diff options
author | Christoph Wurst <christoph@winzerhof-wurst.at> | 2019-05-22 10:48:51 +0200 |
---|---|---|
committer | Christoph Wurst <christoph@winzerhof-wurst.at> | 2019-05-23 20:31:40 +0200 |
commit | 22ae6828237a516b1cd36a3dad623b8046dfd76a (patch) | |
tree | c00361d0747e295f98e1e089114b8bf48bcc0e57 | |
parent | 09974ae92d6f3bc20143dab43baef9fc75139585 (diff) | |
download | nextcloud-server-22ae6828237a516b1cd36a3dad623b8046dfd76a.tar.gz nextcloud-server-22ae6828237a516b1cd36a3dad623b8046dfd76a.zip |
Make it possible to show admin settings for sub admins
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
-rw-r--r-- | lib/composer/composer/autoload_classmap.php | 1 | ||||
-rw-r--r-- | lib/composer/composer/autoload_static.php | 1 | ||||
-rw-r--r-- | lib/private/AppFramework/DependencyInjection/DIContainer.php | 2 | ||||
-rw-r--r-- | lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php | 13 | ||||
-rw-r--r-- | lib/private/Settings/Manager.php | 49 | ||||
-rw-r--r-- | lib/public/Settings/IManager.php | 3 | ||||
-rw-r--r-- | lib/public/Settings/ISubAdminSettings.php | 35 | ||||
-rw-r--r-- | settings/Controller/AdminSettingsController.php | 30 | ||||
-rw-r--r-- | settings/Controller/CommonSettingsTrait.php | 34 | ||||
-rw-r--r-- | settings/Controller/PersonalSettingsController.php | 11 | ||||
-rw-r--r-- | tests/Settings/Controller/AdminSettingsControllerTest.php | 49 | ||||
-rw-r--r-- | tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php | 63 | ||||
-rw-r--r-- | tests/lib/Settings/ManagerTest.php | 32 |
13 files changed, 271 insertions, 52 deletions
diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index d9dd418ce08..2bbce469fc0 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -379,6 +379,7 @@ return array( 'OCP\\Settings\\IManager' => $baseDir . '/lib/public/Settings/IManager.php', 'OCP\\Settings\\ISection' => $baseDir . '/lib/public/Settings/ISection.php', 'OCP\\Settings\\ISettings' => $baseDir . '/lib/public/Settings/ISettings.php', + 'OCP\\Settings\\ISubAdminSettings' => $baseDir . '/lib/public/Settings/ISubAdminSettings.php', 'OCP\\Share' => $baseDir . '/lib/public/Share.php', 'OCP\\Share\\Exceptions\\GenericShareException' => $baseDir . '/lib/public/Share/Exceptions/GenericShareException.php', 'OCP\\Share\\Exceptions\\IllegalIDChangeException' => $baseDir . '/lib/public/Share/Exceptions/IllegalIDChangeException.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index d9693ab0320..383af9f3a77 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -409,6 +409,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c 'OCP\\Settings\\IManager' => __DIR__ . '/../../..' . '/lib/public/Settings/IManager.php', 'OCP\\Settings\\ISection' => __DIR__ . '/../../..' . '/lib/public/Settings/ISection.php', 'OCP\\Settings\\ISettings' => __DIR__ . '/../../..' . '/lib/public/Settings/ISettings.php', + 'OCP\\Settings\\ISubAdminSettings' => __DIR__ . '/../../..' . '/lib/public/Settings/ISubAdminSettings.php', 'OCP\\Share' => __DIR__ . '/../../..' . '/lib/public/Share.php', 'OCP\\Share\\Exceptions\\GenericShareException' => __DIR__ . '/../../..' . '/lib/public/Share/Exceptions/GenericShareException.php', 'OCP\\Share\\Exceptions\\IllegalIDChangeException' => __DIR__ . '/../../..' . '/lib/public/Share/Exceptions/IllegalIDChangeException.php', diff --git a/lib/private/AppFramework/DependencyInjection/DIContainer.php b/lib/private/AppFramework/DependencyInjection/DIContainer.php index 209ea5c876d..a6a9b205747 100644 --- a/lib/private/AppFramework/DependencyInjection/DIContainer.php +++ b/lib/private/AppFramework/DependencyInjection/DIContainer.php @@ -56,6 +56,7 @@ use OCP\AppFramework\Utility\ITimeFactory; use OCP\Files\Folder; use OCP\Files\IAppData; use OCP\GlobalScale\IConfig; +use OCP\Group\ISubAdmin; use OCP\IL10N; use OCP\ILogger; use OCP\INavigationManager; @@ -218,6 +219,7 @@ class DIContainer extends SimpleContainer implements IAppContainer { $c['AppName'], $server->getUserSession()->isLoggedIn(), $server->getGroupManager()->isAdmin($this->getUserId()), + $server->getUserSession()->getUser() !