Check if app is enabled for user

Fixes https://github.com/owncloud/core/issues/12188 for AppFramework apps
author: Lukas Reschke <lukas@owncloud.com> 2014-11-14 19:20:51 +0300
committer: Lukas Reschke <lukas@owncloud.com> 2014-11-15 16:40:48 +0300
commit: 32401b42f1c5122c4aaa4e868599702c36d3c51d (patch)
tree: abe013bcdf0664debc07c839720a658215a9f819 /lib/private/appframework
parent: 4fbd6023f0339b718ec13975cd996a5f57e6e6c7 (diff)
1 files changed, 11 insertions, 0 deletions
diff --git a/lib/private/appframework/middleware/security/securitymiddleware.php b/lib/private/appframework/middleware/security/securitymiddleware.php
index 948a43ce0f4..0a694318634 100644
--- a/lib/private/appframework/middleware/security/securitymiddleware.php
+++ b/lib/private/appframework/middleware/security/securitymiddleware.php
@@ -34,6 +34,7 @@ use OCP\INavigationManager;
 use OCP\IURLGenerator;
 use OCP\IRequest;
 use OCP\ILogger;
+use OCP\AppFramework\Controller;
 
 
 /**
@@ -116,6 +117,16 @@ class SecurityMiddleware extends Middleware {
 			}
 		}
 
+		/**
+		 * FIXME: Use DI once available
+		 * Checks if app is enabled (also inclues a check whether user is allowed to access the resource)
+		 * The getAppPath() check is here since components such as settings also use the AppFramework and
+		 * therefore won't pass this check.
+		 */
+		if(\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) {
+			throw new SecurityException('App is not enabled', Http::STATUS_PRECONDITION_FAILED);
+		}
+
 	}
author	Lukas Reschke <lukas@owncloud.com>	2014-11-14 19:20:51 +0300
committer	Lukas Reschke <lukas@owncloud.com>	2014-11-15 16:40:48 +0300
commit	32401b42f1c5122c4aaa4e868599702c36d3c51d (patch)
tree	abe013bcdf0664debc07c839720a658215a9f819 /lib/private/appframework
parent	4fbd6023f0339b718ec13975cd996a5f57e6e6c7 (diff)