From: Jakob Sack <kde@jakobsack.de>
Date: Mon, 18 Apr 2011 10:39:28 +0000 (+0200)
Subject: More error checking in user management
X-Git-Tag: v3.0~267^2~558^2~61
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=da30671ec474bfa522d0a0b21d3e457437b9b57b;p=nextcloud-server.git

More error checking in user management
---

diff --git a/admin/ajax/creategroup.php b/admin/ajax/creategroup.php
index bfa4099b889..eec27587930 100644
--- a/admin/ajax/creategroup.php
+++ b/admin/ajax/creategroup.php
@@ -12,11 +12,17 @@ if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin'
 	exit();
 }
 
-$name = $_POST["groupname"];
+$groupname = $_POST["groupname"];
+
+// Does the group exist?
+if( in_array( $groupname, OC_GROUP::getGroups())){
+	echo json_encode( array( "status" => "error", "data" => array( "message" => "Group already exists" )));
+	exit();
+}
 
 // Return Success story
-if( OC_GROUP::createGroup( $name )){
-	echo json_encode( array( "status" => "success", "data" => array( "groupname" => $name )));
+if( OC_GROUP::createGroup( $groupname )){
+	echo json_encode( array( "status" => "success", "data" => array( "groupname" => $groupname )));
 }
 else{
 	echo json_encode( array( "status" => "error", "data" => array( "message" => "Unable to add group" )));
diff --git a/admin/ajax/createuser.php b/admin/ajax/createuser.php
index 4aa082a25e6..a6e4ec0e93d 100644
--- a/admin/ajax/createuser.php
+++ b/admin/ajax/createuser.php
@@ -19,12 +19,18 @@ if( isset( $_POST["groups"] )){
 $username = $_POST["username"];
 $password = $_POST["password"];
 
+// Does the group exist?
+if( in_array( $username, OC_USER::getUsers())){
+	echo json_encode( array( "status" => "error", "data" => array( "message" => "User already exists" )));
+	exit();
+}
+
 // Return Success story
 if( OC_USER::createUser( $username, $password )){
 	foreach( $groups as $i ){
 		OC_GROUP::addToGroup( $username, $i );
 	}
-	echo json_encode( array( "status" => "success", "data" => array( "username" => $username, "groups" => implode( ", ", $groups ))));
+	echo json_encode( array( "status" => "success", "data" => array( "username" => $username, "groups" => implode( ", ", OC_GROUP::getUserGroups( $username )))));
 }
 else{
 	echo json_encode( array( "status" => "error", "data" => array( "message" => "Unable to add user" )));
diff --git a/admin/ajax/togglegroups.php b/admin/ajax/togglegroups.php
index cd26dbc1440..86834f56ea3 100644
--- a/admin/ajax/togglegroups.php
+++ b/admin/ajax/togglegroups.php
@@ -13,24 +13,28 @@ if( !OC_USER::isLoggedIn() || !OC_GROUP::inGroup( $_SESSION['user_id'], 'admin'
 }
 
 $success = true;
+$error = "add user to";
+$action = "add";
 
 $username = $_POST["username"];
 $group = $_POST["group"];
 
 // Toggle group
 if( OC_GROUP::inGroup( $username, $group )){
-	OC_GROUP::removeFromGroup( $username, $group );
+	$action = "remove";
+	$error = "remove user from";
+	$success = OC_GROUP::removeFromGroup( $username, $group );
 }
 else{
-	OC_GROUP::addToGroup( $username, $group );
+	$success = OC_GROUP::addToGroup( $username, $group );
 }
 
 // Return Success story
 if( $success ){
-	echo json_encode( array( "status" => "success", "data" => array( "username" => $username )));
+	echo json_encode( array( "status" => "success", "data" => array( "username" => $username, "action" => $action, "groupname" => $groupname )));
 }
 else{
-	echo json_encode( array( "status" => "error", "data" => array( "message" => "Unable to delete user" )));
+	echo json_encode( array( "status" => "error", "data" => array( "message" => "Unable to $error group $group" )));
 }
 
 ?>
diff --git a/admin/js/users.js b/admin/js/users.js
index 6a9ae9fc114..a649d641c80 100644
--- a/admin/js/users.js
+++ b/admin/js/users.js
@@ -31,12 +31,18 @@ $(document).ready(function(){
 				}
 			}
 			else{
-				alert( "something went wrong! sorry!" );
+				printError( data.data.message );
 			}
 		});
 		return false;
 	}
 
