Allow subadmins to add people to groups via provisioning api
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
parent
d80a4453af
commit
5d1f7e5a7b
|
@ -441,6 +441,8 @@ class UsersController extends OCSController {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @PasswordConfirmationRequired
|
* @PasswordConfirmationRequired
|
||||||
|
* @NoAdminRequired
|
||||||
|
*
|
||||||
* @param string $userId
|
* @param string $userId
|
||||||
* @param string $groupid
|
* @param string $groupid
|
||||||
* @return DataResponse
|
* @return DataResponse
|
||||||
|
@ -460,6 +462,13 @@ class UsersController extends OCSController {
|
||||||
throw new OCSException('', 103);
|
throw new OCSException('', 103);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// If they're not an admin, check they are a subadmin of the group in question
|
||||||
|
$loggedInUser = $this->userSession->getUser();
|
||||||
|
$subAdminManager = $this->groupManager->getSubAdmin();
|
||||||
|
if (!$this->groupManager->isAdmin($loggedInUser->getUID()) && !$subAdminManager->isSubAdminOfGroup($loggedInUser, $group)) {
|
||||||
|
throw new OCSException('', 104);
|
||||||
|
}
|
||||||
|
|
||||||
// Add user to group
|
// Add user to group
|
||||||
$group->addUser($targetUser);
|
$group->addUser($targetUser);
|
||||||
return new DataResponse();
|
return new DataResponse();
|
||||||
|
|
|
@ -30,6 +30,9 @@
|
||||||
namespace OCA\Provisioning_API\Tests\Controller;
|
namespace OCA\Provisioning_API\Tests\Controller;
|
||||||
|
|
||||||
use OCA\Provisioning_API\Controller\UsersController;
|
use OCA\Provisioning_API\Controller\UsersController;
|
||||||
|
use OCP\AppFramework\Http\DataResponse;
|
||||||
|
use OCP\IGroup;
|
||||||
|
use OCP\IUser;
|
||||||
use OCP\IUserManager;
|
use OCP\IUserManager;
|
||||||
use OCP\IConfig;
|
use OCP\IConfig;
|
||||||
use OCP\IUserSession;
|
use OCP\IUserSession;
|
||||||
|
@ -1598,11 +1601,10 @@ class UsersControllerTest extends OriginalTest {
|
||||||
* @expectedExceptionCode 102
|
* @expectedExceptionCode 102
|
||||||
*/
|
*/
|
||||||
public function testAddToGroupWithTargetGroupNotExisting() {
|
public function testAddToGroupWithTargetGroupNotExisting() {
|
||||||
$this->groupManager
|
$this->groupManager->expects($this->once())
|
||||||
->expects($this->once())
|
|
||||||
->method('get')
|
->method('get')
|
||||||
->with('GroupToAddTo')
|
->with('GroupToAddTo')
|
||||||
->will($this->returnValue(null));
|
->willReturn(null);
|
||||||
|
|
||||||
$this->api->addToGroup('TargetUser', 'GroupToAddTo');
|
$this->api->addToGroup('TargetUser', 'GroupToAddTo');
|
||||||
}
|
}
|
||||||
|
@ -1620,16 +1622,149 @@ class UsersControllerTest extends OriginalTest {
|
||||||
* @expectedExceptionCode 103
|
* @expectedExceptionCode 103
|
||||||
*/
|
*/
|
||||||
public function testAddToGroupWithTargetUserNotExisting() {
|
public function testAddToGroupWithTargetUserNotExisting() {
|
||||||
$targetGroup = $this->getMockBuilder('\OCP\IGroup')->disableOriginalConstructor()->getMock();
|
$targetGroup = $this->createMock(IGroup::class);
|
||||||
$this->groupManager
|
$this->groupManager->expects($this->once())
|
||||||
->expects($this->once())
|
|
||||||
->method('get')
|
->method('get')
|
||||||
->with('GroupToAddTo')
|
->with('GroupToAddTo')
|
||||||
->will($this->returnValue($targetGroup));
|
->willReturn($targetGroup);
|
||||||
|
|
||||||
$this->api->addToGroup('TargetUser', 'GroupToAddTo');
|
$this->api->addToGroup('TargetUser', 'GroupToAddTo');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @expectedException \OCP\AppFramework\OCS\OCSException
|
||||||
|
* @expectedExceptionCode 104
|
||||||
|
*/
|
||||||
|
public function testAddToGroupNoSubadmin() {
|
||||||
|
$targetUser = $this->createMock(IUser::class);
|
||||||
|
$loggedInUser = $this->createMock(IUser::class);
|
||||||
|
$loggedInUser->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('subadmin');
|
||||||
|
|
||||||
|
$targetGroup = $this->createMock(IGroup::class);
|
||||||
|
$targetGroup->expects($this->never())
|
||||||
|
->method('addUser')
|
||||||
|
->with($targetUser);
|
||||||
|
|
||||||
|
$this->groupManager->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->with('GroupToAddTo')
|
||||||
|
->willReturn($targetGroup);
|
||||||
|
|
||||||
|
|
||||||
|
