Merge pull request #18399 from owncloud/api-getusers-for-subadmins

enable api getUsers for subadmins

3 files changed, 104 insertions, 3 deletions

diff --git a/apps/provisioning_api/appinfo/routes.php b/apps/provisioning_api/appinfo/routes.php
index 5c53684fd77..17cfea26572 100644
--- a/apps/provisioning_api/appinfo/routes.php
+++ b/apps/provisioning_api/appinfo/routes.php
@@ -33,7 +33,7 @@ $users = new \OCA\Provisioning_API\Users(
 	\OC::$server->getGroupManager(),
 	\OC::$server->getUserSession()
 );
-API::register('get', '/cloud/users', [$users, 'getUsers'], 'provisioning_api', API::ADMIN_AUTH);
+API::register('get', '/cloud/users', [$users, 'getUsers'], 'provisioning_api', API::SUBADMIN_AUTH);
 API::register('post', '/cloud/users', [$users, 'addUser'], 'provisioning_api', API::ADMIN_AUTH);
 API::register('get', '/cloud/users/{userid}', [$users, 'getUser'], 'provisioning_api', API::USER_AUTH);
 API::register('put', '/cloud/users/{userid}', [$users, 'editUser'], 'provisioning_api', API::USER_AUTH);
diff --git a/apps/provisioning_api/lib/users.php b/apps/provisioning_api/lib/users.php
index fc5e79d4b2b..0b529bcea2c 100644
--- a/apps/provisioning_api/lib/users.php
+++ b/apps/provisioning_api/lib/users.php
@@ -29,6 +29,7 @@ namespace OCA\Provisioning_API;
 use \OC_OCS_Result;
 use \OC_SubAdmin;
 use \OC_Helper;
+use \OC_Group;
 use OCP\Files\NotFoundException;
 
 class Users {
@@ -71,7 +72,31 @@ class Users {
 		$limit = !empty($_GET['limit']) ? $_GET['limit'] : null;
 		$offset = !empty($_GET['offset']) ? $_GET['offset'] : null;
 
-		$users = $this->userManager->search($search, $limit, $offset);
+		// Check if user is logged in
+		$user = $this->userSession->getUser();
+		if ($user === null) {
+			return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
+		}
+
+		// Admin? Or SubAdmin?
+		if($this->groupManager->isAdmin($user->getUID())){
+			$users = $this->userManager->search($search, $limit, $offset);
+		} else if (\OC_SubAdmin::isSubAdmin($user->getUID())) {
+			$subAdminOfGroups = \OC_SubAdmin::getSubAdminsGroups($user->getUID());
+
+			if($offset === null) {
+				$offset = 0; 
+			}
+
+			$users = [];
+			foreach ($subAdminOfGroups as $group) {
+				$users = array_merge($users, $this->groupManager->displayNamesInGroup($group, $search));
+			}
+
+			$users = array_slice($users, $offset, $limit);
+		} else {
+			return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
+		}
 		$users = array_keys($users);
 
 		return new OC_OCS_Result([
diff --git a/apps/provisioning_api/tests/userstest.php b/apps/provisioning_api/tests/userstest.php
index 350586f8335..3869af87e5a 100644
--- a/apps/provisioning_api/tests/userstest.php
+++ b/apps/provisioning_api/tests/userstest.php
@@ -63,10 +63,16 @@ class UsersTest extends TestCase {
 			$this->groupManager,
 			$this->userSession
 		);
+
+		$this->userSession->setUser(null);
 	}
 
 	// Test getting the list of users
-	public function testGetUsers() {
+	public function testGetUsersAsAdmin() {
+		$user = $this->generateUsers();
+		$this->groupManager->get('admin')->addUser($user);
+		$this->userSession->setUser($user);
+
 		$result = $this->api->getUsers();
 		$this->assertInstanceOf('OC_OCS_Result', $result);
 		$this->assertTrue($result->succeeded());
@@ -103,6 +109,70 @@ class UsersTest extends TestCase {
 		$this->assertEquals(array_keys($this->userManager->search('', 1, 1)), $data['users']);
 	}
 
+	public function testGetUsersAsSubAdmin() {
+		$user = $this->generateUsers(10);
+		$this->userSession->setUser($user[0]);
+		$group = $this->groupManager->createGroup($this->getUniqueID());
+		\OC_SubAdmin::createSubAdmin($user[0]->getUID(), $group->getGID());
+
+		//Empty list
+		$result = $this->api->getUsers([]);
+		$this->assertInstanceOf('OC_OCS_Result', $result);
+		$this->assertTrue($result->succeeded());
+		$this->assertEquals(['users' => []], $result->getData());
+
+		//Some users in group
+		$group->addUser($user[1]);
+		$group->addUser($user[2]);
+		$group->addUser($user[3]);
+		$group->addUser($user[4]);
+
+		$result = $this->api->getUsers([]);
+		$this->assertInstanceOf('OC_OCS_Result', $result);
+		$this->assertTrue($result->succeeded());
+		$this->assertArrayHasKey('users', $result->getData());
+
+		$this->assertContains($user[1]->getUID(), $result->getData()['users']);
+		$this->assertContains($user[2]->getUID(), $result->getData()['users']);
+		$this->assertContains($user[3]->getUID(), $result->getData()['users']);
+		$this->assertContains($user[4]->getUID(), $result->getData()['users']);
+
+		$uids = [
+			$user[1]->getUID(),
+			$user[2]->getUID(),
+			$user[3]->getUID(),
+			$user[4]->getUID()
+		];
+		sort($uids);
+
+		$_GET['limit'] = 2;
+		$_GET['offset'] = 1;
+		$result = $this->api->getUsers([]);
+
+		$this->assertInstanceOf('OC_OCS_Result', $result);
+		$this->assertTrue($result->succeeded());
+		$this->assertEquals(['users' => array_slice($uids, 1, 2)], $result->getData());
+	}
+
+	public function testGetUsersNoUser() {
+		$result = $this->api->getUsers([]);
+
+		$this->assertInstanceOf('OC_OCS_Result', $result);
+		$this->assertFalse($result->succeeded());
+		$this->assertEquals(\OCP\API::RESPOND_UNAUTHORISED, $result->getStatusCode());
+	}
+
+	public function testGetUsersAsUser() {
+		$user = $this->generateUsers();
+		$this->userSession->setUser($user);
+
+		$result = $this->api->getUsers();
+		$this->assertInstanceOf('OC_OCS_Result', $result);
+		$this->assertFalse($result->succeeded());
+		$this->assertEquals(\OCP\API::RESPOND_UNAUTHORISED, $result->getStatusCode());
+
+	}
+
 	public function testAddUser() {
 		$this->resetParams();
 		$_POST['userid'] = $this->getUniqueID();
@@ -794,6 +864,9 @@ class UsersTest extends TestCase {
 	}
 
 	public function testAddToGroupNoGroupId() {
+		$user = $this->generateUsers();
+		$this->userSession->setUser($user);
+
 		$_POST['groupid'] = '';
 		$result = $this->api->addToGroup([
 			'userid' => $this->getUniqueID(),
@@ -935,6 +1008,9 @@ class UsersTest extends TestCase {
 	}
 
 	public function testRemoveFromGroupNoGroupId() {
+		$user = $this->generateUsers();
+		$this->userSession->setUser($user);
+
 		$result = $this->api->removeFromGroup([
 			'_delete' => [
 				'groupid' => ''