Merge pull request #12618 from owncloud/initial-work-migrate-to-appframework

Add REST route for managing groups and users

16 files changed, 589 insertions, 358 deletions

diff --git a/settings/ajax/creategroup.php b/settings/ajax/creategroup.php
deleted file mode 100644
index be376bea9dc..00000000000
--- a/settings/ajax/creategroup.php
+++ /dev/null
@@ -1,21 +0,0 @@
-<?php
-
-OCP\JSON::callCheck();
-OC_JSON::checkAdminUser();
-
-$groupname = $_POST["groupname"];
-$l = \OC::$server->getL10N('settings');
-
-// Does the group exist?
-if( in_array( $groupname, OC_Group::getGroups())) {
-	OC_JSON::error(array("data" => array( "message" => $l->t("Group already exists") )));
-	exit();
-}
-
-// Return Success story
-if( OC_Group::createGroup( $groupname )) {
-	OC_JSON::success(array("data" => array( "groupname" => $groupname )));
-}
-else{
-	OC_JSON::error(array("data" => array( "message" => $l->t("Unable to add group") )));
-}
diff --git a/settings/ajax/createuser.php b/settings/ajax/createuser.php
deleted file mode 100644
index 463c15d59e8..00000000000
--- a/settings/ajax/createuser.php
+++ /dev/null
@@ -1,59 +0,0 @@
-<?php
-
-OCP\JSON::callCheck();
-OC_JSON::checkSubAdminUser();
-
-if(OC_User::isAdminUser(OC_User::getUser())) {
-	$groups = array();
-	if (!empty($_POST["groups"])) {
-		$groups = $_POST["groups"];
-	}
-}else{
-	if (isset($_POST["groups"])) {
-		$groups = array();
-		if (!empty($_POST["groups"])) {
-			foreach ($_POST["groups"] as $group) {
-				if (OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)) {
-					$groups[] = $group;
-				}
-			}
-		}
-		if (empty($groups)) {
-			$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
-		}
-	} else {
-		$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
-	}
-}
-$username = $_POST["username"];
-$password = $_POST["password"];
-
-// Return Success story
-try {
-	// check whether the user's files home exists
-	$userDirectory = OC_User::getHome($username) . '/files/';
-	$homeExists = file_exists($userDirectory);
-
-	if (!OC_User::createUser($username, $password)) {
-		OC_JSON::error(array('data' => array( 'message' => 'User creation failed for '.$username )));
-		exit();
-	}
-	foreach( $groups as $i ) {
-		if(!OC_Group::groupExists($i)) {
-			OC_Group::createGroup($i);
-		}
-		OC_Group::addToGroup( $username, $i );
-	}
-
-	$userManager = \OC_User::getManager();
-	$user = $userManager->get($username);
-	OCP\JSON::success(array("data" =>
-				array(
-					// returns whether the home already existed
-					"homeExists" => $homeExists,
-					"username" => $username,
-					"groups" => OC_Group::getUserGroups( $username ),
-					'storageLocation' => $user->getHome())));
-} catch (Exception $exception) {
-	OCP\JSON::error(array("data" => array( "message" => $exception->getMessage())));
-}
diff --git a/settings/ajax/grouplist.php b/settings/ajax/grouplist.php
deleted file mode 100644
index 93bb510773d..00000000000
--- a/settings/ajax/grouplist.php
+++ /dev/null
@@ -1,46 +0,0 @@
-<?php
-/**
- * ownCloud
- *
- * @author Arthur Schiwon
- * @copyright 2014 Arthur Schiwon <blizzz@owncloud.com>
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
- *
- * You should have received a copy of the GNU Affero General Public
- * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-OC_JSON::callCheck();
-OC_JSON::checkSubAdminUser();
-if (isset($_GET['pattern']) && !empty($_GET['pattern'])) {
-	$pattern = $_GET['pattern'];
-} else {
-	$pattern = '';
-}
-if (isset($_GET['filterGroups']) && !empty($_GET['filterGroups'])) {
-	$filterGroups = intval($_GET['filterGroups']) === 1;
-} else {
-	$filterGroups = false;
-}
-$groupPattern = $filterGroups ? $pattern : '';
-$groups = array();
-$adminGroups = array();
-$groupManager = \OC_Group::getManager();
-$isAdmin = OC_User::isAdminUser(OC_User::getUser());
-
-$groupsInfo = new \OC\Group\MetaData(OC_User::getUser(), $isAdmin, $groupManager);
-$groupsInfo->setSorting($groupsInfo::SORT_USERCOUNT);
-list($adminGroups, $groups) = $groupsInfo->get($groupPattern, $pattern);
-
-OC_JSON::success(
-	array('data' => array('adminGroups' => $adminGroups, 'groups' => $groups)));
diff --git a/settings/ajax/removegroup.php b/settings/ajax/removegroup.php
deleted file mode 100644
index 798d7916e61..00000000000
--- a/settings/ajax/removegroup.php
+++ /dev/null
@@ -1,14 +0,0 @@
-<?php
-
-OC_JSON::checkAdminUser();
-OCP\JSON::callCheck();
-
-$name = $_POST["groupname"];
-
-// Return Success story
-if( OC_Group::deleteGroup( $name )) {
-	OC_JSON::success(array("data" => array( "groupname" => $name )));
-}
-else{
-	OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete group") )));
-}
diff --git a/settings/ajax/removeuser.php b/settings/ajax/removeuser.php
deleted file mode 100644
index eda85238780..00000000000
--- a/settings/ajax/removeuser.php
+++ /dev/null
@@ -1,26 +0,0 @@
-<?php
-
-OC_JSON::checkSubAdminUser();
-OCP\JSON::callCheck();
-
-$username = $_POST["username"];
-
-// A user shouldn't be able to delete his own account
-if(OC_User::getUser() === $username) {
-	exit;
-}
-
-if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
-	$l = \OC::$server->getL10N('core');
-	OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
-	exit();
-}
-
-// Return Success story
-if( OC_User::deleteUser( $username )) {
-	OC_JSON::success(array("data" => array( "username" => $username )));
-}
-else{
-	$l = \OC::$server->getL10N('core');
-	OC_JSON::error(array("data" => array( "message" => $l->t("Unable to delete user") )));
-}
diff --git a/settings/ajax/userlist.php b/settings/ajax/userlist.php
deleted file mode 100644
index 807cf5f1899..00000000000
--- a/settings/ajax/userlist.php
+++ /dev/null
@@ -1,92 +0,0 @@
-<?php
-/**
- * ownCloud
- *
- * @author Michael Gapczynski
- * @copyright 2012 Michael Gapczynski mtgap@owncloud.com
- *
- * This library is free software; you can redistribute it and/or
- * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
- * License as published by the Free Software Foundation; either
- * version 3 of the License, or any later version.
- *
- * This library is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
- *
- * You should have received a copy of the GNU Affero General Public
- * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
- *
- */
-
-OC_JSON::callCheck();
-OC_JSON::checkSubAdminUser();
-if (isset($_GET['offset'])) {
-	$offset = $_GET['offset'];
-} else {
-	$offset = 0;
-}
-if (isset($_GET['limit'])) {
-	$limit = $_GET['limit'];
-} else {
-	$limit = 10;
-}
-if (isset($_GET['gid']) && !empty($_GET['gid'])) {
-	$gid = $_GET['gid'];
-	if ($gid === '_everyone') {
-		$gid = false;
-	}
-} else {
-	$gid = false;
-}
-if (isset($_GET['pattern']) && !empty($_GET['pattern'])) {
-	$pattern = $_GET['pattern'];
-} else {
-	$pattern = '';
-}
-$users = array();
-$userManager = \OC_User::getManager();
-if (OC_User::isAdminUser(OC_User::getUser())) {
-	if($gid !== false) {
-		$batch = OC_Group::displayNamesInGroup($gid, $pattern, $limit, $offset);
-	} else {
-		$batch = OC_User::getDisplayNames($pattern, $limit, $offset);
-	}
-	foreach ($batch as $uid => $displayname) {
-		$user = $userManager->get($uid);
-		$users[] = array(
-			'name' => $uid,
-			'displayname' => $displayname,
-			'groups' => OC_Group::getUserGroups($uid),
-			'subadmin' => OC_SubAdmin::getSubAdminsGroups($uid),
-			'quota' => OC_Preferences::getValue($uid, 'files', 'quota', 'default'),
-			'storageLocation' => $user->getHome(),
-			'lastLogin' => $user->getLastLogin(),
-		);
-	}
-} else {
-	$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
-	if($gid !== false && in_array($gid, $groups)) {
-		$groups = array($gid);
-	} elseif($gid !== false) {
-		//don't you try to investigate loops you must not know about
-		$groups = array();
-	}
-	$batch = OC_Group::usersInGroups($groups, $pattern, $limit, $offset);
-	foreach ($batch as $uid) {
-		$user = $userManager->get($uid);
-
-		// Only add the groups, this user is a subadmin of
-		$userGroups = array_intersect(OC_Group::getUserGroups($uid), OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()));
-		$users[] = array(
-			'name' => $uid,
-			'displayname' => $user->getDisplayName(),
-			'groups' => $userGroups,
-			'quota' => OC_Preferences::getValue($uid, 'files', 'quota', 'default'),
-			'storageLocation' => $user->getHome(),
-			'lastLogin' => $user->getLastLogin(),
-		);
-	}
-}
-OC_JSON::success(array('data' => $users));
diff --git a/settings/application.php b/settings/application.php
index 64aa4671228..0a80bd8b1e7 100644
--- a/settings/application.php
+++ b/settings/application.php
@@ -10,11 +10,14 @@
 