== null && $server->query(ISubAdmin::class)->isSubAdmin($server->getUserSession()->getUser()), $server->getContentSecurityPolicyManager(), $server->getCsrfTokenManager(), $server->getContentSecurityPolicyNonceManager(), diff --git a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php index 87954ccc1cb..fef3f226e15 100644 --- a/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php +++ b/lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php @@ -82,6 +82,8 @@ class SecurityMiddleware extends Middleware { private $isLoggedIn; /** @var bool */ private $isAdminUser; + /** @var bool */ + private $isSubAdmin; /** @var ContentSecurityPolicyManager */ private $contentSecurityPolicyManager; /** @var CsrfTokenManager */ @@ -101,6 +103,7 @@ class SecurityMiddleware extends Middleware { string $appName, bool $isLoggedIn, bool $isAdminUser, + bool $isSubAdmin, ContentSecurityPolicyManager $contentSecurityPolicyManager, CsrfTokenManager $csrfTokenManager, ContentSecurityPolicyNonceManager $cspNonceManager, @@ -115,6 +118,7 @@ class SecurityMiddleware extends Middleware { $this->logger = $logger; $this->isLoggedIn = $isLoggedIn; $this->isAdminUser = $isAdminUser; + $this->isSubAdmin = $isSubAdmin; $this->contentSecurityPolicyManager = $contentSecurityPolicyManager; $this->csrfTokenManager = $csrfTokenManager; $this->cspNonceManager = $cspNonceManager; @@ -143,7 +147,14 @@ class SecurityMiddleware extends Middleware { throw new NotLoggedInException(); } - if(!$this->reflector->hasAnnotation('NoAdminRequired') && !$this->isAdminUser) { + if($this->reflector->hasAnnotation('SubAdminRequired') + && !$this->isSubAdmin + && !$this->isAdminUser) { + throw new NotAdminException($this->l10n->t('Logged in user must be an admin or sub admin')); + } + if(!$this->reflector->hasAnnotation('SubAdminRequired') + && !$this->reflector->hasAnnotation('NoAdminRequired') + && !$this->isAdminUser) { throw new NotAdminException($this->l10n->t('Logged in user must be an admin')); } } diff --git a/lib/private/Settings/Manager.php b/lib/private/Settings/Manager.php index 982c2dba2ee..7e3edfa9df0 100644 --- a/lib/private/Settings/Manager.php +++ b/lib/private/Settings/Manager.php @@ -29,6 +29,7 @@ namespace OC\Settings; +use Closure; use OCP\AppFramework\QueryException; use OCP\IL10N; use OCP\ILogger; @@ -38,6 +39,7 @@ use OCP\L10N\IFactory; use OCP\Settings\ISettings; use OCP\Settings\IManager; use OCP\Settings\ISection; +use OCP\Settings\ISubAdminSettings; class Manager implements IManager { @@ -150,10 +152,11 @@ class Manager implements IManager { /** * @param string $type 'admin' or 'personal' * @param string $section + * @param Closure $filter optional filter to apply on all loaded ISettings * * @return ISettings[] */ - protected function getSettings(string $type, string $section): array { + protected function getSettings(string $type, string $section, Closure $filter = null): array { if (!isset($this->settings[$type])) { $this->settings[$type] = []; } @@ -162,6 +165,10 @@ class Manager implements IManager { } foreach ($this->settingClasses as $class => $settingsType) { + if ($type !== $settingsType) { + continue; + } + try { /** @var ISettings $setting */ $setting = \OC::$server->query($class); @@ -175,6 +182,9 @@ class Manager implements IManager { continue; } + if ($filter !== null && !