if (!OC_User::isLoggedIn() || !OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) { OC_JSON::error(array("data" => array("message" => "Authentication error"))); exit; } OCP\JSON::callCheck(); $isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin') ? true : false; if ($isadmin) { $groups = array(); if (isset($_POST["groups"])) { $groups = $_POST["groups"]; } } else { if (isset($_POST["groups"])) { $groups = array(); foreach ($_POST["groups"] as $group) { if (OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)) { $groups[] = $group; } } if (count($groups) == 0) { $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); } } else { $groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()); } } $username = $_POST["username"]; $password = $_POST["password"]; // Does the group exist? if (in_array($username, OC_User::getUsers())) { OC_JSON::error(array("data" => array("message" => "User already exists")));
/** * @NoAdminRequired * * @param string $username * @param string $password * @param array $groups * @param string $email * @return DataResponse * * TODO: Tidy up and write unit tests - code is mainly static method calls */ public function create($username, $password, array $groups = array(), $email = '') { if ($email !== '' && !$this->mail->validateAddress($email)) { return new DataResponse(array('message' => (string) $this->l10n->t('Invalid mail address')), Http::STATUS_UNPROCESSABLE_ENTITY); } // TODO FIXME get rid of the static calls to OC_Subadmin if (!$this->isAdmin) { if (!empty($groups)) { foreach ($groups as $key => $group) { if (!\OC_SubAdmin::isGroupAccessible($this->userSession->getUser()->getUID(), $group)) { unset($groups[$key]); } } } if (empty($groups)) { $groups = \OC_SubAdmin::getSubAdminsGroups($this->userSession->getUser()->getUID()); } } try { $user = $this->userManager->createUser($username, $password); } catch (\Exception $exception) { return new DataResponse(array('message' => (string) $this->l10n->t('Unable to create user.')), Http::STATUS_FORBIDDEN); } if ($user instanceof User) { if ($groups !== null) { foreach ($groups as $groupName) { $group = $this->groupManager->get($groupName); if (empty($group)) { $group = $this->groupManager->createGroup($groupName); } $group->addUser($user); } } /** * Send new user mail only if a mail is set */ if ($email !== '') { $this->config->setUserValue($username, 'settings', 'email', $email); // data for the mail template $mailData = array('username' => $username, 'url' => $this->urlGenerator->getAbsoluteURL('/')); $mail = new TemplateResponse('settings', 'email.new_user', $mailData, 'blank'); $mailContent = $mail->render(); $mail = new TemplateResponse('settings', 'email.new_user_plain_text', $mailData, 'blank'); $plainTextMailContent = $mail->render(); $subject = $this->l10n->t('Your %s account was created', [$this->defaults->getName()]); try { $this->mail->send($email, $username, $subject, $mailContent, $this->fromMailAddress, $this->defaults->getName(), 1, $plainTextMailContent); } catch (\Exception $e) { $this->log->error("Can't send new user mail to {$email}: " . $e->getMessage(), array('app' => 'settings')); } } // fetch users groups $userGroups = $this->groupManager->getUserGroupIds($user); return new DataResponse($this->formatUserForIndex($user, $userGroups), Http::STATUS_CREATED); } return new DataResponse(array('message' => (string) $this->l10n->t('Unable to create user.')), Http::STATUS_FORBIDDEN); }
/** * Whether the $group is accessible to $uid as subadmin * @param string $uid * @param string $group * @return bool */ function isGroupAccessible($uid, $group) { return \OC_SubAdmin::isGroupAccessible($uid, $group); }
<?php OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $success = true; $username = $_POST["username"]; $group = $_POST["group"]; if ($username == OC_User::getUser() && $group == "admin" && OC_User::isAdminUser($username)) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Admins can\'t remove themself from the admin group')))); exit; } if (!OC_User::isAdminUser(OC_User::getUser()) && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } if (!OC_Group::groupExists($group)) { OC_Group::createGroup($group); } $l = OC_L10N::get('settings'); $error = $l->t("Unable to add user to group %s", $group); $action = "add"; // Toggle group if (OC_Group::inGroup($username, $group)) { $action = "remove"; $error = $l->t("Unable to remove user from group %s", $group); $success = OC_Group::removeFromGroup($username, $group); $usersInGroup = OC_Group::usersInGroup($group); if (count($usersInGroup) == 0) { OC_Group::deleteGroup($group);
<?php OC_JSON::checkSubAdminUser(); OCP\JSON::callCheck(); $success = true; $username = $_POST["username"]; $group = $_POST["group"]; if ($username == OC_User::getUser() && $group == "admin" && OC_Group::inGroup($username, 'admin')) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Admins can\'t remove themself from the admin group')))); exit; } if (!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) { $l = OC_L10N::get('core'); OC_JSON::error(array('data' => array('message' => $l->t('Authentication error')))); exit; } if (!OC_Group::groupExists($group)) { OC_Group::createGroup($group); } $l = OC_L10N::get('settings'); $error = $l->t("Unable to add user to group %s", $group); $action = "add"; // Toggle group if (OC_Group::inGroup($username, $group)) { $action = "remove"; $error = $l->t("Unable to remove user from group %s", $group); $success = OC_Group::removeFromGroup($username, $group); $usersInGroup = OC_Group::usersInGroup($group); if (count($usersInGroup) == 0) { OC_Group::deleteGroup($group);