 namespace OC\Settings;
 
-use OC\AppFramework\Utility\SimpleContainer;
 use OC\Settings\Controller\AppSettingsController;
+use OC\Settings\Controller\GroupsController;
 use OC\Settings\Controller\MailSettingsController;
 use OC\Settings\Controller\SecuritySettingsController;
+use OC\Settings\Controller\UsersController;
+use OC\Settings\Middleware\SubadminMiddleware;
 use \OCP\AppFramework\App;
+use OCP\IContainer;
 use \OCP\Util;
 
 /**
@@ -34,7 +37,7 @@ class Application extends App {
 		/**
 		 * Controllers
 		 */
-		$container->registerService('MailSettingsController', function(SimpleContainer $c) {
+		$container->registerService('MailSettingsController', function(IContainer $c) {
 			return new MailSettingsController(
 				$c->query('AppName'),
 				$c->query('Request'),
@@ -46,7 +49,7 @@ class Application extends App {
 				$c->query('DefaultMailAddress')
 			);
 		});
-		$container->registerService('AppSettingsController', function(SimpleContainer $c) {
+		$container->registerService('AppSettingsController', function(IContainer $c) {
 			return new AppSettingsController(
 				$c->query('AppName'),
 				$c->query('Request'),
@@ -54,33 +57,81 @@ class Application extends App {
 				$c->query('Config')
 			);
 		});
-		$container->registerService('SecuritySettingsController', function(SimpleContainer $c) {
+		$container->registerService('SecuritySettingsController', function(IContainer $c) {
 			return new SecuritySettingsController(
 				$c->query('AppName'),
 				$c->query('Request'),
 				$c->query('Config')
 			);
 		});
+		$container->registerService('GroupsController', function(IContainer $c) {
+			return new GroupsController(
+				$c->query('AppName'),
+				$c->query('Request'),
+				$c->query('GroupManager'),
+				$c->query('UserSession'),
+				$c->query('IsAdmin'),
+				$c->query('L10N')
+			);
+		});
+		$container->registerService('UsersController', function(IContainer $c) {
+			return new UsersController(
+				$c->query('AppName'),
+				$c->query('Request'),
+				$c->query('UserManager'),
+				$c->query('GroupManager'),
+				$c->query('UserSession'),
+				$c->query('Config'),
+				$c->query('IsAdmin'),
+				$c->query('L10N')
+			);
+		});
+
+		/**
+		 * Middleware
+		 */
+		$container->registerService('SubadminMiddleware', function(IContainer $c){
+			return new SubadminMiddleware(
+				$c->query('ControllerMethodReflector'),
+				$c->query('IsSubAdmin')
+			);
+		});
+		// Execute middlewares
+		$container->registerMiddleware('SubadminMiddleware');
 
