diff --git a/apps/workflowengine/css/admin.css b/apps/workflowengine/css/admin.css
index 1d94fced003d00f4aaaa7bb51379fce3da60588d..70185615ad642d152c14243e8ada5cb263976605 100644
--- a/apps/workflowengine/css/admin.css
+++ b/apps/workflowengine/css/admin.css
@@ -46,3 +46,7 @@
 	margin-right: 5px;
 }
 
+.workflowengine .invalid-input {
+	border-color: #aa0000;
+}
+
diff --git a/apps/workflowengine/js/admin.js b/apps/workflowengine/js/admin.js
index e6df4b75f70e236e579579c4580027fb38fc44e5..ce85c8c008bde1cad017da12de115dc26b1a3093 100644
Binary files a/apps/workflowengine/js/admin.js and b/apps/workflowengine/js/admin.js differ
diff --git a/apps/workflowengine/js/filemimetypeplugin.js b/apps/workflowengine/js/filemimetypeplugin.js
new file mode 100644
index 0000000000000000000000000000000000000000..33cbbd7fd7e27428022f02f7cdf5329576bd3437
Binary files /dev/null and b/apps/workflowengine/js/filemimetypeplugin.js differ
diff --git a/apps/workflowengine/js/filesizeplugin.js b/apps/workflowengine/js/filesizeplugin.js
index add2e57821ceb3322d0067b9533c9c9eafc4d681..0efa9d00edf06798be76e8b96d0e057c07475d93 100644
Binary files a/apps/workflowengine/js/filesizeplugin.js and b/apps/workflowengine/js/filesizeplugin.js differ
diff --git a/apps/workflowengine/js/filesystemtagsplugin.js b/apps/workflowengine/js/filesystemtagsplugin.js
index 6f2f231c5e71fd4da175416d5a23e06166b05b69..026345571e793c8557f296de836335e336be1e48 100644
Binary files a/apps/workflowengine/js/filesystemtagsplugin.js and b/apps/workflowengine/js/filesystemtagsplugin.js differ
diff --git a/apps/workflowengine/js/usergroupmembershipplugin.js b/apps/workflowengine/js/usergroupmembershipplugin.js
index 528a7bd3e3d059bb25b9b75990ca7604d2d95ae9..1c09e7d5ccd18821e5d1cf1e1bf22a5be75bd865 100644
Binary files a/apps/workflowengine/js/usergroupmembershipplugin.js and b/apps/workflowengine/js/usergroupmembershipplugin.js differ
diff --git a/apps/workflowengine/lib/AppInfo/Application.php b/apps/workflowengine/lib/AppInfo/Application.php
index 64e03081a3427cc1d00e6d8774887e45fb130cd0..c1dc65fe8104c2822e17ad3f893631da04943847 100644
--- a/apps/workflowengine/lib/AppInfo/Application.php
+++ b/apps/workflowengine/lib/AppInfo/Application.php
@@ -55,6 +55,7 @@ class Application extends \OCP\AppFramework\App {
 					'admin',
 
 					// Check plugins
+					'filemimetypeplugin',
 					'filesizeplugin',
 					'filesystemtagsplugin',
 					'usergroupmembershipplugin',
diff --git a/apps/workflowengine/lib/Check/AbstractStringCheck.php b/apps/workflowengine/lib/Check/AbstractStringCheck.php
new file mode 100644
index 0000000000000000000000000000000000000000..77576266fcfebdaf21add1a9fac6b8dfcd7e69e4
--- /dev/null
+++ b/apps/workflowengine/lib/Check/AbstractStringCheck.php
@@ -0,0 +1,110 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\WorkflowEngine\Check;
+
+
+use OCP\Files\Storage\IStorage;
+use OCP\WorkflowEngine\ICheck;
+
+abstract class AbstractStringCheck implements ICheck {
+
+	/** @var array[] Nested array: [Pattern => [ActualValue => Regex Result]] */
+	protected $matches;
+
+	/**
+	 * @param IStorage $storage
+	 * @param string $path
+	 */
+	public function setFileInfo(IStorage $storage, $path) {
+		// Nothing changes here with a different path
+	}
+
+	/**
+	 * @return string
+	 */
+	abstract protected function getActualValue();
+
+	/**
+	 * @param string $operator
+	 * @param string $value
+	 * @return bool
+	 */
+	public function executeCheck($operator, $value)  {
+		$actualValue = $this->getActualValue();
+		return $this->executeStringCheck($operator, $value, $actualValue);
+	}
+
+	/**
+	 * @param string $operator
+	 * @param string $checkValue
+	 * @param string $actualValue
+	 * @return bool
+	 */
