|
|
@@ -63,6 +63,7 @@ use OCP\HintException; |
|
|
|
use OCP\IConfig; |
|
|
|
use OCP\IGroup; |
|
|
|
use OCP\IGroupManager; |
|
|
|
use OCP\IL10N; |
|
|
|
use OCP\IPhoneNumberUtil; |
|
|
|
use OCP\IRequest; |
|
|
|
use OCP\IURLGenerator; |
|
|
@@ -79,22 +80,8 @@ use Psr\Log\LoggerInterface; |
|
|
|
* @psalm-import-type Provisioning_APIUserDetails from ResponseDefinitions |
|
|
|
*/ |
|
|
|
class UsersController extends AUserData { |
|
|
|
/** @var IURLGenerator */ |
|
|
|
protected $urlGenerator; |
|
|
|
/** @var LoggerInterface */ |
|
|
|
private $logger; |
|
|
|
/** @var IFactory */ |
|
|
|
protected $l10nFactory; |
|
|
|
/** @var NewUserMailHelper */ |
|
|
|
private $newUserMailHelper; |
|
|
|
/** @var ISecureRandom */ |
|
|
|
private $secureRandom; |
|
|
|
/** @var RemoteWipe */ |
|
|
|
private $remoteWipe; |
|
|
|
/** @var KnownUserService */ |
|
|
|
private $knownUserService; |
|
|
|
/** @var IEventDispatcher */ |
|
|
|
private $eventDispatcher; |
|
|
|
|
|
|
|
private IL10N $l10n; |
|
|
|
|
|
|
|
public function __construct( |
|
|
|
string $appName, |
|
|
@@ -104,14 +91,14 @@ class UsersController extends AUserData { |
|
|
|
IGroupManager $groupManager, |
|
|
|
IUserSession $userSession, |
|
|
|
IAccountManager $accountManager, |
|
|
|
IURLGenerator $urlGenerator, |
|
|
|
LoggerInterface $logger, |
|
|
|
IFactory $l10nFactory, |
|
|
|
NewUserMailHelper $newUserMailHelper, |
|
|
|
ISecureRandom $secureRandom, |
|
|
|
RemoteWipe $remoteWipe, |
|
|
|
KnownUserService $knownUserService, |
|
|
|
IEventDispatcher $eventDispatcher, |
|
|
|
private IURLGenerator $urlGenerator, |
|
|
|
private LoggerInterface $logger, |
|
|
|
private NewUserMailHelper $newUserMailHelper, |
|
|
|
private ISecureRandom $secureRandom, |
|
|
|
private RemoteWipe $remoteWipe, |
|
|
|
private KnownUserService $knownUserService, |
|
|
|
private IEventDispatcher $eventDispatcher, |
|
|
|
private IPhoneNumberUtil $phoneNumberUtil, |
|
|
|
) { |
|
|
|
parent::__construct( |
|
|
@@ -125,14 +112,7 @@ class UsersController extends AUserData { |
|
|
|
$l10nFactory |
|
|
|
); |
|
|
|
|
|
|
|
$this->urlGenerator = $urlGenerator; |
|
|
|
$this->logger = $logger; |
|
|
|
$this->l10nFactory = $l10nFactory; |
|
|
|
$this->newUserMailHelper = $newUserMailHelper; |
|
|
|
$this->secureRandom = $secureRandom; |
|
|
|
$this->remoteWipe = $remoteWipe; |
|
|
|
$this->knownUserService = $knownUserService; |
|
|
|
$this->eventDispatcher = $eventDispatcher; |
|
|
|
$this->l10n = $l10nFactory->get($appName); |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
@@ -392,7 +372,7 @@ class UsersController extends AUserData { |
|
|
|
} |
|
|
|
$attempts++; |
|
|
|
} while ($attempts < 10); |
|
|
|
throw new OCSException('Could not create non-existing user id', 111); |
|
|
|
throw new OCSException($this->l10n->t('Could not create non-existing user id'), 111); |
|
|
|
} |
|
|
|
|
|
|
|
/** |
|
|
@@ -437,21 +417,21 @@ class UsersController extends AUserData { |
|
|
|
|
|
|
|
if ($this->userManager->userExists($userid)) { |
|
|
|
$this->logger->error('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']); |
|
|
|
throw new OCSException($this->l10nFactory->get('provisioning_api')->t('User already exists'), 102); |
|
|
|
