public static function checkGroupRightsForPrincipal($uid)
{
$appConfig = \OC::$server->getAppConfig();
$isEnabled = $appConfig->getValue(self::$appname, 'enabled');
$bEnabled = false;
if ($isEnabled === 'yes') {
$bEnabled = true;
} else {
if ($isEnabled === 'no') {
$bEnabled = false;
} else {
if ($isEnabled !== 'no') {
$groups = json_decode($isEnabled);
if (is_array($groups)) {
foreach ($groups as $group) {
if (\OC_Group::inGroup($uid, $group)) {
$bEnabled = true;
break;
}
}
}
}
}
}
if ($bEnabled == false) {
throw new \Sabre\DAV\Exception\Forbidden();
return false;
} else {
return true;
}
}
protected function tearDown()
{
foreach ($this->users as $user) {
\OC_User::deleteUser($user);
}
\OC_Group::deleteGroup('admin');
parent::tearDown();
}
/**
* @return \OC\Group\Manager
*/
public static function getManager()
{
if (self::$manager) {
return self::$manager;
}
self::$userManager = \OC_User::getManager();
self::$manager = new \OC\Group\Manager(self::$userManager);
return self::$manager;
}
/**
* Check if the user is a subadmin, send json error msg if not
*/
public static function checkSubAdminUser() {
self::checkLoggedIn();
self::verifyUser();
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
$l = OC_L10N::get('lib');
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit();
}
}
/**
* update script for the removal of the logical "Shared" folder, we create physical "Shared" folder and
* update the users file_target so that it doesn't make any difference for the user
* @note parameters are just for testing, please ignore them
*/
function removeSharedFolder($mkdirs = true, $chunkSize = 99)
{
$query = OCP\DB::prepare('SELECT * FROM `*PREFIX*share`');
$result = $query->execute();
$view = new \OC\Files\View('/');
$users = array();
$shares = array();
//we need to set up user backends
OC_User::useBackend(new OC_User_Database());
OC_Group::useBackend(new OC_Group_Database());
OC_App::loadApps(array('authentication'));
//we need to set up user backends, otherwise creating the shares will fail with "because user does not exist"
while ($row = $result->fetchRow()) {
//collect all user shares
if ((int) $row['share_type'] === 0 && ($row['item_type'] === 'file' || $row['item_type'] === 'folder')) {
$users[] = $row['share_with'];
$shares[$row['id']] = $row['file_target'];
} else {
if ((int) $row['share_type'] === 1 && ($row['item_type'] === 'file' || $row['item_type'] === 'folder')) {
//collect all group shares
$users = array_merge($users, \OC_group::usersInGroup($row['share_with']));
$shares[$row['id']] = $row['file_target'];
} else {
if ((int) $row['share_type'] === 2) {
$shares[$row['id']] = $row['file_target'];
}
}
}
}
$unique_users = array_unique($users);
if (!empty($unique_users) && !empty($shares)) {
// create folder Shared for each user
if ($mkdirs) {
foreach ($unique_users as $user) {
\OC\Files\Filesystem::initMountPoints($user);
if (!$view->file_exists('/' . $user . '/files/Shared')) {
$view->mkdir('/' . $user . '/files/Shared');
}
}
}
$chunkedShareList = array_chunk($shares, $chunkSize, true);
$connection = \OC_DB::getConnection();
foreach ($chunkedShareList as $subList) {
$statement = "UPDATE `*PREFIX*share` SET `file_target` = CASE `id` ";
//update share table
$ids = implode(',', array_keys($subList));
foreach ($subList as $id => $target) {
$statement .= "WHEN " . $connection->quote($id, \PDO::PARAM_INT) . " THEN " . $connection->quote('/Shared' . $target, \PDO::PARAM_STR);
}
$statement .= ' END WHERE `id` IN (' . $ids . ')';
$query = OCP\DB::prepare($statement);
$query->execute(array());
}
// set config to keep the Shared folder as the default location for new shares
\OCA\Files_Sharing\Helper::setShareFolder('/Shared');
}
}
public function __construct(array $urlParams = array())
{
parent::__construct('User_Servervars2', $urlParams);
$container = $this->getContainer();
// Controller
/* $container->registerService('PageController', function ($c) {
return new PageController();
}); */
$container->registerService('TokensFactory', function ($c) {
return new TokensFactory($c->query('ServerContainer')->getAppConfig());
});
$container->registerService('Tokens', function ($c) {
return $c->query('TokensFactory')->getTokens();
});
// Service
$container->registerService('TokenService', function ($c) {
return new TokenService($c->query('Tokens'));
});
$container->registerService('GroupManager', function ($c) {
return \OC_Group::getManager();
// return new \OC\Group\Manager(
// $c->query('ServerContainer')->getUserManager()
// );
});
// Service
$container->registerService('UserAndGroupService', function ($c) {
return new ProxyUserAndGroupService($c->query('ServerContainer')->getUserManager(), $c->query('GroupManager'), $c->query('GroupNamingServiceFactory')->getGroupNamingService(), $c->query('UserBackend'), $c->query('ServerContainer')->getConfig());
});
$container->registerService('GroupNamingServiceFactory', function ($c) {
