/** * @param string $id * @return DataResponse */ public function create($id) { if ($this->groupManager->groupExists($id)) { return new DataResponse(array('message' => (string) $this->l10n->t('Group already exists.')), Http::STATUS_CONFLICT); } if ($this->groupManager->createGroup($id)) { return new DataResponse(array('groupname' => $id), Http::STATUS_CREATED); } return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Unable to add group.'))), Http::STATUS_FORBIDDEN); }
/** * Creates a subadmin * * @param array $parameters * @return OC_OCS_Result */ public function addSubAdmin($parameters) { $group = $_POST['groupid']; $user = $parameters['userid']; // Check if the user exists if (!$this->userManager->userExists($user)) { return new OC_OCS_Result(null, 101, 'User does not exist'); } // Check if group exists if (!$this->groupManager->groupExists($group)) { return new OC_OCS_Result(null, 102, 'Group:' . $group . ' does not exist'); } // Check if trying to make subadmin of admin group if (strtolower($group) === 'admin') { return new OC_OCS_Result(null, 103, 'Cannot create subadmins for admin group'); } // We cannot be subadmin twice if (OC_Subadmin::isSubAdminOfGroup($user, $group)) { return new OC_OCS_Result(null, 100); } // Go if (OC_Subadmin::createSubAdmin($user, $group)) { return new OC_OCS_Result(null, 100); } else { return new OC_OCS_Result(null, 103, 'Unknown error occured'); } }
/** * Check for generic requirements before creating a share * * @param \OCP\Share\IShare $share * @throws \InvalidArgumentException * @throws GenericShareException */ protected function generalCreateChecks(\OCP\Share\IShare $share) { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { // We expect a valid user as sharedWith for user shares if (!$this->userManager->userExists($share->getSharedWith())) { throw new \InvalidArgumentException('SharedWith is not a valid user'); } } else { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { // We expect a valid group as sharedWith for group shares if (!$this->groupManager->groupExists($share->getSharedWith())) { throw new \InvalidArgumentException('SharedWith is not a valid group'); } } else { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { if ($share->getSharedWith() !== null) { throw new \InvalidArgumentException('SharedWith should be empty'); } } else { // We can't handle other types yet throw new \InvalidArgumentException('unkown share type'); } } } // Verify the initiator of the share is set if ($share->getSharedBy() === null) { throw new \InvalidArgumentException('SharedBy should be set'); } // Cannot share with yourself if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && $share->getSharedWith() === $share->getSharedBy()) { throw new \InvalidArgumentException('Can\'t share with yourself'); } // The path should be set if ($share->getNode() === null) { throw new \InvalidArgumentException('Path should be set'); } // And it should be a file or a folder if (!$share->getNode() instanceof \OCP\Files\File && !$share->getNode() instanceof \OCP\Files\Folder) { throw new \InvalidArgumentException('Path should be either a file or a folder'); } // Check if we actually have share permissions if (!$share->getNode()->isShareable()) { $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]); throw new GenericShareException($message_t, $message_t, 404); } // Permissions should be set if ($share->getPermissions() === null) { throw new \InvalidArgumentException('A share requires permissions'); } // Check that we do not share with more permissions than we have if ($share->getPermissions() & ~$share->getNode()->getPermissions()) { $message_t = $this->l->t('Cannot increase permissions of %s', [$share->getNode()->getPath()]); throw new GenericShareException($message_t, $message_t, 404); } // Check that read permissions are always set if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) { throw new \InvalidArgumentException('Shares need at least read permissions'); } }
public function testDeleteGroup() { $group = $this->groupManager->createGroup($this->getUniqueId()); $result = $this->api->deleteGroup(['groupid' => $group->getGID()]); $this->assertInstanceOf('OC_OCS_Result', $result); $this->assertTrue($result->succeeded()); $this->assertFalse($this->groupManager->groupExists($group->getGID())); }
public function setup() { $this->users = []; $this->groups = []; $this->userManager = \OC::$server->getUserManager(); $this->groupManager = \OC::$server->getGroupManager(); $this->dbConn = \OC::$server->getDatabaseConnection(); // Create 3 users and 3 groups for ($i = 0; $i < 3; $i++) { $this->users[] = $this->userManager->createUser('user' . $i, 'user'); $this->groups[] = $this->groupManager->createGroup('group' . $i); } // Create admin group if (!$this->groupManager->groupExists('admin')) { $this->groupManager->createGroup('admin'); } }
