/** * Check if an app is enabled for user * * @param string $appId * @param \OCP\IUser $user (optional) if not defined, the currently logged in user will be used * @return bool */ public function isEnabledForUser($appId, $user = null) { if (is_null($user)) { $user = $this->userSession->getUser(); } $installedApps = $this->getInstalledApps(); if (isset($installedApps[$appId])) { $enabled = $installedApps[$appId]; if ($enabled === 'yes') { return true; } elseif (is_null($user)) { return false; } else { $groupIds = json_decode($enabled); $userGroups = $this->groupManager->getUserGroupIds($user); foreach ($userGroups as $groupId) { if (array_search($groupId, $groupIds) !== false) { return true; } } return false; } } else { return false; } }
protected function readDBConfig() { $userMounts = $this->dbConfig->getAdminMountsFor(DBConfigService::APPLICABLE_TYPE_USER, $this->getUser()->getUID()); $globalMounts = $this->dbConfig->getAdminMountsFor(DBConfigService::APPLICABLE_TYPE_GLOBAL, null); $groups = $this->groupManager->getUserGroupIds($this->getUser()); if (is_array($groups) && count($groups) !== 0) { $groupMounts = $this->dbConfig->getAdminMountsForMultiple(DBConfigService::APPLICABLE_TYPE_GROUP, $groups); } else { $groupMounts = []; } return array_merge($userMounts, $groupMounts, $globalMounts); }
/** * Detect unmerged received shares and merge them properly */ private function fixUnmergedShares(IOutput $out, IUser $user) { $groups = $this->groupManager->getUserGroupIds($user); if (empty($groups)) { // user is in no groups, so can't have received group shares return; } $subSharesByItemSource = $this->getSharesWithUser(DefaultShareProvider::SHARE_TYPE_USERGROUP, [$user->getUID()]); if (empty($subSharesByItemSource)) { // nothing to repair for this user return; } $groupSharesByItemSource = $this->getSharesWithUser(Constants::SHARE_TYPE_GROUP, $groups); if (empty($groupSharesByItemSource)) { // shouldn't happen, those invalid shares must be cleant already by RepairInvalidShares return; } // because sometimes one wants to give the user more permissions than the group share $userSharesByItemSource = $this->getSharesWithUser(Constants::SHARE_TYPE_USER, [$user->getUID()]); foreach ($groupSharesByItemSource as $itemSource => $groupShares) { if (!isset($subSharesByItemSource[$itemSource])) { // no subshares for this item source, skip it continue; } $subShares = $subSharesByItemSource[$itemSource]; if (isset($userSharesByItemSource[$itemSource])) { // add it to the subshares to get a similar treatment $subShares = array_merge($subShares, $userSharesByItemSource[$itemSource]); } $this->fixThisShare($groupShares, $subShares); } }
/** * Copied from \OC_Util::isSharingDisabledForUser * * TODO: Deprecate fuction from OC_Util * * @param string $userId * @return bool */ public function sharingDisabledForUser($userId) { if ($userId === null) { return false; } if (isset($this->sharingDisabledForUsersCache[$userId])) { return $this->sharingDisabledForUsersCache[$userId]; } if ($this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') { $groupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', ''); $excludedGroups = json_decode($groupsList); if (is_null($excludedGroups)) { $excludedGroups = explode(',', $groupsList); $newValue = json_encode($excludedGroups); $this->config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue); } $user = $this->userManager->get($userId); $usersGroups = $this->groupManager->getUserGroupIds($user); if (!empty($usersGroups)) { $remainingGroups = array_diff($usersGroups, $excludedGroups); // if the user is only in groups which are disabled for sharing then // sharing is also disabled for the user if (empty($remainingGroups)) { $this->sharingDisabledForUsersCache[$userId] = true; return true; } } } $this->sharingDisabledForUsersCache[$userId] = false; return false; }
/** * @param string $enabled * @param IUser $user * @return bool */ private function checkAppForUser($enabled, $user) { if ($enabled === 'yes') { return true; } elseif (is_null($user)) { return false; } else { if (empty($enabled)) { return false; } $groupIds = json_decode($enabled); if (!is_array($groupIds)) { $jsonError = json_last_error(); \OC::$server->getLogger()->warning('AppManger::checkAppForUser - can\'t decode group IDs: ' . print_r($enabled, true) . ' - json error code: ' . $jsonError, ['app' => 'lib']); return false; } $userGroups = $this->groupManager->getUserGroupIds($user); foreach ($userGroups as $groupId) { if (array_search($groupId, $groupIds) !== false) { return true; } } return false; } }