 		/**
 		 * Core class wrappers
 		 */
-		$container->registerService('Config', function(SimpleContainer $c) {
+		$container->registerService('Config', function(IContainer $c) {
 			return $c->query('ServerContainer')->getConfig();
 		});
-		$container->registerService('L10N', function(SimpleContainer $c) {
+		$container->registerService('L10N', function(IContainer $c) {
 			return $c->query('ServerContainer')->getL10N('settings');
 		});
-		$container->registerService('UserSession', function(SimpleContainer $c) {
+		$container->registerService('GroupManager', function(IContainer $c) {
+			return $c->query('ServerContainer')->getGroupManager();
+		});
+		$container->registerService('UserManager', function(IContainer $c) {
+			return $c->query('ServerContainer')->getUserManager();
+		});
+		$container->registerService('UserSession', function(IContainer $c) {
 			return $c->query('ServerContainer')->getUserSession();
 		});
-		$container->registerService('Mail', function(SimpleContainer $c) {
+		/** FIXME: Remove once OC_User is non-static and mockable */
+		$container->registerService('IsAdmin', function(IContainer $c) {
+			return \OC_User::isAdminUser(\OC_User::getUser());
+		});
+		/** FIXME: Remove once OC_SubAdmin is non-static and mockable */
+		$container->registerService('IsSubAdmin', function(IContainer $c) {
+			return \OC_Subadmin::isSubAdmin(\OC_User::getUser());
+		});
+		$container->registerService('Mail', function(IContainer $c) {
 			return new \OC_Mail;
 		});
-		$container->registerService('Defaults', function(SimpleContainer $c) {
+		$container->registerService('Defaults', function(IContainer $c) {
 			return new \OC_Defaults;
 		});
-		$container->registerService('DefaultMailAddress', function(SimpleContainer $c) {
+		$container->registerService('DefaultMailAddress', function(IContainer $c) {
 			return Util::getDefaultEmailAddress('no-reply');
 		});
 	}
diff --git a/settings/controller/groupscontroller.php b/settings/controller/groupscontroller.php
new file mode 100644
index 00000000000..82e72821c3d
--- /dev/null
+++ b/settings/controller/groupscontroller.php
@@ -0,0 +1,140 @@
+<?php
+/**
+ * @author Lukas Reschke
+ * @copyright 2014 Lukas Reschke lukas@owncloud.com
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Settings\Controller;
+
+use OC\AppFramework\Http;
+use \OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\IGroupManager;
+use OCP\IL10N;
+use OCP\IRequest;
+use OCP\IUserSession;
+
+/**
+ * @package OC\Settings\Controller
+ */
+class GroupsController extends Controller {
+	/** @var IGroupManager */
+	private $groupManager;
+	/** @var IL10N */
+	private $l10n;
+	/** @var IUserSession */
+	private $userSession;
+	/** @var bool */
+	private $isAdmin;
+
+	/**
+	 * @param string $appName
+	 * @param IRequest $request
+	 * @param IGroupManager $groupManager
+	 * @param IUserSession $userSession
+	 * @param bool $isAdmin
+	 * @param IL10N $l10n
+	 */
+	public function __construct($appName,
+								IRequest $request,
+								IGroupManager $groupManager,
+								IUserSession $userSession,
+								$isAdmin,
+								IL10N $l10n) {
+		parent::__construct($appName, $request);
+		$this->groupManager = $groupManager;
+		$this->userSession = $userSession;
+		$this->isAdmin = $isAdmin;
+		$this->l10n = $l10n;
+	}
+
+	/**
+	 * @NoAdminRequired
+	 *
+	 * @param string $pattern
+	 * @param bool $filterGroups
+	 * @return DataResponse
+	 */
+	public function index($pattern = '', $filterGroups = false) {
+		$groupPattern = $filterGroups ? $pattern : '';
+
+		$groupsInfo = new \OC\Group\MetaData($this->userSession->getUser()->getUID(),
+			$this->isAdmin, $this->groupManager);
+		$groupsInfo->setSorting($groupsInfo::SORT_USERCOUNT);
+		list($adminGroups, $groups) = $groupsInfo->get($groupPattern, $pattern);
+
+		return new DataResponse(
+			array(
+				'data' => array('adminGroups' => $adminGroups, 'groups' => $groups)
+			)
+		);
+	}
+
+	/**
+	 * @param string $id
+	 * @return DataResponse
+	 */
+	public function create($id) {
+		if($this->groupManager->groupExists($id)) {
+			return new DataResponse(
+				array(
+					'message' => (string)$this->l10n->t('Group already exists.')
+				),
+				Http::STATUS_CONFLICT
+			);
+		}
+		if($this->groupManager->createGroup($id)) {
+			return new DataResponse(
+				array(
+					'groupname' => $id
+				),
+				Http::STATUS_CREATED
+			);
+		}
+
+		return new DataResponse(
+			array(
+				'status' => 'error',
+				'data' => array(
+					'message' => (string)$this->l10n->t('Unable to add group.')
+				)
+			),
+			Http::STATUS_FORBIDDEN
+		);
+	}
+
+	/**
+	 * @param string $id
+	 * @return DataResponse
+	 */
+	public function destroy($id) {
+		$group = $this->groupManager->get($id);
+		if ($group) {
+			if ($group->delete()) {
+				return new DataResponse(
+					array(
+						'status' => 'success',
+						'data' => array(
+							'groupname' => $id
+						)
+					),
+					Http::STATUS_NO_CONTENT
+				);
+			}
+		}
+		return new DataResponse(
+			array(
+				'status' => 'error',
+				'data' => array(
+					'message' => (string)$this->l10n->t('Unable to delete group.')
+				),
+			),
+			Http::STATUS_FORBIDDEN
+		);
+	}
+
+}
diff --git a/settings/controller/userscontroller.php b/settings/controller/userscontroller.php
new file mode 100644
index 00000000000..5bd4b555106
--- /dev/null
+++ b/settings/controller/userscontroller.php
@@ -0,0 +1,253 @@
+<?php
+/**
+ * @author Lukas Reschke
+ * @copyright 2014 Lukas Reschke lukas@owncloud.com
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Settings\Controller;
+
+use OC\AppFramework\Http;
+use OC\User\User;
+use \OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\IConfig;
+use OCP\IGroupManager;
+use OCP\IL10N;
+use OCP\IRequest;
+use OCP\IUserManager;
+use OCP\IUserSession;
+
+/**
+ * @package OC\Settings\Controller
+ */
+class UsersController extends Controller {
+	/** @var IL10N */
+	private $l10n;
+	/** @var IUserSession */
+	private $userSession;
+	/** @var bool */
+	private $isAdmin;
+	/** @var IUserManager */
+	private $userManager;
+	/** @var IGroupManager */
+	private $groupManager;
+	/** @var IConfig */
+	private $config;
+
+	/**
+	 * @param string $appName
+	 * @param IRequest $request
+	 * @param IUserManager $userManager
+	 * @param IGroupManager $groupManager
+	 * @param IUserSession $userSession
+	 * @param IConfig $config
+	 * @param bool $isAdmin
+	 * @param IL10N $l10n
+	 */
+	public function __construct($appName,
+								IRequest $request,
+								IUserManager $userManager,
+								IGroupManager $groupManager,
+								IUserSession $userSession,
+								IConfig $config,
+								$isAdmin,
+								IL10N $l10n) {
+		parent::__construct($appName, $request);
