diff options
author | Lukas Reschke <lukas@owncloud.com> | 2014-12-04 14:15:55 +0100 |
---|---|---|
committer | Lukas Reschke <lukas@owncloud.com> | 2014-12-08 12:11:01 +0100 |
commit | fe7d9a7ca07bb21905c6483dee49bf37dd131674 (patch) | |
tree | f37a25e518c0ce38530a452d63386a525f5121f3 /settings | |
parent | e6908f8b890414451dfc32af4d76562016d75d0f (diff) | |
download | nextcloud-server-fe7d9a7ca07bb21905c6483dee49bf37dd131674.tar.gz nextcloud-server-fe7d9a7ca07bb21905c6483dee49bf37dd131674.zip |
Add REST route for user & group management
First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.
Diffstat (limited to 'settings')
-rw-r--r-- | settings/ajax/creategroup.php | 21 | ||||
-rw-r--r-- | settings/ajax/createuser.php | 59 | ||||
-rw-r--r-- | settings/ajax/grouplist.php | 46 | ||||
-rw-r--r-- | settings/ajax/removegroup.php | 14 | ||||
-rw-r--r-- | settings/ajax/removeuser.php | 26 | ||||
-rw-r--r-- | settings/ajax/userlist.php | 92 | ||||
-rw-r--r-- | settings/application.php | 71 | ||||
-rw-r--r-- | settings/controller/groupscontroller.php | 140 | ||||
-rw-r--r-- | settings/controller/userscontroller.php | 251 | ||||
-rw-r--r-- | settings/js/settings.js | 2 | ||||
-rw-r--r-- | settings/js/users/deleteHandler.js | 5 | ||||
-rw-r--r-- | settings/js/users/groups.js | 6 | ||||
-rw-r--r-- | settings/js/users/users.js | 6 | ||||
-rw-r--r-- | settings/middleware/subadminmiddleware.php | 65 | ||||
-rw-r--r-- | settings/routes.php | 39 |
15 files changed, 542 insertions, 301 deletions
diff --git a/settings/ajax/creategroup.php b/settings/ajax/creategroup.php deleted file mode 100644 index be376bea9dc..00000000000 --- a/settings/ajax/creategroup.php +++ /dev/null @@ -1,21 +0,0 @@ -<?php - -OCP\JSON::callCheck(); -OC_JSON::checkAdminUser(); - -$groupname = $_POST["groupname"]; -$l = \OC::$server->getL10N('settings'); - -// Does the group exist? -if( in_array( $groupname, OC_Group::getGroups())) { - OC_JSON::error(array("data" => array( "message" => $l->t("Group already exists") ))); - exit(); -} - -// Return Success story -if( OC_Group::createGroup( $groupname )) { - OC_JSON::success(array("data" => array( "groupname" => $groupname ))); -} -else{ - OC_JSON::error(array("data" => array( "message" => $l->t("Unable to add group") ))); -} diff --git a/settings/ajax/createuser.php b/settings/ajax/createuser.php deleted file mode 100644 index 463c15d59e8..00000000000 --- a/settings/ajax/createuser.php +++ /dev/null @@ -1,59 +0,0 @@ -<?php - -OCP\JSON::callCheck(); -OC_JSON::checkSubAdminUser(); - -if(OC_User::isAdminUser(OC_User::getUser())) { - $groups = array(); - if (!empty($_POST["groups"])) { - $groups = $_POST["groups"]; - } -}else{ - if (isset($_POST["groups"])) { - $groups = array(); - if (!empty($_POST["groups"])) { - foreach ($_POST["groups"] as $group) { - if (OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)) { - $groups[] = $group; - } - } - } - if (empty($groups)) { - $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); - } - } else { - $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); - } -} -$username = $_POST["username"]; -$password = $_POST["password"]; - -// Return Success story -try { - // check whether the user's files home exists - $userDirectory = OC_User::getHome($username) . '/files/'; - $homeExists = file_exists($userDirectory); - - if (!OC_User::createUser($username, $password)) { - OC_JSON::error(array('data' => array( 'message' => 'User creation failed for '.