Restrict autocompletion also based on the phonebook known users

Signed-off-by: Joas Schilling <coding@schilljs.com>
author: Joas Schilling <coding@schilljs.com> 2021-03-09 21:48:48 +0100
committer: Joas Schilling <coding@schilljs.com> 2021-03-10 17:19:55 +0100
commit: 236aa194e2704454aa0b21228773071e3223a719 (patch)
tree: 66286ecdfc6577eb3c51fb532de0b53c306160d0 /lib/private/Contacts/ContactsMenu
parent: b71268e38b96e69057824e0eeb8f937ad015a927 (diff)
download: nextcloud-server-236aa194e2704454aa0b21228773071e3223a719.tar.gz
nextcloud-server-236aa194e2704454aa0b21228773071e3223a719.zip
1 files changed, 68 insertions, 38 deletions
diff --git a/lib/private/Contacts/ContactsMenu/ContactsStore.php b/lib/private/Contacts/ContactsMenu/ContactsStore.php
index e2bd7edc63d..852765506c0 100644
--- a/lib/private/Contacts/ContactsMenu/ContactsStore.php
+++ b/lib/private/Contacts/ContactsMenu/ContactsStore.php
@@ -31,6 +31,7 @@
 
 namespace OC\Contacts\ContactsMenu;
 
+use OC\KnownUser\KnownUserService;
 use OCP\Contacts\ContactsMenu\IContactsStore;
 use OCP\Contacts\ContactsMenu\IEntry;
 use OCP\Contacts\IManager;
@@ -53,20 +54,19 @@ class ContactsStore implements IContactsStore {
 	/** @var IGroupManager */
 	private $groupManager;
 
-	/**
-	 * @param IManager $contactsManager
-	 * @param IConfig $config
-	 * @param IUserManager $userManager
-	 * @param IGroupManager $groupManager
-	 */
+	/** @var KnownUserService */
+	private $knownUserService;
+
 	public function __construct(IManager $contactsManager,
 								IConfig $config,
 								IUserManager $userManager,
-								IGroupManager $groupManager) {
+								IGroupManager $groupManager,
+								KnownUserService $knownUserService) {
 		$this->contactsManager = $contactsManager;
 		$this->config = $config;
 		$this->userManager = $userManager;
 		$this->groupManager = $groupManager;
+		$this->knownUserService = $knownUserService;
 	}
 
 	/**
@@ -103,7 +103,7 @@ class ContactsStore implements IContactsStore {
 	}
 
 	/**
-	 * Filters the contacts. Applies 3 filters:
+	 * Filters the contacts. Applied filters:
 	 *  1. filter the current user
 	 *  2. if the `shareapi_allow_share_dialog_user_enumeration` config option is
 	 * enabled it will filter all local users
@@ -122,20 +122,21 @@ class ContactsStore implements IContactsStore {
 									array $entries,
 									$filter) {
 		$disallowEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') !== 'yes';
-		$restrictEnumeration = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
+		$restrictEnumerationGroup = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
+		$restrictEnumerationPhone = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
 		$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes';
 
 		// whether to filter out local users
 		$skipLocal = false;
-		// whether to filter out all users which doesn't have the same group as the current user
-		$ownGroupsOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes' || $restrictEnumeration;
+		// whether to filter out all users which don't have a common group as the current user
+		$ownGroupsOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
 
 		$selfGroups = $this->groupManager->getUserGroupIds($self);
 
 		if ($excludedGroups) {
 			$excludedGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
 			$decodedExcludeGroups = json_decode($excludedGroups, true);
-			$excludeGroupsList = ($decodedExcludeGroups !== null) ? $decodedExcludeGroups : [];
+			$excludeGroupsList = $decodedExcludeGroups ?? [];
 
 			if (count(array_intersect($excludeGroupsList, $selfGroups)) !== 0) {
 				// a group of the current user is excluded -> filter all local users
@@ -145,47 +146,76 @@ class ContactsStore implements IContactsStore {
 
 		$selfUID = $self->getUID();
 
