scope aware workflow controller and manager

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

3 files changed, 274 insertions, 79 deletions

diff --git a/apps/workflowengine/lib/Controller/AWorkflowController.php b/apps/workflowengine/lib/Controller/AWorkflowController.php
new file mode 100644
index 00000000000..2e54e417a34
--- /dev/null
+++ b/apps/workflowengine/lib/Controller/AWorkflowController.php
@@ -0,0 +1,148 @@
+<?php
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2019 Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\WorkflowEngine\Controller;
+
+use Doctrine\DBAL\DBALException;
+use OCA\WorkflowEngine\Helper\ScopeContext;
+use OCA\WorkflowEngine\Manager;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\OCS\OCSBadRequestException;
+use OCP\AppFramework\OCS\OCSException;
+use OCP\AppFramework\OCS\OCSForbiddenException;
+use OCP\AppFramework\OCSController;
+use OCP\IRequest;
+
+abstract class AWorkflowController extends OCSController {
+
+	/** @var Manager */
+	protected $manager;
+
+	public function __construct(
+		$appName,
+		IRequest $request,
+		Manager $manager
+	) {
+		parent::__construct($appName, $request);
+
+		$this->manager = $manager;
+	}
+
+	/**
+	 * @throws OCSForbiddenException
+	 */
+	abstract protected function getScopeContext(): ScopeContext;
+
+	/**
+	 * Example: curl -u joann -H "OCS-APIREQUEST: true" "http://my.nc.srvr/ocs/v2.php/apps/workflowengine/api/v1/workflows/global?format=json"
+	 *
+	 * @throws OCSForbiddenException
+	 */
+	public function index(): DataResponse {
+		$operationsByClass = $this->manager->getAllOperations($this->getScopeContext());
+
+		foreach ($operationsByClass as &$operations) {
+			foreach ($operations as &$operation) {
+				$operation = $this->manager->formatOperation($operation);
+			}
+		}
+
+		return new DataResponse($operationsByClass);
+	}
+
+	/**
+	 * Example: curl -u joann -H "OCS-APIREQUEST: true" "http://my.nc.srvr/ocs/v2.php/apps/workflowengine/api/v1/workflows/global/OCA\\Workflow_DocToPdf\\Operation?format=json"
+	 *
+	 * @throws OCSForbiddenException
+	 */
+	public function show(string $id): DataResponse {
+		$context = $this->getScopeContext();
+
+		// The ID corresponds to a class name
+		$operations = $this->manager->getOperations($id, $context);
+
+		foreach ($operations as &$operation) {
+			$operation = $this->manager->formatOperation($operation);
+		}
+
+		return new DataResponse($operations);
+	}
+
+	/**
+	 * @throws OCSBadRequestException
+	 * @throws OCSForbiddenException
+	 * @throws OCSException
+	 */
+	public function create(string $class, string $name, array $checks, string $operation): DataResponse {
+		$context = $this->getScopeContext();
+		try {
+			$operation = $this->manager->addOperation($class, $name, $checks, $operation, $context);
+			$operation = $this->manager->formatOperation($operation);
+			return new DataResponse($operation);
+		} catch (\UnexpectedValueException $e) {
+			throw new OCSBadRequestException($e->getMessage(), $e);
+		} catch (\DomainException $e) {
+			throw new OCSForbiddenException($e->getMessage(), $e);
+		} catch(DBALException $e) {
+			throw new OCSException('An internal error occurred', $e);
+		}
+	}
+
+	/**
+	 * @throws OCSBadRequestException
+	 * @throws OCSForbiddenException
+	 * @throws OCSException
+	 */
+	public function update(int $id, string $name, array $checks, string $operation): DataResponse {
+		try {
+			$operation = $this->manager->updateOperation($id, $name, $checks, $operation, $this->getScopeContext());
+			$operation = $this->manager->formatOperation($operation);
+			return new DataResponse($operation);
+		} catch (\UnexpectedValueException $e) {
+			throw new OCSBadRequestException($e->getMessage(), $e);
+		} catch (\DomainException $e) {
+			throw new OCSForbiddenException($e->getMessage(), $e);
+		} catch(DBALException $e) {
+			throw new OCSException('An internal error occurred', $e);
+		}
+	}
+
+	/**
+	 * @throws OCSBadRequestException
+	 * @throws OCSForbiddenException
+	 * @throws OCSException
+	 */
+	public function destroy(int $id): DataResponse {
+		try {
+			$deleted = $this->manager->deleteOperation($id, $this->getScopeContext());
+			return new DataResponse($deleted);
+		} catch (\UnexpectedValueException $e) {
+			throw new OCSBadRequestException($e->getMessage(), $e);
+		} catch (\DomainException $e) {
+			throw new OCSForbiddenException($e->getMessage(), $e);
+		} catch(DBALException $e) {
+			throw new OCSException('An internal error occurred', $e);
+		}
+	}
+}
diff --git a/apps/workflowengine/lib/Controller/GlobalWorkflowsController.php b/apps/workflowengine/lib/Controller/GlobalWorkflowsController.php
index e4321b9c0b6..6d49c87b83e 100644
--- a/apps/workflowengine/lib/Controller/GlobalWorkflowsController.php
+++ b/apps/workflowengine/lib/Controller/GlobalWorkflowsController.php
@@ -24,88 +24,18 @@ declare(strict_types=1);
 
