mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #846 from nextcloud/provisioning_api_ocs 

Move Provisioning API to the AppFramework
This commit is contained in:
Joas Schilling 2016-08-17 10:23:13 +02:00 committed by GitHub
parent c1632c3abd 77542817d1
commit 027069cbae
15 changed files with 1000 additions and 919 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

75
apps/provisioning_api/appinfo/routes.php
View File

@ -26,53 +26,40 @@
*
*/
namespace OCA\Provisioning_API\AppInfo;
use OCA\Provisioning_API\Apps;
use OCA\Provisioning_API\Groups;
use OCA\Provisioning_API\Users;
use OCP\API;
// Users
$users = new Users(
\OC::$server->getUserManager(),
\OC::$server->getConfig(),
\OC::$server->getGroupManager(),
\OC::$server->getUserSession(),
\OC::$server->getLogger()
);
API::register('get', '/cloud/users', [$users, 'getUsers'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('post', '/cloud/users', [$users, 'addUser'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('get', '/cloud/users/{userid}', [$users, 'getUser'], 'provisioning_api', API::USER_AUTH);
API::register('put', '/cloud/users/{userid}', [$users, 'editUser'], 'provisioning_api', API::USER_AUTH);
API::register('delete', '/cloud/users/{userid}', [$users, 'deleteUser'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('put', '/cloud/users/{userid}/enable', [$users, 'enableUser'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('put', '/cloud/users/{userid}/disable', [$users, 'disableUser'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('get', '/cloud/users/{userid}/groups', [$users, 'getUsersGroups'], 'provisioning_api', API::USER_AUTH);
API::register('post', '/cloud/users/{userid}/groups', [$users, 'addToGroup'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('delete', '/cloud/users/{userid}/groups', [$users, 'removeFromGroup'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('post', '/cloud/users/{userid}/subadmins', [$users, 'addSubAdmin'], 'provisioning_api', API::ADMIN_AUTH);
API::register('delete', '/cloud/users/{userid}/subadmins', [$users, 'removeSubAdmin'], 'provisioning_api', API::ADMIN_AUTH);
API::register('get', '/cloud/users/{userid}/subadmins', [$users, 'getUserSubAdminGroups'], 'provisioning_api', API::ADMIN_AUTH);
$app = new \OCA\Provisioning_API\AppInfo\Application();
$app->registerRoutes($this, [
'ocs' => [
// Apps
['root' => '/cloud', 'name' => 'Apps#getApps', 'url' => '/apps', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Apps#getAppInfo', 'url' => '/apps/{app}', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Apps#enable', 'url' => '/apps/{app}', 'verb' => 'POST'],
['root' => '/cloud', 'name' => 'Apps#disable', 'url' => '/apps/{app}', 'verb' => 'DELETE'],
// Groups
$groups = new Groups(
\OC::$server->getGroupManager(),
\OC::$server->getUserSession(),
\OC::$server->getRequest()
);
API::register('get', '/cloud/groups', [$groups, 'getGroups'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('post', '/cloud/groups', [$groups, 'addGroup'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('get', '/cloud/groups/{groupid}', [$groups, 'getGroup'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('delete', '/cloud/groups/{groupid}', [$groups, 'deleteGroup'], 'provisioning_api', API::ADMIN_AUTH);
API::register('get', '/cloud/groups/{groupid}/subadmins', [$groups, 'getSubAdminsOfGroup'], 'provisioning_api', API::ADMIN_AUTH);
// Groups
['root' => '/cloud', 'name' => 'Groups#getGroups', 'url' => '/groups', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Groups#getGroup', 'url' => '/groups/{groupId}', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Groups#addGroup', 'url' => '/groups', 'verb' => 'POST'],
['root' => '/cloud', 'name' => 'Groups#deleteGroup', 'url' => '/groups/{groupId}', 'verb' => 'DELETE'],
['root' => '/cloud', 'name' => 'Groups#getSubAdminsOfGroup', 'url' => '/groups/{groupId}/subadmins', 'verb' => 'GET'],
// Apps
$apps = new Apps(
\OC::$server->getAppManager(),
\OC::$server->getOcsClient()
);
API::register('get', '/cloud/apps', [$apps, 'getApps'], 'provisioning_api', API::ADMIN_AUTH);
API::register('get', '/cloud/apps/{appid}', [$apps, 'getAppInfo'], 'provisioning_api', API::ADMIN_AUTH);
API::register('post', '/cloud/apps/{appid}', [$apps, 'enable'], 'provisioning_api', API::ADMIN_AUTH);
API::register('delete', '/cloud/apps/{appid}', [$apps, 'disable'], 'provisioning_api', API::ADMIN_AUTH);
//Users
['root' => '/cloud', 'name' => 'Users#getUsers', 'url' => '/users', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Users#addUser', 'url' => '/users', 'verb' => 'POST'],
['root' => '/cloud', 'name' => 'Users#getUser', 'url' => '/users/{userId}', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Users#editUser', 'url' => '/users/{userId}', 'verb' => 'PUT'],
['root' => '/cloud', 'name' => 'Users#deleteUser', 'url' => '/users/{userId}', 'verb' => 'DELETE'],
['root' => '/cloud', 'name' => 'Users#enableUser', 'url' => '/users/{userId}/enable', 'verb' => 'PUT'],
['root' => '/cloud', 'name' => 'Users#disableUser', 'url' => '/users/{userId}/disable', 'verb' => 'PUT'],
['root' => '/cloud', 'name' => 'Users#getUsersGroups', 'url' => '/users/{userId}/groups', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Users#addToGroup', 'url' => '/users/{userId}/groups', 'verb' => 'POST'],
['root' => '/cloud', 'name' => 'Users#removeFromGroup', 'url' => '/users/{userId}/groups', 'verb' => 'DELETE'],
['root' => '/cloud', 'name' => 'Users#getUserSubAdminGroups', 'url' => '/users/{userId}/subadmins', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Users#addSubAdmin', 'url' => '/users/{userId}/subadmins', 'verb' => 'POST'],
['root' => '/cloud', 'name' => 'Users#removeSubAdmin', 'url' => '/users/{userId}/subadmins', 'verb' => 'DELETE'],
],
]);

28
apps/provisioning_api/lib/AppInfo/Application.php Normal file
View File

@ -0,0 +1,28 @@
<?php
namespace OCA\Provisioning_API\AppInfo;
use OC\AppFramework\Utility\SimpleContainer;
use OCA\Provisioning_API\Middleware\ProvisioningApiMiddleware;
use OCP\AppFramework\App;
class Application extends App {
public function __construct(array $urlParams = array()) {
parent::__construct('provisioning_api', $urlParams);
$container = $this->getContainer();
$server = $container->getServer();
$container->registerService('ProvisioningApiMiddleware', function(SimpleContainer $c) use ($server) {
$user = $server->getUserManager()->get($c['UserId']);
$isAdmin = $user !== null ? $server->getGroupManager()->isAdmin($user->getUID()) : false;
$isSubAdmin = $user !== null ? $server->getGroupManager()->getSubAdmin()->isSubAdmin($user) : false;
return new ProvisioningApiMiddleware(
$c['ControllerMethodReflector'],
$isAdmin,
$isSubAdmin
);
});
$container->registerMiddleWare('ProvisioningApiMiddleware');
}
}

72
apps/provisioning_api/lib/Apps.php → apps/provisioning_api/lib/Controller/AppsController.php
View File

