aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorChristoph Wurst <christoph@winzerhof-wurst.at>2019-05-22 10:48:51 +0200
committerChristoph Wurst <christoph@winzerhof-wurst.at>2019-05-23 20:31:40 +0200
commit22ae6828237a516b1cd36a3dad623b8046dfd76a (patch)
treec00361d0747e295f98e1e089114b8bf48bcc0e57
parent09974ae92d6f3bc20143dab43baef9fc75139585 (diff)
downloadnextcloud-server-22ae6828237a516b1cd36a3dad623b8046dfd76a.tar.gz
nextcloud-server-22ae6828237a516b1cd36a3dad623b8046dfd76a.zip
Make it possible to show admin settings for sub admins
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
-rw-r--r--lib/composer/composer/autoload_classmap.php1
-rw-r--r--lib/composer/composer/autoload_static.php1
-rw-r--r--lib/private/AppFramework/DependencyInjection/DIContainer.php2
-rw-r--r--lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php13
-rw-r--r--lib/private/Settings/Manager.php49
-rw-r--r--lib/public/Settings/IManager.php3
-rw-r--r--lib/public/Settings/ISubAdminSettings.php35
-rw-r--r--settings/Controller/AdminSettingsController.php30
-rw-r--r--settings/Controller/CommonSettingsTrait.php34
-rw-r--r--settings/Controller/PersonalSettingsController.php11
-rw-r--r--tests/Settings/Controller/AdminSettingsControllerTest.php49
-rw-r--r--tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php63
-rw-r--r--tests/lib/Settings/ManagerTest.php32
13 files changed, 271 insertions, 52 deletions
diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php
index d9dd418ce08..2bbce469fc0 100644
--- a/lib/composer/composer/autoload_classmap.php
+++ b/lib/composer/composer/autoload_classmap.php
@@ -379,6 +379,7 @@ return array(
'OCP\\Settings\\IManager' => $baseDir . '/lib/public/Settings/IManager.php',
'OCP\\Settings\\ISection' => $baseDir . '/lib/public/Settings/ISection.php',
'OCP\\Settings\\ISettings' => $baseDir . '/lib/public/Settings/ISettings.php',
+ 'OCP\\Settings\\ISubAdminSettings' => $baseDir . '/lib/public/Settings/ISubAdminSettings.php',
'OCP\\Share' => $baseDir . '/lib/public/Share.php',
'OCP\\Share\\Exceptions\\GenericShareException' => $baseDir . '/lib/public/Share/Exceptions/GenericShareException.php',
'OCP\\Share\\Exceptions\\IllegalIDChangeException' => $baseDir . '/lib/public/Share/Exceptions/IllegalIDChangeException.php',
diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php
index d9693ab0320..383af9f3a77 100644
--- a/lib/composer/composer/autoload_static.php
+++ b/lib/composer/composer/autoload_static.php
@@ -409,6 +409,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OCP\\Settings\\IManager' => __DIR__ . '/../../..' . '/lib/public/Settings/IManager.php',
'OCP\\Settings\\ISection' => __DIR__ . '/../../..' . '/lib/public/Settings/ISection.php',
'OCP\\Settings\\ISettings' => __DIR__ . '/../../..' . '/lib/public/Settings/ISettings.php',
+ 'OCP\\Settings\\ISubAdminSettings' => __DIR__ . '/../../..' . '/lib/public/Settings/ISubAdminSettings.php',
'OCP\\Share' => __DIR__ . '/../../..' . '/lib/public/Share.php',
'OCP\\Share\\Exceptions\\GenericShareException' => __DIR__ . '/../../..' . '/lib/public/Share/Exceptions/GenericShareException.php',
'OCP\\Share\\Exceptions\\IllegalIDChangeException' => __DIR__ . '/../../..' . '/lib/public/Share/Exceptions/IllegalIDChangeException.php',
diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php
index 209ea5c876d..a6a9b205747 100644
--- a/lib/private/AppFramework/DependencyInjection/DIContainer.php
+++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php
@@ -56,6 +56,7 @@ use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Files\Folder;
use OCP\Files\IAppData;
use OCP\GlobalScale\IConfig;
+use OCP\Group\ISubAdmin;
use OCP\IL10N;
use OCP\ILogger;
use OCP\INavigationManager;
@@ -218,6 +219,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
$c['AppName'],
$server->getUserSession()->isLoggedIn(),
$server->getGroupManager()->isAdmin($this->getUserId()),