-		return array_values(array_filter($entries, function (IEntry $entry) use ($self, $skipLocal, $ownGroupsOnly, $selfGroups, $selfUID, $disallowEnumeration, $filter) {
-			if ($skipLocal && $entry->getProperty('isLocalSystemBook') === true) {
+		return array_values(array_filter($entries, function (IEntry $entry) use ($skipLocal, $ownGroupsOnly, $selfGroups, $selfUID, $disallowEnumeration, $restrictEnumerationGroup, $restrictEnumerationPhone, $filter) {
+			if ($entry->getProperty('UID') === $selfUID) {
 				return false;
 			}
 
-			// Prevent enumerating local users
-			if ($disallowEnumeration && $entry->getProperty('isLocalSystemBook')) {
-				$filterUser = true;
+			if ($entry->getProperty('isLocalSystemBook')) {
+				if ($skipLocal) {
+					return false;
+				}
+
+				$checkedCommonGroupAlready = false;
+
+				// Prevent enumerating local users
+				if ($disallowEnumeration) {
+					$filterUser = true;
 
-				$mailAddresses = $entry->getEMailAddresses();
-				foreach ($mailAddresses as $mailAddress) {
-					if ($mailAddress === $filter) {
+					$mailAddresses = $entry->getEMailAddresses();
+					foreach ($mailAddresses as $mailAddress) {
+						if ($mailAddress === $filter) {
+							$filterUser = false;
+							break;
+						}
+					}
+
+					if ($entry->getProperty('UID') && $entry->getProperty('UID') === $filter) {
 						$filterUser = false;
-						break;
 					}
-				}
 
-				if ($entry->getProperty('UID') && $entry->getProperty('UID') === $filter) {
-					$filterUser = false;
-				}
+					if ($filterUser) {
+						return false;
+					}
+				} elseif ($restrictEnumerationPhone || $restrictEnumerationGroup) {
+					$canEnumerate = false;
+					if ($restrictEnumerationPhone) {
+						$canEnumerate = $this->knownUserService->isKnownToUser($selfUID, $entry->getProperty('UID'));
+					}
 
-				if ($filterUser) {
-					return false;
-				}
-			}
+					if (!$canEnumerate && $restrictEnumerationGroup) {
+						$user = $this->userManager->get($entry->getProperty('UID'));
 
-			if ($ownGroupsOnly && $entry->getProperty('isLocalSystemBook') === true) {
-				$uid = $this->userManager->get($entry->getProperty('UID'));
+						if ($user === null) {
+							return false;
+						}
 
-				if ($uid === null) {
-					return false;
+						$contactGroups = $this->groupManager->getUserGroupIds($user);
+						$canEnumerate = !empty(array_intersect($contactGroups, $selfGroups));
+						$checkedCommonGroupAlready = true;
+					}
+
+					if (!$canEnumerate) {
+						return false;
+					}
 				}
 
-				$contactGroups = $this->groupManager->getUserGroupIds($uid);
-				if (count(array_intersect($contactGroups, $selfGroups)) === 0) {
-					// no groups in common, so shouldn't see the contact
-					return false;
+				if ($ownGroupsOnly && !$checkedCommonGroupAlready) {
+					$user = $this->userManager->get($entry->getProperty('UID'));
+
+					if ($user === null) {
+						return false;
+					}
+
+					$contactGroups = $this->groupManager->getUserGroupIds($user);
+					if (empty(array_intersect($contactGroups, $selfGroups))) {
+						// no groups in common, so shouldn't see the contact
+						return false;
+					}
 				}
 			}
 
-			return $entry->getProperty('UID') !== $selfUID;
+			return true;
 		}));
 	}
author	Joas Schilling <coding@schilljs.com>	2021-03-09 21:48:48 +0100
committer	Joas Schilling <coding@schilljs.com>	2021-03-10 17:19:55 +0100
commit	236aa194e2704454aa0b21228773071e3223a719 (patch)
tree	66286ecdfc6577eb3c51fb532de0b53c306160d0 /lib/private/Contacts/ContactsMenu
parent	b71268e38b96e69057824e0eeb8f937ad015a927 (diff)
download	nextcloud-server-236aa194e2704454aa0b21228773071e3223a719.tar.gz nextcloud-server-236aa194e2704454aa0b21228773071e3223a719.zip