return new \OCA\User_Servervars2\Service\GroupNamingServiceFactory($c->query('ServerContainer')->getAppConfig());
});
// Interceptor
$container->registerService('Interceptor', function ($c) {
return new Interceptor($c->query('ServerContainer')->getAppConfig(), $c->query('Tokens'), $c->query('UserAndGroupService'));
});
// Hooks
$container->registerService('ServerVarsHooks', function ($c) {
return new ServerVarsHooks($c->query('TokenService'), $c->query('UserAndGroupService'), $c->query('ServerContainer')->getAppConfig());
});
// Backend
$container->registerService('UserBackend', function ($c) {
return new UserBackend($c->query('TokenService'), $c->query('ServerContainer')->getAppConfig());
});
// MetadataProvider
// Backend
$container->registerService('MetadataProvider', function ($c) {
return new MetadataProvider($c->query('MetadataMapper'));
});
// Mappers
$container->registerService('MetadataMapper', function ($c) {
return new MetadataMapper();
});
// Mappers
$container->registerService('SettingsController', function ($c) {
return new SettingsController($c->query('Request'), $c->query('ServerContainer')->getAppConfig());
});
}
/**
* Check if the user is a admin, send json error msg if not
*/
public static function checkAdminUser()
{
self::checkLoggedIn();
if (!OC_Group::inGroup(OC_User::getUser(), 'admin')) {
$l = new OC_L10N('core');
self::error(array('data' => array('message' => $l->t('Authentication error'))));
exit;
}
}
public function testGetApps()
{
$user = $this->generateUsers();
\OC_Group::addToGroup($user, 'admin');
self::loginAsUser($user);
$result = \OCA\provisioning_API\Apps::getApps(array());
$this->assertTrue($result->succeeded());
$data = $result->getData();
$this->assertEquals(count(\OC_App::listAllApps()), count($data['apps']));
}
public function tearDown()
{
OC_Mount_Config::$skipTest = false;
\OC_User::deleteUser(self::TEST_USER2);
\OC_User::deleteUser(self::TEST_USER1);
\OC_Group::deleteGroup(self::TEST_GROUP1);
\OC_Group::deleteGroup(self::TEST_GROUP2);
@unlink($this->dataDir . '/mount.json');
OCP\Config::setAppValue('files_external', 'user_mounting_backends', $this->oldAllowedBackends);
}
function testSingleBackend()
{
OC_Group::useBackend(new OCA\user_ldap\GROUP_LDAP());
$group_ldap = new OCA\user_ldap\GROUP_LDAP();
$this->assertIsA(OC_Group::getGroups(), gettype(array()));
$this->assertIsA($group_ldap->getGroups(), gettype(array()));
$this->assertFalse(OC_Group::inGroup('john', 'dosers'), gettype(false));
$this->assertFalse($group_ldap->inGroup('john', 'dosers'), gettype(false));
//TODO: check also for expected true result. This backend won't be able to do any modifications, maybe use a dummy for this.
$this->assertIsA(OC_Group::getUserGroups('john doe'), gettype(array()));
$this->assertIsA($group_ldap->getUserGroups('john doe'), gettype(array()));
$this->assertIsA(OC_Group::usersInGroup('campers'), gettype(array()));
$this->assertIsA($group_ldap->usersInGroup('campers'), gettype(array()));
}
function OC_wordpress()
{
$this->db_conn = '';
$this->params = array('wordpress_db_host', 'wordpress_db_user', 'wordpress_db_password', 'wordpress_db_name', 'wordpress_db_prefix', 'wordpress_url', 'wordpress_hash_salt', 'wordpress_have_to_be_logged', 'wordpress_global_group', 'wordpress_restrict_group', 'wordpress_add_button');
$this->params = $this->getParams();
if (OC_Appconfig::getValue('user_wordpress', 'clean_groups', 0) == 0 && isset($this->db)) {
$res = $this->db->query('SELECT `blog_id`,`domain` FROM ' . $this->wordpress_db_prefix . 'blogs WHERE `deleted`=0 AND `spam`=0 ');
if ($res->num_rows) {
while ($blog = mysqli_fetch_assoc($res)) {
OC_Group::deleteGroup($blog['domain']);
}
}
OC_Appconfig::setValue('user_wordpress', 'clean_groups', '1');
}
$this->connectdb();
}
public static function deleteGroup($parameters)
{
// Check it exists
if (!OC_Group::groupExists($parameters['groupid'])) {
return 101;
} else {
if ($parameters['groupid'] == 'admin') {
// Cannot delete admin group
return 102;
} else {
if (OC_Group::deleteGroup($parameters['groupid'])) {
return 100;
} else {
return 103;
}
}
}
}
public function __construct(array $urlParams = array())
{
parent::__construct('gatekeeper', $urlParams);
$container = $this->getContainer();
// Hooks
$container->registerService('GateKeeperHooks', function ($c) {
return new \OCA\GateKeeper\Hooks\GateKeeperHooks($c->query('GateKeeperService'), $c->query('Logger'));
});
// Service
$container->registerService('GateKeeperService', function ($c) {
return new \OCA\GateKeeper\Service\GateKeeperService($c->query('ServerContainer')->getAppConfig()->getValue('gatekeeper', 'mode'), $c->query('ServerContainer')->getSession(), $c->query('AccessObjectMapper'), $c->query('GroupManager'), GKHelper::isRemote(), $c->query('ServerContainer')->getAppConfig()->getValue('gatekeeper', 'refresh_delay'));
});
// Mapper
$container->registerService('AccessObjectMapper', function ($c) {
return new \OCA\GateKeeper\Db\AccessObjectMapper($c->query('ServerContainer')->getDb());
