diff options
Diffstat (limited to 'lib/private/Collaboration/Collaborators/UserPlugin.php')
| -rw-r--r-- | lib/private/Collaboration/Collaborators/UserPlugin.php | 131 |
1 files changed, 48 insertions, 83 deletions
diff --git a/lib/private/Collaboration/Collaborators/UserPlugin.php b/lib/private/Collaboration/Collaborators/UserPlugin.php index af4d8b2ccca..671181aea35 100644 --- a/lib/private/Collaboration/Collaborators/UserPlugin.php +++ b/lib/private/Collaboration/Collaborators/UserPlugin.php @@ -1,33 +1,8 @@ <?php + /** - * @copyright Copyright (c) 2017 Arthur Schiwon <blizzz@arthur-schiwon.de> - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Georg Ehrke <oc.list@georgehrke.com> - * @author Joas Schilling <coding@schilljs.com> - * @author John Molakvoæ <skjnldsv@protonmail.com> - * @author Julius Härtl <jus@bitgrid.net> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Robin Appelman <robin@icewind.nl> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Thomas Citharel <nextcloud@tcit.fr> - * - * @license GNU AGPL version 3 or any later version - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see <http://www.gnu.org/licenses/>. - * + * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OC\Collaboration\Collaborators; @@ -44,70 +19,62 @@ use OCP\Share\IShare; use OCP\UserStatus\IManager as IUserStatusManager; class UserPlugin implements ISearchPlugin { - /* @var bool */ - protected $shareWithGroupOnly; - /* @var bool */ - protected $shareeEnumeration; - /* @var bool */ - protected $shareeEnumerationInGroupOnly; - /* @var bool */ - protected $shareeEnumerationPhone; - /* @var bool */ - protected $shareeEnumerationFullMatch; - /* @var bool */ - protected $shareeEnumerationFullMatchUserId; - /* @var bool */ - protected $shareeEnumerationFullMatchIgnoreSecondDisplayName; - - /** @var IConfig */ - private $config; - /** @var IGroupManager */ - private $groupManager; - /** @var IUserSession */ - private $userSession; - /** @var IUserManager */ - private $userManager; - /** @var KnownUserService */ - private $knownUserService; - /** @var IUserStatusManager */ - private $userStatusManager; - - public function __construct(IConfig $config, - IUserManager $userManager, - IGroupManager $groupManager, - IUserSession $userSession, - KnownUserService $knownUserService, - IUserStatusManager $userStatusManager) { - $this->config = $config; - - $this->groupManager = $groupManager; - $this->userSession = $userSession; - $this->userManager = $userManager; - $this->knownUserService = $knownUserService; - $this->userStatusManager = $userStatusManager; + protected bool $shareWithGroupOnly; + + protected bool $shareeEnumeration; + + protected bool $shareeEnumerationInGroupOnly; + + protected bool $shareeEnumerationPhone; + + protected bool $shareeEnumerationFullMatch; + + protected bool $shareeEnumerationFullMatchUserId; + + protected bool $shareeEnumerationFullMatchEmail; + protected bool $shareeEnumerationFullMatchIgnoreSecondDisplayName; + + public function __construct( + private IConfig $config, + private IUserManager $userManager, + private IGroupManager $groupManager, + private IUserSession $userSession, + private KnownUserService $knownUserService, + private IUserStatusManager $userStatusManager, + private mixed $shareWithGroupOnlyExcludeGroupsList = [], + ) { $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; $this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; $this->shareeEnumerationPhone = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; $this->shareeEnumerationFullMatch = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match', 'yes') === 'yes'; $this->shareeEnumerationFullMatchUserId = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_userid', 'yes') === 'yes'; - $this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_display_name', 'no') === 'yes'; + $this->shareeEnumerationFullMatchEmail = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_email', 'yes') === 'yes'; + $this->shareeEnumerationFullMatchIgnoreSecondDisplayName = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_full_match_ignore_second_dn', 'no') === 'yes'; + + if ($this->shareWithGroupOnly) { + $this->shareWithGroupOnlyExcludeGroupsList = json_decode($this->config->getAppValue('core', 'shareapi_only_share_with_group_members_exclude_group_list', ''), true) ?? []; + } } - public function search($search, $limit, $offset, ISearchResult $searchResult) { + public function search($search, $limit, $offset, ISearchResult $searchResult): bool { $result = ['wide' => [], 'exact' => []]; $users = []; $hasMoreResults = false; $currentUserId = $this->userSession->getUser()->getUID(); $currentUserGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser()); + + // ShareWithGroupOnly filtering + $currentUserGroups = array_diff($currentUserGroups, $this->shareWithGroupOnlyExcludeGroupsList); + if ($this->shareWithGroupOnly || $this->shareeEnumerationInGroupOnly) { // Search in all the groups this user is part of foreach ($currentUserGroups as $userGroupId) { $usersInGroup = $this->groupManager->displayNamesInGroup($userGroupId, $search, $limit, $offset); foreach ($usersInGroup as $userId => $displayName) { - $userId = (string) $userId; + $userId = (string)$userId; $user = $this->userManager->get($userId); if (!$user->isEnabled()) { // Ignore disabled users @@ -164,7 +131,7 @@ class UserPlugin implements ISearchPlugin { foreach ($users as $uid => $user) { $userDisplayName = $user->getDisplayName(); $userEmail = $user->getSystemEMailAddress(); - $uid = (string) $uid; + $uid = (string)$uid; $status = []; if (array_key_exists($uid, $userStatuses)) { @@ -181,11 +148,11 @@ class UserPlugin implements ISearchPlugin { if ( - $this->shareeEnumerationFullMatch && - $lowerSearch !== '' && (strtolower($uid) === $lowerSearch || - strtolower($userDisplayName) === $lowerSearch || - ($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch) || - strtolower($userEmail ?? '') === $lowerSearch) + $this->shareeEnumerationFullMatch + && $lowerSearch !== '' && (strtolower($uid) === $lowerSearch + || strtolower($userDisplayName) === $lowerSearch + || ($this->shareeEnumerationFullMatchIgnoreSecondDisplayName && trim(strtolower(preg_replace('/ \(.*\)$/', '', $userDisplayName))) === $lowerSearch) + || ($this->shareeEnumerationFullMatchEmail && strtolower($userEmail ?? '') === $lowerSearch)) ) { if (strtolower($uid) === $lowerSearch) { $foundUserById = true; @@ -203,8 +170,8 @@ class UserPlugin implements ISearchPlugin { ]; } else { $addToWideResults = false; - if ($this->shareeEnumeration && - !($this->shareeEnumerationInGroupOnly || $this->shareeEnumerationPhone)) { + if ($this->shareeEnumeration + && !($this->shareeEnumerationInGroupOnly || $this->shareeEnumerationPhone)) { $addToWideResults = true; } @@ -279,8 +246,6 @@ class UserPlugin implements ISearchPlugin { } } - - $type = new SearchResultType('users'); $searchResult->addResultSet($type, $result['wide'], $result['exact']); if (count($result['exact'])) { @@ -290,7 +255,7 @@ class UserPlugin implements ISearchPlugin { return $hasMoreResults; } - public function takeOutCurrentUser(array &$users) { + public function takeOutCurrentUser(array &$users): void { $currentUser = $this->userSession->getUser(); if (!is_null($currentUser)) { if (isset($users[$currentUser->getUID()])) { |