+	protected function executeStringCheck($operator, $checkValue, $actualValue) {
+		if ($operator === 'is') {
+			return $checkValue === $actualValue;
+		} else if ($operator === '!is') {
+			return $checkValue !== $actualValue;
+		} else {
+			$match = $this->match($checkValue, $actualValue);
+			if ($operator === 'matches') {
+				return $match === 1;
+			} else {
+				return $match === 0;
+			}
+		}
+	}
+
+	/**
+	 * @param string $operator
+	 * @param string $value
+	 * @throws \UnexpectedValueException
+	 */
+	public function validateCheck($operator, $value) {
+		if (!in_array($operator, ['is', '!is', 'matches', '!matches'])) {
+			throw new \UnexpectedValueException('Invalid operator', 1);
+		}
+
+		if (in_array($operator, ['matches', '!matches']) &&
+			  @preg_match($value, null) === false) {
+			throw new \UnexpectedValueException('Invalid regex', 2);
+		}
+	}
+
+	/**
+	 * @param string $pattern
+	 * @param string $subject
+	 * @return int|bool
+	 */
+	protected function match($pattern, $subject) {
+		$patternHash = md5($pattern);
+		$subjectHash = md5($subject);
+		if (isset($this->matches[$patternHash][$subjectHash])) {
+			return $this->matches[$patternHash][$subjectHash];
+		}
+		if (!isset($this->matches[$patternHash])) {
+			$this->matches[$patternHash] = [];
+		}
+		$this->matches[$patternHash][$subjectHash] = preg_match($pattern, $subject);
+		return $this->matches[$patternHash][$subjectHash];
+	}
+}
diff --git a/apps/workflowengine/lib/Check/FileMimeType.php b/apps/workflowengine/lib/Check/FileMimeType.php
new file mode 100644
index 0000000000000000000000000000000000000000..c774d30a233f2f764c3cd8a6edcd1a24bb7ab9d9
--- /dev/null
+++ b/apps/workflowengine/lib/Check/FileMimeType.php
@@ -0,0 +1,82 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\WorkflowEngine\Check;
+
+
+use OCP\Files\IMimeTypeDetector;
+use OCP\IRequest;
+
+class FileMimeType extends AbstractStringCheck {
+
+	/** @var string */
+	protected $mimeType;
+
+	/** @var IRequest */
+	protected $request;
+
+	/** @var IMimeTypeDetector */
+	protected $mimeTypeDetector;
+
+	/**
+	 * @param IRequest $request
+	 * @param IMimeTypeDetector $mimeTypeDetector
+	 */
+	public function __construct(IRequest $request, IMimeTypeDetector $mimeTypeDetector) {
+		$this->request = $request;
+		$this->mimeTypeDetector = $mimeTypeDetector;
+	}
+
+	/**
+	 * @return string
+	 */
+	protected function getActualValue() {
+		if ($this->mimeType !== null) {
+			return $this->mimeType;
+		}
+
+		$this->mimeType = '';
+		if ($this->isWebDAVRequest()) {
+			if ($this->request->getMethod() === 'PUT') {
+				$path = $this->request->getPathInfo();
+				$this->mimeType = $this->mimeTypeDetector->detectPath($path);
+			}
+		} else if (in_array($this->request->getMethod(), ['POST', 'PUT'])) {
+			$files = $this->request->getUploadedFile('files');
+			if (isset($files['type'][0])) {
+				$this->mimeType = $files['type'][0];
+			}
+		}
+		return $this->mimeType;
+	}
+
+	/**
+	 * @return bool
+	 */
+	protected function isWebDAVRequest() {
+		return substr($this->request->getScriptName(), 0 - strlen('/remote.php')) === '/remote.php' && (
+			$this->request->getPathInfo() === '/webdav' ||
+			strpos($this->request->getPathInfo(), '/webdav/') === 0 ||
+			$this->request->getPathInfo() === '/dav/files' ||
+			strpos($this->request->getPathInfo(), '/dav/files/') === 0
+		);
+	}
+}
diff --git a/apps/workflowengine/tests/Check/AbstractStringCheckTest.php b/apps/workflowengine/tests/Check/AbstractStringCheckTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..43818ab8e2663a849a2739f36aec21ed6ef2d13b
--- /dev/null
+++ b/apps/workflowengine/tests/Check/AbstractStringCheckTest.php