@ -23,89 +23,101 @@
*
*/
namespace OCA\Provisioning_API;
namespace OCA\Provisioning_API\Controller;
use OC\OCSClient;
use \OC_App;
use OCP\App\IAppManager;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\IRequest;
class Apps {
class AppsController extends OCSController {
/** @var \OCP\App\IAppManager */
private $appManager;
/** @var OCSClient */
private $ocsClient;
/**
* @param \OCP\App\IAppManager $appManager
* @param string $appName
* @param IRequest $request
* @param IAppManager $appManager
* @param OCSClient $ocsClient
*/
public function __construct(\OCP\App\IAppManager $appManager,
OCSClient $ocsClient) {
public function __construct(
$appName,
IRequest $request,
IAppManager $appManager,
OCSClient $ocsClient
) {
parent::__construct($appName, $request);
$this->appManager = $appManager;
$this->ocsClient = $ocsClient;
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $filter
* @return DataResponse
* @throws OCSException
*/
public function getApps($parameters) {
public function getApps($filter = null) {
$apps = OC_App::listAllApps(false, true, $this->ocsClient);
$list = [];
foreach($apps as $app) {
$list[] = $app['id'];
}
$filter = isset($_GET['filter']) ? $_GET['filter'] : false;
if($filter){
switch($filter){
case 'enabled':
return new \OC\OCS\Result(array('apps' => \OC_App::getEnabledApps()));
return new DataResponse(['apps' => \OC_App::getEnabledApps()]);
break;
case 'disabled':
$enabled = OC_App::getEnabledApps();
return new \OC\OCS\Result(array('apps' => array_diff($list, $enabled)));
return new DataResponse(['apps' => array_diff($list, $enabled)]);
break;
default:
// Invalid filter variable
return new \OC\OCS\Result(null, 101);
break;
throw new OCSException('', 101);
}
} else {
return new \OC\OCS\Result(array('apps' => $list));
return new DataResponse(['apps' => $list]);
}
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $app
* @return DataResponse
* @throws OCSNotFoundException
*/
public function getAppInfo($parameters) {
$app = $parameters['appid'];
public function getAppInfo($app) {
$info = \OCP\App::getAppInfo($app);
if(!is_null($info)) {
return new \OC\OCS\Result(OC_App::getAppInfo($app));
return new DataResponse(OC_App::getAppInfo($app));
} else {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The request app was not found');
throw new OCSException('The request app was not found', \OCP\API::RESPOND_NOT_FOUND);
}
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $app
* @return DataResponse
*/
public function enable($parameters) {
$app = $parameters['appid'];
public function enable($app) {
$this->appManager->enableApp($app);
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $app
* @return DataResponse
*/
public function disable($parameters) {
$app = $parameters['appid'];
public function disable($app) {
$this->appManager->disableApp($app);
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
}

128
apps/provisioning_api/lib/Groups.php → apps/provisioning_api/lib/Controller/GroupsController.php
View File

@ -23,46 +23,54 @@
*
*/
namespace OCA\Provisioning_API;
namespace OCA\Provisioning_API\Controller;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCSController;
use OCP\IGroup;
use OCP\IGroupManager;
use OCP\IRequest;
use OCP\IUserSession;
use OCP\IUser;
class Groups{
/** @var \OCP\IGroupManager */
class GroupsController extends OCSController {
/** @var IGroupManager */
private $groupManager;
/** @var \OCP\IUserSession */
/** @var IUserSession */
private $userSession;
/** @var \OCP\IRequest */
private $request;
/**
* @param \OCP\IGroupManager $groupManager
* @param \OCP\IUserSession $userSession
* @param \OCP\IRequest $request
* @param string $appName
* @param IRequest $request
* @param IGroupManager $groupManager
* @param IUserSession $userSession
*/
public function __construct(\OCP\IGroupManager $groupManager,
\OCP\IUserSession $userSession,
\OCP\IRequest $request) {
public function __construct(
$appName,
IRequest $request,
IGroupManager $groupManager,
IUserSession $userSession) {
parent::__construct($appName, $request);
$this->groupManager = $groupManager;
$this->userSession = $userSession;
$this->request = $request;
}
/**
* returns a list of groups
*
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $search
* @param int $limit
* @param int $offset
* @return DataResponse
*/
public function getGroups($parameters) {
$search = $this->request->getParam('search', '');
$limit = $this->request->getParam('limit');
$offset = $this->request->getParam('offset');
public function getGroups($search = '', $limit = null, $offset = null) {
if ($limit !== null) {
$limit = (int)$limit;
}
@ -76,27 +84,24 @@ class Groups{
return $group->getGID();
}, $groups);
return new \OC\OCS\Result(['groups' => $groups]);
return new DataResponse(['groups' => $groups]);
}
/**
* returns an array of users in the group specified
*
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $groupId
* @return DataResponse
* @throws OCSException
*/
public function getGroup($parameters) {
// Check if user is logged in
public function getGroup($groupId) {
$user = $this->userSession->getUser();
if ($user === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$groupId = $parameters['groupid'];
// Check the group exists
if(!$this->groupManager->groupExists($groupId)) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested group could not be found');
throw new OCSException('The requested group could not be found', \OCP\API::RESPOND_NOT_FOUND);
}
$isSubadminOfGroup = false;
@ -114,59 +119,62 @@ class Groups{
return $user->getUID();
}, $users);
$users = array_values($users);
return new \OC\OCS\Result(['users' => $users]);
return new DataResponse(['users' => $users]);
} else {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED, 'User does not have access to specified group');
throw new OCSException('User does not have access to specified group', \OCP\API::RESPOND_UNAUTHORISED);
}
}
/**
* creates a new group
*
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $groupid
* @return DataResponse
* @throws OCSException
*/
public function addGroup($parameters) {
public function addGroup($groupid) {
// Validate name
$groupId = $this->request->getParam('groupid', '');
if(empty($groupId)){
if(empty($groupid)){
\OCP\Util::writeLog('provisioning_api', 'Group name not supplied', \OCP\Util::ERROR);
return new \OC\OCS\Result(null, 101, 'Invalid group name');
throw new OCSException('Invalid group name', 101);
}
// Check if it exists
if($this->groupManager->groupExists($groupId)){
return new \OC\OCS\Result(null, 102);
if($this->groupManager->groupExists($groupid)){
throw new OCSException('', 102);
}
$this->groupManager->createGroup($groupId);
return new \OC\OCS\Result(null, 100);
$this->groupManager->createGroup($groupid);
return new DataResponse();
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $groupId
* @return DataResponse
* @throws OCSException
*/
public function deleteGroup($parameters) {
public function deleteGroup($groupId) {
// Check it exists
if(!$this->groupManager->groupExists($parameters['groupid'])){
return new \OC\OCS\Result(null, 101);
} else if($parameters['groupid'] === 'admin' || !$this->groupManager->get($parameters['groupid'])->delete()){
if(!$this->groupManager->groupExists($groupId)){
throw new OCSException('', 101);
} else if($groupId === 'admin' || !$this->groupManager->get($groupId)->delete()){
// Cannot delete admin group
return new \OC\OCS\Result(null, 102);
} else {
return new \OC\OCS\Result(null, 100);
throw new OCSException('', 102);
}
return new DataResponse(null, 100);
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $groupId
* @return DataResponse
* @throws OCSException
*/
public function getSubAdminsOfGroup($parameters) {
$group = $parameters['groupid'];
public function getSubAdminsOfGroup($groupId) {
// Check group exists
$targetGroup = $this->groupManager->get($group);
$targetGroup = $this->groupManager->get($groupId);
if($targetGroup === null) {
return new \OC\OCS\Result(null, 101, 'Group does not exist');
throw new OCSException('Group does not exist', 101);
}
$subadmins = $this->groupManager->getSubAdmin()->getGroupsSubAdmins($targetGroup);
@ -176,7 +184,7 @@ class Groups{
$uids[] = $user->getUID();
}
return new \OC\OCS\Result($uids);
return new DataResponse($uids);
}
}

