added user profile scope setting

Signed-off-by: Marc Hefter <marchefter@march42.net>
Signed-off-by: Marc Hefter <marchefter@gmail.com>

8 files changed, 130 insertions, 18 deletions

diff --git a/apps/user_ldap/js/wizard/wizardTabAdvanced.js b/apps/user_ldap/js/wizard/wizardTabAdvanced.js
index d2c3b6d125d..031f2bf2a9d 100644
--- a/apps/user_ldap/js/wizard/wizardTabAdvanced.js
+++ b/apps/user_ldap/js/wizard/wizardTabAdvanced.js
@@ -159,6 +159,10 @@ OCA = OCA || {};
 					$element: $('#ldap_attr_biography'),
 					setMethod: 'setBiographyAttribute'
 				},
+				ldap_profile_scope: {
+					$element: $('#ldap_profile_scope'),
+					setMethod: 'setProfileScope'
+				},
 			};
 			this.setManagedItems(items);
 		},
@@ -473,6 +477,15 @@ OCA = OCA || {};
 		},
 
 		/**
+		 * sets the visibility scope for the Nextcloud user profile properties
+		 *
+		 * @param {string} scope
+		 */
+		setProfileScope: function(scope) {
+			this.setElementValue(this.managedItems.ldap_profile_scope.$element, scope);
+		},
+
+		/**
 		 * deals with the result of the Test Connection test
 		 *
 		 * @param {WizardTabAdvanced} view
diff --git a/apps/user_ldap/lib/Configuration.php b/apps/user_ldap/lib/Configuration.php
index e29bff4b8c5..2b42dd9992b 100644
--- a/apps/user_ldap/lib/Configuration.php
+++ b/apps/user_ldap/lib/Configuration.php
@@ -132,6 +132,7 @@ class Configuration {
 		'ldapAttributeRole' => null,
 		'ldapAttributeHeadline' => null,
 		'ldapAttributeBiography' => null,
+		'ldapProfileScope' => null,
 	];
 
 	public function __construct(string $configPrefix, bool $autoRead = true) {
@@ -486,6 +487,7 @@ class Configuration {
 			'ldap_attr_role' => '',
 			'ldap_attr_headline' => '',
 			'ldap_attr_biography' => '',
+			'ldap_profile_scope' => '',
 		];
 	}
 
@@ -560,6 +562,7 @@ class Configuration {
 			'ldap_attr_role' => 'ldapAttributeRole',
 			'ldap_attr_headline' => 'ldapAttributeHeadline',
 			'ldap_attr_biography' => 'ldapAttributeBiography',
+			'ldap_profile_scope' => 'ldapProfileScope',
 		];
 		return $array;
 	}
diff --git a/apps/user_ldap/lib/Connection.php b/apps/user_ldap/lib/Connection.php
index f899ee381c8..11aaaec13dd 100644
--- a/apps/user_ldap/lib/Connection.php
+++ b/apps/user_ldap/lib/Connection.php
@@ -81,6 +81,7 @@ use Psr\Log\LoggerInterface;
  * @property string ldapAttributeRole
  * @property string ldapAttributeHeadline
  * @property string ldapAttributeBiography
+ * @property string ldapProfileScope
  */
 class Connection extends LDAPUtility {
 	/**
diff --git a/apps/user_ldap/lib/User/User.php b/apps/user_ldap/lib/User/User.php
index 043f3b2d273..1f044c6ddd6 100644
--- a/apps/user_ldap/lib/User/User.php
+++ b/apps/user_ldap/lib/User/User.php
@@ -248,52 +248,57 @@ class User {
 		}
 		unset($attr);
 
