diff options
author | provokateurin <kate@provokateurin.de> | 2024-07-25 13:14:51 +0200 |
---|---|---|
committer | provokateurin <kate@provokateurin.de> | 2024-07-27 21:35:52 +0200 |
commit | 8e655d46e909aefc897febfbc45303af8e237b0c (patch) | |
tree | ac2d01683e7761fd90f4cd951671b5b47ecba2b3 /apps/user_status | |
parent | 212a621697cd32b65ea78fa90015cec9d9d1dfe3 (diff) | |
download | nextcloud-server-8e655d46e909aefc897febfbc45303af8e237b0c.tar.gz nextcloud-server-8e655d46e909aefc897febfbc45303af8e237b0c.zip |
refactor(user_status): Replace security annotations with respective attributes
Signed-off-by: provokateurin <kate@provokateurin.de>
Diffstat (limited to 'apps/user_status')
4 files changed, 14 insertions, 20 deletions
diff --git a/apps/user_status/lib/Controller/HeartbeatController.php b/apps/user_status/lib/Controller/HeartbeatController.php index e8325617557..65fdda75eec 100644 --- a/apps/user_status/lib/Controller/HeartbeatController.php +++ b/apps/user_status/lib/Controller/HeartbeatController.php @@ -13,6 +13,7 @@ use OCA\UserStatus\ResponseDefinitions; use OCA\UserStatus\Service\StatusService; use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\ApiRoute; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCSController; use OCP\AppFramework\Utility\ITimeFactory; @@ -55,8 +56,6 @@ class HeartbeatController extends OCSController { /** * Keep the status alive * - * @NoAdminRequired - * * @param string $status Only online, away * * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>|DataResponse<Http::STATUS_BAD_REQUEST|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NO_CONTENT, array<empty>, array{}> @@ -64,6 +63,7 @@ class HeartbeatController extends OCSController { * 204: User has no status to keep alive * 400: Invalid status to update */ + #[NoAdminRequired] #[ApiRoute(verb: 'PUT', url: '/api/v1/heartbeat')] public function heartbeat(string $status): DataResponse { if (!\in_array($status, [IUserStatus::ONLINE, IUserStatus::AWAY], true)) { diff --git a/apps/user_status/lib/Controller/PredefinedStatusController.php b/apps/user_status/lib/Controller/PredefinedStatusController.php index 884bc1d2baa..54a5a3e7eef 100644 --- a/apps/user_status/lib/Controller/PredefinedStatusController.php +++ b/apps/user_status/lib/Controller/PredefinedStatusController.php @@ -12,6 +12,7 @@ use OCA\UserStatus\ResponseDefinitions; use OCA\UserStatus\Service\PredefinedStatusService; use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\ApiRoute; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCSController; use OCP\IRequest; @@ -43,12 +44,11 @@ class PredefinedStatusController extends OCSController { /** * Get all predefined messages * - * @NoAdminRequired - * * @return DataResponse<Http::STATUS_OK, UserStatusPredefined[], array{}> * * 200: Predefined statuses returned */ + #[NoAdminRequired] #[ApiRoute(verb: 'GET', url: '/api/v1/predefined_statuses/')] public function findAll():DataResponse { // Filtering out the invisible one, that should only be set by API diff --git a/apps/user_status/lib/Controller/StatusesController.php b/apps/user_status/lib/Controller/StatusesController.php index da942ed7d7c..08b2878e297 100644 --- a/apps/user_status/lib/Controller/StatusesController.php +++ b/apps/user_status/lib/Controller/StatusesController.php @@ -14,6 +14,7 @@ use OCA\UserStatus\Service\StatusService; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\ApiRoute; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSNotFoundException; use OCP\AppFramework\OCSController; @@ -46,14 +47,13 @@ class StatusesController extends OCSController { /** * Find statuses of users * - * @NoAdminRequired - * * @param int|null $limit Maximum number of statuses to find * @param int|null $offset Offset for finding statuses * @return DataResponse<Http::STATUS_OK, UserStatusPublic[], array{}> * * 200: Statuses returned */ + #[NoAdminRequired] #[ApiRoute(verb: 'GET', url: '/api/v1/statuses')] public function findAll(?int $limit = null, ?int $offset = null): DataResponse { $allStatuses = $this->service->findAll($limit, $offset); @@ -66,14 +66,13 @@ class