/**
* Returns whether the currently logged in user is an administrator
*
* @return bool true if the user is an admin
*/
private function isAdmin()
{
$user = $this->userSession->getUser();
if ($user !== null) {
return $this->groupManager->isAdmin($user->getUID());
}
return false;
}
/**
* returns an array of users in the group specified
*
* @param array $parameters
* @return OC_OCS_Result
*/
public function getGroup($parameters)
{
// Check if user is logged in
$user = $this->userSession->getUser();
if ($user === null) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$groupId = $parameters['groupid'];
// Check the group exists
if (!$this->groupManager->groupExists($groupId)) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested group could not be found');
}
$isSubadminOfGroup = false;
$group = $this->groupManager->get($groupId);
if ($group !== null) {
$isSubadminOfGroup = $this->groupManager->getSubAdmin()->isSubAdminofGroup($user, $group);
}
// Check subadmin has access to this group
if ($this->groupManager->isAdmin($user->getUID()) || $isSubadminOfGroup) {
$users = $this->groupManager->get($groupId)->getUsers();
$users = array_map(function ($user) {
/** @var IUser $user */
return $user->getUID();
}, $users);
$users = array_values($users);
return new OC_OCS_Result(['users' => $users]);
} else {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED, 'User does not have access to specified group');
}
}
/**
* Creates a new tag
*
* @param string $data JSON encoded string containing the properties of the tag to create
* @param string $contentType content type of the data
* @return ISystemTag newly created system tag
*
* @throws BadRequest if a field was missing
* @throws Conflict if a tag with the same properties already exists
* @throws UnsupportedMediaType if the content type is not supported
*/
private function createTag($data, $contentType = 'application/json')
{
if (explode(';', $contentType)[0] === 'application/json') {
$data = json_decode($data, true);
} else {
throw new UnsupportedMediaType();
}
if (!isset($data['name'])) {
throw new BadRequest('Missing "name" attribute');
}
$tagName = $data['name'];
$userVisible = true;
$userAssignable = true;
if (isset($data['userVisible'])) {
$userVisible = (bool) $data['userVisible'];
}
if (isset($data['userAssignable'])) {
$userAssignable = (bool) $data['userAssignable'];
}
if ($userVisible === false || $userAssignable === false) {
if (!$this->userSession->isLoggedIn() || !$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {
throw new BadRequest('Not sufficient permissions');
}
}
try {
return $this->tagManager->createTag($tagName, $userVisible, $userAssignable);
} catch (TagAlreadyExistsException $e) {
throw new Conflict('Tag already exists', 0, $e);
}
}
/**
* {@inheritdoc}
*/
public function canUserSeeTag(ISystemTag $tag, IUser $user)
{
if ($tag->isUserVisible()) {
return true;
}
if ($this->groupManager->isAdmin($user->getUID())) {
return true;
}
return false;
}
/**
* Set the displayName of a user
*
* @NoAdminRequired
* @NoSubadminRequired
*
* @param string $username
* @param string $displayName
* @return DataResponse
*/
public function setDisplayName($username, $displayName)
{
$currentUser = $this->userSession->getUser();
if ($username === null) {
$username = $currentUser->getUID();
}
$user = $this->userManager->get($username);
if ($user === null || !$user->canChangeDisplayName() || !$this->groupManager->isAdmin($currentUser->getUID()) && !$this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $user) && $currentUser !== $user) {
return new DataResponse(['status' => 'error', 'data' => ['message' => $this->l10n->t('Authentication error')]]);
}
if ($user->setDisplayName($displayName)) {