});
// groupManager
$container->registerService('GroupManager', function ($c) {
return \OC_Group::getManager();
});
// - logger -
$container->registerService('Logger', function ($c) {
return $c->query('ServerContainer')->getLogger();
});
$container->registerService('Interceptor', function ($c) {
return new \OCA\GateKeeper\AppInfo\Interceptor($c->query('ServerContainer')->getUserSession(), \OC_User::isLoggedIn(), $c->query('GateKeeperService'), $c->query('L10N'), $c->query('DenyLogger'));
});
$container->registerService('L10N', function ($c) {
return $c->query('ServerContainer')->getL10N($c->query('AppName'));
});
$container->registerService('SettingsController', function ($c) {
return new \OCA\GateKeeper\Controller\SettingsController($c->query('Request'), $c->query('ServerContainer')->getAppConfig(), $c->query('AccessObjectMapper'), $c->query('GroupManager'));
});
$container->registerService('DenyLoggerFactory', function ($c) {
return new \OCA\GateKeeper\Lib\DenyLoggerFactory($c->query('ServerContainer')->getAppConfig());
});
$container->registerService('DenyLogger', function ($c) {
return $c->query('DenyLoggerFactory')->getInstance();
});
}
public function testUnshareFromSelf()
{
\OC_Group::createGroup('testGroup');
\OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup');
\OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup');
$share1 = $this->share(\OCP\Share::SHARE_TYPE_USER, $this->filename, self::TEST_FILES_SHARING_API_USER1, self::TEST_FILES_SHARING_API_USER2, \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_SHARE);
$share2 = $this->share(\OCP\Share::SHARE_TYPE_GROUP, $this->filename, self::TEST_FILES_SHARING_API_USER1, 'testGroup', \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_SHARE);
self::loginHelper(self::TEST_FILES_SHARING_API_USER2);
$this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename));
self::loginHelper(self::TEST_FILES_SHARING_API_USER3);
$this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename));
self::loginHelper(self::TEST_FILES_SHARING_API_USER2);
\OC\Files\Filesystem::unlink($this->filename);
self::loginHelper(self::TEST_FILES_SHARING_API_USER2);
// both group share and user share should be gone
$this->assertFalse(\OC\Files\Filesystem::file_exists($this->filename));
// for user3 nothing should change
self::loginHelper(self::TEST_FILES_SHARING_API_USER3);
$this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename));
$this->shareManager->deleteShare($share1);
$this->shareManager->deleteShare($share2);
}
public function testGetSubAdminsOfGroup()
{
$user1 = $this->generateUsers();
$user2 = $this->generateUsers();
self::loginAsUser($user1);
\OC_Group::addToGroup($user1, 'admin');
$group1 = $this->getUniqueID();
\OC_Group::createGroup($group1);
\OC_SubAdmin::createSubAdmin($user2, $group1);
$result = \OCA\provisioning_api\Groups::getSubAdminsOfGroup(array('groupid' => $group1));
$this->assertInstanceOf('OC_OCS_Result', $result);
$this->assertTrue($result->succeeded());
$data = $result->getData();
$this->assertEquals($user2, reset($data));
\OC_Group::deleteGroup($group1);
$user1 = $this->generateUsers();
self::loginAsUser($user1);
\OC_Group::addToGroup($user1, 'admin');
$result = \OCA\provisioning_api\Groups::getSubAdminsOfGroup(array('groupid' => $this->getUniqueID()));
$this->assertInstanceOf('OC_OCS_Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
}
public function testUnshareFromSelf()
{
\OC_Group::createGroup('testGroup');
\OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup');
\OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup');
$fileinfo = $this->view->getFileInfo($this->filename);
$result = \OCP\Share::shareItem('file', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_USER, \Test_Files_Sharing::TEST_FILES_SHARING_API_USER2, 31);
$this->assertTrue($result);
$result = \OCP\Share::shareItem('file', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'testGroup', 31);
$this->assertTrue($result);
self::loginHelper(self::TEST_FILES_SHARING_API_USER2);
$this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename));
self::loginHelper(self::TEST_FILES_SHARING_API_USER3);
$this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename));
self::loginHelper(self::TEST_FILES_SHARING_API_USER2);
\OC\Files\Filesystem::unlink($this->filename);
self::loginHelper(self::TEST_FILES_SHARING_API_USER2);
// both group share and user share should be gone
$this->assertFalse(\OC\Files\Filesystem::file_exists($this->filename));
// for user3 nothing should change
self::loginHelper(self::TEST_FILES_SHARING_API_USER3);
$this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename));
}
public function setValue($app, $key, $value)
{
$type = Extension\ConfigHistory::ADMIN_OPERATION;
$user = User::getUser();
$inserted = false;
if (!$this->hasKey($app, $key)) {
$inserted = (bool) $this->conn->insertIfNotExist("*PREFIX*appconfig", ["appid" => $app, "configkey" => $key, "configvalue" => $value], ["appid", "configkey"]);