throw new OCSException($this->l10n->t('User already exists'), 102); |
|
|
|
} |
|
|
|
|
|
|
|
if ($groups !== []) { |
|
|
|
foreach ($groups as $group) { |
|
|
|
if (!$this->groupManager->groupExists($group)) { |
|
|
|
throw new OCSException('group ' . $group . ' does not exist', 104); |
|
|
|
throw new OCSException($this->l10n->t('Group %1$s does not exist', [$group]), 104); |
|
|
|
} |
|
|
|
if (!$isAdmin && !$subAdminManager->isSubAdminOfGroup($user, $this->groupManager->get($group))) { |
|
|
|
throw new OCSException('insufficient privileges for group ' . $group, 105); |
|
|
|
throw new OCSException($this->l10n->t('Insufficient privileges for group %1$s', [$group]), 105); |
|
|
|
} |
|
|
|
} |
|
|
|
} else { |
|
|
|
if (!$isAdmin) { |
|
|
|
throw new OCSException('no group specified (required for subadmins)', 106); |
|
|
|
throw new OCSException($this->l10n->t('No group specified (required for sub-admins)'), 106); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
@@ -461,15 +441,15 @@ class UsersController extends AUserData { |
|
|
|
$group = $this->groupManager->get($groupid); |
|
|
|
// Check if group exists |
|
|
|
if ($group === null) { |
|
|
|
throw new OCSException('Subadmin group does not exist', 102); |
|
|
|
throw new OCSException($this->l10n->t('Sub-admin group does not exist'), 102); |
|
|
|
} |
|
|
|
// Check if trying to make subadmin of admin group |
|
|
|
if ($group->getGID() === 'admin') { |
|
|
|
throw new OCSException('Cannot create subadmins for admin group', 103); |
|
|
|
throw new OCSException($this->l10n->t('Cannot create sub-admins for admin group'), 103); |
|
|
|
} |
|
|
|
// Check if has permission to promote subadmins |
|
|
|
if (!$subAdminManager->isSubAdminOfGroup($user, $group) && !$isAdmin) { |
|
|
|
throw new OCSForbiddenException('No permissions to promote subadmins'); |
|
|
|
throw new OCSForbiddenException($this->l10n->t('No permissions to promote sub-admins')); |
|
|
|
} |
|
|
|
$subadminGroups[] = $group; |
|
|
|
} |
|
|
@@ -477,11 +457,11 @@ class UsersController extends AUserData { |
|
|
|
|
|
|
|
$generatePasswordResetToken = false; |
|
|
|
if (strlen($password) > IUserManager::MAX_PASSWORD_LENGTH) { |
|
|
|
throw new OCSException('Invalid password value', 101); |
|
|
|
throw new OCSException($this->l10n->t('Invalid password value'), 101); |
|
|
|
} |
|
|
|
if ($password === '') { |
|
|
|
if ($email === '') { |
|
|
|
throw new OCSException('To send a password link to the user an email address is required.', 108); |
|
|
|
throw new OCSException($this->l10n->t('To send a password link to the user an email address is required.'), 108); |
|
|
|
} |
|
|
|
|
|
|
|
$passwordEvent = new GenerateSecurePasswordEvent(); |
|
|
@@ -500,7 +480,7 @@ class UsersController extends AUserData { |
|
|
|
} |
|
|
|
|
|
|
|
if ($email === '' && $this->config->getAppValue('core', 'newUser.requireEmail', 'no') === 'yes') { |
|
|
|
throw new OCSException('Required email address was not provided', 110); |
|
|
|
throw new OCSException($this->l10n->t('Required email address was not provided'), 110); |
|
|
|
} |
|
|
|
|
|
|
|
try { |
|
|
@@ -986,14 +966,14 @@ class UsersController extends AUserData { |
|
|
|
$quota = \OCP\Util::computerFileSize($quota); |
|
|
|
} |
|
|
|
if ($quota === false) { |
