feat(users): Add support for admin delegation for users and groups management

Signed-off-by: Louis Chemineau <louis@chmn.me>
author: Louis Chemineau <louis@chmn.me> 2024-07-11 12:09:39 +0200
committer: Louis Chemineau <louis@chmn.me> 2024-07-22 17:17:35 +0200
commit: dff881544920f426b984f91b7bc8dece1f351342 (patch)
tree: 9ebce4597dad2cd0fe817257f76348f28805c2ba /apps/settings
parent: 1af827fdb39dd182743853e17cf5493a8b4637d2 (diff)
download: nextcloud-server-dff881544920f426b984f91b7bc8dece1f351342.tar.gz
nextcloud-server-dff881544920f426b984f91b7bc8dece1f351342.zip
5 files changed, 72 insertions, 2 deletions
diff --git a/apps/settings/appinfo/info.xml b/apps/settings/appinfo/info.xml
index a87e459aaf7..2674b97b57d 100644
--- a/apps/settings/appinfo/info.xml
+++ b/apps/settings/appinfo/info.xml
@@ -34,6 +34,7 @@
 		<admin>OCA\Settings\Settings\Admin\Sharing</admin>
 		<admin>OCA\Settings\Settings\Admin\Security</admin>
 		<admin>OCA\Settings\Settings\Admin\Delegation</admin>
+		<admin>OCA\Settings\Settings\Admin\Users</admin>
 		<admin-section>OCA\Settings\Sections\Admin\Additional</admin-section>
 		<admin-section>OCA\Settings\Sections\Admin\Delegation</admin-section>
 		<admin-section>OCA\Settings\Sections\Admin\Groupware</admin-section>
diff --git a/apps/settings/composer/composer/autoload_classmap.php b/apps/settings/composer/composer/autoload_classmap.php
index 27c1496008e..41f70c3a8e6 100644
--- a/apps/settings/composer/composer/autoload_classmap.php
+++ b/apps/settings/composer/composer/autoload_classmap.php
@@ -71,6 +71,7 @@ return array(
     'OCA\\Settings\\Settings\\Admin\\Security' => $baseDir . '/../lib/Settings/Admin/Security.php',
     'OCA\\Settings\\Settings\\Admin\\Server' => $baseDir . '/../lib/Settings/Admin/Server.php',
     'OCA\\Settings\\Settings\\Admin\\Sharing' => $baseDir . '/../lib/Settings/Admin/Sharing.php',
+    'OCA\\Settings\\Settings\\Admin\\Users' => $baseDir . '/../lib/Settings/Admin/Users.php',
     'OCA\\Settings\\Settings\\Personal\\Additional' => $baseDir . '/../lib/Settings/Personal/Additional.php',
     'OCA\\Settings\\Settings\\Personal\\PersonalInfo' => $baseDir . '/../lib/Settings/Personal/PersonalInfo.php',
     'OCA\\Settings\\Settings\\Personal\\Security\\Authtokens' => $baseDir . '/../lib/Settings/Personal/Security/Authtokens.php',
diff --git a/apps/settings/composer/composer/autoload_static.php b/apps/settings/composer/composer/autoload_static.php
index 14e4c362887..4fa905b55bb 100644
--- a/apps/settings/composer/composer/autoload_static.php
+++ b/apps/settings/composer/composer/autoload_static.php
@@ -86,6 +86,7 @@ class ComposerStaticInitSettings
         'OCA\\Settings\\Settings\\Admin\\Security' => __DIR__ . '/..' . '/../lib/Settings/Admin/Security.php',
         'OCA\\Settings\\Settings\\Admin\\Server' => __DIR__ . '/..' . '/../lib/Settings/Admin/Server.php',
         'OCA\\Settings\\Settings\\Admin\\Sharing' => __DIR__ . '/..' . '/../lib/Settings/Admin/Sharing.php',
+        'OCA\\Settings\\Settings\\Admin\\Users' => __DIR__ . '/..' . '/../lib/Settings/Admin/Users.php',
         'OCA\\Settings\\Settings\\Personal\\Additional' => __DIR__ . '/..' . '/../lib/Settings/Personal/Additional.php',
         'OCA\\Settings\\Settings\\Personal\\PersonalInfo' => __DIR__ . '/..' . '/../lib/Settings/Personal/PersonalInfo.php',
         'OCA\\Settings\\Settings\\Personal\\Security\\Authtokens' => __DIR__ . '/..' . '/../lib/Settings/Personal/Security/Authtokens.php',
diff --git a/apps/settings/lib/Controller/UsersController.php b/apps/settings/lib/Controller/UsersController.php
index 999f883bad8..1e934cdf43c 100644
--- a/apps/settings/lib/Controller/UsersController.php
+++ b/apps/settings/lib/Controller/UsersController.php
@@ -19,12 +19,14 @@ use OC\Security\IdentityProof\Manager;
 use OC\User\Manager as UserManager;
 use OCA\Settings\BackgroundJobs\VerifyUserData;
 use OCA\Settings\Events\BeforeTemplateRenderedEvent;
+use OCA\Settings\Settings\Admin\Users;
 use OCA\User_LDAP\User_Proxy;
 use OCP\Accounts\IAccount;
 use OCP\Accounts\IAccountManager;
 use OCP\Accounts\PropertyDoesNotExistException;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\JSONResponse;
@@ -93,6 +95,7 @@ class UsersController extends Controller {
 		$user = $this->userSession->getUser();
 		$uid = $user->getUID();
 		$isAdmin = $this->groupManager->isAdmin($uid);
+		$isDelegatedAdmin = $this->groupManager->isDelegatedAdmin($uid);
 