StatusesController extends OCSController { /** * Find the status of a user * - * @NoAdminRequired - * * @param string $userId ID of the user * @return DataResponse<Http::STATUS_OK, UserStatusPublic, array{}> * @throws OCSNotFoundException The user was not found * * 200: Status returned */ + #[NoAdminRequired] #[ApiRoute(verb: 'GET', url: '/api/v1/statuses/{userId}')] public function find(string $userId): DataResponse { try { diff --git a/apps/user_status/lib/Controller/UserStatusController.php b/apps/user_status/lib/Controller/UserStatusController.php index 70bf619253b..bc2efaf86e6 100644 --- a/apps/user_status/lib/Controller/UserStatusController.php +++ b/apps/user_status/lib/Controller/UserStatusController.php @@ -20,6 +20,7 @@ use OCA\UserStatus\Service\StatusService; use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\ApiRoute; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\AppFramework\OCS\OCSNotFoundException; @@ -46,13 +47,12 @@ class UserStatusController extends OCSController { /** * Get the status of the current user * - * @NoAdminRequired - * * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}> * @throws OCSNotFoundException The user was not found * * 200: The status was found successfully */ + #[NoAdminRequired] #[ApiRoute(verb: 'GET', url: '/api/v1/user_status')] public function getStatus(): DataResponse { try { @@ -68,14 +68,13 @@ class UserStatusController extends OCSController { /** * Update the status type of the current user * - * @NoAdminRequired - * * @param string $statusType The new status type * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}> * @throws OCSBadRequestException The status type is invalid * * 200: The status was updated successfully */ + #[NoAdminRequired] #[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/status')] public function setStatus(string $statusType): DataResponse { try { @@ -92,8 +91,6 @@ class UserStatusController extends OCSController { /** * Set the message to a predefined message for the current user * - * @NoAdminRequired - * * @param string $messageId ID of the predefined message * @param int|null $clearAt When the message should be cleared * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}> @@ -101,6 +98,7 @@ class UserStatusController extends OCSController { * * 200: The message was updated successfully */ + #[NoAdminRequired] #[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/message/predefined')] public function setPredefinedMessage(string $messageId, ?int $clearAt): DataResponse { @@ -120,8 +118,6 @@ class UserStatusController extends OCSController { /** * Set the message to a custom message for the current user * - * @NoAdminRequired - * * @param string|null $statusIcon Icon of the status * @param string|null $message Message of the status * @param int|null $clearAt When the message should be cleared @@ -130,6 +126,7 @@ class UserStatusController extends OCSController { * * 200: The message was updated successfully */ + #[NoAdminRequired] #[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/message/custom')] public function setCustomMessage(?string $statusIcon, ?string $message, @@ -158,12 +155,11 @@ class UserStatusController extends OCSController { /** * Clear the message of the current user * - * @NoAdminRequired - * * @return DataResponse<Http::STATUS_OK, array<empty>, array{}> * * 200: Message cleared successfully */ + #[NoAdminRequired] #[ApiRoute(verb: 'DELETE', url: '/api/v1/user_status/message')] public function clearMessage(): DataResponse { $this->service->clearMessage($this->userId); @@ -173,14 +169,13 @@ class UserStatusController extends OCSController { /** * Revert the status to the previous status * - * @NoAdminRequired - * * @param string $messageId ID of the message to delete * * @return DataResponse<Http::STATUS_OK, UserStatusPrivate|array<empty>, array{}> * * 200: Status reverted */ + #[NoAdminRequired] #[ApiRoute(verb: 'DELETE', url: '/api/v1/user_status/revert/{messageId}')] public function revertStatus(string $messageId): DataResponse { $backupStatus = $this->service->revertUserStatus($this->userId, $messageId, true); |