|
|
|
throw new OCSException('Invalid quota value ' . $value, 102); |
|
|
|
throw new OCSException($this->l10n->t('Invalid quota value: %1$s', [$value]), 102); |
|
|
|
} |
|
|
|
if ($quota === -1) { |
|
|
|
$quota = 'none'; |
|
|
|
} else { |
|
|
|
$maxQuota = (int) $this->config->getAppValue('files', 'max_quota', '-1'); |
|
|
|
if ($maxQuota !== -1 && $quota > $maxQuota) { |
|
|
|
throw new OCSException('Invalid quota value. ' . $value . ' is exceeding the maximum quota', 102); |
|
|
|
throw new OCSException($this->l10n->t('Invalid quota value. %1$s is exceeding the maximum quota', [$value]), 102); |
|
|
|
} |
|
|
|
$quota = \OCP\Util::humanFileSize($quota); |
|
|
|
} |
|
|
@@ -1002,7 +982,7 @@ class UsersController extends AUserData { |
|
|
|
if ($quota === 'none') { |
|
|
|
$allowUnlimitedQuota = $this->config->getAppValue('files', 'allow_unlimited_quota', '1') === '1'; |
|
|
|
if (!$allowUnlimitedQuota) { |
|
|
|
throw new OCSException('Unlimited quota is forbidden on this instance', 102); |
|
|
|
throw new OCSException($this->l10n->t('Unlimited quota is forbidden on this instance'), 102); |
|
|
|
} |
|
|
|
} |
|
|
|
$targetUser->setQuota($quota); |
|
|
@@ -1013,10 +993,10 @@ class UsersController extends AUserData { |
|
|
|
case self::USER_FIELD_PASSWORD: |
|
|
|
try { |
|
|
|
if (strlen($value) > IUserManager::MAX_PASSWORD_LENGTH) { |
|
|
|
throw new OCSException('Invalid password value', 102); |
|
|
|
throw new OCSException($this->l10n->t('Invalid password value'), 102); |
|
|
|
} |
|
|
|
if (!$targetUser->canChangePassword()) { |
|
|
|
throw new OCSException('Setting the password is not supported by the users backend', 103); |
|
|
|
throw new OCSException($this->l10n->t('Setting the password is not supported by the users backend'), 103); |
|
|
|
} |
|
|
|
$targetUser->setPassword($value); |
|
|
|
} catch (HintException $e) { // password policy error |
|
|
@@ -1026,13 +1006,13 @@ class UsersController extends AUserData { |
|
|
|
case self::USER_FIELD_LANGUAGE: |
|
|
|
$languagesCodes = $this->l10nFactory->findAvailableLanguages(); |
|
|
|
if (!in_array($value, $languagesCodes, true) && $value !== 'en') { |
|
|
|
throw new OCSException('Invalid language', 102); |
|
|
|
throw new OCSException($this->l10n->t('Invalid language'), 102); |
|
|
|
} |
|
|
|
$this->config->setUserValue($targetUser->getUID(), 'core', 'lang', $value); |
|
|
|
break; |
|
|
|
case self::USER_FIELD_LOCALE: |
|
|
|
if (!$this->l10nFactory->localeExists($value)) { |
|
|
|
throw new OCSException('Invalid locale', 102); |
|
|
|
throw new OCSException($this->l10n->t('Invalid locale'), 102); |
|
|
|
} |
|
|
|
$this->config->setUserValue($targetUser->getUID(), 'core', 'locale', $value); |
|
|
|
break; |
|
|
@@ -1415,11 +1395,11 @@ class UsersController extends AUserData { |
|
|
|
if ($targetUser->getUID() === $loggedInUser->getUID()) { |
|
|
|
if ($this->groupManager->isAdmin($loggedInUser->getUID())) { |
|
|
|
if ($group->getGID() === 'admin') { |
|
|
|
throw new OCSException('Cannot remove yourself from the admin group', 105); |
|
|
|
throw new OCSException($this->l10n->t('Cannot remove yourself from the admin group'), 105); |
|
|
|
} |
|
|
|
} else { |
|
|
|
// Not an admin, so the user must be a subadmin of this group, but that is not allowed. |
