Commit c44e3b05 authored by Morris Jobke's avatar Morris Jobke
Browse files

Merge pull request #12189 from owncloud/checkIfAppIsEnabled

Check if app is enabled for user
parents 580d27ee cd592503
...@@ -34,6 +34,7 @@ use OCP\INavigationManager; ...@@ -34,6 +34,7 @@ use OCP\INavigationManager;
use OCP\IURLGenerator; use OCP\IURLGenerator;
use OCP\IRequest; use OCP\IRequest;
use OCP\ILogger; use OCP\ILogger;
use OCP\AppFramework\Controller;
/** /**
...@@ -116,6 +117,16 @@ class SecurityMiddleware extends Middleware { ...@@ -116,6 +117,16 @@ class SecurityMiddleware extends Middleware {
} }
} }
/**
* FIXME: Use DI once available
* Checks if app is enabled (also inclues a check whether user is allowed to access the resource)
* The getAppPath() check is here since components such as settings also use the AppFramework and
* therefore won't pass this check.
*/
if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
throw new SecurityException('App is not enabled', Http::STATUS_PRECONDITION_FAILED);
}
} }
......
...@@ -77,7 +77,7 @@ class SecurityMiddlewareTest extends \PHPUnit_Framework_TestCase { ...@@ -77,7 +77,7 @@ class SecurityMiddlewareTest extends \PHPUnit_Framework_TestCase {
$this->navigationManager, $this->navigationManager,
$this->urlGenerator, $this->urlGenerator,
$this->logger, $this->logger,
'test', 'files',
$isLoggedIn, $isLoggedIn,
$isAdminUser $isAdminUser
); );
...@@ -91,7 +91,7 @@ class SecurityMiddlewareTest extends \PHPUnit_Framework_TestCase { ...@@ -91,7 +91,7 @@ class SecurityMiddlewareTest extends \PHPUnit_Framework_TestCase {
public function testSetNavigationEntry(){ public function testSetNavigationEntry(){
$this->navigationManager->expects($this->once()) $this->navigationManager->expects($this->once())
->method('setActiveEntry') ->method('setActiveEntry')
->with($this->equalTo('test')); ->with($this->equalTo('files'));
$this->reader->reflect(__CLASS__, __FUNCTION__); $this->reader->reflect(__CLASS__, __FUNCTION__);
$this->middleware->beforeController(__CLASS__, __FUNCTION__); $this->middleware->beforeController(__CLASS__, __FUNCTION__);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment