From d109d4f58198b2ac35d590e59a45f948da23ca8e Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 11 Jun 2021 16:14:01 +0200 Subject: prov api to be able to edit multivalue properties - adding as usual - deleting and scope setting via additional endpoint Signed-off-by: Arthur Schiwon --- apps/provisioning_api/appinfo/routes.php | 1 + .../lib/Controller/UsersController.php | 98 ++++++++++++++++++++++ 2 files changed, 99 insertions(+) (limited to 'apps/provisioning_api') diff --git a/apps/provisioning_api/appinfo/routes.php b/apps/provisioning_api/appinfo/routes.php index 8cf57487d3a..01b6260c1d5 100644 --- a/apps/provisioning_api/appinfo/routes.php +++ b/apps/provisioning_api/appinfo/routes.php @@ -54,6 +54,7 @@ return [ ['root' => '/cloud', 'name' => 'Users#getEditableFields', 'url' => '/user/fields', 'verb' => 'GET'], ['root' => '/cloud', 'name' => 'Users#getEditableFieldsForUser', 'url' => '/user/fields/{userId}', 'verb' => 'GET'], ['root' => '/cloud', 'name' => 'Users#editUser', 'url' => '/users/{userId}', 'verb' => 'PUT'], + ['root' => '/cloud', 'name' => 'Users#editUserMultiValue', 'url' => '/users/{userId}/{collectionName}', 'verb' => 'PUT', 'requirements' => ['collectionName' => '[^(enable|disable)]']], ['root' => '/cloud', 'name' => 'Users#wipeUserDevices', 'url' => '/users/{userId}/wipe', 'verb' => 'POST'], ['root' => '/cloud', 'name' => 'Users#deleteUser', 'url' => '/users/{userId}', 'verb' => 'DELETE'], ['root' => '/cloud', 'name' => 'Users#enableUser', 'url' => '/users/{userId}/enable', 'verb' => 'PUT'], diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index 6c17648b9ea..709f139d830 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -52,6 +52,7 @@ use OC\KnownUser\KnownUserService; use OC\User\Backend; use OCA\Settings\Mailer\NewUserMailHelper; use OCP\Accounts\IAccountManager; +use OCP\Accounts\IAccountProperty; use OCP\App\IAppManager; use OCP\AppFramework\Http; use OCP\AppFramework\Http\DataResponse; @@ -601,6 +602,85 @@ class UsersController extends AUserData { return new DataResponse($permittedFields); } + /** + * @throws OCSException + */ + public function editUserMultiValue( + string $userId, + string $collectionName, + string $key, + string $value + ): DataResponse { + $currentLoggedInUser = $this->userSession->getUser(); + if ($currentLoggedInUser === null) { + throw new OCSException('', OCSController::RESPOND_UNAUTHORISED); + } + + $targetUser = $this->userManager->get($userId); + if ($targetUser === null) { + throw new OCSException('', OCSController::RESPOND_NOT_FOUND); + } + + $permittedFields = []; + if ($targetUser->getUID() === $currentLoggedInUser->getUID()) { + // Editing self (display, email) + $permittedFields[] = IAccountManager::COLLECTION_EMAIL; + $permittedFields[] = IAccountManager::COLLECTION_EMAIL . self::SCOPE_SUFFIX; + } else { + // Check if admin / subadmin + $subAdminManager = $this->groupManager->getSubAdmin(); + if ($this->groupManager->isAdmin($currentLoggedInUser->getUID()) + || $subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) { + // They have permissions over the user + + $permittedFields[] = IAccountManager::COLLECTION_EMAIL; + } else { + // No rights + throw new OCSException('', OCSController::RESPOND_NOT_FOUND); + } + } + + // Check if permitted to edit this field + if (!in_array($collectionName, $permittedFields)) { + throw new OCSException('', 103); + } + + switch ($collectionName) { + case IAccountManager::COLLECTION_EMAIL: + $userAccount = $this->accountManager->getAccount($targetUser); + $mailCollection = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL); + $mailCollection->removePropertyByValue($key); + if ($value !== '') { + // "replace on" + $mailCollection->addPropertyWithDefaults($value); + } + $this->accountManager->updateAccount($userAccount); + break; + + case IAccountManager::COLLECTION_EMAIL . self::SCOPE_SUFFIX: + $userAccount = $this->accountManager->getAccount($targetUser); + $mailCollection = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL); + $targetProperty = null; + foreach ($mailCollection->getProperties() as $property) { + if ($property->getValue() === $value) { + $targetProperty = $property; + break; + } + } + if ($targetProperty instanceof IAccountProperty) { + $targetProperty->setScope($value); + $this->accountManager->updateAccount($userAccount); + } else { + throw new OCSException('', 102); + } + break; + + default: + throw new OCSException('', 103); + } + return new DataResponse(); + } + /** * @NoAdminRequired * @NoSubAdminRequired @@ -637,6 +717,8 @@ class UsersController extends AUserData { $permittedFields[] = IAccountManager::PROPERTY_DISPLAYNAME . self::SCOPE_SUFFIX; $permittedFields[] = IAccountManager::PROPERTY_EMAIL . self::SCOPE_SUFFIX; + $permittedFields[] = IAccountManager::COLLECTION_EMAIL; + $permittedFields[] = 'password'; if ($this->config->getSystemValue('force_language', false) === false || $this->groupManager->isAdmin($currentLoggedInUser->getUID())) { @@ -675,6 +757,7 @@ class UsersController extends AUserData { $permittedFields[] = IAccountManager::PROPERTY_DISPLAYNAME; } $permittedFields[] = IAccountManager::PROPERTY_EMAIL; + $permittedFields[] = IAccountManager::COLLECTION_EMAIL; $permittedFields[] = 'password'; $permittedFields[] = 'language'; $permittedFields[] = 'locale'; @@ -747,6 +830,21 @@ class UsersController extends AUserData { throw new OCSException('', 102); } break; + case IAccountManager::COLLECTION_EMAIL: + if (filter_var($value, FILTER_VALIDATE_EMAIL) && $value !== $targetUser->getEMailAddress()) { + $userAccount = $this->accountManager->getAccount($targetUser); + $mailCollection = $userAccount->getPropertyCollection(IAccountManager::COLLECTION_EMAIL); + foreach ($mailCollection->getProperties() as $property) { + if ($property->getValue() === $value) { + break; + } + } + $mailCollection->addPropertyWithDefaults($value); + $this->accountManager->updateAccount($userAccount); + } else { + throw new OCSException('', 102); + } + break; case IAccountManager::PROPERTY_PHONE: case IAccountManager::PROPERTY_ADDRESS: case IAccountManager::PROPERTY_WEBSITE: -- cgit v1.2.3