diff --git a/settings/Application.php b/settings/Application.php index 212d631bd04f..f6092ad8beb6 100644 --- a/settings/Application.php +++ b/settings/Application.php @@ -155,19 +155,6 @@ public function __construct(array $urlParams=[]){ ); }); - /** - * Middleware - */ - $container->registerService('SubadminMiddleware', function(IContainer $c){ - return new SubadminMiddleware( - $c->query('ControllerMethodReflector'), - $c->query('GroupManager'), - $c->query('UserSession') - ); - }); - // Execute middlewares - $container->registerMiddleware('SubadminMiddleware'); - /** * Core class wrappers */ diff --git a/settings/Middleware/SubadminMiddleware.php b/settings/Middleware/SubadminMiddleware.php deleted file mode 100644 index 6893039bda6a..000000000000 --- a/settings/Middleware/SubadminMiddleware.php +++ /dev/null @@ -1,104 +0,0 @@ - - * @author Morris Jobke - * @author Roeland Jago Douma - * @author Thomas Müller - * - * @copyright Copyright (c) 2018, ownCloud GmbH - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see - * - */ - -namespace OC\Settings\Middleware; - -use OC\AppFramework\Http; -use OC\AppFramework\Middleware\Security\Exceptions\NotAdminException; -use OC\AppFramework\Utility\ControllerMethodReflector; -use OCP\AppFramework\Http\TemplateResponse; -use OCP\AppFramework\Middleware; -use OCP\IGroupManager; -use OCP\IUserSession; - -/** - * Verifies whether an user has at least subadmin rights. - * To bypass use the `@NoSubadminRequired` annotation - * - * @package OC\Settings\Middleware - */ -class SubadminMiddleware extends Middleware { - /** @var IUserSession */ - private $userSession; - /** @var IGroupManager */ - private $groupManager; - /** @var ControllerMethodReflector */ - protected $reflector; - - /** - * @param ControllerMethodReflector $reflector - * @param IGroupManager $groupManager - * @param IUserSession $userSession - */ - public function __construct(ControllerMethodReflector $reflector, - IGroupManager $groupManager, - IUserSession $userSession) { - $this->reflector = $reflector; - $this->groupManager = $groupManager; - $this->userSession = $userSession; - } - - /** - * Check if sharing is enabled before the controllers is executed - * @param \OCP\AppFramework\Controller $controller - * @param string $methodName - * @throws \Exception - */ - public function beforeController($controller, $methodName) { - if(!$this->reflector->hasAnnotation('NoSubadminRequired')) { - // Check if current user (active and not in incognito mode) - // can manage users - $hasUserManagementPrivileges = false; - $activeUser = $this->userSession->getUser(); - if($activeUser !== null) { - //Admin and SubAdmins are allowed to access user management - $hasUserManagementPrivileges = $this->groupManager->isAdmin($activeUser->getUID()) - || $this->groupManager->getSubAdmin()->isSubAdmin($activeUser); - } - - if(!$hasUserManagementPrivileges) { - throw new NotAdminException('Logged in user must be a subadmin'); - } - } - } - - /** - * Return 403 page in case of an exception - * @param \OCP\AppFramework\Controller $controller - * @param string $methodName - * @param \Exception $exception - * @return TemplateResponse - * @throws \Exception - */ - public function afterException($controller, $methodName, \Exception $exception) { - if($exception instanceof NotAdminException) { - $response = new TemplateResponse('core', '403', [], 'guest'); - $response->setStatus(Http::STATUS_FORBIDDEN); - return $response; - } - - throw $exception; - } - -} diff --git a/tests/Settings/Middleware/SubadminMiddlewareTest.php b/tests/Settings/Middleware/SubadminMiddlewareTest.php deleted file mode 100644 index df89e005a890..000000000000 --- a/tests/Settings/Middleware/SubadminMiddlewareTest.php +++ /dev/null @@ -1,145 +0,0 @@ -groupManager = $this->getMockBuilder(IGroupManager::class) - ->disableOriginalConstructor()->getMock(); - - $this->subadminManager = $this->getMockBuilder(ISubAdminManager::class) - ->disableOriginalConstructor()->getMock(); - $this->groupManager->expects($this->any()) - ->method('getSubAdmin') - ->will($this->returnValue($this->subadminManager)); - $this->groupManager->expects($this->any()) - ->method('isAdmin') - ->will($this->returnValue(false)); - - $this->session = $this->getMockBuilder(IUserSession::class) - ->disableOriginalConstructor()->getMock(); - $user = $this->getMockBuilder('\OC\User\User') - ->disableOriginalConstructor()->getMock(); - $user->expects($this->any()) - ->method('getUID') - ->will($this->returnValue('foo')); - $this->session - ->expects($this->any()) - ->method('getUser') - ->will($this->returnValue($user)); - - $this->reflector = $this->getMockBuilder(ControllerMethodReflector::class) - ->disableOriginalConstructor()->getMock(); - $this->controller = $this->getMockBuilder(Controller::class) - ->disableOriginalConstructor()->getMock(); - - $this->subadminMiddleware = new SubadminMiddleware($this->reflector, $this->groupManager, $this->session); - } - - /** - * @expectedException \OC\AppFramework\Middleware\Security\Exceptions\NotAdminException - */ - public function testBeforeControllerAsUserWithExemption() { - $this->reflector - ->expects($this->once()) - ->method('hasAnnotation') - ->with('NoSubadminRequired') - ->will($this->returnValue(false)); - - $this->subadminManager->expects($this->any()) - ->method('isSubAdmin') - ->will($this->returnValue(false)); - $this->subadminMiddleware->beforeController($this->controller, 'foo'); - } - - - public function testBeforeControllerAsUserWithoutExemption() { - $this->reflector - ->expects($this->once()) - ->method('hasAnnotation') - ->with('NoSubadminRequired') - ->will($this->returnValue(true)); - - $this->subadminManager->expects($this->any()) - ->method('isSubAdmin') - ->will($this->returnValue(false)); - $this->subadminMiddleware->beforeController($this->controller, 'foo'); - } - - public function testBeforeControllerAsSubAdminWithoutExemption() { - $this->reflector - ->expects($this->once()) - ->method('hasAnnotation') - ->with('NoSubadminRequired') - ->will($this->returnValue(false)); - - $this->subadminManager->expects($this->any()) - ->method('isSubAdmin') - ->will($this->returnValue(true)); - $this->subadminMiddleware->beforeController($this->controller, 'foo'); - } - - public function testBeforeControllerAsSubAdminWithExemption() { - $this->reflector - ->expects($this->once()) - ->method('hasAnnotation') - ->with('NoSubadminRequired') - ->will($this->returnValue(true)); - - $this->subadminManager->expects($this->any()) - ->method('isSubAdmin') - ->will($this->returnValue(true)); - $this->subadminMiddleware->beforeController($this->controller, 'foo'); - } - - public function testAfterNotAdminException() { - $expectedResponse = new TemplateResponse('core', '403', [], 'guest'); - $expectedResponse->setStatus(403); - $this->assertEquals($expectedResponse, $this->subadminMiddleware->afterException($this->controller, 'foo', new NotAdminException())); - } - - /** - * @expectedException \Exception - */ - public function testAfterRegularException() { - $expectedResponse = new TemplateResponse('core', '403', [], 'guest'); - $expectedResponse->setStatus(403); - $this->subadminMiddleware->afterException($this->controller, 'foo', new \Exception()); - } -}