Don't allow public share pages if link sharing is disabled
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
Roeland Jago Douma
parent
31392c2443
commit
20e514690c
2 changed files with 27 additions and 26 deletions
|
|
@ -101,15 +101,6 @@ class SharingCheckMiddleware extends Middleware {
|
|||
if ($controller instanceof ExternalSharesController &&
|
||||
!$this->externalSharesChecks()) {
|
||||
throw new S2SException('Federated sharing not allowed');
|
||||
} else if ($controller instanceof ShareController) {
|
||||
/*
|
||||
$token = $this->request->getParam('token');
|
||||
$share = $this->shareManager->getShareByToken($token);
|
||||
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK
|
||||
&& !$this->isLinkSharingEnabled()) {
|
||||
throw new NotFoundException('Link sharing is disabled');
|
||||
}
|
||||
*/
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -167,22 +158,6 @@ class SharingCheckMiddleware extends Middleware {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if link sharing is allowed
|
||||
* @return bool
|
||||
*/
|
||||
private function isLinkSharingEnabled() {
|
||||
// Check if the shareAPI is enabled
|
||||
if ($this->config->getAppValue('core', 'shareapi_enabled', 'yes') !== 'yes') {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check whether public sharing is enabled
|
||||
if($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -9,6 +9,7 @@ use OCP\AppFramework\Http\Response;
|
|||
use OCP\AppFramework\Middleware;
|
||||
use OCP\AppFramework\PublicShareController;
|
||||
use OCP\Files\NotFoundException;
|
||||
use OCP\IConfig;
|
||||
use OCP\IRequest;
|
||||
use OCP\ISession;
|
||||
|
||||
|
|
@ -19,9 +20,13 @@ class PublicShareMiddleware extends Middleware {
|
|||
/** @var ISession */
|
||||
private $session;
|
||||
|
||||
public function __construct(IRequest $request, ISession $session) {
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
|
||||
public function __construct(IRequest $request, ISession $session, IConfig $config) {
|
||||
$this->request = $request;
|
||||
$this->session = $session;
|
||||
$this->config = $config;
|
||||
}
|
||||
|
||||
public function beforeController($controller, $methodName) {
|
||||
|
|
@ -29,6 +34,10 @@ class PublicShareMiddleware extends Middleware {
|
|||
return;
|
||||
}
|
||||
|
||||
if (!$this->isLinkSharingEnabled()) {
|
||||
throw new NotFoundException('Link sharing is disabled');
|
||||
}
|
||||
|
||||
// We require the token parameter to be set
|
||||
$token = $this->request->getParam('token');
|
||||
if ($token === null) {
|
||||
|
|
@ -83,4 +92,21 @@ class PublicShareMiddleware extends Middleware {
|
|||
$tmp = explode('.', $route);
|
||||
return array_pop($tmp);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if link sharing is allowed
|
||||
*/
|
||||
private function isLinkSharingEnabled(): bool {
|
||||
// Check if the shareAPI is enabled
|
||||
if ($this->config->getAppValue('core', 'shareapi_enabled', 'yes') !== 'yes') {
|
||||
return false;
|
||||
}
|
||||
|
||||
// Check whether public sharing is enabled
|
||||
if($this->config->getAppValue('core', 'shareapi_allow_links', 'yes') !== 'yes') {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue