public static function checkGroupRightsForPrincipal($uid) { $appConfig = \OC::$server->getAppConfig(); $isEnabled = $appConfig->getValue(self::$appname, 'enabled'); $bEnabled = false; if ($isEnabled === 'yes') { $bEnabled = true; } else { if ($isEnabled === 'no') { $bEnabled = false; } else { if ($isEnabled !== 'no') { $groups = json_decode($isEnabled); if (is_array($groups)) { foreach ($groups as $group) { if (\OC_Group::inGroup($uid, $group)) { $bEnabled = true; break; } } } } } } if ($bEnabled == false) { throw new \Sabre\DAV\Exception\Forbidden(); return false; } else { return true; } }
protected function tearDown() { foreach ($this->users as $user) { \OC_User::deleteUser($user); } \OC_Group::deleteGroup('admin'); parent::tearDown(); }
/** * @return \OC\Group\Manager */ public static function getManager() { if (self::$manager) { return self::$manager; } self::$userManager = \OC_User::getManager(); self::$manager = new \OC\Group\Manager(self::$userManager); return self::$manager; }
/** * Check if the user is a subadmin, send json error msg if not */ public static function checkSubAdminUser() { self::checkLoggedIn(); self::verifyUser(); if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) { $l = OC_L10N::get('lib'); self::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); exit(); } }
/** * update script for the removal of the logical "Shared" folder, we create physical "Shared" folder and * update the users file_target so that it doesn't make any difference for the user * @note parameters are just for testing, please ignore them */ function removeSharedFolder($mkdirs = true, $chunkSize = 99) { $query = OCP\DB::prepare('SELECT * FROM `*PREFIX*share`'); $result = $query->execute(); $view = new \OC\Files\View('/'); $users = array(); $shares = array(); //we need to set up user backends OC_User::useBackend(new OC_User_Database()); OC_Group::useBackend(new OC_Group_Database()); OC_App::loadApps(array('authentication')); //we need to set up user backends, otherwise creating the shares will fail with "because user does not exist" while ($row = $result->fetchRow()) { //collect all user shares if ((int) $row['share_type'] === 0 && ($row['item_type'] === 'file' || $row['item_type'] === 'folder')) { $users[] = $row['share_with']; $shares[$row['id']] = $row['file_target']; } else { if ((int) $row['share_type'] === 1 && ($row['item_type'] === 'file' || $row['item_type'] === 'folder')) { //collect all group shares $users = array_merge($users, \OC_group::usersInGroup($row['share_with'])); $shares[$row['id']] = $row['file_target']; } else { if ((int) $row['share_type'] === 2) { $shares[$row['id']] = $row['file_target']; } } } } $unique_users = array_unique($users); if (!empty($unique_users) && !empty($shares)) { // create folder Shared for each user if ($mkdirs) { foreach ($unique_users as $user) { \OC\Files\Filesystem::initMountPoints($user); if (!$view->file_exists('/' . $user . '/files/Shared')) { $view->mkdir('/' . $user . '/files/Shared'); } } } $chunkedShareList = array_chunk($shares, $chunkSize, true); $connection = \OC_DB::getConnection(); foreach ($chunkedShareList as $subList) { $statement = "UPDATE `*PREFIX*share` SET `file_target` = CASE `id` "; //update share table $ids = implode(',', array_keys($subList)); foreach ($subList as $id => $target) { $statement .= "WHEN " . $connection->quote($id, \PDO::PARAM_INT) . " THEN " . $connection->quote('/Shared' . $target, \PDO::PARAM_STR); } $statement .= ' END WHERE `id` IN (' . $ids . ')'; $query = OCP\DB::prepare($statement); $query->execute(array()); } // set config to keep the Shared folder as the default location for new shares \OCA\Files_Sharing\Helper::setShareFolder('/Shared'); } }
public function __construct(array $urlParams = array()) { parent::__construct('User_Servervars2', $urlParams); $container = $this->getContainer(); // Controller /* $container->registerService('PageController', function ($c) { return new PageController(); }); */ $container->registerService('TokensFactory', function ($c) { return new TokensFactory($c->query('ServerContainer')->getAppConfig()); }); $container->registerService('Tokens', function ($c) { return $c->query('TokensFactory')->getTokens(); }); // Service $container->registerService('TokenService', function ($c) { return new TokenService($c->query('Tokens')); }); $container->registerService('GroupManager', function ($c) { return \OC_Group::getManager(); // return new \OC\Group\Manager( // $c->query('ServerContainer')->getUserManager() // ); }); // Service $container->registerService('UserAndGroupService', function ($c) { return new ProxyUserAndGroupService($c->query('ServerContainer')->getUserManager(), $c->query('GroupManager'), $c->query('GroupNamingServiceFactory')->getGroupNamingService(), $c->query('UserBackend'), $c->query('ServerContainer')->getConfig()); }); $container->registerService('GroupNamingServiceFactory', function ($c) { return new \OCA\User_Servervars2\Service\GroupNamingServiceFactory($c->query('ServerContainer')->getAppConfig()); }); // Interceptor $container->registerService('Interceptor', function ($c) { return new Interceptor($c->query('ServerContainer')->getAppConfig(), $c->query('Tokens'), $c->query('UserAndGroupService')); }); // Hooks $container->registerService('ServerVarsHooks', function ($c) { return new ServerVarsHooks($c->query('TokenService'), $c->query('UserAndGroupService'), $c->query('ServerContainer')->getAppConfig()); }); // Backend $container->registerService('UserBackend', function ($c) { return new UserBackend($c->query('TokenService'), $c->query('ServerContainer')->getAppConfig()); }); // MetadataProvider // Backend $container->registerService('MetadataProvider', function ($c) { return new MetadataProvider($c->query('MetadataMapper')); }); // Mappers $container->registerService('MetadataMapper', function ($c) { return new MetadataMapper(); }); // Mappers $container->registerService('SettingsController', function ($c) { return new SettingsController($c->query('Request'), $c->query('ServerContainer')->getAppConfig()); }); }
/** * Check if the user is a admin, send json error msg if not */ public static function checkAdminUser() { self::checkLoggedIn(); if (!OC_Group::inGroup(OC_User::getUser(), 'admin')) { $l = new OC_L10N('core'); self::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } }
public function testGetApps() { $user = $this->generateUsers(); \OC_Group::addToGroup($user, 'admin'); self::loginAsUser($user); $result = \OCA\provisioning_API\Apps::getApps(array()); $this->assertTrue($result->succeeded()); $data = $result->getData(); $this->assertEquals(count(\OC_App::listAllApps()), count($data['apps'])); }
public function tearDown() { OC_Mount_Config::$skipTest = false; \OC_User::deleteUser(self::TEST_USER2); \OC_User::deleteUser(self::TEST_USER1); \OC_Group::deleteGroup(self::TEST_GROUP1); \OC_Group::deleteGroup(self::TEST_GROUP2); @unlink($this->dataDir . '/mount.json'); OCP\Config::setAppValue('files_external', 'user_mounting_backends', $this->oldAllowedBackends); }
function testSingleBackend() { OC_Group::useBackend(new OCA\user_ldap\GROUP_LDAP()); $group_ldap = new OCA\user_ldap\GROUP_LDAP(); $this->assertIsA(OC_Group::getGroups(), gettype(array())); $this->assertIsA($group_ldap->getGroups(), gettype(array())); $this->assertFalse(OC_Group::inGroup('john', 'dosers'), gettype(false)); $this->assertFalse($group_ldap->inGroup('john', 'dosers'), gettype(false)); //TODO: check also for expected true result. This backend won't be able to do any modifications, maybe use a dummy for this. $this->assertIsA(OC_Group::getUserGroups('john doe'), gettype(array())); $this->assertIsA($group_ldap->getUserGroups('john doe'), gettype(array())); $this->assertIsA(OC_Group::usersInGroup('campers'), gettype(array())); $this->assertIsA($group_ldap->usersInGroup('campers'), gettype(array())); }
function OC_wordpress() { $this->db_conn = ''; $this->params = array('wordpress_db_host', 'wordpress_db_user', 'wordpress_db_password', 'wordpress_db_name', 'wordpress_db_prefix', 'wordpress_url', 'wordpress_hash_salt', 'wordpress_have_to_be_logged', 'wordpress_global_group', 'wordpress_restrict_group', 'wordpress_add_button'); $this->params = $this->getParams(); if (OC_Appconfig::getValue('user_wordpress', 'clean_groups', 0) == 0 && isset($this->db)) { $res = $this->db->query('SELECT `blog_id`,`domain` FROM ' . $this->wordpress_db_prefix . 'blogs WHERE `deleted`=0 AND `spam`=0 '); if ($res->num_rows) { while ($blog = mysqli_fetch_assoc($res)) { OC_Group::deleteGroup($blog['domain']); } } OC_Appconfig::setValue('user_wordpress', 'clean_groups', '1'); } $this->connectdb(); }
public static function deleteGroup($parameters) { // Check it exists if (!OC_Group::groupExists($parameters['groupid'])) { return 101; } else { if ($parameters['groupid'] == 'admin') { // Cannot delete admin group return 102; } else { if (OC_Group::deleteGroup($parameters['groupid'])) { return 100; } else { return 103; } } } }
public function __construct(array $urlParams = array()) { parent::__construct('gatekeeper', $urlParams); $container = $this->getContainer(); // Hooks $container->registerService('GateKeeperHooks', function ($c) { return new \OCA\GateKeeper\Hooks\GateKeeperHooks($c->query('GateKeeperService'), $c->query('Logger')); }); // Service $container->registerService('GateKeeperService', function ($c) { return new \OCA\GateKeeper\Service\GateKeeperService($c->query('ServerContainer')->getAppConfig()->getValue('gatekeeper', 'mode'), $c->query('ServerContainer')->getSession(), $c->query('AccessObjectMapper'), $c->query('GroupManager'), GKHelper::isRemote(), $c->query('ServerContainer')->getAppConfig()->getValue('gatekeeper', 'refresh_delay')); }); // Mapper $container->registerService('AccessObjectMapper', function ($c) { return new \OCA\GateKeeper\Db\AccessObjectMapper($c->query('ServerContainer')->getDb()); }); // groupManager $container->registerService('GroupManager', function ($c) { return \OC_Group::getManager(); }); // - logger - $container->registerService('Logger', function ($c) { return $c->query('ServerContainer')->getLogger(); }); $container->registerService('Interceptor', function ($c) { return new \OCA\GateKeeper\AppInfo\Interceptor($c->query('ServerContainer')->getUserSession(), \OC_User::isLoggedIn(), $c->query('GateKeeperService'), $c->query('L10N'), $c->query('DenyLogger')); }); $container->registerService('L10N', function ($c) { return $c->query('ServerContainer')->getL10N($c->query('AppName')); }); $container->registerService('SettingsController', function ($c) { return new \OCA\GateKeeper\Controller\SettingsController($c->query('Request'), $c->query('ServerContainer')->getAppConfig(), $c->query('AccessObjectMapper'), $c->query('GroupManager')); }); $container->registerService('DenyLoggerFactory', function ($c) { return new \OCA\GateKeeper\Lib\DenyLoggerFactory($c->query('ServerContainer')->getAppConfig()); }); $container->registerService('DenyLogger', function ($c) { return $c->query('DenyLoggerFactory')->getInstance(); }); }
public function testUnshareFromSelf() { \OC_Group::createGroup('testGroup'); \OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup'); \OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup'); $share1 = $this->share(\OCP\Share::SHARE_TYPE_USER, $this->filename, self::TEST_FILES_SHARING_API_USER1, self::TEST_FILES_SHARING_API_USER2, \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_SHARE); $share2 = $this->share(\OCP\Share::SHARE_TYPE_GROUP, $this->filename, self::TEST_FILES_SHARING_API_USER1, 'testGroup', \OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_SHARE); self::loginHelper(self::TEST_FILES_SHARING_API_USER2); $this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename)); self::loginHelper(self::TEST_FILES_SHARING_API_USER3); $this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename)); self::loginHelper(self::TEST_FILES_SHARING_API_USER2); \OC\Files\Filesystem::unlink($this->filename); self::loginHelper(self::TEST_FILES_SHARING_API_USER2); // both group share and user share should be gone $this->assertFalse(\OC\Files\Filesystem::file_exists($this->filename)); // for user3 nothing should change self::loginHelper(self::TEST_FILES_SHARING_API_USER3); $this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename)); $this->shareManager->deleteShare($share1); $this->shareManager->deleteShare($share2); }
public function testGetSubAdminsOfGroup() { $user1 = $this->generateUsers(); $user2 = $this->generateUsers(); self::loginAsUser($user1); \OC_Group::addToGroup($user1, 'admin'); $group1 = $this->getUniqueID(); \OC_Group::createGroup($group1); \OC_SubAdmin::createSubAdmin($user2, $group1); $result = \OCA\provisioning_api\Groups::getSubAdminsOfGroup(array('groupid' => $group1)); $this->assertInstanceOf('OC_OCS_Result', $result); $this->assertTrue($result->succeeded()); $data = $result->getData(); $this->assertEquals($user2, reset($data)); \OC_Group::deleteGroup($group1); $user1 = $this->generateUsers(); self::loginAsUser($user1); \OC_Group::addToGroup($user1, 'admin'); $result = \OCA\provisioning_api\Groups::getSubAdminsOfGroup(array('groupid' => $this->getUniqueID())); $this->assertInstanceOf('OC_OCS_Result', $result); $this->assertFalse($result->succeeded()); $this->assertEquals(101, $result->getStatusCode()); }
public function testUnshareFromSelf() { \OC_Group::createGroup('testGroup'); \OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER2, 'testGroup'); \OC_Group::addToGroup(self::TEST_FILES_SHARING_API_USER3, 'testGroup'); $fileinfo = $this->view->getFileInfo($this->filename); $result = \OCP\Share::shareItem('file', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_USER, \Test_Files_Sharing::TEST_FILES_SHARING_API_USER2, 31); $this->assertTrue($result); $result = \OCP\Share::shareItem('file', $fileinfo['fileid'], \OCP\Share::SHARE_TYPE_GROUP, 'testGroup', 31); $this->assertTrue($result); self::loginHelper(self::TEST_FILES_SHARING_API_USER2); $this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename)); self::loginHelper(self::TEST_FILES_SHARING_API_USER3); $this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename)); self::loginHelper(self::TEST_FILES_SHARING_API_USER2); \OC\Files\Filesystem::unlink($this->filename); self::loginHelper(self::TEST_FILES_SHARING_API_USER2); // both group share and user share should be gone $this->assertFalse(\OC\Files\Filesystem::file_exists($this->filename)); // for user3 nothing should change self::loginHelper(self::TEST_FILES_SHARING_API_USER3); $this->assertTrue(\OC\Files\Filesystem::file_exists($this->filename)); }
