mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 1000 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
74093 Commits
378 Branches
Tree: cb27fbc3bb
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cb27fbc3bb'
${ noResults }
nextcloud/apps/user_ldap/lib/Group_Proxy.php

Group_Proxy.php 11KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  6.  * @author Christopher Schäpers <kondou@ts.unde.re>

  7.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  8.  * @author Joas Schilling <coding@schilljs.com>

  9.  * @author Johannes Leuker <j.leuker@hosting.de>

  10.  * @author Morris Jobke <hey@morrisjobke.de>

  11.  * @author Robin McCorkell <robin@mccorkell.me.uk>

  12.  * @author Vinicius Cubas Brand <vinicius@eita.org.br>

  13.  *

  14.  * @license AGPL-3.0

  15.  *

  16.  * This code is free software: you can redistribute it and/or modify

  17.  * it under the terms of the GNU Affero General Public License, version 3,

  18.  * as published by the Free Software Foundation.

  19.  *

  20.  * This program is distributed in the hope that it will be useful,

  21.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  22.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  23.  * GNU Affero General Public License for more details.

  24.  *

  25.  * You should have received a copy of the GNU Affero General Public License, version 3,

  26.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  27.  *

  28.  */

  29. namespace OCA\User_LDAP;

  30. 

  31. use OC\ServerNotAvailableException;

  32. use OCP\Group\Backend\IBatchMethodsBackend;

  33. use OCP\Group\Backend\IDeleteGroupBackend;

  34. use OCP\Group\Backend\IGetDisplayNameBackend;

  35. use OCP\Group\Backend\IGroupDetailsBackend;

  36. use OCP\Group\Backend\IIsAdminBackend;

  37. use OCP\Group\Backend\INamedBackend;

  38. use OCP\GroupInterface;

  39. use OCP\IConfig;

  40. use OCP\IUserManager;

  41. 

  42. class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend, INamedBackend, IDeleteGroupBackend, IBatchMethodsBackend, IIsAdminBackend {

  43. 	private $backends = [];

  44. 	private ?Group_LDAP $refBackend = null;

  45. 	private Helper $helper;

  46. 	private GroupPluginManager $groupPluginManager;

  47. 	private bool $isSetUp = false;

  48. 	private IConfig $config;

  49. 	private IUserManager $ncUserManager;

  50. 

  51. 	public function __construct(

  52. 		Helper $helper,

  53. 		ILDAPWrapper $ldap,

  54. 		AccessFactory $accessFactory,

  55. 		GroupPluginManager $groupPluginManager,

  56. 		IConfig $config,

  57. 		IUserManager $ncUserManager,

  58. 	) {

  59. 		parent::__construct($ldap, $accessFactory);

  60. 		$this->helper = $helper;

  61. 		$this->groupPluginManager = $groupPluginManager;

  62. 		$this->config = $config;

  63. 		$this->ncUserManager = $ncUserManager;

  64. 	}

  65. 

  66. 	protected function setup(): void {

  67. 		if ($this->isSetUp) {

  68. 			return;

  69. 		}

  70. 

  71. 		$serverConfigPrefixes = $this->helper->getServerConfigurationPrefixes(true);

  72. 		foreach ($serverConfigPrefixes as $configPrefix) {

  73. 			$this->backends[$configPrefix] =

  74. 				new Group_LDAP($this->getAccess($configPrefix), $this->groupPluginManager, $this->config, $this->ncUserManager);

  75. 			if (is_null($this->refBackend)) {

  76. 				$this->refBackend = $this->backends[$configPrefix];

  77. 			}

  78. 		}

  79. 

  80. 		$this->isSetUp = true;

  81. 	}

  82. 

  83. 	/**

  84. 	 * Tries the backends one after the other until a positive result is returned from the specified method

  85. 	 *

  86. 	 * @param string $id the gid connected to the request

  87. 	 * @param string $method the method of the group backend that shall be called

  88. 	 * @param array $parameters an array of parameters to be passed

  89. 	 * @return mixed the result of the method or false

  90. 	 */

  91. 	protected function walkBackends($id, $method, $parameters) {

  92. 		$this->setup();

  93. 