+		$this->userManager = $userManager;
+		$this->groupManager = $groupManager;
+		$this->userSession = $userSession;
+		$this->config = $config;
+		$this->isAdmin = $isAdmin;
+		$this->l10n = $l10n;
+	}
+
+	/**
+	 * @NoAdminRequired
+	 * @NoCSRFRequired
+	 * @param int $offset
+	 * @param int $limit
+	 * @param string $gid
+	 * @param string $pattern
+	 * @return DataResponse
+	 *
+	 * TODO: Tidy up and write unit tests - code is mainly static method calls
+	 */
+	public function index($offset = 0, $limit = 10, $gid = '', $pattern = '') {
+		// FIXME: The JS sends the group '_everyone' instead of no GID for the "all users" group.
+		if($gid === '_everyone') {
+			$gid = '';
+		}
+		$users = array();
+		if ($this->isAdmin) {
+			if($gid !== '') {
+				$batch = $this->groupManager->displayNamesInGroup($gid, $pattern, $limit, $offset);
+			} else {
+				// FIXME: Remove static method call
+				$batch = \OC_User::getDisplayNames($pattern, $limit, $offset);
+			}
+
+			foreach ($batch as $uid => $displayname) {
+				$user = $this->userManager->get($uid);
+				$users[] = array(
+					'name' => $uid,
+					'displayname' => $displayname,
+					'groups' => $this->groupManager->getUserGroupIds($user),
+					'subadmin' => \OC_SubAdmin::getSubAdminsGroups($uid),
+					'quota' => $this->config->getUserValue($uid, 'files', 'quota', 'default'),
+					'storageLocation' => $user->getHome(),
+					'lastLogin' => $user->getLastLogin(),
+				);
+			}
+		} else {
+			$groups = \OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID());
+			if($gid !== '' && in_array($gid, $groups)) {
+				$groups = array($gid);
+			} elseif($gid !== '') {
+				//don't you try to investigate loops you must not know about
+				$groups = array();
+			}
+			$batch = \OC_Group::usersInGroups($groups, $pattern, $limit, $offset);
+			foreach ($batch as $uid) {
+				$user = $this->userManager->get($uid);
+
+				// Only add the groups, this user is a subadmin of
+				$userGroups = array_intersect($this->groupManager->getUserGroupIds($user), \OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID()));
+				$users[] = array(
+					'name' => $uid,
+					'displayname' => $user->getDisplayName(),
+					'groups' => $userGroups,
+					'quota' => $this->config->getUserValue($uid, 'files', 'quota', 'default'),
+					'storageLocation' => $user->getHome(),
+					'lastLogin' => $user->getLastLogin(),
+				);
+			}
+		}
+
+		// FIXME: That assignment on "data" is uneeded here - JS should be adjusted
+		return new DataResponse(array('data' => $users, 'status' => 'success'));
+	}
+
+	/**
+	 * @NoAdminRequired
+	 *
+	 * @param string $username
+	 * @param string $password
+	 * @param array $groups
+	 * @return DataResponse
+	 *
+	 * TODO: Tidy up and write unit tests - code is mainly static method calls
+	 */
+	public function create($username, $password, array $groups) {
+		
+		if (!$this->isAdmin) {
+			if (!empty($groups)) {
+				foreach ($groups as $key => $group) {
+					if (!\OC_SubAdmin::isGroupAccessible($this->userSession->getUser()->getUID(), $group)) {
+						unset($groups[$key]);
+					}
+				}
+			}
+			if (empty($groups)) {
+				$groups = \OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID());
+			}
+		}
+
+		try {
+			$user = $this->userManager->createUser($username, $password);
+		} catch (\Exception $exception) {
+			return new DataResponse(
+				array(
+					'message' => (string)$this->l10n->t('Unable to create user.')
+				),
+				Http::STATUS_FORBIDDEN
+			);
+		}
+
+		if($user instanceof User) {
+			foreach( $groups as $groupName ) {
+				$group = $this->groupManager->get($groupName);
+
+				if(empty($group)) {
+					$group = $this->groupManager->createGroup($groupName);
+				}
+				$group->addUser($user);
+			}
+		}
+
+		return new DataResponse(
+			array(
+				'username' => $username,
+				'groups' => $this->groupManager->getUserGroupIds($user),
+				'storageLocation' => $user->getHome()
+			),
+			Http::STATUS_CREATED
+		);
+
+	}
+
+	/**
+	 * @NoAdminRequired
+	 *
+	 * @param string $id
+	 * @return DataResponse
+	 *
+	 * TODO: Tidy up and write unit tests - code is mainly static method calls
+	 */
+	public function destroy($id) {
+		if($this->userSession->getUser()->getUID() === $id) {
+			return new DataResponse(
+				array(
+					'status' => 'error',
+					'data' => array(
+						'message' => (string)$this->l10n->t('Unable to delete user.')
+					)
+				),
+				Http::STATUS_FORBIDDEN
+			);
+		}
+
+		// FIXME: Remove this static function call at some point…
+		if(!$this->isAdmin && !\OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $id)) {
+			return new DataResponse(
+				array(
+					'status' => 'error',
+					'data' => array(
+						'message' => (string)$this->l10n->t('Authentication error')
+					)
+				),
+				Http::STATUS_FORBIDDEN
+			);
+		}
+
+		$user = $this->userManager->get($id);
+		if($user) {
+			if($user->delete()) {
+				return new DataResponse(
+					array(
+						'status' => 'success',
+						'data' => array(
+							'username' => $id
+						)
+					),
+					Http::STATUS_NO_CONTENT
+				);
+			}
+		}
+
+		return new DataResponse(
+			array(
+				'status' => 'error',
+				'data' => array(
+					'message' => (string)$this->l10n->t('Unable to delete user.')
+				)
+			),
+			Http::STATUS_FORBIDDEN
+		);
+
+	}
+
+}
diff --git a/settings/js/settings.js b/settings/js/settings.js
index 13c56a8f53a..e98bd2cc895 100644
--- a/settings/js/settings.js
+++ b/settings/js/settings.js
@@ -41,7 +41,7 @@ OC.Settings = _.extend(OC.Settings, {
 						};
 					}
 					$.ajax({
-						url: OC.generateUrl('/settings/ajax/grouplist'),
+						url: OC.generateUrl('/settings/users/groups'),
 						data: queryData,
 						dataType: 'json',
 						success: function(data) {
diff --git a/settings/js/users/deleteHandler.js b/settings/js/users/deleteHandler.js
index c89a844044e..942bae91cd3 100644
--- a/settings/js/users/deleteHandler.js
+++ b/settings/js/users/deleteHandler.js
@@ -189,11 +189,10 @@ DeleteHandler.prototype.deleteEntry = function(keepNotification) {
 	var payload = {};
 	payload[dh.ajaxParamID] = dh.oidToDelete;
 	$.ajax({
-		type: 'POST',
-		url: OC.filePath('settings', 'ajax', dh.ajaxEndpoint),
+		type: 'DELETE',
+		url: OC.generateUrl(dh.ajaxEndpoint+'/'+this.oidToDelete),
 		// FIXME: do not use synchronous ajax calls as they block the browser !
 		async: false,
-		data: payload,
 		success: function (result) {
 			if (result.status === 'success') {
 				// Remove undo option, & remove user from table
diff --git a/settings/js/users/groups.js b/settings/js/users/groups.js
index 081842734f0..c06bc5ff14b 100644
--- a/settings/js/users/groups.js
+++ b/settings/js/users/groups.js
@@ -84,29 +84,24 @@ GroupList = {
 