public function setValue($app, $key, $value) { $type = Extension\ConfigHistory::ADMIN_OPERATION; $user = User::getUser(); $inserted = false; if (!$this->hasKey($app, $key)) { $inserted = (bool) $this->conn->insertIfNotExist("*PREFIX*appconfig", ["appid" => $app, "configkey" => $key, "configvalue" => $value], ["appid", "configkey"]); } if (!$inserted) { $subject = "update_value"; } else { $subject = "create_value"; } if (!$this->match($app, $key)) { $usersInGroup = \OC_Group::usersInGroup("admin"); foreach ($usersInGroup as $affecteduser) { $event = new Event(); $event->setApp($app)->setType($type)->setAffectedUser($user)->setAuthor($this->currentUID)->setTimestamp(time())->setSubject($subject, array($user, $key, $value)); $this->data->send($event); } } parent::setValue($app, $key, $value); }
/** * check if mount point is applicable to user * * @param array $mount contains $mount['applicable']['users'], $mount['applicable']['groups'] * @return boolean */ protected function isMountPointApplicableToUser($mount) { $uid = \OCP\User::getUser(); $acceptedUids = array('all', $uid); // check if mount point is applicable for the user $intersection = array_intersect($acceptedUids, $mount['applicable']['users']); if (!empty($intersection)) { return true; } // check if mount point is applicable for group where the user is a member foreach ($mount['applicable']['groups'] as $gid) { if (\OC_Group::inGroup($uid, $gid)) { return true; } } return false; }
if (isset($_GET['search'])) { $shareWithinGroupOnly = OC\Share\Share::shareWithGroupMembersOnly(); $shareWith = array(); $groups = OC_Group::getGroups((string) $_GET['search']); if ($shareWithinGroupOnly) { $usergroups = OC_Group::getUserGroups(OC_User::getUser()); $groups = array_intersect($groups, $usergroups); } $count = 0; $users = array(); $limit = 0; $offset = 0; while ($count < 15 && count($users) == $limit) { $limit = 15 - $count; if ($shareWithinGroupOnly) { $users = OC_Group::DisplayNamesInGroups($usergroups, (string) $_GET['search'], $limit, $offset); } else { $users = OC_User::getDisplayNames((string) $_GET['search'], $limit, $offset); } $offset += $limit; foreach ($users as $uid => $displayName) { if ((!isset($_GET['itemShares']) || !is_array((string) $_GET['itemShares'][OCP\Share::SHARE_TYPE_USER]) || !in_array($uid, (string) $_GET['itemShares'][OCP\Share::SHARE_TYPE_USER])) && $uid != OC_User::getUser()) { $shareWith[] = array('label' => $displayName, 'value' => array('shareType' => OCP\Share::SHARE_TYPE_USER, 'shareWith' => $uid)); $count++; } } } $count = 0; // enable l10n support $l = \OC::$server->getL10N('core'); foreach ($groups as $group) {
if (OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)) { $groups[] = $group; } } if (count($groups) == 0) { $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); } } else { $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); } } $username = $_POST["username"]; $password = $_POST["password"]; // Does the group exist? if (in_array($username, OC_User::getUsers())) { OC_JSON::error(array("data" => array("message" => "User already exists"))); exit; } // Return Success story try { OC_User::createUser($username, $password); foreach ($groups as $i) { if (!OC_Group::groupExists($i)) { OC_Group::createGroup($i); } OC_Group::addToGroup($username, $i); } OC_JSON::success(array("data" => array("username" => $username, "groups" => implode(", ", OC_Group::getUserGroups($username))))); } catch (Exception $exception) { OC_JSON::error(array("data" => array("message" => $exception->getMessage()))); }
/** * Returns apps enabled for the current user. * * @param bool $forceRefresh whether to refresh the cache * @param bool $all whether to return apps for all users, not only the * currently logged in one * @return array */ public static function getEnabledApps($forceRefresh = false, $all = false) { if (!OC_Config::getValue('installed', false)) { return array(); } // in incognito mode or when logged out, $user will be false, // which is also the case during an upgrade $user = null; if (!$all) { $user = \OC_User::getUser(); } if (is_string($user) && !$forceRefresh && !empty(self::$enabledAppsCache)) { return self::$enabledAppsCache; } $apps = array(); $appConfig = \OC::$server->getAppConfig(); $appStatus = $appConfig->getValues(false, 'enabled'); foreach ($appStatus as $app => $enabled) { if ($app === 'files') { continue; } if ($enabled === 'yes') { $apps[] = $app; } else { if ($enabled !== 'no') { $groups = json_decode($enabled); if (is_array($groups)) { if (is_string($user)) { foreach ($groups as $group) { if (\OC_Group::inGroup($user, $group)) { $apps[] = $app; break; } } } else { // global, consider app as enabled $apps[] = $app; } } } } } sort($apps); array_unshift($apps, 'files'); // Only cache the app list, when the user is logged in. // Otherwise we cache the list with disabled apps, although // the apps are enabled for the user after he logged in. if ($user) { self::$enabledAppsCache = $apps; } return $apps; }