+ $server->getUserSession()->getUser() !== null && $server->query(ISubAdmin::class)->isSubAdmin($server->getUserSession()->getUser()),
$server->getContentSecurityPolicyManager(),
$server->getCsrfTokenManager(),
$server->getContentSecurityPolicyNonceManager(),
diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
index 87954ccc1cb..fef3f226e15 100644
--- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
+++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
@@ -82,6 +82,8 @@ class SecurityMiddleware extends Middleware {
private $isLoggedIn;
/** @var bool */
private $isAdminUser;
+ /** @var bool */
+ private $isSubAdmin;
/** @var ContentSecurityPolicyManager */
private $contentSecurityPolicyManager;
/** @var CsrfTokenManager */
@@ -101,6 +103,7 @@ class SecurityMiddleware extends Middleware {
string $appName,
bool $isLoggedIn,
bool $isAdminUser,
+ bool $isSubAdmin,
ContentSecurityPolicyManager $contentSecurityPolicyManager,
CsrfTokenManager $csrfTokenManager,
ContentSecurityPolicyNonceManager $cspNonceManager,
@@ -115,6 +118,7 @@ class SecurityMiddleware extends Middleware {
$this->logger = $logger;
$this->isLoggedIn = $isLoggedIn;
$this->isAdminUser = $isAdminUser;
+ $this->isSubAdmin = $isSubAdmin;
$this->contentSecurityPolicyManager = $contentSecurityPolicyManager;
$this->csrfTokenManager = $csrfTokenManager;
$this->cspNonceManager = $cspNonceManager;
@@ -143,7 +147,14 @@ class SecurityMiddleware extends Middleware {
throw new NotLoggedInException();
}
- if(!$this->reflector->hasAnnotation('NoAdminRequired') && !$this->isAdminUser) {
+ if($this->reflector->hasAnnotation('SubAdminRequired')
+ && !$this->isSubAdmin
+ && !$this->isAdminUser) {
+ throw new NotAdminException($this->l10n->t('Logged in user must be an admin or sub admin'));
+ }
+ if(!$this->reflector->hasAnnotation('SubAdminRequired')
+ && !$this->reflector->hasAnnotation('NoAdminRequired')
+ && !$this->isAdminUser) {
throw new NotAdminException($this->l10n->t('Logged in user must be an admin'));
}
}
diff --git a/lib/private/Settings/Manager.php b/lib/private/Settings/Manager.php
index 982c2dba2ee..7e3edfa9df0 100644
--- a/lib/private/Settings/Manager.php
+++ b/lib/private/Settings/Manager.php
@@ -29,6 +29,7 @@
namespace OC\Settings;
+use Closure;
use OCP\AppFramework\QueryException;
use OCP\IL10N;
use OCP\ILogger;
@@ -38,6 +39,7 @@ use OCP\L10N\IFactory;
use OCP\Settings\ISettings;
use OCP\Settings\IManager;
use OCP\Settings\ISection;
+use OCP\Settings\ISubAdminSettings;
class Manager implements IManager {
@@ -150,10 +152,11 @@ class Manager implements IManager {
/**
* @param string $type 'admin' or 'personal'
* @param string $section
+ * @param Closure $filter optional filter to apply on all loaded ISettings
*
* @return ISettings[]
*/
- protected function getSettings(string $type, string $section): array {
+ protected function getSettings(string $type, string $section, Closure $filter = null): array {
if (!isset($this->settings[$type])) {
$this->settings[$type] = [];
}
@@ -162,6 +165,10 @@ class Manager implements IManager {
}
foreach ($this->settingClasses as $class => $settingsType) {
+ if ($type !== $settingsType) {
+ continue;
+ }
+
try {
/** @var ISettings $setting */
$setting = \OC::$server->query($class);
@@ -175,6 +182,9 @@ class Manager implements IManager {
continue;
}
+ if ($filter !== null && !$filter($setting)) {
+ continue;
+ }
if ($setting->getSection() === null) {
continue;
}
@@ -226,33 +236,44 @@ class Manager implements IManager {
/**
* @param string $section
+ * @param Closure $filter
*
* @return ISection[]
*/
- private function getBuiltInAdminSettings($section): array {
+ private function getBuiltInAdminSettings($section, Closure $filter = null): array {
$forms = [];
if ($section === 'overview') {
/** @var ISettings $form */
$form = $this->container->query(Admin\Overview::class);
- $forms[$form->getPriority()] = [$form];
+ if ($filter === null || $filter($form)) {
+ $forms[$form->getPriority()] = [$form];
