mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 993 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
69819 Commits
411 Branches
Tree: c2d45cb172
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'c2d45cb172'
${ noResults }
nextcloud/apps/provisioning_api/lib/Controller/GroupsController.php

GroupsController.php 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368 
  1. <?php

  2. 

  3. declare(strict_types=1);

  4. 

  5. /**

  6.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  7.  *

  8.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  9.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  10.  * @author Joas Schilling <coding@schilljs.com>

  11.  * @author John Molakvoæ <skjnldsv@protonmail.com>

  12.  * @author Julius Härtl <jus@bitgrid.net>

  13.  * @author Lukas Reschke <lukas@statuscode.ch>

  14.  * @author Robin Appelman <robin@icewind.nl>

  15.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  16.  * @author Tom Needham <tom@owncloud.com>

  17.  * @author Kate Döen <kate.doeen@nextcloud.com>

  18.  *

  19.  * @license AGPL-3.0

  20.  *

  21.  * This code is free software: you can redistribute it and/or modify

  22.  * it under the terms of the GNU Affero General Public License, version 3,

  23.  * as published by the Free Software Foundation.

  24.  *

  25.  * This program is distributed in the hope that it will be useful,

  26.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  27.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  28.  * GNU Affero General Public License for more details.

  29.  *

  30.  * You should have received a copy of the GNU Affero General Public License, version 3,

  31.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  32.  *

  33.  */

  34. namespace OCA\Provisioning_API\Controller;

  35. 

  36. use OCA\Provisioning_API\ResponseDefinitions;

  37. use OCP\Accounts\IAccountManager;

  38. use OCP\AppFramework\Http;

  39. use OCP\AppFramework\Http\DataResponse;

  40. use OCP\AppFramework\OCS\OCSException;

  41. use OCP\AppFramework\OCS\OCSForbiddenException;

  42. use OCP\AppFramework\OCS\OCSNotFoundException;

  43. use OCP\AppFramework\OCSController;

  44. use OCP\IConfig;

  45. use OCP\IGroup;

  46. use OCP\IGroupManager;

  47. use OCP\IRequest;

  48. use OCP\IUser;

  49. use OCP\IUserManager;

  50. use OCP\IUserSession;

  51. use OCP\L10N\IFactory;

  52. use Psr\Log\LoggerInterface;

  53. 

  54. /**

  55.  * @psalm-import-type ProvisioningApiGroupDetails from ResponseDefinitions

  56.  * @psalm-import-type ProvisioningApiUserDetails from ResponseDefinitions

  57.  */

  58. class GroupsController extends AUserData {

  59. 

  60. 	/** @var LoggerInterface */

  61. 	private $logger;

  62. 

  63. 	public function __construct(string $appName,

  64. 								IRequest $request,

  65. 								IUserManager $userManager,

  66. 								IConfig $config,

  67. 								IGroupManager $groupManager,

  68. 								IUserSession $userSession,

  69. 								IAccountManager $accountManager,

  70. 								IFactory $l10nFactory,

  71. 								LoggerInterface $logger) {

  72. 		parent::__construct($appName,

  73. 			$request,

  74. 			$userManager,

  75. 			$config,

  76. 			$groupManager,

  77. 			$userSession,

  78. 			$accountManager,

  79. 			$l10nFactory

  80. 		);

  81. 

  82. 		$this->logger = $logger;

  83. 	}

  84. 

  85. 	/**

  86. 	 * @NoAdminRequired

  87. 	 *

  88. 	 * Get a list of groups

  89. 	 *

  90. 	 * @param string $search Text to search for

  91. 	 * @param ?int $limit Limit the amount of groups returned

  92. 	 * @param int $offset Offset for searching for groups

  93. 	 * @return DataResponse<Http::STATUS_OK, array{groups: string[]}, array{}>

  94. 	 *

  95. 	 * 200: Groups returned

  96. 	 */

  97. 	public function getGroups(string $search = '', ?int $limit = null, int $offset = 0): DataResponse {

  98. 		$groups = $this->groupManager->search($search, $limit, $offset);

  99. 		$groups = array_map(function ($group) {

  100. 			/** @var IGroup $group */

  101. 			return $group->getGID();

  102. 		}, $groups);

  103. 

  104. 		return new DataResponse(['groups' => $groups]);

  105. 	}

  106. 

  107. 	/**

  108. 	 * @NoAdminRequired

  109. 	 * @AuthorizedAdminSetting(settings=OCA\Settings\Settings\Admin\Sharing)

  110. 	 *

  111. 	 * Get a list of groups details

  112. 	 *

  113. 	 * @param string $search Text to search for

  114. 	 * @param ?int $limit Limit the amount of groups returned

  115. 	 * @param int $offset Offset for searching for groups

  116. 	 * @return DataResponse<Http::STATUS_OK, array{groups: ProvisioningApiGroupDetails[]}, array{}>

  117. 	 *

  118. 	 * 200: Groups details returned

  119. 	 */

  120. 	public function getGroupsDetails(string $search = '', int $limit = null, int $offset = 0): DataResponse {

  121. 		$groups = $this->groupManager->search($search, $limit, $offset);

  122. 		$groups = array_map(function ($group) {

  123. 			/** @var IGroup $group */

  124. 			return [

  125. 				'id' => $group->getGID(),

  126. 				'displayname' => $group->getDisplayName(),

  127. 				'usercount' => $group->count(),

  128. 				'disabled' => $group->countDisabled(),

  129. 				'canAdd' => $group->canAddUser(),

  130. 				'canRemove' => $group->canRemoveUser(),

  131. 			];

  132. 		}, $groups);

  133. 

