Add system tag assignability check with groups
Whenever a user is not an admin, a tag is visible but not user-assignable, check whether the user is a member of the allowed groups.
This commit is contained in:
parent
3cd65fe25d
commit
b5eb3d9e5a
|
@ -337,6 +337,7 @@ class SystemTagManager implements ISystemTagManager {
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*/
|
*/
|
||||||
public function canUserAssignTag(ISystemTag $tag, IUser $user) {
|
public function canUserAssignTag(ISystemTag $tag, IUser $user) {
|
||||||
|
// early check to avoid unneeded group lookups
|
||||||
if ($tag->isUserAssignable() && $tag->isUserVisible()) {
|
if ($tag->isUserAssignable() && $tag->isUserVisible()) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -345,6 +346,18 @@ class SystemTagManager implements ISystemTagManager {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (!$tag->isUserVisible()) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
$groupIds = $this->groupManager->getUserGroupIds($user->getUID());
|
||||||
|
if (!empty($groupIds)) {
|
||||||
|
$matchingGroups = array_intersect($groupIds, $this->getTagGroups($tag));
|
||||||
|
if (!empty($matchingGroups)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -449,31 +449,51 @@ class SystemTagManagerTest extends TestCase {
|
||||||
|
|
||||||
public function assignabilityCheckProvider() {
|
public function assignabilityCheckProvider() {
|
||||||
return [
|
return [
|
||||||
|
// no groups
|
||||||
[false, false, false, false],
|
[false, false, false, false],
|
||||||
[true, false, false, false],
|
[true, false, false, false],
|
||||||
[true, true, false, true],
|
[true, true, false, true],
|
||||||
[false, true, false, false],
|
[false, true, false, false],
|
||||||
|
// admin rulez
|
||||||
[false, false, true, true],
|
[false, false, true, true],
|
||||||
[false, true, true, true],
|
[false, true, true, true],
|
||||||
[true, false, true, true],
|
[true, false, true, true],
|
||||||
[true, true, true, true],
|
[true, true, true, true],
|
||||||
|
// ignored groups
|
||||||
|
[false, false, false, false, ['group1'], ['group1']],
|
||||||
|
[true, true, false, true, ['group1'], ['group1']],
|
||||||
|
[true, true, false, true, ['group1'], ['anothergroup']],
|
||||||
|
[false, true, false, false, ['group1'], ['group1']],
|
||||||
|
// admin has precedence over groups
|
||||||
|
[false, false, true, true, ['group1'], ['anothergroup']],
|
||||||
|
[false, true, true, true, ['group1'], ['anothergroup']],
|
||||||
|
[true, false, true, true, ['group1'], ['anothergroup']],
|
||||||
|
[true, true, true, true, ['group1'], ['anothergroup']],
|
||||||
|
// groups only checked when visible and user non-assignable and non-admin
|
||||||
|
[true, false, false, false, ['group1'], ['anothergroup1']],
|
||||||
|
[true, false, false, true, ['group1'], ['group1']],
|
||||||
|
[true, false, false, true, ['group1', 'group2'], ['group2', 'group3']],
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @dataProvider assignabilityCheckProvider
|
* @dataProvider assignabilityCheckProvider
|
||||||
*/
|
*/
|
||||||
public function testAssignabilityCheck($userVisible, $userAssignable, $isAdmin, $expectedResult) {
|
public function testAssignabilityCheck($userVisible, $userAssignable, $isAdmin, $expectedResult, $userGroupIds = [], $tagGroupIds = []) {
|
||||||
$user = $this->getMockBuilder('\OCP\IUser')->getMock();
|
$user = $this->getMockBuilder('\OCP\IUser')->getMock();
|
||||||
$user->expects($this->any())
|
$user->expects($this->any())
|
||||||
->method('getUID')
|
->method('getUID')
|
||||||
->will($this->returnValue('test'));
|
->will($this->returnValue('test'));
|
||||||
$tag1 = $this->tagManager->createTag('one', $userVisible, $userAssignable);
|
$tag1 = $this->tagManager->createTag('one', $userVisible, $userAssignable);
|
||||||
|
$this->tagManager->setTagGroups($tag1, $tagGroupIds);
|
||||||
|
|
||||||
$this->groupManager->expects($this->any())
|
$this->groupManager->expects($this->any())
|
||||||
->method('isAdmin')
|
->method('isAdmin')
|
||||||
->with('test')
|
->with('test')
|
||||||
->will($this->returnValue($isAdmin));
|
->will($this->returnValue($isAdmin));
|
||||||
|
$this->groupManager->expects($this->any())
|
||||||
|
->method('getUserGroupIds')
|
||||||
|
->will($this->returnValue($userGroupIds));
|
||||||
|
|
||||||
$this->assertEquals($expectedResult, $this->tagManager->canUserAssignTag($tag1, $user));
|
$this->assertEquals($expectedResult, $this->tagManager->canUserAssignTag($tag1, $user));
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue