Limit user search in Collaborators plugins
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This commit is contained in:
parent
87393a760e
commit
c97ab39acb
|
@ -52,6 +52,7 @@ class GroupPlugin implements ISearchPlugin {
|
|||
|
||||
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
|
||||
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
|
||||
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
|
||||
}
|
||||
|
||||
public function search($search, $limit, $offset, ISearchResult $searchResult) {
|
||||
|
@ -66,7 +67,7 @@ class GroupPlugin implements ISearchPlugin {
|
|||
}
|
||||
|
||||
$userGroups = [];
|
||||
if (!empty($groups) && $this->shareWithGroupOnly) {
|
||||
if (!empty($groups) && ($this->shareWithGroupOnly || $this->shareeEnumerationInGroupOnly)) {
|
||||
// Intersect all the groups that match with the groups this user is a member of
|
||||
$userGroups = $this->groupManager->getUserGroups($this->userSession->getUser());
|
||||
$userGroups = array_map(function (IGroup $group) { return $group->getGID(); }, $userGroups);
|
||||
|
@ -93,6 +94,9 @@ class GroupPlugin implements ISearchPlugin {
|
|||
],
|
||||
];
|
||||
} else {
|
||||
if ($this->shareeEnumerationInGroupOnly && !in_array($group->getGID(), $userGroups, true)) {
|
||||
continue;
|
||||
}
|
||||
$result['wide'][] = [
|
||||
'label' => $group->getDisplayName(),
|
||||
'value' => [
|
||||
|
|
|
@ -65,6 +65,8 @@ class MailPlugin implements ISearchPlugin {
|
|||
|
||||
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
|
||||
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
|
||||
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -150,7 +152,18 @@ class MailPlugin implements ISearchPlugin {
|
|||
continue;
|
||||
}
|
||||
|
||||
if (!$this->isCurrentUser($cloud) && !$searchResult->hasResult($userType, $cloud->getUser())) {
|
||||
$addToWide = !$this->shareeEnumerationInGroupOnly;
|
||||
if ($this->shareeEnumerationInGroupOnly) {
|
||||
$addToWide = false;
|
||||
$userGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
|
||||
foreach ($userGroups as $userGroup) {
|
||||
if ($this->groupManager->isInGroup($contact['UID'], $userGroup)) {
|
||||
$addToWide = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($addToWide && !$this->isCurrentUser($cloud) && !$searchResult->hasResult($userType, $cloud->getUser())) {
|
||||
$userResults['wide'][] = [
|
||||
'label' => $displayName,
|
||||
'uuid' => $contact['UID'],
|
||||
|
@ -160,6 +173,7 @@ class MailPlugin implements ISearchPlugin {
|
|||
'shareWith' => $cloud->getUser(),
|
||||
],
|
||||
];
|
||||
continue;
|
||||
}
|
||||
}
|
||||
continue;
|
||||
|
|
|
@ -36,11 +36,13 @@ use OCP\IUser;
|
|||
use OCP\IUserManager;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Share;
|
||||
use OCP\Share\IShare;
|
||||
|
||||
class UserPlugin implements ISearchPlugin {
|
||||
/* @var bool */
|
||||
protected $shareWithGroupOnly;
|
||||
protected $shareeEnumeration;
|
||||
protected $shareeEnumerationInGroupOnly;
|
||||
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
|
@ -60,11 +62,13 @@ class UserPlugin implements ISearchPlugin {
|
|||
|
||||
$this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes';
|
||||
$this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
|
||||
$this->shareeEnumerationInGroupOnly = $this->shareeEnumeration && $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
|
||||
}
|
||||
|
||||
public function search($search, $limit, $offset, ISearchResult $searchResult) {
|
||||
$result = ['wide' => [], 'exact' => []];
|
||||
$users = [];
|
||||
$autoCompleteUsers = [];
|
||||
$hasMoreResults = false;
|
||||
|
||||
$userGroups = [];
|
||||
|
@ -80,10 +84,32 @@ class UserPlugin implements ISearchPlugin {
|
|||
} else {
|
||||
// Search in all users
|
||||
$usersTmp = $this->userManager->searchDisplayName($search, $limit, $offset);
|
||||
|
||||
$currentUserGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
|
||||
foreach ($usersTmp as $user) {
|
||||
if ($user->isEnabled()) { // Don't keep deactivated users
|
||||
$users[(string) $user->getUID()] = $user->getDisplayName();
|
||||
|
||||
$addToWideResults = false;
|
||||
if ($this->shareeEnumeration && !$this->shareeEnumerationInGroupOnly) {
|
||||
$addToWideResults = true;
|
||||
}
|
||||
|
||||
if ($this->shareeEnumerationInGroupOnly) {
|
||||
$commonGroups = array_intersect($currentUserGroups, $this->groupManager->getUserGroupIds($user));
|
||||
if (!empty($commonGroups)) {
|
||||
$addToWideResults = true;
|
||||
}
|
||||
}
|
||||
|
||||
if ($addToWideResults) {
|
||||
$autoCompleteUsers[] = [
|
||||
'label' => $user->getDisplayName(),
|
||||
'value' => [
|
||||
'shareType' => IShare::TYPE_USER,
|
||||
'shareWith' => (string)$user->getUID(),
|
||||
],
|
||||
];
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -145,8 +171,9 @@ class UserPlugin implements ISearchPlugin {
|
|||
}
|
||||
}
|
||||
|
||||
if (!$this->shareeEnumeration) {
|
||||
$result['wide'] = [];
|
||||
// overwrite wide matches if they are limited
|
||||
if (!$this->shareeEnumeration || $this->shareeEnumerationInGroupOnly) {
|
||||
$result['wide'] = $autoCompleteUsers;
|
||||
}
|
||||
|
||||
$type = new SearchResultType('users');
|
||||
|
|
Loading…
Reference in New Issue