|
|
|
throw new OCSException('Cannot remove yourself from this group as you are a SubAdmin', 105); |
|
|
|
throw new OCSException($this->l10n->t('Cannot remove yourself from this group as you are a sub-admin'), 105); |
|
|
|
} |
|
|
|
} elseif (!$this->groupManager->isAdmin($loggedInUser->getUID())) { |
|
|
|
/** @var IGroup[] $subAdminGroups */ |
|
|
@@ -1432,7 +1412,7 @@ class UsersController extends AUserData { |
|
|
|
|
|
|
|
if (count($userSubAdminGroups) <= 1) { |
|
|
|
// Subadmin must not be able to remove a user from all their subadmin groups. |
|
|
|
throw new OCSException('Not viable to remove user from the last group you are SubAdmin of', 105); |
|
|
|
throw new OCSException($this->l10n->t('Not viable to remove user from the last group you are sub-admin of'), 105); |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
@@ -1459,15 +1439,15 @@ class UsersController extends AUserData { |
|
|
|
|
|
|
|
// Check if the user exists |
|
|
|
if ($user === null) { |
|
|
|
throw new OCSException('User does not exist', 101); |
|
|
|
throw new OCSException($this->l10n->t('User does not exist'), 101); |
|
|
|
} |
|
|
|
// Check if group exists |
|
|
|
if ($group === null) { |
|
|
|
throw new OCSException('Group does not exist', 102); |
|
|
|
throw new OCSException($this->l10n->t('Group does not exist'), 102); |
|
|
|
} |
|
|
|
// Check if trying to make subadmin of admin group |
|
|
|
if ($group->getGID() === 'admin') { |
|
|
|
throw new OCSException('Cannot create subadmins for admin group', 103); |
|
|
|
throw new OCSException($this->l10n->t('Cannot create sub-admins for admin group'), 103); |
|
|
|
} |
|
|
|
|
|
|
|
$subAdminManager = $this->groupManager->getSubAdmin(); |
|
|
@@ -1500,15 +1480,15 @@ class UsersController extends AUserData { |
|
|
|
|
|
|
|
// Check if the user exists |
|
|
|
if ($user === null) { |
|
|
|
throw new OCSException('User does not exist', 101); |
|
|
|
throw new OCSException($this->l10n->t('User does not exist'), 101); |
|
|
|
} |
|
|
|
// Check if the group exists |
|
|
|
if ($group === null) { |
|
|
|
throw new OCSException('Group does not exist', 101); |
|
|
|
throw new OCSException($this->l10n->t('Group does not exist'), 101); |
|
|
|
} |
|
|
|
// Check if they are a subadmin of this said group |
|
|
|
if (!$subAdminManager->isSubAdminOfGroup($user, $group)) { |
|
|
|
throw new OCSException('User is not a subadmin of this group', 102); |
|
|
|
throw new OCSException($this->l10n->t('User is not a sub-admin of this group'), 102); |
|
|
|
} |
|
|
|
|
|
|
|
// Go |
|
|
@@ -1562,7 +1542,7 @@ class UsersController extends AUserData { |
|
|
|
|
|
|
|
$email = $targetUser->getEMailAddress(); |
|
|
|
if ($email === '' || $email === null) { |
|
|
|
throw new OCSException('Email address not available', 101); |
|
|
|
throw new OCSException($this->l10n->t('Email address not available'), 101); |
|
|
|
} |
|
|
|
|
|
|
|
try { |
|
|
@@ -1576,7 +1556,7 @@ class UsersController extends AUserData { |
|
|
|
'exception' => $e, |
|
|
|
] |
|
|
|
); |
|
|
|
throw new OCSException('Sending email failed', 102); |
|
|
|
throw new OCSException($this->l10n->t('Sending email failed'), 102); |
|
|
|
} |
|
|
|
|
|
|
|
return new DataResponse(); |