diff options
Diffstat (limited to 'apps/provisioning_api/lib/Controller/UsersController.php')
| -rw-r--r-- | apps/provisioning_api/lib/Controller/UsersController.php | 254 |
1 files changed, 87 insertions, 167 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index e3b7840cd3b..420c09dfecb 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -12,6 +12,7 @@ declare(strict_types=1); * @author Roeland Jago Douma <roeland@famdouma.nl> * @author Thomas Müller <thomas.mueller@tmit.eu> * @author Tom Needham <tom@owncloud.com> + * @author John Molakvoæ <skjnldsv@protonmail.com> * * @license AGPL-3.0 * @@ -34,14 +35,11 @@ namespace OCA\Provisioning_API\Controller; use OC\Accounts\AccountManager; use OC\HintException; use OC\Settings\Mailer\NewUserMailHelper; -use OC_Helper; use OCA\Provisioning_API\FederatedFileSharingFactory; use OCP\App\IAppManager; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSException; use OCP\AppFramework\OCS\OCSForbiddenException; -use OCP\AppFramework\OCSController; -use OCP\Files\NotFoundException; use OCP\IConfig; use OCP\IGroup; use OCP\IGroupManager; @@ -52,20 +50,10 @@ use OCP\IUserSession; use OCP\L10N\IFactory; use OCP\Security\ISecureRandom; -class UsersController extends OCSController { +class UsersController extends AUserData { - /** @var IUserManager */ - private $userManager; - /** @var IConfig */ - private $config; /** @var IAppManager */ private $appManager; - /** @var IGroupManager|\OC\Group\Manager */ // FIXME Requires a method that is not on the interface - private $groupManager; - /** @var IUserSession */ - private $userSession; - /** @var AccountManager */ - private $accountManager; /** @var ILogger */ private $logger; /** @var IFactory */ @@ -105,14 +93,15 @@ class UsersController extends OCSController { NewUserMailHelper $newUserMailHelper, FederatedFileSharingFactory $federatedFileSharingFactory, ISecureRandom $secureRandom) { - parent::__construct($appName, $request); + parent::__construct($appName, + $request, + $userManager, + $config, + $groupManager, + $userSession, + $accountManager); - $this->userManager = $userManager; - $this->config = $config; $this->appManager = $appManager; - $this->groupManager = $groupManager; - $this->userSession = $userSession; - $this->accountManager = $accountManager; $this->logger = $logger; $this->l10nFactory = $l10nFactory; $this->newUserMailHelper = $newUserMailHelper; @@ -137,7 +126,7 @@ class UsersController extends OCSController { // Admin? Or SubAdmin? $uid = $user->getUID(); $subAdminManager = $this->groupManager->getSubAdmin(); - if($this->groupManager->isAdmin($uid)){ + if ($this->groupManager->isAdmin($uid)){ $users = $this->userManager->search($search, $limit, $offset); } else if ($subAdminManager->isSubAdmin($user)) { $subAdminOfGroups = $subAdminManager->getSubAdminsGroups($user); @@ -170,7 +159,7 @@ class UsersController extends OCSController { // Admin? Or SubAdmin? $uid = $user->getUID(); $subAdminManager = $this->groupManager->getSubAdmin(); - if($this->groupManager->isAdmin($uid)){ + if ($this->groupManager->isAdmin($uid)){ $users = $this->userManager->search($search, $limit, $offset); } else if ($subAdminManager->isSubAdmin($user)) { $subAdminOfGroups = $subAdminManager->getSubAdminsGroups($user); @@ -189,7 +178,7 @@ class UsersController extends OCSController { foreach ($users as $key => $userId) { $userData = $this->getUserData($userId); // Do not insert empty entry - if(!empty($userData)) { + if (!empty($userData)) { $usersDetails[$userId] = $userData; } } @@ -207,34 +196,61 @@ class UsersController extends OCSController { * @param string $password * @param string $email * @param array $groups + * @param array $subadmins + * @param string $quota * @return DataResponse * @throws OCSException */ - public function addUser(string $userid, string $password = '', string $email='', array $groups = []): DataResponse { + public function addUser(string $userid, + string $password = '', + string $email = '', + array $groups = [], + array $subadmin = [], + string $quota = ''): DataResponse { $user = $this->userSession->getUser(); $isAdmin = $this->groupManager->isAdmin($user->getUID()); $subAdminManager = $this->groupManager->getSubAdmin(); - if($this->userManager->userExists($userid)) { + if ($this->userManager->userExists($userid)) { $this->logger->error('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']); throw new OCSException('User already exists', 102); } - if($groups !