aboutsummaryrefslogtreecommitdiffstats
path: root/apps/user_status
diff options
context:
space:
mode:
authorprovokateurin <kate@provokateurin.de>2024-07-25 13:14:51 +0200
committerprovokateurin <kate@provokateurin.de>2024-07-27 21:35:52 +0200
commit8e655d46e909aefc897febfbc45303af8e237b0c (patch)
treeac2d01683e7761fd90f4cd951671b5b47ecba2b3 /apps/user_status
parent212a621697cd32b65ea78fa90015cec9d9d1dfe3 (diff)
downloadnextcloud-server-8e655d46e909aefc897febfbc45303af8e237b0c.tar.gz
nextcloud-server-8e655d46e909aefc897febfbc45303af8e237b0c.zip
refactor(user_status): Replace security annotations with respective attributes
Signed-off-by: provokateurin <kate@provokateurin.de>
Diffstat (limited to 'apps/user_status')
-rw-r--r--apps/user_status/lib/Controller/HeartbeatController.php4
-rw-r--r--apps/user_status/lib/Controller/PredefinedStatusController.php4
-rw-r--r--apps/user_status/lib/Controller/StatusesController.php7
-rw-r--r--apps/user_status/lib/Controller/UserStatusController.php19
4 files changed, 14 insertions, 20 deletions
diff --git a/apps/user_status/lib/Controller/HeartbeatController.php b/apps/user_status/lib/Controller/HeartbeatController.php
index e8325617557..65fdda75eec 100644
--- a/apps/user_status/lib/Controller/HeartbeatController.php
+++ b/apps/user_status/lib/Controller/HeartbeatController.php
@@ -13,6 +13,7 @@ use OCA\UserStatus\ResponseDefinitions;
use OCA\UserStatus\Service\StatusService;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;
use OCP\AppFramework\Utility\ITimeFactory;
@@ -55,8 +56,6 @@ class HeartbeatController extends OCSController {
/**
* Keep the status alive
*
- * @NoAdminRequired
- *
* @param string $status Only online, away
*
* @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>|DataResponse<Http::STATUS_BAD_REQUEST|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NO_CONTENT, array<empty>, array{}>
@@ -64,6 +63,7 @@ class HeartbeatController extends OCSController {
* 204: User has no status to keep alive
* 400: Invalid status to update
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'PUT', url: '/api/v1/heartbeat')]
public function heartbeat(string $status): DataResponse {
if (!\in_array($status, [IUserStatus::ONLINE, IUserStatus::AWAY], true)) {
diff --git a/apps/user_status/lib/Controller/PredefinedStatusController.php b/apps/user_status/lib/Controller/PredefinedStatusController.php
index 884bc1d2baa..54a5a3e7eef 100644
--- a/apps/user_status/lib/Controller/PredefinedStatusController.php
+++ b/apps/user_status/lib/Controller/PredefinedStatusController.php
@@ -12,6 +12,7 @@ use OCA\UserStatus\ResponseDefinitions;
use OCA\UserStatus\Service\PredefinedStatusService;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;
use OCP\IRequest;
@@ -43,12 +44,11 @@ class PredefinedStatusController extends OCSController {
/**
* Get all predefined messages
*
- * @NoAdminRequired
- *
* @return DataResponse<Http::STATUS_OK, UserStatusPredefined[], array{}>
*
* 200: Predefined statuses returned
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/api/v1/predefined_statuses/')]
public function findAll():DataResponse {
// Filtering out the invisible one, that should only be set by API
diff --git a/apps/user_status/lib/Controller/StatusesController.php b/apps/user_status/lib/Controller/StatusesController.php
index da942ed7d7c..08b2878e297 100644
--- a/apps/user_status/lib/Controller/StatusesController.php
+++ b/apps/user_status/lib/Controller/StatusesController.php
@@ -14,6 +14,7 @@ use OCA\UserStatus\Service\StatusService;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
@@ -46,14 +47,13 @@ class StatusesController extends OCSController {
/**
* Find statuses of users
*
- * @NoAdminRequired
- *
* @param int|null $limit Maximum number of statuses to find
* @param int|null $offset Offset for finding statuses
* @return DataResponse<Http::STATUS_OK, UserStatusPublic[], array{}>
*
* 200: Statuses returned
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/api/v1/statuses')]
public function findAll(?int $limit = null, ?int $offset = null): DataResponse {
