Merge branch 'subadmin'

5 files changed, 233 insertions, 5 deletions

diff --git a/lib/app.php b/lib/app.php
index 56132c08671..d1018c37aa7 100755
--- a/lib/app.php
+++ b/lib/app.php
@@ -292,16 +292,21 @@ class OC_App{
 		if (OC_User::isLoggedIn()) {
 			// personal menu
 			$settings[] = array( "id" => "personal", "order" => 1, "href" => OC_Helper::linkTo( "settings", "personal.php" ), "name" => $l->t("Personal"), "icon" => OC_Helper::imagePath( "settings", "personal.svg" ));
-
+			
 			// if there're some settings forms
 			if(!empty(self::$settingsForms))
 				// settings menu
 				$settings[]=array( "id" => "settings", "order" => 1000, "href" => OC_Helper::linkTo( "settings", "settings.php" ), "name" => $l->t("Settings"), "icon" => OC_Helper::imagePath( "settings", "settings.svg" ));
-
-			// if the user is an admin
-			if(OC_Group::inGroup( $_SESSION["user_id"], "admin" )) {
+			
+			//SubAdmins are also allowed to access user management
+			if(OC_SubAdmin::isSubAdmin($_SESSION["user_id"]) || OC_Group::inGroup( $_SESSION["user_id"], "admin" )){
 				// admin users menu
 				$settings[] = array( "id" => "core_users", "order" => 2, "href" => OC_Helper::linkTo( "settings", "users.php" ), "name" => $l->t("Users"), "icon" => OC_Helper::imagePath( "settings", "users.svg" ));
+			}
+			
+			
+			// if the user is an admin
+			if(OC_Group::inGroup( $_SESSION["user_id"], "admin" )) {
 				// admin apps menu
 				$settings[] = array( "id" => "core_apps", "order" => 3, "href" => OC_Helper::linkTo( "settings", "apps.php" ).'?installed', "name" => $l->t("Apps"), "icon" => OC_Helper::imagePath( "settings", "apps.svg" ));
 
diff --git a/lib/group.php b/lib/group.php
index 12e5f5ebb30..7b137f0f8f1 100644
--- a/lib/group.php
+++ b/lib/group.php
@@ -271,4 +271,17 @@ class OC_Group {
 		}
 		return $users;
 	}
+	
+	/**
+	 * @brief get a list of all users in several groups
+	 * @param array $gids
+	 * @returns array with user ids
+	 */
+	public static function usersInGroups($gids){
+		$users = array();
+		foreach($gids as $gid){
+			$users = array_merge(array_diff(self::usersInGroup($gid), $users), $users);
+		}
+		return $users;
+	}
 }
diff --git a/lib/json.php b/lib/json.php
index b46878375d5..3d9d5c96fa3 100644
--- a/lib/json.php
+++ b/lib/json.php
@@ -64,6 +64,18 @@ class OC_JSON{
 			exit();
 		}
 	}
+        
+	/**
+	* Check if the user is a subadmin, send json error msg if not
+	*/
+	public static function checkSubAdminUser(){
+		self::checkLoggedIn();
+		if(!OC_Group::inGroup(OC_User::getUser(),'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())){
+			$l = OC_L10N::get('core');
+			self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
+			exit();
+		}
+	}
 
