You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

83 lines
2.1 KiB

3 years ago
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, Robin Appelman <robin@icewind.nl>
  4. *
  5. * @author Robin Appelman <robin@icewind.nl>
  6. *
  7. * @license GNU AGPL version 3 or any later version
  8. *
  9. * This program is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License as
  11. * published by the Free Software Foundation, either version 3 of the
  12. * License, or (at your option) any later version.
  13. *
  14. * This program is distributed in the hope that it will be useful,
  15. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  17. * GNU Affero General Public License for more details.
  18. *
  19. * You should have received a copy of the GNU Affero General Public License
  20. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  21. *
  22. */
  23. namespace OC\Lockdown;
  24. use OC\Authentication\Token\IToken;
  25. use OCP\ISession;
  26. use OCP\Lockdown\ILockdownManager;
  27. class LockdownManager implements ILockdownManager {
  28. /** @var ISession */
  29. private $sessionCallback;
  30. private $enabled = false;
  31. /** @var array|null */
  32. private $scope;
  33. /**
  34. * LockdownManager constructor.
  35. *
  36. * @param callable $sessionCallback we need to inject the session lazily to avoid dependency loops
  37. */
  38. public function __construct(callable $sessionCallback) {
  39. $this->sessionCallback = $sessionCallback;
  40. }
  41. public function enable() {
  42. $this->enabled = true;
  43. }
  44. /**
  45. * @return ISession
  46. */
  47. private function getSession() {
  48. $callback = $this->sessionCallback;
  49. return $callback();
  50. }
  51. private function getScopeAsArray() {
  52. if (!$this->scope) {
  53. $session = $this->getSession();
  54. $sessionScope = $session->get('token_scope');
  55. if ($sessionScope) {
  56. $this->scope = $sessionScope;
  57. }
  58. }
  59. return $this->scope;
  60. }
  61. public function setToken(IToken $token) {
  62. $this->scope = $token->getScopeAsArray();
  63. $session = $this->getSession();
  64. $session->set('token_scope', $this->scope);
  65. $this->enable();
  66. }
  67. public function canAccessFilesystem() {
  68. $scope = $this->getScopeAsArray();
  69. return !$scope || $scope['filesystem'];
  70. }
  71. }