mirrors
/
nextcloud
mirror of https://github.com/nextcloud/server.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 984 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
56652 Commits
379 Branches
Tree: d89a75be0b
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'd89a75be0b'
${ noResults }
nextcloud/apps/dav/lib/SystemTag/SystemTagPlugin.php

SystemTagPlugin.php 9.4KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326 
  1. <?php

  2. /**

  3.  * @copyright Copyright (c) 2016, ownCloud, Inc.

  4.  *

  5.  * @author Christoph Wurst <christoph@winzerhof-wurst.at>

  6.  * @author Lukas Reschke <lukas@statuscode.ch>

  7.  * @author Roeland Jago Douma <roeland@famdouma.nl>

  8.  * @author Thomas Müller <thomas.mueller@tmit.eu>

  9.  * @author Vincent Petry <vincent@nextcloud.com>

  10.  *

  11.  * @license AGPL-3.0

  12.  *

  13.  * This code is free software: you can redistribute it and/or modify

  14.  * it under the terms of the GNU Affero General Public License, version 3,

  15.  * as published by the Free Software Foundation.

  16.  *

  17.  * This program is distributed in the hope that it will be useful,

  18.  * but WITHOUT ANY WARRANTY; without even the implied warranty of

  19.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

  20.  * GNU Affero General Public License for more details.

  21.  *

  22.  * You should have received a copy of the GNU Affero General Public License, version 3,

  23.  * along with this program. If not, see <http://www.gnu.org/licenses/>

  24.  *

  25.  */

  26. 

  27. namespace OCA\DAV\SystemTag;

  28. 

  29. use OCP\IGroupManager;

  30. use OCP\IUserSession;

  31. use OCP\SystemTag\ISystemTag;

  32. use OCP\SystemTag\ISystemTagManager;

  33. use OCP\SystemTag\TagAlreadyExistsException;

  34. use Sabre\DAV\Exception\BadRequest;

  35. use Sabre\DAV\Exception\Conflict;

  36. use Sabre\DAV\Exception\Forbidden;

  37. use Sabre\DAV\Exception\UnsupportedMediaType;

  38. use Sabre\DAV\PropFind;

  39. use Sabre\DAV\PropPatch;

  40. use Sabre\HTTP\RequestInterface;

  41. use Sabre\HTTP\ResponseInterface;

  42. 

  43. /**

  44.  * Sabre plugin to handle system tags:

  45.  *

  46.  * - makes it possible to create new tags with POST operation

  47.  * - get/set Webdav properties for tags

  48.  *

  49.  */

  50. class SystemTagPlugin extends \Sabre\DAV\ServerPlugin {

  51. 

  52. 	// namespace

  53. 	public const NS_OWNCLOUD = 'http://owncloud.org/ns';

  54. 	public const ID_PROPERTYNAME = '{http://owncloud.org/ns}id';

  55. 	public const DISPLAYNAME_PROPERTYNAME = '{http://owncloud.org/ns}display-name';

  56. 	public const USERVISIBLE_PROPERTYNAME = '{http://owncloud.org/ns}user-visible';

  57. 	public const USERASSIGNABLE_PROPERTYNAME = '{http://owncloud.org/ns}user-assignable';

  58. 	public const GROUPS_PROPERTYNAME = '{http://owncloud.org/ns}groups';

  59. 	public const CANASSIGN_PROPERTYNAME = '{http://owncloud.org/ns}can-assign';

  60. 

  61. 	/**

  62. 	 * @var \Sabre\DAV\Server $server

  63. 	 */

  64. 	private $server;

  65. 

  66. 	/**

  67. 	 * @var ISystemTagManager

  68. 	 */

  69. 	protected $tagManager;

  70. 

  71. 	/**

  72. 	 * @var IUserSession

  73. 	 */

  74. 	protected $userSession;

  75. 

  76. 	/**

  77. 	 * @var IGroupManager

  78. 	 */

  79. 	protected $groupManager;

  80. 

  81. 	/**

  82. 	 * @param ISystemTagManager $tagManager tag manager

  83. 	 * @param IGroupManager $groupManager

  84. 	 * @param IUserSession $userSession

  85. 	 */

  86. 	public function __construct(ISystemTagManager $tagManager,

  87. 								IGroupManager $groupManager,

  88. 								IUserSession $userSession) {

  89. 		$this->tagManager = $tagManager;

  90. 		$this->userSession = $userSession;

  91. 		$this->groupManager = $groupManager;

  92. 	}

  93. 

  94. 	/**

  95. 	 * This initializes the plugin.

  96. 	 *

  97. 	 * This function is called by \Sabre\DAV\Server, after

  98. 	 * addPlugin is called.

  99. 	 *

  100. 	 * This method should set up the required event subscriptions.