 	createGroup: function (groupname) {
 		$.post(
-			OC.filePath('settings', 'ajax', 'creategroup.php'),
+			OC.generateUrl('/settings/users/groups'),
 			{
-				groupname: groupname
+				id: groupname
 			},
 			function (result) {
-				if (result.status !== 'success') {
-					OC.dialogs.alert(result.data.message,
-						t('settings', 'Error creating group'));
+				if (result.groupname) {
+					var addedGroup = result.groupname;
+					UserList.availableGroups = $.unique($.merge(UserList.availableGroups, [addedGroup]));
+					GroupList.addGroup(result.groupname);
+
+					$('.groupsselect, .subadminsselect')
+						.append($('<option>', { value: result.groupname })
+							.text(result.groupname));
 				}
-				else {
-					if (result.data.groupname) {
-						var addedGroup = result.data.groupname;
-						UserList.availableGroups = $.unique($.merge(UserList.availableGroups, [addedGroup]));
-						GroupList.addGroup(result.data.groupname);
-
-						$('.groupsselect, .subadminsselect')
-							.append($('<option>', { value: result.data.groupname })
-								.text(result.data.groupname));
-					}
-					GroupList.toggleAddGroup();
-				}
-			}
-		);
+				GroupList.toggleAddGroup();
+			}).fail(function(result, textStatus, errorThrown) {
+				OC.dialogs.alert(result.responseJSON.message, t('settings', 'Error creating group'));
+			});
 	},
 