 namespace OCA\WorkflowEngine\Controller;
 
-use OCA\WorkflowEngine\Manager;
-use OCP\AppFramework\Http\DataResponse;
-use OCP\AppFramework\OCS\OCSBadRequestException;
-use OCP\AppFramework\OCSController;
-use OCP\IRequest;
+use OCA\WorkflowEngine\Helper\ScopeContext;
+use OCP\WorkflowEngine\IManager;
 
-class GlobalWorkflowsController extends OCSController {
+class GlobalWorkflowsController extends AWorkflowController {
 
-	/** @var Manager */
-	private $manager;
+	/** @var ScopeContext */
+	private $scopeContext;
 
-	public function __construct(
-		$appName,
-		IRequest $request,
-		Manager $manager
-	) {
-		parent::__construct($appName, $request);
-
-		$this->manager = $manager;
-	}
-
-	/**
-	 * Example: curl -u joann -H "OCS-APIREQUEST: true" "http://my.nc.srvr/ocs/v2.php/apps/workflowengine/api/v1/workflows/global?format=json"
-	 */
-	public function index(): DataResponse {
-		$operationsByClass = $this->manager->getAllOperations();
-
-		foreach ($operationsByClass as &$operations) {
-			foreach ($operations as &$operation) {
-				$operation = $this->manager->formatOperation($operation);
-			}
-		}
-
-		return new DataResponse($operationsByClass);
-	}
-
-	/**
-	 * @throws OCSBadRequestException
-	 *
-	 * Example: curl -u joann -H "OCS-APIREQUEST: true" "http://my.nc.srvr/ocs/v2.php/apps/workflowengine/api/v1/workflows/global/OCA\\Workflow_DocToPdf\\Operation?format=json"
-	 */
-	public function show(string $id): DataResponse {
-		// The ID corresponds to a class name
-		$operations = $this->manager->getOperations($id);
-
-		foreach ($operations as &$operation) {
-			$operation = $this->manager->formatOperation($operation);
+	protected function getScopeContext(): ScopeContext {
+		if($this->scopeContext === null) {
+			$this->scopeContext = new ScopeContext(IManager::SCOPE_ADMIN);
 		}
-
-		return new DataResponse($operations);
-	}
-
-	/**
-	 * @throws OCSBadRequestException
-	 */
-	public function create(string $class, string $name, array $checks, string $operation): DataResponse {
-		try {
-			$operation = $this->manager->addOperation($class, $name, $checks, $operation);
-			$operation = $this->manager->formatOperation($operation);
-			return new DataResponse($operation);
-		} catch (\UnexpectedValueException $e) {
-			throw new OCSBadRequestException($e->getMessage(), $e);
-		}
-	}
-
-	/**
-	 * @throws OCSBadRequestException
-	 */
-	public function update(int $id, string $name, array $checks, string $operation): DataResponse {
-		try {
-			$operation = $this->manager->updateOperation($id, $name, $checks, $operation);
-			$operation = $this->manager->formatOperation($operation);
-			return new DataResponse($operation);
-		} catch (\UnexpectedValueException $e) {
-			throw new OCSBadRequestException($e->getMessage(), $e);
-		}
-	}
-
-	/**
-	 */
-	public function destroy(int $id): DataResponse {
-		$deleted = $this->manager->deleteOperation((int) $id);