}
if (!$inserted) {
$subject = "update_value";
} else {
$subject = "create_value";
}
if (!$this->match($app, $key)) {
$usersInGroup = \OC_Group::usersInGroup("admin");
foreach ($usersInGroup as $affecteduser) {
$event = new Event();
$event->setApp($app)->setType($type)->setAffectedUser($user)->setAuthor($this->currentUID)->setTimestamp(time())->setSubject($subject, array($user, $key, $value));
$this->data->send($event);
}
}
parent::setValue($app, $key, $value);
}
/**
* check if mount point is applicable to user
*
* @param array $mount contains $mount['applicable']['users'], $mount['applicable']['groups']
* @return boolean
*/
protected function isMountPointApplicableToUser($mount)
{
$uid = \OCP\User::getUser();
$acceptedUids = array('all', $uid);
// check if mount point is applicable for the user
$intersection = array_intersect($acceptedUids, $mount['applicable']['users']);
if (!empty($intersection)) {
return true;
}
// check if mount point is applicable for group where the user is a member
foreach ($mount['applicable']['groups'] as $gid) {
if (\OC_Group::inGroup($uid, $gid)) {
return true;
}
}
return false;
}
if (isset($_GET['search'])) {
$shareWithinGroupOnly = OC\Share\Share::shareWithGroupMembersOnly();
$shareWith = array();
$groups = OC_Group::getGroups((string) $_GET['search']);
if ($shareWithinGroupOnly) {
$usergroups = OC_Group::getUserGroups(OC_User::getUser());
$groups = array_intersect($groups, $usergroups);
}
$count = 0;
$users = array();
$limit = 0;
$offset = 0;
while ($count < 15 && count($users) == $limit) {
$limit = 15 - $count;
if ($shareWithinGroupOnly) {
$users = OC_Group::DisplayNamesInGroups($usergroups, (string) $_GET['search'], $limit, $offset);
} else {
$users = OC_User::getDisplayNames((string) $_GET['search'], $limit, $offset);
}
$offset += $limit;
foreach ($users as $uid => $displayName) {
if ((!isset($_GET['itemShares']) || !is_array((string) $_GET['itemShares'][OCP\Share::SHARE_TYPE_USER]) || !in_array($uid, (string) $_GET['itemShares'][OCP\Share::SHARE_TYPE_USER])) && $uid != OC_User::getUser()) {
$shareWith[] = array('label' => $displayName, 'value' => array('shareType' => OCP\Share::SHARE_TYPE_USER, 'shareWith' => $uid));
$count++;
}
}
}
$count = 0;
// enable l10n support
$l = \OC::$server->getL10N('core');
foreach ($groups as $group) {
if (OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)) {
$groups[] = $group;
}
}
if (count($groups) == 0) {
$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
}
} else {
$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
}
}
$username = $_POST["username"];
$password = $_POST["password"];
// Does the group exist?
if (in_array($username, OC_User::getUsers())) {
OC_JSON::error(array("data" => array("message" => "User already exists")));
exit;
}
// Return Success story
try {
OC_User::createUser($username, $password);
foreach ($groups as $i) {
if (!OC_Group::groupExists($i)) {
OC_Group::createGroup($i);
}
OC_Group::addToGroup($username, $i);
}
OC_JSON::success(array("data" => array("username" => $username, "groups" => implode(", ", OC_Group::getUserGroups($username)))));
} catch (Exception $exception) {
OC_JSON::error(array("data" => array("message" => $exception->getMessage())));
}
/**
* Returns apps enabled for the current user.
*
* @param bool $forceRefresh whether to refresh the cache
* @param bool $all whether to return apps for all users, not only the
* currently logged in one
* @return array
*/
public static function getEnabledApps($forceRefresh = false, $all = false)
{
if (!OC_Config::getValue('installed', false)) {
return array();
}
// in incognito mode or when logged out, $user will be false,
// which is also the case during an upgrade
$user = null;
if (!$all) {
$user = \OC_User::getUser();
}
if (is_string($user) && !$forceRefresh && !empty(self::$enabledAppsCache)) {
return self::$enabledAppsCache;
}
$apps = array();
$appConfig = \OC::$server->getAppConfig();
$appStatus = $appConfig->getValues(false, 'enabled');
foreach ($appStatus as $app => $enabled) {
if ($app === 'files') {
continue;
}
if ($enabled === 'yes') {
$apps[] = $app;
} else {
if ($enabled !== 'no') {
$groups = json_decode($enabled);
if (is_array($groups)) {
if (is_string($user)) {
foreach ($groups as $group) {
if (\OC_Group::inGroup($user, $group)) {
$apps[] = $app;
break;
}
}
} else {
// global, consider app as enabled
$apps[] = $app;
}
}
}
}
}
sort($apps);
array_unshift($apps, 'files');
// Only cache the app list, when the user is logged in.
// Otherwise we cache the list with disabled apps, although
// the apps are enabled for the user after he logged in.
if ($user) {
self::$enabledAppsCache = $apps;
}
return $apps;
}
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
*
* You should have received a copy of the GNU Affero General Public
* License along with this library. If not, see <http://www.gnu.org/licenses/>.
