From 97d79202ac628b004f5d9e167b5b8c9a36da9906 Mon Sep 17 00:00:00 2001 From: Roeland Jago Douma Date: Sat, 25 Jul 2015 15:01:31 +0200 Subject: [PATCH] [provisioning_api] OC_User to IUserSession --- apps/provisioning_api/appinfo/routes.php | 6 ++- apps/provisioning_api/lib/groups.php | 12 ++++-- apps/provisioning_api/lib/users.php | 45 +++++++++++++--------- apps/provisioning_api/tests/groupstest.php | 6 ++- apps/provisioning_api/tests/userstest.php | 5 ++- 5 files changed, 48 insertions(+), 26 deletions(-) diff --git a/apps/provisioning_api/appinfo/routes.php b/apps/provisioning_api/appinfo/routes.php index 1fe9ce7310..e656445abe 100644 --- a/apps/provisioning_api/appinfo/routes.php +++ b/apps/provisioning_api/appinfo/routes.php @@ -29,7 +29,8 @@ use OCP\API; $users = new \OCA\Provisioning_API\Users( \OC::$server->getUserManager(), \OC::$server->getConfig(), - \OC::$server->getGroupManager() + \OC::$server->getGroupManager(), + \OC::$server->getUserSession() ); API::register('get', '/cloud/users', [$users, 'getUsers'], 'provisioning_api', API::ADMIN_AUTH); API::register('post', '/cloud/users', [$users, 'addUser'], 'provisioning_api', API::ADMIN_AUTH); @@ -45,7 +46,8 @@ API::register('get', '/cloud/users/{userid}/subadmins', [$users, 'getUserSubAdmi // Groups $groups = new \OCA\Provisioning_API\Groups( - \OC::$server->getGroupManager() + \OC::$server->getGroupManager(), + \OC::$server->getUserSession() ); API::register('get', '/cloud/groups', [$groups, 'getGroups'], 'provisioning_api', API::SUBADMIN_AUTH); API::register('post', '/cloud/groups', [$groups, 'addGroup'], 'provisioning_api', API::SUBADMIN_AUTH); diff --git a/apps/provisioning_api/lib/groups.php b/apps/provisioning_api/lib/groups.php index 4151eaff94..0b881fdf6c 100644 --- a/apps/provisioning_api/lib/groups.php +++ b/apps/provisioning_api/lib/groups.php @@ -31,11 +31,17 @@ class Groups{ /** @var \OCP\IGroupManager */ private $groupManager; + /** @var \OCP\IUserSession */ + private $userSession; + /** * @param \OCP\IGroupManager $groupManager + * @param \OCP\IUserSession $userSession */ - public function __construct(\OCP\IGroupManager $groupManager) { + public function __construct(\OCP\IGroupManager $groupManager, + \OCP\IUserSession $userSession) { $this->groupManager = $groupManager; + $this->userSession = $userSession; } /** @@ -63,8 +69,8 @@ class Groups{ return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested group could not be found'); } // Check subadmin has access to this group - if($this->groupManager->isAdmin(\OC_User::getUser()) - || in_array($parameters['groupid'], \OC_SubAdmin::getSubAdminsGroups(\OC_User::getUser()))){ + if($this->groupManager->isAdmin($this->userSession->getUser()->getUID()) + || in_array($parameters['groupid'], \OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID()))){ $users = $this->groupManager->get($parameters['groupid'])->getUsers(); $users = array_map(function($user) { return $user->getUID(); diff --git a/apps/provisioning_api/lib/users.php b/apps/provisioning_api/lib/users.php index 9db8a828c7..c896b0a619 100644 --- a/apps/provisioning_api/lib/users.php +++ b/apps/provisioning_api/lib/users.php @@ -27,7 +27,6 @@ namespace OCA\Provisioning_API; use \OC_OCS_Result; use \OC_SubAdmin; -use \OC_User; use \OC_Helper; use OCP\Files\NotFoundException; @@ -42,15 +41,23 @@ class Users { /** @var \OCP\IGroupManager */ private $groupManager; + /** @var \OCP\IUserSession */ + private $userSession; + /** * @param \OCP\IUserManager $userManager + * @param \OCP\IConfig $config + * @param \OCP\IGroupManager $groupManager + * @param \OCP\IUserSession $user */ public function __construct(\OCP\IUserManager $userManager, \OCP\IConfig $config, - \OCP\IGroupManager $groupManager) { + \OCP\IGroupManager $groupManager, + \OCP\IUserSession $userSession) { $this->userManager = $userManager; $this->config = $config; $this->groupManager = $groupManager; + $this->userSession = $userSession; } /** @@ -93,7 +100,7 @@ class Users { public function getUser($parameters){ $userId = $parameters['userid']; // Admin? Or SubAdmin? - if($this->groupManager->isAdmin(OC_User::getUser()) || OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)) { + if($this->groupManager->isAdmin($this->userSession->getUser()->getUID()) || OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $userId)) { // Check they exist if(!$this->userManager->userExists($userId)) { return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested user could not be found'); @@ -103,12 +110,12 @@ class Users { 'email', 'enabled', ); - if(OC_User::getUser() !== $userId) { + if($this->userSession->getUser()->getUID() !== $userId) { $return[] = 'quota'; } } else { // Check they are looking up themselves - if(OC_User::getUser() !== $userId) { + if($this->userSession->getUser()->getUID() !