 	update: function () {
@@ -115,7 +110,7 @@ GroupList = {
 		}
 		GroupList.updating = true;
 		$.get(
-			OC.generateUrl('/settings/ajax/grouplist'),
+			OC.generateUrl('/settings/users/groups'),
 			{
 				pattern: filter.getPattern(),
 				filterGroups: filter.filterGroups ? 1 : 0
@@ -221,7 +216,7 @@ GroupList = {
 	},
 	initDeleteHandling: function () {
 		//set up handler
-		GroupDeleteHandler = new DeleteHandler('removegroup.php', 'groupname',
+		GroupDeleteHandler = new DeleteHandler('/settings/users/groups', 'groupname',
 			GroupList.hide, GroupList.remove);
 
 		//configure undo
diff --git a/settings/js/users/users.js b/settings/js/users/users.js
index 5e0c0cac189..1bca6d06b33 100644
--- a/settings/js/users/users.js
+++ b/settings/js/users/users.js
@@ -292,7 +292,7 @@ var UserList = {
 	},
 	initDeleteHandling: function() {
 		//set up handler
-		UserDeleteHandler = new DeleteHandler('removeuser.php', 'username',
+		UserDeleteHandler = new DeleteHandler('/settings/users/users', 'username',
 											UserList.markRemove, UserList.remove);
 
 		//configure undo
@@ -326,7 +326,7 @@ var UserList = {
 		UserList.currentGid = gid;
 		var pattern = filter.getPattern();
 		$.get(
-			OC.generateUrl('/settings/ajax/userlist'),
+			OC.generateUrl('/settings/users/users'),
 			{ offset: UserList.offset, limit: UserList.usersToLoad, gid: gid, pattern: pattern },
 			function (result) {
 				var loadedUsers = 0;
@@ -667,49 +667,44 @@ $(document).ready(function () {
 		var groups = $('#newusergroups').val();
 		$('#newuser').get(0).reset();
 		$.post(
-			OC.filePath('settings', 'ajax', 'createuser.php'),
+			OC.generateUrl('/settings/users/users'),
 			{
 				username: username,
 				password: password,
 				groups: groups
 			},
 			function (result) {
-				if (result.status !== 'success') {
-					OC.dialogs.alert(result.data.message,
-						t('settings', 'Error creating user'));
-				} else {
-					if (result.data.groups) {
-						var addedGroups = result.data.groups;
-						for (var i in result.data.groups) {
-							var gid = result.data.groups[i];
-							if(UserList.availableGroups.indexOf(gid) === -1) {
-								UserList.availableGroups.push(gid);
-							}
-							$li = GroupList.getGroupLI(gid);
-							userCount = GroupList.getUserCount($li);
-							GroupList.setUserCount($li, userCount + 1);
+				if (result.groups) {
+					for (var i in result.groups) {
+						var gid = result.groups[i];
+						if(UserList.availableGroups.indexOf(gid) === -1) {
+							UserList.availableGroups.push(gid);
 						}
+						$li = GroupList.getGroupLI(gid);
+						userCount = GroupList.getUserCount($li);
+						GroupList.setUserCount($li, userCount + 1);
 					}
-					if (result.data.homeExists){
-						OC.Notification.hide();
-						OC.Notification.show(t('settings', 'Warning: Home directory for user "{user}" already exists', {user: result.data.username}));
-						if (UserList.notificationTimeout){
-							window.clearTimeout(UserList.notificationTimeout);
-						}
-						UserList.notificationTimeout = window.setTimeout(
-							function(){
-								OC.Notification.hide();
-								UserList.notificationTimeout = null;
-							}, 10000);
-					}
-					if(!UserList.has(username)) {
-						UserList.add(username, username, result.data.groups, null, 'default', result.data.storageLocation, 0, true);
+				}
+				if (result.homeExists){
+					OC.Notification.hide();
+					OC.Notification.show(t('settings', 'Warning: Home directory for user "{user}" already exists', {user: result.username}));
+					if (UserList.notificationTimeout){
+						window.clearTimeout(UserList.notificationTimeout);
 					}
-					$('#newusername').focus();
-					GroupList.incEveryoneCount();
+					UserList.notificationTimeout = window.setTimeout(
+						function(){
+							OC.Notification.hide();
+							UserList.notificationTimeout = null;
+						}, 10000);
 				}
-			}
-		);
+				if(!UserList.has(username)) {
+					UserList.add(username, username, result.groups, null, 'default', result.storageLocation, 0, true);
+				}
+				$('#newusername').focus();
+				GroupList.incEveryoneCount();
+			}).fail(function(result, textStatus, errorThrown) {
+				OC.dialogs.alert(result.responseJSON.message, t('settings', 'Error creating user'));
+			});
 	});
 