+		//User profile visibility
+		$profileScope = $this->connection->ldapProfileScope;
+		if (is_null($profileScope) || '' === $profileScope || 'unset' === $profileScope) {
+			$profileScope = null;
+		}
 		//User Profile Field - Phone number
 		$attr = strtolower($this->connection->ldapAttributePhone);
 		if (isset($ldapEntry[$attr])) {
-			$this->updateProfile(self::USER_PREFKEY_PHONE, $ldapEntry[$attr][0]);
+			$this->updateProfile(self::USER_PREFKEY_PHONE, $ldapEntry[$attr][0], $profileScope);
 		}
 		unset($attr);
 		//User Profile Field - website
 		$attr = strtolower($this->connection->ldapAttributeWebsite);
 		if (isset($ldapEntry[$attr])) {
-			$this->updateProfile(self::USER_PREFKEY_WEBSITE, $ldapEntry[$attr][0]);
+			$this->updateProfile(self::USER_PREFKEY_WEBSITE, $ldapEntry[$attr][0], $profileScope);
 		}
 		unset($attr);
 		//User Profile Field - Address
 		$attr = strtolower($this->connection->ldapAttributeAddress);
 		if (isset($ldapEntry[$attr])) {
-			$this->updateProfile(self::USER_PREFKEY_ADDRESS, $ldapEntry[$attr][0]);
+			$this->updateProfile(self::USER_PREFKEY_ADDRESS, $ldapEntry[$attr][0], $profileScope);
 		}
 		unset($attr);
 		//User Profile Field - Twitter
 		$attr = strtolower($this->connection->ldapAttributeTwitter);
 		if (isset($ldapEntry[$attr])) {
-			$this->updateProfile(self::USER_PREFKEY_TWITTER, $ldapEntry[$attr][0]);
+			$this->updateProfile(self::USER_PREFKEY_TWITTER, $ldapEntry[$attr][0], $profileScope);
 		}
 		unset($attr);
 		//User Profile Field - organisation
 		$attr = strtolower($this->connection->ldapAttributeOrganisation);
 		if (isset($ldapEntry[$attr])) {
-			$this->updateProfile(self::USER_PREFKEY_ORGANISATION, $ldapEntry[$attr][0]);
+			$this->updateProfile(self::USER_PREFKEY_ORGANISATION, $ldapEntry[$attr][0], $profileScope);
 		}
 		unset($attr);
 		//User Profile Field - role
 		$attr = strtolower($this->connection->ldapAttributeRole);
 		if (isset($ldapEntry[$attr])) {
-			$this->updateProfile(self::USER_PREFKEY_ROLE, $ldapEntry[$attr][0]);
+			$this->updateProfile(self::USER_PREFKEY_ROLE, $ldapEntry[$attr][0], $profileScope);
 		}
 		unset($attr);
 		//User Profile Field - headline
 		$attr = strtolower($this->connection->ldapAttributeHeadline);
 		if (isset($ldapEntry[$attr])) {
-			$this->updateProfile(self::USER_PREFKEY_HEADLINE, $ldapEntry[$attr][0]);
+			$this->updateProfile(self::USER_PREFKEY_HEADLINE, $ldapEntry[$attr][0], $profileScope);
 		}
 		unset($attr);
 		//User Profile Field - biography
 		$attr = strtolower($this->connection->ldapAttributeBiography);
 		if (isset($ldapEntry[$attr])) {
-			$this->updateProfile(self::USER_PREFKEY_BIOGRAPHY, $ldapEntry[$attr][0]);
+			$this->updateProfile(self::USER_PREFKEY_BIOGRAPHY, $ldapEntry[$attr][0], $profileScope);
 		}
 		unset($attr);
 