379
apps/provisioning_api/lib/Users.php → apps/provisioning_api/lib/Controller/UsersController.php
View File

@ -27,17 +27,23 @@
*
*/
namespace OCA\Provisioning_API;
namespace OCA\Provisioning_API\Controller;
use \OC_Helper;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\Files\NotFoundException;
use OCP\IConfig;
use OCP\IGroupManager;
use OCP\ILogger;
use OCP\IRequest;
use OCP\IUserManager;
use OCP\IUserSession;
class Users {
class UsersController extends OCSController {
/** @var IUserManager */
private $userManager;
@ -51,17 +57,23 @@ class Users {
private $logger;
/**
* @param string $appName
* @param IRequest $request
* @param IUserManager $userManager
* @param IConfig $config
* @param IGroupManager $groupManager
* @param IUserSession $userSession
* @param ILogger $logger
*/
public function __construct(IUserManager $userManager,
public function __construct($appName,
IRequest $request,
IUserManager $userManager,
IConfig $config,
IGroupManager $groupManager,
IUserSession $userSession,
ILogger $logger) {
parent::__construct($appName, $request);
$this->userManager = $userManager;
$this->config = $config;
$this->groupManager = $groupManager;
@ -70,20 +82,17 @@ class Users {
}
/**
* @NoAdminRequired
*
* returns a list of users
*
* @return \OC\OCS\Result
* @param string $search
* @param int $limit
* @param int $offset
* @return DataResponse
*/
public function getUsers() {
$search = !empty($_GET['search']) ? $_GET['search'] : '';
$limit = !empty($_GET['limit']) ? $_GET['limit'] : null;
$offset = !empty($_GET['offset']) ? $_GET['offset'] : null;
// Check if user is logged in
public function getUsers($search = '', $limit = null, $offset = null) {
$user = $this->userSession->getUser();
if ($user === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
// Admin? Or SubAdmin?
$uid = $user->getUID();
@ -106,89 +115,85 @@ class Users {
}
$users = array_slice($users, $offset, $limit);
} else {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$users = array_keys($users);
return new \OC\OCS\Result([
return new DataResponse([
'users' => $users
]);
}
/**
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $userid
* @param string $password
* @param array $groups
* @return DataResponse
* @throws OCSException
*/
public function addUser() {
$userId = isset($_POST['userid']) ? $_POST['userid'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
$groups = isset($_POST['groups']) ? $_POST['groups'] : null;
public function addUser($userid, $password, $groups = null) {
$user = $this->userSession->getUser();
$isAdmin = $this->groupManager->isAdmin($user->getUID());
$subAdminManager = $this->groupManager->getSubAdmin();
if (!$isAdmin && !$subAdminManager->isSubAdmin($user)) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
if($this->userManager->userExists($userId)) {
if($this->userManager->userExists($userid)) {
$this->logger->error('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']);
return new \OC\OCS\Result(null, 102, 'User already exists');
throw new OCSException('User already exists', 102);
}
if(is_array($groups)) {
foreach ($groups as $group) {
if(!$this->groupManager->groupExists($group)){
return new \OC\OCS\Result(null, 104, 'group '.$group.' does not exist');
if(!$this->groupManager->groupExists($group)) {
throw new OCSException('group '.$group.' does not exist', 104);
}
if(!$isAdmin && !$subAdminManager->isSubAdminofGroup($user, $this->groupManager->get($group))) {
return new \OC\OCS\Result(null, 105, 'insufficient privileges for group '. $group);
throw new OCSException('insufficient privileges for group '. $group, 105);
}
}
} else {
if(!$isAdmin) {
return new \OC\OCS\Result(null, 106, 'no group specified (required for subadmins)');
throw new OCSException('no group specified (required for subadmins)', 106);
}
}
try {
$newUser = $this->userManager->createUser($userId, $password);
$this->logger->info('Successful addUser call with userid: '.$userId, ['app' => 'ocs_api']);
$newUser = $this->userManager->createUser($userid, $password);
$this->logger->info('Successful addUser call with userid: '.$userid, ['app' => 'ocs_api']);
if (is_array($groups)) {
foreach ($groups as $group) {
$this->groupManager->get($group)->addUser($newUser);
$this->logger->info('Added userid '.$userId.' to group '.$group, ['app' => 'ocs_api']);
$this->logger->info('Added userid '.$userid.' to group '.$group, ['app' => 'ocs_api']);
}
}
return new \OC\OCS\Result(null, 100);
return new DataResponse();
} catch (\Exception $e) {
$this->logger->error('Failed addUser attempt with exception: '.$e->getMessage(), ['app' => 'ocs_api']);
return new \OC\OCS\Result(null, 101, 'Bad request');
throw new OCSException('Bad request', 101);
}
}
/**
* @NoAdminRequired
* @NoSubAdminRequired
*
* gets user info
*
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @return DataResponse
* @throws OCSException
*/
public function getUser($parameters) {
$userId = $parameters['userid'];
// Check if user is logged in
public function getUser($userId) {
$currentLoggedInUser = $this->userSession->getUser();
if ($currentLoggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$data = [];
// Check if the target user exists
$targetUserObject = $this->userManager->get($userId);
if($targetUserObject === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested user could not be found');
throw new OCSException('The requested user could not be found', \OCP\API::RESPOND_NOT_FOUND);
}
// Admin? Or SubAdmin?
@ -198,7 +203,7 @@ class Users {
} else {
// Check they are looking up themselves
if($currentLoggedInUser->getUID() !== $userId) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
}
@ -207,32 +212,32 @@ class Users {
$data['email'] = $targetUserObject->getEMailAddress();
$data['displayname'] = $targetUserObject->getDisplayName();
return new \OC\OCS\Result($data);
return new DataResponse($data);
}
/**
* @NoAdminRequired
* @NoSubAdminRequired
*
* edit users
*
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @param string $key
* @param string $value
* @return DataResponse
* @throws OCSException
* @throws OCSForbiddenException
*/
public function editUser($parameters) {
/** @var string $targetUserId */
$targetUserId = $parameters['userid'];
// Check if user is logged in
public function editUser($userId, $key, $value) {
$currentLoggedInUser = $this->userSession->getUser();
if ($currentLoggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$targetUser = $this->userManager->get($targetUserId);
$targetUser = $this->userManager->get($userId);
if($targetUser === null) {
return new \OC\OCS\Result(null, 997);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
$permittedFields = [];
if($targetUserId === $currentLoggedInUser->getUID()) {
if($userId === $currentLoggedInUser->getUID()) {
// Editing self (display, email)
$permittedFields[] = 'display';
$permittedFields[] = 'email';
@ -253,20 +258,20 @@ class Users {
$permittedFields[] = 'email';
} else {
// No rights
return new \OC\OCS\Result(null, 997);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
}
// Check if permitted to edit this field
if(!in_array($parameters['_put']['key'], $permittedFields)) {
return new \OC\OCS\Result(null, 997);
if(!in_array($key, $permittedFields)) {
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
// Process the edit
switch($parameters['_put']['key']) {
switch($key) {
case 'display':
$targetUser->setDisplayName($parameters['_put']['value']);
$targetUser->setDisplayName($value);
break;
case 'quota':
$quota = $parameters['_put']['value'];
$quota = $value;
if($quota !== 'none' and $quota !== 'default') {
if (is_numeric($quota)) {
$quota = floatval($quota);
@ -274,7 +279,7 @@ class Users {
$quota = \OCP\Util::computerFileSize($quota);
}
if ($quota === false) {
return new \OC\OCS\Result(null, 103, "Invalid quota value {$parameters['_put']['value']}");
throw new OCSException('Invalid quota value '.$value, 103);
}
if($quota === 0) {
$quota = 'default';
@ -287,115 +292,118 @@ class Users {
$targetUser->setQuota($quota);
break;
case 'password':
$targetUser->setPassword($parameters['_put']['value']);
$targetUser->setPassword($value);
break;
case 'email':
if(filter_var($parameters['_put']['value'], FILTER_VALIDATE_EMAIL)) {
$targetUser->setEMailAddress($parameters['_put']['value']);
if(filter_var($value, FILTER_VALIDATE_EMAIL)) {
$targetUser->setEMailAddress($value);
} else {
return new \OC\OCS\Result(null, 102);
throw new OCSException('', 102);
}
break;
default:
return new \OC\OCS\Result(null, 103);
throw new OCSException('', 103);
}
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $userId
* @return DataResponse
* @throws OCSException
* @throws OCSForbiddenException
*/
public function deleteUser($parameters) {
// Check if user is logged in
public function deleteUser($userId) {
$currentLoggedInUser = $this->userSession->getUser();
if ($currentLoggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$targetUser = $this->userManager->get($parameters['userid']);
$targetUser = $this->userManager->get($userId);
if($targetUser === null || $targetUser->getUID() === $currentLoggedInUser->getUID()) {
return new \OC\OCS\Result(null, 101);
throw new OCSException('', 101);
}
// If not permitted
$subAdminManager = $this->groupManager->getSubAdmin();
if(!$this->groupManager->isAdmin($currentLoggedInUser->getUID()) && !$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) {
return new \OC\OCS\Result(null, 997);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
// Go ahead with the delete
if($targetUser->delete()) {
return new \OC\OCS\Result(null, 100);
return new DataResponse();
} else {
return new \OC\OCS\Result(null, 101);
throw new OCSException('', 101);
}
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $userId
* @return DataResponse
*/
public function disableUser($parameters) {
return $this->setEnabled($parameters, false);
