summaryrefslogtreecommitdiffstats
path: root/apps/provisioning_api/lib/users.php
diff options
context:
space:
mode:
Diffstat (limited to 'apps/provisioning_api/lib/users.php')
-rw-r--r--apps/provisioning_api/lib/users.php45
1 files changed, 38 insertions, 7 deletions
diff --git a/apps/provisioning_api/lib/users.php b/apps/provisioning_api/lib/users.php
index 304fe901cfd..a2568425d0f 100644
--- a/apps/provisioning_api/lib/users.php
+++ b/apps/provisioning_api/lib/users.php
@@ -117,19 +117,50 @@ class Users {
public function addUser() {
$userId = isset($_POST['userid']) ? $_POST['userid'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
+ $groups = isset($_POST['groups']) ? $_POST['groups'] : null;
+ $user = $this->userSession->getUser();
+ $isAdmin = $this->groupManager->isAdmin($user->getUID());
+ $subAdminManager = $this->groupManager->getSubAdmin();
+
+ if (!$isAdmin && !$subAdminManager->isSubAdmin($user)) {
+ return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
+ }
+
if($this->userManager->userExists($userId)) {
$this->logger->error('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']);
return new OC_OCS_Result(null, 102, 'User already exists');
+ }
+
+ if(is_array($groups)) {
+ foreach ($groups as $group) {
+ if(!$this->groupManager->groupExists($group)){
+ return new OC_OCS_Result(null, 104, 'group '.$group.' does not exist');
+ }
+ if(!$isAdmin && !$subAdminManager->isSubAdminofGroup($user, $this->groupManager->get($group))) {
+ return new OC_OCS_Result(null, 105, 'insufficient privileges for group '. $group);
+ }
+ }
} else {
- try {
- $this->userManager->createUser($userId, $password);
- $this->logger->info('Successful addUser call with userid: '.$_POST['userid'], ['app' => 'ocs_api']);
- return new OC_OCS_Result(null, 100);
- } catch (\Exception $e) {
- $this->logger->error('Failed addUser attempt with exception: '.$e->getMessage(), ['app' => 'ocs_api']);
- return new OC_OCS_Result(null, 101, 'Bad request');
+ if(!$isAdmin) {
+ return new OC_OCS_Result(null, 106, 'no group specified (required for subadmins)');
}
}
+
+ try {
+ $newUser = $this->userManager->createUser($userId, $password);
+ $this->logger->info('Successful addUser call with userid: '.$userId, ['app' => 'ocs_api']);
+
+ if (is_array($groups)) {
+ foreach ($groups as $group) {
+ $this->groupManager->get($group)->addUser($newUser);
+ $this->logger->info('Added userid '.$userId.' to group '.$group, ['app' => 'ocs_api']);
+ }
+ }
+ return new OC_OCS_Result(null, 100);
+ } catch (\Exception $e) {
+ $this->logger->error('Failed addUser attempt with exception: '.$e->getMessage(), ['app' => 'ocs_api']);
+ return new OC_OCS_Result(null, 101, 'Bad request');
+ }
}
/**
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 13:19:09 +0000