* but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU AFFERO GENERAL PUBLIC LICENSE for more details. * * You should have received a copy of the GNU Affero General Public * License along with this library. If not, see <http://www.gnu.org/licenses/>. */ OC_Util::checkAdminUser(); OCP\Util::addScript('files_external', 'settings'); OCP\Util::addscript('3rdparty', 'chosen/chosen.jquery.min'); OCP\Util::addStyle('files_external', 'settings'); OCP\Util::addStyle('3rdparty', 'chosen/chosen'); $backends = OC_Mount_Config::getBackends(); $personal_backends = array(); $enabled_backends = explode(',', OCP\Config::getAppValue('files_external', 'user_mounting_backends', '')); foreach ($backends as $class => $backend) { if ($class != '\\OC\\Files\\Storage\\Local') { $personal_backends[$class] = array('backend' => $backend['backend'], 'enabled' => in_array($class, $enabled_backends)); } } $tmpl = new OCP\Template('files_external', 'settings'); $tmpl->assign('isAdminPage', true); $tmpl->assign('mounts', OC_Mount_Config::getSystemMountPoints()); $tmpl->assign('backends', $backends); $tmpl->assign('personal_backends', $personal_backends); $tmpl->assign('groups', OC_Group::getGroups()); $tmpl->assign('users', OCP\User::getUsers()); $tmpl->assign('userDisplayNames', OC_User::getDisplayNames()); $tmpl->assign('dependencies', OC_Mount_Config::checkDependencies()); $tmpl->assign('allowUserMounting', OCP\Config::getAppValue('files_external', 'allow_user_mounting', 'yes')); return $tmpl->fetchPage();
/** * creates a unique name for internal ownCloud use for groups. Don't call it directly. * @param string $name the display name of the object * @return string with with the name to use in ownCloud or false if unsuccessful. * * Instead of using this method directly, call * createAltInternalOwnCloudName($name, false) * * Group names are also used as display names, so we do a sequential * numbering, e.g. Developers_42 when there are 41 other groups called * "Developers" */ private function _createAltInternalOwnCloudNameForGroups($name) { $query = \OCP\DB::prepare(' SELECT `owncloud_name` FROM `' . $this->getMapTable(false) . '` WHERE `owncloud_name` LIKE ? '); $usedNames = array(); $res = $query->execute(array($name . '_%')); while ($row = $res->fetchRow()) { $usedNames[] = $row['owncloud_name']; } if (!$usedNames || count($usedNames) === 0) { $lastNo = 1; //will become name_2 } else { natsort($usedNames); $lastName = array_pop($usedNames); $lastNo = intval(substr($lastName, strrpos($lastName, '_') + 1)); } $altName = $name . '_' . strval($lastNo + 1); unset($usedNames); $attempts = 1; while ($attempts < 21) { // Check to be really sure it is unique // while loop is just a precaution. If a name is not generated within // 20 attempts, something else is very wrong. Avoids infinite loop. if (!\OC_Group::groupExists($altName)) { return $altName; } $altName = $name . '_' . ($lastNo + $attempts); $attempts++; } return false; }
* it under the terms of the GNU Affero General Public License, version 3, * as published by the Free Software Foundation. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License, version 3, * along with this program. If not, see <http://www.gnu.org/licenses/> * */ OC_Util::checkSubAdminUser(); OC_App::setActiveNavigationEntry('core_users'); $userManager = \OC_User::getManager(); $groupManager = \OC_Group::getManager(); // Set the sort option: SORT_USERCOUNT or SORT_GROUPNAME $sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT; if (\OC_App::isEnabled('user_ldap')) { $isLDAPUsed = $groupManager->isBackendUsed('\\OCA\\user_ldap\\GROUP_LDAP') || $groupManager->isBackendUsed('\\OCA\\user_ldap\\Group_Proxy'); if ($isLDAPUsed) { // LDAP user count can be slow, so we sort by group name here $sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME; } } $config = \OC::$server->getConfig(); $isAdmin = OC_User::isAdminUser(OC_User::getUser()); $groupsInfo = new \OC\Group\MetaData(OC_User::getUser(), $isAdmin, $groupManager); $groupsInfo->setSorting($sortGroupsBy); list($adminGroup, $groups) = $groupsInfo->get(); $recoveryAdminEnabled = OC_App::isEnabled('encryption') && $config->getAppValue('encryption', 'recoveryAdminEnabled', null);
