diff options
| author | Louis <louis@chmn.me> | 2024-07-24 11:15:54 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-07-24 11:15:54 +0200 |
| commit | 7266a9ef333b47f4ec6dd16f48227fd4b4e862d4 (patch) | |
| tree | adb2b808e653b2ea1d0255ae774e97241d8c25c6 /apps/provisioning_api/lib/Controller/GroupsController.php | |
| parent | f3a2806b691543ba48968f875ad381d53f68ba35 (diff) | |
| parent | 7f0f671417f6de083827327d72fa7f8a21c7a950 (diff) | |
| download | nextcloud-server-7266a9ef333b47f4ec6dd16f48227fd4b4e862d4.tar.gz nextcloud-server-7266a9ef333b47f4ec6dd16f48227fd4b4e862d4.zip | |
Merge pull request #46418 from nextcloud/artonge/feat/user_admin_delegation
feat(users): Add users and group management to admin delegation
Diffstat (limited to 'apps/provisioning_api/lib/Controller/GroupsController.php')
| -rw-r--r-- | apps/provisioning_api/lib/Controller/GroupsController.php | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/apps/provisioning_api/lib/Controller/GroupsController.php b/apps/provisioning_api/lib/Controller/GroupsController.php index 9320fe13aaa..97480058fd1 100644 --- a/apps/provisioning_api/lib/Controller/GroupsController.php +++ b/apps/provisioning_api/lib/Controller/GroupsController.php @@ -9,8 +9,10 @@ declare(strict_types=1); namespace OCA\Provisioning_API\Controller; use OCA\Provisioning_API\ResponseDefinitions; +use OCA\Settings\Settings\Admin\Users; use OCP\Accounts\IAccountManager; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSException; use OCP\AppFramework\OCS\OCSForbiddenException; @@ -154,8 +156,9 @@ class GroupsController extends AUserData { } // Check subadmin has access to this group - if ($this->groupManager->isAdmin($user->getUID()) - || $isSubadminOfGroup) { + $isAdmin = $this->groupManager->isAdmin($user->getUID()); + $isDelegatedAdmin = $this->groupManager->isDelegatedAdmin($user->getUID()); + if ($isAdmin || $isDelegatedAdmin || $isSubadminOfGroup) { $users = $this->groupManager->get($groupId)->getUsers(); $users = array_map(function ($user) { /** @var IUser $user */ @@ -197,7 +200,9 @@ class GroupsController extends AUserData { } // Check subadmin has access to this group - if ($this->groupManager->isAdmin($currentUser->getUID()) || $isSubadminOfGroup) { + $isAdmin = $this->groupManager->isAdmin($currentUser->getUID()); + $isDelegatedAdmin = $this->groupManager->isDelegatedAdmin($currentUser->getUID()); + if ($isAdmin || $isDelegatedAdmin || $isSubadminOfGroup) { $users = $group->searchUsers($search, $limit, $offset); // Extract required number @@ -237,6 +242,7 @@ class GroupsController extends AUserData { * * 200: Group created successfully */ + #[AuthorizedAdminSetting(settings:Users::class)] public function addGroup(string $groupid, string $displayname = ''): DataResponse { // Validate name if (empty($groupid)) { @@ -270,6 +276,7 @@ class GroupsController extends AUserData { * * 200: Group updated successfully */ + #[AuthorizedAdminSetting(settings:Users::class)] public function updateGroup(string $groupId, string $key, string $value): DataResponse { $groupId = urldecode($groupId); @@ -299,6 +306,7 @@ class GroupsController extends AUserData { * * 200: Group deleted successfully */ + #[AuthorizedAdminSetting(settings:Users::class)] public function deleteGroup(string $groupId): DataResponse { $groupId = urldecode($groupId); @@ -322,6 +330,7 @@ class GroupsController extends AUserData { * * 200: Sub admins returned */ + #[AuthorizedAdminSetting(settings:Users::class)] public function getSubAdminsOfGroup(string $groupId): DataResponse { // Check group exists $targetGroup = $this->groupManager->get($groupId); |