/**
* returns a list of users
*
* @return OC_OCS_Result
*/
public function getUsers()
{
$search = !empty($_GET['search']) ? $_GET['search'] : '';
$limit = !empty($_GET['limit']) ? $_GET['limit'] : null;
$offset = !empty($_GET['offset']) ? $_GET['offset'] : null;
// Check if user is logged in
$user = $this->userSession->getUser();
if ($user === null) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
// Admin? Or SubAdmin?
if ($this->groupManager->isAdmin($user->getUID())) {
$users = $this->userManager->search($search, $limit, $offset);
} else {
if (\OC_SubAdmin::isSubAdmin($user->getUID())) {
$subAdminOfGroups = \OC_SubAdmin::getSubAdminsGroups($user->getUID());
if ($offset === null) {
$offset = 0;
}
$users = [];
foreach ($subAdminOfGroups as $group) {
$users = array_merge($users, $this->groupManager->displayNamesInGroup($group, $search));
}
$users = array_slice($users, $offset, $limit);
} else {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
}
$users = array_keys($users);
return new OC_OCS_Result(['users' => $users]);
}
/**
* Check if the user is a subadmin, send json error msg if not
*/
public static function checkSubAdminUser()
{
if (!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
$l = OC_L10N::get('lib');
self::error(array('data' => array('message' => $l->t('Authentication error'), 'error' => 'authentication_error')));
exit;
}
}
/**
* Check if the user is a subadmin, send json error msg if not
*/
public static function checkSubAdminUser() {
self::checkLoggedIn();
self::verifyUser();
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
$l = OC_L10N::get('lib');
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit();
}
}
/**
* returns an array of users in the group specified
*/
public static function getGroup($parameters)
{
// Check the group exists
if (!OC_Group::groupExists($parameters['groupid'])) {
return new OC_OCS_Result(null, \OC_API::RESPOND_NOT_FOUND, 'The requested group could not be found');
}
// Check subadmin has access to this group
if (\OC_User::isAdminUser(\OC_User::getUser()) || in_array($parameters['groupid'], \OC_SubAdmin::getSubAdminsGroups(\OC_User::getUser()))) {
return new OC_OCS_Result(array('users' => OC_Group::usersInGroup($parameters['groupid'])));
} else {
return new OC_OCS_Result(null, \OC_API::RESPOND_UNAUTHORISED, 'User does not have access to specified group');
}
}
private function getAdministeredGroups()
{
$this->requireLogin();
if (class_exists('\\OC_SubAdmin', true)) {
return \OC_SubAdmin::getSubAdminsGroups($this->getUserId());
}
// Nextcloud 9
$subadmin = new \OC\SubAdmin(\OC::$server->getUserManager(), \OC::$server->getGroupManager(), \OC::$server->getDatabaseConnection());
$ocgroups = $subadmin->getSubAdminsGroups($this->user);
$groups = array();
foreach ($ocgroups as $ocgroup) {
$groups[] = $ocgroup->getGID();
}
return $groups;
}
/**
* returns an array of users in the group specified
*/
public function getGroup($parameters)
{
// Check if user is logged in
$user = $this->userSession->getUser();
if ($user === null) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
// Check the group exists
if (!$this->groupManager->groupExists($parameters['groupid'])) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested group could not be found');
}
// Check subadmin has access to this group
if ($this->groupManager->isAdmin($user->getUID()) || in_array($parameters['groupid'], \OC_SubAdmin::getSubAdminsGroups($user->getUID()))) {
$users = $this->groupManager->get($parameters['groupid'])->getUsers();
$users = array_map(function ($user) {
return $user->getUID();
}, $users);
$users = array_values($users);
return new OC_OCS_Result(['users' => $users]);
} else {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED, 'User does not have access to specified group');
}
}
public function testGetSubAdminsOfGroup()
{
$user1 = $this->generateUsers();
$user2 = $this->generateUsers();
self::loginAsUser($user1);
\OC_Group::addToGroup($user1, 'admin');
$group1 = $this->getUniqueID();
\OC_Group::createGroup($group1);
\OC_SubAdmin::createSubAdmin($user2, $group1);
$result = \OCA\provisioning_api\Groups::getSubAdminsOfGroup(array('groupid' => $group1));
$this->assertInstanceOf('OC_OCS_Result', $result);
$this->assertTrue($result->succeeded());
$data = $result->getData();
$this->assertEquals($user2, reset($data));
\OC_Group::deleteGroup($group1);
