prov api to be able to edit multivalue properties

- adding as usual - deleting and scope setting via additional endpoint Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
author: Arthur Schiwon <blizzz@arthur-schiwon.de> 2021-06-11 16:14:01 +0200
committer: Arthur Schiwon <blizzz@arthur-schiwon.de> 2021-06-30 00:41:11 +0200
commit: d109d4f58198b2ac35d590e59a45f948da23ca8e (patch)
tree: 8569a402433cf348d1734d806f0881e4bb8f425a /apps/provisioning_api
parent: 3da9064f9df9b09c4351bb28255afcbc96156a26 (diff)
download: nextcloud-server-d109d4f58198b2ac35d590e59a45f948da23ca8e.tar.gz
nextcloud-server-d109d4f58198b2ac35d590e59a45f948da23ca8e.zip
2 files changed, 99 insertions, 0 deletions
diff --git a/apps/provisioning_api/appinfo/routes.php b/apps/provisioning_api/appinfo/routes.php
index 8cf57487d3a..01b6260c1d5 100644
--- a/apps/provisioning_api/appinfo/routes.php
+++ b/apps/provisioning_api/appinfo/routes.php
@@ -54,6 +54,7 @@ return [
 		['root' => '/cloud', 'name' => 'Users#getEditableFields', 'url' => '/user/fields', 'verb' => 'GET'],
 		['root' => '/cloud', 'name' => 'Users#getEditableFieldsForUser', 'url' => '/user/fields/{userId}', 'verb' => 'GET'],
 		['root' => '/cloud', 'name' => 'Users#editUser', 'url' => '/users/{userId}', 'verb' => 'PUT'],
+		['root' => '/cloud', 'name' => 'Users#editUserMultiValue', 'url' => '/users/{userId}/{collectionName}', 'verb' => 'PUT', 'requirements' => ['collectionName' => '[^(enable|disable)]']],
 		['root' => '/cloud', 'name' => 'Users#wipeUserDevices', 'url' => '/users/{userId}/wipe', 'verb' => 'POST'],
 		['root' => '/cloud', 'name' => 'Users#deleteUser', 'url' => '/users/{userId}', 'verb' => 'DELETE'],
 		['root' => '/cloud', 'name' => 'Users#enableUser', 'url' => '/users/{userId}/enable', 'verb' => 'PUT'],
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index 6c17648b9ea..709f139d830 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -52,6 +52,7 @@ use OC\KnownUser\KnownUserService;
 use OC\User\Backend;
 use OCA\Settings\Mailer\NewUserMailHelper;
 use OCP\Accounts\IAccountManager;
+use OCP\Accounts\IAccountProperty;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
@@ -602,6 +603,85 @@ class UsersController extends AUserData {
 	}
 