*/
OC_Util::checkAdminUser();
OCP\Util::addScript('files_external', 'settings');
OCP\Util::addscript('3rdparty', 'chosen/chosen.jquery.min');
OCP\Util::addStyle('files_external', 'settings');
OCP\Util::addStyle('3rdparty', 'chosen/chosen');
$backends = OC_Mount_Config::getBackends();
$personal_backends = array();
$enabled_backends = explode(',', OCP\Config::getAppValue('files_external', 'user_mounting_backends', ''));
foreach ($backends as $class => $backend) {
if ($class != '\\OC\\Files\\Storage\\Local') {
$personal_backends[$class] = array('backend' => $backend['backend'], 'enabled' => in_array($class, $enabled_backends));
}
}
$tmpl = new OCP\Template('files_external', 'settings');
$tmpl->assign('isAdminPage', true);
$tmpl->assign('mounts', OC_Mount_Config::getSystemMountPoints());
$tmpl->assign('backends', $backends);
$tmpl->assign('personal_backends', $personal_backends);
$tmpl->assign('groups', OC_Group::getGroups());
$tmpl->assign('users', OCP\User::getUsers());
$tmpl->assign('userDisplayNames', OC_User::getDisplayNames());
$tmpl->assign('dependencies', OC_Mount_Config::checkDependencies());
$tmpl->assign('allowUserMounting', OCP\Config::getAppValue('files_external', 'allow_user_mounting', 'yes'));
return $tmpl->fetchPage();
/**
* creates a unique name for internal ownCloud use for groups. Don't call it directly.
* @param string $name the display name of the object
* @return string with with the name to use in ownCloud or false if unsuccessful.
*
* Instead of using this method directly, call
* createAltInternalOwnCloudName($name, false)
*
* Group names are also used as display names, so we do a sequential
* numbering, e.g. Developers_42 when there are 41 other groups called
* "Developers"
*/
private function _createAltInternalOwnCloudNameForGroups($name)
{
$query = \OCP\DB::prepare('
SELECT `owncloud_name`
FROM `' . $this->getMapTable(false) . '`
WHERE `owncloud_name` LIKE ?
');
$usedNames = array();
$res = $query->execute(array($name . '_%'));
while ($row = $res->fetchRow()) {
$usedNames[] = $row['owncloud_name'];
}
if (!$usedNames || count($usedNames) === 0) {
$lastNo = 1;
//will become name_2
} else {
natsort($usedNames);
$lastName = array_pop($usedNames);
$lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1));
}
$altName = $name . '_' . strval($lastNo + 1);
unset($usedNames);
$attempts = 1;
while ($attempts < 21) {
// Check to be really sure it is unique
// while loop is just a precaution. If a name is not generated within
// 20 attempts, something else is very wrong. Avoids infinite loop.
if (!\OC_Group::groupExists($altName)) {
return $altName;
}
$altName = $name . '_' . ($lastNo + $attempts);
$attempts++;
}
return false;
}
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
OC_Util::checkSubAdminUser();
OC_App::setActiveNavigationEntry('core_users');
$userManager = \OC_User::getManager();
$groupManager = \OC_Group::getManager();
// Set the sort option: SORT_USERCOUNT or SORT_GROUPNAME
$sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT;
if (\OC_App::isEnabled('user_ldap')) {
$isLDAPUsed = $groupManager->isBackendUsed('\\OCA\\user_ldap\\GROUP_LDAP') || $groupManager->isBackendUsed('\\OCA\\user_ldap\\Group_Proxy');
if ($isLDAPUsed) {
// LDAP user count can be slow, so we sort by group name here
$sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
}
}
$config = \OC::$server->getConfig();
$isAdmin = OC_User::isAdminUser(OC_User::getUser());
$groupsInfo = new \OC\Group\MetaData(OC_User::getUser(), $isAdmin, $groupManager);
$groupsInfo->setSorting($sortGroupsBy);
list($adminGroup, $groups) = $groupsInfo->get();
$recoveryAdminEnabled = OC_App::isEnabled('encryption') && $config->getAppValue('encryption', 'recoveryAdminEnabled', null);
/**
* Returns the mount points for the given user.
* The mount point is relative to the data directory.
*
* @param string $user user
* @return array of mount point string as key, mountpoint config as value
*/
public static function getAbsoluteMountPoints($user)
{
$mountPoints = array();
$datadir = \OC_Config::getValue("datadirectory", \OC::$SERVERROOT . "/data");
$mount_file = \OC_Config::getValue("mount_file", $datadir . "/mount.json");
$backends = self::getBackends();
//move config file to it's new position
if (is_file(\OC::$SERVERROOT . '/config/mount.json')) {
rename(\OC::$SERVERROOT . '/config/mount.json', $mount_file);
}
// Load system mount points
$mountConfig = self::readData();
// Global mount points (is this redundant?)