+ }
}
if ($section === 'server') {
/** @var ISettings $form */
$form = $this->container->query(Admin\Server::class);
- $forms[$form->getPriority()] = [$form];
+ if ($filter === null || $filter($form)) {
+ $forms[$form->getPriority()] = [$form];
+ }
$form = $this->container->query(Admin\Mail::class);
- $forms[$form->getPriority()] = [$form];
+ if ($filter === null || $filter($form)) {
+ $forms[$form->getPriority()] = [$form];
+ }
}
if ($section === 'security') {
/** @var ISettings $form */
$form = $this->container->query(Admin\Security::class);
- $forms[$form->getPriority()] = [$form];
+ if ($filter === null || $filter($form)) {
+ $forms[$form->getPriority()] = [$form];
+ }
}
if ($section === 'sharing') {
/** @var ISettings $form */
$form = $this->container->query(Admin\Sharing::class);
- $forms[$form->getPriority()] = [$form];
+ if ($filter === null || $filter($form)) {
+ $forms[$form->getPriority()] = [$form];
+ }
}
return $forms;
@@ -290,9 +311,17 @@ class Manager implements IManager {
/**
* @inheritdoc
*/
- public function getAdminSettings($section): array {
- $settings = $this->getBuiltInAdminSettings($section);
- $appSettings = $this->getSettings('admin', $section);
+ public function getAdminSettings($section, bool $subAdminOnly = false): array {
+ if ($subAdminOnly) {
+ $subAdminSettingsFilter = function(ISettings $settings) {
+ return $settings instanceof ISubAdminSettings;
+ };
+ $settings = $this->getBuiltInAdminSettings($section, $subAdminSettingsFilter);
+ $appSettings = $this->getSettings('admin', $section, $subAdminSettingsFilter);
+ } else {
+ $settings = $this->getBuiltInAdminSettings($section);
+ $appSettings = $this->getSettings('admin', $section);
+ }
foreach ($appSettings as $setting) {
if (!isset($settings[$setting->getPriority()])) {
diff --git a/lib/public/Settings/IManager.php b/lib/public/Settings/IManager.php
index 52f12c3a8fb..c0a34f4403f 100644
--- a/lib/public/Settings/IManager.php
+++ b/lib/public/Settings/IManager.php
@@ -82,10 +82,11 @@ interface IManager {
* returns a list of the admin settings
*
* @param string $section the section id for which to load the settings
+ * @param bool $subAdminOnly only return settings sub admins are supposed to see (since 17.0.0)
* @return array array of IAdmin[] where key is the priority
* @since 9.1.0
*/
- public function getAdminSettings($section): array;
+ public function getAdminSettings($section, bool $subAdminOnly = false): array;
/**
* returns a list of the personal settings
diff --git a/lib/public/Settings/ISubAdminSettings.php b/lib/public/Settings/ISubAdminSettings.php
new file mode 100644
index 00000000000..3d047d2c872
--- /dev/null
+++ b/lib/public/Settings/ISubAdminSettings.php
@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * @copyright 2019 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @author 2019 Christoph Wurst <christoph@winzerhof-wurst.at>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace OCP\Settings;
+
+/**
+ * Tagging interface for settings that should be shown to sub admins
+ *
+ * @since 17.0.0
+ */
+interface ISubAdminSettings extends ISettings {
+
+}
diff --git a/settings/Controller/AdminSettingsController.php b/settings/Controller/AdminSettingsController.php
index e2ad577024c..e322a2a5354 100644
--- a/settings/Controller/AdminSettingsController.php
+++ b/settings/Controller/AdminSettingsController.php
@@ -27,8 +27,12 @@ namespace OC\Settings\Controller;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\TemplateResponse;
+use OCP\Group\ISubAdmin;
+use OCP\IGroupManager;
use OCP\INavigationManager;
use OCP\IRequest;
+use OCP\IUser;
+use OCP\IUserSession;
use OCP\Settings\IManager as ISettingsManager;
use OCP\Template;
@@ -38,21 +42,21 @@ use OCP\Template;
class AdminSettingsController extends Controller {
use CommonSettingsTrait;
- /**
- * @param string $appName
- * @param IRequest $request
- * @param INavigationManager $navigationManager