public function getSubAdminsOfGroup($parameters) { $group = $parameters['groupid']; // Check group exists if (!$this->groupManager->groupExists($group)) { return new OC_OCS_Result(null, 101, 'Group does not exist'); } // Go if (!($subadmins = OC_Subadmin::getGroupsSubAdmins($group))) { return new OC_OCS_Result(null, 102, 'Unknown error occured'); } else { return new OC_OCS_Result($subadmins); } }
/** * @param array $parameters * @return OC_OCS_Result */ public function deleteGroup($parameters) { // Check it exists if (!$this->groupManager->groupExists($parameters['groupid'])) { return new OC_OCS_Result(null, 101); } else { if ($parameters['groupid'] === 'admin' || !$this->groupManager->get($parameters['groupid'])->delete()) { // Cannot delete admin group return new OC_OCS_Result(null, 102); } else { return new OC_OCS_Result(null, 100); } } }
public function setup() { $this->users = []; $this->groups = []; $this->userManager = \OC::$server->getUserManager(); $this->groupManager = \OC::$server->getGroupManager(); $this->dbConn = \OC::$server->getDatabaseConnection(); // Create 3 users and 3 groups for ($i = 0; $i < 3; $i++) { $this->users[] = $this->userManager->createUser('user' . $i, 'user'); $this->groups[] = $this->groupManager->createGroup('group' . $i); } // Create admin group if (!$this->groupManager->groupExists('admin')) { $this->groupManager->createGroup('admin'); } // Create "orphaned" users and groups (scenario: temporarily disabled // backend) $qb = $this->dbConn->getQueryBuilder(); $qb->insert('group_admin')->values(['gid' => $qb->createNamedParameter($this->groups[0]->getGID()), 'uid' => $qb->createNamedParameter('orphanedUser')])->execute(); $qb->insert('group_admin')->values(['gid' => $qb->createNamedParameter('orphanedGroup'), 'uid' => $qb->createNamedParameter('orphanedUser')])->execute(); $qb->insert('group_admin')->values(['gid' => $qb->createNamedParameter('orphanedGroup'), 'uid' => $qb->createNamedParameter($this->users[0]->getUID())])->execute(); }
protected function execute(InputInterface $input, OutputInterface $output) { $mountId = $input->getArgument('mount_id'); try { $mount = $this->globalService->getStorage($mountId); } catch (NotFoundException $e) { $output->writeln('<error>Mount with id "' . $mountId . ' not found, check "occ files_external:list" to get available mounts</error>'); return 404; } if ($mount->getType() === StorageConfig::MOUNT_TYPE_PERSONAl) { $output->writeln('<error>Can\'t change applicables on personal mounts</error>'); return 1; } $addUsers = $input->getOption('add-user'); $removeUsers = $input->getOption('remove-user'); $addGroups = $input->getOption('add-group'); $removeGroups = $input->getOption('remove-group'); $applicableUsers = $mount->getApplicableUsers(); $applicableGroups = $mount->getApplicableGroups(); if (count($addUsers) + count($removeUsers) + count($addGroups) + count($removeGroups) > 0 || $input->getOption('remove-all')) { foreach ($addUsers as $addUser) { if (!$this->userManager->userExists($addUser)) { $output->writeln('<error>User "' . $addUser . '" not found</error>'); return 404; } } foreach ($addGroups as $addGroup) { if (!$this->groupManager->groupExists($addGroup)) { $output->writeln('<error>Group "' . $addGroup . '" not found</error>'); return 404; } } if ($input->getOption('remove-all')) { $applicableUsers = []; $applicableGroups = []; } else { $applicableUsers = array_unique(array_merge($applicableUsers, $addUsers)); $applicableUsers = array_values(array_diff($applicableUsers, $removeUsers)); $applicableGroups = array_unique(array_merge($applicableGroups, $addGroups)); $applicableGroups = array_values(array_diff($applicableGroups, $removeGroups)); } $mount->setApplicableUsers($applicableUsers); $mount->setApplicableGroups($applicableGroups); $this->globalService->updateStorage($mount); } $this->writeArrayInOutputFormat($input, $output, ['users' => $applicableUsers, 'groups' => $applicableGroups]); }
