From 416d10f76c9b05a5a1e51058486f6e5cffd6c498 Mon Sep 17 00:00:00 2001
From: Julien Veyssier <eneiluj@posteo.net>
Date: Thu, 29 Jul 2021 13:04:41 +0200
Subject: refs #21045 add app config to disable unlimited quota and to set max
 quota avoid unlimited quota as default_quota fallback value if unlimited
 quota is not allowed avoid getting/setting/displaying unlimited default quota
 if not allowed implement tests for unlimited quota restrictions

Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
---
 apps/provisioning_api/lib/Controller/AppConfigController.php |  7 +++++++
 apps/provisioning_api/lib/Controller/UsersController.php     | 11 +++++++++++
 2 files changed, 18 insertions(+)

(limited to 'apps/provisioning_api/lib/Controller')

diff --git a/apps/provisioning_api/lib/Controller/AppConfigController.php b/apps/provisioning_api/lib/Controller/AppConfigController.php
index b6e43cac1df..cd8dba9e5b8 100644
--- a/apps/provisioning_api/lib/Controller/AppConfigController.php
+++ b/apps/provisioning_api/lib/Controller/AppConfigController.php
@@ -162,5 +162,12 @@ class AppConfigController extends OCSController {
 		if ($app === 'core' && (strpos($key, 'public_') === 0 || strpos($key, 'remote_') === 0)) {
 			throw new \InvalidArgumentException('The given key can not be set');
 		}
+
+		if ($app === 'files'
+			&& $key === 'default_quota'
+			&& $value === 'none'
+			&& $this->config->getAppValue('files', 'allow_unlimited_quota', '1') === '0') {
+			throw new \InvalidArgumentException('The given key can not be set, unlimited quota is forbidden on this instance');
+		}
 	}
 }
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index 01e4bac9c2b..a0eda5848ec 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -798,9 +798,20 @@ class UsersController extends AUserData {
 					if ($quota === -1) {
 						$quota = 'none';
 					} else {
+						$maxQuota = (int) $this->config->getAppValue('files', 'max_quota', '-1');
+						if ($maxQuota !== -1 && $quota > $maxQuota) {
+							throw new OCSException('Invalid quota value. ' . $value . ' is exceeding the maximum quota', 102);
+						}
 						$quota = \OCP\Util::humanFileSize($quota);
 					}
 				}
+				// no else block because quota can be set to 'none' in previous if
+				if ($quota === 'none') {
+					$allowUnlimitedQuota = $this->config->getAppValue('files', 'allow_unlimited_quota', '1') === '1';
+					if (!$allowUnlimitedQuota) {
+						throw new OCSException('Unlimited quota is forbidden on this instance', 102);
+					}
+				}
 				$targetUser->setQuota($quota);
 				break;
 			case 'password':
-- 
cgit v1.2.3