- * @param ISettingsManager $settingsManager
- */
public function __construct(
$appName,
IRequest $request,
INavigationManager $navigationManager,
- ISettingsManager $settingsManager
+ ISettingsManager $settingsManager,
+ IUserSession $userSession,
+ IGroupManager $groupManager,
+ ISubAdmin $subAdmin
) {
parent::__construct($appName, $request);
$this->navigationManager = $navigationManager;
$this->settingsManager = $settingsManager;
+ $this->userSession = $userSession;
+ $this->groupManager = $groupManager;
+ $this->subAdmin = $subAdmin;
}
/**
@@ -60,6 +64,7 @@ class AdminSettingsController extends Controller {
* @return TemplateResponse
*
* @NoCSRFRequired
+ * @SubAdminRequired
*/
public function index($section) {
return $this->getIndexResponse('admin', $section);
@@ -70,9 +75,16 @@ class AdminSettingsController extends Controller {
* @return array
*/
protected function getSettings($section) {
- $settings = $this->settingsManager->getAdminSettings($section);
+ /** @var IUser $user */
+ $user = $this->userSession->getUser();
+ $isSubAdmin = !$this->groupManager->isAdmin($user->getUID()) && $this->subAdmin->isSubAdmin($user);
+ $settings = $this->settingsManager->getAdminSettings(
+ $section,
+ $isSubAdmin
+ );
$formatted = $this->formatSettings($settings);
- if($section === 'additional') {
+ // Do not show legacy forms for sub admins
+ if($section === 'additional' && !$isSubAdmin) {
$formatted['content'] .= $this->getLegacyForms();
}
return $formatted;
diff --git a/settings/Controller/CommonSettingsTrait.php b/settings/Controller/CommonSettingsTrait.php
index 10fc0d84bbd..1844dda551e 100644
--- a/settings/Controller/CommonSettingsTrait.php
+++ b/settings/Controller/CommonSettingsTrait.php
@@ -25,18 +25,32 @@
namespace OC\Settings\Controller;
use OCP\AppFramework\Http\TemplateResponse;
+use OCP\Group\ISubAdmin;
+use OCP\IGroupManager;
use OCP\INavigationManager;
+use OCP\IUser;
+use OCP\IUserSession;
use OCP\Settings\IManager as ISettingsManager;
use OCP\Settings\IIconSection;
use OCP\Settings\ISettings;
trait CommonSettingsTrait {
+
/** @var ISettingsManager */
private $settingsManager;
/** @var INavigationManager */
private $navigationManager;
+ /** @var IUserSession */
+ private $userSession;
+
+ /** @var IGroupManager */
+ private $groupManager;
+
+ /** @var ISubAdmin */
+ private $subAdmin;
+
/**
* @param string $currentSection
* @return array
@@ -47,8 +61,16 @@ trait CommonSettingsTrait {
'admin' => []
];
- if(\OC_User::isAdminUser(\OC_User::getUser())) {
- $templateParameters['admin'] = $this->formatAdminSections($currentType, $currentSection);
+ /** @var IUser $user */
+ $user = $this->userSession->getUser();
+ $isAdmin = $this->groupManager->isAdmin($user->getUID());
+ $isSubAdmin = $this->subAdmin->isSubAdmin($user);
+ if ($isAdmin || $isSubAdmin) {
+ $templateParameters['admin'] = $this->formatAdminSections(
+ $currentType,
+ $currentSection,
+ !$isAdmin && $isSubAdmin
+ );
}
return [
@@ -56,13 +78,13 @@ trait CommonSettingsTrait {
];
}
- protected function formatSections($sections, $currentSection, $type, $currentType) {
+ protected function formatSections($sections, $currentSection, $type, $currentType, bool $subAdminOnly = false) {
$templateParameters = [];
/** @var \OCP\Settings\ISection[] $prioritizedSections */
foreach($sections as $prioritizedSections) {
foreach ($prioritizedSections as $section) {
if($type === 'admin') {
- $settings = $this->settingsManager->getAdminSettings($section->getID());
+ $settings = $this->settingsManager->getAdminSettings($section->getID(), $subAdminOnly);
} else if($type === 'personal') {
$settings = $this->settingsManager->getPersonalSettings($section->getID());
}
@@ -96,9 +118,9 @@ trait CommonSettingsTrait {
return $templateParameters;
}
- protected function formatAdminSections($currentType, $currentSections) {
+ protected function formatAdminSections($currentType, $currentSections, bool $subAdminOnly) {
