/** * @NoCSRFRequired * @return TemplateResponse */ public function viewApps() { $params = []; $params['experimentalEnabled'] = $this->config->getSystemValue('appstore.experimental.enabled', false); $this->navigationManager->setActiveEntry('core_apps'); $templateResponse = new TemplateResponse($this->appName, 'apps', $params, 'user'); $policy = new ContentSecurityPolicy(); $policy->addAllowedImageDomain('https://apps.owncloud.com'); $templateResponse->setContentSecurityPolicy($policy); return $templateResponse; }
public function testAppNavigation() { $this->navigationManager->expects($this->once())->method('add')->willReturnCallback(function ($closure) { $this->assertInstanceOf('\\Closure', $closure); $navigation = $closure(); $this->assertInternalType('array', $navigation); $this->assertCount(5, $navigation); $this->assertSame(['id' => 'announcementcenter', 'order' => 10, 'href' => '/apps/announcementcenter/announcement', 'icon' => '/apps/announcementcenter/img/announcementcenter.svg', 'name' => 'Announcements'], $navigation); }); $this->urlGenerator->expects($this->once())->method('linkToRoute')->with('announcementcenter.page.index')->willReturn('/apps/announcementcenter/announcement'); $this->urlGenerator->expects($this->once())->method('imagePath')->with('announcementcenter', 'announcementcenter.svg')->willReturn('/apps/announcementcenter/img/announcementcenter.svg'); $this->languageFactory->expects($this->once())->method('get')->with('announcementcenter')->willReturn($this->language); include __DIR__ . '/../../appinfo/app.php'; }
/** * This runs all the security checks before a method call. The * security checks are determined by inspecting the controller method * annotations * @param string $controller the controllername or string * @param string $methodName the name of the method * @throws SecurityException when a security check fails */ public function beforeController($controller, $methodName) { // this will set the current navigation entry of the app, use this only // for normal HTML requests and not for AJAX requests $this->navigationManager->setActiveEntry($this->appName); // security checks $isPublicPage = $this->reflector->hasAnnotation('PublicPage'); if (!$isPublicPage) { if (!$this->isLoggedIn) { throw new NotLoggedInException(); } if (!$this->reflector->hasAnnotation('NoAdminRequired')) { if (!$this->isAdminUser) { throw new NotAdminException(); } } } // CSRF check - also registers the CSRF token since the session may be closed later Util::callRegister(); if (!$this->reflector->hasAnnotation('NoCSRFRequired')) { if (!$this->request->passesCSRFCheck()) { throw new CrossSiteRequestForgeryException(); } } /** * FIXME: Use DI once available * Checks if app is enabled (also includes a check whether user is allowed to access the resource) * The getAppPath() check is here since components such as settings also use the AppFramework and * therefore won't pass this check. */ if (\OC_App::getAppPath($this->appName) !== false && !\OC_App::isEnabled($this->appName)) { throw new AppNotEnabledException(); } }
public function testViewAppsNotEnabled() { $this->config->expects($this->once())->method('getSystemValue')->with('appstore.experimental.enabled', false); $this->navigationManager->expects($this->once())->method('setActiveEntry')->with('core_apps'); $policy = new ContentSecurityPolicy(); $policy->addAllowedImageDomain('https://apps.owncloud.com'); $expected = new TemplateResponse('settings', 'apps', ['experimentalEnabled' => false, 'category' => 'disabled'], 'user'); $expected->setContentSecurityPolicy($policy); $this->assertEquals($expected, $this->appSettingsController->viewApps('disabled')); }
/** * @NoCSRFRequired * @param string $category * @return TemplateResponse */ public function viewApps($category = '') { $categoryId = $this->getCategory($category); if ($categoryId === self::CAT_ENABLED) { // Do not use an arbitrary input string, because we put the category in html $category = 'enabled'; } $params = []; $params['experimentalEnabled'] = $this->config->getSystemValue('appstore.experimental.enabled', false); $params['category'] = $category; $this->navigationManager->setActiveEntry('core_apps'); $templateResponse = new TemplateResponse($this->appName, 'apps', $params, 'user'); $policy = new ContentSecurityPolicy(); $policy->addAllowedImageDomain('https://apps.owncloud.com'); $templateResponse->setContentSecurityPolicy($policy); return $templateResponse; }