  101. 	 *

  102. 	 * @param \Sabre\DAV\Server $server

  103. 	 * @return void

  104. 	 */

  105. 	public function initialize(\Sabre\DAV\Server $server) {

  106. 		$server->xml->namespaceMap[self::NS_OWNCLOUD] = 'oc';

  107. 

  108. 		$server->protectedProperties[] = self::ID_PROPERTYNAME;

  109. 

  110. 		$server->on('propFind', [$this, 'handleGetProperties']);

  111. 		$server->on('propPatch', [$this, 'handleUpdateProperties']);

  112. 		$server->on('method:POST', [$this, 'httpPost']);

  113. 

  114. 		$this->server = $server;

  115. 	}

  116. 

  117. 	/**

  118. 	 * POST operation on system tag collections

  119. 	 *

  120. 	 * @param RequestInterface $request request object

  121. 	 * @param ResponseInterface $response response object

  122. 	 * @return null|false

  123. 	 */

  124. 	public function httpPost(RequestInterface $request, ResponseInterface $response) {

  125. 		$path = $request->getPath();

  126. 

  127. 		// Making sure the node exists

  128. 		$node = $this->server->tree->getNodeForPath($path);

  129. 		if ($node instanceof SystemTagsByIdCollection || $node instanceof SystemTagsObjectMappingCollection) {

  130. 			$data = $request->getBodyAsString();

  131. 

  132. 			$tag = $this->createTag($data, $request->getHeader('Content-Type'));

  133. 

  134. 			if ($node instanceof SystemTagsObjectMappingCollection) {

  135. 				// also add to collection

  136. 				$node->createFile($tag->getId());

  137. 				$url = $request->getBaseUrl() . 'systemtags/';

  138. 			} else {

  139. 				$url = $request->getUrl();

  140. 			}

  141. 

  142. 			if ($url[strlen($url) - 1] !== '/') {

  143. 				$url .= '/';

  144. 			}

  145. 

  146. 			$response->setHeader('Content-Location', $url . $tag->getId());

  147. 

  148. 			// created

  149. 			$response->setStatus(201);

  150. 			return false;

  151. 		}

  152. 	}

  153. 

  154. 	/**

  155. 	 * Creates a new tag

  156. 	 *

  157. 	 * @param string $data JSON encoded string containing the properties of the tag to create

  158. 	 * @param string $contentType content type of the data

  159. 	 * @return ISystemTag newly created system tag

  160. 	 *

  161. 	 * @throws BadRequest if a field was missing

  162. 	 * @throws Conflict if a tag with the same properties already exists

  163. 	 * @throws UnsupportedMediaType if the content type is not supported

  164. 	 */

  165. 	private function createTag($data, $contentType = 'application/json') {

  166. 		if (explode(';', $contentType)[0] === 'application/json') {

  167. 			$data = json_decode($data, true);

  168. 		} else {

  169. 			throw new UnsupportedMediaType();

  170. 		}

  171. 

  172. 		if (!isset($data['name'])) {

  173. 			throw new BadRequest('Missing "name" attribute');

  174. 		}

  175. 

  176. 		$tagName = $data['name'];

  177. 		$userVisible = true;

  178. 		$userAssignable = true;

  179. 

  180. 		if (isset($data['userVisible'])) {

  181. 			$userVisible = (bool)$data['userVisible'];

  182. 		}

  183. 

  184. 		if (isset($data['userAssignable'])) {

  185. 			$userAssignable = (bool)$data['userAssignable'];

  186. 		}

  187. 

  188. 		$groups = [];

  189. 		if (isset($data['groups'])) {

  190. 			$groups = $data['groups'];

  191. 			if (is_string($groups)) {

  192. 				$groups = explode('|', $groups);

  193. 			}

  194. 		}

  195. 

  196. 		if ($userVisible === false || $userAssignable === false || !empty($groups)) {

  197. 			if (!$this->userSession->isLoggedIn() || !$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {

  198. 				throw new BadRequest('Not sufficient permissions');

  199. 			}

  200. 		}

  201. 

  202. 		try {

  203. 			$tag = $this->tagManager->createTag($tagName, $userVisible, $userAssignable);

  204. 			if (!empty($groups)) {

  205. 				$this->tagManager->setTagGroups($tag, $groups);

  206. 			}

  207. 			return $tag;

  208. 		} catch (TagAlreadyExistsException $e) {

  209. 			throw new Conflict('Tag already exists', 0, $e);

  210. 		}

  211. 	}

  212. 

  213. 

  214. 	/**

  215. 	 * Retrieves system tag properties

  216. 	 *

  217. 	 * @param PropFind $propFind

  218. 	 * @param \Sabre\DAV\INode $node

  219. 	 */

  220. 	public function handleGetProperties(

  221. 		PropFind $propFind,

  222. 		\Sabre\DAV\INode $node

  223. 	) {

  224. 		if (!($node instanceof SystemTagNode) && !($node instanceof SystemTagMappingNode)) {

  225. 			return;

  226. 		}

  227. 