public function disableUser($userId) {
return $this->setEnabled($userId, false);
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $userId
* @return DataResponse
*/
public function enableUser($parameters) {
return $this->setEnabled($parameters, true);
public function enableUser($userId) {
return $this->setEnabled($userId, true);
}
/**
* @param array $parameters
* @param string $userId
* @param bool $value
* @return \OC\OCS\Result
* @return DataResponse
* @throws OCSException
* @throws OCSForbiddenException
*/
private function setEnabled($parameters, $value) {
// Check if user is logged in
private function setEnabled($userId, $value) {
$currentLoggedInUser = $this->userSession->getUser();
if ($currentLoggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$targetUser = $this->userManager->get($parameters['userid']);
$targetUser = $this->userManager->get($userId);
if($targetUser === null || $targetUser->getUID() === $currentLoggedInUser->getUID()) {
return new \OC\OCS\Result(null, 101);
throw new OCSException('', 101);
}
// If not permitted
$subAdminManager = $this->groupManager->getSubAdmin();
if(!$this->groupManager->isAdmin($currentLoggedInUser->getUID()) && !$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) {
return new \OC\OCS\Result(null, 997);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
// enable/disable the user now
$targetUser->setEnabled($value);
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
* @NoSubAdminRequired
*
* @param string $userId
* @return DataResponse
* @throws OCSForbiddenException
* @throws OCSNotFoundException
*/
public function getUsersGroups($parameters) {
// Check if user is logged in
public function getUsersGroups($userId) {
$loggedInUser = $this->userSession->getUser();
if ($loggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$targetUser = $this->userManager->get($parameters['userid']);
$targetUser = $this->userManager->get($userId);
if($targetUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_NOT_FOUND);
throw new OCSException('', \OCP\API::RESPOND_NOT_FOUND);
}
if($targetUser->getUID() === $loggedInUser->getUID() || $this->groupManager->isAdmin($loggedInUser->getUID())) {
// Self lookup or admin lookup
return new \OC\OCS\Result([
return new DataResponse([
'groups' => $this->groupManager->getUserGroupIds($targetUser)
]);
} else {
@ -412,87 +420,75 @@ class Users {
$getSubAdminsGroups,
$this->groupManager->getUserGroupIds($targetUser)
);
return new \OC\OCS\Result(array('groups' => $groups));
return new DataResponse(['groups' => $groups]);
} else {
// Not permitted
return new \OC\OCS\Result(null, 997);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
}
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @param string $groupid
* @return DataResponse
* @throws OCSException
*/
public function addToGroup($parameters) {
// Check if user is logged in
$user = $this->userSession->getUser();
if ($user === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
public function addToGroup($userId, $groupid = '') {
if($groupid === '') {
throw new OCSException('', 101);
}
// Check they're an admin
if(!$this->groupManager->isAdmin($user->getUID())) {
// This user doesn't have rights to add a user to this group
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$groupId = !empty($_POST['groupid']) ? $_POST['groupid'] : null;
if($groupId === null) {
return new \OC\OCS\Result(null, 101);
}
$group = $this->groupManager->get($groupId);
$targetUser = $this->userManager->get($parameters['userid']);
$group = $this->groupManager->get($groupid);
$targetUser = $this->userManager->get($userId);
if($group === null) {
return new \OC\OCS\Result(null, 102);
throw new OCSException('', 102);
}
if($targetUser === null) {
return new \OC\OCS\Result(null, 103);
throw new OCSException('', 103);
}
// Add user to group
$group->addUser($targetUser);
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string userId
* @param string $groupid
* @return DataResponse
* @throws OCSException
*/
public function removeFromGroup($parameters) {
// Check if user is logged in
public function removeFromGroup($userId, $groupid) {
$loggedInUser = $this->userSession->getUser();
if ($loggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
if($groupid === null) {
throw new OCSException('', 101);
}
$group = !empty($parameters['_delete']['groupid']) ? $parameters['_delete']['groupid'] : null;
$group = $this->groupManager->get($groupid);
if($group === null) {
return new \OC\OCS\Result(null, 101);
throw new OCSException('', 102);
}
$group = $this->groupManager->get($group);
if($group === null) {
return new \OC\OCS\Result(null, 102);
}
$targetUser = $this->userManager->get($parameters['userid']);
$targetUser = $this->userManager->get($userId);
if($targetUser === null) {
return new \OC\OCS\Result(null, 103);
throw new OCSException('', 103);
}
// If they're not an admin, check they are a subadmin of the group in question
$subAdminManager = $this->groupManager->getSubAdmin();
if(!$this->groupManager->isAdmin($loggedInUser->getUID()) && !$subAdminManager->isSubAdminofGroup($loggedInUser, $group)) {
return new \OC\OCS\Result(null, 104);
throw new OCSException('', 104);
}
// Check they aren't removing themselves from 'admin' or their 'subadmin; group
if($parameters['userid'] === $loggedInUser->getUID()) {
if($userId === $loggedInUser->getUID()) {
if($this->groupManager->isAdmin($loggedInUser->getUID())) {
if($group->getGID() === 'admin') {
return new \OC\OCS\Result(null, 105, 'Cannot remove yourself from the admin group');
throw new OCSException('Cannot remove yourself from the admin group', 105);
}
} else {
// Not an admin, check they are not removing themself from their subadmin group
@ -502,96 +498,101 @@ class Users {
}
if(in_array($group->getGID(), $subAdminGroups, true)) {
return new \OC\OCS\Result(null, 105, 'Cannot remove yourself from this group as you are a SubAdmin');
throw new OCSException('Cannot remove yourself from this group as you are a SubAdmin', 105);
}
}
}
// Remove user from group
$group->removeUser($targetUser);
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
/**
* Creates a subadmin
*
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @param string $groupid
* @return DataResponse
* @throws OCSException
*/
public function addSubAdmin($parameters) {
$group = $this->groupManager->get($_POST['groupid']);
$user = $this->userManager->get($parameters['userid']);
public function addSubAdmin($userId, $groupid) {
$group = $this->groupManager->get($groupid);
$user = $this->userManager->get($userId);
// Check if the user exists
if($user === null) {
return new \OC\OCS\Result(null, 101, 'User does not exist');
throw new OCSException('User does not exist', 101);
}
// Check if group exists
if($group === null) {
return new \OC\OCS\Result(null, 102, 'Group:'.$_POST['groupid'].' does not exist');
throw new OCSException('Group:'.$groupid.' does not exist', 102);
}
// Check if trying to make subadmin of admin group
if(strtolower($_POST['groupid']) === 'admin') {
return new \OC\OCS\Result(null, 103, 'Cannot create subadmins for admin group');
if(strtolower($groupid) === 'admin') {
throw new OCSException('Cannot create subadmins for admin group', 103);
}
$subAdminManager = $this->groupManager->getSubAdmin();
// We cannot be subadmin twice
if ($subAdminManager->isSubAdminofGroup($user, $group)) {
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
// Go
if($subAdminManager->createSubAdmin($user, $group)) {
return new \OC\OCS\Result(null, 100);
return new DataResponse();
} else {
return new \OC\OCS\Result(null, 103, 'Unknown error occurred');
throw new OCSException('Unknown error occurred', 103);
}
}
/**
* Removes a subadmin from a group
*
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @param string $groupid
* @return DataResponse
* @throws OCSException
*/
public function removeSubAdmin($parameters) {
$group = $this->groupManager->get($parameters['_delete']['groupid']);
$user = $this->userManager->get($parameters['userid']);
public function removeSubAdmin($userId, $groupid) {
$group = $this->groupManager->get($groupid);
$user = $this->userManager->get($userId);
$subAdminManager = $this->groupManager->getSubAdmin();
// Check if the user exists
if($user === null) {
return new \OC\OCS\Result(null, 101, 'User does not exist');
throw new OCSException('User does not exist', 101);
}
// Check if the group exists
if($group === null) {
return new \OC\OCS\Result(null, 101, 'Group does not exist');
throw new OCSException('Group does not exist', 101);
}
// Check if they are a subadmin of this said group
if(!$subAdminManager->isSubAdminofGroup($user, $group)) {
return new \OC\OCS\Result(null, 102, 'User is not a subadmin of this group');
throw new OCSException('User is not a subadmin of this group', 102);
}
// Go
if($subAdminManager->deleteSubAdmin($user, $group)) {
return new \OC\OCS\Result(null, 100);
return new DataResponse();
} else {
return new \OC\OCS\Result(null, 103, 'Unknown error occurred');
throw new OCSException('Unknown error occurred', 103);
}
}
/**
* Get the groups a user is a subadmin of
*
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @return DataResponse
* @throws OCSException
*/
public function getUserSubAdminGroups($parameters) {
$user = $this->userManager->get($parameters['userid']);
public function getUserSubAdminGroups($userId) {
$user = $this->userManager->get($userId);
// Check if the user exists
if($user === null) {
return new \OC\OCS\Result(null, 101, 'User does not exist');
throw new OCSException('User does not exist', 101);
}
// Get the subadmin groups
@ -601,9 +602,9 @@ class Users {
}
if(!$groups) {
return new \OC\OCS\Result(null, 102, 'Unknown error occurred');
throw new OCSException('Unknown error occurred', 102);
} else {
return new \OC\OCS\Result($groups);
return new DataResponse($groups);
}
}

