mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 994 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
59607 Commits
365 Branches
Tree: d4f97affc1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd4f97affc1'
${ noResults }
nextcloud/lib/private/SubAdmin.php

SubAdmin.php 8.2KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>

  6.  * @author Bart Visscher <bartv@thisnet.nl>

  7.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  8.  * @author Georg Ehrke <oc.list@georgehrke.com>

  9.  * @author Joas Schilling <coding@schilljs.com>

  10.  * @author John Molakvoæ <skjnldsv@protonmail.com>

  11.  * @author Lukas Reschke <lukas@statuscode.ch>

  12.  * @author Mikael Hammarin <mikael@try2.se>

  13.  * @author Morris Jobke <hey@morrisjobke.de>

  14.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  15.  *

  16.  * @license AGPL-3.0

  17.  *

  18.  * This code is free software: you can redistribute it and/or modify

  19.  * it under the terms of the GNU Affero General Public License, version 3,

  20.  * as published by the Free Software Foundation.

  21.  *

  22.  * This program is distributed in the hope that it will be useful,

  23.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  24.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  25.  * GNU Affero General Public License for more details.

  26.  *

  27.  * You should have received a copy of the GNU Affero General Public License, version 3,

  28.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  29.  *

  30.  */

  31. namespace OC;

  32. 

  33. use OC\Hooks\PublicEmitter;

  34. use OCP\EventDispatcher\IEventDispatcher;

  35. use OCP\Group\Events\SubAdminAddedEvent;

  36. use OCP\Group\Events\SubAdminRemovedEvent;

  37. use OCP\Group\ISubAdmin;

  38. use OCP\IDBConnection;

  39. use OCP\IGroup;

  40. use OCP\IGroupManager;

  41. use OCP\IUser;

  42. use OCP\IUserManager;

  43. 

  44. class SubAdmin extends PublicEmitter implements ISubAdmin {

  45. 

  46. 	/** @var IUserManager */

  47. 	private $userManager;

  48. 

  49. 	/** @var IGroupManager */

  50. 	private $groupManager;

  51. 

  52. 	/** @var IDBConnection */

  53. 	private $dbConn;

  54. 

  55. 	/** @var IEventDispatcher */

  56. 	private $eventDispatcher;

  57. 

  58. 	/**

  59. 	 * @param IUserManager $userManager

  60. 	 * @param IGroupManager $groupManager

  61. 	 * @param IDBConnection $dbConn

  62. 	 */

  63. 	public function __construct(IUserManager $userManager,

  64. 								IGroupManager $groupManager,

  65. 								IDBConnection $dbConn,

  66. 								IEventDispatcher $eventDispatcher) {

  67. 		$this->userManager = $userManager;

  68. 		$this->groupManager = $groupManager;

  69. 		$this->dbConn = $dbConn;

  70. 		$this->eventDispatcher = $eventDispatcher;

  71. 

  72. 		$this->userManager->listen('\OC\User', 'postDelete', function ($user) {

  73. 			$this->post_deleteUser($user);

  74. 		});

  75. 		$this->groupManager->listen('\OC\Group', 'postDelete', function ($group) {

  76. 			$this->post_deleteGroup($group);

  77. 		});

  78. 	}

  79. 

  80. 	/**

  81. 	 * add a SubAdmin

  82. 	 * @param IUser $user user to be SubAdmin

  83. 	 * @param IGroup $group group $user becomes subadmin of

  84. 	 */

  85. 	public function createSubAdmin(IUser $user, IGroup $group): void {

  86. 		$qb = $this->dbConn->getQueryBuilder();

  87. 

  88. 		$qb->insert('group_admin')

  89. 			->values([

  90. 				'gid' => $qb->createNamedParameter($group->getGID()),

  91. 				'uid' => $qb->createNamedParameter($user->getUID())

  92. 			])

  93. 			->execute();

  94. 