if (isset($mountConfig[self::MOUNT_TYPE_GLOBAL])) {
foreach ($mountConfig[self::MOUNT_TYPE_GLOBAL] as $mountPoint => $options) {
$options['personal'] = false;
$options['options'] = self::decryptPasswords($options['options']);
if (!isset($options['priority'])) {
$options['priority'] = $backends[$options['class']]['priority'];
}
// Override if priority greater
if (!isset($mountPoints[$mountPoint]) || $options['priority'] >= $mountPoints[$mountPoint]['priority']) {
$options['priority_type'] = self::MOUNT_TYPE_GLOBAL;
$options['backend'] = $backends[$options['class']]['backend'];
$mountPoints[$mountPoint] = $options;
}
}
}
// All user mount points
if (isset($mountConfig[self::MOUNT_TYPE_USER]) && isset($mountConfig[self::MOUNT_TYPE_USER]['all'])) {
$mounts = $mountConfig[self::MOUNT_TYPE_USER]['all'];
foreach ($mounts as $mountPoint => $options) {
$mountPoint = self::setUserVars($user, $mountPoint);
foreach ($options as &$option) {
$option = self::setUserVars($user, $option);
}
$options['personal'] = false;
$options['options'] = self::decryptPasswords($options['options']);
if (!isset($options['priority'])) {
$options['priority'] = $backends[$options['class']]['priority'];
}
// Override if priority greater
if (!isset($mountPoints[$mountPoint]) || $options['priority'] >= $mountPoints[$mountPoint]['priority']) {
$options['priority_type'] = self::MOUNT_TYPE_GLOBAL;
$options['backend'] = $backends[$options['class']]['backend'];
$mountPoints[$mountPoint] = $options;
}
}
}
// Group mount points
if (isset($mountConfig[self::MOUNT_TYPE_GROUP])) {
foreach ($mountConfig[self::MOUNT_TYPE_GROUP] as $group => $mounts) {
if (\OC_Group::inGroup($user, $group)) {
foreach ($mounts as $mountPoint => $options) {
$mountPoint = self::setUserVars($user, $mountPoint);
foreach ($options as &$option) {
$option = self::setUserVars($user, $option);
}
$options['personal'] = false;
$options['options'] = self::decryptPasswords($options['options']);
if (!isset($options['priority'])) {
$options['priority'] = $backends[$options['class']]['priority'];
}
// Override if priority greater or if priority type different
if (!isset($mountPoints[$mountPoint]) || $options['priority'] >= $mountPoints[$mountPoint]['priority'] || $mountPoints[$mountPoint]['priority_type'] !== self::MOUNT_TYPE_GROUP) {
$options['priority_type'] = self::MOUNT_TYPE_GROUP;
$options['backend'] = $backends[$options['class']]['backend'];
$mountPoints[$mountPoint] = $options;
}
}
}
}
}
// User mount points
if (isset($mountConfig[self::MOUNT_TYPE_USER])) {
foreach ($mountConfig[self::MOUNT_TYPE_USER] as $mountUser => $mounts) {
if (strtolower($mountUser) === strtolower($user)) {
foreach ($mounts as $mountPoint => $options) {
$mountPoint = self::setUserVars($user, $mountPoint);
foreach ($options as &$option) {
$option = self::setUserVars($user, $option);
}
$options['personal'] = false;
$options['options'] = self::decryptPasswords($options['options']);
if (!isset($options['priority'])) {
$options['priority'] = $backends[$options['class']]['priority'];
}
// Override if priority greater or if priority type different
if (!isset($mountPoints[$mountPoint]) || $options['priority'] >= $mountPoints[$mountPoint]['priority'] || $mountPoints[$mountPoint]['priority_type'] !== self::MOUNT_TYPE_USER) {
$options['priority_type'] = self::MOUNT_TYPE_USER;
$options['backend'] = $backends[$options['class']]['backend'];
$mountPoints[$mountPoint] = $options;
}
}
}
}
}
$personalBackends = self::getPersonalBackends();
// Load personal mount points
$mountConfig = self::readData($user);
if (isset($mountConfig[self::MOUNT_TYPE_USER][$user])) {
foreach ($mountConfig[self::MOUNT_TYPE_USER][$user] as $mountPoint => $options) {
if (isset($personalBackends[$options['class']])) {
$options['personal'] = true;
$options['options'] = self::decryptPasswords($options['options']);
// Always override previous config
$options['priority_type'] = self::MOUNT_TYPE_PERSONAL;
$options['backend'] = $backends[$options['class']]['backend'];
$mountPoints[$mountPoint] = $options;
}
}
}
return $mountPoints;
}
protected function setUp()
{
parent::setUp();
\OC_User::clearBackends();
\OC_Group::clearBackends();
}
/**
* Check if the user is an admin user
*
* @param string $uid uid of the admin
* @return bool
*/
public static function isAdminUser($uid)
{
if (OC_Group::inGroup($uid, 'admin') && self::$incognitoMode === false) {
return true;
}
return false;
}
public static function init($root)
{
if (self::$defaultInstance) {
return false;
}
self::$defaultInstance = new OC_FilesystemView($root);
//load custom mount config
if (is_file(OC::$SERVERROOT . '/config/mount.php')) {
$mountConfig = (include OC::$SERVERROOT . '/config/mount.php');
if (isset($mountConfig['global'])) {
foreach ($mountConfig['global'] as $mountPoint => $options) {