 	/**
 	* Send json error msg
diff --git a/lib/subadmin.php b/lib/subadmin.php
new file mode 100644
index 00000000000..0806f27a6bd
--- /dev/null
+++ b/lib/subadmin.php
@@ -0,0 +1,181 @@
+<?php
+/**
+ * ownCloud
+ *
+ * @author Georg Ehrke
+ * @copyright 2012 Georg Ehrke 
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+OC_Hook::connect('OC_User', 'post_deleteUser', 'OC_SubAdmin', 'post_deleteUser');
+OC_Hook::connect('OC_User', 'post_deleteGroup', 'OC_SubAdmin', 'post_deleteGroup');
+/**
+ * This class provides all methods needed for managing groups.
+ *
+ * Hooks provided:
+ *   post_createSubAdmin($gid)
+ *   post_deleteSubAdmin($gid)
+ */
+class OC_SubAdmin{
+
+	/**
+	 * @brief add a SubAdmin
+	 * @param $uid uid of the SubAdmin
+	 * @param $gid gid of the group
+	 * @return boolean
+	 */
+	public static function createSubAdmin($uid, $gid){
+		$stmt = OC_DB::prepare('INSERT INTO *PREFIX*group_admin (gid,uid) VALUES(?,?)');
+		$result = $stmt->execute(array($gid, $uid));
+		OC_Hook::emit( "OC_SubAdmin", "post_createSubAdmin", array( "gid" => $gid ));
+		return true;
+	}
+
+	/**
+	 * @brief delete a SubAdmin
+	 * @param $uid uid of the SubAdmin
+	 * @param $gid gid of the group
+	 * @return boolean
+	 */
+	public static function deleteSubAdmin($uid, $gid){
+		$stmt = OC_DB::prepare('DELETE FROM *PREFIX*group_admin WHERE gid = ? AND uid = ?');
+		$result = $stmt->execute(array($gid, $uid));
+		OC_Hook::emit( "OC_SubAdmin", "post_deleteSubAdmin", array( "gid" => $gid ));
+		return true;
+	}
+
+	/**
+	 * @brief get groups of a SubAdmin
+	 * @param $uid uid of the SubAdmin
+	 * @return array
+	 */
+	public static function getSubAdminsGroups($uid){
+		$stmt = OC_DB::prepare('SELECT gid FROM *PREFIX*group_admin WHERE uid = ?');
+		$result = $stmt->execute(array($uid));
+		$gids = array();
+		while($row = $result->fetchRow()){
+			$gids[] = $row['gid'];
+		}
+		return $gids;
+	}
+
+	/**
+	 * @brief get SubAdmins of a group
+	 * @param $gid gid of the group
+	 * @return array
+	 */
+	public static function getGroupsSubAdmins($gid){
+		$stmt = OC_DB::prepare('SELECT uid FROM *PREFIX*group_admin WHERE gid = ?');
+		$result = $stmt->execute(array($gid));
+		$uids = array();
+		while($row = $result->fetchRow()){
+			$uids[] = $row['uid'];
+		}
+		return $uids;
+	}
+	
+	/**
+	 * @brief get all SubAdmins
+	 * @return array
+	 */
+	public static function getAllSubAdmins(){
+		$stmt = OC_DB::prepare('SELECT * FROM *PREFIX*group_admin');
+		$result = $stmt->execute();
+		$subadmins = array();
+		while($row = $result->fetchRow()){
+			$subadmins[] = $row;
+		}
+		return $subadmins;
+	}
+	
+	/**
+	 * @brief checks if a user is a SubAdmin of a group
+	 * @param $uid uid of the subadmin
+	 * @param $gid gid of the group
+	 * @return bool
+	 */
+	public static function isSubAdminofGroup($uid, $gid){
+		$stmt = OC_DB::prepare('SELECT COUNT(*) as count FROM *PREFIX*group_admin where uid = ? AND gid = ?');
+		$result = $stmt->execute(array($uid, $gid));
+		$result = $result->fetchRow();
+		if($result['count'] >= 1){
+			return true;
+		}
+		return false;
+	}
+	
+	/**
+	 * @brief checks if a user is a SubAdmin
+	 * @param $uid uid of the subadmin
+	 * @return bool
+	 */
+	public static function isSubAdmin($uid){
+		$stmt = OC_DB::prepare('SELECT COUNT(*) as count FROM *PREFIX*group_admin WHERE uid = ?');
+		$result = $stmt->execute(array($uid));
+		$result = $result->fetchRow();
+		if($result['count'] > 0){
+			return true;
+		}
+		return false;
+	}
+	
+	/**
+	 * @brief checks if a user is a accessible by a subadmin
+	 * @param $subadmin uid of the subadmin
+	 * @param $user uid of the user
+	 * @return bool
+	 */
+	public static function isUserAccessible($subadmin, $user){
+		if(!self::isSubAdmin($subadmin)){
+			return false;
+		}
+		$accessiblegroups = self::getSubAdminsGroups($subadmin);
+		foreach($accessiblegroups as $accessiblegroup){
+			if(OC_Group::inGroup($user, $accessiblegroup)){
+				return true;
+			}
+		}
+		return false;
+	}
+	
+	/*
+	 * @brief alias for self::isSubAdminofGroup()
+	 */
+	public static function isGroupAccessible($subadmin, $group){
+		return self::isSubAdminofGroup($subadmin, $group);
+	}
+
+	/**
+	 * @brief delete all SubAdmins by uid
+	 * @param $parameters 
+	 * @return boolean
+	 */
+	public static function post_deleteUser($parameters){
+		$stmt = OC_DB::prepare('DELETE FROM *PREFIX*group_admin WHERE uid = ?');
+		$result = $stmt->execute(array($parameters['uid']));
+		return true;
+	}
+
+	/**
+	 * @brief delete all SubAdmins8 by gid
+	 * @param $parameters
+	 * @return boolean
+	 */
+	public static function post_deleteGroup($parameters){
+		$stmt = OC_DB::prepare('DELETE FROM *PREFIX*group_admin WHERE gid = ?');
+		$result = $stmt->execute(array($parameters['gid']));
+		return true;
+	}
+}
diff --git a/lib/util.php b/lib/util.php
index 0c563278cc5..6e62ed9bf58 100755
--- a/lib/util.php
+++ b/lib/util.php
@@ -66,7 +66,7 @@ class OC_Util {
 	 * @return array
 	 */
 	public static function getVersion(){
-		return array(4,80,1);
+		return array(4,81,2);
 	}
 
 	/**
@@ -319,6 +319,23 @@ class OC_Util {
 	}
 
 	/**
+	* Check if the user is a subadmin, redirects to home if not
+	* @return array $groups where the current user is subadmin
+	*/
+	public static function checkSubAdminUser(){
+		// Check if we are a user
+		self::checkLoggedIn();
+		if(OC_Group::inGroup(OC_User::getUser(),'admin')){
+			return true;
+		}
+		if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())){
+			header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
+			exit();
+		}
+		return true;
+	}
+
+	/**
 	* Redirect to the user default page
 	*/
 	public static function redirectToDefaultPage(){