11
apps/provisioning_api/lib/Middleware/Exceptions/NotSubAdminException.php Normal file
View File

@ -0,0 +1,11 @@
<?php
namespace OCA\Provisioning_API\Middleware\Exceptions;
use OCP\AppFramework\Http;
class NotSubAdminException extends \Exception {
public function __construct() {
parent::__construct('Logged in user must be at least a sub admin', Http::STATUS_FORBIDDEN);
}
}

64
apps/provisioning_api/lib/Middleware/ProvisioningApiMiddleware.php Normal file
View File

@ -0,0 +1,64 @@
<?php
namespace OCA\Provisioning_API\Middleware;
use OCA\Provisioning_API\Middleware\Exceptions\NotSubAdminException;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Middleware;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\Utility\IControllerMethodReflector;
class ProvisioningApiMiddleware extends Middleware {
/** @var IControllerMethodReflector */
private $reflector;
/** @var bool */
private $isAdmin;
/** @var bool */
private $isSubAdmin;
/**
* ProvisioningApiMiddleware constructor.
*
* @param IControllerMethodReflector $reflector
* @param bool $isAdmin
* @param bool $isSubAdmin
*/
public function __construct(
IControllerMethodReflector $reflector,
$isAdmin,
$isSubAdmin) {
$this->reflector = $reflector;
$this->isAdmin = $isAdmin;
$this->isSubAdmin = $isSubAdmin;
}
/**
* @param \OCP\AppFramework\Controller $controller
* @param string $methodName
*
* @throws NotSubAdminException
*/
public function beforeController($controller, $methodName) {
if (!$this->isAdmin && !$this->reflector->hasAnnotation('NoSubAdminRequired') && !$this->isSubAdmin) {
throw new NotSubAdminException();
}
}
/**
* @param \OCP\AppFramework\Controller $controller
* @param string $methodName
* @param \Exception $exception
* @throws \Exception
* @return Response
*/
public function afterException($controller, $methodName, \Exception $exception) {
if ($exception instanceof NotSubAdminException) {
throw new OCSException($exception->getMessage(), \OCP\API::RESPOND_UNAUTHORISED);
}
throw $exception;
}
}

54
apps/provisioning_api/tests/AppsTest.php → apps/provisioning_api/tests/Controller/AppsControllerTest.php
View File

