/** * returns a list of users * * @return OC_OCS_Result */ public function getUsers() { $search = !empty($_GET['search']) ? $_GET['search'] : ''; $limit = !empty($_GET['limit']) ? $_GET['limit'] : null; $offset = !empty($_GET['offset']) ? $_GET['offset'] : null; // Check if user is logged in $user = $this->userSession->getUser(); if ($user === null) { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } // Admin? Or SubAdmin? if ($this->groupManager->isAdmin($user->getUID())) { $users = $this->userManager->search($search, $limit, $offset); } else { if (\OC_SubAdmin::isSubAdmin($user->getUID())) { $subAdminOfGroups = \OC_SubAdmin::getSubAdminsGroups($user->getUID()); if ($offset === null) { $offset = 0; } $users = []; foreach ($subAdminOfGroups as $group) { $users = array_merge($users, $this->groupManager->displayNamesInGroup($group, $search)); } $users = array_slice($users, $offset, $limit); } else { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } } $users = array_keys($users); return new OC_OCS_Result(['users' => $users]); }
/** * Check if the user is a subadmin, send json error msg if not */ public static function checkSubAdminUser() { if (!OC_SubAdmin::isSubAdmin(OC_User::getUser())) { $l = OC_L10N::get('lib'); self::error(array('data' => array('message' => $l->t('Authentication error'), 'error' => 'authentication_error'))); exit; } }
/** * Check if the user is a subadmin, send json error msg if not */ public static function checkSubAdminUser() { self::checkLoggedIn(); self::verifyUser(); if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) { $l = OC_L10N::get('lib'); self::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); exit(); } }
/** * returns an array of users in the group specified */ public static function getGroup($parameters) { // Check the group exists if (!OC_Group::groupExists($parameters['groupid'])) { return new OC_OCS_Result(null, \OC_API::RESPOND_NOT_FOUND, 'The requested group could not be found'); } // Check subadmin has access to this group if (\OC_User::isAdminUser(\OC_User::getUser()) || in_array($parameters['groupid'], \OC_SubAdmin::getSubAdminsGroups(\OC_User::getUser()))) { return new OC_OCS_Result(array('users' => OC_Group::usersInGroup($parameters['groupid']))); } else { return new OC_OCS_Result(null, \OC_API::RESPOND_UNAUTHORISED, 'User does not have access to specified group'); } }
private function getAdministeredGroups() { $this->requireLogin(); if (class_exists('\\OC_SubAdmin', true)) { return \OC_SubAdmin::getSubAdminsGroups($this->getUserId()); } // Nextcloud 9 $subadmin = new \OC\SubAdmin(\OC::$server->getUserManager(), \OC::$server->getGroupManager(), \OC::$server->getDatabaseConnection()); $ocgroups = $subadmin->getSubAdminsGroups($this->user); $groups = array(); foreach ($ocgroups as $ocgroup) { $groups[] = $ocgroup->getGID(); } return $groups; }
/** * returns an array of users in the group specified */ public function getGroup($parameters) { // Check if user is logged in $user = $this->userSession->getUser(); if ($user === null) { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } // Check the group exists if (!$this->groupManager->groupExists($parameters['groupid'])) { return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested group could not be found'); } // Check subadmin has access to this group if ($this->groupManager->isAdmin($user->getUID()) || in_array($parameters['groupid'], \OC_SubAdmin::getSubAdminsGroups($user->getUID()))) { $users = $this->groupManager->get($parameters['groupid'])->getUsers(); $users = array_map(function ($user) { return $user->getUID(); }, $users); $users = array_values($users); return new OC_OCS_Result(['users' => $users]); } else { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED, 'User does not have access to specified group'); } }