  94. 		$gid = $id;

  95. 		$cacheKey = $this->getGroupCacheKey($gid);

  96. 		foreach ($this->backends as $configPrefix => $backend) {

  97. 			if ($result = call_user_func_array([$backend, $method], $parameters)) {

  98. 				if (!$this->isSingleBackend()) {

  99. 					$this->writeToCache($cacheKey, $configPrefix);

  100. 				}

  101. 				return $result;

  102. 			}

  103. 		}

  104. 		return false;

  105. 	}

  106. 

  107. 	/**

  108. 	 * Asks the backend connected to the server that supposely takes care of the gid from the request.

  109. 	 *

  110. 	 * @param string $id the gid connected to the request

  111. 	 * @param string $method the method of the group backend that shall be called

  112. 	 * @param array $parameters an array of parameters to be passed

  113. 	 * @param mixed $passOnWhen the result matches this variable

  114. 	 * @return mixed the result of the method or false

  115. 	 */

  116. 	protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen) {

  117. 		$this->setup();

  118. 

  119. 		$gid = $id;

  120. 		$cacheKey = $this->getGroupCacheKey($gid);

  121. 		$prefix = $this->getFromCache($cacheKey);

  122. 		//in case the uid has been found in the past, try this stored connection first

  123. 		if (!is_null($prefix)) {

  124. 			if (isset($this->backends[$prefix])) {

  125. 				$result = call_user_func_array([$this->backends[$prefix], $method], $parameters);

  126. 				if ($result === $passOnWhen) {

  127. 					//not found here, reset cache to null if group vanished

  128. 					//because sometimes methods return false with a reason

  129. 					$groupExists = call_user_func_array(

  130. 						[$this->backends[$prefix], 'groupExists'],

  131. 						[$gid]

  132. 					);

  133. 					if (!$groupExists) {

  134. 						$this->writeToCache($cacheKey, null);

  135. 					}

  136. 				}

  137. 				return $result;

  138. 			}

  139. 		}

  140. 		return false;

  141. 	}

  142. 

  143. 	protected function activeBackends(): int {

  144. 		$this->setup();

  145. 		return count($this->backends);

  146. 	}

  147. 

  148. 	/**

  149. 	 * is user in group?

  150. 	 *

  151. 	 * @param string $uid uid of the user

  152. 	 * @param string $gid gid of the group

  153. 	 * @return bool

  154. 	 *

  155. 	 * Checks whether the user is member of a group or not.

  156. 	 */

  157. 	public function inGroup($uid, $gid) {

  158. 		return $this->handleRequest($gid, 'inGroup', [$uid, $gid]);

  159. 	}

  160. 

  161. 	/**

  162. 	 * Get all groups a user belongs to

  163. 	 *

  164. 	 * @param string $uid Name of the user

  165. 	 * @return string[] with group names

  166. 	 *

  167. 	 * This function fetches all groups a user belongs to. It does not check

  168. 	 * if the user exists at all.

  169. 	 */

  170. 	public function getUserGroups($uid) {

  171. 		$this->setup();

  172. 

  173. 		$groups = [];

  174. 		foreach ($this->backends as $backend) {

  175. 			$backendGroups = $backend->getUserGroups($uid);

  176. 			if (is_array($backendGroups)) {

  177. 				$groups = array_merge($groups, $backendGroups);

  178. 			}

  179. 		}

  180. 

  181. 		return array_values(array_unique($groups));

  182. 	}

  183. 

  184. 	/**

  185. 	 * get a list of all users in a group

  186. 	 *

  187. 	 * @return array<int,string> user ids

  188. 	 */

  189. 	public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {

  190. 		$this->setup();

  191. 