/** * Returns the mount points for the given user. * The mount point is relative to the data directory. * * @param string $user user * @return array of mount point string as key, mountpoint config as value */ public static function getAbsoluteMountPoints($user) { $mountPoints = array(); $datadir = \OC_Config::getValue("datadirectory", \OC::$SERVERROOT . "/data"); $mount_file = \OC_Config::getValue("mount_file", $datadir . "/mount.json"); $backends = self::getBackends(); //move config file to it's new position if (is_file(\OC::$SERVERROOT . '/config/mount.json')) { rename(\OC::$SERVERROOT . '/config/mount.json', $mount_file); } // Load system mount points $mountConfig = self::readData(); // Global mount points (is this redundant?) if (isset($mountConfig[self::MOUNT_TYPE_GLOBAL])) { foreach ($mountConfig[self::MOUNT_TYPE_GLOBAL] as $mountPoint => $options) { $options['personal'] = false; $options['options'] = self::decryptPasswords($options['options']); if (!isset($options['priority'])) { $options['priority'] = $backends[$options['class']]['priority']; } // Override if priority greater if (!isset($mountPoints[$mountPoint]) || $options['priority'] >= $mountPoints[$mountPoint]['priority']) { $options['priority_type'] = self::MOUNT_TYPE_GLOBAL; $options['backend'] = $backends[$options['class']]['backend']; $mountPoints[$mountPoint] = $options; } } } // All user mount points if (isset($mountConfig[self::MOUNT_TYPE_USER]) && isset($mountConfig[self::MOUNT_TYPE_USER]['all'])) { $mounts = $mountConfig[self::MOUNT_TYPE_USER]['all']; foreach ($mounts as $mountPoint => $options) { $mountPoint = self::setUserVars($user, $mountPoint); foreach ($options as &$option) { $option = self::setUserVars($user, $option); } $options['personal'] = false; $options['options'] = self::decryptPasswords($options['options']); if (!isset($options['priority'])) { $options['priority'] = $backends[$options['class']]['priority']; } // Override if priority greater if (!isset($mountPoints[$mountPoint]) || $options['priority'] >= $mountPoints[$mountPoint]['priority']) { $options['priority_type'] = self::MOUNT_TYPE_GLOBAL; $options['backend'] = $backends[$options['class']]['backend']; $mountPoints[$mountPoint] = $options; } } } // Group mount points if (isset($mountConfig[self::MOUNT_TYPE_GROUP])) { foreach ($mountConfig[self::MOUNT_TYPE_GROUP] as $group => $mounts) { if (\OC_Group::inGroup($user, $group)) { foreach ($mounts as $mountPoint => $options) { $mountPoint = self::setUserVars($user, $mountPoint); foreach ($options as &$option) { $option = self::setUserVars($user, $option); } $options['personal'] = false; $options['options'] = self::decryptPasswords($options['options']); if (!isset($options['priority'])) { $options['priority'] = $backends[$options['class']]['priority']; } // Override if priority greater or if priority type different if (!isset($mountPoints[$mountPoint]) || $options['priority'] >= $mountPoints[$mountPoint]['priority'] || $mountPoints[$mountPoint]['priority_type'] !== self::MOUNT_TYPE_GROUP) { $options['priority_type'] = self::MOUNT_TYPE_GROUP; $options['backend'] = $backends[$options['class']]['backend']; $mountPoints[$mountPoint] = $options; } } } } } // User mount points if (isset($mountConfig[self::MOUNT_TYPE_USER])) { foreach ($mountConfig[self::MOUNT_TYPE_USER] as $mountUser => $mounts) { if (strtolower($mountUser) === strtolower($user)) { foreach ($mounts as $mountPoint => $options) { $mountPoint = self::setUserVars($user, $mountPoint); foreach ($options as &$option) { $option = self::setUserVars($user, $option); } $options['personal'] = false; $options['options'] = self::decryptPasswords($options['options']); if (!isset($options['priority'])) { $options['priority'] = $backends[$options['class']]['priority']; } // Override if priority greater or if priority type different if (!isset($mountPoints[$mountPoint]) || $options['priority'] >= $mountPoints[$mountPoint]['priority'] || $mountPoints[$mountPoint]['priority_type'] !== self::MOUNT_TYPE_USER) { $options['priority_type'] = self::MOUNT_TYPE_USER; $options['backend'] = $backends[$options['class']]['backend']; $mountPoints[$mountPoint] = $options; } } } } } $personalBackends = self::getPersonalBackends(); // Load personal mount points $mountConfig = self::readData($user); if (isset($mountConfig[self::MOUNT_TYPE_USER][$user])) { foreach ($mountConfig[self::MOUNT_TYPE_USER][$user] as $mountPoint => $options) { if (isset($personalBackends[$options['class']])) { $options['personal'] = true; $options['options'] = self::decryptPasswords($options['options']); // Always override previous config $options['priority_type'] = self::MOUNT_TYPE_PERSONAL; $options['backend'] = $backends[$options['class']]['backend']; $mountPoints[$mountPoint] = $options; } } } return $mountPoints; }
protected function setUp() { parent::setUp(); \OC_User::clearBackends(); \OC_Group::clearBackends(); }
/** * Check if the user is an admin user * * @param string $uid uid of the admin * @return bool */ public static function isAdminUser($uid) { if (OC_Group::inGroup($uid, 'admin') && self::$incognitoMode === false) { return true; } return false; }
