diff options
Diffstat (limited to 'lib/private/Group')
| -rw-r--r-- | lib/private/Group/Backend.php | 27 | ||||
| -rw-r--r-- | lib/private/Group/Database.php | 104 | ||||
| -rw-r--r-- | lib/private/Group/DisplayNameCache.php | 22 | ||||
| -rw-r--r-- | lib/private/Group/Group.php | 39 | ||||
| -rw-r--r-- | lib/private/Group/Manager.php | 99 | ||||
| -rw-r--r-- | lib/private/Group/MetaData.php | 57 |
6 files changed, 115 insertions, 233 deletions
diff --git a/lib/private/Group/Backend.php b/lib/private/Group/Backend.php index 1e3e5ef1164..f4a90018b5a 100644 --- a/lib/private/Group/Backend.php +++ b/lib/private/Group/Backend.php @@ -1,26 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Knut Ahlers <knut@ahlers.me> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Vincent Petry <vincent@nextcloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Group; @@ -88,7 +71,7 @@ abstract class Backend implements \OCP\GroupInterface { /** * Get all groups a user belongs to * @param string $uid Name of the user - * @return array an array of group names + * @return list<string> an array of group names * * This function fetches all groups a user belongs to. It does not check * if the user exists at all. diff --git a/lib/private/Group/Database.php b/lib/private/Group/Database.php index c4915eefeae..0cb571a3935 100644 --- a/lib/private/Group/Database.php +++ b/lib/private/Group/Database.php @@ -1,31 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Johannes Leuker <j.leuker@hosting.de> - * @author John Molakvoæ <skjnldsv@protonmail.com> - * @author Loki3000 <github@labcms.ru> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author tgrant <tom.grant760@gmail.com> - * @author Tom Grant <TomG736@users.noreply.github.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Group; @@ -37,7 +15,7 @@ use OCP\Group\Backend\IAddToGroupBackend; use OCP\Group\Backend\IBatchMethodsBackend; use OCP\Group\Backend\ICountDisabledInGroup; use OCP\Group\Backend\ICountUsersBackend; -use OCP\Group\Backend\ICreateGroupBackend; +use OCP\Group\Backend\ICreateNamedGroupBackend; use OCP\Group\Backend\IDeleteGroupBackend; use OCP\Group\Backend\IGetDisplayNameBackend; use OCP\Group\Backend\IGroupDetailsBackend; @@ -55,7 +33,7 @@ class Database extends ABackend implements IAddToGroupBackend, ICountDisabledInGroup, ICountUsersBackend, - ICreateGroupBackend, + ICreateNamedGroupBackend, IDeleteGroupBackend, IGetDisplayNameBackend, IGroupDetailsBackend, @@ -66,15 +44,15 @@ class Database extends ABackend implements INamedBackend { /** @var array<string, array{gid: string, displayname: string}> */ private $groupCache = []; - private ?IDBConnection $dbConn; /** * \OC\Group\Database constructor. * * @param IDBConnection|null $dbConn */ - public function __construct(?IDBConnection $dbConn = null) { - $this->dbConn = $dbConn; + public function __construct( + private ?IDBConnection $dbConn = null, + ) { } /** @@ -86,35 +64,28 @@ class Database extends ABackend implements } } - /** - * Try to create a new group - * @param string $gid The name of the group to create - * @return bool - * - * Tries to create a new group. If the group name already exists, false will - * be returned. - */ - public function createGroup(string $gid): bool { + public function createGroup(string $name): ?string { $this->fixDI(); + $gid = $this->computeGid($name); try { // Add group $builder = $this->dbConn->getQueryBuilder(); $result = $builder->insert('groups') ->setValue('gid', $builder->createNamedParameter($gid)) - ->setValue('displayname', $builder->createNamedParameter($gid)) + ->setValue('displayname', $builder->createNamedParameter($name)) ->execute(); } catch (UniqueConstraintViolationException $e) { - $result = 0; + return null; } // Add to cache $this->groupCache[$gid] = [ 'gid' => $gid, - 'displayname' => $gid + 'displayname' => $name ]; - return $result === 1; + return $gid; } /** @@ -131,19 +102,19 @@ class Database extends ABackend implements $qb = $this->dbConn->getQueryBuilder(); $qb->delete('groups') ->where($qb->expr()->eq('gid', $qb->createNamedParameter($gid))) - ->execute(); + ->executeStatement(); // Delete the group-user relation $qb = $this->dbConn->getQueryBuilder(); $qb->delete('group_user') ->where($qb->expr()->eq('gid', $qb->createNamedParameter($gid))) - ->execute(); + ->executeStatement(); // Delete the group-groupadmin relation $qb = $this->dbConn->getQueryBuilder(); $qb->delete('group_admin') ->where($qb->expr()->eq('gid', $qb->createNamedParameter($gid))) - ->execute(); + ->executeStatement(); // Delete from cache unset($this->groupCache[$gid]); @@ -168,7 +139,7 @@ class Database extends ABackend implements ->from('group_user') ->where($qb->expr()->eq('gid', $qb->createNamedParameter($gid))) ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) - ->execute(); + ->executeQuery(); $result = $cursor->fetch(); $cursor->closeCursor(); @@ -193,7 +164,7 @@ class Database extends ABackend implements $qb->insert('group_user') ->setValue('uid', $qb->createNamedParameter($uid)) ->setValue('gid', $qb->createNamedParameter($gid)) - ->execute(); + ->executeStatement(); return true; } else { return false; @@ -215,7 +186,7 @@ class Database extends ABackend implements $qb->delete('group_user') ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) ->andWhere($qb->expr()->eq('gid', $qb->createNamedParameter($gid))) - ->execute(); + ->executeStatement(); return true; } @@ -223,7 +194,7 @@ class Database extends ABackend implements /** * Get all groups a user belongs to * @param string $uid Name of the user - * @return array an array of group names + * @return list<string> an array of group names * * This function fetches all groups a user belongs to. It does not check * if the user exists at all. @@ -242,7 +213,7 @@ class Database extends ABackend implements ->from('group_user', 'gu') ->leftJoin('gu', 'groups', 'g', $qb->expr()->eq('gu.gid', 'g.gid')) ->where($qb->expr()->eq('uid', $qb->createNamedParameter($uid))) - ->execute(); + ->executeQuery(); $groups = []; while ($row = $cursor->fetch()) { @@ -289,7 +260,7 @@ class Database extends ABackend implements if ($offset > 0) { $query->setFirstResult($offset); } - $result = $query->execute(); + $result = $query->executeQuery(); $groups = []; while ($row = $result->fetch()) { @@ -321,7 +292,7 @@ class Database extends ABackend implements $cursor = $qb->select('gid', 'displayname') ->from('groups') ->where($qb->expr()->eq('gid', $qb->createNamedParameter($gid))) - ->execute(); + ->executeQuery(); $result = $cursor->fetch(); $cursor->closeCursor(); @@ -354,8 +325,8 @@ class Database extends ABackend implements $qb = $this->dbConn->getQueryBuilder(); $qb->select('gid', 'displayname') - ->from('groups') - ->where($qb->expr()->in('gid', $qb->createParameter('ids'))); + ->from('groups') + ->where($qb->expr()->in('gid', $qb->createParameter('ids'))); foreach (array_chunk($notFoundGids, 1000) as $chunk) { $qb->setParameter('ids', $chunk, IQueryBuilder::PARAM_STR_ARRAY); $result = $qb->executeQuery(); @@ -452,7 +423,7 @@ class Database extends ABackend implements ))); } - $result = $query->execute(); + $result = $query->executeQuery(); $count = $result->fetchOne(); $result->closeCursor(); @@ -484,7 +455,7 @@ class Database extends ABackend implements ->andWhere($query->expr()->eq('configvalue', $query->createNamedParameter('false'), IQueryBuilder::PARAM_STR)) ->andWhere($query->expr()->eq('gid', $query->createNamedParameter($gid), IQueryBuilder::PARAM_STR)); - $result = $query->execute(); + $result = $query->executeQuery(); $count = $result->fetchOne(); $result->closeCursor(); @@ -513,11 +484,11 @@ class Database extends ABackend implements ->from('groups') ->where($query->expr()->eq('gid', $query->createNamedParameter($gid))); - $result = $query->execute(); + $result = $query->executeQuery(); $displayName = $result->fetchOne(); $result->closeCursor(); - return (string) $displayName; + return (string)$displayName; } public function getGroupDetails(string $gid): array { @@ -536,6 +507,8 @@ class Database extends ABackend implements $notFoundGids = []; $details = []; + $this->fixDI(); + // In case the data is already locally accessible, not need to do SQL query // or do a SQL query but with a smaller in clause foreach ($gids as $gid) { @@ -582,7 +555,7 @@ class Database extends ABackend implements $query->update('groups') ->set('displayname', $query->createNamedParameter($displayName)) ->where($query->expr()->eq('gid', $query->createNamedParameter($gid))); - $query->execute(); + $query->executeStatement(); return true; } @@ -595,4 +568,13 @@ class Database extends ABackend implements public function getBackendName(): string { return 'Database'; } + + /** + * Compute group ID from display name (GIDs are limited to 64 characters in database) + */ + private function computeGid(string $displayName): string { + return mb_strlen($displayName) > 64 + ? hash('sha256', $displayName) + : $displayName; + } } diff --git a/lib/private/Group/DisplayNameCache.php b/lib/private/Group/DisplayNameCache.php index 28f9d817b0d..fef8d40a05f 100644 --- a/lib/private/Group/DisplayNameCache.php +++ b/lib/private/Group/DisplayNameCache.php @@ -1,28 +1,10 @@ <?php declare(strict_types=1); - /** - * @copyright 2022 Anna Larch <anna.larch@gmx.net> - * @author Anna Larch <anna.larch@gmx.net> - * - * @license AGPL-3.0-or-later - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later */ - - namespace OC\Group; use OCP\Cache\CappedMemoryCache; diff --git a/lib/private/Group/Group.php b/lib/private/Group/Group.php index d43a10b6a5c..6e42fad8b9f 100644 --- a/lib/private/Group/Group.php +++ b/lib/private/Group/Group.php @@ -1,34 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Bart Visscher <bartv@thisnet.nl> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author Johannes Leuker <j.leuker@hosting.de> - * @author John Molakvoæ <skjnldsv@protonmail.com> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Robin Appelman <robin@icewind.nl> - * @author Robin McCorkell <robin@mccorkell.me.uk> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Vincent Petry <vincent@nextcloud.com> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Group; @@ -55,7 +30,7 @@ use OCP\IUser; use OCP\IUserManager; class Group implements IGroup { - /** @var null|string */ + /** @var null|string */ protected $displayName; /** @var string */ @@ -71,7 +46,7 @@ class Group implements IGroup { private $backends; /** @var IEventDispatcher */ private $dispatcher; - /** @var \OC\User\Manager|IUserManager */ + /** @var \OC\User\Manager|IUserManager */ private $userManager; /** @var PublicEmitter */ private $emitter; @@ -402,7 +377,7 @@ class Group implements IGroup { */ public function hideFromCollaboration(): bool { return array_reduce($this->backends, function (bool $hide, GroupInterface $backend) { - return $hide | ($backend instanceof IHideFromCollaborationBackend && $backend->hideGroup($this->gid)); + return $hide || ($backend instanceof IHideFromCollaborationBackend && $backend->hideGroup($this->gid)); }, false); } } diff --git a/lib/private/Group/Manager.php b/lib/private/Group/Manager.php index 30f55107a96..e58a1fe6585 100644 --- a/lib/private/Group/Manager.php +++ b/lib/private/Group/Manager.php @@ -1,48 +1,17 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Bart Visscher <bartv@thisnet.nl> - * @author Bernhard Posselt <dev@bernhard-posselt.com> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Joas Schilling <coding@schilljs.com> - * @author John Molakvoæ <skjnldsv@protonmail.com> - * @author Jörn Friedrich Dreyer <jfd@butonic.de> - * @author Knut Ahlers <knut@ahlers.me> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author macjohnny <estebanmarin@gmx.ch> - * @author Morris Jobke <hey@morrisjobke.de> - * @author Robin Appelman <robin@icewind.nl> - * @author Robin McCorkell <robin@mccorkell.me.uk> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Roman Kreisel <mail@romankreisel.de> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * @author Vincent Petry <vincent@nextcloud.com> - * @author Vinicius Cubas Brand <vinicius@eita.org.br> - * @author voxsim "Simon Vocella" - * @author Carl Schwan <carl@carlschwan.