Allow subadmins to add people to groups via provisioning api
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling
parent
d80a4453af
commit
5d1f7e5a7b
|
|
@ -441,6 +441,8 @@ class UsersController extends OCSController {
|
|||
|
||||
/**
|
||||
* @PasswordConfirmationRequired
|
||||
* @NoAdminRequired
|
||||
*
|
||||
* @param string $userId
|
||||
* @param string $groupid
|
||||
* @return DataResponse
|
||||
|
|
@ -460,6 +462,13 @@ class UsersController extends OCSController {
|
|||
throw new OCSException('', 103);
|
||||
}
|
||||
|
||||
// If they're not an admin, check they are a subadmin of the group in question
|
||||
$loggedInUser = $this->userSession->getUser();
|
||||
$subAdminManager = $this->groupManager->getSubAdmin();
|
||||
if (!$this->groupManager->isAdmin($loggedInUser->getUID()) && !$subAdminManager->isSubAdminOfGroup($loggedInUser, $group)) {
|
||||
throw new OCSException('', 104);
|
||||
}
|
||||
|
||||
// Add user to group
|
||||
$group->addUser($targetUser);
|
||||
return new DataResponse();
|
||||
|
|
|
|||
|
|
@ -30,6 +30,9 @@
|
|||
namespace OCA\Provisioning_API\Tests\Controller;
|
||||
|
||||
use OCA\Provisioning_API\Controller\UsersController;
|
||||
use OCP\AppFramework\Http\DataResponse;
|
||||
use OCP\IGroup;
|
||||
use OCP\IUser;
|
||||
use OCP\IUserManager;
|
||||
use OCP\IConfig;
|
||||
use OCP\IUserSession;
|
||||
|
|
@ -1598,11 +1601,10 @@ class UsersControllerTest extends OriginalTest {
|
|||
* @expectedExceptionCode 102
|
||||
*/
|
||||
public function testAddToGroupWithTargetGroupNotExisting() {
|
||||
$this->groupManager
|
||||
->expects($this->once())
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('get')
|
||||
->with('GroupToAddTo')
|
||||
->will($this->returnValue(null));
|
||||
->willReturn(null);
|
||||
|
||||
$this->api->addToGroup('TargetUser', 'GroupToAddTo');
|
||||
}
|
||||
|
|
@ -1620,16 +1622,149 @@ class UsersControllerTest extends OriginalTest {
|
|||
* @expectedExceptionCode 103
|
||||
*/
|
||||
public function testAddToGroupWithTargetUserNotExisting() {
|
||||
$targetGroup = $this->getMockBuilder('\OCP\IGroup')->disableOriginalConstructor()->getMock();
|
||||
$this->groupManager
|
||||
->expects($this->once())
|
||||
$targetGroup = $this->createMock(IGroup::class);
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('get')
|
||||
->with('GroupToAddTo')
|
||||
->will($this->returnValue($targetGroup));
|
||||
->willReturn($targetGroup);
|
||||
|
||||
$this->api->addToGroup('TargetUser', 'GroupToAddTo');
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \OCP\AppFramework\OCS\OCSException
|
||||
* @expectedExceptionCode 104
|
||||
*/
|
||||
public function testAddToGroupNoSubadmin() {
|
||||
$targetUser = $this->createMock(IUser::class);
|
||||
$loggedInUser = $this->createMock(IUser::class);
|
||||
$loggedInUser->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('subadmin');
|
||||
|
||||
$targetGroup = $this->createMock(IGroup::class);
|
||||
$targetGroup->expects($this->never())
|
||||
->method('addUser')
|
||||
->with($targetUser);
|
||||
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('get')
|
||||
->with('GroupToAddTo')
|
||||
->willReturn($targetGroup);
|
||||
|
||||
|
||||
$subAdminManager = $this->createMock(\OC\SubAdmin::class);
|
||||
$subAdminManager->expects($this->once())
|
||||
->method('isSubAdminOfGroup')
|
||||
->with($loggedInUser, $targetGroup)
|
||||
->willReturn(false);
|
||||
