From 8486926a147ad767d2ac8957512142f8a4873fa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= Date: Thu, 7 Apr 2016 17:22:21 +0200 Subject: [PATCH] Add provisioning api to enable and disable users --- apps/provisioning_api/appinfo/routes.php | 11 +++- apps/provisioning_api/lib/users.php | 72 +++++++++++++++++++---- apps/provisioning_api/tests/userstest.php | 64 ++++++++++++++++++-- 3 files changed, 128 insertions(+), 19 deletions(-) diff --git a/apps/provisioning_api/appinfo/routes.php b/apps/provisioning_api/appinfo/routes.php index 08411856e7..00a362864e 100644 --- a/apps/provisioning_api/appinfo/routes.php +++ b/apps/provisioning_api/appinfo/routes.php @@ -26,10 +26,13 @@ namespace OCA\Provisioning_API\AppInfo; +use OCA\Provisioning_API\Apps; +use OCA\Provisioning_API\Groups; +use OCA\Provisioning_API\Users; use OCP\API; // Users -$users = new \OCA\Provisioning_API\Users( +$users = new Users( \OC::$server->getUserManager(), \OC::$server->getConfig(), \OC::$server->getGroupManager(), @@ -41,6 +44,8 @@ API::register('post', '/cloud/users', [$users, 'addUser'], 'provisioning_api', A API::register('get', '/cloud/users/{userid}', [$users, 'getUser'], 'provisioning_api', API::USER_AUTH); API::register('put', '/cloud/users/{userid}', [$users, 'editUser'], 'provisioning_api', API::USER_AUTH); API::register('delete', '/cloud/users/{userid}', [$users, 'deleteUser'], 'provisioning_api', API::SUBADMIN_AUTH); +API::register('put', '/cloud/users/{userid}/enable', [$users, 'enableUser'], 'provisioning_api', API::SUBADMIN_AUTH); +API::register('put', '/cloud/users/{userid}/disable', [$users, 'disableUser'], 'provisioning_api', API::SUBADMIN_AUTH); API::register('get', '/cloud/users/{userid}/groups', [$users, 'getUsersGroups'], 'provisioning_api', API::USER_AUTH); API::register('post', '/cloud/users/{userid}/groups', [$users, 'addToGroup'], 'provisioning_api', API::SUBADMIN_AUTH); API::register('delete', '/cloud/users/{userid}/groups', [$users, 'removeFromGroup'], 'provisioning_api', API::SUBADMIN_AUTH); @@ -49,7 +54,7 @@ API::register('delete', '/cloud/users/{userid}/subadmins', [$users, 'removeSubAd API::register('get', '/cloud/users/{userid}/subadmins', [$users, 'getUserSubAdminGroups'], 'provisioning_api', API::ADMIN_AUTH); // Groups -$groups = new \OCA\Provisioning_API\Groups( +$groups = new Groups( \OC::$server->getGroupManager(), \OC::$server->getUserSession(), \OC::$server->getRequest() @@ -61,7 +66,7 @@ API::register('delete', '/cloud/groups/{groupid}', [$groups, 'deleteGroup'], 'pr API::register('get', '/cloud/groups/{groupid}/subadmins', [$groups, 'getSubAdminsOfGroup'], 'provisioning_api', API::ADMIN_AUTH); // Apps -$apps = new \OCA\Provisioning_API\Apps( +$apps = new Apps( \OC::$server->getAppManager(), \OC::$server->getOcsClient() ); diff --git a/apps/provisioning_api/lib/users.php b/apps/provisioning_api/lib/users.php index 68c89e41f6..2749372c39 100644 --- a/apps/provisioning_api/lib/users.php +++ b/apps/provisioning_api/lib/users.php @@ -31,32 +31,36 @@ namespace OCA\Provisioning_API; use \OC_OCS_Result; use \OC_Helper; use OCP\Files\NotFoundException; +use OCP\IConfig; +use OCP\IGroupManager; use OCP\ILogger; +use OCP\IUserManager; +use OCP\IUserSession; class Users { - /** @var \OCP\IUserManager */ + /** @var IUserManager */ private $userManager; - /** @var \OCP\IConfig */ + /** @var IConfig */ private $config; - /** @var \OCP\IGroupManager */ + /** @var IGroupManager */ private $groupManager; - /** @var \OCP\IUserSession */ + /** @var IUserSession */ private $userSession; /** @var ILogger */ private $logger; /** - * @param \OCP\IUserManager $userManager - * @param \OCP\IConfig $config - * @param \OCP\IGroupManager $groupManager - * @param \OCP\IUserSession $userSession + * @param IUserManager $userManager + * @param IConfig $config + * @param IGroupManager $groupManager + * @param IUserSession $userSession * @param ILogger $logger */ - public function __construct(\OCP\IUserManager $userManager, - \OCP\IConfig $config, - \OCP\IGroupManager $groupManager, - \OCP\IUserSession $userSession, + public function __construct(IUserManager $userManager, + IConfig $config, + IGroupManager $groupManager, + IUserSession $userSession, ILogger $logger) { $this->userManager = $userManager; $this->config = $config; @@ -329,6 +333,50 @@ class Users { } } + /** + * @param array $parameters + * @return OC_OCS_Result + */ + public function disableUser($parameters) { + return $this->setEnabled($parameters, false); + } + + /** + * @param array $parameters + * @return OC_OCS_Result + */ + public function enableUser($parameters) { + return $this->setEnabled($parameters, true); + } + + /** + * @param array $parameters + * @param bool $value + * @return OC_OCS_Result + */ + private function setEnabled($parameters, $value) { + // Check if user is logged in + $currentLoggedInUser = $this->userSession->getUser(); + if ($currentLoggedInUser === null) { + return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); + } + + $targetUser = $this->userManager->get($parameters['userid']); + if($targetUser === null || $targetUser->getUID() === $currentLoggedInUser->getUID()) { + return new OC_OCS_Result(null, 101); + } + + // If not permitted + $subAdminManager = $this->groupManager->getSubAdmin(); + if(!$this->groupManager->isAdmin($currentLoggedInUser->getUID()) && !$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) { + return new OC_OCS_Result(null, 997); + } + + // enable/disable the user now + $targetUser->setEnabled($value); + return new OC_OCS_Result(null, 100); + } + /** * @param array $parameters * @return OC_OCS_Result diff --git a/apps/provisioning_api/tests/userstest.php b/apps/provisioning_api/tests/userstest.php index 020071bcfa..8f463ec8b8 100644 --- a/apps/provisioning_api/tests/userstest.php +++ b/apps/provisioning_api/tests/userstest.php @@ -58,8 +58,8 @@ class UsersTest extends OriginalTest { parent::tearDown(); } - protected function setup() { - parent::setup(); + protected function setUp() { + parent::setUp(); $this->userManager = $this->getMock('\OCP\IUserManager'); $this->config = $this->getMock('\OCP\IConfig'); @@ -540,7 +540,7 @@ class UsersTest extends OriginalTest { ->expects($this->once()) ->method('isSubAdminOfGroup') ->with($loggedInUser, $existingGroup) - ->wilLReturn(false); + ->willReturn(false); $this->groupManager ->expects($this->once()) ->method('getSubAdmin') @@ -642,7 +642,7 @@ class UsersTest extends OriginalTest { [$loggedInUser, $existingGroup1], [$loggedInUser, $existingGroup2] ) - ->wilLReturn(true); + ->willReturn(true); $expected = new \OC_OCS_Result(null, 100); @@ -2295,4 +2295,60 @@ class UsersTest extends OriginalTest { $expected = new \OC_OCS_Result(null, 102, 'Unknown error occurred'); $this->assertEquals($expected, $this->api->getUserSubAdminGroups(['userid' => 'RequestedUser'])); } + + public function testEnableUser() { + $targetUser = $this->getMock('\OCP\IUser'); + $targetUser->expects($this->once()) + ->method('setEnabled') + ->with(true); + $this->userManager + ->expects($this->once()) + ->method('get') + ->with('RequestedUser') + ->will($this->returnValue($targetUser)); + $loggedInUser = $this->getMock('\OCP\IUser'); + $loggedInUser + ->expects($this->exactly(2)) + ->method('getUID') + ->will($this->returnValue('admin')); + $this->userSession + ->expects($this->once()) + ->method('getUser') + ->will($this->returnValue($loggedInUser)); + $this->groupManager + ->expects($this->once()) + ->method('isAdmin') + ->will($this->returnValue(true)); + + $expected = new \OC_OCS_Result(null, 100); + $this->assertEquals($expected, $this->api->enableUser(['userid' => 'RequestedUser'])); + } + + public function testDisableUser() { + $targetUser = $this->getMock('\OCP\IUser'); + $targetUser->expects($this->once()) + ->method('setEnabled') + ->with(false); + $this->userManager + ->expects($this->once()) + ->method('get') + ->with('RequestedUser') + ->will($this->returnValue($targetUser)); + $loggedInUser = $this->getMock('\OCP\IUser'); + $loggedInUser + ->expects($this->exactly(2)) + ->method('getUID') + ->will($this->returnValue('admin')); + $this->userSession + ->expects($this->once()) + ->method('getUser') + ->will($this->returnValue($loggedInUser)); + $this->groupManager + ->expects($this->once()) + ->method('isAdmin') + ->will($this->returnValue(true)); + + $expected = new \OC_OCS_Result(null, 100); + $this->assertEquals($expected, $this->api->disableUser(['userid' => 'RequestedUser'])); + } }