  192. 		$users = [];

  193. 		foreach ($this->backends as $backend) {

  194. 			$backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);

  195. 			if (is_array($backendUsers)) {

  196. 				$users = array_merge($users, $backendUsers);

  197. 			}

  198. 		}

  199. 

  200. 		return $users;

  201. 	}

  202. 

  203. 	/**

  204. 	 * @param string $gid

  205. 	 * @return bool

  206. 	 */

  207. 	public function createGroup($gid) {

  208. 		return $this->handleRequest(

  209. 			$gid, 'createGroup', [$gid]);

  210. 	}

  211. 

  212. 	/**

  213. 	 * delete a group

  214. 	 */

  215. 	public function deleteGroup(string $gid): bool {

  216. 		return $this->handleRequest(

  217. 			$gid, 'deleteGroup', [$gid]);

  218. 	}

  219. 

  220. 	/**

  221. 	 * Add a user to a group

  222. 	 *

  223. 	 * @param string $uid Name of the user to add to group

  224. 	 * @param string $gid Name of the group in which add the user

  225. 	 * @return bool

  226. 	 *

  227. 	 * Adds a user to a group.

  228. 	 */

  229. 	public function addToGroup($uid, $gid) {

  230. 		return $this->handleRequest(

  231. 			$gid, 'addToGroup', [$uid, $gid]);

  232. 	}

  233. 

  234. 	/**

  235. 	 * Removes a user from a group

  236. 	 *

  237. 	 * @param string $uid Name of the user to remove from group

  238. 	 * @param string $gid Name of the group from which remove the user

  239. 	 * @return bool

  240. 	 *

  241. 	 * removes the user from a group.

  242. 	 */

  243. 	public function removeFromGroup($uid, $gid) {

  244. 		return $this->handleRequest(

  245. 			$gid, 'removeFromGroup', [$uid, $gid]);

  246. 	}

  247. 

  248. 	/**

  249. 	 * returns the number of users in a group, who match the search term

  250. 	 *

  251. 	 * @param string $gid the internal group name

  252. 	 * @param string $search optional, a search string

  253. 	 * @return int|bool

  254. 	 */

  255. 	public function countUsersInGroup($gid, $search = '') {

  256. 		return $this->handleRequest(

  257. 			$gid, 'countUsersInGroup', [$gid, $search]);

  258. 	}

  259. 

  260. 	/**

  261. 	 * get an array with group details

  262. 	 *

  263. 	 * @param string $gid

  264. 	 * @return array|false

  265. 	 */

  266. 	public function getGroupDetails($gid) {

  267. 		return $this->handleRequest(

  268. 			$gid, 'getGroupDetails', [$gid]);

  269. 	}

  270. 

  271. 	/**

  272. 	 * {@inheritdoc}

  273. 	 */

  274. 	public function getGroupsDetails(array $gids): array {

  275. 		if (!($this instanceof IGroupDetailsBackend || $this->implementsActions(GroupInterface::GROUP_DETAILS))) {

  276. 			throw new \Exception("Should not have been called");

  277. 		}

  278. 

  279. 		$groupData = [];

  280. 		foreach ($gids as $gid) {

  281. 			$groupData[$gid] = $this->handleRequest($gid, 'getGroupDetails', [$gid]);

  282. 		}

  283. 		return $groupData;

  284. 	}

  285. 

  286. 	/**

  287. 	 * get a list of all groups

  288. 	 *

  289. 	 * @return string[] with group names

  290. 	 *

  291. 	 * Returns a list with all groups

  292. 	 */

  293. 	public function getGroups($search = '', $limit = -1, $offset = 0) {

  294. 		$this->setup();

  295. 

  296. 		$groups = [];

  297. 		foreach ($this->backends as $backend) {

  298. 			$backendGroups = $backend->getGroups($search, $limit, $offset);

  299. 			if (is_array($backendGroups)) {

  300. 				$groups = array_merge($groups, $backendGroups);

  301. 			}

  302. 		}

  303. 

  304. 		return $groups;

  305. 	}

  306. 