/** * @return OC_OCS_Result */ public function addUser() { $userId = isset($_POST['userid']) ? $_POST['userid'] : null; $password = isset($_POST['password']) ? $_POST['password'] : null; $groups = isset($_POST['groups']) ? $_POST['groups'] : null; $user = $this->userSession->getUser(); $isAdmin = $this->groupManager->isAdmin($user->getUID()); $subAdminManager = $this->groupManager->getSubAdmin(); if (!$isAdmin && !$subAdminManager->isSubAdmin($user)) { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } if ($this->userManager->userExists($userId)) { $this->logger->error('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']); return new OC_OCS_Result(null, 102, 'User already exists'); } if (is_array($groups)) { foreach ($groups as $group) { if (!$this->groupManager->groupExists($group)) { return new OC_OCS_Result(null, 104, 'group ' . $group . ' does not exist'); } if (!$isAdmin && !$subAdminManager->isSubAdminofGroup($user, $this->groupManager->get($group))) { return new OC_OCS_Result(null, 105, 'insufficient privileges for group ' . $group); } } } else { if (!$isAdmin) { return new OC_OCS_Result(null, 106, 'no group specified (required for subadmins)'); } } try { $newUser = $this->userManager->createUser($userId, $password); $this->logger->info('Successful addUser call with userid: ' . $userId, ['app' => 'ocs_api']); if (is_array($groups)) { foreach ($groups as $group) { $this->groupManager->get($group)->addUser($newUser); $this->logger->info('Added userid ' . $userId . ' to group ' . $group, ['app' => 'ocs_api']); } } return new OC_OCS_Result(null, 100); } catch (\Exception $e) { $this->logger->error('Failed addUser attempt with exception: ' . $e->getMessage(), ['app' => 'ocs_api']); return new OC_OCS_Result(null, 101, 'Bad request'); } }
/** * Check for generic requirements before creating a share * * @param \OCP\Share\IShare $share * @throws \InvalidArgumentException * @throws GenericShareException */ protected function generalCreateChecks(\OCP\Share\IShare $share) { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) { // We expect a valid user as sharedWith for user shares if (!$this->userManager->userExists($share->getSharedWith())) { throw new \InvalidArgumentException('SharedWith is not a valid user'); } } else { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) { // We expect a valid group as sharedWith for group shares if (!$this->groupManager->groupExists($share->getSharedWith())) { throw new \InvalidArgumentException('SharedWith is not a valid group'); } } else { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) { if ($share->getSharedWith() !== null) { throw new \InvalidArgumentException('SharedWith should be empty'); } } else { if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) { if ($share->getSharedWith() === null) { throw new \InvalidArgumentException('SharedWith should not be empty'); } } else { // We can't handle other types yet throw new \InvalidArgumentException('unkown share type'); } } } } // Verify the initiator of the share is set if ($share->getSharedBy() === null) { throw new \InvalidArgumentException('SharedBy should be set'); } // Cannot share with yourself if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && $share->getSharedWith() === $share->getSharedBy()) { throw new \InvalidArgumentException('Can\'t share with yourself'); } // The path should be set if ($share->getNode() === null) { throw new \InvalidArgumentException('Path should be set'); } // And it should be a file or a folder if (!$share->getNode() instanceof \OCP\Files\File && !$share->getNode() instanceof \OCP\Files\Folder) { throw new \InvalidArgumentException('Path should be either a file or a folder'); } // And you can't share your rootfolder if ($this->userManager->userExists($share->getSharedBy())) { $sharedPath = $this->rootFolder->getUserFolder($share->getSharedBy())->getPath(); } else { $sharedPath = $this->rootFolder->getUserFolder($share->getShareOwner())->getPath(); } if ($sharedPath === $share->getNode()->getPath()) { throw new \InvalidArgumentException('You can\'t share your root folder'); } // Check if we actually have share permissions if (!$share->getNode()->isShareable()) { $message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]); throw new GenericShareException($message_t, $message_t, 404); } // Permissions should be set if ($share->getPermissions() === null) { throw new \InvalidArgumentException('A share requires permissions'); } /* * Quick fix for #23536 * Non moveable mount points do not have update and delete permissions * while we 'most likely' do have that on the storage. */ $permissions = $share->getNode()->getPermissions(); $mount = $share->getNode()->getMountPoint(); if (!$mount instanceof MoveableMount) { $permissions |= \OCP\Constants::PERMISSION_DELETE | \OCP\Constants::PERMISSION_UPDATE; } // Check that we do not share with more permissions than we have if ($share->getPermissions() & ~$permissions) { $message_t = $this->l->t('Cannot increase permissions of %s', [$share->getNode()->getPath()]); throw new GenericShareException($message_t, $message_t, 404); } // Check that read permissions are always set if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) { throw new \InvalidArgumentException('Shares need at least read permissions'); } if ($share->getNode() instanceof \OCP\Files\File) { if ($share->getPermissions() & \OCP\Constants::PERMISSION_DELETE) { $message_t = $this->l->t('Files can\'t be shared with delete permissions'); throw new GenericShareException($message_t); } if ($share->getPermissions() & \OCP\Constants::PERMISSION_CREATE) { $message_t = $this->l->t('Files can\'t be shared with create permissions'); throw new GenericShareException($message_t); } } }