$filter($setting)) { + continue; + } if ($setting->getSection() === null) { continue; } @@ -226,33 +236,44 @@ class Manager implements IManager { /** * @param string $section + * @param Closure $filter * * @return ISection[] */ - private function getBuiltInAdminSettings($section): array { + private function getBuiltInAdminSettings($section, Closure $filter = null): array { $forms = []; if ($section === 'overview') { /** @var ISettings $form */ $form = $this->container->query(Admin\Overview::class); - $forms[$form->getPriority()] = [$form]; + if ($filter === null || $filter($form)) { + $forms[$form->getPriority()] = [$form]; + } } if ($section === 'server') { /** @var ISettings $form */ $form = $this->container->query(Admin\Server::class); - $forms[$form->getPriority()] = [$form]; + if ($filter === null || $filter($form)) { + $forms[$form->getPriority()] = [$form]; + } $form = $this->container->query(Admin\Mail::class); - $forms[$form->getPriority()] = [$form]; + if ($filter === null || $filter($form)) { + $forms[$form->getPriority()] = [$form]; + } } if ($section === 'security') { /** @var ISettings $form */ $form = $this->container->query(Admin\Security::class); - $forms[$form->getPriority()] = [$form]; + if ($filter === null || $filter($form)) { + $forms[$form->getPriority()] = [$form]; + } } if ($section === 'sharing') { /** @var ISettings $form */ $form = $this->container->query(Admin\Sharing::class); - $forms[$form->getPriority()] = [$form]; + if ($filter === null || $filter($form)) { + $forms[$form->getPriority()] = [$form]; + } } return $forms; @@ -290,9 +311,17 @@ class Manager implements IManager { /** * @inheritdoc */ - public function getAdminSettings($section): array { - $settings = $this->getBuiltInAdminSettings($section); - $appSettings = $this->getSettings('admin', $section); + public function getAdminSettings($section, bool $subAdminOnly = false): array { + if ($subAdminOnly) { + $subAdminSettingsFilter = function(ISettings $settings) { + return $settings instanceof ISubAdminSettings; + }; + $settings = $this->getBuiltInAdminSettings($section, $subAdminSettingsFilter); + $appSettings = $this->getSettings('admin', $section, $subAdminSettingsFilter); + } else { + $settings = $this->getBuiltInAdminSettings($section); + $appSettings = $this->getSettings('admin', $section); + } foreach ($appSettings as $setting) { if (!isset($settings[$setting->getPriority()])) { diff --git a/lib/public/Settings/IManager.php b/lib/public/Settings/IManager.php index 52f12c3a8fb..c0a34f4403f 100644 --- a/lib/public/Settings/IManager.php +++ b/lib/public/Settings/IManager.php @@ -82,10 +82,11 @@ interface IManager { * returns a list of the admin settings * * @param string $section the section id for which to load the settings + * @param bool $subAdminOnly only return settings sub admins are supposed to see (since 17.0.0) * @return array array of IAdmin[] where key is the priority * @since 9.1.0 */ - public function getAdminSettings($section): array; + public function getAdminSettings($section, bool $subAdminOnly = false): array; /** * returns a list of the personal settings diff --git a/lib/public/Settings/ISubAdminSettings.php b/lib/public/Settings/ISubAdminSettings.php new file mode 100644 index 00000000000..3d047d2c872 --- /dev/null +++ b/lib/public/Settings/ISubAdminSettings.php @@ -0,0 +1,35 @@ +<?php + +declare(strict_types=1); + +/** + * @copyright 2019 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @author 2019 Christoph Wurst <christoph@winzerhof-wurst.at> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ + +namespace OCP\Settings; + +/** + * Tagging interface for settings that should be shown to sub admins + * + * @since 17.0.0 + */ +interface ISubAdminSettings extends ISettings { + +} diff --git a/settings/Controller/AdminSettingsController.php b/settings/Controller/AdminSettingsController.php index e2ad577024c..e322a2a5354 100644 --- a/settings/Controller/AdminSettingsController.php +++ b/settings/Controller/AdminSettingsController.php @@ -27,8 +27,12 @@ namespace OC\Settings\Controller; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\TemplateResponse; +use OCP\Group\ISubAdmin; +use OCP\IGroupManager; use OCP\INavigationManager; use OCP\IRequest; +use OCP\IUser; +use OCP\IUserSession; use OCP\Settings\IManager as ISettingsManager; use OCP\Template; @@ -38,21 +42,21 @@ use OCP\Template; class AdminSettingsController extends Controller { use CommonSettingsTrait; - /** - * @param