mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Limit user search in Collaborators plugins 

Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl 2020-02-18 19:44:18 +01:00
parent 87393a760e
commit c97ab39acb
3 changed files with 50 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/private/Collaboration/Collaborators/GroupPlugin.php
View File

@ -52,6 +52,7 @@ class GroupPlugin implements ISearchPlugin {
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
}
public function search($search, $limit, $offset, ISearchResult $searchResult) {
@ -66,7 +67,7 @@ class GroupPlugin implements ISearchPlugin {
}
$userGroups = [];
if (!empty($groups) && $this->shareWithGroupOnly) {
if (!empty($groups) && ($this->shareWithGroupOnly || $this->shareeEnumerationInGroupOnly)) {
// Intersect all the groups that match with the groups this user is a member of
$userGroups = $this->groupManager->getUserGroups($this->userSession->getUser());
$userGroups = array_map(function (IGroup $group) { return $group->getGID(); }, $userGroups);
@ -93,6 +94,9 @@ class GroupPlugin implements ISearchPlugin {
],
];
} else {
if ($this->shareeEnumerationInGroupOnly && !in_array($group->getGID(), $userGroups, true)) {
continue;
}
$result['wide'][] = [
'label' => $group->getDisplayName(),
'value' => [

16
lib/private/Collaboration/Collaborators/MailPlugin.php
View File

@ -65,6 +65,8 @@ class MailPlugin implements ISearchPlugin {
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
}
/**
@ -150,7 +152,18 @@ class MailPlugin implements ISearchPlugin {
continue;
}
if (!$this->isCurrentUser($cloud) && !$searchResult->hasResult($userType, $cloud->getUser())) {
$addToWide = !$this->shareeEnumerationInGroupOnly;
if ($this->shareeEnumerationInGroupOnly) {
$addToWide = false;
$userGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
foreach ($userGroups as $userGroup) {
if ($this->groupManager->isInGroup($contact['UID'], $userGroup)) {
$addToWide = true;
break;
}
}
}
if ($addToWide && !$this->isCurrentUser($cloud) && !$searchResult->hasResult($userType, $cloud->getUser())) {
$userResults['wide'][] = [
'label' => $displayName,
'uuid' => $contact['UID'],
@ -160,6 +173,7 @@ class MailPlugin implements ISearchPlugin {
'shareWith' => $cloud->getUser(),
],
];
continue;
}
}
continue;

33
lib/private/Collaboration/Collaborators/UserPlugin.php
View File

@ -36,11 +36,13 @@ use OCP\IUser;
use OCP\IUserManager;
use OCP\IUserSession;
use OCP\Share;
use OCP\Share\IShare;
class UserPlugin implements ISearchPlugin {
/* @var bool */
protected $shareWithGroupOnly;
protected $shareeEnumeration;
protected $shareeEnumerationInGroupOnly;
/** @var IConfig */
private $config;
@ -60,11 +62,13 @@ class UserPlugin implements ISearchPlugin {
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
}
public function search($search, $limit, $offset, ISearchResult $searchResult) {
$result = ['wide' => [], 'exact' => []];
$users = [];
$autoCompleteUsers = [];
$hasMoreResults = false;
$userGroups = [];
@ -80,10 +84,32 @@ class UserPlugin implements ISearchPlugin {
} else {
// Search in all users
$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
$currentUserGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
foreach ($usersTmp as $user) {
if ($user->isEnabled()) { // Don't keep deactivated users
$users[(string) $user->getUID()] = $user->getDisplayName();
$addToWideResults = false;
if ($this->shareeEnumeration && !$this->shareeEnumerationInGroupOnly) {
$addToWideResults = true;
}
if ($this->shareeEnumerationInGroupOnly) {
$commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
if (!empty($commonGroups)) {
$addToWideResults = true;
}
}
if ($addToWideResults) {
$autoCompleteUsers[] = [
'label' => $user->getDisplayName(),
'value' => [
'shareType' => IShare::TYPE_USER,
'shareWith' => (string)$user->getUID(),
],
];
}
}
}
}
@ -145,8 +171,9 @@ class UserPlugin implements ISearchPlugin {
}
}
if (!$this->shareeEnumeration) {
$result['wide'] = [];
// overwrite wide matches if they are limited
if (!$this->shareeEnumeration || $this->shareeEnumerationInGroupOnly) {
$result['wide'] = $autoCompleteUsers;
}
$type = new SearchResultType('users');