[provisioning_api] OC_User to IUserSession

apps/provisioning_api/appinfo/routes.php

@@ -29,7 +29,8 @@ use OCP\API;
 $users = new \OCA\Provisioning_API\Users(
 	\OC::$server->getUserManager(),
 	\OC::$server->getConfig(),
-	\OC::$server->getGroupManager()
+	\OC::$server->getGroupManager(),
+	\OC::$server->getUserSession()
 );
 API::register('get', '/cloud/users', [$users, 'getUsers'], 'provisioning_api', API::ADMIN_AUTH);
 API::register('post', '/cloud/users', [$users, 'addUser'], 'provisioning_api', API::ADMIN_AUTH);
@@ -45,7 +46,8 @@ API::register('get', '/cloud/users/{userid}/subadmins', [$users, 'getUserSubAdmi
 
 // Groups
 $groups = new \OCA\Provisioning_API\Groups(
-	\OC::$server->getGroupManager()
+	\OC::$server->getGroupManager(),
+	\OC::$server->getUserSession()
 );
 API::register('get', '/cloud/groups', [$groups, 'getGroups'], 'provisioning_api', API::SUBADMIN_AUTH);
 API::register('post', '/cloud/groups', [$groups, 'addGroup'], 'provisioning_api', API::SUBADMIN_AUTH);

apps/provisioning_api/lib/groups.php

@@ -31,11 +31,17 @@ class Groups{
 	/** @var \OCP\IGroupManager */
 	private $groupManager;
 
+	/** @var \OCP\IUserSession */
+	private $userSession;
+
 	/**
 	 * @param \OCP\IGroupManager $groupManager
+	 * @param \OCP\IUserSession $userSession
 	 */
-	public function __construct(\OCP\IGroupManager $groupManager) {
+	public function __construct(\OCP\IGroupManager $groupManager,
+	                            \OCP\IUserSession $userSession) {
 		$this->groupManager = $groupManager;
+		$this->userSession = $userSession;
 	}
 
 	/**
@@ -63,8 +69,8 @@ class Groups{
 			return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested group could not be found');
 		}
 		// Check subadmin has access to this group
-		if($this->groupManager->isAdmin(\OC_User::getUser())
+		if($this->groupManager->isAdmin($this->userSession->getUser()->getUID())
-			|| in_array($parameters['groupid'], \OC_SubAdmin::getSubAdminsGroups(\OC_User::getUser()))){
+			|| in_array($parameters['groupid'], \OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID()))){
 			$users = $this->groupManager->get($parameters['groupid'])->getUsers();
 			$users =  array_map(function($user) {
 				return $user->getUID();

apps/provisioning_api/lib/users.php

@@ -27,7 +27,6 @@ namespace OCA\Provisioning_API;
 
 use \OC_OCS_Result;
 use \OC_SubAdmin;
-use \OC_User;
 use \OC_Helper;
 use OCP\Files\NotFoundException;
 
@@ -42,15 +41,23 @@ class Users {
 	/** @var \OCP\IGroupManager */
 	private $groupManager;
 
+	/** @var \OCP\IUserSession */
+	private $userSession;
+
 	/**
 	 * @param \OCP\IUserManager $userManager
+	 * @param \OCP\IConfig $config
+	 * @param \OCP\IGroupManager $groupManager
+	 * @param \OCP\IUserSession $user
 	 */
 	public function __construct(\OCP\IUserManager $userManager,
 	                            \OCP\IConfig $config,
-								\OCP\IGroupManager $groupManager) {
+								\OCP\IGroupManager $groupManager,
+								\OCP\IUserSession $userSession) {
 		$this->userManager = $userManager;
 		$this->config = $config;
 		$this->groupManager = $groupManager;
+		$this->userSession = $userSession;
 	}
 
 	/**
@@ -93,7 +100,7 @@ class Users {
 	public function getUser($parameters){
 		$userId = $parameters['userid'];
 		// Admin? Or SubAdmin?
-		if($this->groupManager->isAdmin(OC_User::getUser()) || OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)) {
+		if($this->groupManager->isAdmin($this->userSession->getUser()->getUID()) || OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $userId)) {
 			// Check they exist
 			if(!$this->userManager->userExists($userId)) {
 				return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested user could not be found');
@@ -103,12 +110,12 @@ class Users {
 				'email',
 				'enabled',
 				);
-			if(OC_User::getUser() !== $userId) {
+			if($this->userSession->getUser()->getUID() !== $userId) {
 				$return[] = 'quota';
 			}
 		} else {
 			// Check they are looking up themselves
-			if(OC_User::getUser() !== $userId) {
+			if($this->userSession->getUser()->getUID() !== $userId) {
 				return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
 			}
 			// Return some additional information compared to the core route
@@ -139,19 +146,19 @@ class Users {
 	 */
 	public function editUser($parameters){
 		$userId = $parameters['userid'];
-		if($userId === OC_User::getUser()) {
+		if($userId === $this->userSession->getUser()->getUID()) {
 			// Editing self (display, email)
 			$permittedFields[] = 'display';
 			$permittedFields[] = 'email';
 			$permittedFields[] = 'password';
 			// If admin they can edit their own quota
-			if($this->groupManager->isAdmin(OC_User::getUser())) {
+			if($this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {
 				$permittedFields[] = 'quota';
 			}
 		} else {
 			// Check if admin / subadmin
-			if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)
+			if(OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $userId)
-			|| $this->groupManager->isAdmin(OC_User::getUser())) {
+			|| $this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {
 				// They have permissions over the user
 				$permittedFields[] = 'display';
 				$permittedFields[] = 'quota';
@@ -211,11 +218,11 @@ class Users {
 
