mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

No need to check the subadmin again 

The user needs to be a subadmin of the group,
otherwise they are not allowed to remove anyone from the group

Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling 2017-01-18 11:43:52 +01:00
parent 4bbd52b3f9
commit ae77067a07
No known key found for this signature in database
GPG Key ID: E166FD8976B3BAC8
2 changed files with 11 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
apps/provisioning_api/lib/Controller/UsersController.php
View File

@ -33,10 +33,10 @@ use \OC_Helper;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\Files\NotFoundException;
use OCP\IConfig;
use OCP\IGroup;
use OCP\IGroupManager;
use OCP\ILogger;
use OCP\IRequest;
@ -275,9 +275,9 @@ class UsersController extends OCSController {
break;
case 'quota':
$quota = $value;
if($quota !== 'none' and $quota !== 'default') {
if($quota !== 'none' && $quota !== 'default') {
if (is_numeric($quota)) {
$quota = floatval($quota);
$quota = (float) $quota;
} else {
$quota = \OCP\Util::computerFileSize($quota);
}
@ -421,6 +421,7 @@ class UsersController extends OCSController {
// Looking up someone else
if($subAdminManager->isUserAccessible($loggedInUser, $targetUser)) {
// Return the group that the method caller is subadmin of for the user in question
/** @var IGroup[] $getSubAdminsGroups */
$getSubAdminsGroups = $subAdminManager->getSubAdminsGroups($loggedInUser);
foreach ($getSubAdminsGroups as $key => $group) {
$getSubAdminsGroups[$key] = $group->getGID();
@ -492,25 +493,19 @@ class UsersController extends OCSController {
// If they're not an admin, check they are a subadmin of the group in question
$subAdminManager = $this->groupManager->getSubAdmin();
if(!$this->groupManager->isAdmin($loggedInUser->getUID()) && !$subAdminManager->isSubAdminofGroup($loggedInUser, $group)) {
if (!$this->groupManager->isAdmin($loggedInUser->getUID()) && !$subAdminManager->isSubAdminOfGroup($loggedInUser, $group)) {
throw new OCSException('', 104);
}
// Check they aren't removing themselves from 'admin' or their 'subadmin; group
if($userId === $loggedInUser->getUID()) {
if($this->groupManager->isAdmin($loggedInUser->getUID())) {
if($group->getGID() === 'admin') {
if ($userId === $loggedInUser->getUID()) {
if ($this->groupManager->isAdmin($loggedInUser->getUID())) {
if ($group->getGID() === 'admin') {
throw new OCSException('Cannot remove yourself from the admin group', 105);
}
} else {
// Not an admin, check they are not removing themself from their subadmin group
$subAdminGroups = $subAdminManager->getSubAdminsGroups($loggedInUser);
foreach ($subAdminGroups as $key => $group) {
$subAdminGroups[$key] = $group->getGID();
}
if(in_array($group->getGID(), $subAdminGroups, true)) {
throw new OCSException('Cannot remove yourself from this group as you are a SubAdmin', 105);
}
// Not an admin, so the user must be a subadmin of this group, but that is not allowed.
throw new OCSException('Cannot remove yourself from this group as you are a SubAdmin', 105);
}
}

5
apps/provisioning_api/tests/Controller/UsersControllerTest.php
View File

@ -1813,11 +1813,6 @@ class UsersControllerTest extends OriginalTest {
->method('isSubAdminofGroup')
->with($loggedInUser, $targetGroup)
->will($this->returnValue(true));
$subAdminManager
->expects($this->once())
->method('getSubAdminsGroups')
->with($loggedInUser)
->will($this->returnValue([$targetGroup]));
$this->groupManager
->expects($this->once())
->method('getSubAdmin')