 	// Option to display/hide the "Storage location" column
diff --git a/settings/middleware/subadminmiddleware.php b/settings/middleware/subadminmiddleware.php
new file mode 100644
index 00000000000..a5c005e3148
--- /dev/null
+++ b/settings/middleware/subadminmiddleware.php
@@ -0,0 +1,65 @@
+<?php
+/**
+ * @author Lukas Reschke
+ * @copyright 2014 Lukas Reschke lukas@owncloud.com
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later.
+ * See the COPYING-README file.
+ */
+
+namespace OC\Settings\Middleware;
+
+use OC\AppFramework\Http;
+use OC\AppFramework\Utility\ControllerMethodReflector;
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\AppFramework\Middleware;
+
+/**
+ * Verifies whether an user has at least subadmin rights.
+ * To bypass use the `@NoSubadminRequired` annotation
+ *
+ * @package OC\Settings\Middleware
+ */
+class SubadminMiddleware extends Middleware {
+	/** @var bool */
+	protected $isSubAdmin;
+	/** @var ControllerMethodReflector */
+	protected $reflector;
+
+	/**
+	 * @param ControllerMethodReflector $reflector
+	 * @param bool $isSubAdmin
+	 */
+	public function __construct(ControllerMethodReflector $reflector,
+								$isSubAdmin) {
+		$this->reflector = $reflector;
+		$this->isSubAdmin = $isSubAdmin;
+	}
+
+	/**
+	 * Check if sharing is enabled before the controllers is executed
+	 * @param \OCP\AppFramework\Controller $controller
+	 * @param string $methodName
+	 * @throws \Exception
+	 */
+	public function beforeController($controller, $methodName) {
+		if(!$this->reflector->hasAnnotation('NoSubadminRequired')) {
+			if(!$this->isSubAdmin) {
+				throw new \Exception('Logged in user must be a subadmin');
+			}
+		}
+	}
+
+	/**
+	 * Return 403 page in case of an exception
+	 * @param \OCP\AppFramework\Controller $controller
+	 * @param string $methodName
+	 * @param \Exception $exception
+	 * @return TemplateResponse
+	 */
+	public function afterException($controller, $methodName, \Exception $exception) {
+		return new TemplateResponse('core', '403', array(), 'guest');
+	}
+
+}
diff --git a/settings/routes.php b/settings/routes.php
index 7ca33fc2745..1b7a918fa79 100644
--- a/settings/routes.php
+++ b/settings/routes.php
@@ -9,17 +9,22 @@
 namespace OC\Settings;
 
 $application = new Application();
-$application->registerRoutes($this, array('routes' =>array(
-	array('name' => 'MailSettings#setMailSettings', 'url' => '/settings/admin/mailsettings', 'verb' => 'POST'),
-	array('name' => 'MailSettings#storeCredentials', 'url' => '/settings/admin/mailsettings/credentials', 'verb' => 'POST'),
-	array('name' => 'MailSettings#sendTestMail', 'url' => '/settings/admin/mailtest', 'verb' => 'POST'),
-	array('name' => 'AppSettings#listCategories', 'url' => '/settings/apps/categories', 'verb' => 'GET'),
-	array('name' => 'AppSettings#listApps', 'url' => '/settings/apps/list', 'verb' => 'GET'),
-	array('name' => 'SecuritySettings#enforceSSL', 'url' => '/settings/admin/security/ssl', 'verb' => 'POST'),
-	array('name' => 'SecuritySettings#enforceSSLForSubdomains', 'url' => '/settings/admin/security/ssl/subdomains', 'verb' => 'POST'),
-	array('name' => 'SecuritySettings#trustedDomains', 'url' => '/settings/admin/security/trustedDomains', 'verb' => 'POST'),
-
-)));
+$application->registerRoutes($this, array(
+	'resources' => array(
+		'groups' => array('url' => '/settings/users/groups'),
+		'users' => array('url' => '/settings/users/users')
+	),
+	'routes' =>array(
+		array('name' => 'MailSettings#setMailSettings', 'url' => '/settings/admin/mailsettings', 'verb' => 'POST'),
+		array('name' => 'MailSettings#storeCredentials', 'url' => '/settings/admin/mailsettings/credentials', 'verb' => 'POST'),
+		array('name' => 'MailSettings#sendTestMail', 'url' => '/settings/admin/mailtest', 'verb' => 'POST'),
+		array('name' => 'AppSettings#listCategories', 'url' => '/settings/apps/categories', 'verb' => 'GET'),
+		array('name' => 'AppSettings#listApps', 'url' => '/settings/apps/list', 'verb' => 'GET'),
+		array('name' => 'SecuritySettings#enforceSSL', 'url' => '/settings/admin/security/ssl', 'verb' => 'POST'),
+		array('name' => 'SecuritySettings#enforceSSLForSubdomains', 'url' => '/settings/admin/security/ssl/subdomains', 'verb' => 'POST'),
+		array('name' => 'SecuritySettings#trustedDomains', 'url' => '/settings/admin/security/trustedDomains', 'verb' => 'POST'),
+	)
+));
 