/** * @NoCSRFRequired * @NoAdminRequired * * @param string $dir * @param string $view * @return TemplateResponse * @throws \OCP\Files\NotFoundException */ public function index($dir = '', $view = '') { $nav = new \OCP\Template('files', 'appnavigation', ''); // Load the files we need \OCP\Util::addStyle('files', 'files'); \OCP\Util::addStyle('files', 'upload'); \OCP\Util::addStyle('files', 'mobile'); \OCP\Util::addscript('files', 'app'); \OCP\Util::addscript('files', 'file-upload'); \OCP\Util::addscript('files', 'newfilemenu'); \OCP\Util::addscript('files', 'jquery.iframe-transport'); \OCP\Util::addscript('files', 'jquery.fileupload'); \OCP\Util::addscript('files', 'jquery-visibility'); \OCP\Util::addscript('files', 'fileinfomodel'); \OCP\Util::addscript('files', 'filesummary'); \OCP\Util::addscript('files', 'breadcrumb'); \OCP\Util::addscript('files', 'filelist'); \OCP\Util::addscript('files', 'search'); \OCP\Util::addScript('files', 'favoritesfilelist'); \OCP\Util::addScript('files', 'tagsplugin'); \OCP\Util::addScript('files', 'favoritesplugin'); \OCP\Util::addScript('files', 'detailfileinfoview'); \OCP\Util::addScript('files', 'detailtabview'); \OCP\Util::addScript('files', 'mainfileinfodetailview'); \OCP\Util::addScript('files', 'detailsview'); \OCP\Util::addStyle('files', 'detailsView'); \OC_Util::addVendorScript('core', 'handlebars/handlebars'); \OCP\Util::addscript('files', 'fileactions'); \OCP\Util::addscript('files', 'fileactionsmenu'); \OCP\Util::addscript('files', 'files'); \OCP\Util::addscript('files', 'keyboardshortcuts'); \OCP\Util::addscript('files', 'navigation'); // if IE8 and "?dir=path&view=someview" was specified, reformat the URL to use a hash like "#?dir=path&view=someview" $isIE8 = $this->request->isUserAgent([Request::USER_AGENT_IE_8]); if ($isIE8 && ($dir !== '' || $view !== '')) { $dir = !empty($dir) ? $dir : '/'; $view = !empty($view) ? $view : 'files'; $hash = '#?dir=' . \OCP\Util::encodePath($dir); if ($view !== 'files') { $hash .= '&view=' . urlencode($view); } return new RedirectResponse($this->urlGenerator->linkToRoute('files.view.index') . $hash); } // mostly for the home storage's free space // FIXME: Make non static $storageInfo = $this->getStorageInfo(); \OCA\Files\App::getNavigationManager()->add(['id' => 'favorites', 'appname' => 'files', 'script' => 'simplelist.php', 'order' => 5, 'name' => $this->l10n->t('Favorites')]); $navItems = \OCA\Files\App::getNavigationManager()->getAll(); usort($navItems, function ($item1, $item2) { return $item1['order'] - $item2['order']; }); $nav->assign('navigationItems', $navItems); $contentItems = []; // render the container content for every navigation item foreach ($navItems as $item) { $content = ''; if (isset($item['script'])) { $content = $this->renderScript($item['appname'], $item['script']); } $contentItem = []; $contentItem['id'] = $item['id']; $contentItem['content'] = $content; $contentItems[] = $contentItem; } $this->eventDispatcher->dispatch('OCA\\Files::loadAdditionalScripts'); $params = []; $params['usedSpacePercent'] = (int) $storageInfo['relative']; $params['owner'] = $storageInfo['owner']; $params['ownerDisplayName'] = $storageInfo['ownerDisplayName']; $params['isPublic'] = false; $params['mailNotificationEnabled'] = $this->config->getAppValue('core', 'shareapi_allow_mail_notification', 'no'); $params['mailPublicNotificationEnabled'] = $this->config->getAppValue('core', 'shareapi_allow_public_notification', 'no'); $params['allowShareWithLink'] = $this->config->getAppValue('core', 'shareapi_allow_links', 'yes'); $params['appNavigation'] = $nav; $params['appContents'] = $contentItems; $this->navigationManager->setActiveEntry('files_index'); $response = new TemplateResponse($this->appName, 'index', $params); $policy = new ContentSecurityPolicy(); $policy->addAllowedFrameDomain('\'self\''); $response->setContentSecurityPolicy($policy); return $response; }