$username ))); - exit(); - } - foreach( $groups as $i ) { - if(!OC_Group::groupExists($i)) { - OC_Group::createGroup($i); - } - OC_Group::addToGroup( $username, $i ); - } - - $userManager = \OC_User::getManager(); - $user = $userManager->get($username); - OCP\JSON::success(array("data" => - array( - // returns whether the home already existed - "homeExists" => $homeExists, - "username" => $username, - "groups" => OC_Group::getUserGroups( $username ), - 'storageLocation' => $user->getHome()))); -} catch (Exception $exception) { - OCP\JSON::error(array("data" => array( "message" => $exception->getMessage()))); -} diff --git a/settings/ajax/grouplist.php b/settings/ajax/grouplist.php deleted file mode 100644 index 93bb510773d..00000000000 --- a/settings/ajax/grouplist.php +++ /dev/null @@ -1,46 +0,0 @@ -<?php -/** - * ownCloud - * - * @author Arthur Schiwon - * @copyright 2014 Arthur Schiwon <blizzz@owncloud.com> - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * - */ - -OC_JSON::callCheck(); -OC_JSON::checkSubAdminUser(); -if (isset($_GET['pattern']) && !empty($_GET['pattern'])) { - $pattern = $_GET['pattern']; -} else { - $pattern = ''; -} -if (isset($_GET['filterGroups']) && !empty($_GET['filterGroups'])) { - $filterGroups = intval($_GET['filterGroups']) === 1; -} else { - $filterGroups = false; -} -$groupPattern = $filterGroups ? $pattern : ''; -$groups = array(); -$adminGroups = array(); -$groupManager = \OC_Group::getManager(); -$isAdmin = OC_User::isAdminUser(OC_User::getUser()); - -$groupsInfo = new \OC\Group\MetaData(OC_User::getUser(), $isAdmin, $groupManager); -$groupsInfo->setSorting($groupsInfo::SORT_USERCOUNT); -list($adminGroups, $groups) = $groupsInfo->get($groupPattern, $pattern); - -OC_JSON::success( - array('data' => array('adminGroups' => $adminGroups, 'groups' => $groups))); diff --git a/settings/ajax/removegroup.php b/settings/ajax/removegroup.php deleted file mode 100644 index 798d7916e61..00000000000 --- a/settings/ajax/removegroup.php +++ /dev/null @@ -1,14 +0,0 @@ -<?php - -OC_JSON::checkAdminUser(); -OCP\JSON::callCheck(); - -$name = $_POST["groupname"]; - -// Return Success story -if( OC_Group::deleteGroup( $name )) { - OC_JSON::success(array("data" => array( "groupname" => $name ))); -} -else{ - OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete group") ))); -} diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php deleted file mode 100644 index eda85238780..00000000000 --- a/settings/ajax/removeuser.php +++ /dev/null @@ -1,26 +0,0 @@ -<?php - -OC_JSON::checkSubAdminUser(); -OCP\JSON::callCheck(); - -$username = $_POST["username"]; - -// A user shouldn't be able to delete his own account -if(OC_User::getUser() === $username) { - exit; -} - -if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { - $l = \OC::$server->getL10N('core'); - OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); - exit(); -} - -// Return Success story -if( OC_User::deleteUser( $username )) { - OC_JSON::success(array("data" => array( "username" => $username ))); -} -else{ - $l = \OC::$server->getL10N('core'); - OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") ))); -} diff --git a/settings/ajax/userlist.php b/settings/ajax/userlist.php deleted file mode 100644 index 807cf5f1899..00000000000 --- a/settings/ajax/userlist.php +++ /dev/null @@ -1,92 +0,0 @@ -<?php -/** - * ownCloud - * - * @author Michael Gapczynski - * @copyright 2012 Michael Gapczynski mtgap@owncloud.com - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE - * License as published by the Free Software Foundation; either - * version 3 of the License, or any later version. - * - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU AFFERO GENERAL PUBLIC LICENSE for more details. - * - * You should have received a copy of the GNU Affero General Public - * License along with this library. If not, see <http://www.gnu.org/licenses/>. - * - */ - -OC_JSON::callCheck(); -OC_JSON::checkSubAdminUser(); -if (isset($_GET['offset'])) { - $offset = $_GET['offset']; -} else { - $offset = 0; -} -if (isset($_GET['limit'])) { - $limit = $_GET['limit']; -} else { - $limit = 10; -} -if (isset($_GET['gid']) && !empty($_GET['gid'])) { - $gid = $_GET['gid']; - if ($gid === '_everyone') { - $gid = false; - } -} else { - $gid = false; -} -if (isset($_GET['pattern']) && !empty($_GET['pattern'])) { - $pattern = $_GET['pattern']; -} else { - $pattern = ''; -} -$users = array(); -$userManager = \OC_User::getManager(); -if (OC_User::isAdminUser(OC_User::getUser())) { - if($gid !== false) { - $batch = OC_Group::displayNamesInGroup($gid, $pattern, $limit, $offset); - } else { - $batch = OC_User::getDisplayNames($pattern, $limit, $offset); - } - foreach ($batch as $uid => $displayname) { - $user = $userManager->get($uid); - $users[] = array( - 'name' => $uid, - 'displayname' => $displayname, - 'groups' => OC_Group::getUserGroups($uid), - 'subadmin' => OC_SubAdmin::getSubAdminsGroups($uid), - 'quota' => OC_Preferences::getValue($uid, 'files', 'quota', 'default'), - 'storageLocation' => $user->getHome(), - 'lastLogin' => $user->getLastLogin(), - ); - } -} else { - $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); - if($gid !== false && in_array($gid, $groups)) { - $groups = array($gid); - } elseif($gid !== false) { - //don't you try to investigate loops you must not know about - $groups = array(); - } - $batch = OC_Group::usersInGroups($groups, $pattern, $limit, $offset); - foreach ($batch as $uid) { - $user = $userManager->get($uid); - - // Only add the groups, this user is a subadmin of - $userGroups = array_intersect(OC_Group::getUserGroups($uid), OC_SubAdmin::getSubAdminsGroups(OC_User::getUser())); - $users[] = array( - 'name' => $uid, - 'displayname' => $user->getDisplayName(), - 'groups' => $userGroups, - 'quota' => OC_Preferences::getValue($uid, 'files', 'quota', 'default'), - 'storageLocation' => $user->getHome(), - 'lastLogin' => $user->getLastLogin(), - ); - } -} -OC_JSON::success(array('data' => $users)); diff --git a/settings/application.php b/settings/application.php index 64aa4671228..0a80bd8b1e7 100644 --- a/settings/application.php +++ b/settings/application.php @@ -10,11 +10,14 @@ namespace OC\Settings; -use OC\AppFramework\Utility\SimpleContainer; use OC\Settings\Controller\AppSettingsController; +use OC\Settings\Controller\GroupsController; use OC\Settings\Controller\MailSettingsController; use OC\Settings\Controller\SecuritySettingsController; +use OC\Settings\Controller\UsersController; +use OC\Settings\Middleware\SubadminMiddleware; use \OCP\AppFramework\App; +use OCP\IContainer; use \OCP\Util; /** @@ -34,7 +37,7 @@ class Application extends App { /** * Controllers */ - $container->registerService('MailSettingsController', function(SimpleContainer $c) { + $container->registerService('MailSettingsController', function(IContainer $c) { return new MailSettingsController( $c->query('AppName'), $c->query('Request'), @@ -46,7 +49,7 @@ class Application extends App { $c->query('DefaultMailAddress') ); }); - $container->registerService('AppSettingsController', function(SimpleContainer $c) { + $container->registerService('AppSettingsController', function(IContainer $c) { return new AppSettingsController( $c->query('AppName'), $c->query('Request'), @@ -54,33 +57,81 @@ class Application extends App { $c->query('Config') ); }); - $container->registerService('SecuritySettingsController', function(SimpleContainer $c) { + $container->registerService('SecuritySettingsController', function(IContainer $c) { return new SecuritySettingsController( $c->query('AppName'), $c->query('Request'), $c->query('Config') ); }); + $container->registerService('GroupsController', function(IContainer $c) { + return new GroupsController( + $c->query('AppName'), + $c->query('Request'), + $c->query('GroupManager'), + $c->query('UserSession'), + $c->query('IsAdmin'), + $c->query('L10N') + ); + }); + $container->registerService('UsersController', function(IContainer $c) { + return new UsersController( + $c->query('AppName'), + $c->query('Request'), + $c->query('UserManager'), + $c->query('GroupManager'), + $c->query('UserSession'), + $c->query('Config'), + $c->query('IsAdmin'), + $c->query('L10N') + ); + }); + + /** + * Middleware + */ + $container->registerService('SubadminMiddleware', function(IContainer $c){ + return new SubadminMiddleware( + $c->query('ControllerMethodReflector'), + $c->query('IsSubAdmin') + ); + }); + // Execute middlewares + $container->registerMiddleware('SubadminMiddleware'); /** * Core