From 0e26ba4c2adec21de3b5239a646bb4dbde44b2f4 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 2 Jun 2017 10:09:42 +0200 Subject: Don't allow the user to set fields they can't see Signed-off-by: Joas Schilling --- .../lib/Controller/UsersController.php | 31 +++++++++++++++++----- .../tests/Controller/UsersControllerTest.php | 11 ++++++-- 2 files changed, 33 insertions(+), 9 deletions(-) (limited to 'apps/provisioning_api') diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index 6e34fe53eb3..132727eecbd 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -32,6 +32,7 @@ namespace OCA\Provisioning_API\Controller; use OC\Accounts\AccountManager; use OC\Settings\Mailer\NewUserMailHelper; use OC_Helper; +use OCP\App\IAppManager; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSException; use OCP\AppFramework\OCS\OCSForbiddenException; @@ -52,6 +53,8 @@ class UsersController extends OCSController { private $userManager; /** @var IConfig */ private $config; + /** @var IAppManager */ + private $appManager; /** @var IGroupManager|\OC\Group\Manager */ // FIXME Requires a method that is not on the interface private $groupManager; /** @var IUserSession */ @@ -70,6 +73,7 @@ class UsersController extends OCSController { * @param IRequest $request * @param IUserManager $userManager * @param IConfig $config + * @param IAppManager $appManager * @param IGroupManager $groupManager * @param IUserSession $userSession * @param AccountManager $accountManager @@ -81,6 +85,7 @@ class UsersController extends OCSController { IRequest $request, IUserManager $userManager, IConfig $config, + IAppManager $appManager, IGroupManager $groupManager, IUserSession $userSession, AccountManager $accountManager, @@ -91,6 +96,7 @@ class UsersController extends OCSController { $this->userManager = $userManager; $this->config = $config; + $this->appManager = $appManager; $this->groupManager = $groupManager; $this->userSession = $userSession; $this->accountManager = $accountManager; @@ -309,14 +315,25 @@ class UsersController extends OCSController { $permittedFields = []; if($targetUser->getUID() === $currentLoggedInUser->getUID()) { // Editing self (display, email) - $permittedFields[] = 'display'; - $permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME; - $permittedFields[] = AccountManager::PROPERTY_EMAIL; + if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) { + $permittedFields[] = 'display'; + $permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME; + $permittedFields[] = AccountManager::PROPERTY_EMAIL; + } + $permittedFields[] = 'password'; - $permittedFields[] = AccountManager::PROPERTY_PHONE; - $permittedFields[] = AccountManager::PROPERTY_ADDRESS; - $permittedFields[] = AccountManager::PROPERTY_WEBSITE; - $permittedFields[] = AccountManager::PROPERTY_TWITTER; + + if ($this->appManager->isEnabledForUser('federatedfilesharing')) { + $federatedFileSharing = new \OCA\FederatedFileSharing\AppInfo\Application(); + $shareProvider = $federatedFileSharing->getFederatedShareProvider(); + if ($shareProvider->isLookupServerUploadEnabled()) { + $permittedFields[] = AccountManager::PROPERTY_PHONE; + $permittedFields[] = AccountManager::PROPERTY_ADDRESS; + $permittedFields[] = AccountManager::PROPERTY_WEBSITE; + $permittedFields[] = AccountManager::PROPERTY_TWITTER; + } + } + // If admin they can edit their own quota if($this->groupManager->isAdmin($currentLoggedInUser->getUID())) { $permittedFields[] = 'quota'; diff --git a/apps/provisioning_api/tests/Controller/UsersControllerTest.php b/apps/provisioning_api/tests/Controller/UsersControllerTest.php index 57e1d2eac66..61205b45900 100644 --- a/apps/provisioning_api/tests/Controller/UsersControllerTest.php +++ b/apps/provisioning_api/tests/Controller/UsersControllerTest.php @@ -32,6 +32,7 @@ namespace OCA\Provisioning_API\Tests\Controller; use Exception; use OC\Accounts\AccountManager; use OC\Group\Manager; +use OCP\App\IAppManager; use OCP\Mail\IEMailTemplate; use OC\Settings\Mailer\NewUserMailHelper; use OC\SubAdmin; @@ -58,6 +59,8 @@ class UsersControllerTest extends TestCase { protected $userManager; /** @var IConfig|PHPUnit_Framework_MockObject_MockObject */ protected $config; + /** @var IAppManager|PHPUnit_Framework_MockObject_MockObject */ + protected $appManager; /** @var Manager|PHPUnit_Framework_MockObject_MockObject */ protected $groupManager; /** @var IUserSession|PHPUnit_Framework_MockObject_MockObject */ @@ -66,9 +69,9 @@ class UsersControllerTest extends TestCase { protected $logger; /** @var UsersController|PHPUnit_Framework_MockObject_MockObject */ protected $api; - /** @var AccountManager|PHPUnit_Framework_MockObject_MockObject */ + /** @var AccountManager|PHPUnit_Framework_MockObject_MockObject */ protected $accountManager; - /** @var IRequest|PHPUnit_Framework_MockObject_MockObject */ + /** @var IRequest|PHPUnit_Framework_MockObject_MockObject */ protected $request; /** @var IFactory|PHPUnit_Framework_MockObject_MockObject */ private $l10nFactory; @@ -80,6 +83,7 @@ class UsersControllerTest extends TestCase { $this->userManager = $this->createMock(IUserManager::class); $this->config = $this->createMock(IConfig::class); + $this->appManager = $this->createMock(IAppManager::class); $this->groupManager = $this->createMock(Manager::class); $this->userSession = $this->createMock(IUserSession::class); $this->logger = $this->createMock(ILogger::class); @@ -94,6 +98,7 @@ class UsersControllerTest extends TestCase { $this->request, $this->userManager, $this->config, + $this->appManager, $this->groupManager, $this->userSession, $this->accountManager, @@ -2647,6 +2652,7 @@ class UsersControllerTest extends TestCase { $this->request, $this->userManager, $this->config, + $this->appManager, $this->groupManager, $this->userSession, $this->accountManager, @@ -2707,6 +2713,7 @@ class UsersControllerTest extends TestCase { $this->request, $this->userManager, $this->config, + $this->appManager, $this->groupManager, $this->userSession, $this->accountManager, -- cgit v1.2.3