$sections = $this->settingsManager->getAdminSections();
- $templateParameters = $this->formatSections($sections, $currentSections, 'admin', $currentType);
+ $templateParameters = $this->formatSections($sections, $currentSections, 'admin', $currentType, $subAdminOnly);
return $templateParameters;
}
diff --git a/settings/Controller/PersonalSettingsController.php b/settings/Controller/PersonalSettingsController.php
index 9ec7ce72645..01ef84a1c49 100644
--- a/settings/Controller/PersonalSettingsController.php
+++ b/settings/Controller/PersonalSettingsController.php
@@ -26,8 +26,11 @@ namespace OC\Settings\Controller;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\TemplateResponse;
+use OCP\Group\ISubAdmin;
+use OCP\IGroupManager;
use OCP\INavigationManager;
use OCP\IRequest;
+use OCP\IUserSession;
use OCP\Settings\IManager as ISettingsManager;
use OCP\Template;
@@ -38,11 +41,17 @@ class PersonalSettingsController extends Controller {
$appName,
IRequest $request,
INavigationManager $navigationManager,
- ISettingsManager $settingsManager
+ ISettingsManager $settingsManager,
+ IUserSession $userSession,
+ IGroupManager $groupManager,
+ ISubAdmin $subAdmin
) {
parent::__construct($appName, $request);
$this->navigationManager = $navigationManager;
$this->settingsManager = $settingsManager;
+ $this->userSession = $userSession;
+ $this->subAdmin = $subAdmin;
+ $this->groupManager = $groupManager;
}
/**
diff --git a/tests/Settings/Controller/AdminSettingsControllerTest.php b/tests/Settings/Controller/AdminSettingsControllerTest.php
index 6c2b44f37e0..c86615ed590 100644
--- a/tests/Settings/Controller/AdminSettingsControllerTest.php
+++ b/tests/Settings/Controller/AdminSettingsControllerTest.php
@@ -25,9 +25,14 @@ namespace Tests\Settings\Controller;
use OC\Settings\Personal\ServerDevNotice;
use OC\Settings\Controller\AdminSettingsController;
use OCP\AppFramework\Http\TemplateResponse;
+use OCP\Group\ISubAdmin;
+use OCP\IGroupManager;
use OCP\INavigationManager;
use OCP\IRequest;
+use OCP\IUser;
+use OCP\IUserSession;
use OCP\Settings\IManager;
+use PHPUnit\Framework\MockObject\MockObject;
use Test\TestCase;
/**
@@ -38,29 +43,42 @@ use Test\TestCase;
* @package Tests\Settings\Controller
*/
class AdminSettingsControllerTest extends TestCase {
+
/** @var AdminSettingsController */
private $adminSettingsController;
- /** @var IRequest */
+ /** @var IRequest|MockObject */
private $request;
- /** @var INavigationManager */
+ /** @var INavigationManager|MockObject */
private $navigationManager;
- /** @var IManager|\PHPUnit_Framework_MockObject_MockObject */
+ /** @var IManager|MockObject */
private $settingsManager;
+ /** @var IUserSession|MockObject */
+ private $userSession;
+ /** @var IGroupManager|MockObject */
+ private $groupManager;
+ /** @var ISubAdmin|MockObject */
+ private $subAdmin;
/** @var string */
private $adminUid = 'lololo';
public function setUp() {
parent::setUp();
- $this->request = $this->getMockBuilder(IRequest::class)->getMock();
- $this->navigationManager = $this->getMockBuilder(INavigationManager::class)->getMock();
- $this->settingsManager = $this->getMockBuilder(IManager::class)->getMock();
+ $this->request = $this->createMock(IRequest::class);
+ $this->navigationManager = $this->createMock(INavigationManager::class);
+ $this->settingsManager = $this->createMock(IManager::class);
+ $this->userSession = $this->createMock(IUserSession::class);
+ $this->groupManager = $this->createMock(IGroupManager::class);
+ $this->subAdmin = $this->createMock(ISubAdmin::class);
$this->adminSettingsController = new AdminSettingsController(
'settings',
$this->request,
$this->navigationManager,
- $this->settingsManager
+ $this->settingsManager,
+ $this->userSession,
+ $this->groupManager,
+ $this->subAdmin
);
$user = \OC::$server->getUserManager()->createUser($this->adminUid, 'olo');
@@ -75,6 +93,19 @@ class AdminSettingsControllerTest extends TestCase {
