Merge pull request #1177 from owncloud/OC_User--isAdminUser()
Check if user is admin - bool
This commit is contained in:
Bart Visscher
commit
53ca0db434
|
|
@ -36,12 +36,6 @@ $CONFIG = array(
|
|||
/* The automatic protocol detection of ownCloud can fail in certain reverse proxy situations. This option allows to manually override the protocol detection. For example "https" */
|
||||
"overwriteprotocol" => "",
|
||||
|
||||
/* Enhanced auth forces users to enter their password again when performing potential sensitive actions like creating or deleting users */
|
||||
"enhancedauth" => true,
|
||||
|
||||
/* Time in seconds how long an user is authenticated without entering his password again before performing sensitive actions like creating or deleting users etc...*/
|
||||
"enhancedauthtime" => 15 * 60,
|
||||
|
||||
/* A proxy to use to connect to the internet. For example "myproxy.org:88" */
|
||||
"proxy" => "",
|
||||
|
||||
|
|
|
|||
|
|
@ -1,18 +0,0 @@
|
|||
<form method="post">
|
||||
<fieldset>
|
||||
<ul>
|
||||
<li class="errors">
|
||||
<?php echo $l->t('Security Warning!'); ?><br>
|
||||
<small><?php echo $l->t("Please verify your password. <br/>For security reasons you may be occasionally asked to enter your password again."); ?></small>
|
||||
</li>
|
||||
</ul>
|
||||
<p class="infield">
|
||||
<input type="text" value="<?php echo $_['username']; ?>" disabled="disabled" />
|
||||
</p>
|
||||
<p class="infield">
|
||||
<label for="password" class="infield"><?php echo $l->t( 'Password' ); ?></label>
|
||||
<input type="password" name="password" id="password" value="" required />
|
||||
</p>
|
||||
<input type="submit" id="submit" class="login" value="<?php echo $l->t( 'Verify' ); ?>" />
|
||||
</fieldset>
|
||||
</form>
|
||||
|
|
@ -127,8 +127,7 @@ class OC_API {
|
|||
return false;
|
||||
} else {
|
||||
$subAdmin = OC_SubAdmin::isSubAdmin($user);
|
||||
$admin = OC_Group::inGroup($user, 'admin');
|
||||
if($subAdmin || $admin) {
|
||||
if($subAdmin) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
|
|
@ -141,7 +140,7 @@ class OC_API {
|
|||
if(!$user) {
|
||||
return false;
|
||||
} else {
|
||||
return OC_Group::inGroup($user, 'admin');
|
||||
return OC_User::isAdminUser($user);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -313,14 +313,14 @@ class OC_App{
|
|||
$settings[]=array( "id" => "settings", "order" => 1000, "href" => OC_Helper::linkToRoute( "settings_settings" ), "name" => $l->t("Settings"), "icon" => OC_Helper::imagePath( "settings", "settings.svg" ));
|
||||
|
||||
//SubAdmins are also allowed to access user management
|
||||
if(OC_SubAdmin::isSubAdmin($_SESSION["user_id"]) || OC_Group::inGroup( $_SESSION["user_id"], "admin" )) {
|
||||
if(OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
|
||||
// admin users menu
|
||||
$settings[] = array( "id" => "core_users", "order" => 2, "href" => OC_Helper::linkToRoute( "settings_users" ), "name" => $l->t("Users"), "icon" => OC_Helper::imagePath( "settings", "users.svg" ));
|
||||
}
|
||||
|
||||
|
||||
// if the user is an admin
|
||||
if(OC_Group::inGroup( $_SESSION["user_id"], "admin" )) {
|
||||
if(OC_User::isAdminUser(OC_User::getUser())) {
|
||||
// admin apps menu
|
||||
$settings[] = array( "id" => "core_apps", "order" => 3, "href" => OC_Helper::linkToRoute( "settings_apps" ).'?installed', "name" => $l->t("Apps"), "icon" => OC_Helper::imagePath( "settings", "apps.svg" ));
|
||||
|
||||
|
|
|
|||
21
lib/json.php
21
lib/json.php
|
|
@ -57,9 +57,7 @@ class OC_JSON{
|
|||
* Check if the user is a admin, send json error msg if not
|
||||
*/
|
||||
public static function checkAdminUser() {