@ -25,11 +25,11 @@
*
*/
namespace OCA\Provisioning_API\Tests;
namespace OCA\Provisioning_API\Tests\Controller;
use OC\OCSClient;
use OCA\Provisioning_API\Apps;
use OCA\Provisioning_API\Controller\AppsController;
use OCP\API;
use OCP\App\IAppManager;
use OCP\IUserSession;
@ -41,10 +41,10 @@ use OCP\IUserSession;
*
* @package OCA\Provisioning_API\Tests
*/
class AppsTest extends TestCase {
class AppsControllerTest extends \OCA\Provisioning_API\Tests\TestCase {
/** @var IAppManager */
private $appManager;
/** @var Apps */
/** @var AppsController */
private $api;
/** @var IUserSession */
private $userSession;
@ -61,20 +61,30 @@ class AppsTest extends TestCase {
->disableOriginalConstructor()
->getMock();
$this->api = new Apps($this->appManager, $this->ocsClient);
$request = $this->getMockBuilder('OCP\IRequest')
->disableOriginalConstructor()
->getMock();
$this->api = new AppsController(
'provisioning_api',
$request,
$this->appManager,
$this->ocsClient
);
}
public function testGetAppInfo() {
$result = $this->api->getAppInfo(['appid' => 'provisioning_api']);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$result = $this->api->getAppInfo('provisioning_api');
$expected = \OC_App::getAppInfo('provisioning_api');
$this->assertEquals($expected, $result->getData());
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 998
*/
public function testGetAppInfoOnBadAppID() {
$result = $this->api->getAppInfo(['appid' => 'not_provisioning_api']);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(API::RESPOND_NOT_FOUND, $result->getStatusCode());
$this->api->getAppInfo('not_provisioning_api');
}
public function testGetApps() {
@ -86,17 +96,14 @@ class AppsTest extends TestCase {
$this->groupManager->get('admin')->addUser($user);
$this->userSession->setUser($user);
$result = $this->api->getApps([]);
$result = $this->api->getApps();
$this->assertTrue($result->succeeded());
$data = $result->getData();
$this->assertEquals(count(\OC_App::listAllApps(false, true, $this->ocsClient)), count($data['apps']));
}
public function testGetAppsEnabled() {
$_GET['filter'] = 'enabled';
$result = $this->api->getApps(['filter' => 'enabled']);
$this->assertTrue($result->succeeded());
$result = $this->api->getApps('enabled');
$data = $result->getData();
$this->assertEquals(count(\OC_App::getEnabledApps()), count($data['apps']));
}
@ -106,9 +113,7 @@ class AppsTest extends TestCase {
->expects($this->any())
->method($this->anything())
->will($this->returnValue(null));
$_GET['filter'] = 'disabled';
$result = $this->api->getApps(['filter' => 'disabled']);
$this->assertTrue($result->succeeded());
$result = $this->api->getApps('disabled');
$data = $result->getData();
$apps = \OC_App::listAllApps(false, true, $this->ocsClient);
$list = array();
@ -119,10 +124,11 @@ class AppsTest extends TestCase {
$this->assertEquals(count($disabled), count($data['apps']));
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 101
*/
public function testGetAppsInvalidFilter() {
$_GET['filter'] = 'foo';
$result = $this->api->getApps([]);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
$this->api->getApps('foo');
}
}

197
apps/provisioning_api/tests/GroupsTest.php → apps/provisioning_api/tests/Controller/GroupsControllerTest.php
View File

@ -24,24 +24,20 @@
*
*/
namespace OCA\Provisioning_API\Tests;
namespace OCA\Provisioning_API\Tests\Controller;
use OCA\Provisioning_API\Groups;
use OCP\API;
use OCA\Provisioning_API\Controller\GroupsController;
use OCP\IGroupManager;
use OCP\IUserSession;
use OCP\IRequest;
class GroupsTest extends \Test\TestCase {
class GroupsControllerTest extends \Test\TestCase {
/** @var IGroupManager|\PHPUnit_Framework_MockObject_MockObject */
protected $groupManager;
/** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */
protected $userSession;
/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
protected $request;
/** @var \OC\SubAdmin|\PHPUnit_Framework_MockObject_MockObject */
protected $subAdminManager;
/** @var Groups */
/** @var GroupsController */
protected $api;
protected function setUp() {
@ -61,13 +57,14 @@ class GroupsTest extends \Test\TestCase {
$this->userSession = $this->getMockBuilder('OCP\IUserSession')
->disableOriginalConstructor()
->getMock();
$this->request = $this->getMockBuilder('OCP\IRequest')
$request = $this->getMockBuilder('OCP\IRequest')
->disableOriginalConstructor()
->getMock();
$this->api = new Groups(
$this->api = new GroupsController(
'provisioning_api',
$request,
$this->groupManager,
$this->userSession,
$this->request
$this->userSession
);
}
@ -148,15 +145,6 @@ class GroupsTest extends \Test\TestCase {
* @param int|null $offset
*/
public function testGetGroups($search, $limit, $offset) {
$this->request
->expects($this->exactly(3))
->method('getParam')
->will($this->returnValueMap([
['search', '', $search],
['limit', null, $limit],
['offset', null, $offset],
]));
$groups = [$this->createGroup('group1'), $this->createGroup('group2')];
$search = $search === null ? '' : $search;
@ -167,19 +155,8 @@ class GroupsTest extends \Test\TestCase {
->with($search, $limit, $offset)
->willReturn($groups);
$result = $this->api->getGroups([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->assertEquals(['group1', 'group2'], $result->getData()['groups']);
}
public function testGetGroupAsUser() {
$result = $this->api->getGroup([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(API::RESPOND_UNAUTHORISED, $result->getStatusCode());
$result = $this->api->getGroups($search, $limit, $offset);
$this->assertEquals(['groups' => ['group1', 'group2']], $result->getData());
}
public function testGetGroupAsSubadmin() {
@ -201,17 +178,15 @@ class GroupsTest extends \Test\TestCase {
$this->createUser('user2')
]);
$result = $this->api->getGroup([
'groupid' => 'group',
]);
$result = $this->api->getGroup('group');
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->assertEquals(1, sizeof($result->getData()), 'Asserting the result data array only has the "users" key');
$this->assertArrayHasKey('users', $result->getData());
$this->assertEquals(['user1', 'user2'], $result->getData()['users']);
$this->assertEquals(['users' => ['user1', 'user2']], $result->getData());
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 997
*/
public function testGetGroupAsIrrelevantSubadmin() {
$group = $this->createGroup('group');
$otherGroup = $this->createGroup('otherGroup');
@ -226,13 +201,7 @@ class GroupsTest extends \Test\TestCase {
->with('group')
->willReturn(true);
$result = $this->api->getGroup([
'groupid' => 'group',
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(API::RESPOND_UNAUTHORISED, $result->getStatusCode());
$this->api->getGroup('group');
}
public function testGetGroupAsAdmin() {
@ -254,39 +223,29 @@ class GroupsTest extends \Test\TestCase {
$this->createUser('user2')
]);
$result = $this->api->getGroup([
'groupid' => 'group',
]);
$result = $this->api->getGroup('group');
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->assertEquals(1, sizeof($result->getData()), 'Asserting the result data array only has the "users" key');
$this->assertArrayHasKey('users', $result->getData());
$this->assertEquals(['user1', 'user2'], $result->getData()['users']);
$this->assertEquals(['users' => ['user1', 'user2']], $result->getData());
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 998
* @expectedExceptionMessage The requested group could not be found
*/
public function testGetGroupNonExisting() {
$this->asUser();
$result = $this->api->getGroup([
'groupid' => $this->getUniqueID()
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(API::RESPOND_NOT_FOUND, $result->getStatusCode());
$this->assertEquals('The requested group could not be found', $result->getMeta()['message']);
$this->api->getGroup($this->getUniqueID());
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 101
* @expectedExceptionMessage Group does not exist
*/
public function testGetSubAdminsOfGroupsNotExists() {
$result = $this->api->getSubAdminsOfGroup([
'groupid' => 'NonExistingGroup',
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
$this->assertEquals('Group does not exist', $result->getMeta()['message']);
$this->api->getSubAdminsOfGroup('NonExistingGroup');
}
public function testGetSubAdminsOfGroup() {
@ -305,12 +264,7 @@ class GroupsTest extends \Test\TestCase {
$this->createUser('SubAdmin2'),
]);
$result = $this->api->getSubAdminsOfGroup([
'groupid' => 'GroupWithSubAdmins',
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$result = $this->api->getSubAdminsOfGroup('GroupWithSubAdmins');
$this->assertEquals(['SubAdmin1', 'SubAdmin2'], $result->getData());
}
@ -328,53 +282,33 @@ class GroupsTest extends \Test\TestCase {
->willReturn([
]);
$result = $this->api->getSubAdminsOfGroup([
'groupid' => 'GroupWithOutSubAdmins',
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$result = $this->api->getSubAdminsOfGroup('GroupWithOutSubAdmins');
$this->assertEquals([], $result->getData());
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 101
* @expectedExceptionMessage Invalid group name
*/
public function testAddGroupEmptyGroup() {
$this->request
->method('getParam')
->with('groupid')
->willReturn('');
$result = $this->api->addGroup([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
$this->assertEquals('Invalid group name', $result->getMeta()['message']);
$this->api->addGroup('');
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 102
*/
public function testAddGroupExistingGroup() {
$this->request
->method('getParam')
->with('groupid')
->willReturn('ExistingGroup');
$this->groupManager
->method('groupExists')
->with('ExistingGroup')
->willReturn(true);
$result = $this->api->addGroup([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(102, $result->getStatusCode());
$this->api->addGroup('ExistingGroup');
}
public function testAddGroup() {
$this->request
->method('getParam')
->with('groupid')
->willReturn('NewGroup');
$this->groupManager
->method('groupExists')
->with('NewGroup')
@ -385,17 +319,10 @@ class GroupsTest extends \Test\TestCase {
->method('createGroup')
->with('NewGroup');
$result = $this->api->addGroup([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->api->addGroup('NewGroup');
}
public function testAddGroupWithSpecialChar() {
$this->request
->method('getParam')
->with('groupid')
->willReturn('Iñtërnâtiônàlizætiøn');
$this->groupManager
->method('groupExists')
->with('Iñtërnâtiônàlizætiøn')
@ -406,32 +333,28 @@ class GroupsTest extends \Test\TestCase {
->method('createGroup')
->with('Iñtërnâtiônàlizætiøn');
$result = $this->api->addGroup([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->api->addGroup('Iñtërnâtiônàlizætiøn');
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 101
*/
public function testDeleteGroupNonExisting() {
$result = $this->api->deleteGroup([
'groupid' => 'NonExistingGroup'
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
$this->api->deleteGroup('NonExistingGroup');
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 102
*/
public function testDeleteAdminGroup() {
$this->groupManager
->method('groupExists')
->with('admin')
->willReturn('true');
$result = $this->api->deleteGroup([
'groupid' => 'admin'
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(102, $result->getStatusCode());
$this->api->deleteGroup('admin');
}
public function testDeleteGroup() {
@ -450,10 +373,6 @@ class GroupsTest extends \Test\TestCase {
->method('delete')
->willReturn(true);
$result = $this->api->deleteGroup([
'groupid' => 'ExistingGroup',
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->api->deleteGroup('ExistingGroup');
}
}

