Limit user search in Collaborators plugins
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
parent
87393a760e
commit
c97ab39acb
|
@ -52,6 +52,7 @@ class GroupPlugin implements ISearchPlugin {
|
||||||
|
|
||||||
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
|
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
|
||||||
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
|
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
|
||||||
|
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
|
||||||
}
|
}
|
||||||
|
|
||||||
public function search($search, $limit, $offset, ISearchResult $searchResult) {
|
public function search($search, $limit, $offset, ISearchResult $searchResult) {
|
||||||
|
@ -66,7 +67,7 @@ class GroupPlugin implements ISearchPlugin {
|
||||||
}
|
}
|
||||||
|
|
||||||
$userGroups = [];
|
$userGroups = [];
|
||||||
if (!empty($groups) && $this->shareWithGroupOnly) {
|
if (!empty($groups) && ($this->shareWithGroupOnly || $this->shareeEnumerationInGroupOnly)) {
|
||||||
// Intersect all the groups that match with the groups this user is a member of
|
// Intersect all the groups that match with the groups this user is a member of
|
||||||
$userGroups = $this->groupManager->getUserGroups($this->userSession->getUser());
|
$userGroups = $this->groupManager->getUserGroups($this->userSession->getUser());
|
||||||
$userGroups = array_map(function (IGroup $group) { return $group->getGID(); }, $userGroups);
|
$userGroups = array_map(function (IGroup $group) { return $group->getGID(); }, $userGroups);
|
||||||
|
@ -93,6 +94,9 @@ class GroupPlugin implements ISearchPlugin {
|
||||||
],
|
],
|
||||||
];
|
];
|
||||||
} else {
|
} else {
|
||||||
|
if ($this->shareeEnumerationInGroupOnly && !in_array($group->getGID(), $userGroups, true)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
$result['wide'][] = [
|
$result['wide'][] = [
|
||||||
'label' => $group->getDisplayName(),
|
'label' => $group->getDisplayName(),
|
||||||
'value' => [
|
'value' => [
|
||||||
|
|
|
@ -65,6 +65,8 @@ class MailPlugin implements ISearchPlugin {
|
||||||
|
|
||||||
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
|
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
|
||||||
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
|
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
|
||||||
|
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -150,7 +152,18 @@ class MailPlugin implements ISearchPlugin {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$this->isCurrentUser($cloud) && !$searchResult->hasResult($userType, $cloud->getUser())) {
|
$addToWide = !$this->shareeEnumerationInGroupOnly;
|
||||||
|
if ($this->shareeEnumerationInGroupOnly) {
|
||||||
|
$addToWide = false;
|
||||||
|
$userGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
|
||||||
|
foreach ($userGroups as $userGroup) {
|
||||||
|
if ($this->groupManager->isInGroup($contact['UID'], $userGroup)) {
|
||||||
|
$addToWide = true;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($addToWide && !$this->isCurrentUser($cloud) && !$searchResult->hasResult($userType, $cloud->getUser())) {
|
||||||
$userResults['wide'][] = [
|
$userResults['wide'][] = [
|
||||||
'label' => $displayName,
|
'label' => $displayName,
|
||||||
'uuid' => $contact['UID'],
|
'uuid' => $contact['UID'],
|
||||||
|
@ -160,6 +173,7 @@ class MailPlugin implements ISearchPlugin {
|
||||||
'shareWith' => $cloud->getUser(),
|
'shareWith' => $cloud->getUser(),
|
||||||
],
|
],
|
||||||
];
|
];
|
||||||
|
continue;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
continue;
|
continue;
|
||||||
|
|
|
@ -36,11 +36,13 @@ use OCP\IUser;
|
||||||
use OCP\IUserManager;
|
use OCP\IUserManager;
|
||||||
use OCP\IUserSession;
|
use OCP\IUserSession;
|
||||||
use OCP\Share;
|
use OCP\Share;
|
||||||
|
use OCP\Share\IShare;
|
||||||
|
|
||||||
class UserPlugin implements ISearchPlugin {
|
class UserPlugin implements ISearchPlugin {
|
||||||
/* @var bool */
|
/* @var bool */
|
||||||
protected $shareWithGroupOnly;
|
protected $shareWithGroupOnly;
|
||||||
protected $shareeEnumeration;
|
protected $shareeEnumeration;
|
||||||
|
protected $shareeEnumerationInGroupOnly;
|
||||||
|
|
||||||
/** @var IConfig */
|
/** @var IConfig */
|
||||||
private $config;
|
private $config;
|
||||||
|
@ -60,11 +62,13 @@ class UserPlugin implements ISearchPlugin {
|
||||||
|
|
||||||
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
|
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
|
||||||
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
|
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
|
||||||
|
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
|
||||||
}
|
}
|
||||||
|
|
||||||
public function search($search, $limit, $offset, ISearchResult $searchResult) {
|
public function search($search, $limit, $offset, ISearchResult $searchResult) {
|
||||||
$result = ['wide' => [], 'exact' => []];
|
$result = ['wide' => [], 'exact' => []];
|
||||||
$users = [];
|
$users = [];
|
||||||
|
$autoCompleteUsers = [];
|
||||||
$hasMoreResults = false;
|
$hasMoreResults = false;
|
||||||
|
|
||||||
$userGroups = [];
|
$userGroups = [];
|
||||||
|
@ -80,10 +84,32 @@ class UserPlugin implements ISearchPlugin {
|
||||||
} else {
|
} else {
|
||||||
// Search in all users
|
// Search in all users
|
||||||
$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
|
$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
|
||||||
|
$currentUserGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
|
||||||
foreach ($usersTmp as $user) {
|
foreach ($usersTmp as $user) {
|
||||||
if ($user->isEnabled()) { // Don't keep deactivated users
|
if ($user->isEnabled()) { // Don't keep deactivated users
|
||||||
$users[(string) $user->getUID()] = $user->getDisplayName();
|
$users[(string) $user->getUID()] = $user->getDisplayName();
|
||||||
|
|
||||||
|
$addToWideResults = false;
|
||||||
|
if ($this->shareeEnumeration && !$this->shareeEnumerationInGroupOnly) {
|
||||||
|
$addToWideResults = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($this->shareeEnumerationInGroupOnly) {
|
||||||
|
$commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
|
||||||
|
if (!empty($commonGroups)) {
|
||||||
|
$addToWideResults = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ($addToWideResults) {
|
||||||
|
$autoCompleteUsers[] = [
|
||||||
|
'label' => $user->getDisplayName(),
|
||||||
|
'value' => [
|
||||||
|
'shareType' => IShare::TYPE_USER,
|
||||||
|
'shareWith' => (string)$user->getUID(),
|
||||||
|
],
|
||||||
|
];
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -145,8 +171,9 @@ class UserPlugin implements ISearchPlugin {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$this->shareeEnumeration) {
|
// overwrite wide matches if they are limited
|
||||||
$result['wide'] = [];
|
if (!$this->shareeEnumeration || $this->shareeEnumerationInGroupOnly) {
|
||||||
|
$result['wide'] = $autoCompleteUsers;
|
||||||
}
|
}
|
||||||
|
|
||||||
$type = new SearchResultType('users');
|
$type = new SearchResultType('users');
|
||||||
|
|
Loading…
Reference in New Issue