Make sure subadmins can not delete users from their last subadmin group
Signed-off-by: Joas Schilling <coding@schilljs.com>
This commit is contained in:
Joas Schilling
parent
55db07a20b
commit
d80a4453af
|
|
@ -507,6 +507,20 @@ class UsersController extends OCSController {
|
|||
// Not an admin, so the user must be a subadmin of this group, but that is not allowed.
|
||||
throw new OCSException('Cannot remove yourself from this group as you are a SubAdmin', 105);
|
||||
}
|
||||
|
||||
} else if (!$this->groupManager->isAdmin($loggedInUser->getUID())) {
|
||||
/** @var IGroup[] $subAdminGroups */
|
||||
$subAdminGroups = $subAdminManager->getSubAdminsGroups($loggedInUser);
|
||||
$subAdminGroups = array_map(function (IGroup $subAdminGroup) {
|
||||
return $subAdminGroup->getGID();
|
||||
}, $subAdminGroups);
|
||||
$userGroups = $this->groupManager->getUserGroupIds($targetUser);
|
||||
$userSubAdminGroups = array_intersect($subAdminGroups, $userGroups);
|
||||
|
||||
if (count($userSubAdminGroups) <= 1) {
|
||||
// Subadmin must not be able to remove a user from all their subadmin groups.
|
||||
throw new OCSException('Cannot remove user from this group as this is the only remaining group you are a SubAdmin of', 105);
|
||||
}
|
||||
}
|
||||
|
||||
// Remove user from group
|
||||
|
|
|
|||
|
|
@ -1826,6 +1826,68 @@ class UsersControllerTest extends OriginalTest {
|
|||
$this->api->removeFromGroup('subadmin', 'subadmin');
|
||||
}
|
||||
|
||||
/**
|
||||
* @expectedException \OCP\AppFramework\OCS\OCSException
|
||||
* @expectedExceptionCode 105
|
||||
* @expectedExceptionMessage Cannot remove user from this group as this is the only remaining group you are a SubAdmin of
|
||||
*/
|
||||
public function testRemoveFromGroupAsSubAdminFromLastSubAdminGroup() {
|
||||
$loggedInUser = $this->getMockBuilder('\OCP\IUser')->disableOriginalConstructor()->getMock();
|
||||
$loggedInUser
|
||||
->expects($this->any())
|
||||
->method('getUID')
|
||||
->will($this->returnValue('subadmin'));
|
||||
$targetUser = $this->getMockBuilder('\OCP\IUser')->disableOriginalConstructor()->getMock();
|
||||
$targetGroup = $this->getMockBuilder('\OCP\IGroup')->disableOriginalConstructor()->getMock();
|
||||
$targetGroup
|
||||
->expects($this->any())
|
||||
->method('getGID')
|
||||
->will($this->returnValue('subadmin'));
|
||||
$this->userSession
|
||||
->expects($this->once())
|
||||
->method('getUser')
|
||||
->will($this->returnValue($loggedInUser));
|
||||
$this->groupManager
|
||||
->expects($this->once())
|
||||
->method('get')
|
||||
->with('subadmin')
|
||||
->will($this->returnValue($targetGroup));
|
||||
$this->userManager
|
||||
->expects($this->once())
|
||||
->method('get')
|
||||
->with('AnotherUser')
|
||||
->will($this->returnValue($targetUser));
|
||||
$subAdminManager = $this->getMockBuilder('OC\SubAdmin')
|
||||
->disableOriginalConstructor()->getMock();
|
||||
$subAdminManager
|
||||
->expects($this->once())
|
||||
->method('isSubAdminofGroup')
|
||||
->with($loggedInUser, $targetGroup)
|
||||
->will($this->returnValue(true));
|
||||
$this->groupManager
|
||||
->expects($this->once())
|
||||
->method('getSubAdmin')
|
||||
->will($this->returnValue($subAdminManager));
|
||||
$subAdminManager
|
||||
->expects($this->once())
|
||||
->method('getSubAdminsGroups')
|
||||
->with($loggedInUser)
|
||||
->will($this->returnValue([$targetGroup]));
|
||||
|
||||
$this->groupManager
|
||||
->expects($this->any())
|
||||
->method('isAdmin')
|
||||
->with('subadmin')
|
||||
->will($this->returnValue(false));
|
||||
$this->groupManager
|
||||
->expects($this->once())
|
||||
->method('getUserGroupIds')
|
||||
->with($targetUser)
|
||||
->willReturn(['subadmin', 'other group']);
|
||||
|
||||
$this->api->removeFromGroup('AnotherUser', 'subadmin');
|
||||
}
|
||||
|
||||
public function testRemoveFromGroupSuccessful() {
|
||||
$loggedInUser = $this->getMockBuilder('\OCP\IUser')->disableOriginalConstructor()->getMock();
|
||||
$loggedInUser
|
||||
|
|
|
|||
Loading…
Reference in New Issue