/**
* returns a list of users
*
* @return OC_OCS_Result
*/
public function getUsers()
{
$search = !empty($_GET['search']) ? $_GET['search'] : '';
$limit = !empty($_GET['limit']) ? $_GET['limit'] : null;
$offset = !empty($_GET['offset']) ? $_GET['offset'] : null;
// Check if user is logged in
$user = $this->userSession->getUser();
if ($user === null) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
// Admin? Or SubAdmin?
if ($this->groupManager->isAdmin($user->getUID())) {
$users = $this->userManager->search($search, $limit, $offset);
} else {
if (\OC_SubAdmin::isSubAdmin($user->getUID())) {
$subAdminOfGroups = \OC_SubAdmin::getSubAdminsGroups($user->getUID());
if ($offset === null) {
$offset = 0;
}
$users = [];
foreach ($subAdminOfGroups as $group) {
$users = array_merge($users, $this->groupManager->displayNamesInGroup($group, $search));
}
$users = array_slice($users, $offset, $limit);
} else {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
}
$users = array_keys($users);
return new OC_OCS_Result(['users' => $users]);
}
/**
* Check if the user is a subadmin, send json error msg if not
*/
public static function checkSubAdminUser()
{
if (!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
$l = OC_L10N::get('lib');
self::error(array('data' => array('message' => $l->t('Authentication error'), 'error' => 'authentication_error')));
exit;
}
}
/**
* Check if the user is a subadmin, send json error msg if not
*/
public static function checkSubAdminUser() {
self::checkLoggedIn();
self::verifyUser();
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
$l = OC_L10N::get('lib');
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit();
}
}
/**
* Returns the Settings Navigation
* @return string
*
* This function returns an array containing all settings pages added. The
* entries are sorted by the key 'order' ascending.
*/
public static function getSettingsNavigation()
{
$l = \OC::$server->getL10N('lib');
$settings = array();
// by default, settings only contain the help menu
if (OC_Util::getEditionString() === '' && OC_Config::getValue('knowledgebaseenabled', true) == true) {
$settings = array(array("id" => "help", "order" => 1000, "href" => OC_Helper::linkToRoute("settings_help"), "name" => $l->t("Help"), "icon" => OC_Helper::imagePath("settings", "help.svg")));
}
// if the user is logged-in
if (OC_User::isLoggedIn()) {
// personal menu
$settings[] = array("id" => "personal", "order" => 1, "href" => OC_Helper::linkToRoute("settings_personal"), "name" => $l->t("Personal"), "icon" => OC_Helper::imagePath("settings", "personal.svg"));
// if there are some settings forms
if (!empty(self::$settingsForms)) {
// settings menu
$settings[] = array("id" => "settings", "order" => 1000, "href" => OC_Helper::linkToRoute("settings_settings"), "name" => $l->t("Settings"), "icon" => OC_Helper::imagePath("settings", "settings.svg"));
}
//SubAdmins are also allowed to access user management
if (OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
// admin users menu
$settings[] = array("id" => "core_users", "order" => 2, "href" => OC_Helper::linkToRoute("settings_users"), "name" => $l->t("Users"), "icon" => OC_Helper::imagePath("settings", "users.svg"));
}
// if the user is an admin
if (OC_User::isAdminUser(OC_User::getUser())) {
// admin settings
$settings[] = array("id" => "admin", "order" => 1000, "href" => OC_Helper::linkToRoute("settings_admin"), "name" => $l->t("Admin"), "icon" => OC_Helper::imagePath("settings", "admin.svg"));
}
}
$navigation = self::proceedNavigation($settings);
return $navigation;
}
<?php
// Init owncloud
require_once '../../lib/base.php';
OCP\JSON::callCheck();
// Check if we are a user
if (!OC_User::isLoggedIn() || !OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
OC_JSON::error(array("data" => array("message" => "Authentication error")));
exit;
}
OCP\JSON::callCheck();
$isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin') ? true : false;
if ($isadmin) {
$groups = array();
if (isset($_POST["groups"])) {
$groups = $_POST["groups"];
}
} else {
if (isset($_POST["groups"])) {
$groups = array();
foreach ($_POST["groups"] as $group) {
if (OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)) {