return new DataResponse(['status' => 'success', 'data' => ['message' => $this->l10n->t('Your full name has been changed.'), 'username' => $username, 'displayName' => $displayName]]);
} else {
return new DataResponse(['status' => 'error', 'data' => ['message' => $this->l10n->t('Unable to change full name'), 'displayName' => $user->getDisplayName()]]);
}
}
/**
* checks if a user is a accessible by a subadmin
* @param IUser $subadmin
* @param IUser $user
* @return bool
*/
public function isUserAccessible($subadmin, $user)
{
if (!$this->isSubAdmin($subadmin)) {
return false;
}
if ($this->groupManager->isAdmin($user->getUID())) {
return false;
}
$accessibleGroups = $this->getSubAdminsGroups($subadmin);
foreach ($accessibleGroups as $accessibleGroup) {
if ($accessibleGroup->inGroup($user)) {
return true;
}
}
return false;
}
/**
* @param array $parameters
* @return OC_OCS_Result
*/
public function removeFromGroup($parameters)
{
// Check if user is logged in
$loggedInUser = $this->userSession->getUser();
if ($loggedInUser === null) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$group = !empty($parameters['_delete']['groupid']) ? $parameters['_delete']['groupid'] : null;
if ($group === null) {
return new OC_OCS_Result(null, 101);
}
$group = $this->groupManager->get($group);
if ($group === null) {
return new OC_OCS_Result(null, 102);
}
$targetUser = $this->userManager->get($parameters['userid']);
if ($targetUser === null) {
return new OC_OCS_Result(null, 103);
}
// If they're not an admin, check they are a subadmin of the group in question
$subAdminManager = $this->groupManager->getSubAdmin();
if (!$this->groupManager->isAdmin($loggedInUser->getUID()) && !$subAdminManager->isSubAdminofGroup($loggedInUser, $group)) {
return new OC_OCS_Result(null, 104);
}
// Check they aren't removing themselves from 'admin' or their 'subadmin; group
if ($parameters['userid'] === $loggedInUser->getUID()) {
if ($this->groupManager->isAdmin($loggedInUser->getUID())) {
if ($group->getGID() === 'admin') {
return new OC_OCS_Result(null, 105, 'Cannot remove yourself from the admin group');
}
} else {
// Not an admin, check they are not removing themself from their subadmin group
$subAdminGroups = $subAdminManager->getSubAdminsGroups($loggedInUser);
foreach ($subAdminGroups as $key => $group) {
$subAdminGroups[$key] = $group->getGID();
}
if (in_array($group->getGID(), $subAdminGroups, true)) {
return new OC_OCS_Result(null, 105, 'Cannot remove yourself from this group as you are a SubAdmin');
}
}
}
// Remove user from group
$group->removeUser($targetUser);
return new OC_OCS_Result(null, 100);
}
/**
* Updates tag attributes
*
* @param string $path
* @param PropPatch $propPatch
*
* @return void
*/
public function handleUpdateProperties($path, PropPatch $propPatch)
{
$propPatch->handle([self::DISPLAYNAME_PROPERTYNAME, self::USERVISIBLE_PROPERTYNAME, self::USERASSIGNABLE_PROPERTYNAME, self::GROUPS_PROPERTYNAME], function ($props) use($path) {
$node = $this->server->tree->getNodeForPath($path);
if (!$node instanceof SystemTagNode) {
return;
}
$tag = $node->getSystemTag();
$name = $tag->getName();
$userVisible = $tag->isUserVisible();
$userAssignable = $tag->isUserAssignable();
$updateTag = false;
if (isset($props[self::DISPLAYNAME_PROPERTYNAME])) {
$name = $props[self::DISPLAYNAME_PROPERTYNAME];
$updateTag = true;
}
if (isset($props[self::USERVISIBLE_PROPERTYNAME])) {
$propValue = $props[self::USERVISIBLE_PROPERTYNAME];
$userVisible = $propValue !== 'false' && $propValue !== '0';
$updateTag = true;
}
if (isset($props[self::USERASSIGNABLE_PROPERTYNAME])) {
$propValue = $props[self::USERASSIGNABLE_PROPERTYNAME];
$userAssignable = $propValue !== 'false' && $propValue !== '0';
$updateTag = true;
}
if (isset($props[self::GROUPS_PROPERTYNAME])) {
if (!$this->groupManager->isAdmin($this->userSession->getUser()->getUID())) {