== []) { + if ($groups !== []) { foreach ($groups as $group) { - if(!$this->groupManager->groupExists($group)) { + if (!$this->groupManager->groupExists($group)) { throw new OCSException('group '.$group.' does not exist', 104); } - if(!$isAdmin && !$subAdminManager->isSubAdminofGroup($user, $this->groupManager->get($group))) { + if (!$isAdmin && !$subAdminManager->isSubAdminOfGroup($user, $this->groupManager->get($group))) { throw new OCSException('insufficient privileges for group '. $group, 105); } } } else { - if(!$isAdmin) { + if (!$isAdmin) { throw new OCSException('no group specified (required for subadmins)', 106); } } + $subadminGroups = []; + if ($subadmin !== []) { + foreach ($subadmin as $groupid) { + $group = $this->groupManager->get($groupid); + // Check if group exists + if ($group === null) { + throw new OCSException('Subadmin group does not exist', 102); + } + // Check if trying to make subadmin of admin group + if ($group->getGID() === 'admin') { + throw new OCSException('Cannot create subadmins for admin group', 103); + } + // Check if has permission to promote subadmins + if (!$subAdminManager->isSubAdminOfGroup($user, $group) && !$isAdmin) { + throw new OCSForbiddenException('No permissions to promote subadmins'); + } + $subadminGroups[] = $group; + } + } + $generatePasswordResetToken = false; if ($password === '') { if ($email === '') { @@ -255,6 +271,13 @@ class UsersController extends OCSController { $this->groupManager->get($group)->addUser($newUser); $this->logger->info('Added userid ' . $userid . ' to group ' . $group, ['app' => 'ocs_api']); } + foreach ($subadminGroups as $group) { + $subAdminManager->createSubAdmin($newUser, $group); + } + + if ($quota !== '') { + $this->editUser($userid, 'quota', $quota); + } // Send new user mail only if a mail is set if ($email !== '') { @@ -304,7 +327,7 @@ class UsersController extends OCSController { public function getUser(string $userId): DataResponse { $data = $this->getUserData($userId); // getUserData returns empty array if not enough permissions - if(empty($data)) { + if (empty($data)) { throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED); } return new DataResponse($data); @@ -335,62 +358,6 @@ class UsersController extends OCSController { } /** - * creates a array with all user data - * - * @param $userId - * @return array - * @throws OCSException - */ - protected function getUserData(string $userId): array { - $currentLoggedInUser = $this->userSession->getUser(); - - $data = []; - - // Check if the target user exists - $targetUserObject = $this->userManager->get($userId); - if($targetUserObject === null) { - throw new OCSException('The requested user could not be found', \OCP\API::RESPOND_NOT_FOUND); - } - - // Should be at least Admin Or SubAdmin! - if( $this->groupManager->isAdmin($currentLoggedInUser->getUID()) - || $this->groupManager->getSubAdmin()->isUserAccessible($currentLoggedInUser, $targetUserObject)) { - $data['enabled'] = $this->config->getUserValue($targetUserObject->getUID(), 'core', 'enabled', 'true'); - } else { - // Check they are looking up themselves - if($currentLoggedInUser->getUID() !