== $userId) { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } // Return some additional information compared to the core route @@ -139,19 +146,19 @@ class Users { */ public function editUser($parameters){ $userId = $parameters['userid']; - if($userId === OC_User::getUser()) { + if($userId === $this->userSession->getUser()->getUID()) { // Editing self (display, email) $permittedFields[] = 'display'; $permittedFields[] = 'email'; $permittedFields[] = 'password'; // If admin they can edit their own quota - if($this->groupManager->isAdmin(OC_User::getUser())) { + if($this->groupManager->isAdmin($this->userSession->getUser()->getUID())) { $permittedFields[] = 'quota'; } } else { // Check if admin / subadmin - if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId) - || $this->groupManager->isAdmin(OC_User::getUser())) { + if(OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $userId) + || $this->groupManager->isAdmin($this->userSession->getUser()->getUID())) { // They have permissions over the user $permittedFields[] = 'display'; $permittedFields[] = 'quota'; @@ -211,11 +218,11 @@ class Users { public function deleteUser($parameters){ if(!$this->userManager->userExists($parameters['userid']) - || $parameters['userid'] === OC_User::getUser()) { + || $parameters['userid'] === $this->userSession->getUser()->getUID()) { return new OC_OCS_Result(null, 101); } // If not permitted - if(!$this->groupManager->isAdmin(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) { + if(!$this->groupManager->isAdmin($this->userSession->getUser()->getUID()) && !OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $parameters['userid'])) { return new OC_OCS_Result(null, 997); } // Go ahead with the delete @@ -227,7 +234,7 @@ class Users { } public function getUsersGroups($parameters){ - if($parameters['userid'] === OC_User::getUser() || $this->groupManager->isAdmin(OC_User::getUser())) { + if($parameters['userid'] === $this->userSession->getUser()->getUID() || $this->groupManager->isAdmin($this->userSession->getUser()->getUID())) { // Self lookup or admin lookup return new OC_OCS_Result([ 'groups' => $this->groupManager->getUserGroupIds( @@ -236,10 +243,10 @@ class Users { ]); } else { // Looking up someone else - if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) { + if(OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $parameters['userid'])) { // Return the group that the method caller is subadmin of for the user in question $groups = array_intersect( - OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()), + OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID()), $this->groupManager->getUserGroupIds( $this->userManager->get($parameters['userid']) ) @@ -259,7 +266,7 @@ class Users { return new OC_OCS_Result(null, 101); } // Check they're an admin - if(!$this->groupManager->isInGroup(OC_User::getUser(), 'admin')){ + if(!$this->groupManager->isInGroup($this->userSession->getUser()->getUID(), 'admin')){ // This user doesn't have rights to add a user to this group return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } @@ -284,18 +291,18 @@ class Users { return new OC_OCS_Result(null, 101); } // If they're not an admin, check they are a subadmin of the group in question - if(!$this->groupManager->isInGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdminofGroup(OC_User::getUser(), $group)){ + if(!$this->groupManager->isInGroup($this->userSession->getUser()->getUID(), 'admin') && !OC_SubAdmin::isSubAdminofGroup($this->userSession->getUser()->getUID(), $group)){ return new OC_OCS_Result(null, 104); } // Check they aren't removing themselves from 'admin' or their 'subadmin; group - if($parameters['userid'] === OC_User::getUser()){ - if($this->groupManager->isInGroup(OC_User::getUser(), 'admin')){ + if($parameters['userid'] === $this->userSession->getUser()->getUID()){ + if($this->groupManager->isInGroup($this->userSession->getUser()->getUID(), 'admin')){ if($group === 'admin'){ return new OC_OCS_Result(null, 105, 'Cannot remove yourself from the admin group'); } } else { // Not an admin, check they are not removing themself from their subadmin group - if(in_array($group, OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()))){ + if(in_array($group, OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID()))){ return new OC_OCS_Result(null, 105, 'Cannot remove yourself from this group as you are a SubAdmin'); } } diff --git a/apps/provisioning_api/tests/groupstest.php b/apps/provisioning_api/tests/groupstest.php index 5a757151bb..0cebd6e9d9 100644 --- a/apps/provisioning_api/tests/groupstest.php +++ b/apps/provisioning_api/tests/groupstest.php @@ -31,7 +31,11 @@ class GroupsTest extends TestCase { $this->userManager = \OC::$server->getUserManager(); $this->groupManager = \OC::$server->getGroupManager(); - $this->api = new \OCA\Provisioning_API\Groups($this->groupManager); + $this->userSession = \OC::$server->getUserSession(); + $this->api = new \OCA\Provisioning_API\Groups( + $this->groupManager, + $this->userSession + ); } public function testGetGroupAsUser() { diff --git a/apps/provisioning_api/tests/userstest.php b/apps/provisioning_api/tests/userstest.php index dac6e33d2a..941b24d0f8 100644 --- a/apps/provisioning_api/tests/userstest.php +++ b/apps/provisioning_api/tests/userstest.php @@ -38,10 +38,13 @@ class UsersTest extends TestCase { $this->userManager = \OC::$server->getUserManager(); $this->config = \OC::$server->getConfig(); $this->groupManager = \OC::$server->getGroupManager(); + $this->userSession = \OC::$server->getUserSession(); $this->api = new \OCA\Provisioning_Api\Users( $this->userManager, $this->config, - $this->groupManager); + $this->groupManager, + $this->userSession + ); } // Test getting the list of users