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Group; use OC\Hooks\PublicEmitter; +use OC\Settings\AuthorizedGroupMapper; use OCP\EventDispatcher\IEventDispatcher; use OCP\Group\Backend\IBatchMethodsBackend; +use OCP\Group\Backend\ICreateNamedGroupBackend; use OCP\Group\Backend\IGroupDetailsBackend; use OCP\Group\Events\BeforeGroupCreatedEvent; use OCP\Group\Events\GroupCreatedEvent; @@ -51,6 +20,7 @@ use OCP\ICacheFactory; use OCP\IGroup; use OCP\IGroupManager; use OCP\IUser; +use OCP\Security\Ip\IRemoteAddress; use Psr\Log\LoggerInterface; use function is_string; @@ -73,11 +43,6 @@ class Manager extends PublicEmitter implements IGroupManager { /** @var GroupInterface[] */ private $backends = []; - /** @var \OC\User\Manager */ - private $userManager; - private IEventDispatcher $dispatcher; - private LoggerInterface $logger; - /** @var array<string, IGroup> */ private $cachedGroups = []; @@ -89,13 +54,15 @@ class Manager extends PublicEmitter implements IGroupManager { private DisplayNameCache $displayNameCache; - public function __construct(\OC\User\Manager $userManager, - IEventDispatcher $dispatcher, - LoggerInterface $logger, - ICacheFactory $cacheFactory) { - $this->userManager = $userManager; - $this->dispatcher = $dispatcher; - $this->logger = $logger; + private const MAX_GROUP_LENGTH = 255; + + public function __construct( + private \OC\User\Manager $userManager, + private IEventDispatcher $dispatcher, + private LoggerInterface $logger, + ICacheFactory $cacheFactory, + private IRemoteAddress $remoteAddress, + ) { $this->displayNameCache = new DisplayNameCache($cacheFactory, $this); $this->listen('\OC\Group', 'postDelete', function (IGroup $group): void { @@ -270,12 +237,22 @@ class Manager extends PublicEmitter implements IGroupManager { return null; } elseif ($group = $this->get($gid)) { return $group; + } elseif (mb_strlen($gid) > self::MAX_GROUP_LENGTH) { + throw new \Exception('Group name is limited to ' . self::MAX_GROUP_LENGTH . ' characters'); } else { $this->dispatcher->dispatchTyped(new BeforeGroupCreatedEvent($gid)); $this->emit('\OC\Group', 'preCreate', [$gid]); foreach ($this->backends as $backend) { if ($backend->implementsActions(Backend::CREATE_GROUP)) { - if ($backend->createGroup($gid)) { + if ($backend instanceof ICreateNamedGroupBackend) { + $groupName = $gid; + if (($gid = $backend->createGroup($groupName)) !== null) { + $group = $this->getGroupObject($gid); + $this->dispatcher->dispatchTyped(new GroupCreatedEvent($group)); + $this->emit('\OC\Group', 'postCreate', [$group]); + return $group; + } + } elseif ($backend->createGroup($gid)) { $group = $this->getGroupObject($gid); $this->dispatcher->dispatchTyped(new GroupCreatedEvent($group)); $this->emit('\OC\Group', 'postCreate', [$group]); @@ -345,6 +322,10 @@ class Manager extends PublicEmitter implements IGroupManager { * @return bool if admin */ public function isAdmin($userId) { + if (!$this->remoteAddress->allowsAdminActions()) { + return false; + } + foreach ($this->backends as $backend) { if (is_string($userId) && $backend->implementsActions(Backend::IS_ADMIN) && $backend->isAdmin($userId)) { return true; @@ -353,6 +334,18 @@ class Manager extends PublicEmitter implements IGroupManager { return $this->isInGroup($userId, 'admin'); } + public function isDelegatedAdmin(string $userId): bool { + if (!