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('getSubAdmin')
|
||||
->willReturn($subAdminManager);
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('isAdmin')
|
||||
->with('subadmin')
|
||||
->willReturn(false);
|
||||
|
||||
$this->userManager->expects($this->once())
|
||||
->method('get')
|
||||
->with('TargetUser')
|
||||
->willReturn($targetUser);
|
||||
|
||||
$this->userSession->expects($this->once())
|
||||
->method('getUser')
|
||||
->willReturn($loggedInUser);
|
||||
|
||||
$this->api->addToGroup('TargetUser', 'GroupToAddTo');
|
||||
}
|
||||
|
||||
public function testAddToGroupSuccessAsSubadmin() {
|
||||
$targetUser = $this->createMock(IUser::class);
|
||||
$loggedInUser = $this->createMock(IUser::class);
|
||||
$loggedInUser->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('subadmin');
|
||||
|
||||
$targetGroup = $this->createMock(IGroup::class);
|
||||
$targetGroup->expects($this->once())
|
||||
->method('addUser')
|
||||
->with($targetUser);
|
||||
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('get')
|
||||
->with('GroupToAddTo')
|
||||
->willReturn($targetGroup);
|
||||
|
||||
|
||||
$subAdminManager = $this->createMock(\OC\SubAdmin::class);
|
||||
$subAdminManager->expects($this->once())
|
||||
->method('isSubAdminOfGroup')
|
||||
->with($loggedInUser, $targetGroup)
|
||||
->willReturn(true);
|
||||
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('getSubAdmin')
|
||||
->willReturn($subAdminManager);
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('isAdmin')
|
||||
->with('subadmin')
|
||||
->willReturn(false);
|
||||
|
||||
$this->userManager->expects($this->once())
|
||||
->method('get')
|
||||
->with('TargetUser')
|
||||
->willReturn($targetUser);
|
||||
|
||||
$this->userSession->expects($this->once())
|
||||
->method('getUser')
|
||||
->willReturn($loggedInUser);
|
||||
|
||||
$this->assertEquals(new DataResponse(), $this->api->addToGroup('TargetUser', 'GroupToAddTo'));
|
||||
}
|
||||
|
||||
public function testAddToGroupSuccessAsAdmin() {
|
||||
$targetUser = $this->createMock(IUser::class);
|
||||
$loggedInUser = $this->createMock(IUser::class);
|
||||
$loggedInUser->expects($this->once())
|
||||
->method('getUID')
|
||||
->willReturn('admin');
|
||||
|
||||
$targetGroup = $this->createMock(IGroup::class);
|
||||
$targetGroup->expects($this->once())
|
||||
->method('addUser')
|
||||
->with($targetUser);
|
||||
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('get')
|
||||
->with('GroupToAddTo')
|
||||
->willReturn($targetGroup);
|
||||
|
||||
|
||||
$subAdminManager = $this->createMock(\OC\SubAdmin::class);
|
||||
$subAdminManager->expects($this->never())
|
||||
->method('isSubAdminOfGroup');
|
||||
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('getSubAdmin')
|
||||
->willReturn($subAdminManager);
|
||||
$this->groupManager->expects($this->once())
|
||||
->method('isAdmin')
|
||||
->with('admin')
|
||||
->willReturn(true);
|
||||
|
||||
$this->userManager->expects($this->once())
|
||||
->method('get')
|
||||
->with('TargetUser')
|
||||
->willReturn($targetUser);
|
||||
|
||||
$this->userSession->expects($this->once())
|
||||
->method('getUser')
|
||||
->willReturn($loggedInUser);
|
||||
|
||||
$this->assertEquals(new DataResponse(), $this->api->addToGroup('TargetUser', 'GroupToAddTo'));
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \OCP\AppFramework\OCS\OCSException
|
||||
* @expectedExceptionCode 101
|
||||
|
|
|
|||
Loading…
Reference in New Issue