/** * @param array $parameters * @return OC_OCS_Result */ public function getUsersGroups($parameters) { // Check if user is logged in $loggedInUser = $this->userSession->getUser(); if ($loggedInUser === null) { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } $targetUser = $this->userManager->get($parameters['userid']); if ($targetUser === null) { return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND); } if ($targetUser->getUID() === $loggedInUser->getUID() || $this->groupManager->isAdmin($loggedInUser->getUID())) { // Self lookup or admin lookup return new OC_OCS_Result(['groups' => $this->groupManager->getUserGroupIds($targetUser)]); } else { $subAdminManager = $this->groupManager->getSubAdmin(); // Looking up someone else if ($subAdminManager->isUserAccessible($loggedInUser, $targetUser)) { // Return the group that the method caller is subadmin of for the user in question $getSubAdminsGroups = $subAdminManager->getSubAdminsGroups($loggedInUser); foreach ($getSubAdminsGroups as $key => $group) { $getSubAdminsGroups[$key] = $group->getGID(); } $groups = array_intersect($getSubAdminsGroups, $this->groupManager->getUserGroupIds($targetUser)); return new OC_OCS_Result(array('groups' => $groups)); } else { // Not permitted return new OC_OCS_Result(null, 997); } } }
/** * @NoAdminRequired * * @param string $username * @param string $password * @param array $groups * @param string $email * @return DataResponse */ public function create($username, $password, array $groups = array(), $email = '') { if ($email !== '' && !$this->mail->validateAddress($email)) { return new DataResponse(array('message' => (string) $this->l10n->t('Invalid mail address')), Http::STATUS_UNPROCESSABLE_ENTITY); } if (!$this->isAdmin) { $userId = $this->userSession->getUser()->getUID(); if (!empty($groups)) { foreach ($groups as $key => $group) { if (!$this->subAdminFactory->isGroupAccessible($userId, $group)) { unset($groups[$key]); } } } if (empty($groups)) { $groups = $this->subAdminFactory->getSubAdminsOfGroups($userId); } } if ($this->userManager->userExists($username)) { return new DataResponse(array('message' => (string) $this->l10n->t('A user with that name already exists.')), Http::STATUS_CONFLICT); } try { $user = $this->userManager->createUser($username, $password); } catch (\Exception $exception) { return new DataResponse(array('message' => (string) $this->l10n->t('Unable to create user.')), Http::STATUS_FORBIDDEN); } if ($user instanceof User) { if ($groups !== null) { foreach ($groups as $groupName) { $group = $this->groupManager->get($groupName); if (empty($group)) { $group = $this->groupManager->createGroup($groupName); } $group->addUser($user); } } /** * Send new user mail only if a mail is set */ if ($email !== '') { $this->config->setUserValue($username, 'settings', 'email', $email); // data for the mail template $mailData = array('username' => $username, 'url' => $this->urlGenerator->getAbsoluteURL('/')); $mail = new TemplateResponse('settings', 'email.new_user', $mailData, 'blank'); $mailContent = $mail->render(); $mail = new TemplateResponse('settings', 'email.new_user_plain_text', $mailData, 'blank'); $plainTextMailContent = $mail->render(); $subject = $this->l10n->t('Your %s account was created', [$this->defaults->getName()]); try { $this->mail->send($email, $username, $subject, $mailContent, $this->fromMailAddress, $this->defaults->getName(), 1, $plainTextMailContent); } catch (\Exception $e) { $this->log->error("Can't send new user mail to {$email}: " . $e->getMessage(), array('app' => 'settings')); } } // fetch users groups $userGroups = $this->groupManager->getUserGroupIds($user); return new DataResponse($this->formatUserForIndex($user, $userGroups), Http::STATUS_CREATED); } return new DataResponse(array('message' => (string) $this->l10n->t('Unable to create user.')), Http::STATUS_FORBIDDEN); }
/** * @param string $search */ protected function getUsers($search) { $this->result['users'] = $this->result['exact']['users'] = $users = []; $userGroups = []; if ($this->shareWithGroupOnly) { // Search in all the groups this user is part of $userGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser()); foreach ($userGroups as $userGroup) { $usersTmp = $this->groupManager->displayNamesInGroup($userGroup, $search, $this->limit, $this->offset); foreach ($usersTmp as $uid => $userDisplayName) { $users[$uid] = $userDisplayName; } } } else { // Search in all users $usersTmp = $this->userManager->searchDisplayName($search, $this->limit, $this->offset); foreach ($usersTmp as $user) { $users[$user->getUID()] = $user->getDisplayName(); } } if (!$this->shareeEnumeration || sizeof($users) < $this->limit) { $this->reachedEndFor[] = 'users'; } $foundUserById = false; foreach ($users as $uid => $userDisplayName) { if (strtolower($uid) === $search || strtolower($userDisplayName) === $search) { if (strtolower($uid) === $search) { $foundUserById = true; } $this->result['exact']['users'][] = ['label' => $userDisplayName, 'value' => ['shareType' => Share::SHARE_TYPE_USER, 'shareWith' => $uid]]; } else { $this->result['users'][] = ['label' => $userDisplayName, 'value' => ['shareType' => Share::SHARE_TYPE_USER, 'shareWith' => $uid]]; } } if ($this->offset === 0 && !