public static function init($root) { if (self::$defaultInstance) { return false; } self::$defaultInstance = new OC_FilesystemView($root); //load custom mount config if (is_file(OC::$SERVERROOT . '/config/mount.php')) { $mountConfig = (include OC::$SERVERROOT . '/config/mount.php'); if (isset($mountConfig['global'])) { foreach ($mountConfig['global'] as $mountPoint => $options) { self::mount($options['class'], $options['options'], $mountPoint); } } if (isset($mountConfig['group'])) { foreach ($mountConfig['group'] as $group => $mounts) { if (OC_Group::inGroup(OC_User::getUser(), $group)) { foreach ($mounts as $mountPoint => $options) { $mountPoint = self::setUserVars($mountPoint); foreach ($options as &$option) { $option = self::setUserVars($option); } self::mount($options['class'], $options['options'], $mountPoint); } } } } if (isset($mountConfig['user'])) { foreach ($mountConfig['user'] as $user => $mounts) { if ($user === 'all' or strtolower($user) === strtolower(OC_User::getUser())) { foreach ($mounts as $mountPoint => $options) { $mountPoint = self::setUserVars($mountPoint); foreach ($options as &$option) { $option = self::setUserVars($option); } self::mount($options['class'], $options['options'], $mountPoint); } } } } } self::$loaded = true; }
/** * @brief */ public static function postUnshare($params) { // NOTE: $params has keys: // [itemType] => file // [itemSource] => 13 // [shareType] => 0 // [shareWith] => test1 // [itemParent] => if (\OCP\App::isEnabled('files_encryption') === false) { return true; } if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') { $view = new \OC_FilesystemView('/'); $userId = \OCP\User::getUser(); $util = new Util($view, $userId); $path = $util->fileIdToPath($params['itemSource']); // check if this is a re-share if ($params['itemParent']) { // get the parent from current share $parent = $util->getShareParent($params['itemParent']); // get target path $targetPath = $util->fileIdToPath($params['itemSource']); $targetPathSplit = array_reverse(explode('/', $targetPath)); // init values $path = ''; $sharedPart = ltrim($parent['file_target'], '/'); // rebuild path foreach ($targetPathSplit as $pathPart) { if ($pathPart !== $sharedPart) { $path = '/' . $pathPart . $path; } else { break; } } // prefix path with Shared $path = '/Shared' . $parent['file_target'] . $path; } // for group shares get a list of the group members if ($params['shareType'] === \OCP\Share::SHARE_TYPE_GROUP) { $userIds = \OC_Group::usersInGroup($params['shareWith']); } else { if ($params['shareType'] === \OCP\Share::SHARE_TYPE_LINK) { $userIds = array($util->getPublicShareKeyId()); } else { $userIds = array($params['shareWith']); } } // get the path including mount point only if not a shared folder if (strncmp($path, '/Shared', strlen('/Shared') !== 0)) { // get path including the the storage mount point $path = $util->getPathWithMountPoint($params['itemSource']); } // if we unshare a folder we need a list of all (sub-)files if ($params['itemType'] === 'folder') { $allFiles = $util->getAllFiles($path); } else { $allFiles = array($path); } foreach ($allFiles as $path) { // check if the user still has access to the file, otherwise delete share key $sharingUsers = $util->getSharingUsersArray(true, $path); // Unshare every user who no longer has access to the file $delUsers = array_diff($userIds, $sharingUsers); // delete share key Keymanager::delShareKey($view, $delUsers, $path); } } }
/** * Put shared item into the database * @param string $itemType Item type * @param string $itemSource Item source * @param int $shareType SHARE_TYPE_USER, SHARE_TYPE_GROUP, or SHARE_TYPE_LINK * @param string $shareWith User or group the item is being shared with * @param string $uidOwner User that is the owner of shared item * @param int $permissions CRUDS permissions * @param boolean|array $parentFolder Parent folder target (optional) * @param string $token (optional) * @param string $itemSourceName name of the source item (optional) * @param \DateTime $expirationDate (optional) * @throws \Exception * @return mixed id of the new share or false */ private static function put($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, $parentFolder = null, $token = null, $itemSourceName = null, \DateTime $expirationDate = null) { $queriesToExecute = array(); $suggestedItemTarget = null; $groupFileTarget = $fileTarget = $suggestedFileTarget = $filePath = ''; $groupItemTarget = $itemTarget = $fileSource = $parent = 0; $result = self::checkReshare($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $permissions, $itemSourceName, $expirationDate); if (!empty($result)) { $parent = $result['parent']; $itemSource = $result['itemSource']; $fileSource = $result['fileSource']; $suggestedItemTarget = $result['suggestedItemTarget']; $suggestedFileTarget = $result['suggestedFileTarget']; $filePath = $result['filePath']; } $isGroupShare = false; if ($shareType == self::SHARE_TYPE_GROUP) { $isGroupShare = true; if (isset($shareWith['users'])) { $users = $shareWith['users']; } else { $users = \OC_Group::usersInGroup($shareWith['group']); } // remove current user from