|
||||
self::checkLoggedIn();
|
||||
self::verifyUser();
|
||||
if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
|
||||
if( !OC_User::isAdminUser(OC_User::getUser())) {
|
||||
$l = OC_L10N::get('lib');
|
||||
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
||||
exit();
|
||||
|
|
@ -70,27 +68,12 @@ class OC_JSON{
|
|||
* Check if the user is a subadmin, send json error msg if not
|
||||
*/
|
||||
public static function checkSubAdminUser() {
|
||||
self::checkLoggedIn();
|
||||
self::verifyUser();
|
||||
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
|
||||
if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
|
||||
$l = OC_L10N::get('lib');
|
||||
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user verified the login with his password
|
||||
*/
|
||||
public static function verifyUser() {
|
||||
if(OC_Config::getValue('enhancedauth', false) === true) {
|
||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||
$l = OC_L10N::get('lib');
|
||||
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
||||
exit();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Send json error msg
|
||||
|
|
|
|||
|
|
@ -219,7 +219,7 @@ class OC_Migrate{
|
|||
|
||||
// We need to be an admin if we are not importing our own data
|
||||
if(($type == 'user' && self::$uid != $currentuser) || $type != 'user' ) {
|
||||
if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
|
||||
if( !OC_User::isAdminUser($currentuser)) {
|
||||
// Naughty.
|
||||
OC_Log::write( 'migration', 'Import not permitted.', OC_Log::ERROR );
|
||||
return json_encode( array( 'success' => false ) );
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ class OC_OCS_Cloud {
|
|||
|
||||
public static function getUserQuota($parameters) {
|
||||
$user = OC_User::getUser();
|
||||
if(OC_Group::inGroup($user, 'admin') or ($user==$parameters['user'])) {
|
||||
if(OC_User::isAdminUser($user) or ($user==$parameters['user'])) {
|
||||
|
||||
if(OC_User::userExists($parameters['user'])) {
|
||||
// calculate the disc space
|
||||
|
|
@ -82,7 +82,7 @@ class OC_OCS_Cloud {
|
|||
|
||||
public static function getUserPrivatekey($parameters) {
|
||||
$user = OC_User::getUser();
|
||||
if(OC_Group::inGroup($user, 'admin') or ($user==$parameters['user'])) {
|
||||
if(OC_User::isAdminUser($user) or ($user==$parameters['user'])) {
|
||||
|
||||
if(OC_User::userExists($user)) {
|
||||
// calculate the disc space
|
||||
|
|
|
|||
|
|
@ -122,6 +122,11 @@ class OC_SubAdmin{
|
|||
* @return bool
|
||||
*/
|
||||
public static function isSubAdmin($uid) {
|
||||
// Check if the user is already an admin
|
||||
if(OC_Group::inGroup($uid, 'admin' )) {
|
||||
return true;
|
||||
}
|
||||
|
||||
$stmt = OC_DB::prepare('SELECT COUNT(*) AS `count` FROM `*PREFIX*group_admin` WHERE `uid` = ?');
|
||||
$result = $stmt->execute(array($uid));
|
||||
$result = $result->fetchRow();
|
||||
|
|
@ -141,7 +146,7 @@ class OC_SubAdmin{
|
|||
if(!self::isSubAdmin($subadmin)) {
|
||||
return false;
|
||||
}
|
||||
if(OC_Group::inGroup($user, 'admin')) {
|
||||
if(OC_User::isAdminUser($user)) {
|
||||
return false;
|
||||
}
|
||||
$accessiblegroups = self::getSubAdminsGroups($subadmin);
|
||||
|
|
|
|||
13
lib/user.php
13
lib/user.php
|
|
@ -299,6 +299,19 @@ class OC_User {
|
|||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Check if the user is an admin user
|
||||
* @param $uid uid of the admin
|
||||
* @returns bool
|
||||
*/
|
||||
public static function isAdminUser($uid) {
|
||||
if(OC_Group::inGroup($uid, 'admin' )) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @brief get the user id of the user currently logged in.