public function testGetSubAdminsOfGroup() { $user1 = $this->generateUsers(); $user2 = $this->generateUsers(); self::loginAsUser($user1); \OC_Group::addToGroup($user1, 'admin'); $group1 = $this->getUniqueID(); \OC_Group::createGroup($group1); \OC_SubAdmin::createSubAdmin($user2, $group1); $result = \OCA\provisioning_api\Groups::getSubAdminsOfGroup(array('groupid' => $group1)); $this->assertInstanceOf('OC_OCS_Result', $result); $this->assertTrue($result->succeeded()); $data = $result->getData(); $this->assertEquals($user2, reset($data)); \OC_Group::deleteGroup($group1); $user1 = $this->generateUsers(); self::loginAsUser($user1); \OC_Group::addToGroup($user1, 'admin'); $result = \OCA\provisioning_api\Groups::getSubAdminsOfGroup(array('groupid' => $this->getUniqueID())); $this->assertInstanceOf('OC_OCS_Result', $result); $this->assertFalse($result->succeeded()); $this->assertEquals(101, $result->getStatusCode()); }
/** * @param array $calendar * @param string $userId * @return boolean */ private static function isAllowedToDeleteCalendar($calendar) { $userId = OCP\User::getUser(); //in case it is called by command line or cron if ($userId == '') { return true; } if ($calendar['userid'] === $userId) { return true; } if (OC_User::isAdminUser($userId)) { return true; } if (OC_SubAdmin::isUserAccessible($userId, $calendar['userid'])) { return true; } return false; }
<?php // Check if we are a user OCP\JSON::callCheck(); OC_JSON::checkLoggedIn(); // Manually load apps to ensure hooks work correctly (workaround for issue 1503) OC_APP::loadApps(); $username = isset($_POST['username']) ? $_POST['username'] : OC_User::getUser(); $password = isset($_POST['password']) ? $_POST['password'] : null; $oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : ''; $recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null; $userstatus = null; if (OC_User::isAdminUser(OC_User::getUser())) { $userstatus = 'admin'; } if (OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { $userstatus = 'subadmin'; } if (OC_User::getUser() === $username && OC_User::checkPassword($username, $oldPassword)) { $userstatus = 'user'; } if (is_null($userstatus)) { OC_JSON::error(array('data' => array('message' => 'Authentication error'))); exit; } if (\OCP\App::isEnabled('files_encryption') && $userstatus !== 'user') { //handle the recovery case $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username); $recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled'); $validRecoveryPassword = false; $recoveryPasswordSupported = false;
$pattern = ''; } $users = array(); $userManager = \OC_User::getManager(); if (OC_User::isAdminUser(OC_User::getUser())) { if ($gid !== false) { $batch = OC_Group::displayNamesInGroup($gid, $pattern, $limit, $offset); } else { $batch = OC_User::getDisplayNames($pattern, $limit, $offset); } foreach ($batch as $uid => $displayname) { $user = $userManager->get($uid); $users[] = array('name' => $uid, 'displayname' => $displayname, 'groups' => join(', ', OC_Group::getUserGroups($uid)), 'subadmin' => join(', ', OC_SubAdmin::getSubAdminsGroups($uid)), 'quota' => OC_Preferences::getValue($uid, 'files', 'quota', 'default'), 'storageLocation' => $user->getHome(), 'lastLogin' => $user->getLastLogin()); } } else { $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); if ($gid !== false && in_array($gid, $groups)) { $groups = array($gid); } elseif ($gid !== false) { //don't you try to investigate loops you must not know about $groups = array(); } $batch = OC_Group::usersInGroups($groups, $pattern, $limit, $offset); foreach ($batch as $uid) { $user = $userManager->get($uid); // Only add the groups, this user is a subadmin of $userGroups = array_intersect(OC_Group::getUserGroups($uid), OC_SubAdmin::getSubAdminsGroups(OC_User::getUser())); $users[] = array('name' => $uid, 'displayname' => $user->getDisplayName(), 'groups' => join(', ', $userGroups), 'quota' => OC_Preferences::getValue($uid, 'files', 'quota', 'default'), 'storageLocation' => $user->getHome(), 'lastLogin' => $user->getLastLogin()); } } OC_JSON::success(array('data' => $users));
<?php // Init owncloud require_once '../../lib/base.php'; OC_JSON::checkAdminUser(); OCP\JSON::callCheck(); $username = $_POST["username"]; $group = OC_Util::sanitizeHTML($_POST["group"]); // Toggle group if (OC_SubAdmin::isSubAdminofGroup($username, $group)) { OC_SubAdmin::deleteSubAdmin($username, $group); } else { OC_SubAdmin::createSubAdmin($username, $group); } OC_JSON::success();