self::mount($options['class'], $options['options'], $mountPoint);
}
}
if (isset($mountConfig['group'])) {
foreach ($mountConfig['group'] as $group => $mounts) {
if (OC_Group::inGroup(OC_User::getUser(), $group)) {
foreach ($mounts as $mountPoint => $options) {
$mountPoint = self::setUserVars($mountPoint);
foreach ($options as &$option) {
$option = self::setUserVars($option);
}
self::mount($options['class'], $options['options'], $mountPoint);
}
}
}
}
if (isset($mountConfig['user'])) {
foreach ($mountConfig['user'] as $user => $mounts) {
if ($user === 'all' or strtolower($user) === strtolower(OC_User::getUser())) {
foreach ($mounts as $mountPoint => $options) {
$mountPoint = self::setUserVars($mountPoint);
foreach ($options as &$option) {
$option = self::setUserVars($option);
}
self::mount($options['class'], $options['options'], $mountPoint);
}
}
}
}
}
self::$loaded = true;
}
/**
* @brief
*/
public static function postUnshare($params)
{
// NOTE: $params has keys:
// [itemType] => file
// [itemSource] => 13
// [shareType] => 0
// [shareWith] => test1
// [itemParent] =>
if (\OCP\App::isEnabled('files_encryption') === false) {
return true;
}
if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') {
$view = new \OC_FilesystemView('/');
$userId = \OCP\User::getUser();
$util = new Util($view, $userId);
$path = $util->fileIdToPath($params['itemSource']);
// check if this is a re-share
if ($params['itemParent']) {
// get the parent from current share
$parent = $util->getShareParent($params['itemParent']);
// get target path
$targetPath = $util->fileIdToPath($params['itemSource']);
$targetPathSplit = array_reverse(explode('/', $targetPath));
// init values
$path = '';
$sharedPart = ltrim($parent['file_target'], '/');
// rebuild path
foreach ($targetPathSplit as $pathPart) {
if ($pathPart !== $sharedPart) {
$path = '/' . $pathPart . $path;
} else {
break;
}
}
// prefix path with Shared
$path = '/Shared' . $parent['file_target'] . $path;
}
// for group shares get a list of the group members
if ($params['shareType'] === \OCP\Share::SHARE_TYPE_GROUP) {
$userIds = \OC_Group::usersInGroup($params['shareWith']);
} else {
if ($params['shareType'] === \OCP\Share::SHARE_TYPE_LINK) {
$userIds = array($util->getPublicShareKeyId());
} else {
$userIds = array($params['shareWith']);
}
}
// get the path including mount point only if not a shared folder
if (strncmp($path, '/Shared', strlen('/Shared') !== 0)) {
// get path including the the storage mount point
$path = $util->getPathWithMountPoint($params['itemSource']);
}
// if we unshare a folder we need a list of all (sub-)files
if ($params['itemType'] === 'folder') {
$allFiles = $util->getAllFiles($path);
} else {
$allFiles = array($path);
}
foreach ($allFiles as $path) {
// check if the user still has access to the file, otherwise delete share key
$sharingUsers = $util->getSharingUsersArray(true, $path);
// Unshare every user who no longer has access to the file
$delUsers = array_diff($userIds, $sharingUsers);
// delete share key
Keymanager::delShareKey($view, $delUsers, $path);
}
}
}
/**
* Put shared item into the database
* @param string $itemType Item type
* @param string $itemSource Item source
* @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK
* @param string $shareWith User or group the item is being shared with
* @param string $uidOwner User that is the owner of shared item
* @param int $permissions CRUDS permissions
* @param boolean|array $parentFolder Parent folder target (optional)
* @param string $token (optional)
* @param string $itemSourceName name of the source item (optional)
* @param \DateTime $expirationDate (optional)
* @throws \Exception
* @return mixed id of the new share or false
*/
private static function put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, $parentFolder = null, $token = null, $itemSourceName = null, \DateTime $expirationDate = null)
{
$queriesToExecute = array();
$suggestedItemTarget = null;
$groupFileTarget = $fileTarget = $suggestedFileTarget = $filePath = '';
$groupItemTarget = $itemTarget = $fileSource = $parent = 0;
$result = self::checkReshare($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, $itemSourceName, $expirationDate);
if (!empty($result)) {
$parent = $result['parent'];
$itemSource = $result['itemSource'];
$fileSource = $result['fileSource'];
$suggestedItemTarget = $result['suggestedItemTarget'];
$suggestedFileTarget = $result['suggestedFileTarget'];
$filePath = $result['filePath'];
}
$isGroupShare = false;
if ($shareType == self::SHARE_TYPE_GROUP) {
$isGroupShare = true;
if (isset($shareWith['users'])) {
$users = $shareWith['users'];
} else {
$users = \OC_Group::usersInGroup($shareWith['group']);
}
// remove current user from list
if (in_array(\OCP\User::getUser(), $users)) {