class wrappers */ - $container->registerService('Config', function(SimpleContainer $c) { + $container->registerService('Config', function(IContainer $c) { return $c->query('ServerContainer')->getConfig(); }); - $container->registerService('L10N', function(SimpleContainer $c) { + $container->registerService('L10N', function(IContainer $c) { return $c->query('ServerContainer')->getL10N('settings'); }); - $container->registerService('UserSession', function(SimpleContainer $c) { + $container->registerService('GroupManager', function(IContainer $c) { + return $c->query('ServerContainer')->getGroupManager(); + }); + $container->registerService('UserManager', function(IContainer $c) { + return $c->query('ServerContainer')->getUserManager(); + }); + $container->registerService('UserSession', function(IContainer $c) { return $c->query('ServerContainer')->getUserSession(); }); - $container->registerService('Mail', function(SimpleContainer $c) { + /** FIXME: Remove once OC_User is non-static and mockable */ + $container->registerService('IsAdmin', function(IContainer $c) { + return \OC_User::isAdminUser(\OC_User::getUser()); + }); + /** FIXME: Remove once OC_SubAdmin is non-static and mockable */ + $container->registerService('IsSubAdmin', function(IContainer $c) { + return \OC_Subadmin::isSubAdmin(\OC_User::getUser()); + }); + $container->registerService('Mail', function(IContainer $c) { return new \OC_Mail; }); - $container->registerService('Defaults', function(SimpleContainer $c) { + $container->registerService('Defaults', function(IContainer $c) { return new \OC_Defaults; }); - $container->registerService('DefaultMailAddress', function(SimpleContainer $c) { + $container->registerService('DefaultMailAddress', function(IContainer $c) { return Util::getDefaultEmailAddress('no-reply'); }); } diff --git a/settings/controller/groupscontroller.php b/settings/controller/groupscontroller.php new file mode 100644 index 00000000000..6e6ab894605 --- /dev/null +++ b/settings/controller/groupscontroller.php @@ -0,0 +1,140 @@ +<?php +/** + * @author Lukas Reschke + * @copyright 2014 Lukas Reschke lukas@owncloud.com + * + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Settings\Controller; + +use \OCP\AppFramework\Controller; +use OCP\AppFramework\Http\DataResponse; +use OCP\IGroupManager; +use OCP\IL10N; +use OCP\IRequest; +use OCP\IUserSession; + +/** + * @package OC\Settings\Controller + */ +class GroupsController extends Controller { + /** @var IGroupManager */ + private $groupManager; + /** @var IL10N */ + private $l10n; + /** @var IUserSession */ + private $userSession; + /** @var bool */ + private $isAdmin; + + /** + * @param string $appName + * @param IRequest $request + * @param IGroupManager $groupManager + * @param IUserSession $userSession + * @param bool $isAdmin + * @param IL10N $l10n + */ + public function __construct($appName, + IRequest $request, + IGroupManager $groupManager, + IUserSession $userSession, + $isAdmin, + IL10N $l10n) { + parent::__construct($appName, $request); + $this->groupManager = $groupManager; + $this->userSession = $userSession; + $this->isAdmin = $isAdmin; + $this->l10n = $l10n; + } + + /** + * @NoAdminRequired + * + * @param string $pattern + * @param bool $filterGroups + * @return DataResponse + */ + public function index($pattern = '', $filterGroups = false) { + $groupPattern = $filterGroups ? $pattern : ''; + + $groupsInfo = new \OC\Group\MetaData($this->userSession->getUser()->getUID(), + $this->isAdmin, $this->groupManager); + $groupsInfo->setSorting($groupsInfo::SORT_USERCOUNT); + list($adminGroups, $groups) = $groupsInfo->get($groupPattern, $pattern); + + return new DataResponse( + array( + 'data' => array('adminGroups' => $adminGroups, 'groups' => $groups) + ) + ); + } + + /** + * @param string $id + * @return DataResponse + */ + public function create($id) { + if($this->groupManager->groupExists($id)) { + return new DataResponse( + array( + 'status' => 'error', + 