if (isset($_POST["groups"])) { $groups = $_POST["groups"]; } } else { if (isset($_POST["groups"])) { $groups = array(); foreach ($_POST["groups"] as $group) { if (OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)) { $groups[] = $group; } } if (count($groups) == 0) { $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); } } else { $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); } } $username = $_POST["username"]; $password = $_POST["password"]; // Does the group exist? if (in_array($username, OC_User::getUsers())) { OC_JSON::error(array("data" => array("message" => "User already exists"))); exit; } // Return Success story try { OC_User::createUser($username, $password); foreach ($groups as $i) { if (!OC_Group::groupExists($i)) { OC_Group::createGroup($i);
* it under the terms of the GNU Affero General Public License, version 3, * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $username = isset($_POST["username"]) ? (string) $_POST["username"] : ''; if ($username === '' && !OC_User::isAdminUser(OC_User::getUser()) || !OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { $l = \OC::$server->getL10N('core'); OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } //make sure the quota is in the expected format $quota = (string) $_POST["quota"]; if ($quota !== 'none' and $quota !== 'default') { $quota = OC_Helper::computerFileSize($quota); $quota = OC_Helper::humanFileSize($quota); } // Return Success story if ($username) { \OC::$server->getConfig()->setUserValue($username, 'files', 'quota', $quota); } else { //set the default quota when no username is specified
/** * Check if the user is a subadmin, redirects to home if not * * @return null|boolean $groups where the current user is subadmin */ public static function checkSubAdminUser() { OC_Util::checkLoggedIn(); if (!OC_SubAdmin::isSubAdmin(OC_User::getUser())) { header('Location: ' . OC_Helper::linkToAbsolute('', 'index.php')); exit; } return true; }
<?php OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $success = true; $username = $_POST["username"]; $group = $_POST["group"]; if ($username == OC_User::getUser() && $group == "admin" && OC_User::isAdminUser($username)) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Admins can\'t remove themself from the admin group')))); exit; } if (!OC_User::isAdminUser(OC_User::getUser()) && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } if (!OC_Group::groupExists($group)) { OC_Group::createGroup($group); } $l = OC_L10N::get('settings'); $error = $l->t("Unable to add user to group %s", $group); $action = "add"; // Toggle group if (OC_Group::inGroup($username, $group)) { $action = "remove"; $error = $l->t("Unable to remove user from group %s", $group); $success = OC_Group::removeFromGroup($username, $group); $usersInGroup = OC_Group::usersInGroup($group); if (count($usersInGroup) == 0) { OC_Group::deleteGroup($group);
<?php OC_JSON::callCheck(); OC_JSON::checkSubAdminUser(); $userCount = 0; $currentUser = \OC::$server->getUserSession()->getUser()->getUID(); if (!OC_User::isAdminUser($currentUser)) { $groups = OC_SubAdmin::getSubAdminsGroups($currentUser); foreach ($groups as $group) { $userCount += count(OC_Group::usersInGroup($group)); } } else { $userCountArray = \OC::$server->getUserManager()->countUsers(); if (!empty($userCountArray)) { foreach ($userCountArray as $classname => $usercount) { $userCount += $usercount; } } } OC_JSON::success(array('count' => $userCount));
public static function changeUserPassword($args) { // Check if we are an user \OC_JSON::callCheck(); \OC_JSON::checkLoggedIn(); // Manually load apps to ensure hooks work correctly (workaround for issue 1503) \OC_App::loadApps(); if (isset($_POST['username'])) { $username = $_POST['username']; } else { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('No user supplied')))); exit; } $password = isset($_POST['password']) ? $_POST['password'] : null; $recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null; if (\OC_User::isAdminUser(\OC_User::getUser())) { $userstatus = 'admin'; } elseif (\OC_SubAdmin::isUserAccessible(\OC_User::getUser(), $username)) { $userstatus = 'subadmin'; } else { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } if (\OC_App::isEnabled('files_encryption')) { //handle the recovery case $util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username); $recoveryAdminEnabled = \OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled'); $validRecoveryPassword = false; $recoveryPasswordSupported = false; if ($recoveryAdminEnabled) { $validRecoveryPassword = $util->checkRecoveryPassword($recoveryPassword); $recoveryEnabledForUser = $util->recoveryEnabledForUser(); } if ($recoveryEnabledForUser && $recoveryPassword === '') { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('Please provide an admin recovery password, otherwise all user data will be lost')))); } elseif ($recoveryEnabledForUser && !$validRecoveryPassword) { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('Wrong admin recovery password. Please check the password and try again.')))); } else { // now we know that everything is fine regarding the recovery password, let's try to change the password $result = \OC_User::setPassword($username, $password, $recoveryPassword); if (!$result && $recoveryPasswordSupported) { $l = new \OC_L10n('settings'); \OC_JSON::error(array("data" => array("message" => $l->t("Back-end doesn't support password change, but the users encryption key was successfully updated.")))); } elseif (!$result && !$recoveryPasswordSupported) { $l = new \OC_L10n('settings'); \OC_JSON::error(array("data" => array("message" => $l->t("Unable to change password")))); } else { \OC_JSON::success(array("data" => array("username" => $username))); } } } else { // if encryption is disabled, proceed if (!is_null($password) && \OC_User::setPassword($username, $password)) { \OC_JSON::success(array('data' => array('username' => $username))); } else { $l = new \OC_L10n('settings'); \OC_JSON::error(array('data' => array('message' => $l->t('Unable to change password')))); } } }
$quotaPreset = explode(',', $quotaPreset); foreach ($quotaPreset as &$preset) { $preset = trim($preset); } $quotaPreset = array_diff($quotaPreset, array('default', 'none')); $defaultQuota = OC_Appconfig::getValue('files', 'default_quota', 'none'); $defaultQuotaIsUserDefined = array_search($defaultQuota, $quotaPreset) === false && array_search($defaultQuota, array('none', 'default')) === false; // load users and quota foreach ($accessibleusers as $uid => $displayName) { $quota = OC_Preferences::getValue($uid, 'files', 'quota', 'default'); $isQuotaUserDefined = array_search($quota, $quotaPreset) === false && array_search($quota, array('none', 'default')) === false; $name = $displayName; if ($displayName !== $uid) { $name = $name . ' (' . $uid . ')'; } $users[] = array("name" => $uid, "displayName" => $displayName, "groups" => OC_Group::getUserGroups($uid), 'quota' => $quota, 'isQuotaUserDefined' => $isQuotaUserDefined, 'subadmin' => OC_SubAdmin::getSubAdminsGroups($uid)); } foreach ($accessiblegroups as $i) { // Do some more work here soon $groups[] = array("name" => $i); } $tmpl = new OC_Template("settings", "users", "user"); $tmpl->assign('users', $users); $tmpl->assign('groups', $groups); $tmpl->assign('isadmin', (int) $isadmin); $tmpl->assign('subadmins', $subadmins); $tmpl->assign('numofgroups', count($accessiblegroups)); $tmpl->assign('quota_preset', $quotaPreset); $tmpl->assign('default_quota', $defaultQuota); $tmpl->assign('defaultQuotaIsUserDefined', $defaultQuotaIsUserDefined); $tmpl->assign('recoveryAdminEnabled', $recoveryAdminEnabled);
<?php /** * Copyright (c) 2012, Robin Appelman <*****@*****.**> * This file is licensed under the Affero General Public License version 3 or later. * See the COPYING-README file. */ // Init owncloud require_once '../../lib/base.php'; OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $username = isset($_POST["username"]) ? $_POST["username"] : ''; if ($username == '' && !OC_Group::inGroup(OC_User::getUser(), 'admin') || !OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } //make sure the quota is in the expected format $quota = $_POST["quota"]; if ($quota != 'none' and $quota != 'default') { $quota = OC_Helper::computerFileSize($quota); if ($quota == 0) { $quota = 'default'; } else { $quota = OC_Helper::humanFileSize($quota); } } // Return Success story if ($username) { OC_Preferences::setValue($username, 'files', 'quota', $quota); } else {
