Limit user search in Collaborators plugins

Signed-off-by: Julius Härtl <jus@bitgrid.net>
author: Julius Härtl <jus@bitgrid.net> 2020-02-18 19:44:18 +0100
committer: Julius Härtl <jus@bitgrid.net> 2020-03-20 10:43:56 +0100
commit: c97ab39acb73941d19f911583b31587cf7b65de2 (patch)
tree: 5f371187c23433f1d17eadb7a5f73eb2acf348ee /lib/private/Collaboration
parent: 87393a760eb0eea839699b49c89fb33d6bd08872 (diff)
download: nextcloud-server-c97ab39acb73941d19f911583b31587cf7b65de2.tar.gz
nextcloud-server-c97ab39acb73941d19f911583b31587cf7b65de2.zip
3 files changed, 50 insertions, 5 deletions
diff --git a/lib/private/Collaboration/Collaborators/GroupPlugin.php b/lib/private/Collaboration/Collaborators/GroupPlugin.php
index 874c9693981..694dd161310 100644
--- a/lib/private/Collaboration/Collaborators/GroupPlugin.php
+++ b/lib/private/Collaboration/Collaborators/GroupPlugin.php
@@ -52,6 +52,7 @@ class GroupPlugin implements ISearchPlugin {
 
 		$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
 		$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
+		$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
 	}
 
 	public function search($search, $limit, $offset, ISearchResult $searchResult) {
@@ -66,7 +67,7 @@ class GroupPlugin implements ISearchPlugin {
 		}
 
 		$userGroups =  [];
-		if (!empty($groups) && $this->shareWithGroupOnly) {
+		if (!empty($groups) && ($this->shareWithGroupOnly || $this->shareeEnumerationInGroupOnly)) {
 			// Intersect all the groups that match with the groups this user is a member of
 			$userGroups = $this->groupManager->getUserGroups($this->userSession->getUser());
 			$userGroups = array_map(function (IGroup $group) { return $group->getGID(); }, $userGroups);
@@ -93,6 +94,9 @@ class GroupPlugin implements ISearchPlugin {
 					],
 				];
 			} else {
+				if ($this->shareeEnumerationInGroupOnly && !in_array($group->getGID(), $userGroups, true)) {
+					continue;
+				}
 				$result['wide'][] = [
 					'label' => $group->getDisplayName(),
 					'value' => [
diff --git a/lib/private/Collaboration/Collaborators/MailPlugin.php b/lib/private/Collaboration/Collaborators/MailPlugin.php
index f4af4737c1a..3a3759b5794 100644
--- a/lib/private/Collaboration/Collaborators/MailPlugin.php
+++ b/lib/private/Collaboration/Collaborators/MailPlugin.php
@@ -65,6 +65,8 @@ class MailPlugin implements ISearchPlugin {
 
 		$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
 		$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
+		$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
+
 	}
 
 	/**
@@ -150,7 +152,18 @@ class MailPlugin implements ISearchPlugin {
 								continue;
 							}
 
-							if (!$this->isCurrentUser($cloud) && !$searchResult->hasResult($userType, $cloud->getUser())) {
+							$addToWide = !$this->shareeEnumerationInGroupOnly;
+							if ($this->shareeEnumerationInGroupOnly) {
+								$addToWide = false;
+								$userGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
+								foreach ($userGroups as $userGroup) {
+									if ($this->groupManager->isInGroup($contact['UID'], $userGroup)) {
+										$addToWide = true;
+										break;
+									}
+								}
+							}
+							if ($addToWide && !$this->isCurrentUser($cloud) && !$searchResult->hasResult($userType, $cloud->getUser())) {
 								$userResults['wide'][] = [
 									'label' => $displayName,
 									'uuid' => $contact['UID'],
@@ -160,6 +173,7 @@ class MailPlugin implements ISearchPlugin {
 										'shareWith' => $cloud->getUser(),
 									],
 								];
+								continue;
 							}
 						}
 						continue;
diff --git a/lib/private/Collaboration/Collaborators/UserPlugin.php b/lib/private/Collaboration/Collaborators/UserPlugin.php
index c40aaff4229..cb9d5984016 100644
--- a/lib/private/Collaboration/Collaborators/UserPlugin.php
+++ b/lib/private/Collaboration/Collaborators/UserPlugin.php
@@ -36,11 +36,13 @@ use OCP\IUser;
 use OCP\IUserManager;
 use OCP\IUserSession;
 use OCP\Share;
+use OCP\Share\IShare;
 
 class UserPlugin implements ISearchPlugin {
 	/* @var bool */
 	protected $shareWithGroupOnly;
 	protected $shareeEnumeration;
+	protected $shareeEnumerationInGroupOnly;
 
 	/** @var IConfig */
 	private $config;
@@ -60,11 +62,13 @@ class UserPlugin implements ISearchPlugin {
 
 		$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
 		$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
+		$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
 	}
 
 	public function search($search, $limit, $offset, ISearchResult $searchResult) {
 		$result = ['wide' => [], 'exact' => []];
 		$users = [];
+		$autoCompleteUsers = [];
 		$hasMoreResults = false;
 
 		$userGroups = [];
@@ -80,10 +84,32 @@ class UserPlugin implements ISearchPlugin {
 		} else {
 			// Search in all users
 			$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
-
+			$currentUserGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
 			foreach ($usersTmp as $user) {
 				if ($user->isEnabled()) { // Don't keep deactivated users
 					$users[(string) $user->getUID()] = $user->getDisplayName();
+
+					$addToWideResults = false;
+					if ($this->shareeEnumeration && !$this->shareeEnumerationInGroupOnly) {
+						$addToWideResults = true;
+					}
+
+					if ($this->shareeEnumerationInGroupOnly) {
+						$commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
+						if (!empty($commonGroups)) {
+							$addToWideResults = true;
+						}
+					}
+
+					if ($addToWideResults) {
+						$autoCompleteUsers[] = [
+							'label' => $user->getDisplayName(),
+							'value' => [
+								'shareType' => IShare::TYPE_USER,
+								'shareWith' => (string)$user->getUID(),
+							],
+						];
+					}
 				}
 			}
 		}
@@ -145,8 +171,9 @@ class UserPlugin implements ISearchPlugin {
 			}
 		}
 
-		if (!$this->shareeEnumeration) {
-			$result['wide'] = [];
+		// overwrite wide matches if they are limited
+		if (!$this->shareeEnumeration || $this->shareeEnumerationInGroupOnly) {
+			$result['wide'] = $autoCompleteUsers;
 		}
 
 		$type = new SearchResultType('users');
author	Julius Härtl <jus@bitgrid.net>	2020-02-18 19:44:18 +0100
committer	Julius Härtl <jus@bitgrid.net>	2020-03-20 10:43:56 +0100
commit	c97ab39acb73941d19f911583b31587cf7b65de2 (patch)
tree	5f371187c23433f1d17eadb7a5f73eb2acf348ee /lib/private/Collaboration
parent	87393a760eb0eea839699b49c89fb33d6bd08872 (diff)
download	nextcloud-server-c97ab39acb73941d19f911583b31587cf7b65de2.tar.gz nextcloud-server-c97ab39acb73941d19f911583b31587cf7b65de2.zip