string $appName - * @param IRequest $request - * @param INavigationManager $navigationManager - * @param ISettingsManager $settingsManager - */ public function __construct( $appName, IRequest $request, INavigationManager $navigationManager, - ISettingsManager $settingsManager + ISettingsManager $settingsManager, + IUserSession $userSession, + IGroupManager $groupManager, + ISubAdmin $subAdmin ) { parent::__construct($appName, $request); $this->navigationManager = $navigationManager; $this->settingsManager = $settingsManager; + $this->userSession = $userSession; + $this->groupManager = $groupManager; + $this->subAdmin = $subAdmin; } /** @@ -60,6 +64,7 @@ class AdminSettingsController extends Controller { * @return TemplateResponse * * @NoCSRFRequired + * @SubAdminRequired */ public function index($section) { return $this->getIndexResponse('admin', $section); @@ -70,9 +75,16 @@ class AdminSettingsController extends Controller { * @return array */ protected function getSettings($section) { - $settings = $this->settingsManager->getAdminSettings($section); + /** @var IUser $user */ + $user = $this->userSession->getUser(); + $isSubAdmin = !$this->groupManager->isAdmin($user->getUID()) && $this->subAdmin->isSubAdmin($user); + $settings = $this->settingsManager->getAdminSettings( + $section, + $isSubAdmin + ); $formatted = $this->formatSettings($settings); - if($section === 'additional') { + // Do not show legacy forms for sub admins + if($section === 'additional' && !$isSubAdmin) { $formatted['content'] .= $this->getLegacyForms(); } return $formatted; diff --git a/settings/Controller/CommonSettingsTrait.php b/settings/Controller/CommonSettingsTrait.php index 10fc0d84bbd..1844dda551e 100644 --- a/settings/Controller/CommonSettingsTrait.php +++ b/settings/Controller/CommonSettingsTrait.php @@ -25,18 +25,32 @@ namespace OC\Settings\Controller; use OCP\AppFramework\Http\TemplateResponse; +use OCP\Group\ISubAdmin; +use OCP\IGroupManager; use OCP\INavigationManager; +use OCP\IUser; +use OCP\IUserSession; use OCP\Settings\IManager as ISettingsManager; use OCP\Settings\IIconSection; use OCP\Settings\ISettings; trait CommonSettingsTrait { + /** @var ISettingsManager */ private $settingsManager; /** @var INavigationManager */ private $navigationManager; + /** @var IUserSession */ + private $userSession; + + /** @var IGroupManager */ + private $groupManager; + + /** @var ISubAdmin */ + private $subAdmin; + /** * @param string $currentSection * @return array @@ -47,8 +61,16 @@ trait CommonSettingsTrait { 'admin' => [] ]; - if(\OC_User::isAdminUser(\OC_User::getUser())) { - $templateParameters['admin'] = $this->formatAdminSections($currentType, $currentSection); + /** @var IUser $user */ + $user = $this->userSession->getUser(); + $isAdmin = $this->groupManager->isAdmin($user->getUID()); + $isSubAdmin = $this->subAdmin->isSubAdmin($user); + if ($isAdmin || $isSubAdmin) { + $templateParameters['admin'] = $this->formatAdminSections( + $currentType, + $currentSection, + !$isAdmin && $isSubAdmin + ); } return [ @@ -56,13 +78,13 @@ trait CommonSettingsTrait { ]; } - protected function formatSections($sections, $currentSection, $type, $currentType) { + protected function formatSections($sections, $currentSection, $type, $currentType, bool $subAdminOnly = false) { $templateParameters = []; /** @var \OCP\Settings\ISection[] $prioritizedSections */ foreach($sections as $prioritizedSections) { foreach ($prioritizedSections as $section) { if($type === 'admin') { - $settings = $this->settingsManager->getAdminSettings($section->getID()); + $settings = $this->settingsManager->getAdminSettings($section->getID(), $subAdminOnly); } else if($type === 'personal') { $settings = $this->settingsManager->getPersonalSettings($section->getID()); } @@ -96,9 +118,9 @@ trait CommonSettingsTrait { return $templateParameters; } - protected function formatAdminSections($currentType, $currentSections) { + protected function