  95. 		/** @deprecated 21.0.0 - use type SubAdminAddedEvent instead  */

  96. 		$this->emit('\OC\SubAdmin', 'postCreateSubAdmin', [$user, $group]);

  97. 		$event = new SubAdminAddedEvent($group, $user);

  98. 		$this->eventDispatcher->dispatchTyped($event);

  99. 	}

  100. 

  101. 	/**

  102. 	 * delete a SubAdmin

  103. 	 * @param IUser $user the user that is the SubAdmin

  104. 	 * @param IGroup $group the group

  105. 	 */

  106. 	public function deleteSubAdmin(IUser $user, IGroup $group): void {

  107. 		$qb = $this->dbConn->getQueryBuilder();

  108. 

  109. 		$qb->delete('group_admin')

  110. 			->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))

  111. 			->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))

  112. 			->execute();

  113. 

  114. 		/** @deprecated 21.0.0 - use type SubAdminRemovedEvent instead  */

  115. 		$this->emit('\OC\SubAdmin', 'postDeleteSubAdmin', [$user, $group]);

  116. 		$event = new SubAdminRemovedEvent($group, $user);

  117. 		$this->eventDispatcher->dispatchTyped($event);

  118. 	}

  119. 

  120. 	/**

  121. 	 * get groups of a SubAdmin

  122. 	 * @param IUser $user the SubAdmin

  123. 	 * @return IGroup[]

  124. 	 */

  125. 	public function getSubAdminsGroups(IUser $user): array {

  126. 		$groupIds = $this->getSubAdminsGroupIds($user);

  127. 

  128. 		$groups = [];

  129. 		foreach ($groupIds as $groupId) {

  130. 			$group = $this->groupManager->get($groupId);

  131. 			if ($group !== null) {

  132. 				$groups[$group->getGID()] = $group;

  133. 			}

  134. 		}

  135. 

  136. 		return $groups;

  137. 	}

  138. 

  139. 	/**

  140. 	 * Get group ids of a SubAdmin

  141. 	 * @param IUser $user the SubAdmin

  142. 	 * @return string[]

  143. 	 */

  144. 	public function getSubAdminsGroupIds(IUser $user): array {

  145. 		$qb = $this->dbConn->getQueryBuilder();

  146. 

  147. 		$result = $qb->select('gid')

  148. 			->from('group_admin')

  149. 			->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))

  150. 			->execute();

  151. 

  152. 		$groups = [];

  153. 		while ($row = $result->fetch()) {

  154. 			$groups[] = $row['gid'];

  155. 		}

  156. 		$result->closeCursor();

  157. 

  158. 		return $groups;

  159. 	}

  160. 

  161. 	/**

  162. 	 * get an array of groupid and displayName for a user

  163. 	 * @param IUser $user

  164. 	 * @return array ['displayName' => displayname]

  165. 	 */

  166. 	public function getSubAdminsGroupsName(IUser $user): array {

  167. 		return array_map(function ($group) {

  168. 			return ['displayName' => $group->getDisplayName()];

  169. 		}, $this->getSubAdminsGroups($user));

  170. 	}

  171. 

  172. 	/**

  173. 	 * get SubAdmins of a group

  174. 	 * @param IGroup $group the group

  175. 	 * @return IUser[]

  176. 	 */

  177. 	public function getGroupsSubAdmins(IGroup $group): array {

  178. 		$qb = $this->dbConn->getQueryBuilder();

  179. 

  180. 		$result = $qb->select('uid')

  181. 			->from('group_admin')

  182. 			->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))

  183. 			->execute();

  184. 

  185. 		$users = [];

  186. 		while ($row = $result->fetch()) {

  187. 			$user = $this->userManager->get($row['uid']);

  188. 			if (!is_null($user)) {

  189. 				$users[] = $user;

  190. 			}

  191. 		}

  192. 		$result->closeCursor();

  193. 

  194. 		return $users;

  195. 	}

  196. 

  197. 	/**

  198. 	 * get all SubAdmins

  199. 	 * @return array

  200. 	 */

  201. 	public function getAllSubAdmins(): array {

  202. 		$qb = $this->dbConn->getQueryBuilder();

  203. 