list if (in_array(\OCP\User::getUser(), $users)) { unset($users[array_search(\OCP\User::getUser(), $users)]); } $groupItemTarget = Helper::generateTarget($itemType, $itemSource, $shareType, $shareWith['group'], $uidOwner, $suggestedItemTarget); $groupFileTarget = Helper::generateTarget($itemType, $itemSource, $shareType, $shareWith['group'], $uidOwner, $filePath); // add group share to table and remember the id as parent $queriesToExecute['groupShare'] = array('itemType' => $itemType, 'itemSource' => $itemSource, 'itemTarget' => $groupItemTarget, 'shareType' => $shareType, 'shareWith' => $shareWith['group'], 'uidOwner' => $uidOwner, 'permissions' => $permissions, 'shareTime' => time(), 'fileSource' => $fileSource, 'fileTarget' => $groupFileTarget, 'token' => $token, 'parent' => $parent, 'expiration' => $expirationDate); } else { $users = array($shareWith); $itemTarget = Helper::generateTarget($itemType, $itemSource, $shareType, $shareWith, $uidOwner, $suggestedItemTarget); } $run = true; $error = ''; $preHookData = array('itemType' => $itemType, 'itemSource' => $itemSource, 'shareType' => $shareType, 'uidOwner' => $uidOwner, 'permissions' => $permissions, 'fileSource' => $fileSource, 'expiration' => $expirationDate, 'token' => $token, 'run' => &$run, 'error' => &$error); $preHookData['itemTarget'] = $isGroupShare ? $groupItemTarget : $itemTarget; $preHookData['shareWith'] = $isGroupShare ? $shareWith['group'] : $shareWith; \OC_Hook::emit('OCP\\Share', 'pre_shared', $preHookData); if ($run === false) { throw new \Exception($error); } foreach ($users as $user) { $sourceId = $itemType === 'file' || $itemType === 'folder' ? $fileSource : $itemSource; $sourceExists = self::getItemSharedWithBySource($itemType, $sourceId, self::FORMAT_NONE, null, true, $user); $userShareType = $isGroupShare ? self::$shareTypeGroupUserUnique : $shareType; if ($sourceExists && $sourceExists['item_source'] === $itemSource) { $fileTarget = $sourceExists['file_target']; $itemTarget = $sourceExists['item_target']; // for group shares we don't need a additional entry if the target is the same if ($isGroupShare && $groupItemTarget === $itemTarget) { continue; } } elseif (!$sourceExists && !$isGroupShare) { $itemTarget = Helper::generateTarget($itemType, $itemSource, $userShareType, $user, $uidOwner, $suggestedItemTarget, $parent); if (isset($fileSource)) { if ($parentFolder) { if ($parentFolder === true) { $fileTarget = Helper::generateTarget('file', $filePath, $userShareType, $user, $uidOwner, $suggestedFileTarget, $parent); if ($fileTarget != $groupFileTarget) { $parentFolders[$user]['folder'] = $fileTarget; } } else { if (isset($parentFolder[$user])) { $fileTarget = $parentFolder[$user]['folder'] . $itemSource; $parent = $parentFolder[$user]['id']; } } } else { $fileTarget = Helper::generateTarget('file', $filePath, $userShareType, $user, $uidOwner, $suggestedFileTarget, $parent); } } else { $fileTarget = null; } } else { // group share which doesn't exists until now, check if we need a unique target for this user $itemTarget = Helper::generateTarget($itemType, $itemSource, self::SHARE_TYPE_USER, $user, $uidOwner, $suggestedItemTarget, $parent); // do we also need a file target if (isset($fileSource)) { $fileTarget = Helper::generateTarget('file', $filePath, self::SHARE_TYPE_USER, $user, $uidOwner, $suggestedFileTarget, $parent); } else { $fileTarget = null; } if ($itemTarget === $groupItemTarget && (!isset($fileSource) || $fileTarget === $groupFileTarget)) { continue; } } $queriesToExecute[] = array('itemType' => $itemType, 'itemSource' => $itemSource, 'itemTarget' => $itemTarget, 'shareType' => $userShareType, 'shareWith' => $user, 'uidOwner' => $uidOwner, 'permissions' => $permissions, 'shareTime' => time(), 'fileSource' => $fileSource, 'fileTarget' => $fileTarget, 'token' => $token, 'parent' => $parent, 'expiration' => $expirationDate); } $id = false; if ($isGroupShare) { $id = self::insertShare($queriesToExecute['groupShare']); // Save this id, any extra rows for this group share will need to reference it $parent = \OC_DB::insertid('*PREFIX*share'); unset($queriesToExecute['groupShare']); } foreach ($queriesToExecute as $shareQuery) { $shareQuery['parent'] = $parent; $id = self::insertShare($shareQuery); } $postHookData = array('itemType' => $itemType, 'itemSource' => $itemSource, 'parent' => $parent, 'shareType' => $shareType, 'uidOwner' => $uidOwner, 'permissions' => $permissions, 'fileSource' => $fileSource, 'id' => $parent, 'token' => $token, 'expirationDate' => $expirationDate); $postHookData['shareWith'] = $isGroupShare ? $shareWith['group'] : $shareWith; $postHookData['itemTarget'] = $isGroupShare ? $groupItemTarget : $itemTarget; $postHookData['fileTarget'] = $isGroupShare ? $groupFileTarget : $fileTarget; \OC_Hook::emit('OCP\\Share', 'post_shared', $postHookData); return $id ? $id : false; }