@@ -583,7 +588,7 @@ class User {
 	 * @param string $valueFromLDAP if known, to save an LDAP read request
 	 * @return null
 	 */
-	private function updateProfile(string $property, $valueFromLDAP) {
+	private function updateProfile(string $property, $valueFromLDAP, $scope=null) {
 		// check for valid property and set corresponding profile property
 		$profileProperty = 'INVALID';
 		if (self::USER_PREFKEY_PHONE == $property) {
@@ -622,7 +627,7 @@ class User {
 				if (!is_null($user)) {
 					$currentValue = (string)$user->getProfilePropertyValue($profileProperty);
 					if ($currentValue !== $value) {
-						$user->setProfilePropertyValue($profileProperty,$value);
+						$user->setProfileProperty($profileProperty,$value,$scope,null);
 					}
 					// setScope(IAccountManager::SCOPE_FEDERATED);
 					// setVerified(IAccountManager::VERIFIED);
diff --git a/apps/user_ldap/templates/settings.php b/apps/user_ldap/templates/settings.php
index b779cc1f6e5..aee48f85ed0 100644
--- a/apps/user_ldap/templates/settings.php
+++ b/apps/user_ldap/templates/settings.php
@@ -130,6 +130,7 @@ style('user_ldap', 'settings');
 				<p><label for="ldap_attr_role"> <?php p($l->t('Role Field')); ?></label><input type="text" id="ldap_attr_role" name="ldap_attr_role" title="<?php p($l->t('User profile Role will be set from the specified attribute')); ?>" data-default="<?php p($_['ldap_attr_role_default']); ?>"></p>
 				<p><label for="ldap_attr_headline"> <?php p($l->t('Headline Field')); ?></label><input type="text" id="ldap_attr_headline" name="ldap_attr_headline" title="<?php p($l->t('User profile Headline will be set from the specified attribute')); ?>" data-default="<?php p($_['ldap_attr_headline_default']); ?>"></p>
 				<p><label for="ldap_attr_biography"> <?php p($l->t('Biography Field')); ?></label><input type="text" id="ldap_attr_biography" name="ldap_attr_biography" title="<?php p($l->t('User profile Biography will be set from the specified attribute')); ?>" data-default="<?php p($_['ldap_attr_biography_default']); ?>"></p>
+				<p><label for="ldap_profile_scope"><?php p($l->t('Profile Scope'));?></label><select id="ldap_profile_scope" name="ldap_profile_scope" data-default="<?php p($_['ldap_profile_scope_default']); ?>" ><option value="unset"<?php if (! isset($_['ldap_profile_scope']) || ($_['ldap_profile_scope'] === 'unset')) p(' selected'); ?>>must be set by user</option><option value="v2-private"<?php if (isset($_['ldap_profile_scope']) && ($_['ldap_profile_scope'] === 'v2-private')) p(' selected'); ?>>private</option><option value="v2-local"<?php if (isset($_['ldap_profile_scope']) && ($_['ldap_profile_scope'] === 'v2-local')) p(' selected'); ?>>local</option><option value="v2-federated"<?php if (isset($_['ldap_profile_scope']) && ($_['ldap_profile_scope'] === 'v2-federated')) p(' selected'); ?>>federated</option><option value="v2-published"<?php if (isset($_['ldap_profile_scope']) && ($_['ldap_profile_scope'] === 'v2-published')) p(' selected'); ?>>published</option></select></p>
 			</div>
 		</div>
 		<?php print_unescaped($_['settingControls']); ?>
diff --git a/lib/private/User/LazyUser.php b/lib/private/User/LazyUser.php
index 577c937ee51..0645983979f 100644
--- a/lib/private/User/LazyUser.php
+++ b/lib/private/User/LazyUser.php
@@ -152,7 +152,15 @@ class LazyUser implements IUser {
 		return $this->getUser()->getProfilePropertyValue($property);
 	}
 
-	public function setProfilePropertyValue(string $property, $value) {
-		$this->getUser()->setProfilePropertyValue($property, $value);
+	public function getProfilePropertyScope(string $property): ?string {
+		return $this->getUser()->getProfilePropertyScope($property);
+	}
+
+	public function getProfilePropertyVerified(string $property): ?string {
+		return $this->getUser()->getProfilePropertyVerified($property);
+	}
+
+	public function setProfileProperty(string $property, $value=null, $scope=null, $verified=null) {
+		$this->getUser()->setProfileProperty($property, $value, $scope, $verified);
 	}
 }
diff --git a/lib/private/User/User.php b/lib/private/User/User.php
index d4f7effcf1d..aaff2db8f5a 100644
--- a/lib/private/User/User.php
+++ b/lib/private/User/User.php
@@ -611,11 +611,45 @@ class User implements IUser {
 
