From 026b7b8b15a0b5c40279d39569ef2432f4343f65 Mon Sep 17 00:00:00 2001 From: Christopher Ng Date: Fri, 4 Oct 2024 16:28:23 -0700 Subject: [PATCH] fix: Return correct list of managers for a user Signed-off-by: Christopher Ng --- .../lib/Controller/AUserData.php | 38 ++++++++++++++++++- .../lib/Controller/GroupsController.php | 3 ++ .../lib/Controller/UsersController.php | 5 ++- 3 files changed, 43 insertions(+), 3 deletions(-) diff --git a/apps/provisioning_api/lib/Controller/AUserData.php b/apps/provisioning_api/lib/Controller/AUserData.php index eb881db45e0..54ef3691cae 100644 --- a/apps/provisioning_api/lib/Controller/AUserData.php +++ b/apps/provisioning_api/lib/Controller/AUserData.php @@ -20,9 +20,11 @@ use OCP\AppFramework\OCS\OCSException; use OCP\AppFramework\OCS\OCSNotFoundException; use OCP\AppFramework\OCSController; use OCP\Files\NotFoundException; +use OCP\Group\ISubAdmin; use OCP\IConfig; use OCP\IGroupManager; use OCP\IRequest; +use OCP\IUser; use OCP\IUserManager; use OCP\IUserSession; use OCP\L10N\IFactory; @@ -55,6 +57,8 @@ abstract class AUserData extends OCSController { protected $userSession; /** @var IAccountManager */ protected $accountManager; + /** @var ISubAdmin */ + protected $subAdminManager; /** @var IFactory */ protected $l10nFactory; @@ -65,6 +69,7 @@ abstract class AUserData extends OCSController { IGroupManager $groupManager, IUserSession $userSession, IAccountManager $accountManager, + ISubAdmin $subAdminManager, IFactory $l10nFactory) { parent::__construct($appName, $request); @@ -73,6 +78,7 @@ abstract class AUserData extends OCSController { $this->groupManager = $groupManager; $this->userSession = $userSession; $this->accountManager = $accountManager; + $this->subAdminManager = $subAdminManager; $this->l10nFactory = $l10nFactory; } @@ -136,8 +142,8 @@ abstract class AUserData extends OCSController { $data['backend'] = $targetUserObject->getBackendClassName(); $data['subadmin'] = $this->getUserSubAdminGroupsData($targetUserObject->getUID()); $data[self::USER_FIELD_QUOTA] = $this->fillStorageInfo($targetUserObject->getUID()); - $managerUids = $targetUserObject->getManagerUids(); - $data[self::USER_FIELD_MANAGER] = empty($managerUids) ? '' : $managerUids[0]; + $managers = $this->getManagers($targetUserObject); + $data[self::USER_FIELD_MANAGER] = empty($managers) ? '' : $managers[0]; try { if ($includeScopes) { @@ -206,6 +212,34 @@ abstract class AUserData extends OCSController { return $data; } + /** + * @return string[] + */ + protected function getManagers(IUser $user): array { + $currentLoggedInUser = $this->userSession->getUser(); + + $managerUids = $user->getManagerUids(); + if ($this->groupManager->isAdmin($currentLoggedInUser->getUID()) || $this->groupManager->isDelegatedAdmin($currentLoggedInUser->getUID())) { + return $managerUids; + } + + if ($this->subAdminManager->isSubAdmin($currentLoggedInUser)) { + $accessibleManagerUids = array_values(array_filter( + $managerUids, + function (string $managerUid) use ($currentLoggedInUser) { + $manager = $this->userManager->get($managerUid); + if (!($manager instanceof IUser)) { + return false; + } + return $this->subAdminManager->isUserAccessible($currentLoggedInUser, $manager); + }, + )); + return $accessibleManagerUids; + } + + return []; + } + /** * Get the groups a user is a subadmin of * diff --git a/apps/provisioning_api/lib/Controller/GroupsController.php b/apps/provisioning_api/lib/Controller/GroupsController.php index 4b05f772e8f..f0712d12261 100644 --- a/apps/provisioning_api/lib/Controller/GroupsController.php +++ b/apps/provisioning_api/lib/Controller/GroupsController.php @@ -21,6 +21,7 @@ use OCP\AppFramework\OCS\OCSException; use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCS\OCSNotFoundException; use OCP\AppFramework\OCSController; +use OCP\Group\ISubAdmin; use OCP\IConfig; use OCP\IGroup; use OCP\IGroupManager; @@ -47,6 +48,7 @@ class GroupsController extends AUserData { IGroupManager $groupManager, IUserSession $userSession, IAccountManager $accountManager, + ISubAdmin $subAdminManager, IFactory $l10nFactory, LoggerInterface $logger) { parent::__construct($appName, @@ -56,6 +58,7 @@ class GroupsController extends AUserData { $groupManager, $userSession, $accountManager, + $subAdminManager, $l10nFactory ); diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index 5be0b6b1464..273e63c742d 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -31,6 +31,7 @@ use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCS\OCSNotFoundException; use OCP\AppFramework\OCSController; use OCP\EventDispatcher\IEventDispatcher; +use OCP\Group\ISubAdmin; use OCP\HintException; use OCP\IConfig; use OCP\IGroup; @@ -63,6 +64,7 @@ class UsersController extends AUserData { IGroupManager $groupManager, IUserSession $userSession, IAccountManager $accountManager, + ISubAdmin $subAdminManager, IFactory $l10nFactory, private IURLGenerator $urlGenerator, private LoggerInterface $logger, @@ -81,6 +83,7 @@ class UsersController extends AUserData { $groupManager, $userSession, $accountManager, + $subAdminManager, $l10nFactory ); @@ -946,7 +949,7 @@ class UsersController extends AUserData { $permittedFields[] = IAccountManager::PROPERTY_PROFILE_ENABLED; $permittedFields[] = IAccountManager::PROPERTY_BIRTHDATE; $permittedFields[] = IAccountManager::PROPERTY_PRONOUNS; - + $permittedFields[] = IAccountManager::PROPERTY_PHONE . self::SCOPE_SUFFIX; $permittedFields[] = IAccountManager::PROPERTY_ADDRESS . self::SCOPE_SUFFIX; $permittedFields[] = IAccountManager::PROPERTY_WEBSITE . self::SCOPE_SUFFIX; -- 2.39.5