControllerTest.php
@@ -21,6 +21,7 @@
 
 namespace OC\Settings\Controller;
 
+use OCP\App\IAppManager;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\IRequest;
@@ -41,6 +42,8 @@ class CertificateControllerTest extends \Test\TestCase {
 	private $certificateManager;
 	/** @var IL10N */
 	private $l10n;
+	/** @var IAppManager */
+	private $appManager;
 
 	public function setUp() {
 		parent::setUp();
@@ -48,13 +51,21 @@ class CertificateControllerTest extends \Test\TestCase {
 		$this->request = $this->getMock('\OCP\IRequest');
 		$this->certificateManager = $this->getMock('\OCP\ICertificateManager');
 		$this->l10n = $this->getMock('\OCP\IL10N');
-
-		$this->certificateController = new CertificateController(
-			'settings',
-			$this->request,
-			$this->certificateManager,
-			$this->l10n
-		);
+		$this->appManager = $this->getMock('OCP\App\IAppManager');
+
+		$this->certificateController = $this->getMockBuilder('OC\Settings\Controller\CertificateController')
+			->setConstructorArgs(
+				[
+					'settings',
+					$this->request,
+					$this->certificateManager,
+					$this->l10n,
+					$this->appManager
+				]
+			)->setMethods(['isCertificateImportAllowed'])->getMock();
+
+		$this->certificateController->expects($this->any())
+			->method('isCertificateImportAllowed')->willReturn(true);
 	}
 
 	public function testAddPersonalRootCertificateWithEmptyFile() {

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