$subAdminManager = $this->createMock(\OC\SubAdmin::class);
|
||||||
|
$subAdminManager->expects($this->once())
|
||||||
|
->method('isSubAdminOfGroup')
|
||||||
|
->with($loggedInUser, $targetGroup)
|
||||||
|
->willReturn(false);
|
||||||
|
|
||||||
|
$this->groupManager->expects($this->once())
|
||||||
|
->method('getSubAdmin')
|
||||||
|
->willReturn($subAdminManager);
|
||||||
|
$this->groupManager->expects($this->once())
|
||||||
|
->method('isAdmin')
|
||||||
|
->with('subadmin')
|
||||||
|
->willReturn(false);
|
||||||
|
|
||||||
|
$this->userManager->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->with('TargetUser')
|
||||||
|
->willReturn($targetUser);
|
||||||
|
|
||||||
|
$this->userSession->expects($this->once())
|
||||||
|
->method('getUser')
|
||||||
|
->willReturn($loggedInUser);
|
||||||
|
|
||||||
|
$this->api->addToGroup('TargetUser', 'GroupToAddTo');
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testAddToGroupSuccessAsSubadmin() {
|
||||||
|
$targetUser = $this->createMock(IUser::class);
|
||||||
|
$loggedInUser = $this->createMock(IUser::class);
|
||||||
|
$loggedInUser->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('subadmin');
|
||||||
|
|
||||||
|
$targetGroup = $this->createMock(IGroup::class);
|
||||||
|
$targetGroup->expects($this->once())
|
||||||
|
->method('addUser')
|
||||||
|
->with($targetUser);
|
||||||
|
|
||||||
|
$this->groupManager->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->with('GroupToAddTo')
|
||||||
|
->willReturn($targetGroup);
|
||||||
|
|
||||||
|
|
||||||
|
$subAdminManager = $this->createMock(\OC\SubAdmin::class);
|
||||||
|
$subAdminManager->expects($this->once())
|
||||||
|
->method('isSubAdminOfGroup')
|
||||||
|
->with($loggedInUser, $targetGroup)
|
||||||
|
->willReturn(true);
|
||||||
|
|
||||||
|
$this->groupManager->expects($this->once())
|
||||||
|
->method('getSubAdmin')
|
||||||
|
->willReturn($subAdminManager);
|
||||||
|
$this->groupManager->expects($this->once())
|
||||||
|
->method('isAdmin')
|
||||||
|
->with('subadmin')
|
||||||
|
->willReturn(false);
|
||||||
|
|
||||||
|
$this->userManager->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->with('TargetUser')
|
||||||
|
->willReturn($targetUser);
|
||||||
|
|
||||||
|
$this->userSession->expects($this->once())
|
||||||
|
->method('getUser')
|
||||||
|
->willReturn($loggedInUser);
|
||||||
|
|
||||||
|
$this->assertEquals(new DataResponse(), $this->api->addToGroup('TargetUser', 'GroupToAddTo'));
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testAddToGroupSuccessAsAdmin() {
|
||||||
|
$targetUser = $this->createMock(IUser::class);
|
||||||
|
$loggedInUser = $this->createMock(IUser::class);
|
||||||
|
$loggedInUser->expects($this->once())
|
||||||
|
->method('getUID')
|
||||||
|
->willReturn('admin');
|
||||||
|
|
||||||
|
$targetGroup = $this->createMock(IGroup::class);
|
||||||
|
$targetGroup->expects($this->once())
|
||||||
|
->method('addUser')
|
||||||
|
->with($targetUser);
|
||||||
|
|
||||||
|
$this->groupManager->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->with('GroupToAddTo')
|
||||||
|
->willReturn($targetGroup);
|
||||||
|
|
||||||
|
|
||||||
|
$subAdminManager = $this->createMock(\OC\SubAdmin::class);
|
||||||
|
$subAdminManager->expects($this->never())
|
||||||
|
->method('isSubAdminOfGroup');
|
||||||
|
|
||||||
|
$this->groupManager->expects($this->once())
|
||||||
|
->method('getSubAdmin')
|
||||||
|
->willReturn($subAdminManager);
|
||||||
|
$this->groupManager->expects($this->once())
|
||||||
|
->method('isAdmin')
|
||||||
|
->with('admin')
|
||||||
|
->willReturn(true);
|
||||||
|
|
||||||
|
$this->userManager->expects($this->once())
|
||||||
|
->method('get')
|
||||||
|
->with('TargetUser')
|
||||||
|
->willReturn($targetUser);
|
||||||
|
|
||||||
|
$this->userSession->expects($this->once())
|
||||||
|
->method('getUser')
|
||||||
|
->willReturn($loggedInUser);
|
||||||
|
|
||||||
|
$this->assertEquals(new DataResponse(), $this->api->addToGroup('TargetUser', 'GroupToAddTo'));
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @expectedException \OCP\AppFramework\OCS\OCSException
|
* @expectedException \OCP\AppFramework\OCS\OCSException
|
||||||
* @expectedExceptionCode 101
|
* @expectedExceptionCode 101
|
||||||
|
|
Loading…
Reference in New Issue