Make the groupId url encoded

Signed-off-by: Julius Härtl <jus@bitgrid.net>

diff --git a/apps/provisioning_api/lib/Controller/GroupsController.php b/apps/provisioning_api/lib/Controller/GroupsController.php
index 6d02dcc0cd60ab5855c70f2f82e06ba45563815a..eada285a789bb6fbaacfe965a2d13de258127acd 100644 (file)
--- a/apps/provisioning_api/lib/Controller/GroupsController.php
+++ b/apps/provisioning_api/lib/Controller/GroupsController.php
@@ -151,6 +151,8 @@ class GroupsController extends AUserData {
         * @throws OCSException
         */
        public function getGroupUsers(string $groupId): DataResponse {
+               $groupId = urldecode($groupId);
+
                $user = $this->userSession->getUser();
                $isSubadminOfGroup = false;
 
@@ -190,6 +192,7 @@ class GroupsController extends AUserData {
         * @throws OCSException
         */
        public function getGroupUsersDetails(string $groupId, string $search = '', int $limit = null, int $offset = 0): DataResponse {
+               $groupId = urldecode($groupId);
                $currentUser = $this->userSession->getUser();
 
                // Check the group exists
@@ -262,6 +265,8 @@ class GroupsController extends AUserData {
         * @throws OCSException
         */
        public function updateGroup(string $groupId, string $key, string $value): DataResponse {
+               $groupId = urldecode($groupId);
+
                if ($key === 'displayname') {
                        $group = $this->groupManager->get($groupId);
                        if ($group->setDisplayName($value)) {
@@ -282,6 +287,8 @@ class GroupsController extends AUserData {
         * @throws OCSException
         */
        public function deleteGroup(string $groupId): DataResponse {
+               $groupId = urldecode($groupId);
+
                // Check it exists
                if(!$this->groupManager->groupExists($groupId)){
                        throw new OCSException('', 101);