From: Arthur Schiwon <blizzz@arthur-schiwon.de>
Date: Tue, 21 Nov 2023 20:32:55 +0000 (+0100)
Subject: enh(LDAP): add occ command to promote an LDAP group to admin
X-Git-Tag: v29.0.0beta1~734^2~1
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=18e6c9f5bc95c9c96755cac5b514c4f12f86435b;p=nextcloud-server.git

enh(LDAP): add occ command to promote an LDAP group to admin

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
---

diff --git a/apps/user_ldap/appinfo/info.xml b/apps/user_ldap/appinfo/info.xml
index a04722c1339..b4ddf8d38e4 100644
--- a/apps/user_ldap/appinfo/info.xml
+++ b/apps/user_ldap/appinfo/info.xml
@@ -51,6 +51,7 @@ A user logs into Nextcloud with their LDAP or AD credentials, and is granted acc
 		<command>OCA\User_LDAP\Command\CheckGroup</command>
 		<command>OCA\User_LDAP\Command\CreateEmptyConfig</command>
 		<command>OCA\User_LDAP\Command\DeleteConfig</command>
+		<command>OCA\User_LDAP\Command\PromoteGroup</command>
 		<command>OCA\User_LDAP\Command\ResetGroup</command>
 		<command>OCA\User_LDAP\Command\ResetUser</command>
 		<command>OCA\User_LDAP\Command\Search</command>
diff --git a/apps/user_ldap/composer/composer/autoload_classmap.php b/apps/user_ldap/composer/composer/autoload_classmap.php
index bdca3c1c295..e7fdc764d71 100644
--- a/apps/user_ldap/composer/composer/autoload_classmap.php
+++ b/apps/user_ldap/composer/composer/autoload_classmap.php
@@ -15,6 +15,7 @@ return array(
     'OCA\\User_LDAP\\Command\\CheckUser' => $baseDir . '/../lib/Command/CheckUser.php',
     'OCA\\User_LDAP\\Command\\CreateEmptyConfig' => $baseDir . '/../lib/Command/CreateEmptyConfig.php',
     'OCA\\User_LDAP\\Command\\DeleteConfig' => $baseDir . '/../lib/Command/DeleteConfig.php',
+    'OCA\\User_LDAP\\Command\\PromoteGroup' => $baseDir . '/../lib/Command/PromoteGroup.php',
     'OCA\\User_LDAP\\Command\\ResetGroup' => $baseDir . '/../lib/Command/ResetGroup.php',
     'OCA\\User_LDAP\\Command\\ResetUser' => $baseDir . '/../lib/Command/ResetUser.php',
     'OCA\\User_LDAP\\Command\\Search' => $baseDir . '/../lib/Command/Search.php',
diff --git a/apps/user_ldap/composer/composer/autoload_static.php b/apps/user_ldap/composer/composer/autoload_static.php
index 1b4d3984890..a1317d1df36 100644
--- a/apps/user_ldap/composer/composer/autoload_static.php
+++ b/apps/user_ldap/composer/composer/autoload_static.php
@@ -30,6 +30,7 @@ class ComposerStaticInitUser_LDAP
         'OCA\\User_LDAP\\Command\\CheckUser' => __DIR__ . '/..' . '/../lib/Command/CheckUser.php',
         'OCA\\User_LDAP\\Command\\CreateEmptyConfig' => __DIR__ . '/..' . '/../lib/Command/CreateEmptyConfig.php',
         'OCA\\User_LDAP\\Command\\DeleteConfig' => __DIR__ . '/..' . '/../lib/Command/DeleteConfig.php',
+        'OCA\\User_LDAP\\Command\\PromoteGroup' => __DIR__ . '/..' . '/../lib/Command/PromoteGroup.php',
         'OCA\\User_LDAP\\Command\\ResetGroup' => __DIR__ . '/..' . '/../lib/Command/ResetGroup.php',
         'OCA\\User_LDAP\\Command\\ResetUser' => __DIR__ . '/..' . '/../lib/Command/ResetUser.php',
         'OCA\\User_LDAP\\Command\\Search' => __DIR__ . '/..' . '/../lib/Command/Search.php',
diff --git a/apps/user_ldap/lib/Command/PromoteGroup.php b/apps/user_ldap/lib/Command/PromoteGroup.php
new file mode 100644
index 00000000000..5fc3905414f
--- /dev/null
+++ b/apps/user_ldap/lib/Command/PromoteGroup.php
@@ -0,0 +1,113 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2023 Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\User_LDAP\Command;
+
+use OCA\User_LDAP\Group_Proxy;
+use OCP\IGroup;
+use OCP\IGroupManager;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Helper\QuestionHelper;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Input\InputOption;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\Question;
+
+class PromoteGroup extends Command {
+
+	public function __construct(
+		private IGroupManager $groupManager,
+		private Group_Proxy $backend
+	) {
+		parent::__construct();
+	}
+
+	protected function configure(): void {
+		$this
+			->setName('ldap:promote-group')
+			->setDescription('declares the specified group as admin group (only one is possible per LDAP configuration)')
+			->addArgument(
+				'group',
+				InputArgument::REQUIRED,
+				'the group ID in Nextcloud or a group name'
+			)
+			->addOption(
+				'yes',
+				'y',
+				InputOption::VALUE_NONE,
+				'do not ask for confirmation'
+			);
+	}
+
+	protected function promoteGroup(IGroup $group, InputInterface $input, OutputInterface $output): void {
+		if ($input->getOption('yes') === false) {
+			/** @var QuestionHelper $helper */
+			$helper = $this->getHelper('question');
+
+			$idLabel = '';
+			if ($group->getGID() !== $group->getDisplayName()) {
+				$idLabel = sprintf(' (Group ID: %s)', $group->getGID());
+			}
+
+			$q = new Question(sprintf('Promote %s%s to the admin group (y|N)? ', $group->getDisplayName(), $idLabel));
+			$input->setOption('yes', $helper->ask($input, $output, $q) === 'y');
+		}
+		if ($input->getOption('yes') === true) {
+			$access = $this->backend->getLDAPAccess($group->getGID());
+			$access->connection->setConfiguration(['ldapAdminGroup' => $group->getGID()]);
+			$access->connection->saveConfiguration();
+			$output->writeln(sprintf('<info>Group %s was promoted</info>', $group->getDisplayName()));
+		} else {
+			$output->writeln('<comment>Group promotion cancelled</comment>');
+		}
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output): int {
+		$groupInput = (string)$input->getArgument('group');
+		$group = $this->groupManager->get($groupInput);
+
+		if ($group instanceof IGroup && $this->backend->groupExists($group->getGID())) {
+			$this->promoteGroup($group, $input, $output);
+			return 0;
+		}
+
+		$groupCandidates = $this->backend->getGroups($groupInput, 20);
+		foreach ($groupCandidates as $gidCandidate) {
+			$group = $this->groupManager->get($gidCandidate);
+			if ($group !== null
+				&& $this->backend->groupExists($group->getGID()) // ensure it is an LDAP group
+				&& ($group->getGID() === $groupInput
+					|| $group->getDisplayName() === $groupInput)
+			) {
+				$this->promoteGroup($group, $input, $output);
+				return 0;
+			}
+		}
+
+		$output->writeln('<error>No matching group found</error>');
+		return 1;
+	}
+
+}