}
public function testIndex() {
+ $user = $this->createMock(IUser::class);
+ $this->userSession
+ ->method('getUser')
+ ->willReturn($user);
+ $user->method('getUID')->willReturn('user123');
+ $this->groupManager
+ ->method('isAdmin')
+ ->with('user123')
+ ->willReturn(true);
+ $this->subAdmin
+ ->method('isSubAdmin')
+ ->with($user)
+ ->willReturn(false);
$this->settingsManager
->expects($this->once())
->method('getAdminSections')
@@ -89,7 +120,9 @@ class AdminSettingsControllerTest extends TestCase {
->with('test')
->willReturn([5 => new ServerDevNotice()]);
+ $idx = $this->adminSettingsController->index('test');
+
$expected = new TemplateResponse('settings', 'settings/frame', ['forms' => ['personal' => [], 'admin' => []], 'content' => '']);
- $this->assertEquals($expected, $this->adminSettingsController->index('test'));
+ $this->assertEquals($expected, $idx);
}
}
diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
index 13c5379b142..ab243616be0 100644
--- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
+++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php
@@ -96,12 +96,12 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->csrfTokenManager = $this->createMock(CsrfTokenManager::class);
$this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class);
$this->l10n = $this->createMock(IL10N::class);
- $this->middleware = $this->getMiddleware(true, true);
+ $this->middleware = $this->getMiddleware(true, true, false);
$this->secException = new SecurityException('hey', false);
$this->secAjaxException = new SecurityException('hey', true);
}
- private function getMiddleware(bool $isLoggedIn, bool $isAdminUser, bool $isAppEnabledForUser = true): SecurityMiddleware {
+ private function getMiddleware(bool $isLoggedIn, bool $isAdminUser, bool $isSubAdmin, bool $isAppEnabledForUser = true): SecurityMiddleware {
$this->appManager = $this->createMock(IAppManager::class);
$this->appManager->expects($this->any())
@@ -117,6 +117,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
'files',
$isLoggedIn,
$isAdminUser,
+ $isSubAdmin,
$this->contentSecurityPolicyManager,
$this->csrfTokenManager,
$this->cspNonceManager,
@@ -153,7 +154,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$isLoggedIn = true;
}
- $sec = $this->getMiddleware($isLoggedIn, $isAdminUser);
+ $sec = $this->getMiddleware($isLoggedIn, $isAdminUser, false);
try {
$this->reader->reflect(__CLASS__, $method);
@@ -216,11 +217,6 @@ class SecurityMiddlewareTest extends \Test\TestCase {
);
$this->ajaxExceptionStatus(
__FUNCTION__,
- 'isSubAdminUser',
- 0
- );
- $this->ajaxExceptionStatus(
- __FUNCTION__,
'passesCSRFCheck',
0
);
@@ -236,7 +232,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
->method('passesCSRFCheck')
->will($this->returnValue(false));
- $sec = $this->getMiddleware(false, false);
+ $sec = $this->getMiddleware(false, false, false);
$this->reader->reflect(__CLASS__, __FUNCTION__);
$sec->beforeController($this->controller, __FUNCTION__);
@@ -257,7 +253,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$isAdminUser = false;
}
- $sec = $this->getMiddleware($isLoggedIn, $isAdminUser);
+ $sec = $this->getMiddleware($isLoggedIn, $isAdminUser, false);
if($shouldFail) {
$this->expectException(SecurityException::class);
@@ -452,6 +448,41 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->securityCheck(__FUNCTION__, 'isAdminUser');
}
+ /**
+ * @NoCSRFRequired
+ * @SubAdminRequired
+ */
+ public function testIsNotSubAdminCheck(){
+ $this->reader->reflect(__CLASS__,__FUNCTION__);
+ $sec = $this->getMiddleware(true, false, false);
+
+ $this->expectException(SecurityException::class);
+ $sec->beforeController($this, __METHOD__);
+ }
+
+ /**
+ * @NoCSRFRequired
+ * @SubAdminRequired
+ */
+ public function testIsSubAdminCheck(){
+ $this->reader->reflect(__CLASS__,__FUNCTION__);
+ $sec = $this->getMiddleware(true, false, true);
+
+ $sec->beforeController($this, __METHOD__);