-		return new DataResponse($deleted);
+		return $this->scopeContext;
 	}
 }
diff --git a/apps/workflowengine/lib/Controller/UserWorkflowsController.php b/apps/workflowengine/lib/Controller/UserWorkflowsController.php
new file mode 100644
index 00000000000..179e6b1ad11
--- /dev/null
+++ b/apps/workflowengine/lib/Controller/UserWorkflowsController.php
@@ -0,0 +1,117 @@
+<?php
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2019 Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\WorkflowEngine\Controller;
+
+use OCA\WorkflowEngine\Helper\ScopeContext;
+use OCA\WorkflowEngine\Manager;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\OCS\OCSBadRequestException;
+use OCP\AppFramework\OCS\OCSForbiddenException;
+use OCP\IRequest;
+use OCP\IUserSession;
+use OCP\WorkflowEngine\IManager;
+
+class UserWorkflowsController extends AWorkflowController {
+
+	/** @var IUserSession */
+	private $session;
+
+	/** @var ScopeContext */
+	private $scopeContext;
+
+	public function __construct(
+		$appName,
+		IRequest $request,
+		Manager $manager,
+		IUserSession $session
+	) {
+		parent::__construct($appName, $request, $manager);
+
+		$this->session = $session;
+	}
+
+	/**
+	 * Retrieve all configured workflow rules
+	 *
+	 * Example: curl -u joann -H "OCS-APIREQUEST: true" "http://my.nc.srvr/ocs/v2.php/apps/workflowengine/api/v1/workflows/user?format=json"
+	 *
+	 * @NoAdminRequired
+	 * @throws OCSForbiddenException
+	 */
+	public function index(): DataResponse {
+		return parent::index();
+	}
+
+	/**
+	 * @NoAdminRequired
+	 *
+	 * Example: curl -u joann -H "OCS-APIREQUEST: true" "http://my.nc.srvr/ocs/v2.php/apps/workflowengine/api/v1/workflows/user/OCA\\Workflow_DocToPdf\\Operation?format=json"
+	 * @throws OCSForbiddenException
+	 */
+	public function show(string $id): DataResponse {
+		return parent::show($id);
+	}
+
+	/**
+	 * @NoAdminRequired
+	 * @throws OCSBadRequestException
+	 * @throws OCSForbiddenException
+	 */
+	public function create(string $class, string $name, array $checks, string $operation): DataResponse {
+		return parent::create($class, $name, $checks, $operation);
+	}
+
+	/**
+	 * @NoAdminRequired
+	 * @throws OCSBadRequestException
+	 * @throws OCSForbiddenException
+	 */
+	public function update(int $id, string $name, array $checks, string $operation): DataResponse {
+		return parent::update($id, $name, $checks, $operation);
+	}
+
+	/**
+	 * @NoAdminRequired
+	 * @throws OCSForbiddenException
+	 */
+	public function destroy(int $id): DataResponse {
+		return parent::destroy($id);
+	}
+
+	/**
+	 * @throws OCSForbiddenException
+	 */
+	protected function getScopeContext(): ScopeContext {
+		if($this->scopeContext === null) {
+			$user = $this->session->getUser();
+			if(!$user) {
+				throw new OCSForbiddenException('User not logged in');
+			}
+			$this->scopeContext = new ScopeContext(IManager::SCOPE_USER, $user->getUID());
+		}
+		return $this->scopeContext;
+	}
+
+}