mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

[provisioning_api] subadmin check for users

This commit is contained in:
Roeland Jago Douma 2015-07-25 14:49:20 +02:00
parent b745e75737
commit 9f59add9ed
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
apps/provisioning_api/lib/users.php
View File

@ -93,7 +93,7 @@ class Users {
public function getUser($parameters){ public function getUser($parameters){
$userId = $parameters['userid']; $userId = $parameters['userid'];
// Admin? Or SubAdmin? // Admin? Or SubAdmin?
if(OC_User::isAdminUser(OC_User::getUser()) || OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)) { if($this->groupManager->isAdmin(OC_User::getUser()) || OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)) {
// Check they exist // Check they exist
if(!$this->userManager->userExists($userId)) { if(!$this->userManager->userExists($userId)) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested user could not be found'); return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested user could not be found');
@ -103,12 +103,12 @@ class Users {
'email', 'email',
'enabled', 'enabled',
); );
if(OC_User::getUser() != $userId) { if(OC_User::getUser() !== $userId) {
$return[] = 'quota'; $return[] = 'quota';
} }
} else { } else {
// Check they are looking up themselves // Check they are looking up themselves
if(OC_User::getUser() != $userId) { if(OC_User::getUser() !== $userId) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
} }
// Return some additional information compared to the core route // Return some additional information compared to the core route
@ -145,13 +145,13 @@ class Users {
$permittedFields[] = 'email'; $permittedFields[] = 'email';
$permittedFields[] = 'password'; $permittedFields[] = 'password';
// If admin they can edit their own quota // If admin they can edit their own quota
if(OC_User::isAdminUser(OC_User::getUser())) { if($this->groupManager->isAdmin(OC_User::getUser())) {
$permittedFields[] = 'quota'; $permittedFields[] = 'quota';
} }
} else { } else {
// Check if admin / subadmin // Check if admin / subadmin
if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId) if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)
|| OC_User::isAdminUser(OC_User::getUser())) { || $this->groupManager->isAdmin(OC_User::getUser())) {
// They have permissions over the user // They have permissions over the user
$permittedFields[] = 'display'; $permittedFields[] = 'display';
$permittedFields[] = 'quota'; $permittedFields[] = 'quota';
@ -182,9 +182,9 @@ class Users {
if ($quota === false) { if ($quota === false) {
return new OC_OCS_Result(null, 103, "Invalid quota value {$parameters['_put']['value']}"); return new OC_OCS_Result(null, 103, "Invalid quota value {$parameters['_put']['value']}");
} }
if($quota == 0) { if($quota === 0) {
$quota = 'default'; $quota = 'default';
}else if($quota == -1){ }else if($quota === -1){
$quota = 'none'; $quota = 'none';
} else { } else {
$quota = OC_Helper::humanFileSize($quota); $quota = OC_Helper::humanFileSize($quota);
@ -215,7 +215,7 @@ class Users {
return new OC_OCS_Result(null, 101); return new OC_OCS_Result(null, 101);
} }
// If not permitted // If not permitted
if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) { if(!$this->groupManager->isAdmin(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) {
return new OC_OCS_Result(null, 997); return new OC_OCS_Result(null, 997);
} }
// Go ahead with the delete // Go ahead with the delete
@ -227,7 +227,7 @@ class Users {
} }
public function getUsersGroups($parameters){ public function getUsersGroups($parameters){
if($parameters['userid'] === OC_User::getUser() || OC_User::isAdminUser(OC_User::getUser())) { if($parameters['userid'] === OC_User::getUser() || $this->groupManager->isAdmin(OC_User::getUser())) {
// Self lookup or admin lookup // Self lookup or admin lookup
return new OC_OCS_Result([ return new OC_OCS_Result([
'groups' => $this->groupManager->getUserGroupIds( 'groups' => $this->groupManager->getUserGroupIds(
@ -330,7 +330,7 @@ class Users {
return new OC_OCS_Result(null, 102, 'Group:'.$group.' does not exist'); return new OC_OCS_Result(null, 102, 'Group:'.$group.' does not exist');
} }
// Check if trying to make subadmin of admin group // Check if trying to make subadmin of admin group
if(strtolower($group) == 'admin') { if(strtolower($group) === 'admin') {
return new OC_OCS_Result(null, 103, 'Cannot create subadmins for admin group'); return new OC_OCS_Result(null, 103, 'Cannot create subadmins for admin group');
} }
// We cannot be subadmin twice // We cannot be subadmin twice