+ $this->addToAssertionCount(1);
+ }
+
+ /**
+ * @NoCSRFRequired
+ * @SubAdminRequired
+ */
+ public function testIsSubAdminAndAdminCheck(){
+ $this->reader->reflect(__CLASS__,__FUNCTION__);
+ $sec = $this->getMiddleware(true, true, true);
+
+ $sec->beforeController($this, __METHOD__);
+ $this->addToAssertionCount(1);
+ }
/**
* @NoCSRFRequired
@@ -479,7 +510,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->createMock(ISecureRandom::class),
$this->createMock(IConfig::class)
);
- $this->middleware = $this->getMiddleware(false, false);
+ $this->middleware = $this->getMiddleware(false, false, false);
$this->urlGenerator
->expects($this->once())
->method('linkToRoute')
@@ -514,7 +545,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->createMock(IConfig::class)
);
- $this->middleware = $this->getMiddleware(false, false);
+ $this->middleware = $this->getMiddleware(false, false, false);
$response = $this->middleware->afterException(
$this->controller,
'test',
@@ -559,7 +590,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
$this->createMock(ISecureRandom::class),
$this->createMock(IConfig::class)
);
- $this->middleware = $this->getMiddleware(false, false);
+ $this->middleware = $this->getMiddleware(false, false, false);
$this->logger
->expects($this->once())
->method('logException');
@@ -684,7 +715,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
* @NoCSRFRequired
*/
public function testRestrictedAppLoggedInPublicPage() {
- $middleware = $this->getMiddleware(true, false);
+ $middleware = $this->getMiddleware(true, false, false);
$this->reader->reflect(__CLASS__,__FUNCTION__);
$this->appManager->method('getAppPath')
@@ -705,7 +736,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
* @NoCSRFRequired
*/
public function testRestrictedAppNotLoggedInPublicPage() {
- $middleware = $this->getMiddleware(false, false);
+ $middleware = $this->getMiddleware(false, false, false);
$this->reader->reflect(__CLASS__,__FUNCTION__);
$this->appManager->method('getAppPath')
@@ -725,7 +756,7 @@ class SecurityMiddlewareTest extends \Test\TestCase {
* @NoCSRFRequired
*/
public function testRestrictedAppLoggedIn() {
- $middleware = $this->getMiddleware(true, false, false);
+ $middleware = $this->getMiddleware(true, false, false, false);
$this->reader->reflect(__CLASS__,__FUNCTION__);
$this->appManager->method('getAppPath')
diff --git a/tests/lib/Settings/ManagerTest.php b/tests/lib/Settings/ManagerTest.php
index 7372cae811b..4128e33aef1 100644
--- a/tests/lib/Settings/ManagerTest.php
+++ b/tests/lib/Settings/ManagerTest.php
@@ -23,6 +23,7 @@
namespace Tests\Settings;
+use function get_class;
use OC\Settings\Admin\Sharing;
use OC\Settings\Manager;
use OC\Settings\Mapper;
@@ -34,6 +35,8 @@ use OCP\ILogger;
use OCP\IServerContainer;
use OCP\IURLGenerator;
use OCP\L10N\IFactory;
+use OCP\Settings\ISettings;
+use OCP\Settings\ISubAdminSettings;
use Test\TestCase;
class ManagerTest extends TestCase {
@@ -207,6 +210,35 @@ class ManagerTest extends TestCase {
], $settings);
}
+ public function testGetAdminSettingsAsSubAdmin() {
+ $section = $this->createMock(Sharing::class);
+ $this->container->expects($this->once())
+ ->method('query')
+ ->with(Sharing::class)
+ ->willReturn($section);
+
+ $settings = $this->manager->getAdminSettings('sharing', true);
+
+ $this->assertEquals([], $settings);
+ }
+
+ public function testGetSubAdminSettingsAsSubAdmin() {
+ $section = $this->createMock(ISubAdminSettings::class);
+ $section->expects($this->once())
+ ->method('getPriority')
+ ->willReturn(13);
+ $this->container->expects($this->once())
+ ->method('query')
+ ->with(Sharing::class)
+ ->willReturn($section);
+
+ $settings = $this->manager->getAdminSettings('sharing', true);
+
+ $this->assertEquals([
+ 13 => [$section]
+ ], $settings);
+ }
+
public function testGetPersonalSettings() {
$section = $this->createMock(Security::class);
$section->expects($this->once())