Inject user session to check for admin in system tags DAV handlers

6 files changed, 122 insertions, 30 deletions

diff --git a/apps/dav/lib/rootcollection.php b/apps/dav/lib/rootcollection.php
index 733341b1eaa..bfd1aefb053 100644
--- a/apps/dav/lib/rootcollection.php
+++ b/apps/dav/lib/rootcollection.php
@@ -58,15 +58,17 @@ class RootCollection extends SimpleCollection {
 		$caldavBackend = new CalDavBackend($db);
 		$calendarRoot = new CalendarRoot($userPrincipalBackend, $caldavBackend, 'principals/users');
 		$calendarRoot->disableListing = $disableListing;
-		$isAdmin = \OC::$server->getGroupManager()->isAdmin(\OC::$server->getUserSession()->getUser()->getUID());
+
 		$systemTagCollection = new SystemTag\SystemTagsByIdCollection(
-			$isAdmin,
-			\OC::$server->getSystemTagManager()
+			\OC::$server->getSystemTagManager(),
+			\OC::$server->getUserSession(),
+			\OC::$server->getGroupManager()
 		);
 		$systemTagRelationsCollection = new SystemTag\SystemTagsRelationsCollection(
-			$isAdmin,
 			\OC::$server->getSystemTagManager(),
-			\OC::$server->getSystemTagObjectMapper()
+			\OC::$server->getSystemTagObjectMapper(),
+			\OC::$server->getUserSession(),
+			\OC::$server->getGroupManager()
 		);
 
 		$usersCardDavBackend = new CardDavBackend($db, $userPrincipalBackend);
diff --git a/apps/dav/lib/systemtag/systemtagsbyidcollection.php b/apps/dav/lib/systemtag/systemtagsbyidcollection.php
index b5d59b02d00..52d4a143b41 100644
--- a/apps/dav/lib/systemtag/systemtagsbyidcollection.php
+++ b/apps/dav/lib/systemtag/systemtagsbyidcollection.php
@@ -31,6 +31,8 @@ use Sabre\DAV\ICollection;
 use OCP\SystemTag\ISystemTagManager;
 use OCP\SystemTag\ISystemTag;
 use OCP\SystemTag\TagNotFoundException;
+use OCP\IGroupManager;
+use OCP\IUserSession;
 
 class SystemTagsByIdCollection implements ICollection {
 
@@ -40,21 +42,41 @@ class SystemTagsByIdCollection implements ICollection {
 	private $tagManager;
 
 	/**
-	 * Whether the include tags visible to the admin
-	 *
-	 * @var bool
+	 * @var IGroupManager
 	 */
-	private $isAdmin;
+	private $groupManager;
+
+	/**
+	 * @var IUserSession
+	 */
+	private $userSession;
 
 	/**
 	 * SystemTagsByIdCollection constructor.
 	 *
 	 * @param ISystemTagManager $tagManager
-	 * @param bool $isAdmin whether to include tags visible to the admin
+	 * @param IUserSession $userSession
+	 * @param IGroupManager $groupManager
 	 */
-	public function __construct($isAdmin, $tagManager) {
-		$this->isAdmin = $isAdmin;
+	public function __construct(
+		ISystemTagManager $tagManager,
+		IUserSession $userSession,
+		IGroupManager $groupManager
+	) {
 		$this->tagManager = $tagManager;
+		$this->userSession = $userSession;
+		$this->groupManager = $groupManager;
+	}
+
+	/**
+	 * Returns whether the currently logged in user is an administrator
+	 */
+	private function isAdmin() {
+		$user = $this->userSession->getUser();
+		if ($user !== null) {
+			return $this->groupManager->isAdmin($user->getUID());
+		}
+		return false;
 	}
 
 	/**
@@ -80,7 +102,7 @@ class SystemTagsByIdCollection implements ICollection {
 		try {
 			$tag = $this->tagManager->getTagsByIds([$name]);
 			$tag = current($tag);
-			if (!$this->isAdmin && !$tag->isUserVisible()) {
+			if (!$this->isAdmin() && !$tag->isUserVisible()) {
 				throw new NotFound('Tag with id ' . $name . ' not found');
 			}
 			return $this->makeNode($tag);
@@ -93,7 +115,7 @@ class SystemTagsByIdCollection implements ICollection {
 
 	function getChildren() {
 		$visibilityFilter = true;
-		if ($this->isAdmin) {
+		if ($this->isAdmin()) {
 			$visibilityFilter = null;
 		}
 