/** * @return \OC_OCS_Result */ public function createShare() { $share = $this->shareManager->newShare(); // Verify path $path = $this->request->getParam('path', null); if ($path === null) { return new \OC_OCS_Result(null, 404, 'please specify a file or folder path'); } $userFolder = $this->rootFolder->getUserFolder($this->currentUser->getUID()); try { $path = $userFolder->get($path); } catch (\OCP\Files\NotFoundException $e) { return new \OC_OCS_Result(null, 404, 'wrong path, file/folder doesn\'t exist'); } $share->setNode($path); // Parse permissions (if available) $permissions = $this->request->getParam('permissions', null); if ($permissions === null) { $permissions = \OCP\Constants::PERMISSION_ALL; } else { $permissions = (int) $permissions; } if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) { return new \OC_OCS_Result(null, 404, 'invalid permissions'); } // Shares always require read permissions $permissions |= \OCP\Constants::PERMISSION_READ; if ($path instanceof \OCP\Files\File) { // Single file shares should never have delete or create permissions $permissions &= ~\OCP\Constants::PERMISSION_DELETE; $permissions &= ~\OCP\Constants::PERMISSION_CREATE; } /* * Hack for https://github.com/owncloud/core/issues/22587 * We check the permissions via webdav. But the permissions of the mount point * do not equal the share permissions. Here we fix that for federated mounts. */ if ($path->getStorage()->instanceOfStorage('OCA\\Files_Sharing\\External\\Storage')) { $permissions &= ~($permissions & ~$path->getPermissions()); } $shareWith = $this->request->getParam('shareWith', null); $shareType = (int) $this->request->getParam('shareType', '-1'); if ($shareType === \OCP\Share::SHARE_TYPE_USER) { // Valid user is required to share if ($shareWith === null || !$this->userManager->userExists($shareWith)) { return new \OC_OCS_Result(null, 404, 'please specify a valid user'); } $share->setSharedWith($shareWith); $share->setPermissions($permissions); } else { if ($shareType === \OCP\Share::SHARE_TYPE_GROUP) { // Valid group is required to share if ($shareWith === null || !$this->groupManager->groupExists($shareWith)) { return new \OC_OCS_Result(null, 404, 'please specify a valid group'); } $share->setSharedWith($shareWith); $share->setPermissions($permissions); } else { if ($shareType === \OCP\Share::SHARE_TYPE_LINK) { //Can we even share links? if (!$this->shareManager->shareApiAllowLinks()) { return new \OC_OCS_Result(null, 404, 'public link sharing is disabled by the administrator'); } /* * For now we only allow 1 link share. * Return the existing link share if this is a duplicate */ $existingShares = $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_LINK, $path, false, 1, 0); if (!empty($existingShares)) { return new \OC_OCS_Result($this->formatShare($existingShares[0])); } $publicUpload = $this->request->getParam('publicUpload', null); if ($publicUpload === 'true') { // Check if public upload is allowed if (!$this->shareManager->shareApiLinkAllowPublicUpload()) { return new \OC_OCS_Result(null, 403, 'public upload disabled by the administrator'); } // Public upload can only be set for folders if ($path instanceof \OCP\Files\File) { return new \OC_OCS_Result(null, 404, 'public upload is only possible for public shared folders'); } $share->setPermissions(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE); } else { $share->setPermissions(\OCP\Constants::PERMISSION_READ); } // Set password $password = $this->request->getParam('password', ''); if ($password !== '') { $share->setPassword($password); } //Expire date $expireDate = $this->request->getParam('expireDate', ''); if ($expireDate !