$UserTokenSeed = ""; $UserLocked = ""; $UserAlgorithm = ""; $UserPin = ""; $UserPrefixPin = ""; //get otp information : $OtpExist = $mOtp->CheckUserExists($uid); if ($OtpExist) { $mOtp->SetUser($uid); $UserTokenSeed = base32_encode(hex2bin($mOtp->GetUserTokenSeed())); $UserLocked = $mOtp->GetUserLocked(); $UserAlgorithm = $mOtp->GetUserAlgorithm(); $UserPin = $mOtp->GetUserPin(); $UserPrefixPin = $mOtp->GetUserPrefixPin(); } $users[] = array("name" => $uid, "displayName" => $displayName, "groups" => OC_Group::getUserGroups($uid), 'subadmin' => OC_SubAdmin::getSubAdminsGroups($uid), 'OtpExist' => $OtpExist, 'UserTokenSeed' => $UserTokenSeed, 'UserLocked' => $UserLocked, 'UserAlgorithm' => $UserAlgorithm, 'UserPin' => $UserPin, 'UserPrefixPin' => $UserPrefixPin); } foreach ($accessiblegroups as $i) { // Do some more work here soon $groups[] = array("name" => $i); } $tmpl = new OC_Template("user_otp", "list_users", "user"); $tmpl->assign('PrefixPin', OCP\Config::getAppValue('user_otp', 'UserPrefixPin', '0') ? 1 : 0); $tmpl->assign('users', $users); $tmpl->assign('groups', $groups); $tmpl->assign('isadmin', (int) $isadmin); $tmpl->assign('subadmins', $subadmins); $tmpl->assign('numofgroups', count($accessiblegroups)); //~ $tmpl->assign( 'quota_preset', $quotaPreset); //~ $tmpl->assign( 'default_quota', $defaultQuota); //~ $tmpl->assign( 'defaultQuotaIsUserDefined', $defaultQuotaIsUserDefined);
/** * @param IUser $user * @param array $userGroups * @return array */ private function formatUserForIndex(IUser $user, array $userGroups = null) { // TODO: eliminate this encryption specific code below and somehow // hook in additional user info from other apps // recovery isn't possible if admin or user has it disabled and encryption // is enabled - so we eliminate the else paths in the conditional tree // below $restorePossible = false; if ($this->isEncryptionAppEnabled) { if ($this->isRestoreEnabled) { // check for the users recovery setting $recoveryMode = $this->config->getUserValue($user->getUID(), 'encryption', 'recoveryEnabled', '0'); // method call inside empty is possible with PHP 5.5+ $recoveryModeEnabled = !empty($recoveryMode); if ($recoveryModeEnabled) { // user also has recovery mode enabled $restorePossible = true; } } } else { // recovery is possible if encryption is disabled (plain files are // available) $restorePossible = true; } return ['name' => $user->getUID(), 'displayname' => $user->getDisplayName(), 'groups' => empty($userGroups) ? $this->groupManager->getUserGroupIds($user) : $userGroups, 'subadmin' => \OC_SubAdmin::getSubAdminsGroups($user->getUID()), 'quota' => $this->config->getUserValue($user->getUID(), 'files', 'quota', 'default'), 'storageLocation' => $user->getHome(), 'lastLogin' => $user->getLastLogin() * 1000, 'backend' => $user->getBackendClassName(), 'email' => $this->config->getUserValue($user->getUID(), 'settings', 'email', ''), 'isRestoreDisabled' => !$restorePossible]; }
public function testGetSubAdminsOfGroup() { $user1 = $this->generateUsers(); $user2 = $this->generateUsers(); $this->userSession->setUser($user1); $this->groupManager->get('admin')->addUser($user1); $group1 = $this->groupManager->createGroup($this->getUniqueID()); \OC_SubAdmin::createSubAdmin($user2->getUID(), $group1->getGID()); $result = $this->api->getSubAdminsOfGroup(['groupid' => $group1->getGID()]); $this->assertInstanceOf('OC_OCS_Result', $result); $this->assertTrue($result->succeeded()); $data = $result->getData(); $this->assertEquals($user2->getUID(), reset($data)); $group1->delete(); $user1 = $this->generateUsers(); $this->userSession->setUser($user1); $this->groupManager->get('admin')->addUser($user1); $result = $this->api->getSubAdminsOfGroup(['groupid' => $this->getUniqueID()]); $this->assertInstanceOf('OC_OCS_Result', $result); $this->assertFalse($result->succeeded()); $this->assertEquals(101, $result->getStatusCode()); }