+	function printError( message ){
+		$("#errormessage").text( message );
+		$("#errordialog").dialog( "open" );
+		return false;
+	}
+
 	//#########################################################################
 	// Functions for editing the dom after user manipulation
 	//#########################################################################
@@ -131,7 +137,7 @@ $(document).ready(function(){
 				$('#changepassword').hide();
 			}
 			else{
-				alert( "something went wrong! sorry!" );
+				printError( data.data.message );
 			}
 		});
 		return false;
@@ -202,7 +208,8 @@ $(document).ready(function(){
 	// Show the create user form
 	$( "#createuseroptionbutton" )
 		.click(function(){
-			$( "#createuserform" ).toggle();
+			$("#createuserform").show();
+			$("#createuseroption").hide();
 			return false;
 		});
 
@@ -219,7 +226,7 @@ $(document).ready(function(){
 					userCreated( data.data.username, data.data.groups );
 				}
 				else{
-					alert( "Bug By Jakob (c)" );
+					printError( data.data.message );
 				}
 			});
 			return false;
@@ -243,7 +250,7 @@ $(document).ready(function(){
 					groupCreated( data.data.groupname );
 				}
 				else{
-					alert( "something went wrong! sorry!" );
+					printError( data.data.message );
 				}
 			});
 			return false;
@@ -261,6 +268,17 @@ $(document).ready(function(){
 	// Dialogs
 	//#########################################################################
 
+	// Removing users
+	$( "#errordialog" ).dialog({
+		autoOpen: false,
+		modal: true,
+		buttons: {
+			OK: function() {
+				$( this ).dialog( "close" );
+			}
+		}
+	});
+
 	// Removing users
 	$( "#removeuserform" ).dialog({
 		autoOpen: false,
@@ -275,7 +293,7 @@ $(document).ready(function(){
 						userRemoved( uid );
 					}
 					else{
-						alert( "Bug By Jakob (c)" );
+						printError( data.data.message );
 					}
 				});
 				$( this ).dialog( "close" );
@@ -304,7 +322,7 @@ $(document).ready(function(){
 						groupRemoved( gid );
 					}
 					else{
-						alert( "Bug By Jakob (c)" );
+						printError( data.data.message );
 					}
 				});
 				$( this ).dialog( "close" );
diff --git a/admin/templates/users.php b/admin/templates/users.php
index e769dcd4fc5..235df5bf829 100644
--- a/admin/templates/users.php
+++ b/admin/templates/users.php
@@ -63,7 +63,13 @@
 		<?php foreach($_["groups"] as $group): ?>
 			<tr x-gid="<?php echo $group["name"]; ?>">
 				<td><?php echo $group["name"] ?></td>
-				<td><a class="removegroupbutton" href="">remove</a></td>
+				<td>
+					<?php if( $group["name"] != "admin" ): ?>
+						<a class="removegroupbutton" href="">remove</a>
+					<?php else: ?>
+						&nbsp;
+					<?php endif; ?>
+				</td>
 			</tr>
 		<?php endforeach; ?>
 	</tbody>
@@ -104,3 +110,7 @@
 		<input id="removegroupnamefield" type="hidden" name="groupname" value="">
 	</form>
 </div>
+
+<div id="errordialog" title="Error">
+	<span id="errormessage"></span>
+</div>
diff --git a/lib/group.php b/lib/group.php
index 074e464f581..6510838ccfc 100644
--- a/lib/group.php
+++ b/lib/group.php
@@ -108,6 +108,10 @@ class OC_GROUP {
 		if( !$gid ){
 			return false;
 		}
+		// No duplicate group names
+		if( in_array( $gid, self::getGroups())){
+			return false;
+		}
 
 		$run = true;
 		OC_HOOK::emit( "OC_GROUP", "pre_createGroup", array( "run" => &$run, "gid" => $gid ));
@@ -167,6 +171,16 @@ class OC_GROUP {
 	 * Adds a user to a group.
 	 */
 	public static function addToGroup( $uid, $gid ){
+		// Does the user exist?
+		if( !in_array( $uid, OC_USER::getUsers())){
+			return false;
+		}
+		// Does the group exist?
+		if( !in_array( $gid, self::getGroups())){
+			return false;
+		}
+
+		// Go go go
 		$run = true;
 		OC_HOOK::emit( "OC_GROUP", "pre_addToGroup", array( "run" => &$run, "uid" => $uid, "gid" => $gid ));
 
diff --git a/lib/user.php b/lib/user.php
index 51e4ab358e1..09501e59c58 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -118,6 +118,11 @@ class OC_USER {
 		if( !$uid ){
 			return false;
 		}
+		// Check if user already exists
+		if( in_array( $uid, self::getUsers())){
+			return false;
+		}
+
 
 		$run = true;
 		OC_HOOK::emit( "OC_USER", "pre_createUser", array( "run" => &$run, "uid" => $uid, "password" => $password ));