 /** @var $this \OCP\Route\IRouter */
 
@@ -38,26 +43,14 @@ $this->create('settings_admin', '/settings/admin')
 	->actionInclude('settings/admin.php');
 // Settings ajax actions
 // users
-$this->create('settings_ajax_userlist', '/settings/ajax/userlist')
-	->actionInclude('settings/ajax/userlist.php');
-$this->create('settings_ajax_grouplist', '/settings/ajax/grouplist')
-	->actionInclude('settings/ajax/grouplist.php');
 $this->create('settings_ajax_everyonecount', '/settings/ajax/geteveryonecount')
 	->actionInclude('settings/ajax/geteveryonecount.php');
-$this->create('settings_ajax_createuser', '/settings/ajax/createuser.php')
-	->actionInclude('settings/ajax/createuser.php');
-$this->create('settings_ajax_removeuser', '/settings/ajax/removeuser.php')
-	->actionInclude('settings/ajax/removeuser.php');
 $this->create('settings_ajax_setquota', '/settings/ajax/setquota.php')
 	->actionInclude('settings/ajax/setquota.php');
-$this->create('settings_ajax_creategroup', '/settings/ajax/creategroup.php')
-	->actionInclude('settings/ajax/creategroup.php');
 $this->create('settings_ajax_togglegroups', '/settings/ajax/togglegroups.php')
 	->actionInclude('settings/ajax/togglegroups.php');
 $this->create('settings_ajax_togglesubadmins', '/settings/ajax/togglesubadmins.php')
 	->actionInclude('settings/ajax/togglesubadmins.php');
-$this->create('settings_ajax_removegroup', '/settings/ajax/removegroup.php')
-	->actionInclude('settings/ajax/removegroup.php');
 $this->create('settings_users_changepassword', '/settings/users/changepassword')
 	->post()
 	->action('OC\Settings\ChangePassword\Controller', 'changeUserPassword');
diff --git a/settings/tests/js/users/deleteHandlerSpec.js b/settings/tests/js/users/deleteHandlerSpec.js
index 6b6328be801..c6d88b32411 100644
--- a/settings/tests/js/users/deleteHandlerSpec.js
+++ b/settings/tests/js/users/deleteHandlerSpec.js
@@ -85,7 +85,7 @@ describe('DeleteHandler tests', function() {
 		// previous one was delete
 		expect(fakeServer.requests.length).toEqual(1);
 		var	request = fakeServer.requests[0];
-		expect(request.url).toEqual(OC.webroot + '/index.php/settings/ajax/dummyendpoint.php');
+		expect(request.url).toEqual(OC.webroot + '/index.php/dummyendpoint.php/some_uid');
 	});
 	it('automatically deletes after timeout', function() {
 		var handler = init(markCallback, removeCallback, undoCallback);
@@ -98,7 +98,7 @@ describe('DeleteHandler tests', function() {
 		clock.tick(3000);
 		expect(fakeServer.requests.length).toEqual(1);
 		var	request = fakeServer.requests[0];
-		expect(request.url).toEqual(OC.webroot + '/index.php/settings/ajax/dummyendpoint.php');
+		expect(request.url).toEqual(OC.webroot + '/index.php/dummyendpoint.php/some_uid');
 	});
 	it('deletes when deleteEntry is called', function() {
 		var handler = init(markCallback, removeCallback, undoCallback);
@@ -107,7 +107,7 @@ describe('DeleteHandler tests', function() {
 		handler.deleteEntry();
 		expect(fakeServer.requests.length).toEqual(1);
 		var	request = fakeServer.requests[0];
-		expect(request.url).toEqual(OC.webroot + '/index.php/settings/ajax/dummyendpoint.php');
+		expect(request.url).toEqual(OC.webroot + '/index.php/dummyendpoint.php/some_uid');
 	});
 	it('cancels deletion when undo is clicked', function() {
 		var handler = init(markCallback, removeCallback, undoCallback);
@@ -135,7 +135,7 @@ describe('DeleteHandler tests', function() {
 		expect(fakeServer.requests.length).toEqual(0);
 	});
 	it('calls removeCallback after successful server side deletion', function() {
-		fakeServer.respondWith(/\/index\.php\/settings\/ajax\/dummyendpoint.php/, [
+		fakeServer.respondWith(/\/index\.php\/dummyendpoint.php\/some_uid/, [
 			200,
 			{ 'Content-Type': 'application/json' },
 			JSON.stringify({status: 'success'})
@@ -148,7 +148,6 @@ describe('DeleteHandler tests', function() {
 		expect(fakeServer.requests.length).toEqual(1);
 		var request = fakeServer.requests[0];
 		var query = OC.parseQueryString(request.requestBody);
-		expect(query.paramid).toEqual('some_uid');
 
 		expect(removeCallback.calledOnce).toEqual(true);
 		expect(undoCallback.notCalled).toEqual(true);
@@ -157,7 +156,7 @@ describe('DeleteHandler tests', function() {
 	it('calls undoCallback and shows alert after failed server side deletion', function() {
 		// stub t to avoid extra calls
 		var tStub = sinon.stub(window, 't').returns('text');
-		fakeServer.respondWith(/\/index\.php\/settings\/ajax\/dummyendpoint.php/, [
+		fakeServer.respondWith(/\/index\.php\/dummyendpoint.php\/some_uid/, [
 			200,
 			{ 'Content-Type': 'application/json' },
 			JSON.stringify({status: 'error', data: {message: 'test error'}})
@@ -171,7 +170,6 @@ describe('DeleteHandler tests', function() {
 		expect(fakeServer.requests.length).toEqual(1);
 		var request = fakeServer.requests[0];
 		var query = OC.parseQueryString(request.requestBody);
-		expect(query.paramid).toEqual('some_uid');
 
 		expect(removeCallback.notCalled).toEqual(true);
 		expect(undoCallback.calledOnce).toEqual(true);