/** * Set the mail address of a user * * @NoAdminRequired * @NoSubadminRequired * * @param string $id * @param string $mailAddress * @return DataResponse * * TODO: Tidy up and write unit tests - code is mainly static method calls */ public function setMailAddress($id, $mailAddress) { // FIXME: Remove this static function call at some point… if ($this->userSession->getUser()->getUID() !== $id && !$this->isAdmin && !\OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $id)) { return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Forbidden'))), Http::STATUS_FORBIDDEN); } if ($mailAddress !== '' && !$this->mail->validateAddress($mailAddress)) { return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Invalid mail address'))), Http::STATUS_UNPROCESSABLE_ENTITY); } $user = $this->userManager->get($id); if (!$user) { return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Invalid user'))), Http::STATUS_UNPROCESSABLE_ENTITY); } // this is the only permission a backend provides and is also used // for the permission of setting a email address if (!$user->canChangeDisplayName()) { return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Unable to change mail address'))), Http::STATUS_FORBIDDEN); } $this->config->setUserValue($id, 'settings', 'email', $mailAddress); return new DataResponse(array('status' => 'success', 'data' => array('username' => $id, 'mailAddress' => $mailAddress, 'message' => (string) $this->l10n->t('Email saved'))), Http::STATUS_OK); }
/** * Check if the user is a subadmin, redirects to home if not * @return array $groups where the current user is subadmin */ public static function checkSubAdminUser() { // Check if we are a user self::checkLoggedIn(); self::verifyUser(); if (OC_Group::inGroup(OC_User::getUser(), 'admin')) { return true; } if (!OC_SubAdmin::isSubAdmin(OC_User::getUser())) { header('Location: ' . OC_Helper::linkToAbsolute('', 'index.php')); exit; } return true; }
/** * authenticate the api call * @param array $action the action details as supplied to OC_API::register() * @return bool */ private static function isAuthorised($action) { $level = $action['authlevel']; switch ($level) { case API::GUEST_AUTH: // Anyone can access return true; break; case API::USER_AUTH: // User required return self::loginUser(); break; case API::SUBADMIN_AUTH: // Check for subadmin $user = self::loginUser(); if (!$user) { return false; } else { $subAdmin = OC_SubAdmin::isSubAdmin($user); $admin = OC_User::isAdminUser($user); if ($subAdmin || $admin) { return true; } else { return false; } } break; case API::ADMIN_AUTH: // Check for admin $user = self::loginUser(); if (!$user) { return false; } else { return OC_User::isAdminUser($user); } break; default: // oops looks like invalid level supplied return false; break; } }
/** * returns the available groups * @param string $search a search string * @return \OC\Group\Group[] */ private function getGroups($search = '') { if ($this->isAdmin) { return $this->groupManager->search($search); } else { // FIXME: Remove static method call $groupIds = \OC_SubAdmin::getSubAdminsGroups($this->user); /* \OC_SubAdmin::getSubAdminsGroups() returns an array of GIDs, but this * method is expected to return an array with the GIDs as keys and group objects as * values, so we need to convert this information. */ $groups = array(); foreach ($groupIds as $gid) { $group = $this->groupManager->get($gid); if (!is_null($group)) { $groups[$gid] = $group; } } return $groups; } }
$sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT; if (\OC_App::isEnabled('user_ldap')) { $isLDAPUsed = $groupManager->isBackendUsed('\\OCA\\user_ldap\\GROUP_LDAP') || $groupManager->isBackendUsed('\\OCA\\user_ldap\\Group_Proxy'); if ($isLDAPUsed) { // LDAP user count can be slow, so we sort by group name here $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME; } } $config = \OC::$server->getConfig(); $isAdmin = OC_User::isAdminUser(OC_User::getUser()); $groupsInfo = new \OC\Group\MetaData(OC_User::getUser(), $isAdmin, $groupManager); $groupsInfo->setSorting($sortGroupsBy); list($adminGroup, $groups) = $groupsInfo->get(); $recoveryAdminEnabled = OC_App::isEnabled('encryption') && $config->getAppValue('encryption', 'recoveryAdminEnabled', null); if ($isAdmin) { $subadmins = OC_SubAdmin::getAllSubAdmins(); } else { /* Retrieve group IDs from $groups array, so we can pass that information into OC_Group::displayNamesInGroups() */ $gids = array(); foreach ($groups as $group) { if (isset($group['id'])) { $gids[] = $group['id']; } } $subadmins = false; } // load preset quotas $quotaPreset = $config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB'); $quotaPreset = explode(',', $quotaPreset); foreach ($quotaPreset as &$preset) { $preset = trim($preset);