$allStatuses = $this->service->findAll($limit, $offset);
@@ -66,14 +66,13 @@ class StatusesController extends OCSController {
/**
* Find the status of a user
*
- * @NoAdminRequired
- *
* @param string $userId ID of the user
* @return DataResponse<Http::STATUS_OK, UserStatusPublic, array{}>
* @throws OCSNotFoundException The user was not found
*
* 200: Status returned
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/api/v1/statuses/{userId}')]
public function find(string $userId): DataResponse {
try {
diff --git a/apps/user_status/lib/Controller/UserStatusController.php b/apps/user_status/lib/Controller/UserStatusController.php
index 70bf619253b..bc2efaf86e6 100644
--- a/apps/user_status/lib/Controller/UserStatusController.php
+++ b/apps/user_status/lib/Controller/UserStatusController.php
@@ -20,6 +20,7 @@ use OCA\UserStatus\Service\StatusService;
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSNotFoundException;
@@ -46,13 +47,12 @@ class UserStatusController extends OCSController {
/**
* Get the status of the current user
*
- * @NoAdminRequired
- *
* @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
* @throws OCSNotFoundException The user was not found
*
* 200: The status was found successfully
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'GET', url: '/api/v1/user_status')]
public function getStatus(): DataResponse {
try {
@@ -68,14 +68,13 @@ class UserStatusController extends OCSController {
/**
* Update the status type of the current user
*
- * @NoAdminRequired
- *
* @param string $statusType The new status type
* @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
* @throws OCSBadRequestException The status type is invalid
*
* 200: The status was updated successfully
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/status')]
public function setStatus(string $statusType): DataResponse {
try {
@@ -92,8 +91,6 @@ class UserStatusController extends OCSController {
/**
* Set the message to a predefined message for the current user
*
- * @NoAdminRequired
- *
* @param string $messageId ID of the predefined message
* @param int|null $clearAt When the message should be cleared
* @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
@@ -101,6 +98,7 @@ class UserStatusController extends OCSController {
*
* 200: The message was updated successfully
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/message/predefined')]
public function setPredefinedMessage(string $messageId,
?int $clearAt): DataResponse {
@@ -120,8 +118,6 @@ class UserStatusController extends OCSController {
/**
* Set the message to a custom message for the current user
*
- * @NoAdminRequired
- *
* @param string|null $statusIcon Icon of the status
* @param string|null $message Message of the status
* @param int|null $clearAt When the message should be cleared
@@ -130,6 +126,7 @@ class UserStatusController extends OCSController {
*
* 200: The message was updated successfully
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/message/custom')]
public function setCustomMessage(?string $statusIcon,
?string $message,
@@ -158,12 +155,11 @@ class UserStatusController extends OCSController {
/**
* Clear the message of the current user
*
- * @NoAdminRequired
- *
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
*
* 200: Message cleared successfully
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'DELETE', url: '/api/v1/user_status/message')]
public function clearMessage(): DataResponse {
$this->service->clearMessage($this->userId);
@@ -173,14 +169,13 @@ class UserStatusController extends OCSController {
/**
* Revert the status to the previous status
*
- * @NoAdminRequired
- *
* @param string $messageId ID of the message to delete
*
* @return DataResponse<Http::STATUS_OK, UserStatusPrivate|array<empty>, array{}>
*
* 200: Status reverted
*/
+ #[NoAdminRequired]
#[ApiRoute(verb: 'DELETE', url: '/api/v1/user_status/revert/{messageId}')]
public function revertStatus(string $messageId): DataResponse {
$backupStatus = $this->service->revertUserStatus($this->userId, $messageId, true);