formatAdminSections($currentType, $currentSections, bool $subAdminOnly) { $sections = $this->settingsManager->getAdminSections(); - $templateParameters = $this->formatSections($sections, $currentSections, 'admin', $currentType); + $templateParameters = $this->formatSections($sections, $currentSections, 'admin', $currentType, $subAdminOnly); return $templateParameters; } diff --git a/settings/Controller/PersonalSettingsController.php b/settings/Controller/PersonalSettingsController.php index 9ec7ce72645..01ef84a1c49 100644 --- a/settings/Controller/PersonalSettingsController.php +++ b/settings/Controller/PersonalSettingsController.php @@ -26,8 +26,11 @@ namespace OC\Settings\Controller; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\TemplateResponse; +use OCP\Group\ISubAdmin; +use OCP\IGroupManager; use OCP\INavigationManager; use OCP\IRequest; +use OCP\IUserSession; use OCP\Settings\IManager as ISettingsManager; use OCP\Template; @@ -38,11 +41,17 @@ class PersonalSettingsController extends Controller { $appName, IRequest $request, INavigationManager $navigationManager, - ISettingsManager $settingsManager + ISettingsManager $settingsManager, + IUserSession $userSession, + IGroupManager $groupManager, + ISubAdmin $subAdmin ) { parent::__construct($appName, $request); $this->navigationManager = $navigationManager; $this->settingsManager = $settingsManager; + $this->userSession = $userSession; + $this->subAdmin = $subAdmin; + $this->groupManager = $groupManager; } /** diff --git a/tests/Settings/Controller/AdminSettingsControllerTest.php b/tests/Settings/Controller/AdminSettingsControllerTest.php index 6c2b44f37e0..c86615ed590 100644 --- a/tests/Settings/Controller/AdminSettingsControllerTest.php +++ b/tests/Settings/Controller/AdminSettingsControllerTest.php @@ -25,9 +25,14 @@ namespace Tests\Settings\Controller; use OC\Settings\Personal\ServerDevNotice; use OC\Settings\Controller\AdminSettingsController; use OCP\AppFramework\Http\TemplateResponse; +use OCP\Group\ISubAdmin; +use OCP\IGroupManager; use OCP\INavigationManager; use OCP\IRequest; +use OCP\IUser; +use OCP\IUserSession; use OCP\Settings\IManager; +use PHPUnit\Framework\MockObject\MockObject; use Test\TestCase; /** @@ -38,29 +43,42 @@ use Test\TestCase; * @package Tests\Settings\Controller */ class AdminSettingsControllerTest extends TestCase { + /** @var AdminSettingsController */ private $adminSettingsController; - /** @var IRequest */ + /** @var IRequest|MockObject */ private $request; - /** @var INavigationManager */ + /** @var INavigationManager|MockObject */ private $navigationManager; - /** @var IManager|\PHPUnit_Framework_MockObject_MockObject */ + /** @var IManager|MockObject */ private $settingsManager; + /** @var IUserSession|MockObject */ + private $userSession; + /** @var IGroupManager|MockObject */ + private $groupManager; + /** @var ISubAdmin|MockObject */ + private $subAdmin; /** @var string */ private $adminUid = 'lololo'; public function setUp() { parent::setUp(); - $this->request = $this->getMockBuilder(IRequest::class)->getMock(); - $this->navigationManager = $this->getMockBuilder(INavigationManager::class)->getMock(); - $this->settingsManager = $this->getMockBuilder(IManager::class)->getMock(); + $this->request = $this->createMock(IRequest::class); + $this->navigationManager = $this->createMock(INavigationManager::class); + $this->settingsManager = $this->createMock(IManager::class); + $this->userSession = $this->createMock(IUserSession::class); + $this->groupManager = $this->createMock(IGroupManager::class); + $this->subAdmin = $this->createMock(ISubAdmin::class); $this->adminSettingsController = new AdminSettingsController( 'settings', $this->request, $this->navigationManager, - $this->settingsManager + $this->settingsManager, + $this->userSession, + $this->groupManager, + $this->subAdmin ); $user = \OC::$server->getUserManager()->createUser($this->adminUid, 'olo'); @@ -75,6 +93,19 @@ class AdminSettingsControllerTest