  134. 		return new DataResponse(['groups' => $groups]);

  135. 	}

  136. 

  137. 	/**

  138. 	 * @NoAdminRequired

  139. 	 *

  140. 	 * Get a list of users in the specified group

  141. 	 *

  142. 	 * @param string $groupId ID of the group

  143. 	 * @return DataResponse<Http::STATUS_OK, array{users: string[]}, array{}>

  144. 	 * @throws OCSException

  145. 	 *

  146. 	 * @deprecated 14 Use getGroupUsers

  147. 	 *

  148. 	 * 200: Group users returned

  149. 	 */

  150. 	public function getGroup(string $groupId): DataResponse {

  151. 		return $this->getGroupUsers($groupId);

  152. 	}

  153. 

  154. 	/**

  155. 	 * @NoAdminRequired

  156. 	 *

  157. 	 * Get a list of users in the specified group

  158. 	 *

  159. 	 * @param string $groupId ID of the group

  160. 	 * @return DataResponse<Http::STATUS_OK, array{users: string[]}, array{}>

  161. 	 * @throws OCSException

  162. 	 * @throws OCSNotFoundException Group not found

  163. 	 * @throws OCSForbiddenException Missing permissions to get users in the group

  164. 	 *

  165. 	 * 200: User IDs returned

  166. 	 */

  167. 	public function getGroupUsers(string $groupId): DataResponse {

  168. 		$groupId = urldecode($groupId);

  169. 

  170. 		$user = $this->userSession->getUser();

  171. 		$isSubadminOfGroup = false;

  172. 

  173. 		// Check the group exists

  174. 		$group = $this->groupManager->get($groupId);

  175. 		if ($group !== null) {

  176. 			$isSubadminOfGroup = $this->groupManager->getSubAdmin()->isSubAdminOfGroup($user, $group);

  177. 		} else {

  178. 			throw new OCSNotFoundException('The requested group could not be found');

  179. 		}

  180. 

  181. 		// Check subadmin has access to this group

  182. 		if ($this->groupManager->isAdmin($user->getUID())

  183. 		   || $isSubadminOfGroup) {

  184. 			$users = $this->groupManager->get($groupId)->getUsers();

  185. 			$users = array_map(function ($user) {

  186. 				/** @var IUser $user */

  187. 				return $user->getUID();

  188. 			}, $users);

  189. 			/** @var string[] $users */

  190. 			$users = array_values($users);

  191. 			return new DataResponse(['users' => $users]);

  192. 		}

  193. 

  194. 		throw new OCSForbiddenException();

  195. 	}

  196. 

  197. 	/**

  198. 	 * @NoAdminRequired

  199. 	 *

  200. 	 * Get a list of users details in the specified group

  201. 	 *

  202. 	 * @param string $groupId ID of the group

  203. 	 * @param string $search Text to search for

  204. 	 * @param int|null $limit Limit the amount of groups returned

  205. 	 * @param int $offset Offset for searching for groups

  206. 	 *

  207. 	 * @return DataResponse<Http::STATUS_OK, array{users: array<string, ProvisioningApiUserDetails|array{id: string}>}, array{}>

  208. 	 * @throws OCSException

  209. 	 *

  210. 	 * 200: Group users details returned

  211. 	 */

  212. 	public function getGroupUsersDetails(string $groupId, string $search = '', int $limit = null, int $offset = 0): DataResponse {

  213. 		$groupId = urldecode($groupId);

  214. 		$currentUser = $this->userSession->getUser();

  215. 

  216. 		// Check the group exists

  217. 		$group = $this->groupManager->get($groupId);

  218. 		if ($group !== null) {

  219. 			$isSubadminOfGroup = $this->groupManager->getSubAdmin()->isSubAdminOfGroup($currentUser, $group);

  220. 		} else {

  221. 			throw new OCSException('The requested group could not be found', OCSController::RESPOND_NOT_FOUND);

  222. 		}

  223. 

  224. 		// Check subadmin has access to this group

  225. 		if ($this->groupManager->isAdmin($currentUser->getUID()) || $isSubadminOfGroup) {

  226. 			$users = $group->searchUsers($search, $limit, $offset);

  227. 

  228. 			// Extract required number

  229. 			$usersDetails = [];

  230. 			foreach ($users as $user) {

  231. 				try {

  232. 					/** @var IUser $user */

  233. 					$userId = (string)$user->getUID();

  234. 					$userData = $this->getUserData($userId);

  235. 					// Do not insert empty entry

  236. 					if ($userData !== null) {

  237. 						$usersDetails[$userId] = $userData;

  238. 					} else {

  239. 						// Logged user does not have permissions to see this user

  240. 						// only showing its id

  241. 						$usersDetails[$userId] = ['id' => $userId];

  242. 					}

  243. 				} catch (OCSNotFoundException $e) {

  244. 					// continue if a users ceased to exist.