@@ -110,7 +132,7 @@ class SystemTagsByIdCollection implements ICollection {
 		try {
 			$tag = $this->tagManager->getTagsByIds([$name]);
 			$tag = current($tag);
-			if (!$this->isAdmin && !$tag->isUserVisible()) {
+			if (!$this->isAdmin() && !$tag->isUserVisible()) {
 				return false;
 			}
 			return true;
@@ -150,6 +172,6 @@ class SystemTagsByIdCollection implements ICollection {
 	 * @return SystemTagNode
 	 */
 	private function makeNode(ISystemTag $tag) {
-		return new SystemTagNode($tag, $this->isAdmin, $this->tagManager);
+		return new SystemTagNode($tag, $this->isAdmin(), $this->tagManager);
 	}
 }
diff --git a/apps/dav/lib/systemtag/systemtagsobjecttypecollection.php b/apps/dav/lib/systemtag/systemtagsobjecttypecollection.php
index 7b58d0e1fcc..166e3219bc1 100644
--- a/apps/dav/lib/systemtag/systemtagsobjecttypecollection.php
+++ b/apps/dav/lib/systemtag/systemtagsobjecttypecollection.php
@@ -29,6 +29,8 @@ use Sabre\DAV\ICollection;
 
 use OCP\SystemTag\ISystemTagManager;
 use OCP\SystemTag\ISystemTagObjectMapper;
+use OCP\IUserSession;
+use OCP\IGroupManager;
 
 /**
  * Collection containing object ids by object type
@@ -51,25 +53,47 @@ class SystemTagsObjectTypeCollection implements ICollection {
 	private $tagMapper;
 
 	/**
-	 * Whether to return results only visible for admins
-	 *
-	 * @var bool
+	 * @var IGroupManager
+	 */
+	private $groupManager;
+
+	/**
+	 * @var IUserSession
 	 */
-	private $isAdmin;
+	private $userSession;
 
 	/**
 	 * Constructor
 	 *
 	 * @param string $objectType object type
-	 * @param bool $isAdmin whether to return results visible only for admins
 	 * @param ISystemTagManager $tagManager
 	 * @param ISystemTagObjectMapper $tagMapper
+	 * @param IUserSession $userSession
+	 * @param IGroupManager $groupManager
 	 */
-	public function __construct($objectType, $isAdmin, $tagManager, $tagMapper) {
+	public function __construct(
+		$objectType, 
+		ISystemTagManager $tagManager,
+		ISystemTagObjectMapper $tagMapper,
+		IUserSession $userSession,
+		IGroupManager $groupManager
+	) {
 		$this->tagManager = $tagManager;
 		$this->tagMapper = $tagMapper;
 		$this->objectType = $objectType;
-		$this->isAdmin = $isAdmin;
+		$this->userSession = $userSession;
+		$this->groupManager = $groupManager;
+	}
+
+	/**
+	 * Returns whether the currently logged in user is an administrator
+	 */
+	private function isAdmin() {
+		$user = $this->userSession->getUser();
+		if ($user !== null) {
+			return $this->groupManager->isAdmin($user->getUID());
+		}
+		return false;
 	}
 
