mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Limit user search in Collaborators plugins 

Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
Julius Härtl 2020-02-18 19:44:18 +01:00
parent 87393a760e
commit c97ab39acb
3 changed files with 50 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/private/Collaboration/Collaborators/GroupPlugin.php
View File

@ -52,6 +52,7 @@ class GroupPlugin implements ISearchPlugin {
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
} }
public function search($search, $limit, $offset, ISearchResult $searchResult) { public function search($search, $limit, $offset, ISearchResult $searchResult) {
@ -66,7 +67,7 @@ class GroupPlugin implements ISearchPlugin {
} }
$userGroups = []; $userGroups = [];
if (!empty($groups) && $this->shareWithGroupOnly) { if (!empty($groups) && ($this->shareWithGroupOnly || $this->shareeEnumerationInGroupOnly)) {
// Intersect all the groups that match with the groups this user is a member of // Intersect all the groups that match with the groups this user is a member of
$userGroups = $this->groupManager->getUserGroups($this->userSession->getUser()); $userGroups = $this->groupManager->getUserGroups($this->userSession->getUser());
$userGroups = array_map(function (IGroup $group) { return $group->getGID(); }, $userGroups); $userGroups = array_map(function (IGroup $group) { return $group->getGID(); }, $userGroups);
@ -93,6 +94,9 @@ class GroupPlugin implements ISearchPlugin {
], ],
]; ];
} else { } else {
if ($this->shareeEnumerationInGroupOnly && !in_array($group->getGID(), $userGroups, true)) {
continue;
}
$result['wide'][] = [ $result['wide'][] = [
'label' => $group->getDisplayName(), 'label' => $group->getDisplayName(),
'value' => [ 'value' => [

16
lib/private/Collaboration/Collaborators/MailPlugin.php
View File

@ -65,6 +65,8 @@ class MailPlugin implements ISearchPlugin {
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
} }
/** /**
@ -150,7 +152,18 @@ class MailPlugin implements ISearchPlugin {
continue; continue;
} }
if (!$this->isCurrentUser($cloud) && !$searchResult->hasResult($userType, $cloud->getUser())) { $addToWide = !$this->shareeEnumerationInGroupOnly;
if ($this->shareeEnumerationInGroupOnly) {
$addToWide = false;
$userGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
foreach ($userGroups as $userGroup) {
if ($this->groupManager->isInGroup($contact['UID'], $userGroup)) {
$addToWide = true;
break;
}
}
}
if ($addToWide && !$this->isCurrentUser($cloud) && !$searchResult->hasResult($userType, $cloud->getUser())) {
$userResults['wide'][] = [ $userResults['wide'][] = [
'label' => $displayName, 'label' => $displayName,
'uuid' => $contact['UID'], 'uuid' => $contact['UID'],
@ -160,6 +173,7 @@ class MailPlugin implements ISearchPlugin {
'shareWith' => $cloud->getUser(), 'shareWith' => $cloud->getUser(),
], ],
]; ];
continue;
} }
} }
continue; continue;

33
lib/private/Collaboration/Collaborators/UserPlugin.php
View File

@ -36,11 +36,13 @@ use OCP\IUser;
use OCP\IUserManager; use OCP\IUserManager;
use OCP\IUserSession; use OCP\IUserSession;
use OCP\Share; use OCP\Share;
use OCP\Share\IShare;
class UserPlugin implements ISearchPlugin { class UserPlugin implements ISearchPlugin {
/* @var bool */ /* @var bool */
protected $shareWithGroupOnly; protected $shareWithGroupOnly;
protected $shareeEnumeration; protected $shareeEnumeration;
protected $shareeEnumerationInGroupOnly;
/** @var IConfig */ /** @var IConfig */
private $config; private $config;
@ -60,11 +62,13 @@ class UserPlugin implements ISearchPlugin {
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
} }
public function search($search, $limit, $offset, ISearchResult $searchResult) { public function search($search, $limit, $offset, ISearchResult $searchResult) {
$result = ['wide' => [], 'exact' => []]; $result = ['wide' => [], 'exact' => []];
$users = []; $users = [];
$autoCompleteUsers = [];
$hasMoreResults = false; $hasMoreResults = false;
$userGroups = []; $userGroups = [];
@ -80,10 +84,32 @@ class UserPlugin implements ISearchPlugin {
} else { } else {
// Search in all users // Search in all users
$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset); $usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
$currentUserGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
foreach ($usersTmp as $user) { foreach ($usersTmp as $user) {
if ($user->isEnabled()) { // Don't keep deactivated users if ($user->isEnabled()) { // Don't keep deactivated users
$users[(string) $user->getUID()] = $user->getDisplayName(); $users[(string) $user->getUID()] = $user->getDisplayName();
$addToWideResults = false;
if ($this->shareeEnumeration && !$this->shareeEnumerationInGroupOnly) {
$addToWideResults = true;
}
if ($this->shareeEnumerationInGroupOnly) {
$commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
if (!empty($commonGroups)) {
$addToWideResults = true;
}
}
if ($addToWideResults) {
$autoCompleteUsers[] = [
'label' => $user->getDisplayName(),
'value' => [
'shareType' => IShare::TYPE_USER,
'shareWith' => (string)$user->getUID(),
],
];
}
} }
} }
} }
@ -145,8 +171,9 @@ class UserPlugin implements ISearchPlugin {
} }
} }
if (!$this->shareeEnumeration) { // overwrite wide matches if they are limited
$result['wide'] = []; if (!$this->shareeEnumeration || $this->shareeEnumerationInGroupOnly) {
$result['wide'] = $autoCompleteUsers;
} }
$type = new SearchResultType('users'); $type = new SearchResultType('users');