'data' => array( + 'message' => (string)$this->l10n->t('Group already exists.') + ) + ) + ); + } + if($this->groupManager->createGroup($id)) { + return new DataResponse( + array( + 'status' => 'success', + 'data' => array( + 'groupname' => $id + ) + ) + ); + } + + return new DataResponse( + array( + 'status' => 'error', + 'data' => array( + 'message' => (string)$this->l10n->t('Unable to add group.') + ) + ) + ); + } + + /** + * @param string $id + * @return DataResponse + */ + public function destroy($id) { + $group = $this->groupManager->get($id); + if ($group) { + if ($group->delete()) { + return new DataResponse( + array( + 'status' => 'success', + 'data' => array( + 'groupname' => $id + ) + ) + ); + } + } + return new DataResponse( + array( + 'status' => 'error', + 'data' => array( + 'message' => (string)$this->l10n->t('Unable to delete group.') + ) + ) + ); + } + +} diff --git a/settings/controller/userscontroller.php b/settings/controller/userscontroller.php new file mode 100644 index 00000000000..d61d19f8cb4 --- /dev/null +++ b/settings/controller/userscontroller.php @@ -0,0 +1,251 @@ +<?php +/** + * @author Lukas Reschke + * @copyright 2014 Lukas Reschke lukas@owncloud.com + * + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Settings\Controller; + +use OC\User\User; +use \OCP\AppFramework\Controller; +use OCP\AppFramework\Http\DataResponse; +use OCP\IConfig; +use OCP\IGroupManager; +use OCP\IL10N; +use OCP\IRequest; +use OCP\IUserManager; +use OCP\IUserSession; + +/** + * @package OC\Settings\Controller + */ +class UsersController extends Controller { + /** @var IL10N */ + private $l10n; + /** @var IUserSession */ + private $userSession; + /** @var bool */ + private $isAdmin; + /** @var IUserManager */ + private $userManager; + /** @var IGroupManager */ + private $groupManager; + /** @var IConfig */ + private $config; + + /** + * @param string $appName + * @param IRequest $request + * @param IUserManager $userManager + * @param IGroupManager $groupManager + * @param IUserSession $userSession + * @param IConfig $config + * @param bool $isAdmin + * @param IL10N $l10n + */ + public function __construct($appName, + IRequest $request, + IUserManager $userManager, + IGroupManager $groupManager, + IUserSession $userSession, + IConfig $config, + $isAdmin, + IL10N $l10n) { + parent::__construct($appName, $request); + $this->userManager = $userManager; + $this->groupManager = $groupManager; + $this->userSession = $userSession; + $this->config = $config; + $this->isAdmin = $isAdmin; + $this->l10n = $l10n; + } + + /** + * @NoAdminRequired + * @NoCSRFRequired + * @param int $offset + * @param int $limit + * @param string $gid + * @param string $pattern + * @return DataResponse + * + * TODO: Tidy up and write unit tests - code is mainly static method calls + */ + public function index($offset = 0, $limit = 10, $gid = '', $pattern = '') { + // FIXME: The JS sends the group '_everyone' instead of no GID for the "all users" group. + if($gid === '_everyone') { + $gid = ''; + } + $users = array(); + if ($this->isAdmin) { + if($gid !== '') { + $batch = $this->groupManager->displayNamesInGroup($gid, $pattern, $limit, $offset); + } else { + // FIXME: Remove static method call + $batch = \OC_User::getDisplayNames($pattern, $limit, $offset); + } + + foreach ($batch as $uid => $displayname) { + $user = $this->userManager->get($uid); + $users[] = array( + 'name' => $uid, + 'displayname' => $displayname, + 'groups' => $this->groupManager->getUserGroupIds($user), + 'subadmin' => \OC_SubAdmin::getSubAdminsGroups($uid), + 'quota' => $this->config->getUserValue($uid, 'files', 'quota', 'default'), + 'storageLocation' => $user->getHome(), + 'lastLogin' => $user->getLastLogin(), + ); + } + } else { + $groups = \OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID()); + if($gid !== '' && in_array($gid, $groups)) { + $groups = array($gid); + } elseif($gid !