== $targetUserObject->getUID()) { - return $data; - } - } - - // Get groups data - $userAccount = $this->accountManager->getUser($targetUserObject); - $groups = $this->groupManager->getUserGroups($targetUserObject); - $gids = []; - foreach ($groups as $group) { - $gids[] = $group->getDisplayName(); - } - - // Find the data - $data['id'] = $targetUserObject->getUID(); - $data['storageLocation'] = $targetUserObject->getHome(); - $data['lastLogin'] = $targetUserObject->getLastLogin() * 1000; - $data['backend'] = $targetUserObject->getBackendClassName(); - $data['subadmin'] = $this->getUserSubAdminGroupsData($targetUserObject->getUID()); - $data['quota'] = $this->fillStorageInfo($targetUserObject->getUID()); - $data[AccountManager::PROPERTY_EMAIL] = $targetUserObject->getEMailAddress(); - $data[AccountManager::PROPERTY_DISPLAYNAME] = $targetUserObject->getDisplayName(); - $data[AccountManager::PROPERTY_PHONE] = $userAccount[AccountManager::PROPERTY_PHONE]['value']; - $data[AccountManager::PROPERTY_ADDRESS] = $userAccount[AccountManager::PROPERTY_ADDRESS]['value']; - $data[AccountManager::PROPERTY_WEBSITE] = $userAccount[AccountManager::PROPERTY_WEBSITE]['value']; - $data[AccountManager::PROPERTY_TWITTER] = $userAccount[AccountManager::PROPERTY_TWITTER]['value']; - $data['groups'] = $gids; - $data['language'] = $this->config->getUserValue($targetUserObject->getUID(), 'core', 'lang'); - - return $data; - } - - /** * @NoAdminRequired * @NoSubAdminRequired */ @@ -434,12 +401,12 @@ class UsersController extends OCSController { $currentLoggedInUser = $this->userSession->getUser(); $targetUser = $this->userManager->get($userId); - if($targetUser === null) { + if ($targetUser === null) { throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED); } $permittedFields = []; - if($targetUser->getUID() === $currentLoggedInUser->getUID()) { + if ($targetUser->getUID() === $currentLoggedInUser->getUID()) { // Editing self (display, email) if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) { $permittedFields[] = 'display'; @@ -465,13 +432,13 @@ class UsersController extends OCSController { } // If admin they can edit their own quota - if($this->groupManager->isAdmin($currentLoggedInUser->getUID())) { + if ($this->groupManager->isAdmin($currentLoggedInUser->getUID())) { $permittedFields[] = 'quota'; } } else { // Check if admin / subadmin $subAdminManager = $this->groupManager->getSubAdmin(); - if($subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser) + if ($subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser) || $this->groupManager->isAdmin($currentLoggedInUser->getUID())) { // They have permissions over the user $permittedFields[] = 'display'; @@ -490,7 +457,7 @@ class UsersController extends OCSController { } } // Check if permitted to edit this field - if(!in_array($key, $permittedFields)) { + if (!in_array($key, $permittedFields)) { throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED); } // Process the edit @@ -501,7 +468,7 @@ class UsersController extends OCSController { break; case 'quota': $quota = $value; - if($quota !== 'none' && $quota !== 'default') { + if ($quota !== 'none' && $quota !== 'default') { if (is_numeric($quota)) { $quota = (float) $quota; } else { @@ -510,9 +477,9 @@ class UsersController extends OCSController { if ($quota === false) { throw new OCSException('Invalid quota value '.$value, 103); } - if($quota === 0) { + if ($quota === 0) { $quota = 'default'; - }else if($quota === -1) { + }else if ($quota === -1) { $quota = 'none'; } else { $quota = \OCP\Util::humanFileSize($quota); @@ -531,7 +498,7 @@ class UsersController extends OCSController { $this->config->setUserValue($targetUser->getUID(), 'core', 'lang', $value); break; case AccountManager::PROPERTY_EMAIL: - if(filter_var($value, FILTER_VALIDATE_EMAIL) || $value === '') { + if (filter_var($value, FILTER_VALIDATE_EMAIL) || $value === '') { $targetUser->setEMailAddress($value); } else { throw new OCSException('', 102); @@ -566,18 +533,18 @@ class UsersController extends OCSController { $targetUser = $this->userManager->get($userId); - if($targetUser === null || $targetUser->getUID() === $currentLoggedInUser->getUID()) { + if ($targetUser === null || $targetUser->getUID() === $currentLoggedInUser->getUID()) { throw new OCSException('', 101); } // If not permitted $subAdminManager = $this->groupManager->getSubAdmin(); - if(!