diff options
author | Vincent Petry <pvince81@owncloud.com> | 2016-04-27 12:47:04 +0200 |
---|---|---|
committer | Vincent Petry <pvince81@owncloud.com> | 2016-05-20 17:56:02 +0200 |
commit | 8343cfb64b8297035987bc4980ec72015c8e1a04 (patch) | |
tree | 812f44ba113313e7537779bcce4c04cf736e4cad /lib | |
parent | 59a85a4c76b80658d9373e3acf4f71b872b244a0 (diff) | |
download | nextcloud-server-8343cfb64b8297035987bc4980ec72015c8e1a04.tar.gz nextcloud-server-8343cfb64b8297035987bc4980ec72015c8e1a04.zip |
Add interface methods for permission check
Instead of checking for admin perm, use interface method
canUserAssignTag and canUserSeeTag to check for permissions.
Allows for more flexible implementation.
Diffstat (limited to 'lib')
-rw-r--r-- | lib/private/SystemTag/ManagerFactory.php | 2 | ||||
-rw-r--r-- | lib/private/SystemTag/SystemTagManager.php | 74 | ||||
-rw-r--r-- | lib/public/SystemTag/ISystemTagManager.php | 33 | ||||
-rw-r--r-- | lib/public/UserNotFoundException.php | 62 |
4 files changed, 170 insertions, 1 deletions
diff --git a/lib/private/SystemTag/ManagerFactory.php b/lib/private/SystemTag/ManagerFactory.php index d9acf327f8a..e6938e494bc 100644 --- a/lib/private/SystemTag/ManagerFactory.php +++ b/lib/private/SystemTag/ManagerFactory.php @@ -59,6 +59,8 @@ class ManagerFactory implements ISystemTagManagerFactory { public function getManager() { return new SystemTagManager( $this->serverContainer->getDatabaseConnection(), + $this->serverContainer->getUserManager(), + $this->serverContainer->getGroupManager(), $this->serverContainer->getEventDispatcher() ); } diff --git a/lib/private/SystemTag/SystemTagManager.php b/lib/private/SystemTag/SystemTagManager.php index 76a60a91328..0e4bdad078e 100644 --- a/lib/private/SystemTag/SystemTagManager.php +++ b/lib/private/SystemTag/SystemTagManager.php @@ -30,7 +30,14 @@ use OCP\SystemTag\ManagerEvent; use OCP\SystemTag\TagAlreadyExistsException; use OCP\SystemTag\TagNotFoundException; use Symfony\Component\EventDispatcher\EventDispatcherInterface; +use OCP\IUserManager; +use OCP\IGroupManager; +use OCP\SystemTag\ISystemTag; +use OCP\UserNotFoundException; +/** + * Manager class for system tags + */ class SystemTagManager implements ISystemTagManager { const TAG_TABLE = 'systemtag'; @@ -41,6 +48,12 @@ class SystemTagManager implements ISystemTagManager { /** @var EventDispatcherInterface */ protected $dispatcher; + /** @var IUserManager */ + protected $userManager; + + /** @var IGroupManager */ + protected $groupManager; + /** * Prepared query for selecting tags directly * @@ -54,8 +67,15 @@ class SystemTagManager implements ISystemTagManager { * @param IDBConnection $connection database connection * @param EventDispatcherInterface $dispatcher */ - public function __construct(IDBConnection $connection, EventDispatcherInterface $dispatcher) { + public function __construct( + IDBConnection $connection, + IUserManager $userManager, + IGroupManager $groupManager, + EventDispatcherInterface $dispatcher + ) { $this->connection = $connection; + $this->userManager = $userManager; + $this->groupManager = $groupManager; $this->dispatcher = $dispatcher; $query = $this->connection->getQueryBuilder(); @@ -316,6 +336,58 @@ class SystemTagManager implements ISystemTagManager { } } + /** + * {@inheritdoc} + */ + public function canUserAssignTag($tag, $userId) { + if (!$tag instanceof ISystemTag) { + $tags = $this->getTagsByIds([$tag]); + /** @var ISystemTag $tag */ + $tag = current($tags); + } + + if ($tag->isUserAssignable()) { + return true; + } + + $user = $this->userManager->get($userId); + if ($user === null) { + throw new UserNotFoundException($userId); + } + + if ($this->groupManager->isAdmin($userId)) { + return true; + } + + return false; + } + + /** + * {@inheritdoc} + */ + public function canUserSeeTag($tag, $userId) { + if (!$tag instanceof ISystemTag) { + $tags = $this->getTagsByIds([$tag]); + /** @var ISystemTag $tag */ + $tag = current($tags); + } + + if ($tag->isUserVisible()) { + return true; + } + + $user = $this->userManager->get($userId); + if ($user === null) { + throw new UserNotFoundException($userId); + } + + if ($this->groupManager->isAdmin($userId)) { + return true; + } + + return false; + } + private function createSystemTagFromRow($row) { return new SystemTag((int)$row['id'], $row['name'], (bool)$row['visibility'], (bool)$row['editable']); } diff --git a/lib/public/SystemTag/ISystemTagManager.php b/lib/public/SystemTag/ISystemTagManager.php index 983bfd636ce..7fb0c21436c 100644 --- a/lib/public/SystemTag/ISystemTagManager.php +++ b/lib/public/SystemTag/ISystemTagManager.php @@ -113,4 +113,37 @@ interface ISystemTagManager { */ public function deleteTags($tagIds); + /** + * Checks whether the given user is allowed to assign/unassign the tag with the + * given id. + * + * @param string|\OCP\SystemTag\ISystemTag $tag tag id or system tag + * @param string $userId user id + * + * @return true if the user is allowed to assign/unassign the tag, false otherwise + * + * @throws \OCP\SystemTag\TagNotFoundException if tag with the given id does not exist + * @throws \OCP\UserNotFoundException if the given user id does not exist + * @throws \InvalidArgumentException if the tag id is invalid (string instead of integer, etc.) + * + * @since 9.1.0 + */ + public function canUserAssignTag($tag, $userId); + + /** + * Checks whether the given user is allowed to see the tag with the given id. + * + * @param string|\OCP\SystemTag\ISystemTag $tag tag id or system tag + * @param string $userId user id + * + * @return true if the user is allowed to assign/unassign the tag, false otherwise + * + * @throws \OCP\SystemTag\TagNotFoundException if tag with the given id does not exist + * @throws \OCP\UserNotFoundException if the given user id does not exist + * @throws \InvalidArgumentException if the tag id is invalid (string instead of integer, etc.) + * + * @since 9.1.0 + */ + public function canUserSeeTag($tag, $userId); + } diff --git a/lib/public/UserNotFoundException.php b/lib/public/UserNotFoundException.php new file mode 100644 index 00000000000..b0f9eea0e8a --- /dev/null +++ b/lib/public/UserNotFoundException.php @@ -0,0 +1,62 @@ +<?php +/** + * @author Vincent Petry <pvince81@owncloud.com> + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCP; + +/** + * Exception when a user was not found + * + * @since 9.1.0 + */ +class UserNotFoundException extends \RuntimeException { + + /** + * User id that was not found + * + * @var string + */ + private $userId; + + /** + * UserNotFoundException constructor. + * + * @param string $message message + * @param int $code error code + * @param \Exception $previous previous exception + * @param string $userId user id + * + * @since 9.1.0 + */ + public function __construct($message = '', $code = 0, \Exception $previous = null, $userId = null) { + parent::__construct($message, $code, $previous); + $this->userId = $userId; + } + + /** + * Returns the user id that was not found + * + * @return string + * @since 9.1.0 + */ + public function getUserId() { + return $this->userId; + } +} |