== '') { + //don't you try to investigate loops you must not know about + $groups = array(); + } + $batch = \OC_Group::usersInGroups($groups, $pattern, $limit, $offset); + foreach ($batch as $uid) { + $user = $this->userManager->get($uid); + + // Only add the groups, this user is a subadmin of + $userGroups = array_intersect($this->groupManager->getUserGroupIds($user), \OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID())); + $users[] = array( + 'name' => $uid, + 'displayname' => $user->getDisplayName(), + 'groups' => $userGroups, + 'quota' => $this->config->getUserValue($uid, 'files', 'quota', 'default'), + 'storageLocation' => $user->getHome(), + 'lastLogin' => $user->getLastLogin(), + ); + } + } + + // FIXME: That assignment on "data" is uneeded here - JS should be adjusted + return new DataResponse(array('data' => $users, 'status' => 'success')); + } + + /** + * @NoAdminRequired + * + * @param string $username + * @param string $password + * @param array $groups + * @return DataResponse + * + * TODO: Tidy up and write unit tests - code is mainly static method calls + */ + public function create($username, $password, array $groups) { + + if (!$this->isAdmin) { + if (!empty($groups)) { + foreach ($groups as $key => $group) { + if (!\OC_SubAdmin::isGroupAccessible($this->userSession->getUser()->getUID(), $group)) { + unset($groups[$key]); + } + } + } + if (empty($groups)) { + $groups = \OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID()); + } + } + + try { + $user = $this->userManager->createUser($username, $password); + } catch (\Exception $exception) { + return new DataResponse( + array( + 'status' => 'error', + 'data' => array( + 'message' => (string)$this->l10n->t('Unable to create user.') + ) + ) + ); + } + + if($user instanceof User) { + foreach( $groups as $groupName ) { + $group = $this->groupManager->get($groupName); + + if(empty($group)) { + $group = $this->groupManager->createGroup($groupName); + } + $group->addUser($user); + } + } + + return new DataResponse( + array( + 'status' => 'success', + 'data' => array( + 'username' => $username, + 'groups' => $this->groupManager->getUserGroupIds($user), + 'storageLocation' => $user->getHome() + ) + ) + ); + + } + + /** + * @NoAdminRequired + * + * @param string $id + * @return DataResponse + * + * TODO: Tidy up and write unit tests - code is mainly static method calls + */ + public function destroy($id) { + if($this->userSession->getUser()->getUID() === $id) { + return new DataResponse( + array( + 'status' => 'error', + 'data' => array( + 'message' => (string)$this->l10n->t('Unable to delete user.') + ) + ) + ); + } + + // FIXME: Remove this static function call at some point… + if(!$this->isAdmin && !\OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $id)) { + return new DataResponse( + array( + 'status' => 'error', + 'data' => array( + 'message' => (string)$this->l10n->t('Authentication error')) + ) + ); + } + + $user = $this->userManager->get($id); + if($user) { + if($user->delete()) { + return new DataResponse( + array( + 'status' => 'success', + 'data' => array( + 'username' => $id + ) + ) + ); + } + } + + return new DataResponse( + array( + 'status' => 'error', + 'data' => array( + 'message' => (string)$this->l10n->t('Unable to delete user.') + ) + ) + ); + + } + +} diff --git a/settings/js/settings.js b/settings/js/settings.js index 13c56a8f53a..e98bd2cc895 100644 --- a/settings/js/settings.js +++ b/settings/js/settings.js @@ -41,7 +41,7 @@ OC.Settings = _.extend(OC.Settings, { }; } $.ajax({ - url: OC.generateUrl('/settings/ajax/grouplist'), + url: OC.generateUrl('/settings/users/groups'), data: queryData, dataType: 'json', success: function(data) { diff --git a/settings/js/users/deleteHandler.js b/settings/js/users/deleteHandler.js index c89a844044e..942bae91cd3 100644 --- a/settings/js/users/deleteHandler.js +++ b/settings/js/users/deleteHandler.js @@ -189,11 +189,10 @@ DeleteHandler.prototype.deleteEntry = function(keepNotification) { var payload = {}; payload[dh.ajaxParamID] = dh.oidToDelete; $.ajax({ - type: 'POST', - url: OC.filePath('settings', 'ajax', dh.ajaxEndpoint), + type: 'DELETE', + url: OC.generateUrl(dh.ajaxEndpoint+'/'+this.oidToDelete), // FIXME: do not use synchronous ajax calls as they block the browser ! async: false, - data: payload, success: function (result) { if (result.status === 'success') { // Remove undo option, & remove user from table diff --git a/settings/js/users/groups.js b/settings/js/users/groups.js index 081842734f0..284d5598ed5 100644 --- a/settings/js/users/groups.js +++ b/settings/js/users/groups.js @@ -84,9 +84,9 @@ GroupList = { createGroup: function (groupname) { $.post( - OC.filePath('settings', 'ajax', 'creategroup.php'), + OC.generateUrl('/settings/users/groups'), { - groupname: groupname + id: groupname }, function (result) { if (result.status !== 'success') { @@ -221,7 +221,7 @@ GroupList = { }, initDeleteHandling: function () { //set up handler - GroupDeleteHandler = new DeleteHandler('removegroup.php', 'groupname', + GroupDeleteHandler = new DeleteHandler('/settings/users/groups', 'groupname', GroupList.hide, GroupList.remove); //configure undo diff --git a/settings/js/users/users.js b/settings/js/users/users.js index 5e0c0cac189..6de8b7029ed 100644 --- a/settings/js/users/users.js +++ b/settings/js/users/users.js @@ -292,7 +292,7 @@ var UserList = { }, initDeleteHandling: function() { //set up handler - UserDeleteHandler = new DeleteHandler('removeuser.php', 'username', + UserDeleteHandler = new DeleteHandler('/settings/users/users', 'username', UserList.markRemove, UserList.remove); //configure undo @@ -326,7 +326,7 @@ var UserList = { UserList.currentGid = gid; var pattern = filter.getPattern(); $.get( - OC.generateUrl('/settings/ajax/userlist'), + OC.generateUrl('/settings/users/users'), { offset: UserList.offset, limit: UserList.usersToLoad, gid: gid, pattern: pattern }, function (result) { var loadedUsers = 0; @@ -667,7 +667,7 @@ $(document).ready(function () { var groups = $('#newusergroups').val(); $('#newuser').get(0).reset(); $.post( - OC.filePath('settings', 'ajax', 'createuser.php'), + OC.generateUrl('/settings/users/users'), { username: username, password: password, diff --git a/settings/middleware/subadminmiddleware.php b/settings/middleware/subadminmiddleware.php new file mode 100644 index 00000000000..a5c005e3148 --- /dev/null +++ b/settings/middleware/subadminmiddleware.php @@ -0,0 +1,65 @@ +<?php +/** + * @author Lukas Reschke + * @copyright 2014 Lukas Reschke lukas@owncloud.com + * + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +namespace OC\Settings\Middleware; + +use OC\AppFramework\Http; +use OC\AppFramework\Utility\ControllerMethodReflector; +use OCP\AppFramework\Http\TemplateResponse; +use OCP\AppFramework\Middleware; + +/** + * Verifies whether an user has at least subadmin rights. + * To bypass use the `@NoSubadminRequired` annotation + * + * @package OC\Settings\Middleware + */ +class SubadminMiddleware extends Middleware { + /** @var bool */ + protected $isSubAdmin; + /** @var ControllerMethodReflector */ + protected $reflector; + + /** + * @param ControllerMethodReflector $reflector + * @param bool $isSubAdmin + */ + public function __construct(ControllerMethodReflector $reflector, + $isSubAdmin) { + $this->reflector = $reflector; + $this->isSubAdmin = $isSubAdmin; + } + + /** + * Check if sharing is enabled before the controllers is executed + * @param \OCP\AppFramework\Controller $controller + * @param string $methodName + * @throws \Exception + */ + public function beforeController($controller, $methodName) { + if(!$this->reflector->hasAnnotation('NoSubadminRequired')) { + if(!