 	public function deleteUser($parameters){
 		if(!$this->userManager->userExists($parameters['userid']) 
-		|| $parameters['userid'] === OC_User::getUser()) {
+		|| $parameters['userid'] === $this->userSession->getUser()->getUID()) {
 			return new OC_OCS_Result(null, 101);
 		}
 		// If not permitted
-		if(!$this->groupManager->isAdmin(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) {
+		if(!$this->groupManager->isAdmin($this->userSession->getUser()->getUID()) && !OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $parameters['userid'])) {
 			return new OC_OCS_Result(null, 997);
 		}
 		// Go ahead with the delete
@@ -227,7 +234,7 @@ class Users {
 	}
 
 	public function getUsersGroups($parameters){
-		if($parameters['userid'] === OC_User::getUser() || $this->groupManager->isAdmin(OC_User::getUser())) {
+		if($parameters['userid'] === $this->userSession->getUser()->getUID() || $this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {
 			// Self lookup or admin lookup
 			return new OC_OCS_Result([
 				'groups' => $this->groupManager->getUserGroupIds(
@@ -236,10 +243,10 @@ class Users {
 			]);
 		} else {
 			// Looking up someone else
-			if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) {
+			if(OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $parameters['userid'])) {
 				// Return the group that the method caller is subadmin of for the user in question
 				$groups = array_intersect(
-					OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()),
+					OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID()),
 					$this->groupManager->getUserGroupIds(
 						$this->userManager->get($parameters['userid'])
 					)
@@ -259,7 +266,7 @@ class Users {
 			return new OC_OCS_Result(null, 101);
 		}
 		// Check they're an admin
-		if(!$this->groupManager->isInGroup(OC_User::getUser(), 'admin')){
+		if(!$this->groupManager->isInGroup($this->userSession->getUser()->getUID(), 'admin')){
 			// This user doesn't have rights to add a user to this group
 			return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
 		}
@@ -284,18 +291,18 @@ class Users {
 			return new OC_OCS_Result(null, 101);
 		}
 		// If they're not an admin, check they are a subadmin of the group in question
-		if(!$this->groupManager->isInGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdminofGroup(OC_User::getUser(), $group)){
+		if(!$this->groupManager->isInGroup($this->userSession->getUser()->getUID(), 'admin') && !OC_SubAdmin::isSubAdminofGroup($this->userSession->getUser()->getUID(), $group)){
 			return new OC_OCS_Result(null, 104);
 		}
 		// Check they aren't removing themselves from 'admin' or their 'subadmin; group
-		if($parameters['userid'] === OC_User::getUser()){
+		if($parameters['userid'] === $this->userSession->getUser()->getUID()){
-			if($this->groupManager->isInGroup(OC_User::getUser(), 'admin')){
+			if($this->groupManager->isInGroup($this->userSession->getUser()->getUID(), 'admin')){
 				if($group === 'admin'){
 					return new OC_OCS_Result(null, 105, 'Cannot remove yourself from the admin group');
 				}
 			} else {
 				// Not an admin, check they are not removing themself from their subadmin group
-				if(in_array($group, OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()))){
+				if(in_array($group, OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID()))){
 					return new OC_OCS_Result(null, 105, 'Cannot remove yourself from this group as you are a SubAdmin');
 				}
 			}

apps/provisioning_api/tests/groupstest.php

@@ -31,7 +31,11 @@ class GroupsTest extends TestCase {
 
 		$this->userManager = \OC::$server->getUserManager();
 		$this->groupManager = \OC::$server->getGroupManager();
-		$this->api = new \OCA\Provisioning_API\Groups($this->groupManager);
+		$this->userSession = \OC::$server->getUserSession();
+		$this->api = new \OCA\Provisioning_API\Groups(
+			$this->groupManager,
+			$this->userSession
+		);
 	}
 
 	public function testGetGroupAsUser() {

apps/provisioning_api/tests/userstest.php

@@ -38,10 +38,13 @@ class UsersTest extends TestCase {
 		$this->userManager = \OC::$server->getUserManager();
 		$this->config = \OC::$server->getConfig();
 		$this->groupManager = \OC::$server->getGroupManager();
+		$this->userSession = \OC::$server->getUserSession();
 		$this->api = new \OCA\Provisioning_Api\Users(
 			$this->userManager, 
 			$this->config, 
-			$this->groupManager);
+			$this->groupManager,
+			$this->userSession
+		);
 	}
 
 	// Test getting the list of users