// property only available for admins
throw new Forbidden();
}
$propValue = $props[self::GROUPS_PROPERTYNAME];
$groupIds = explode('|', $propValue);
$this->tagManager->setTagGroups($tag, $groupIds);
}
if ($updateTag) {
$node->update($name, $userVisible, $userAssignable);
}
return true;
});
}
/**
* @param array $parameters
* @return OC_OCS_Result
*/
public function getUsersGroups($parameters)
{
// Check if user is logged in
$user = $this->userSession->getUser();
if ($user === null) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
if ($parameters['userid'] === $user->getUID() || $this->groupManager->isAdmin($user->getUID())) {
// Self lookup or admin lookup
return new OC_OCS_Result(['groups' => $this->groupManager->getUserGroupIds($this->userManager->get($parameters['userid']))]);
} else {
// Looking up someone else
if (OC_SubAdmin::isUserAccessible($user->getUID(), $parameters['userid'])) {
// Return the group that the method caller is subadmin of for the user in question
$groups = array_intersect(OC_SubAdmin::getSubAdminsGroups($user->getUID()), $this->groupManager->getUserGroupIds($this->userManager->get($parameters['userid'])));
return new OC_OCS_Result(array('groups' => $groups));
} else {
// Not permitted
return new OC_OCS_Result(null, 997);
}
}
}
/**
* @param MapperEvent $event
*/
public function mapperEvent(MapperEvent $event)
{
$tagIds = $event->getTags();
if ($event->getObjectType() !== 'files' || empty($tagIds) || !in_array($event->getEvent(), [MapperEvent::EVENT_ASSIGN, MapperEvent::EVENT_UNASSIGN]) || !$this->appManager->isInstalled('activity')) {
// System tags not for files, no tags, not (un-)assigning or no activity-app enabled (save the energy)
return;
}
try {
$tags = $this->tagManager->getTagsByIds($tagIds);
} catch (TagNotFoundException $e) {
// User assigned/unassigned a non-existing tag, ignore...
return;
}
if (empty($tags)) {
return;
}
// Get all mount point owners
$cache = $this->mountCollection->getMountCache();
$mounts = $cache->getMountsForFileId($event->getObjectId());
if (empty($mounts)) {
return;
}
$users = [];
foreach ($mounts as $mount) {
$owner = $mount->getUser()->getUID();
$ownerFolder = $this->rootFolder->getUserFolder($owner);
$nodes = $ownerFolder->getById($event->getObjectId());
if (!empty($nodes)) {
/** @var Node $node */
$node = array_shift($nodes);
$path = $node->getPath();
if (strpos($path, '/' . $owner . '/files/') === 0) {
$path = substr($path, strlen('/' . $owner . '/files'));
}
// Get all users that have access to the mount point
$users = array_merge($users, Share::getUsersSharingFile($path, $owner, true, true));
}
}
$actor = $this->session->getUser();
if ($actor instanceof IUser) {
$actor = $actor->getUID();
} else {
$actor = '';
}
$activity = $this->activityManager->generateEvent();
$activity->setApp(Extension::APP_NAME)->setType(Extension::APP_NAME)->setAuthor($actor)->setObject($event->getObjectType(), $event->getObjectId());
foreach ($users as $user => $path) {
$activity->setAffectedUser($user);
foreach ($tags as $tag) {
// don't publish activity for non-admins if tag is invisible
if (!$tag->isUserVisible() && !$this->groupManager->isAdmin($user)) {
continue;
}
if ($event->getEvent() === MapperEvent::EVENT_ASSIGN) {
$activity->setSubject(Extension::ASSIGN_TAG, [$actor, $path, $this->prepareTagAsParameter($tag)]);
} else {
if ($event->getEvent() === MapperEvent::EVENT_UNASSIGN) {
$activity->setSubject(Extension::UNASSIGN_TAG, [$actor, $path, $this->prepareTagAsParameter($tag)]);
}
}
$this->activityManager->publish($activity);
}
}
}
/**
* @NoAdminRequired
* @NoCSRFRequired
*
* @return TemplateResponse
*/
public function index()
{
return new TemplateResponse('announcementcenter', 'main', ['is_admin' => $this->groupManager->isAdmin($this->userId)]);
}