$this->isSubAdmin) { + throw new \Exception('Logged in user must be a subadmin'); + } + } + } + + /** + * Return 403 page in case of an exception + * @param \OCP\AppFramework\Controller $controller + * @param string $methodName + * @param \Exception $exception + * @return TemplateResponse + */ + public function afterException($controller, $methodName, \Exception $exception) { + return new TemplateResponse('core', '403', array(), 'guest'); + } + +} diff --git a/settings/routes.php b/settings/routes.php index 7ca33fc2745..1b7a918fa79 100644 --- a/settings/routes.php +++ b/settings/routes.php @@ -9,17 +9,22 @@ namespace OC\Settings; $application = new Application(); -$application->registerRoutes($this, array('routes' =>array( - array('name' => 'MailSettings#setMailSettings', 'url' => '/settings/admin/mailsettings', 'verb' => 'POST'), - array('name' => 'MailSettings#storeCredentials', 'url' => '/settings/admin/mailsettings/credentials', 'verb' => 'POST'), - array('name' => 'MailSettings#sendTestMail', 'url' => '/settings/admin/mailtest', 'verb' => 'POST'), - array('name' => 'AppSettings#listCategories', 'url' => '/settings/apps/categories', 'verb' => 'GET'), - array('name' => 'AppSettings#listApps', 'url' => '/settings/apps/list', 'verb' => 'GET'), - array('name' => 'SecuritySettings#enforceSSL', 'url' => '/settings/admin/security/ssl', 'verb' => 'POST'), - array('name' => 'SecuritySettings#enforceSSLForSubdomains', 'url' => '/settings/admin/security/ssl/subdomains', 'verb' => 'POST'), - array('name' => 'SecuritySettings#trustedDomains', 'url' => '/settings/admin/security/trustedDomains', 'verb' => 'POST'), - -))); +$application->registerRoutes($this, array( + 'resources' => array( + 'groups' => array('url' => '/settings/users/groups'), + 'users' => array('url' => '/settings/users/users') + ), + 'routes' =>array( + array('name' => 'MailSettings#setMailSettings', 'url' => '/settings/admin/mailsettings', 'verb' => 'POST'), + array('name' => 'MailSettings#storeCredentials', 'url' => '/settings/admin/mailsettings/credentials', 'verb' => 'POST'), + array('name' => 'MailSettings#sendTestMail', 'url' => '/settings/admin/mailtest', 'verb' => 'POST'), + array('name' => 'AppSettings#listCategories', 'url' => '/settings/apps/categories', 'verb' => 'GET'), + array('name' => 'AppSettings#listApps', 'url' => '/settings/apps/list', 'verb' => 'GET'), + array('name' => 'SecuritySettings#enforceSSL', 'url' => '/settings/admin/security/ssl', 'verb' => 'POST'), + array('name' => 'SecuritySettings#enforceSSLForSubdomains', 'url' => '/settings/admin/security/ssl/subdomains', 'verb' => 'POST'), + array('name' => 'SecuritySettings#trustedDomains', 'url' => '/settings/admin/security/trustedDomains', 'verb' => 'POST'), + ) +)); /** @var $this \OCP\Route\IRouter */ @@ -38,26 +43,14 @@ $this->create('settings_admin', '/settings/admin') ->actionInclude('settings/admin.php'); // Settings ajax actions // users -$this->create('settings_ajax_userlist', '/settings/ajax/userlist') - ->actionInclude('settings/ajax/userlist.php'); -$this->create('settings_ajax_grouplist', '/settings/ajax/grouplist') - ->actionInclude('settings/ajax/grouplist.php'); $this->create('settings_ajax_everyonecount', '/settings/ajax/geteveryonecount') ->actionInclude('settings/ajax/geteveryonecount.php'); -$this->create('settings_ajax_createuser', '/settings/ajax/createuser.php') - ->actionInclude('settings/ajax/createuser.php'); -$this->create('settings_ajax_removeuser', '/settings/ajax/removeuser.php') - ->actionInclude('settings/ajax/removeuser.php'); $this->create('settings_ajax_setquota', '/settings/ajax/setquota.php') ->actionInclude('settings/ajax/setquota.php'); -$this->create('settings_ajax_creategroup', '/settings/ajax/creategroup.php') - ->actionInclude('settings/ajax/creategroup.php'); $this->create('settings_ajax_togglegroups', '/settings/ajax/togglegroups.php') ->actionInclude('settings/ajax/togglegroups.php'); $this->create('settings_ajax_togglesubadmins', '/settings/ajax/togglesubadmins.php') ->actionInclude('settings/ajax/togglesubadmins.php'); -$this->create('settings_ajax_removegroup', '/settings/ajax/removegroup.php') - ->actionInclude('settings/ajax/removegroup.php'); $this->create('settings_users_changepassword', '/settings/users/changepassword') ->post() ->action('OC\Settings\ChangePassword\Controller', 'changeUserPassword'); |