extends TestCase { } public function testIndex() { + $user = $this->createMock(IUser::class); + $this->userSession + ->method('getUser') + ->willReturn($user); + $user->method('getUID')->willReturn('user123'); + $this->groupManager + ->method('isAdmin') + ->with('user123') + ->willReturn(true); + $this->subAdmin + ->method('isSubAdmin') + ->with($user) + ->willReturn(false); $this->settingsManager ->expects($this->once()) ->method('getAdminSections') @@ -89,7 +120,9 @@ class AdminSettingsControllerTest extends TestCase { ->with('test') ->willReturn([5 => new ServerDevNotice()]); + $idx = $this->adminSettingsController->index('test'); + $expected = new TemplateResponse('settings', 'settings/frame', ['forms' => ['personal' => [], 'admin' => []], 'content' => '']); - $this->assertEquals($expected, $this->adminSettingsController->index('test')); + $this->assertEquals($expected, $idx); } } diff --git a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php index 13c5379b142..ab243616be0 100644 --- a/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php +++ b/tests/lib/AppFramework/Middleware/Security/SecurityMiddlewareTest.php @@ -96,12 +96,12 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->csrfTokenManager = $this->createMock(CsrfTokenManager::class); $this->cspNonceManager = $this->createMock(ContentSecurityPolicyNonceManager::class); $this->l10n = $this->createMock(IL10N::class); - $this->middleware = $this->getMiddleware(true, true); + $this->middleware = $this->getMiddleware(true, true, false); $this->secException = new SecurityException('hey', false); $this->secAjaxException = new SecurityException('hey', true); } - private function getMiddleware(bool $isLoggedIn, bool $isAdminUser, bool $isAppEnabledForUser = true): SecurityMiddleware { + private function getMiddleware(bool $isLoggedIn, bool $isAdminUser, bool $isSubAdmin, bool $isAppEnabledForUser = true): SecurityMiddleware { $this->appManager = $this->createMock(IAppManager::class); $this->appManager->expects($this->any()) @@ -117,6 +117,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { 'files', $isLoggedIn, $isAdminUser, + $isSubAdmin, $this->contentSecurityPolicyManager, $this->csrfTokenManager, $this->cspNonceManager, @@ -153,7 +154,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { $isLoggedIn = true; } - $sec = $this->getMiddleware($isLoggedIn, $isAdminUser); + $sec = $this->getMiddleware($isLoggedIn, $isAdminUser, false); try { $this->reader->reflect(__CLASS__, $method); @@ -216,11 +217,6 @@ class SecurityMiddlewareTest extends \Test\TestCase { ); $this->ajaxExceptionStatus( __FUNCTION__, - 'isSubAdminUser', - 0 - ); - $this->ajaxExceptionStatus( - __FUNCTION__, 'passesCSRFCheck', 0 ); @@ -236,7 +232,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { ->method('passesCSRFCheck') ->will($this->returnValue(false)); - $sec = $this->getMiddleware(false, false); + $sec = $this->getMiddleware(false, false, false); $this->reader->reflect(__CLASS__, __FUNCTION__); $sec->beforeController($this->controller, __FUNCTION__); @@ -257,7 +253,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { $isAdminUser = false; } - $sec = $this->getMiddleware($isLoggedIn, $isAdminUser); + $sec = $this->getMiddleware($isLoggedIn, $isAdminUser, false); if($shouldFail) { $this->expectException(SecurityException::class); @@ -452,6 +448,41 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->securityCheck(__FUNCTION__, 'isAdminUser'); } + /** + * @NoCSRFRequired + * @SubAdminRequired + */ + public function testIsNotSubAdminCheck(){ + $this->reader->reflect(__CLASS__,__FUNCTION__); + $sec = $this->getMiddleware(true, false, false); + + $this->expectException(SecurityException::class); + $sec->beforeController($this, __METHOD__); + } + + /** + * @NoCSRFRequired + * @SubAdminRequired + */ + public function testIsSubAdminCheck(){ + $this->reader->reflect(__CLASS__,__FUNCTION__); + $sec = $this->getMiddleware(true, false, true); + + $sec->beforeController($this, __METHOD__); + $this->addToAssertionCount(1); + } + + /** + * @NoCSRFRequired + * @SubAdminRequired + */ + public function testIsSubAdminAndAdminCheck(){ + $this->reader->reflect(__CLASS__,__FUNCTION__); + $sec = $this->getMiddleware(true, true, true); + + $sec->beforeController($this, __METHOD__); + $this->addToAssertionCount(1); + } /** * @NoCSRFRequired @@ -479,7 +510,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->createMock(ISecureRandom::class), $this->createMock(IConfig::class) ); - $this->middleware = $this->getMiddleware(false, false); + $this->middleware = $this->getMiddleware(false, false, false); $this->urlGenerator ->expects($this->once()) ->method('linkToRoute') @@ -514,7 +545,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->createMock(IConfig::class) ); - $this->middleware = $this->getMiddleware(false, false); + $this->middleware = $this->getMiddleware(false, false, false); $response = $this->middleware->afterException( $this->controller, 'test', @@ -559,7 +590,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { $this->createMock(ISecureRandom::class), $this->createMock(IConfig::class) ); - $this->middleware = $this->getMiddleware(false, false); + $this->middleware = $this->getMiddleware(false, false, false); $this->logger ->expects($this->once()) ->method('logException'); @@ -684,7 +715,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { * @NoCSRFRequired */ public function testRestrictedAppLoggedInPublicPage() { - $middleware = $this->getMiddleware(true, false); + $middleware = $this->getMiddleware(true, false, false); $this->reader->reflect(__CLASS__,__FUNCTION__); $this->appManager->method('getAppPath') @@ -705,7 +736,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { * @NoCSRFRequired */ public function testRestrictedAppNotLoggedInPublicPage() { - $middleware = $this->getMiddleware(false, false); + $middleware = $this->getMiddleware(false, false, false); $this->reader->reflect(__CLASS__,__FUNCTION__); $this->appManager->method('getAppPath') @@ -725,7 +756,7 @@ class SecurityMiddlewareTest extends \Test\TestCase { * @NoCSRFRequired */ public function testRestrictedAppLoggedIn() { - $middleware = $this->getMiddleware(true, false, false); + $middleware = $this->getMiddleware(true, false, false, false); $this->reader->reflect(__CLASS__,__FUNCTION__); $this->appManager->method('getAppPath') diff --git a/tests/lib/Settings/ManagerTest.php b/tests/lib/Settings/ManagerTest.php index 7372cae811b..4128e33aef1 100644 --- a/tests/lib/Settings/ManagerTest.php +++ b/tests/lib/Settings/ManagerTest.php @@ -23,6 +23,7 @@ namespace Tests\Settings; +use function get_class; use OC\Settings\Admin\Sharing; use OC\Settings\Manager; use OC\Settings\Mapper; @@ -34,6 +35,8 @@ use OCP\ILogger; use OCP\IServerContainer; use OCP\IURLGenerator; use OCP\L10N\IFactory; +use OCP\Settings\ISettings; +use OCP\Settings\ISubAdminSettings; use Test\TestCase; class ManagerTest extends TestCase { @@ -207,6 +210,35 @@ class ManagerTest extends TestCase { ], $settings); } + public function testGetAdminSettingsAsSubAdmin() { + $section = $this->createMock(Sharing::class); + $this->container->expects($this->once()) + ->method('query') + ->with(Sharing::class) + ->willReturn($section); + + $settings = $this->manager->getAdminSettings('sharing', true); + + $this->assertEquals([], $settings); + } + + public function testGetSubAdminSettingsAsSubAdmin() { + $section = $this->createMock(ISubAdminSettings::class); + $section->expects($this->once()) + ->method('getPriority') + ->willReturn(13); + $this->container->expects($this->once()) + ->method('query') + ->with(Sharing::class) + ->willReturn($section); + + $settings = $this->manager->getAdminSettings('sharing', true); + + $this->assertEquals([ + 13 => [$section] + ], $settings); + } + public function testGetPersonalSettings() { $section = $this->createMock(Security::class); $section->expects($this->once()) |