$this->groupManager->isAdmin($currentLoggedInUser->getUID()) && !$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) { + if (!$this->groupManager->isAdmin($currentLoggedInUser->getUID()) && !$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) { throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED); } // Go ahead with the delete - if($targetUser->delete()) { + if ($targetUser->delete()) { return new DataResponse(); } else { throw new OCSException('', 101); @@ -620,13 +587,13 @@ class UsersController extends OCSController { $currentLoggedInUser = $this->userSession->getUser(); $targetUser = $this->userManager->get($userId); - if($targetUser === null || $targetUser->getUID() === $currentLoggedInUser->getUID()) { + if ($targetUser === null || $targetUser->getUID() === $currentLoggedInUser->getUID()) { throw new OCSException('', 101); } // If not permitted $subAdminManager = $this->groupManager->getSubAdmin(); - if(!$this->groupManager->isAdmin($currentLoggedInUser->getUID()) && !$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) { + if (!$this->groupManager->isAdmin($currentLoggedInUser->getUID()) && !$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) { throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED); } @@ -647,11 +614,11 @@ class UsersController extends OCSController { $loggedInUser = $this->userSession->getUser(); $targetUser = $this->userManager->get($userId); - if($targetUser === null) { + if ($targetUser === null) { throw new OCSException('', \OCP\API::RESPOND_NOT_FOUND); } - if($targetUser->getUID() === $loggedInUser->getUID() || $this->groupManager->isAdmin($loggedInUser->getUID())) { + if ($targetUser->getUID() === $loggedInUser->getUID() || $this->groupManager->isAdmin($loggedInUser->getUID())) { // Self lookup or admin lookup return new DataResponse([ 'groups' => $this->groupManager->getUserGroupIds($targetUser) @@ -660,7 +627,7 @@ class UsersController extends OCSController { $subAdminManager = $this->groupManager->getSubAdmin(); // Looking up someone else - if($subAdminManager->isUserAccessible($loggedInUser, $targetUser)) { + if ($subAdminManager->isUserAccessible($loggedInUser, $targetUser)) { // Return the group that the method caller is subadmin of for the user in question /** @var IGroup[] $getSubAdminsGroups */ $getSubAdminsGroups = $subAdminManager->getSubAdminsGroups($loggedInUser); @@ -690,16 +657,16 @@ class UsersController extends OCSController { * @throws OCSException */ public function addToGroup(string $userId, string $groupid = ''): DataResponse { - if($groupid === '') { + if ($groupid === '') { throw new OCSException('', 101); } $group = $this->groupManager->get($groupid); $targetUser = $this->userManager->get($userId); - if($group === null) { + if ($group === null) { throw new OCSException('', 102); } - if($targetUser === null) { + if ($targetUser === null) { throw new OCSException('', 103); } @@ -727,17 +694,17 @@ class UsersController extends OCSController { public function removeFromGroup(string $userId, string $groupid): DataResponse { $loggedInUser = $this->userSession->getUser(); - if($groupid === null || trim($groupid) === '') { + if ($groupid === null || trim($groupid) === '') { throw new OCSException('', 101); } $group = $this->groupManager->get($groupid); - if($group === null) { + if ($group === null) { throw new OCSException('', 102); } $targetUser = $this->userManager->get($userId); - if($targetUser === null) { + if ($targetUser === null) { throw new OCSException('', 103); } @@ -793,26 +760,26 @@ class UsersController