$foundUserById) { // On page one we try if the search result has a direct hit on the // user id and if so, we add that to the exact match list $user = $this->userManager->get($search); if ($user instanceof IUser) { $addUser = true; if ($this->shareWithGroupOnly) { // Only add, if we have a common group $commonGroups = array_intersect($userGroups, $this->groupManager->getUserGroupIds($user)); $addUser = !empty($commonGroups); } if ($addUser) { array_push($this->result['exact']['users'], ['label' => $user->getDisplayName(), 'value' => ['shareType' => Share::SHARE_TYPE_USER, 'shareWith' => $user->getUID()]]); } } } if (!$this->shareeEnumeration) { $this->result['users'] = []; } }
/** * Check if the user for this recipient propagator is the recipient of a share * * @param array $share * @return bool */ private function isRecipientOfShare($share) { if ($share['share_with'] === $this->userId && $share['share_type'] == \OCP\Share::SHARE_TYPE_USER) { // == since 'share_type' is a string return true; } if ($share['share_type'] == \OCP\Share::SHARE_TYPE_GROUP) { $groups = $this->groupManager->getUserGroupIds($this->user); return in_array($share['share_with'], $groups); } return false; }
/** * @param string $enabled * @param IUser $user * @return bool */ private function checkAppForUser($enabled, $user) { if ($enabled === 'yes') { return true; } elseif (is_null($user)) { return false; } else { $groupIds = json_decode($enabled); $userGroups = $this->groupManager->getUserGroupIds($user); foreach ($userGroups as $groupId) { if (array_search($groupId, $groupIds) !== false) { return true; } } return false; } }
protected function isApplicable(StorageConfig $config) { $applicableUsers = $config->getApplicableUsers(); $applicableGroups = $config->getApplicableGroups(); if (count($applicableUsers) === 0 && count($applicableGroups) === 0) { return true; } if (in_array($this->getUser()->getUID(), $applicableUsers, true)) { return true; } $groupIds = $this->groupManager->getUserGroupIds($this->getUser()); foreach ($groupIds as $groupId) { if (in_array($groupId, $applicableGroups, true)) { return true; } } return false; }
/** * {@inheritdoc} */ public function canUserAssignTag(ISystemTag $tag, IUser $user) { // early check to avoid unneeded group lookups if ($tag->isUserAssignable() && $tag->isUserVisible()) { return true; } if ($this->groupManager->isAdmin($user->getUID())) { return true; } if (!$tag->isUserVisible()) { return false; } $groupIds = $this->groupManager->getUserGroupIds($user); if (!empty($groupIds)) { $matchingGroups = array_intersect($groupIds, $this->getTagGroups($tag)); if (!empty($matchingGroups)) { return true; } } return false; }
/** * @param array $parameters * @return OC_OCS_Result */ public function getUsersGroups($parameters) { // Check if user is logged in $user = $this->userSession->getUser(); if ($user === null) { return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED); } if ($parameters['userid'] === $user->getUID() || $this->groupManager->isAdmin($user->getUID())) { // Self lookup or admin lookup return new OC_OCS_Result(['groups' => $this->groupManager->getUserGroupIds($this->userManager->get($parameters['userid']))]); } else { // Looking up someone else if (OC_SubAdmin::isUserAccessible($user->getUID(), $parameters['userid'])) { // Return the group that the method caller is subadmin of for the user in question $groups = array_intersect(OC_SubAdmin::getSubAdminsGroups($user->getUID()), $this->groupManager->getUserGroupIds($this->userManager->get($parameters['userid']))); return new OC_OCS_Result(array('groups' => $groups)); } else { // Not permitted return new OC_OCS_Result(null, 997); } } }
/** * check if sharing is disabled for the current user * @param IConfig $config * @param IGroupManager $groupManager * @param IUser|null $user * @return bool */ public static function isSharingDisabledForUser(IConfig $config, IGroupManager $groupManager, $user) { if ($config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') { $groupsList = $config->getAppValue('core', 'shareapi_exclude_groups_list', ''); $excludedGroups = json_decode($groupsList); if (is_null($excludedGroups)) { $excludedGroups = explode(',', $groupsList); $newValue = json_encode($excludedGroups); $config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue); } $usersGroups = $groupManager->getUserGroupIds($user); if (!empty($usersGroups)) { $remainingGroups = array_diff($usersGroups, $excludedGroups); // if the user is only in groups which are disabled for sharing then // sharing is also disabled for the user if (empty($remainingGroups)) { return true; } } } return false; }