  204. 		$result = $qb->select('*')

  205. 			->from('group_admin')

  206. 			->execute();

  207. 

  208. 		$subadmins = [];

  209. 		while ($row = $result->fetch()) {

  210. 			$user = $this->userManager->get($row['uid']);

  211. 			$group = $this->groupManager->get($row['gid']);

  212. 			if (!is_null($user) && !is_null($group)) {

  213. 				$subadmins[] = [

  214. 					'user' => $user,

  215. 					'group' => $group

  216. 				];

  217. 			}

  218. 		}

  219. 		$result->closeCursor();

  220. 

  221. 		return $subadmins;

  222. 	}

  223. 

  224. 	/**

  225. 	 * checks if a user is a SubAdmin of a group

  226. 	 * @param IUser $user

  227. 	 * @param IGroup $group

  228. 	 * @return bool

  229. 	 */

  230. 	public function isSubAdminOfGroup(IUser $user, IGroup $group): bool {

  231. 		$qb = $this->dbConn->getQueryBuilder();

  232. 

  233. 		/*

  234. 		 * Primary key is ('gid', 'uid') so max 1 result possible here

  235. 		 */

  236. 		$result = $qb->select('*')

  237. 			->from('group_admin')

  238. 			->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))

  239. 			->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))

  240. 			->execute();

  241. 

  242. 		$fetch = $result->fetch();

  243. 		$result->closeCursor();

  244. 		$result = !empty($fetch) ? true : false;

  245. 

  246. 		return $result;

  247. 	}

  248. 

  249. 	/**

  250. 	 * checks if a user is a SubAdmin

  251. 	 * @param IUser $user

  252. 	 * @return bool

  253. 	 */

  254. 	public function isSubAdmin(IUser $user): bool {

  255. 		// Check if the user is already an admin

  256. 		if ($this->groupManager->isAdmin($user->getUID())) {

  257. 			return true;

  258. 		}

  259. 

  260. 		$qb = $this->dbConn->getQueryBuilder();

  261. 

  262. 		$result = $qb->select('gid')

  263. 			->from('group_admin')

  264. 			->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))

  265. 			->setMaxResults(1)

  266. 			->execute();

  267. 

  268. 		$isSubAdmin = $result->fetch();

  269. 		$result->closeCursor();

  270. 

  271. 		return $isSubAdmin !== false;

  272. 	}

  273. 

  274. 	/**

  275. 	 * checks if a user is a accessible by a subadmin

  276. 	 * @param IUser $subadmin

  277. 	 * @param IUser $user

  278. 	 * @return bool

  279. 	 */

  280. 	public function isUserAccessible(IUser $subadmin, IUser $user): bool {

  281. 		if (!$this->isSubAdmin($subadmin)) {

  282. 			return false;

  283. 		}

  284. 		if ($this->groupManager->isAdmin($user->getUID())) {

  285. 			return false;

  286. 		}

  287. 

  288. 		$accessibleGroups = $this->getSubAdminsGroupIds($subadmin);

  289. 		$userGroups = $this->groupManager->getUserGroupIds($user);

  290. 

  291. 		return !empty(array_intersect($accessibleGroups, $userGroups));

  292. 	}

  293. 

  294. 	/**

  295. 	 * delete all SubAdmins by $user

  296. 	 * @param IUser $user

  297. 	 */

  298. 	private function post_deleteUser(IUser $user) {

  299. 		$qb = $this->dbConn->getQueryBuilder();

  300. 

  301. 		$qb->delete('group_admin')

  302. 			->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))

  303. 			->execute();

  304. 	}

  305. 

  306. 	/**

  307. 	 * delete all SubAdmins by $group

  308. 	 * @param IGroup $group

  309. 	 */

  310. 	private function post_deleteGroup(IGroup $group) {

  311. 		$qb = $this->dbConn->getQueryBuilder();

  312. 

  313. 		$qb->delete('group_admin')

  314. 			->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))

  315. 			->execute();

  316. 	}

  317. }