@@ -0,0 +1,149 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Joas Schilling <coding@schilljs.com>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\WorkflowEngine\Tests\Check;
+
+
+class AbstractStringCheckTest extends \Test\TestCase {
+
+	public function dataExecuteStringCheck() {
+		return [
+			['is', 'same', 'same', true],
+			['is', 'different', 'not the same', false],
+			['!is', 'same', 'same', false],
+			['!is', 'different', 'not the same', true],
+
+			['matches', '/match/', 'match', true],
+			['matches', '/different/', 'not the same', false],
+			['!matches', '/match/', 'match', false],
+			['!matches', '/different/', 'not the same', true],
+		];
+	}
+
+	/**
+	 * @dataProvider dataExecuteStringCheck
+	 * @param string $operation
+	 * @param string $checkValue
+	 * @param string $actualValue
+	 * @param bool $expected
+	 */
+	public function testExecuteStringCheck($operation, $checkValue, $actualValue, $expected) {
+		$check = $this->getMockBuilder('OCA\WorkflowEngine\Check\AbstractStringCheck')
+			->setMethods([
+				'setPath',
+				'executeCheck',
+				'getActualValue',
+			])
+			->getMock();
+
+		/** @var \OCA\WorkflowEngine\Check\AbstractStringCheck $check */
+		$this->assertEquals($expected, $this->invokePrivate($check, 'executeStringCheck', [$operation, $checkValue, $actualValue]));
+	}
+
+	public function dataValidateCheck() {
+		return [
+			['is', '/Invalid(Regex/'],
+			['!is', '/Invalid(Regex/'],
+			['matches', '/Valid(Regex)/'],
+			['!matches', '/Valid(Regex)/'],
+		];
+	}
+
+	/**
+	 * @dataProvider dataValidateCheck
+	 * @param string $operator
+	 * @param string $value
+	 */
+	public function testValidateCheck($operator, $value) {
+		$check = $this->getMockBuilder('OCA\WorkflowEngine\Check\AbstractStringCheck')
+			->setMethods([
+				'setPath',
+				'executeCheck',
+				'getActualValue',
+			])
+			->getMock();
+
+		/** @var \OCA\WorkflowEngine\Check\AbstractStringCheck $check */
+		$check->validateCheck($operator, $value);
+	}
+
+	public function dataValidateCheckInvalid() {
+		return [
+			['!!is', '', 1, 'Invalid operator'],
+			['less', '', 1, 'Invalid operator'],
+			['matches', '/Invalid(Regex/', 2, 'Invalid regex'],
+			['!matches', '/Invalid(Regex/', 2, 'Invalid regex'],
+		];
+	}
+
+	/**
+	 * @dataProvider dataValidateCheckInvalid
+	 * @param $operator
+	 * @param $value
+	 * @param $exceptionCode
+	 * @param $exceptionMessage
+	 */
+	public function testValidateCheckInvalid($operator, $value, $exceptionCode, $exceptionMessage) {
+		$check = $this->getMockBuilder('OCA\WorkflowEngine\Check\AbstractStringCheck')
+			->setMethods([
+				'setPath',
+				'executeCheck',
+				'getActualValue',
+			])
+			->getMock();
+
+		try {
+			/** @var \OCA\WorkflowEngine\Check\AbstractStringCheck $check */
+			$check->validateCheck($operator, $value);
+		} catch (\UnexpectedValueException $e) {
+			$this->assertEquals($exceptionCode, $e->getCode());
+			$this->assertEquals($exceptionMessage, $e->getMessage());
+		}
+	}
+
+	public function dataMatch() {
+		return [
+			['/valid/', 'valid', [], true],
+			['/valid/', 'valid', [md5('/valid/') => [md5('valid') => false]], false], // Cache hit
+		];
+	}
+
+	/**
+	 * @dataProvider dataMatch
+	 * @param string $pattern
+	 * @param string $subject
+	 * @param array[] $matches
+	 * @param bool $expected
+	 */
+	public function testMatch($pattern, $subject, $matches, $expected) {
+		$check = $this->getMockBuilder('OCA\WorkflowEngine\Check\AbstractStringCheck')
+			->setMethods([
+				'setPath',
+				'executeCheck',
+				'getActualValue',
+			])
+			->getMock();
+
+		$this->invokePrivate($check, 'matches', [$matches]);
+
+		$this->assertEquals($expected, $this->invokePrivate($check, 'match', [$pattern, $subject]));
+	}
+}