OC_Util::addStyle('settings', 'settings'); OC_App::setActiveNavigationEntry('core_users'); $users = array(); $groups = array(); $isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin') ? true : false; if ($isadmin) { $accessiblegroups = OC_Group::getGroups(); $accessibleusers = OC_User::getUsers('', 30); $subadmins = OC_SubAdmin::getAllSubAdmins(); } else { $accessiblegroups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); $accessibleusers = OC_Group::usersInGroups($accessiblegroups, '', 30); $subadmins = false; } foreach ($accessibleusers as $i) { $users[] = array("name" => $i, "groups" => join(", ", OC_Group::getUserGroups($i)), 'quota' => OC_Preferences::getValue($i, 'files', 'quota', 'default'), 'subadmin' => implode(', ', OC_SubAdmin::getSubAdminsGroups($i))); } foreach ($accessiblegroups as $i) { // Do some more work here soon $groups[] = array("name" => $i); } $quotaPreset = OC_Appconfig::getValue('files', 'quota_preset', 'default,none,1 GB, 5 GB, 10 GB'); $quotaPreset = explode(',', $quotaPreset); foreach ($quotaPreset as &$preset) { $preset = trim($preset); } $defaultQuota = OC_Appconfig::getValue('files', 'default_quota', 'none'); $tmpl = new OC_Template("settings", "users", "user"); $tmpl->assign("users", $users); $tmpl->assign("groups", $groups); $tmpl->assign('isadmin', (int) $isadmin);
/** * Returns the Settings Navigation * @return string * * This function returns an array containing all settings pages added. The * entries are sorted by the key 'order' ascending. */ public static function getSettingsNavigation() { $l = \OC::$server->getL10N('lib'); $settings = array(); // by default, settings only contain the help menu if (OC_Util::getEditionString() === '' && OC_Config::getValue('knowledgebaseenabled', true) == true) { $settings = array(array("id" => "help", "order" => 1000, "href" => OC_Helper::linkToRoute("settings_help"), "name" => $l->t("Help"), "icon" => OC_Helper::imagePath("settings", "help.svg"))); } // if the user is logged-in if (OC_User::isLoggedIn()) { // personal menu $settings[] = array("id" => "personal", "order" => 1, "href" => OC_Helper::linkToRoute("settings_personal"), "name" => $l->t("Personal"), "icon" => OC_Helper::imagePath("settings", "personal.svg")); // if there are some settings forms if (!empty(self::$settingsForms)) { // settings menu $settings[] = array("id" => "settings", "order" => 1000, "href" => OC_Helper::linkToRoute("settings_settings"), "name" => $l->t("Settings"), "icon" => OC_Helper::imagePath("settings", "settings.svg")); } //SubAdmins are also allowed to access user management if (OC_SubAdmin::isSubAdmin(OC_User::getUser())) { // admin users menu $settings[] = array("id" => "core_users", "order" => 2, "href" => OC_Helper::linkToRoute("settings_users"), "name" => $l->t("Users"), "icon" => OC_Helper::imagePath("settings", "users.svg")); } // if the user is an admin if (OC_User::isAdminUser(OC_User::getUser())) { // admin settings $settings[] = array("id" => "admin", "order" => 1000, "href" => OC_Helper::linkToRoute("settings_admin"), "name" => $l->t("Admin"), "icon" => OC_Helper::imagePath("settings", "admin.svg")); } } $navigation = self::proceedNavigation($settings); return $navigation; }
/** * @param array $calendar * @param string $userId * @return boolean */ private static function isAllowedToDeleteCalendar($calendar) { $userId = OCP\User::getUser(); if ($calendar['userid'] === $userId) { return true; } if (OC_User::isAdminUser($userId)) { return true; } if (OC_SubAdmin::isUserAccessible($userId, $calendar['userid'])) { return true; } return false; }