  307. 	/**

  308. 	 * check if a group exists

  309. 	 *

  310. 	 * @param string $gid

  311. 	 * @return bool

  312. 	 */

  313. 	public function groupExists($gid) {

  314. 		return $this->handleRequest($gid, 'groupExists', [$gid]);

  315. 	}

  316. 

  317. 	/**

  318. 	 * Check if a group exists

  319. 	 *

  320. 	 * @throws ServerNotAvailableException

  321. 	 */

  322. 	public function groupExistsOnLDAP(string $gid, bool $ignoreCache = false): bool {

  323. 		return $this->handleRequest($gid, 'groupExistsOnLDAP', [$gid, $ignoreCache]);

  324. 	}

  325. 

  326. 	/**

  327. 	 * returns the groupname for the given LDAP DN, if available

  328. 	 */

  329. 	public function dn2GroupName(string $dn): string|false {

  330. 		$id = 'DN,' . $dn;

  331. 		return $this->handleRequest($id, 'dn2GroupName', [$dn]);

  332. 	}

  333. 

  334. 	/**

  335. 	 * {@inheritdoc}

  336. 	 */

  337. 	public function groupsExists(array $gids): array {

  338. 		return array_values(array_filter(

  339. 			$gids,

  340. 			fn (string $gid): bool => $this->handleRequest($gid, 'groupExists', [$gid]),

  341. 		));

  342. 	}

  343. 

  344. 	/**

  345. 	 * Check if backend implements actions

  346. 	 *

  347. 	 * @param int $actions bitwise-or'ed actions

  348. 	 * @return boolean

  349. 	 *

  350. 	 * Returns the supported actions as int to be

  351. 	 * compared with \OCP\GroupInterface::CREATE_GROUP etc.

  352. 	 */

  353. 	public function implementsActions($actions) {

  354. 		$this->setup();

  355. 		//it's the same across all our user backends obviously

  356. 		return $this->refBackend->implementsActions($actions);

  357. 	}

  358. 

  359. 	/**

  360. 	 * Return access for LDAP interaction.

  361. 	 *

  362. 	 * @param string $gid

  363. 	 * @return Access instance of Access for LDAP interaction

  364. 	 */

  365. 	public function getLDAPAccess($gid) {

  366. 		return $this->handleRequest($gid, 'getLDAPAccess', [$gid]);

  367. 	}

  368. 

  369. 	/**

  370. 	 * Return a new LDAP connection for the specified group.

  371. 	 * The connection needs to be closed manually.

  372. 	 *

  373. 	 * @param string $gid

  374. 	 * @return \LDAP\Connection The LDAP connection

  375. 	 */

  376. 	public function getNewLDAPConnection($gid): \LDAP\Connection {

  377. 		return $this->handleRequest($gid, 'getNewLDAPConnection', [$gid]);

  378. 	}

  379. 

  380. 	public function getDisplayName(string $gid): string {

  381. 		return $this->handleRequest($gid, 'getDisplayName', [$gid]);

  382. 	}

  383. 

  384. 	/**

  385. 	 * Backend name to be shown in group management

  386. 	 * @return string the name of the backend to be shown

  387. 	 * @since 22.0.0

  388. 	 */

  389. 	public function getBackendName(): string {

  390. 		return 'LDAP';

  391. 	}

  392. 

  393. 	public function searchInGroup(string $gid, string $search = '', int $limit = -1, int $offset = 0): array {

  394. 		return $this->handleRequest($gid, 'searchInGroup', [$gid, $search, $limit, $offset]);

  395. 	}

  396. 

  397. 	public function addRelationshipToCaches(string $uid, ?string $dnUser, string $gid): void {

  398. 		$this->handleRequest($gid, 'addRelationshipToCaches', [$uid, $dnUser, $gid]);

  399. 	}

  400. 

  401. 	public function isAdmin(string $uid): bool {

  402. 		return $this->handleRequest($uid, 'isAdmin', [$uid]);

  403. 	}

  404. }