From bea85adc087648f170d898ea5f16079cde820d35 Mon Sep 17 00:00:00 2001
From: Joas Schilling <coding@schilljs.com>
Date: Mon, 5 Dec 2016 11:55:21 +0100
Subject: [PATCH] Require sudo mode on the provisioning API

Signed-off-by: Joas Schilling <coding@schilljs.com>
---
 .../lib/Controller/AppsController.php         |  6 +++---
 .../lib/Controller/GroupsController.php       |  4 +++-
 .../lib/Controller/UsersController.php        | 21 ++++++++++++++++---
 3 files changed, 24 insertions(+), 7 deletions(-)

diff --git a/apps/provisioning_api/lib/Controller/AppsController.php b/apps/provisioning_api/lib/Controller/AppsController.php
index 7d11d92b55..e384d5af90 100644
--- a/apps/provisioning_api/lib/Controller/AppsController.php
+++ b/apps/provisioning_api/lib/Controller/AppsController.php
@@ -25,12 +25,10 @@
 
 namespace OCA\Provisioning_API\Controller;
 
-use OC\OCSClient;
 use \OC_App;
 use OCP\App\IAppManager;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSException;
-use OCP\AppFramework\OCS\OCSNotFoundException;
 use OCP\AppFramework\OCSController;
 use OCP\IRequest;
 
@@ -86,7 +84,7 @@ class AppsController extends OCSController {
 	/**
 	 * @param string $app
 	 * @return DataResponse
-	 * @throws OCSNotFoundException
+	 * @throws OCSException
 	 */
 	public function getAppInfo($app) {
 		$info = \OCP\App::getAppInfo($app);
@@ -98,6 +96,7 @@ class AppsController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @param string $app
 	 * @return DataResponse
 	 */
@@ -107,6 +106,7 @@ class AppsController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @param string $app
 	 * @return DataResponse
 	 */
diff --git a/apps/provisioning_api/lib/Controller/GroupsController.php b/apps/provisioning_api/lib/Controller/GroupsController.php
index d36d0de899..c772076c3d 100644
--- a/apps/provisioning_api/lib/Controller/GroupsController.php
+++ b/apps/provisioning_api/lib/Controller/GroupsController.php
@@ -128,7 +128,7 @@ class GroupsController extends OCSController {
 	/**
 	 * creates a new group
 	 *
-	 * @NoAdminRequired
+	 * @PasswordConfirmationRequired
 	 *
 	 * @param string $groupid
 	 * @return DataResponse
@@ -149,6 +149,8 @@ class GroupsController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
+	 *
 	 * @param string $groupId
 	 * @return DataResponse
 	 * @throws OCSException
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php
index 8e5975468b..cc1d63d2d3 100644
--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@@ -93,6 +93,7 @@ class UsersController extends OCSController {
 	 */
 	public function getUsers($search = '', $limit = null, $offset = null) {
 		$user = $this->userSession->getUser();
+		$users = [];
 
 		// Admin? Or SubAdmin?
 		$uid = $user->getUID();
@@ -125,6 +126,7 @@ class UsersController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @NoAdminRequired
 	 *
 	 * @param string $userid
@@ -218,6 +220,7 @@ class UsersController extends OCSController {
 	/**
 	 * @NoAdminRequired
 	 * @NoSubAdminRequired
+	 * @PasswordConfirmationRequired
 	 *
 	 * edit users
 	 *
@@ -308,6 +311,7 @@ class UsersController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @NoAdminRequired
 	 *
 	 * @param string $userId
@@ -339,20 +343,26 @@ class UsersController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @NoAdminRequired
 	 *
 	 * @param string $userId
 	 * @return DataResponse
+	 * @throws OCSException
+	 * @throws OCSForbiddenException
 	 */
 	public function disableUser($userId) {
 		return $this->setEnabled($userId, false);
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @NoAdminRequired
 	 *
 	 * @param string $userId
 	 * @return DataResponse
+	 * @throws OCSException
+	 * @throws OCSForbiddenException
 	 */
 	public function enableUser($userId) {
 		return $this->setEnabled($userId, true);
@@ -390,8 +400,7 @@ class UsersController extends OCSController {
 	 *
 	 * @param string $userId
 	 * @return DataResponse
-	 * @throws OCSForbiddenException
-	 * @throws OCSNotFoundException
+	 * @throws OCSException
 	 */
 	public function getUsersGroups($userId) {
 		$loggedInUser = $this->userSession->getUser();
@@ -430,6 +439,7 @@ class UsersController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @param string $userId
 	 * @param string $groupid
 	 * @return DataResponse
@@ -455,9 +465,10 @@ class UsersController extends OCSController {
 	}
 
 	/**
+	 * @PasswordConfirmationRequired
 	 * @NoAdminRequired
 	 *
-	 * @param string userId
+	 * @param string $userId
 	 * @param string $groupid
 	 * @return DataResponse
 	 * @throws OCSException
@@ -511,6 +522,8 @@ class UsersController extends OCSController {
 	/**
 	 * Creates a subadmin
 	 *
+	 * @PasswordConfirmationRequired
+	 *
 	 * @param string $userId
 	 * @param string $groupid
 	 * @return DataResponse
@@ -550,6 +563,8 @@ class UsersController extends OCSController {
 	/**
 	 * Removes a subadmin from a group
 	 *
+	 * @PasswordConfirmationRequired
+	 *
 	 * @param string $userId
 	 * @param string $groupid
 	 * @return DataResponse