$user1 = $this->generateUsers();
self::loginAsUser($user1);
\OC_Group::addToGroup($user1, 'admin');
$result = \OCA\provisioning_api\Groups::getSubAdminsOfGroup(array('groupid' => $this->getUniqueID()));
$this->assertInstanceOf('OC_OCS_Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
}
/**
* @param array $calendar
* @param string $userId
* @return boolean
*/
private static function isAllowedToDeleteCalendar($calendar)
{
$userId = OCP\User::getUser();
//in case it is called by command line or cron
if ($userId == '') {
return true;
}
if ($calendar['userid'] === $userId) {
return true;
}
if (OC_User::isAdminUser($userId)) {
return true;
}
if (OC_SubAdmin::isUserAccessible($userId, $calendar['userid'])) {
return true;
}
return false;
}
<?php
// Check if we are a user
OCP\JSON::callCheck();
OC_JSON::checkLoggedIn();
// Manually load apps to ensure hooks work correctly (workaround for issue 1503)
OC_APP::loadApps();
$username = isset($_POST['username']) ? $_POST['username'] : OC_User::getUser();
$password = isset($_POST['password']) ? $_POST['password'] : null;
$oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '';
$recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null;
$userstatus = null;
if (OC_User::isAdminUser(OC_User::getUser())) {
$userstatus = 'admin';
}
if (OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
$userstatus = 'subadmin';
}
if (OC_User::getUser() === $username && OC_User::checkPassword($username, $oldPassword)) {
$userstatus = 'user';
}
if (is_null($userstatus)) {
OC_JSON::error(array('data' => array('message' => 'Authentication error')));
exit;
}
if (\OCP\App::isEnabled('files_encryption') && $userstatus !== 'user') {
//handle the recovery case
$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username);
$recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
$validRecoveryPassword = false;
$recoveryPasswordSupported = false;
$pattern = '';
}
$users = array();
$userManager = \OC_User::getManager();
if (OC_User::isAdminUser(OC_User::getUser())) {
if ($gid !== false) {
$batch = OC_Group::displayNamesInGroup($gid, $pattern, $limit, $offset);
} else {
$batch = OC_User::getDisplayNames($pattern, $limit, $offset);
}
foreach ($batch as $uid => $displayname) {
$user = $userManager->get($uid);
$users[] = array('name' => $uid, 'displayname' => $displayname, 'groups' => join(', ', OC_Group::getUserGroups($uid)), 'subadmin' => join(', ', OC_SubAdmin::getSubAdminsGroups($uid)), 'quota' => OC_Preferences::getValue($uid, 'files', 'quota', 'default'), 'storageLocation' => $user->getHome(), 'lastLogin' => $user->getLastLogin());
}
} else {
$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
if ($gid !== false && in_array($gid, $groups)) {
$groups = array($gid);
} elseif ($gid !== false) {
//don't you try to investigate loops you must not know about
$groups = array();
}
$batch = OC_Group::usersInGroups($groups, $pattern, $limit, $offset);
foreach ($batch as $uid) {
$user = $userManager->get($uid);
// Only add the groups, this user is a subadmin of
$userGroups = array_intersect(OC_Group::getUserGroups($uid), OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()));
$users[] = array('name' => $uid, 'displayname' => $user->getDisplayName(), 'groups' => join(', ', $userGroups), 'quota' => OC_Preferences::getValue($uid, 'files', 'quota', 'default'), 'storageLocation' => $user->getHome(), 'lastLogin' => $user->getLastLogin());
}
}
OC_JSON::success(array('data' => $users));
<?php
// Init owncloud
require_once '../../lib/base.php';
OC_JSON::checkAdminUser();
OCP\JSON::callCheck();
$username = $_POST["username"];
$group = OC_Util::sanitizeHTML($_POST["group"]);
// Toggle group
if (OC_SubAdmin::isSubAdminofGroup($username, $group)) {
OC_SubAdmin::deleteSubAdmin($username, $group);
} else {
OC_SubAdmin::createSubAdmin($username, $group);
}
OC_JSON::success();
if (isset($_POST["groups"])) {
$groups = $_POST["groups"];
}
} else {
if (isset($_POST["groups"])) {
$groups = array();
foreach ($_POST["groups"] as $group) {
if (OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group)) {
$groups[] = $group;
}
}
if (count($groups) == 0) {
$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
}
} else {
$groups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
}
}
$username = $_POST["username"];
$password = $_POST["password"];
// Does the group exist?