 	/**
 	 * @param string $property name of the AccountProperty
+	 * @return string|null AccountProperty scope
+	 * @throws InvalidArgumentException when the property name is invalid or null
+	 */
+	public function getProfilePropertyScope($property): ?string {
+		if ($property === null) {
+			throw new InvalidArgumentException('Property can not be null.');
+		}
+		$this->ensureAccountManager();
+		$account = $this->accountManager->getAccount($this);
+		// TODO: this should be stored locally, to reduce database overhead
+		$property = $account->getProperty($property);
+		return $property->getScope();
+	}
+
+	/**
+	 * @param string $property name of the AccountProperty
+	 * @return string|null AccountProperty verified
+	 * @throws InvalidArgumentException when the property name is invalid or null
+	 */
+	public function getProfilePropertyVerified($property): ?string {
+		if ($property === null) {
+			throw new InvalidArgumentException('Property can not be null.');
+		}
+		$this->ensureAccountManager();
+		$account = $this->accountManager->getAccount($this);
+		// TODO: this should be stored locally, to reduce database overhead
+		$property = $account->getProperty($property);
+		return $property->getVerified();
+	}
+
+	/**
+	 * @param string $property name of the AccountProperty
 	 * @param string $value AccountProperty value
+	 * @param string $scope AccountProperty scope
+	 * @param string $verified AccountProperty verified
 	 * @return void
 	 * @throws InvalidArgumentException when the property name is invalid or null
 	 */
-	public function setProfilePropertyValue($property, $value) {
+	public function setProfileProperty($property, $value=null, $scope=null, $verified=null) {
 		if ($property === null) {
 			throw new InvalidArgumentException('Property can not be null.');
 		}
@@ -623,9 +657,35 @@ class User implements IUser {
 		$this->ensureAccountManager();
 		$account = $this->accountManager->getAccount($this);
 		$property = $account->getProperty($property);
+		if (null !== $value) {
+			$property->setValue($value);
+		}
+		if (null !== $scope) {
+			// FIXME: should I default to IAccountManager::SCOPE_FEDERATED
+			$property->setScope($scope);
+		}
+		if (null !== $verified) {
+			// FIXME: should I default to IAccountManager::VERIFIED
+			$property->setVerified($verified);
+		}
+		$this->accountManager->updateAccount($account);
+		return;
+	}
+
+	/**
+	 * @param string $property name of the AccountProperty
+	 * @param string $value AccountProperty value
+	 * @return void
+	 * @throws InvalidArgumentException when the property name is invalid or null
+	 */
+	public function setProfilePropertyValue($property, $value) {
+		if ($property === null) {
+			throw new InvalidArgumentException('Property can not be null.');
+		}
+		$this->ensureAccountManager();
+		$account = $this->accountManager->getAccount($this);
+		$property = $account->getProperty($property);
 		$property->setValue($value);
-		//$property->setScope(IAccountManager::SCOPE_FEDERATED);
-		//$property->setVerified(IAccountManager::VERIFIED);
 		$this->accountManager->updateAccount($account);
 		return;
 	}
diff --git a/lib/public/IUser.php b/lib/public/IUser.php
index fc732b47757..7dc21a28b08 100644
--- a/lib/public/IUser.php
+++ b/lib/public/IUser.php
@@ -283,14 +283,35 @@ interface IUser {
 	public function getProfilePropertyValue(string $property): ?string;
 
 	/**
-	 * set users' profile property value.
-	 * remove property, if null
+	 * get users' profile property scope.
+	 *
+	 * @param string $property name see IAccountManager::PROPERTY_*
+	 * @return string AccountProperty scope IAccountManager::SCOPE_*
+	 * @throws InvalidArgumentException when the property name is invalid or null
+	 * @since 25.0.0
+	 */
+	public function getProfilePropertyScope(string $property): ?string;
+
+	/**
+	 * get users' profile property verified.
+	 *
+	 * @param string $property name see IAccountManager::PROPERTY_*
+	 * @return string AccountProperty verification status IAccountManager::NOT_VERIFIED/VERIFICATION_IN_PROGRESS/VERIFIED
+	 * @throws InvalidArgumentException when the property name is invalid or null
+	 * @since 25.0.0
+	 */
+	public function getProfilePropertyVerified(string $property): ?string;
+
+	/**
+	 * set users' profile property value,scope,verified.
 	 *
 	 * @param string $property name from IAccountManager::PROPERTY_*
 	 * @param string $value AccountProperty value
+	 * @param string $scope AccountProperty scope
+	 * @param string $verified AccountProperty verified
 	 * @return void
 	 * @throws InvalidArgumentException when the property name is invalid or null
 	 * @since 25.0.0
 	 */
-	public function setProfilePropertyValue(string $property, $value);
+	public function setProfileProperty(string $property, $value=null, $scope=null, $verified=null);
 }