683
apps/provisioning_api/tests/UsersTest.php → apps/provisioning_api/tests/Controller/UsersControllerTest.php
View File

File diff suppressed because it is too large Load Diff

7
build/integration/features/bootstrap/BasicStructure.php
View File

@ -165,6 +165,13 @@ trait BasicStructure {
$options['body'] = $fd;
}
// TODO: Fix this hack!
if ($verb === 'PUT' && $body === null) {
$options['body'] = [
'foo' => 'bar',
];
}
try {
$this->response = $client->send($client->createRequest($verb, $fullUrl, $options));
} catch (\GuzzleHttp\Exception\ClientException $ex) {

79
build/integration/features/bootstrap/Provisioning.php
View File

@ -96,9 +96,12 @@ trait Provisioning {
}
$options['body'] = [
'userid' => $user,
'password' => '123456'
];
'userid' => $user,
'password' => '123456'
];
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->send($client->createRequest("POST", $fullUrl, $options));
if ($this->currentServer === 'LOCAL'){
@ -111,6 +114,9 @@ trait Provisioning {
$options2 = [
'auth' => [$user, '123456'],
];
$options2['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$url = $fullUrl.'/'.$user;
$client->send($client->createRequest('GET', $url, $options2));
}
@ -152,6 +158,9 @@ trait Provisioning {
$client = new Client();
$options = [];
$options['auth'] = $this->adminUser;
$options['headers'] = [
'OCS-APIREQUEST' => 'true'
];
$this->response = $client->get($fullUrl, $options);
}
@ -168,6 +177,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfGroupsResponded($this->response);
@ -183,6 +195,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfGroupsResponded($this->response);
@ -223,6 +238,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$groups = array($group);
@ -244,8 +262,11 @@ trait Provisioning {
}
$options['body'] = [
'groupid' => $group,
];
'groupid' => $group,
];
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->send($client->createRequest("POST", $fullUrl, $options));
if ($this->currentServer === 'LOCAL'){
@ -265,6 +286,13 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
// TODO: fix hack
$options['body'] = [
'foo' => 'bar'
];
$this->response = $client->send($client->createRequest("PUT", $fullUrl, $options));
}
@ -280,6 +308,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->send($client->createRequest("DELETE", $fullUrl, $options));
}
@ -295,6 +326,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->send($client->createRequest("DELETE", $fullUrl, $options));
}
@ -323,10 +357,13 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$options['body'] = [
'groupid' => $group,
];
'groupid' => $group,
];
$this->response = $client->send($client->createRequest("POST", $fullUrl, $options));
}
@ -337,6 +374,9 @@ trait Provisioning {
$client = new Client();
$options = [];
$options['auth'] = $this->adminUser;
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
}
@ -394,6 +434,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfSubadminsResponded($this->response);
@ -415,8 +458,11 @@ trait Provisioning {
$options['auth'] = $this->adminUser;
}
$options['body'] = [
'groupid' => $group
];
'groupid' => $group
];
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->send($client->createRequest("POST", $fullUrl, $options));
PHPUnit_Framework_Assert::assertEquals(200, $this->response->getStatusCode());
}
@ -433,6 +479,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfSubadminsResponded($this->response);
@ -561,6 +610,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfAppsResponded($this->response);
@ -579,6 +631,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfAppsResponded($this->response);
@ -597,6 +652,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
PHPUnit_Framework_Assert::assertEquals("false", $this->response->xml()->data[0]->enabled);
@ -613,6 +671,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
PHPUnit_Framework_Assert::assertEquals("true", $this->response->xml()->data[0]->enabled);

2
lib/private/AppFramework/DependencyInjection/DIContainer.php
View File

@ -408,6 +408,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
$this->registerService('MiddlewareDispatcher', function($c) use (&$middleWares) {
$dispatcher = new MiddlewareDispatcher();
$dispatcher->registerMiddleware($c['CORSMiddleware']);
$dispatcher->registerMiddleware($c['OCSMiddleware']);
$dispatcher->registerMiddleware($c['SecurityMiddleware']);
$dispatcher->registerMiddleWare($c['TwoFactorMiddleware']);
@ -416,7 +417,6 @@ class DIContainer extends SimpleContainer implements IAppContainer {
}
$dispatcher->registerMiddleware($c['SessionMiddleware']);
$dispatcher->registerMiddleware($c['OCSMiddleware']);
return $dispatcher;
});