|
||||
* @return string uid or false
|
||||
|
|
|
|||
45
lib/util.php
45
lib/util.php
|
|
@ -342,10 +342,7 @@ class OC_Util {
|
|||
* Check if the user is a admin, redirects to home if not
|
||||
*/
|
||||
public static function checkAdminUser() {
|
||||
// Check if we are a user
|
||||
self::checkLoggedIn();
|
||||
self::verifyUser();
|
||||
if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
|
||||
if( !OC_User::isAdminUser(OC_User::getUser())) {
|
||||
header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
|
||||
exit();
|
||||
}
|
||||
|
|
@ -356,12 +353,6 @@ class OC_Util {
|
|||
* @return array $groups where the current user is subadmin
|
||||
*/
|
||||
public static function checkSubAdminUser() {
|
||||
// Check if we are a user
|
||||
self::checkLoggedIn();
|
||||
self::verifyUser();
|
||||
if(OC_Group::inGroup(OC_User::getUser(), 'admin')) {
|
||||
return true;
|
||||
}
|
||||
if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
|
||||
header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
|
||||
exit();
|
||||
|
|
@ -369,40 +360,6 @@ class OC_Util {
|
|||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user verified the login with his password in the last 15 minutes
|
||||
* If not, the user will be shown a password verification page
|
||||
*/
|
||||
public static function verifyUser() {
|
||||
if(OC_Config::getValue('enhancedauth', false) === true) {
|
||||
// Check password to set session
|
||||
if(isset($_POST['password'])) {
|
||||
if (OC_User::login(OC_User::getUser(), $_POST["password"] ) === true) {
|
||||
$_SESSION['verifiedLogin']=time() + OC_Config::getValue('enhancedauthtime', 15 * 60);
|
||||
}
|
||||
}
|
||||
|
||||
// Check if the user verified his password
|
||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||
OC_Template::printGuestPage("", "verify", array('username' => OC_User::getUser()));
|
||||
exit();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the user verified the login with his password
|
||||
* @return bool
|
||||
*/
|
||||
public static function isUserVerified() {
|
||||
if(OC_Config::getValue('enhancedauth', false) === true) {
|
||||
if(!isset($_SESSION['verifiedLogin']) OR $_SESSION['verifiedLogin'] < time()) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Redirect to the user default page
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -9,7 +9,7 @@ $password = $_POST["password"];
|
|||
$oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
|
||||
|
||||
$userstatus = null;
|
||||
if(OC_Group::inGroup(OC_User::getUser(), 'admin')) {
|
||||
if(OC_User::isAdminUser(OC_User::getUser())) {
|
||||
$userstatus = 'admin';
|
||||
}
|
||||
if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
|
||||
|
|
@ -30,10 +30,6 @@ if(is_null($userstatus)) {
|
|||
exit();
|
||||
}
|
||||
|
||||
if($userstatus === 'admin' || $userstatus === 'subadmin') {
|
||||
OC_JSON::verifyUser();
|
||||
}
|
||||
|
||||
// Return Success story
|
||||
if( OC_User::setPassword( $username, $password )) {
|
||||
OC_JSON::success(array("data" => array( "username" => $username )));
|
||||
|
|
|
|||
|
|
@ -3,9 +3,7 @@
|
|||
OCP\JSON::callCheck();
|
||||
OC_JSON::checkSubAdminUser();
|
||||
|
||||
$isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin')?true:false;
|
||||
|
||||
if($isadmin) {
|
||||
if(OC_User::isAdminUser(OC_User::getUser())) {
