refactor(user_status): Replace security annotations with respective attributes

Signed-off-by: provokateurin <kate@provokateurin.de>
author: provokateurin <kate@provokateurin.de> 2024-07-25 13:14:51 +0200
committer: provokateurin <kate@provokateurin.de> 2024-07-27 21:35:52 +0200
commit: 8e655d46e909aefc897febfbc45303af8e237b0c (patch)
tree: ac2d01683e7761fd90f4cd951671b5b47ecba2b3
parent: 212a621697cd32b65ea78fa90015cec9d9d1dfe3 (diff)
download: nextcloud-server-8e655d46e909aefc897febfbc45303af8e237b0c.tar.gz
nextcloud-server-8e655d46e909aefc897febfbc45303af8e237b0c.zip
4 files changed, 14 insertions, 20 deletions
diff --git a/apps/user_status/lib/Controller/HeartbeatController.php b/apps/user_status/lib/Controller/HeartbeatController.php
index e8325617557..65fdda75eec 100644
--- a/apps/user_status/lib/Controller/HeartbeatController.php
+++ b/apps/user_status/lib/Controller/HeartbeatController.php
@@ -13,6 +13,7 @@ use OCA\UserStatus\ResponseDefinitions;
 use OCA\UserStatus\Service\StatusService;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\AppFramework\Utility\ITimeFactory;
@@ -55,8 +56,6 @@ class HeartbeatController extends OCSController {
 	/**
 	 * Keep the status alive
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string $status Only online, away
 	 *
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>|DataResponse<Http::STATUS_BAD_REQUEST|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NO_CONTENT, array<empty>, array{}>
@@ -64,6 +63,7 @@ class HeartbeatController extends OCSController {
 	 * 204: User has no status to keep alive
 	 * 400: Invalid status to update
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'PUT', url: '/api/v1/heartbeat')]
 	public function heartbeat(string $status): DataResponse {
 		if (!\in_array($status, [IUserStatus::ONLINE, IUserStatus::AWAY], true)) {
diff --git a/apps/user_status/lib/Controller/PredefinedStatusController.php b/apps/user_status/lib/Controller/PredefinedStatusController.php
index 884bc1d2baa..54a5a3e7eef 100644
--- a/apps/user_status/lib/Controller/PredefinedStatusController.php
+++ b/apps/user_status/lib/Controller/PredefinedStatusController.php
@@ -12,6 +12,7 @@ use OCA\UserStatus\ResponseDefinitions;
 use OCA\UserStatus\Service\PredefinedStatusService;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\IRequest;
@@ -43,12 +44,11 @@ class PredefinedStatusController extends OCSController {
 	/**
 	 * Get all predefined messages
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPredefined[], array{}>
 	 *
 	 * 200: Predefined statuses returned
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v1/predefined_statuses/')]
 	public function findAll():DataResponse {
 		// Filtering out the invisible one, that should only be set by API
diff --git a/apps/user_status/lib/Controller/StatusesController.php b/apps/user_status/lib/Controller/StatusesController.php
index da942ed7d7c..08b2878e297 100644
--- a/apps/user_status/lib/Controller/StatusesController.php
+++ b/apps/user_status/lib/Controller/StatusesController.php
@@ -14,6 +14,7 @@ use OCA\UserStatus\Service\StatusService;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSNotFoundException;
 use OCP\AppFramework\OCSController;
@@ -46,14 +47,13 @@ class StatusesController extends OCSController {
 	/**
 	 * Find statuses of users
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param int|null $limit Maximum number of statuses to find
 	 * @param int|null $offset Offset for finding statuses
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPublic[], array{}>
 	 *
 	 * 200: Statuses returned
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v1/statuses')]
 	public function findAll(?int $limit = null, ?int $offset = null): DataResponse {
 		$allStatuses = $this->service->findAll($limit, $offset);
@@ -66,14 +66,13 @@ class StatusesController extends OCSController {
 	/**
 	 * Find the status of a user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string $userId ID of the user
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPublic, array{}>
 	 * @throws OCSNotFoundException The user was not found
 	 *
 	 * 200: Status returned
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v1/statuses/{userId}')]
 	public function find(string $userId): DataResponse {
 		try {
diff --git a/apps/user_status/lib/Controller/UserStatusController.php b/apps/user_status/lib/Controller/UserStatusController.php
index 70bf619253b..bc2efaf86e6 100644
--- a/apps/user_status/lib/Controller/UserStatusController.php
+++ b/apps/user_status/lib/Controller/UserStatusController.php
@@ -20,6 +20,7 @@ use OCA\UserStatus\Service\StatusService;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSBadRequestException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
@@ -46,13 +47,12 @@ class UserStatusController extends OCSController {
 	/**
 	 * Get the status of the current user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
 	 * @throws OCSNotFoundException The user was not found
 	 *
 	 * 200: The status was found successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v1/user_status')]
 	public function getStatus(): DataResponse {
 		try {
@@ -68,14 +68,13 @@ class UserStatusController extends OCSController {
 	/**
 	 * Update the status type of the current user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string $statusType The new status type
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
 	 * @throws OCSBadRequestException The status type is invalid
 	 *
 	 * 200: The status was updated successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/status')]
 	public function setStatus(string $statusType): DataResponse {
 		try {
@@ -92,8 +91,6 @@ class UserStatusController extends OCSController {
 	/**
 	 * Set the message to a predefined message for the current user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string $messageId ID of the predefined message
 	 * @param int|null $clearAt When the message should be cleared
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
@@ -101,6 +98,7 @@ class UserStatusController extends OCSController {
 	 *
 	 * 200: The message was updated successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/message/predefined')]
 	public function setPredefinedMessage(string $messageId,
 		?int $clearAt): DataResponse {
@@ -120,8 +118,6 @@ class UserStatusController extends OCSController {
 	/**
 	 * Set the message to a custom message for the current user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string|null $statusIcon Icon of the status
 	 * @param string|null $message Message of the status
 	 * @param int|null $clearAt When the message should be cleared
@@ -130,6 +126,7 @@ class UserStatusController extends OCSController {
 	 *
 	 * 200: The message was updated successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/message/custom')]
 	public function setCustomMessage(?string $statusIcon,
 		?string $message,
@@ -158,12 +155,11 @@ class UserStatusController extends OCSController {
 	/**
 	 * Clear the message of the current user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
 	 *
 	 * 200: Message cleared successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'DELETE', url: '/api/v1/user_status/message')]
 	public function clearMessage(): DataResponse {
 		$this->service->clearMessage($this->userId);
@@ -173,14 +169,13 @@ class UserStatusController extends OCSController {
 	/**
 	 * Revert the status to the previous status
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string $messageId ID of the message to delete
 	 *
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate|array<empty>, array{}>
 	 *
 	 * 200: Status reverted
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'DELETE', url: '/api/v1/user_status/revert/{messageId}')]
 	public function revertStatus(string $messageId): DataResponse {
 		$backupStatus = $this->service->revertUserStatus($this->userId, $messageId, true);
author	provokateurin <kate@provokateurin.de>	2024-07-25 13:14:51 +0200
committer	provokateurin <kate@provokateurin.de>	2024-07-27 21:35:52 +0200
commit	8e655d46e909aefc897febfbc45303af8e237b0c (patch)
tree	ac2d01683e7761fd90f4cd951671b5b47ecba2b3
parent	212a621697cd32b65ea78fa90015cec9d9d1dfe3 (diff)
download	nextcloud-server-8e655d46e909aefc897febfbc45303af8e237b0c.tar.gz nextcloud-server-8e655d46e909aefc897febfbc45303af8e237b0c.zip