extends OCSController { $user = $this->userManager->get($userId); // Check if the user exists - if($user === null) { + if ($user === null) { throw new OCSException('User does not exist', 101); } // Check if group exists - if($group === null) { + if ($group === null) { throw new OCSException('Group does not exist', 102); } // Check if trying to make subadmin of admin group - if($group->getGID() === 'admin') { + if ($group->getGID() === 'admin') { throw new OCSException('Cannot create subadmins for admin group', 103); } $subAdminManager = $this->groupManager->getSubAdmin(); // We cannot be subadmin twice - if ($subAdminManager->isSubAdminofGroup($user, $group)) { + if ($subAdminManager->isSubAdminOfGroup($user, $group)) { return new DataResponse(); } // Go - if($subAdminManager->createSubAdmin($user, $group)) { + if ($subAdminManager->createSubAdmin($user, $group)) { return new DataResponse(); } else { throw new OCSException('Unknown error occurred', 103); @@ -835,20 +802,20 @@ class UsersController extends OCSController { $subAdminManager = $this->groupManager->getSubAdmin(); // Check if the user exists - if($user === null) { + if ($user === null) { throw new OCSException('User does not exist', 101); } // Check if the group exists - if($group === null) { + if ($group === null) { throw new OCSException('Group does not exist', 101); } // Check if they are a subadmin of this said group - if(!$subAdminManager->isSubAdminOfGroup($user, $group)) { + if (!$subAdminManager->isSubAdminOfGroup($user, $group)) { throw new OCSException('User is not a subadmin of this group', 102); } // Go - if($subAdminManager->deleteSubAdmin($user, $group)) { + if ($subAdminManager->deleteSubAdmin($user, $group)) { return new DataResponse(); } else { throw new OCSException('Unknown error occurred', 103); @@ -859,30 +826,6 @@ class UsersController extends OCSController { * Get the groups a user is a subadmin of * * @param string $userId - * @return array - * @throws OCSException - */ - protected function getUserSubAdminGroupsData(string $userId): array { - $user = $this->userManager->get($userId); - // Check if the user exists - if($user === null) { - throw new OCSException('User does not exist', 101); - } - - // Get the subadmin groups - $subAdminGroups = $this->groupManager->getSubAdmin()->getSubAdminsGroups($user); - $groups = []; - foreach ($subAdminGroups as $key => $group) { - $groups[] = $group->getGID(); - } - - return $groups; - } - - /** - * Get the groups a user is a subadmin of - * - * @param string $userId * @return DataResponse * @throws OCSException */ @@ -892,29 +835,6 @@ class UsersController extends OCSController { } /** - * @param string $userId - * @return array - * @throws \OCP\Files\NotFoundException - */ - protected function fillStorageInfo(string $userId): array { - try { - \OC_Util::tearDownFS(); - \OC_Util::setupFS($userId); - $storage = OC_Helper::getStorageInfo('/'); - $data = [ - 'free' => $storage['free'], - 'used' => $storage['used'], - 'total' => $storage['total'], - 'relative' => $storage['relative'], - 'quota' => $storage['quota'], - ]; - } catch (NotFoundException $ex) { - $data = []; - } - return $data; - } - - /** * @NoAdminRequired * @PasswordConfirmationRequired * @@ -928,13 +848,13 @@ class UsersController extends OCSController { $currentLoggedInUser = $this->userSession->getUser(); $targetUser = $this->userManager->get($userId); - if($targetUser === null) { + if ($targetUser === null) { throw new OCSException('', \OCP\API::RESPOND_NOT_FOUND); } // Check if admin / subadmin $subAdminManager = $this->groupManager->getSubAdmin(); - if(!$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser) + if (!$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser) && !$this->groupManager->isAdmin($currentLoggedInUser->getUID())) { // No rights throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED); |