 	/**
@@ -95,7 +119,7 @@ class SystemTagsObjectTypeCollection implements ICollection {
 		return new SystemTagsObjectMappingCollection(
 			$objectId,
 			$this->objectType,
-			$this->isAdmin,
+			$this->isAdmin(),
 			$this->tagManager,
 			$this->tagMapper
 		);
diff --git a/apps/dav/lib/systemtag/systemtagsrelationscollection.php b/apps/dav/lib/systemtag/systemtagsrelationscollection.php
index 52d39b2b59c..e291da705eb 100644
--- a/apps/dav/lib/systemtag/systemtagsrelationscollection.php
+++ b/apps/dav/lib/systemtag/systemtagsrelationscollection.php
@@ -32,13 +32,25 @@ class SystemTagsRelationsCollection extends SimpleCollection {
 	/**
 	 * SystemTagsRelationsCollection constructor.
 	 *
-	 * @param bool $isAdmin whether to return results visible only for admins
 	 * @param ISystemTagManager $tagManager
 	 * @param ISystemTagObjectMapper $tagMapper
+	 * @param IUserSession $userSession
+	 * @param IGroupManager $groupManager
 	 */
-	public function __construct($isAdmin, $tagManager, $tagMapper) {
+	public function __construct(
+		ISystemTagManager $tagManager,
+		ISystemTagObjectMapper $tagMapper,
+		IUserSession $userSession,
+		IGroupManager $groupManager
+	) {
 		$children = [
-			new SystemTagsObjectTypeCollection('files', $isAdmin, $tagManager, $tagMapper),
+			new SystemTagsObjectTypeCollection(
+				'files',
+				$tagManager,
+				$tagMapper,
+				$userSession,
+				$groupManager
+			),
 		];
 
 		parent::__construct('root', $children);
diff --git a/apps/dav/tests/unit/systemtag/systemtagsbyidcollection.php b/apps/dav/tests/unit/systemtag/systemtagsbyidcollection.php
index cba943545af..a2bf571ab68 100644
--- a/apps/dav/tests/unit/systemtag/systemtagsbyidcollection.php
+++ b/apps/dav/tests/unit/systemtag/systemtagsbyidcollection.php
@@ -39,7 +39,24 @@ class SystemTagsByIdCollection extends \Test\TestCase {
 	}
 
 	public function getNode($isAdmin = true) {
-		return new \OCA\DAV\SystemTag\SystemTagsByIdCollection($isAdmin, $this->tagManager);
+		$user = $this->getMock('\OCP\IUser');
+		$user->expects($this->any())
+			->method('getUID')
+			->will($this->returnValue('testuser'));
+		$userSession = $this->getMock('\OCP\IUserSession');
+		$userSession->expects($this->any())
+			->method('getUser')
+			->will($this->returnValue($user));
+		$groupManager = $this->getMock('\OCP\IGroupManager');
+		$groupManager->expects($this->any())
+			->method('isAdmin')
+			->with('testuser')
+			->will($this->returnValue($isAdmin));
+		return new \OCA\DAV\SystemTag\SystemTagsByIdCollection(
+			$this->tagManager,
+			$userSession,
+			$groupManager
+		);
 	}
 
 	public function adminFlagProvider() {
diff --git a/apps/dav/tests/unit/systemtag/systemtagsobjecttypecollection.php b/apps/dav/tests/unit/systemtag/systemtagsobjecttypecollection.php
index 2d343f4790a..e6d94803cc0 100644
--- a/apps/dav/tests/unit/systemtag/systemtagsobjecttypecollection.php
+++ b/apps/dav/tests/unit/systemtag/systemtagsobjecttypecollection.php
@@ -44,11 +44,26 @@ class SystemTagsObjectTypeCollection extends \Test\TestCase {
 		$this->tagManager = $this->getMock('\OCP\SystemTag\ISystemTagManager');
 		$this->tagMapper = $this->getMock('\OCP\SystemTag\ISystemTagObjectMapper');
 
+		$user = $this->getMock('\OCP\IUser');
+		$user->expects($this->any())
+			->method('getUID')
+			->will($this->returnValue('testuser'));
+		$userSession = $this->getMock('\OCP\IUserSession');
+		$userSession->expects($this->any())
+			->method('getUser')
+			->will($this->returnValue($user));
+		$groupManager = $this->getMock('\OCP\IGroupManager');
+		$groupManager->expects($this->any())
+			->method('isAdmin')
+			->with('testuser')
+			->will($this->returnValue(true));
+
 		$this->node = new \OCA\DAV\SystemTag\SystemTagsObjectTypeCollection(
 			'files',
-			true,
 			$this->tagManager,
-			$this->tagMapper
+			$this->tagMapper,
+			$userSession,
+			$groupManager
 		);
 	}