62
lib/private/AppFramework/Middleware/OCSMiddleware.php
View File

@ -23,8 +23,14 @@
namespace OC\AppFramework\Middleware;
use OC\AppFramework\Http;
use OCP\API;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\OCSResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\IRequest;
use OCP\AppFramework\Middleware;
@ -54,12 +60,35 @@ class OCSMiddleware extends Middleware {
$code = $exception->getCode();
if ($code === 0) {
$code = Http::STATUS_INTERNAL_SERVER_ERROR;
$code = API::RESPOND_UNKNOWN_ERROR;
}
// Build the response
$response = new OCSResponse($format, $code, $exception->getMessage());
// Forbidden always sets 401 (even on v1.php)
if ($exception instanceof OCSForbiddenException || $code === API::RESPOND_UNAUTHORISED) {
$response->setStatus(Http::STATUS_UNAUTHORIZED);
}
// On v2.php we set actual HTTP error codes
if (substr_compare($this->request->getScriptName(), '/ocs/v2.php', -strlen('/ocs/v2.php')) === 0) {
$response->setStatus($code);
if ($code === API::RESPOND_NOT_FOUND) {
$response->setStatus(Http::STATUS_NOT_FOUND);
} else if ($code === API::RESPOND_SERVER_ERROR) {
$response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR);
} else if ($code === API::RESPOND_UNKNOWN_ERROR) {
$response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR);
} else if ($code === API::RESPOND_UNAUTHORISED) {
// Already set
}
// 4xx and 5xx codes are forwarded as is.
else if ($code >= 400 && $code < 600) {
$response->setStatus($code);
} else {
// All other codes get a bad request
$response->setStatus(Http::STATUS_BAD_REQUEST);
}
}
return $response;
}
@ -67,6 +96,35 @@ class OCSMiddleware extends Middleware {
throw $exception;
}
/**
* @param \OCP\AppFramework\Controller $controller
* @param string $methodName
* @param Response $response
* @return \OCP\AppFramework\Http\Response
*/
public function afterController($controller, $methodName, Response $response) {
/*
* If a different middleware has detected that a request unauthorized or forbidden
* we need to catch the response and convert it to a proper OCS response.
*/
if ($controller instanceof OCSController && !($response instanceof OCSResponse)) {
if ($response->getStatus() === Http::STATUS_UNAUTHORIZED ||
$response->getStatus() === Http::STATUS_FORBIDDEN) {
$format = $this->getFormat($controller);
$message = '';
if ($response instanceof JSONResponse) {
/** @var DataResponse $response */
$message = $response->getData()['message'];
}
$response = new OCSResponse($format, \OCP\API::RESPOND_UNAUTHORISED, $message);
$response->setStatus(Http::STATUS_UNAUTHORIZED);
}
}
return $response;
}
/**
* @param \OCP\AppFramework\Controller $controller
* @return string

76
tests/lib/AppFramework/Middleware/OCSMiddlewareTest.php
View File

@ -27,14 +27,14 @@ use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OC\AppFramework\Http\Request;
use OCP\IRequest;
use OC\AppFramework\Middleware\OCSMiddleware;
class OCSMiddlewareTest extends \Test\TestCase {
/**
* @var Request
* @var IRequest
*/
private $request;
@ -101,8 +101,18 @@ class OCSMiddlewareTest extends \Test\TestCase {
$this->assertInstanceOf('OCP\AppFramework\Http\OCSResponse', $result);
$this->assertSame($message, $this->invokePrivate($result, 'message'));
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
$this->assertSame(200, $result->getStatus());
if ($exception->getCode() === 0) {
$this->assertSame(\OCP\API::RESPOND_UNKNOWN_ERROR, $this->invokePrivate($result, 'statuscode'));
} else {
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
}
if ($exception instanceof OCSForbiddenException) {
$this->assertSame(Http::STATUS_UNAUTHORIZED, $result->getStatus());
} else {
$this->assertSame(200, $result->getStatus());
}
} catch (\Exception $e) {
$this->assertTrue($forward);
$this->assertEquals($exception, $e);
@ -131,7 +141,11 @@ class OCSMiddlewareTest extends \Test\TestCase {
$this->assertInstanceOf('OCP\AppFramework\Http\OCSResponse', $result);
$this->assertSame($message, $this->invokePrivate($result, 'message'));
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
if ($exception->getCode() === 0) {
$this->assertSame(\OCP\API::RESPOND_UNKNOWN_ERROR, $this->invokePrivate($result, 'statuscode'));
} else {
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
}
$this->assertSame($code, $result->getStatus());
} catch (\Exception $e) {
$this->assertTrue($forward);
@ -161,7 +175,11 @@ class OCSMiddlewareTest extends \Test\TestCase {
$this->assertInstanceOf('OCP\AppFramework\Http\OCSResponse', $result);
$this->assertSame($message, $this->invokePrivate($result, 'message'));
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
if ($exception->getCode() === 0) {
$this->assertSame(\OCP\API::RESPOND_UNKNOWN_ERROR, $this->invokePrivate($result, 'statuscode'));
} else {
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
}
$this->assertSame($code, $result->getStatus());
} catch (\Exception $e) {
$this->assertTrue($forward);
@ -169,4 +187,50 @@ class OCSMiddlewareTest extends \Test\TestCase {
}
}
public function dataAfterController() {
$OCSController = $this->getMockBuilder('OCP\AppFramework\OCSController')
->disableOriginalConstructor()
->getMock();
$controller = $this->getMockBuilder('OCP\AppFramework\Controller')
->disableOriginalConstructor()
->getMock();
return [
[$OCSController, new Http\Response(), false],
[$OCSController, new Http\JSONResponse(), false],
[$OCSController, new Http\JSONResponse(['message' => 'foo']), false],
[$OCSController, new Http\JSONResponse(['message' => 'foo'], Http::STATUS_UNAUTHORIZED), true],
[$OCSController, new Http\JSONResponse(['message' => 'foo'], Http::STATUS_FORBIDDEN), true],
[$controller, new Http\Response(), false],
[$controller, new Http\JSONResponse(), false],
[$controller, new Http\JSONResponse(['message' => 'foo']), false],
[$controller, new Http\JSONResponse(['message' => 'foo'], Http::STATUS_UNAUTHORIZED), false],
[$controller, new Http\JSONResponse(['message' => 'foo'], Http::STATUS_FORBIDDEN), false],
];
}
/**
* @dataProvider dataAfterController
*
* @param Controller $controller
* @param Http\Response $response
* @param bool $converted
*/
public function testAfterController($controller, $response, $converted) {
$OCSMiddleware = new OCSMiddleware($this->request);
$newResponse = $OCSMiddleware->afterController($controller, 'foo', $response);
if ($converted === false) {
$this->assertSame($response, $newResponse);
} else {
$this->assertInstanceOf('\OCP\AppFramework\Http\OCSResponse', $newResponse);
/** @var Http\OCSResponse $newResponse */
$this->assertSame($response->getData()['message'], $this->invokePrivate($newResponse, 'message'));
$this->assertSame(\OCP\API::RESPOND_UNAUTHORISED, $this->invokePrivate($newResponse, 'statuscode'));
$this->assertSame(Http::STATUS_UNAUTHORIZED, $newResponse->getStatus());
}
}
}