  245. 				}

  246. 			}

  247. 			return new DataResponse(['users' => $usersDetails]);

  248. 		}

  249. 

  250. 		throw new OCSException('The requested group could not be found', OCSController::RESPOND_NOT_FOUND);

  251. 	}

  252. 

  253. 	/**

  254. 	 * @PasswordConfirmationRequired

  255. 	 *

  256. 	 * Create a new group

  257. 	 *

  258. 	 * @param string $groupid ID of the group

  259. 	 * @param string $displayname Display name of the group

  260. 	 * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>

  261. 	 * @throws OCSException

  262. 	 *

  263. 	 * 200: Group created successfully

  264. 	 */

  265. 	public function addGroup(string $groupid, string $displayname = ''): DataResponse {

  266. 		// Validate name

  267. 		if (empty($groupid)) {

  268. 			$this->logger->error('Group name not supplied', ['app' => 'provisioning_api']);

  269. 			throw new OCSException('Invalid group name', 101);

  270. 		}

  271. 		// Check if it exists

  272. 		if ($this->groupManager->groupExists($groupid)) {

  273. 			throw new OCSException('group exists', 102);

  274. 		}

  275. 		$group = $this->groupManager->createGroup($groupid);

  276. 		if ($group === null) {

  277. 			throw new OCSException('Not supported by backend', 103);

  278. 		}

  279. 		if ($displayname !== '') {

  280. 			$group->setDisplayName($displayname);

  281. 		}

  282. 		return new DataResponse();

  283. 	}

  284. 

  285. 	/**

  286. 	 * @PasswordConfirmationRequired

  287. 	 *

  288. 	 * Update a group

  289. 	 *

  290. 	 * @param string $groupId ID of the group

  291. 	 * @param string $key Key to update, only 'displayname'

  292. 	 * @param string $value New value for the key

  293. 	 * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>

  294. 	 * @throws OCSException

  295. 	 *

  296. 	 * 200: Group updated successfully

  297. 	 */

  298. 	public function updateGroup(string $groupId, string $key, string $value): DataResponse {

  299. 		$groupId = urldecode($groupId);

  300. 

  301. 		if ($key === 'displayname') {

  302. 			$group = $this->groupManager->get($groupId);

  303. 			if ($group === null) {

  304. 				throw new OCSException('Group does not exist', OCSController::RESPOND_NOT_FOUND);

  305. 			}

  306. 			if ($group->setDisplayName($value)) {

  307. 				return new DataResponse();

  308. 			}

  309. 

  310. 			throw new OCSException('Not supported by backend', 101);

  311. 		} else {

  312. 			throw new OCSException('', OCSController::RESPOND_UNKNOWN_ERROR);

  313. 		}

  314. 	}

  315. 

  316. 	/**

  317. 	 * @PasswordConfirmationRequired

  318. 	 *

  319. 	 * Delete a group

  320. 	 *

  321. 	 * @param string $groupId ID of the group

  322. 	 * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>

  323. 	 * @throws OCSException

  324. 	 *

  325. 	 * 200: Group deleted successfully

  326. 	 */

  327. 	public function deleteGroup(string $groupId): DataResponse {

  328. 		$groupId = urldecode($groupId);

  329. 

  330. 		// Check it exists

  331. 		if (!$this->groupManager->groupExists($groupId)) {

  332. 			throw new OCSException('', 101);

  333. 		} elseif ($groupId === 'admin' || !$this->groupManager->get($groupId)->delete()) {

  334. 			// Cannot delete admin group

  335. 			throw new OCSException('', 102);

  336. 		}

  337. 

  338. 		return new DataResponse();

  339. 	}

  340. 

  341. 	/**

  342. 	 * Get the list of user IDs that are a subadmin of the group

  343. 	 *

  344. 	 * @param string $groupId ID of the group

  345. 	 * @return DataResponse<Http::STATUS_OK, string[], array{}>

  346. 	 * @throws OCSException

  347. 	 *

  348. 	 * 200: Sub admins returned

  349. 	 */

  350. 	public function getSubAdminsOfGroup(string $groupId): DataResponse {

  351. 		// Check group exists

  352. 		$targetGroup = $this->groupManager->get($groupId);

  353. 		if ($targetGroup === null) {

  354. 			throw new OCSException('Group does not exist', 101);

  355. 		}

  356. 

  357. 		/** @var IUser[] $subadmins */

  358. 		$subadmins = $this->groupManager->getSubAdmin()->getGroupsSubAdmins($targetGroup);

  359. 		// New class returns IUser[] so convert back

  360. 		/** @var string[] $uids */

  361. 		$uids = [];

  362. 		foreach ($subadmins as $user) {

  363. 			$uids[] = $user->getUID();

  364. 		}

  365. 

  366. 		return new DataResponse($uids);

  367. 	}

  368. }