 	/**
+	 * @throws OCSException
+	 */
+	public function editUserMultiValue(
+		string $userId,
+		string $collectionName,
+		string $key,
+		string $value
+	): DataResponse {
+		$currentLoggedInUser = $this->userSession->getUser();
+		if ($currentLoggedInUser === null) {
+			throw new OCSException('', OCSController::RESPOND_UNAUTHORISED);
+		}
+
+		$targetUser = $this->userManager->get($userId);
+		if ($targetUser === null) {
+			throw new OCSException('', OCSController::RESPOND_NOT_FOUND);
+		}
+
+		$permittedFields = [];
+		if ($targetUser->getUID() === $currentLoggedInUser->getUID()) {
+			// Editing self (display, email)
+			$permittedFields[] = IAccountManager::COLLECTION_EMAIL;
+			$permittedFields[] = IAccountManager::COLLECTION_EMAIL . self::SCOPE_SUFFIX;
+		} else {
+			// Check if admin / subadmin
+			$subAdminManager = $this->groupManager->getSubAdmin();
+			if ($this->groupManager->isAdmin($currentLoggedInUser->getUID())
+				|| $subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) {
+				// They have permissions over the user
+
+				$permittedFields[] = IAccountManager::COLLECTION_EMAIL;
+			} else {
+				// No rights
+				throw new OCSException('', OCSController::RESPOND_NOT_FOUND);
+			}
+		}
+
+		// Check if permitted to edit this field
+		if (!in_array($collectionName, $permittedFields)) {
+			throw new OCSException('', 103);
+		}
+
+		switch ($collectionName) {
+			case IAccountManager::COLLECTION_EMAIL:
+				$userAccount = $this->accountManager->getAccount($targetUser);
+				$mailCollection = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL);
+				$mailCollection->removePropertyByValue($key);
+				if ($value !== '') {
+					// "replace on"
+					$mailCollection->addPropertyWithDefaults($value);
+				}
+				$this->accountManager->updateAccount($userAccount);
+				break;
+
+			case IAccountManager::COLLECTION_EMAIL . self::SCOPE_SUFFIX:
+				$userAccount = $this->accountManager->getAccount($targetUser);
+				$mailCollection = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL);
+				$targetProperty = null;
+				foreach ($mailCollection->getProperties() as $property) {
+					if ($property->getValue() === $value) {
+						$targetProperty = $property;
+						break;
+					}
+				}
+				if ($targetProperty instanceof IAccountProperty) {
+					$targetProperty->setScope($value);
+					$this->accountManager->updateAccount($userAccount);
+				} else {
+					throw new OCSException('', 102);
+				}
+				break;
+
+			default:
+				throw new OCSException('', 103);
+		}
+		return new DataResponse();
+	}
+
+	/**
 	 * @NoAdminRequired
 	 * @NoSubAdminRequired
 	 * @PasswordConfirmationRequired
@@ -637,6 +717,8 @@ class UsersController extends AUserData {
 			$permittedFields[] = IAccountManager::PROPERTY_DISPLAYNAME . self::SCOPE_SUFFIX;
 			$permittedFields[] = IAccountManager::PROPERTY_EMAIL . self::SCOPE_SUFFIX;
 
+			$permittedFields[] = IAccountManager::COLLECTION_EMAIL;
+
 			$permittedFields[] = 'password';
 			if ($this->config->getSystemValue('force_language', false) === false ||
 				$this->groupManager->isAdmin($currentLoggedInUser->getUID())) {
@@ -675,6 +757,7 @@ class UsersController extends AUserData {
 					$permittedFields[] = IAccountManager::PROPERTY_DISPLAYNAME;
 				}
 				$permittedFields[] = IAccountManager::PROPERTY_EMAIL;
+				$permittedFields[] = IAccountManager::COLLECTION_EMAIL;
 				$permittedFields[] = 'password';
 				$permittedFields[] = 'language';
 				$permittedFields[] = 'locale';
@@ -747,6 +830,21 @@ class UsersController extends AUserData {
 					throw new OCSException('', 102);
 				}
 				break;
+			case IAccountManager::COLLECTION_EMAIL:
+				if (filter_var($value, FILTER_VALIDATE_EMAIL) && $value !== $targetUser->getEMailAddress()) {
+					$userAccount = $this->accountManager->getAccount($targetUser);
+					$mailCollection = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL);
+					foreach ($mailCollection->getProperties() as $property) {
+						if ($property->getValue() === $value) {
+							break;
+						}
+					}
+					$mailCollection->addPropertyWithDefaults($value);
+					$this->accountManager->updateAccount($userAccount);
+				} else {
+					throw new OCSException('', 102);
+				}
+				break;
 			case IAccountManager::PROPERTY_PHONE:
 			case IAccountManager::PROPERTY_ADDRESS:
 			case IAccountManager::PROPERTY_WEBSITE:
author	Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-06-11 16:14:01 +0200
committer	Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-06-30 00:41:11 +0200
commit	d109d4f58198b2ac35d590e59a45f948da23ca8e (patch)
tree	8569a402433cf348d1734d806f0881e4bb8f425a /apps/provisioning_api
parent	3da9064f9df9b09c4351bb28255afcbc96156a26 (diff)
download	nextcloud-server-d109d4f58198b2ac35d590e59a45f948da23ca8e.tar.gz nextcloud-server-d109d4f58198b2ac35d590e59a45f948da23ca8e.zip