 		\OC::$server->getNavigationManager()->setActiveEntry('core_users');
 
@@ -118,6 +121,7 @@ class UsersController extends Controller {
 		$groupsInfo = new \OC\Group\MetaData(
 			$uid,
 			$isAdmin,
+			$isDelegatedAdmin,
 			$this->groupManager,
 			$this->userSession
 		);
@@ -135,7 +139,7 @@ class UsersController extends Controller {
 		$userCount = 0;
 
 		if (!$isLDAPUsed) {
-			if ($isAdmin) {
+			if ($isAdmin || $isDelegatedAdmin) {
 				$disabledUsers = $this->userManager->countDisabledUsers();
 				$userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
 					return $v + (int)$w;
@@ -200,7 +204,8 @@ class UsersController extends Controller {
 		// groups
 		$serverData['groups'] = array_merge_recursive($adminGroup, [$recentUsersGroup, $disabledUsersGroup], $groups);
 		// Various data
-		$serverData['isAdmin'] = $isAdmin;
+		$serverData['isAdmin'] = $isAdmin || $isDelegatedAdmin;
+		$serverData['isDelegatedAdmin'] = $isDelegatedAdmin;
 		$serverData['sortGroups'] = $forceSortGroupByName
 			? \OC\Group\MetaData::SORT_GROUPNAME
 			: (int)$this->config->getAppValue('core', 'group.sortBy', (string)\OC\Group\MetaData::SORT_USERCOUNT);
@@ -232,6 +237,7 @@ class UsersController extends Controller {
 	 *
 	 * @return JSONResponse
 	 */
+	#[AuthorizedAdminSetting(settings:Users::class)]
 	public function setPreference(string $key, string $value): JSONResponse {
 		$allowed = ['newUser.sendEmail', 'group.sortBy'];
 		if (!in_array($key, $allowed, true)) {
diff --git a/apps/settings/lib/Settings/Admin/Users.php b/apps/settings/lib/Settings/Admin/Users.php
new file mode 100644
index 00000000000..3af018e0cf1
--- /dev/null
+++ b/apps/settings/lib/Settings/Admin/Users.php
@@ -0,0 +1,61 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Settings\Settings\Admin;
+
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\IL10N;
+use OCP\Settings\IDelegatedSettings;
+
+/**
+ * Empty settings class, used only for admin delegation.
+ */
+class Users implements IDelegatedSettings {
+
+	public function __construct(
+		protected string $appName,
+		private IL10N $l10n,
+	) {
+	}
+
+	/**
+	 * Empty template response
+	 */
+	public function getForm(): TemplateResponse {
+
+		return new /** @template-extends TemplateResponse<\OCP\AppFramework\Http::STATUS_OK, array{}> */ class($this->appName, '') extends TemplateResponse {
+			public function render(): string {
+				return '';
+			}
+		};
+	}
+
+	public function getSection(): ?string {
+		return 'admindelegation';
+	}
+
+	/**
+	 * @return int whether the form should be rather on the top or bottom of
+	 * the admin section. The forms are arranged in ascending order of the
+	 * priority values. It is required to return a value between 0 and 100.
+	 *
+	 * E.g.: 70
+	 */
+	public function getPriority(): int {
+		return 0;
+	}
+
+	public function getName(): string {
+		return $this->l10n->t('Users');
+	}
+
+	public function getAuthorizedAppConfig(): array {
+		return [];
+	}
+}
author	Louis Chemineau <louis@chmn.me>	2024-07-11 12:09:39 +0200
committer	Louis Chemineau <louis@chmn.me>	2024-07-22 17:17:35 +0200
commit	dff881544920f426b984f91b7bc8dece1f351342 (patch)
tree	9ebce4597dad2cd0fe817257f76348f28805c2ba /apps/settings
parent	1af827fdb39dd182743853e17cf5493a8b4637d2 (diff)
download	nextcloud-server-dff881544920f426b984f91b7bc8dece1f351342.tar.gz nextcloud-server-dff881544920f426b984f91b7bc8dece1f351342.zip