== '') { try { $expireDate = $this->parseDate($expireDate); $share->setExpirationDate($expireDate); } catch (\Exception $e) { return new \OC_OCS_Result(null, 404, 'Invalid Date. Format must be YYYY-MM-DD.'); } } } else { if ($shareType === \OCP\Share::SHARE_TYPE_REMOTE) { if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) { return new \OC_OCS_Result(null, 403, 'Sharing ' . $path->getPath() . ' failed, because the backend does not allow shares from type ' . $shareType); } $share->setSharedWith($shareWith); $share->setPermissions($permissions); } else { return new \OC_OCS_Result(null, 400, "unknown share type"); } } } } $share->setShareType($shareType); $share->setSharedBy($this->currentUser->getUID()); try { $share = $this->shareManager->createShare($share); } catch (GenericShareException $e) { $code = $e->getCode() === 0 ? 403 : $e->getCode(); return new \OC_OCS_Result(null, $code, $e->getHint()); } catch (\Exception $e) { return new \OC_OCS_Result(null, 403, $e->getMessage()); } $share = $this->formatShare($share); return new \OC_OCS_Result($share); }
/** * @return \OC_OCS_Result */ public function createShare() { $share = $this->shareManager->newShare(); // Verify path $path = $this->request->getParam('path', null); if ($path === null) { return new \OC_OCS_Result(null, 404, 'please specify a file or folder path'); } $userFolder = $this->rootFolder->getUserFolder($this->currentUser->getUID()); try { $path = $userFolder->get($path); } catch (\OCP\Files\NotFoundException $e) { return new \OC_OCS_Result(null, 404, 'wrong path, file/folder doesn\'t exist'); } $share->setPath($path); // Parse permissions (if available) $permissions = $this->request->getParam('permissions', null); if ($permissions === null) { $permissions = \OCP\Constants::PERMISSION_ALL; } else { $permissions = (int) $permissions; } if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) { return new \OC_OCS_Result(null, 404, 'invalid permissions'); } // Shares always require read permissions $permissions |= \OCP\Constants::PERMISSION_READ; if ($path instanceof \OCP\Files\File) { // Single file shares should never have delete or create permissions $permissions &= ~\OCP\Constants::PERMISSION_DELETE; $permissions &= ~\OCP\Constants::PERMISSION_CREATE; } $shareWith = $this->request->getParam('shareWith', null); $shareType = (int) $this->request->getParam('shareType', '-1'); if ($shareType === \OCP\Share::SHARE_TYPE_USER) { // Valid user is required to share if ($shareWith === null || !$this->userManager->userExists($shareWith)) { return new \OC_OCS_Result(null, 404, 'please specify a valid user'); } $share->setSharedWith($this->userManager->get($shareWith)); $share->setPermissions($permissions); } else { if ($shareType === \OCP\Share::SHARE_TYPE_GROUP) { // Valid group is required to share if ($shareWith === null || !$this->groupManager->groupExists($shareWith)) { return new \OC_OCS_Result(null, 404, 'please specify a valid group'); } $share->setSharedWith($this->groupManager->get($shareWith)); $share->setPermissions($permissions); } else { if ($shareType === \OCP\Share::SHARE_TYPE_LINK) { //Can we even share links? if (!$this->shareManager->shareApiAllowLinks()) { return new \OC_OCS_Result(null, 404, 'public link sharing is disabled by the administrator'); } $publicUpload = $this->request->getParam('publicUpload', null); if ($publicUpload === 'true') { // Check if public upload is allowed if (!$this->shareManager->shareApiLinkAllowPublicUpload()) { return new \OC_OCS_Result(null, 403, '"public upload disabled by the administrator'); } // Public upload can only be set for folders if ($path instanceof \OCP\Files\File) { return new \OC_OCS_Result(null, 404, '"public upload is only possible for public shared folders'); } $share->setPermissions(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE); } else { $share->setPermissions(\OCP\Constants::PERMISSION_READ); } // Set password $share->setPassword($this->request->getParam('password', null)); //Expire date $expireDate = $this->request->getParam('expireDate', null); if ($expireDate !== null) { try { $expireDate = $this->parseDate($expireDate); $share->setExpirationDate($expireDate); } catch (\Exception $e) { return new \OC_OCS_Result(null, 404, 'Invalid Date. Format must be YYYY-MM-DD.'); } } } else { if ($shareType === \OCP\Share::SHARE_TYPE_REMOTE) { //fixme Remote shares are handled by old code path for now return \OCA\Files_Sharing\API\Local::createShare([]); } else { return new \OC_OCS_Result(null, 400, "unknown share type"); } } } } $share->setShareType($shareType); $share->setSharedBy($this->currentUser); try { $share = $this->shareManager->createShare($share); } catch (\OC\HintException $e) { $code = $e->getCode() === 0 ? 403 : $e->getCode(); return new \OC_OCS_Result(null, $code, $e->getHint()); } catch (\Exception $e) { return new \OC_OCS_Result(null, 403, $e->getMessage()); } $share = $this->formatShare($share); return new \OC_OCS_Result($share); }