Merge pull request #20677 from nextcloud/followup/17718/scaling-user-provisioning
Scaling user provisioning for subadmins with many groups
This commit is contained in:
commit
5b5550dbba
|
@ -504,8 +504,8 @@ class UsersController extends AUserData {
|
||||||
} else {
|
} else {
|
||||||
// Check if admin / subadmin
|
// Check if admin / subadmin
|
||||||
$subAdminManager = $this->groupManager->getSubAdmin();
|
$subAdminManager = $this->groupManager->getSubAdmin();
|
||||||
if ($subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)
|
if ($this->groupManager->isAdmin($currentLoggedInUser->getUID())
|
||||||
|| $this->groupManager->isAdmin($currentLoggedInUser->getUID())) {
|
|| $subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) {
|
||||||
// They have permissions over the user
|
// They have permissions over the user
|
||||||
$permittedFields[] = 'display';
|
$permittedFields[] = 'display';
|
||||||
$permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME;
|
$permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME;
|
||||||
|
|
|
@ -110,6 +110,25 @@ class SubAdmin extends PublicEmitter implements ISubAdmin {
|
||||||
* @return IGroup[]
|
* @return IGroup[]
|
||||||
*/
|
*/
|
||||||
public function getSubAdminsGroups(IUser $user): array {
|
public function getSubAdminsGroups(IUser $user): array {
|
||||||
|
$groupIds = $this->getSubAdminsGroupIds($user);
|
||||||
|
|
||||||
|
$groups = [];
|
||||||
|
foreach ($groupIds as $groupId) {
|
||||||
|
$group = $this->groupManager->get($groupId);
|
||||||
|
if ($group !== null) {
|
||||||
|
$groups[$group->getGID()] = $group;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $groups;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Get group ids of a SubAdmin
|
||||||
|
* @param IUser $user the SubAdmin
|
||||||
|
* @return string[]
|
||||||
|
*/
|
||||||
|
public function getSubAdminsGroupIds(IUser $user): array {
|
||||||
$qb = $this->dbConn->getQueryBuilder();
|
$qb = $this->dbConn->getQueryBuilder();
|
||||||
|
|
||||||
$result = $qb->select('gid')
|
$result = $qb->select('gid')
|
||||||
|
@ -119,10 +138,7 @@ class SubAdmin extends PublicEmitter implements ISubAdmin {
|
||||||
|
|
||||||
$groups = [];
|
$groups = [];
|
||||||
while ($row = $result->fetch()) {
|
while ($row = $result->fetch()) {
|
||||||
$group = $this->groupManager->get($row['gid']);
|
$groups[] = $row['gid'];
|
||||||
if (!is_null($group)) {
|
|
||||||
$groups[$group->getGID()] = $group;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
$result->closeCursor();
|
$result->closeCursor();
|
||||||
|
|
||||||
|
@ -255,13 +271,11 @@ class SubAdmin extends PublicEmitter implements ISubAdmin {
|
||||||
if ($this->groupManager->isAdmin($user->getUID())) {
|
if ($this->groupManager->isAdmin($user->getUID())) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$accessibleGroups = $this->getSubAdminsGroups($subadmin);
|
|
||||||
foreach ($accessibleGroups as $accessibleGroup) {
|
$accessibleGroups = $this->getSubAdminsGroupIds($subadmin);
|
||||||
if ($accessibleGroup->inGroup($user)) {
|
$userGroups = $this->groupManager->getUserGroupIds($user);
|
||||||
return true;
|
|
||||||
}
|
return !empty(array_intersect($accessibleGroups, $userGroups));
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in New Issue