|
||||
$groups = array();
|
||||
if( isset( $_POST["groups"] )) {
|
||||
$groups = $_POST["groups"];
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ if(OC_User::getUser() === $username) {
|
|||
exit;
|
||||
}
|
||||
|
||||
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
|
||||
if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
|
||||
$l = OC_L10N::get('core');
|
||||
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
||||
exit();
|
||||
|
|
|
|||
|
|
@ -10,7 +10,7 @@ OCP\JSON::callCheck();
|
|||
|
||||
$username = isset($_POST["username"])?$_POST["username"]:'';
|
||||
|
||||
if(($username == '' && !OC_Group::inGroup(OC_User::getUser(), 'admin')) || (!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username))) {
|
||||
if(($username == '' && !OC_User::isAdminUser(OC_User::getUser()))|| (!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username))) {
|
||||
$l = OC_L10N::get('core');
|
||||
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
||||
exit();
|
||||
|
|
|
|||
|
|
@ -7,13 +7,13 @@ $success = true;
|
|||
$username = $_POST["username"];
|
||||
$group = $_POST["group"];
|
||||
|
||||
if($username == OC_User::getUser() && $group == "admin" && OC_Group::inGroup($username, 'admin')) {
|
||||
if($username == OC_User::getUser() && $group == "admin" && OC_User::isAdminUser($username)) {
|
||||
$l = OC_L10N::get('core');
|
||||
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));
|
||||
exit();
|
||||
}
|
||||
|
||||
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
|
||||
if(!OC_User::isAdminUser(OC_User::getUser()) && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
|
||||
$l = OC_L10N::get('core');
|
||||
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
||||
exit();
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ if (isset($_GET['offset'])) {
|
|||
$offset = 0;
|
||||
}
|
||||
$users = array();
|
||||
if (OC_Group::inGroup(OC_User::getUser(), 'admin')) {
|
||||
if (OC_User::isAdminUser(OC_User::getUser())) {
|
||||
$batch = OC_User::getUsers('', 10, $offset);
|
||||
foreach ($batch as $user) {
|
||||
$users[] = array(
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ $url1=OC_Helper::linkToRoute( "settings_help" ).'?mode=user';
|
|||
$url2=OC_Helper::linkToRoute( "settings_help" ).'?mode=admin';
|
||||
|
||||
$tmpl = new OC_Template( "settings", "help", "user" );
|
||||
$tmpl->assign( "admin", OC_Group::inGroup(OC_User::getUser(), 'admin') );
|
||||
$tmpl->assign( "admin", OC_User::isAdminUser(OC_User::getUser()));
|
||||
$tmpl->assign( "url", $url );
|
||||
$tmpl->assign( "url1", $url1 );
|
||||
$tmpl->assign( "url2", $url2 );
|
||||
|
|
|
|||
|
|
@ -6,7 +6,6 @@
|
|||
*/
|
||||
|
||||
OC_Util::checkLoggedIn();
|
||||
OC_Util::verifyUser();
|
||||
OC_App::loadApps();
|
||||
|
||||
OC_Util::addStyle( 'settings', 'settings' );
|
||||
|
|
|
|||
|
|
@ -18,8 +18,7 @@ OC_App::setActiveNavigationEntry( 'core_users' );
|
|||
$users = array();
|
||||
$groups = array();
|
||||
|
||||
$isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin')?true:false;
|
||||
if($isadmin) {
|
||||
if(OC_User::isAdminUser(OC_User::getUser())) {
|
||||
$accessiblegroups = OC_Group::getGroups();
|
||||
$accessibleusers = OC_User::getUsers('', 30);
|
||||
$subadmins = OC_SubAdmin::getAllSubAdmins();
|
||||
|
|
|
|||
Loading…
Reference in New Issue