$groups[] = $group;
}
}
if (count($groups) == 0) {
$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
}
} else {
$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
}
/**
* authenticate the api call
* @param array $action the action details as supplied to OC_API::register()
* @return bool
*/
private static function isAuthorised($action)
{
$level = $action['authlevel'];
switch ($level) {
case API::GUEST_AUTH:
// Anyone can access
return true;
break;
case API::USER_AUTH:
// User required
return self::loginUser();
break;
case API::SUBADMIN_AUTH:
// Check for subadmin
$user = self::loginUser();
if (!$user) {
return false;
} else {
$subAdmin = OC_SubAdmin::isSubAdmin($user);
$admin = OC_User::isAdminUser($user);
if ($subAdmin || $admin) {
return true;
} else {
return false;
}
}
break;
case API::ADMIN_AUTH:
// Check for admin
$user = self::loginUser();
if (!$user) {
return false;
} else {
return OC_User::isAdminUser($user);
}
break;
default:
// oops looks like invalid level supplied
return false;
break;
}
}
/**
* Check if the user is a subadmin, redirects to home if not
*
* @return null|boolean $groups where the current user is subadmin
*/
public static function checkSubAdminUser()
{
OC_Util::checkLoggedIn();
if (!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
header('Location: ' . OC_Helper::linkToAbsolute('', 'index.php'));
exit;
}
return true;
}
/**
* Check if the user is a subadmin, redirects to home if not
* @return array $groups where the current user is subadmin
*/
public static function checkSubAdminUser()
{
// Check if we are a user
self::checkLoggedIn();
self::verifyUser();
if (OC_Group::inGroup(OC_User::getUser(), 'admin')) {
return true;
}
if (!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
header('Location: ' . OC_Helper::linkToAbsolute('', 'index.php'));
exit;
}
return true;
}
/**
* @brief Returns the Settings Navigation
* @return array
*
* This function returns an array containing all settings pages added. The
* entries are sorted by the key 'order' ascending.
*/
public static function getSettingsNavigation()
{
$l = OC_L10N::get('lib');
$settings = array();
// by default, settings only contain the help menu
if (OC_Config::getValue('knowledgebaseenabled', true) == true) {
$settings = array(array("id" => "help", "order" => 1000, "href" => OC_Helper::linkTo("settings", "help.php"), "name" => $l->t("Help"), "icon" => OC_Helper::imagePath("settings", "help.svg")));
}
// if the user is logged-in
if (OC_User::isLoggedIn()) {
// personal menu
$settings[] = array("id" => "personal", "order" => 1, "href" => OC_Helper::linkTo("settings", "personal.php"), "name" => $l->t("Personal"), "icon" => OC_Helper::imagePath("settings", "personal.svg"));
// if there are some settings forms
if (!empty(self::$settingsForms)) {
// settings menu
$settings[] = array("id" => "settings", "order" => 1000, "href" => OC_Helper::linkTo("settings", "settings.php"), "name" => $l->t("Settings"), "icon" => OC_Helper::imagePath("settings", "settings.svg"));
}
//SubAdmins are also allowed to access user management
if (OC_SubAdmin::isSubAdmin($_SESSION["user_id"]) || OC_Group::inGroup($_SESSION["user_id"], "admin")) {
// admin users menu
$settings[] = array("id" => "core_users", "order" => 2, "href" => OC_Helper::linkTo("settings", "users.php"), "name" => $l->t("Users"), "icon" => OC_Helper::imagePath("settings", "users.svg"));
}
// if the user is an admin
if (OC_Group::inGroup($_SESSION["user_id"], "admin")) {
// admin apps menu
$settings[] = array("id" => "core_apps", "order" => 3, "href" => OC_Helper::linkTo("settings", "apps.php") . '?installed', "name" => $l->t("Apps"), "icon" => OC_Helper::imagePath("settings", "apps.svg"));
$settings[] = array("id" => "admin", "order" => 1000, "href" => OC_Helper::linkTo("settings", "admin.php"), "name" => $l->t("Admin"), "icon" => OC_Helper::imagePath("settings", "admin.svg"));
}
}
$navigation = self::proceedNavigation($settings);
return $navigation;
}
/**
* Checks if a user is an subadmin
* @param string $userId the id of the user
* @return bool true if subadmin
*/
public function isSubAdminUser($userId)
{
# TODO: use public api
return \OC_SubAdmin::isSubAdmin($userId);
}