$this->remoteAddress->allowsAdminActions()) { + return false; + } + + // Check if the user as admin delegation for users listing + $authorizedGroupMapper = \OCP\Server::get(AuthorizedGroupMapper::class); + $user = $this->userManager->get($userId); + $authorizedClasses = $authorizedGroupMapper->findAllClassesForUser($user); + return in_array(\OCA\Settings\Settings\Admin\Users::class, $authorizedClasses, true); + } + /** * Checks if a userId is in a group * @@ -368,7 +361,7 @@ class Manager extends PublicEmitter implements IGroupManager { * get a list of group ids for a user * * @param IUser $user - * @return string[] with group ids + * @return list<string> with group ids */ public function getUserGroupIds(IUser $user): array { return $this->getUserIdGroupIds($user->getUID()); @@ -376,7 +369,7 @@ class Manager extends PublicEmitter implements IGroupManager { /** * @param string $uid the user id - * @return string[] + * @return list<string> */ private function getUserIdGroupIds(string $uid): array { if (!isset($this->cachedUserGroups[$uid])) { @@ -459,7 +452,7 @@ class Manager extends PublicEmitter implements IGroupManager { $matchingUsers = []; foreach ($groupUsers as $groupUser) { - $matchingUsers[(string) $groupUser->getUID()] = $groupUser->getDisplayName(); + $matchingUsers[(string)$groupUser->getUID()] = $groupUser->getDisplayName(); } return $matchingUsers; } diff --git a/lib/private/Group/MetaData.php b/lib/private/Group/MetaData.php index 973db134728..77432eea5ff 100644 --- a/lib/private/Group/MetaData.php +++ b/lib/private/Group/MetaData.php @@ -1,31 +1,9 @@ <?php + /** - * @copyright Copyright (c) 2016, ownCloud, Inc. - * - * @author Arthur Schiwon <blizzz@arthur-schiwon.de> - * @author Christoph Wurst <christoph@winzerhof-wurst.at> - * @author Daniel Kesselberg <mail@danielkesselberg.de> - * @author Joas Schilling <coding@schilljs.com> - * @author John Molakvoæ <skjnldsv@protonmail.com> - * @author Lukas Reschke <lukas@statuscode.ch> - * @author Roeland Jago Douma <roeland@famdouma.nl> - * @author Stephan Peijnik <speijnik@anexia-it.com> - * @author Thomas Müller <thomas.mueller@tmit.eu> - * - * @license AGPL-3.0 - * - * This code is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License, version 3, - * as published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License, version 3, - * along with this program. If not, see <http://www.gnu.org/licenses/> - * + * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors + * SPDX-FileCopyrightText: 2016 ownCloud, Inc. + * SPDX-License-Identifier: AGPL-3.0-only */ namespace OC\Group; @@ -39,33 +17,22 @@ class MetaData { public const SORT_USERCOUNT = 1; // May have performance issues on LDAP backends public const SORT_GROUPNAME = 2; - /** @var string */ - protected $user; - /** @var bool */ - protected $isAdmin; /** @var array */ protected $metaData = []; - /** @var GroupManager */ - protected $groupManager; /** @var int */ protected $sorting = self::SORT_NONE; - /** @var IUserSession */ - protected $userSession; /** * @param string $user the uid of the current user * @param bool $isAdmin whether the current users is an admin */ public function __construct( - string $user, - bool $isAdmin, - IGroupManager $groupManager, - IUserSession $userSession + private string $user, + private bool $isAdmin, + private bool $isDelegatedAdmin, + private IGroupManager $groupManager, + private IUserSession $userSession, ) { - $this->user = $user; - $this->isAdmin = $isAdmin; - $this->groupManager = $groupManager; - $this->userSession = $userSession; } /** @@ -74,7 +41,7 @@ class MetaData { * [0] array containing meta data about admin groups * [1] array containing meta data about unprivileged groups * @param string $groupSearch only effective when instance was created with - * isAdmin being true + * isAdmin being true * @param string $userSearch the pattern users are search for */ public function get(string $groupSearch = '', string $userSearch = ''): array { @@ -184,11 +151,11 @@ class MetaData { * @return IGroup[] */ public function getGroups(string $search = ''): array { - if ($this->isAdmin) { + if ($this->isAdmin || $this->isDelegatedAdmin) { return $this->groupManager->search($search); } else { $userObject = $this->userSession->getUser(); - if ($userObject !== null) { + if ($userObject !== null && $this->groupManager instanceof GroupManager) { $groups = $this->groupManager->getSubAdmin()->getSubAdminsGroups($userObject); } else { $groups = []; |