  228. 		$propFind->handle(self::ID_PROPERTYNAME, function () use ($node) {

  229. 			return $node->getSystemTag()->getId();

  230. 		});

  231. 

  232. 		$propFind->handle(self::DISPLAYNAME_PROPERTYNAME, function () use ($node) {

  233. 			return $node->getSystemTag()->getName();

  234. 		});

  235. 

  236. 		$propFind->handle(self::USERVISIBLE_PROPERTYNAME, function () use ($node) {

  237. 			return $node->getSystemTag()->isUserVisible() ? 'true' : 'false';

  238. 		});

  239. 

  240. 		$propFind->handle(self::USERASSIGNABLE_PROPERTYNAME, function () use ($node) {

  241. 			// this is the tag's inherent property "is user assignable"

  242. 			return $node->getSystemTag()->isUserAssignable() ? 'true' : 'false';

  243. 		});

  244. 

  245. 		$propFind->handle(self::CANASSIGN_PROPERTYNAME, function () use ($node) {

  246. 			// this is the effective permission for the current user

  247. 			return $this->tagManager->canUserAssignTag($node->getSystemTag(), $this->userSession->getUser()) ? 'true' : 'false';

  248. 		});

  249. 

  250. 		$propFind->handle(self::GROUPS_PROPERTYNAME, function () use ($node) {

  251. 			if (!$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {

  252. 				// property only available for admins

  253. 				throw new Forbidden();

  254. 			}

  255. 			$groups = [];

  256. 			// no need to retrieve groups for namespaces that don't qualify

  257. 			if ($node->getSystemTag()->isUserVisible() && !$node->getSystemTag()->isUserAssignable()) {

  258. 				$groups = $this->tagManager->getTagGroups($node->getSystemTag());

  259. 			}

  260. 			return implode('|', $groups);

  261. 		});

  262. 	}

  263. 

  264. 	/**

  265. 	 * Updates tag attributes

  266. 	 *

  267. 	 * @param string $path

  268. 	 * @param PropPatch $propPatch

  269. 	 *

  270. 	 * @return void

  271. 	 */

  272. 	public function handleUpdateProperties($path, PropPatch $propPatch) {

  273. 		$node = $this->server->tree->getNodeForPath($path);

  274. 		if (!($node instanceof SystemTagNode)) {

  275. 			return;

  276. 		}

  277. 

  278. 		$propPatch->handle([

  279. 			self::DISPLAYNAME_PROPERTYNAME,

  280. 			self::USERVISIBLE_PROPERTYNAME,

  281. 			self::USERASSIGNABLE_PROPERTYNAME,

  282. 			self::GROUPS_PROPERTYNAME,

  283. 		], function ($props) use ($node) {

  284. 			$tag = $node->getSystemTag();

  285. 			$name = $tag->getName();

  286. 			$userVisible = $tag->isUserVisible();

  287. 			$userAssignable = $tag->isUserAssignable();

  288. 

  289. 			$updateTag = false;

  290. 

  291. 			if (isset($props[self::DISPLAYNAME_PROPERTYNAME])) {

  292. 				$name = $props[self::DISPLAYNAME_PROPERTYNAME];

  293. 				$updateTag = true;

  294. 			}

  295. 

  296. 			if (isset($props[self::USERVISIBLE_PROPERTYNAME])) {

  297. 				$propValue = $props[self::USERVISIBLE_PROPERTYNAME];

  298. 				$userVisible = ($propValue !== 'false' && $propValue !== '0');

  299. 				$updateTag = true;

  300. 			}

  301. 

  302. 			if (isset($props[self::USERASSIGNABLE_PROPERTYNAME])) {

  303. 				$propValue = $props[self::USERASSIGNABLE_PROPERTYNAME];

  304. 				$userAssignable = ($propValue !== 'false' && $propValue !== '0');

  305. 				$updateTag = true;

  306. 			}

  307. 

  308. 			if (isset($props[self::GROUPS_PROPERTYNAME])) {

  309. 				if (!$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {

  310. 					// property only available for admins

  311. 					throw new Forbidden();

  312. 				}

  313. 

  314. 				$propValue = $props[self::GROUPS_PROPERTYNAME];

  315. 				$groupIds = explode('|', $propValue);

  316. 				$this->tagManager->setTagGroups($tag, $groupIds);

  317. 			}

  318. 

  319. 			if ($updateTag) {

  320. 				$node->update($name, $userVisible, $userAssignable);

  321. 			}

  322. 

  323. 			return true;

  324. 		});

  325. 	}

  326. }