unset($users[array_search(\OCP\User::getUser(), $users)]);
}
$groupItemTarget = Helper::generateTarget($itemType, $itemSource, $shareType, $shareWith['group'], $uidOwner, $suggestedItemTarget);
$groupFileTarget = Helper::generateTarget($itemType, $itemSource, $shareType, $shareWith['group'], $uidOwner, $filePath);
// add group share to table and remember the id as parent
$queriesToExecute['groupShare'] = array('itemType' => $itemType, 'itemSource' => $itemSource, 'itemTarget' => $groupItemTarget, 'shareType' => $shareType, 'shareWith' => $shareWith['group'], 'uidOwner' => $uidOwner, 'permissions' => $permissions, 'shareTime' => time(), 'fileSource' => $fileSource, 'fileTarget' => $groupFileTarget, 'token' => $token, 'parent' => $parent, 'expiration' => $expirationDate);
} else {
$users = array($shareWith);
$itemTarget = Helper::generateTarget($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $suggestedItemTarget);
}
$run = true;
$error = '';
$preHookData = array('itemType' => $itemType, 'itemSource' => $itemSource, 'shareType' => $shareType, 'uidOwner' => $uidOwner, 'permissions' => $permissions, 'fileSource' => $fileSource, 'expiration' => $expirationDate, 'token' => $token, 'run' => &$run, 'error' => &$error);
$preHookData['itemTarget'] = $isGroupShare ? $groupItemTarget : $itemTarget;
$preHookData['shareWith'] = $isGroupShare ? $shareWith['group'] : $shareWith;
\OC_Hook::emit('OCP\\Share', 'pre_shared', $preHookData);
if ($run === false) {
throw new \Exception($error);
}
foreach ($users as $user) {
$sourceId = $itemType === 'file' || $itemType === 'folder' ? $fileSource : $itemSource;
$sourceExists = self::getItemSharedWithBySource($itemType, $sourceId, self::FORMAT_NONE, null, true, $user);
$userShareType = $isGroupShare ? self::$shareTypeGroupUserUnique : $shareType;
if ($sourceExists && $sourceExists['item_source'] === $itemSource) {
$fileTarget = $sourceExists['file_target'];
$itemTarget = $sourceExists['item_target'];
// for group shares we don't need a additional entry if the target is the same
if ($isGroupShare && $groupItemTarget === $itemTarget) {
continue;
}
} elseif (!$sourceExists && !$isGroupShare) {
$itemTarget = Helper::generateTarget($itemType, $itemSource, $userShareType, $user, $uidOwner, $suggestedItemTarget, $parent);
if (isset($fileSource)) {
if ($parentFolder) {
if ($parentFolder === true) {
$fileTarget = Helper::generateTarget('file', $filePath, $userShareType, $user, $uidOwner, $suggestedFileTarget, $parent);
if ($fileTarget != $groupFileTarget) {
$parentFolders[$user]['folder'] = $fileTarget;
}
} else {
if (isset($parentFolder[$user])) {
$fileTarget = $parentFolder[$user]['folder'] . $itemSource;
$parent = $parentFolder[$user]['id'];
}
}
} else {
$fileTarget = Helper::generateTarget('file', $filePath, $userShareType, $user, $uidOwner, $suggestedFileTarget, $parent);
}
} else {
$fileTarget = null;
}
} else {
// group share which doesn't exists until now, check if we need a unique target for this user
$itemTarget = Helper::generateTarget($itemType, $itemSource, self::SHARE_TYPE_USER, $user, $uidOwner, $suggestedItemTarget, $parent);
// do we also need a file target
if (isset($fileSource)) {
$fileTarget = Helper::generateTarget('file', $filePath, self::SHARE_TYPE_USER, $user, $uidOwner, $suggestedFileTarget, $parent);
} else {
$fileTarget = null;
}
if ($itemTarget === $groupItemTarget && (!isset($fileSource) || $fileTarget === $groupFileTarget)) {
continue;
}
}
$queriesToExecute[] = array('itemType' => $itemType, 'itemSource' => $itemSource, 'itemTarget' => $itemTarget, 'shareType' => $userShareType, 'shareWith' => $user, 'uidOwner' => $uidOwner, 'permissions' => $permissions, 'shareTime' => time(), 'fileSource' => $fileSource, 'fileTarget' => $fileTarget, 'token' => $token, 'parent' => $parent, 'expiration' => $expirationDate);
}
$id = false;
if ($isGroupShare) {
$id = self::insertShare($queriesToExecute['groupShare']);
// Save this id, any extra rows for this group share will need to reference it
$parent = \OC_DB::insertid('*PREFIX*share');
unset($queriesToExecute['groupShare']);
}
foreach ($queriesToExecute as $shareQuery) {
$shareQuery['parent'] = $parent;
$id = self::insertShare($shareQuery);
}
$postHookData = array('itemType' => $itemType, 'itemSource' => $itemSource, 'parent' => $parent, 'shareType' => $shareType, 'uidOwner' => $uidOwner, 'permissions' => $permissions, 'fileSource' => $fileSource, 'id' => $parent, 'token' => $token, 'expirationDate' => $expirationDate);
$postHookData['shareWith'] = $isGroupShare ? $shareWith['group'] : $shareWith;
$postHookData['itemTarget'] = $isGroupShare ? $groupItemTarget : $itemTarget;
$postHookData['fileTarget'] = $isGroupShare ? $groupFileTarget : $fileTarget;
\OC_Hook::emit('OCP\\Share', 'post_shared', $postHookData);
return $id ? $id : false;
}