if (in_array($username, OC_User::getUsers())) {
OC_JSON::error(array("data" => array("message" => "User already exists")));
exit;
}
// Return Success story
try {
OC_User::createUser($username, $password);
foreach ($groups as $i) {
if (!OC_Group::groupExists($i)) {
OC_Group::createGroup($i);
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$username = isset($_POST["username"]) ? (string) $_POST["username"] : '';
if ($username === '' && !OC_User::isAdminUser(OC_User::getUser()) || !OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
$l = \OC::$server->getL10N('core');
OC_JSON::error(array('data' => array('message' => $l->t('Authentication error'))));
exit;
}
//make sure the quota is in the expected format
$quota = (string) $_POST["quota"];
if ($quota !== 'none' and $quota !== 'default') {
$quota = OC_Helper::computerFileSize($quota);
$quota = OC_Helper::humanFileSize($quota);
}
// Return Success story
if ($username) {
\OC::$server->getConfig()->setUserValue($username, 'files', 'quota', $quota);
} else {
//set the default quota when no username is specified
/**
* Check if the user is a subadmin, redirects to home if not
*
* @return null|boolean $groups where the current user is subadmin
*/
public static function checkSubAdminUser()
{
OC_Util::checkLoggedIn();
if (!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
header('Location: ' . OC_Helper::linkToAbsolute('', 'index.php'));
exit;
}
return true;
}
<?php
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$success = true;
$username = $_POST["username"];
$group = $_POST["group"];
if ($username == OC_User::getUser() && $group == "admin" && OC_User::isAdminUser($username)) {
$l = OC_L10N::get('core');
OC_JSON::error(array('data' => array('message' => $l->t('Admins can\'t remove themself from the admin group'))));
exit;
}
if (!OC_User::isAdminUser(OC_User::getUser()) && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
$l = OC_L10N::get('core');
OC_JSON::error(array('data' => array('message' => $l->t('Authentication error'))));
exit;
}
if (!OC_Group::groupExists($group)) {
OC_Group::createGroup($group);
}
$l = OC_L10N::get('settings');
$error = $l->t("Unable to add user to group %s", $group);
$action = "add";
// Toggle group
if (OC_Group::inGroup($username, $group)) {
$action = "remove";
$error = $l->t("Unable to remove user from group %s", $group);
$success = OC_Group::removeFromGroup($username, $group);
$usersInGroup = OC_Group::usersInGroup($group);
if (count($usersInGroup) == 0) {
OC_Group::deleteGroup($group);
<?php
OC_JSON::callCheck();
OC_JSON::checkSubAdminUser();
$userCount = 0;
$currentUser = \OC::$server->getUserSession()->getUser()->getUID();
if (!OC_User::isAdminUser($currentUser)) {
$groups = OC_SubAdmin::getSubAdminsGroups($currentUser);
foreach ($groups as $group) {
$userCount += count(OC_Group::usersInGroup($group));
}
} else {
$userCountArray = \OC::$server->getUserManager()->countUsers();
if (!empty($userCountArray)) {
foreach ($userCountArray as $classname => $usercount) {
$userCount += $usercount;
}
}
}
OC_JSON::success(array('count' => $userCount));
public static function changeUserPassword($args)
{
// Check if we are an user
\OC_JSON::callCheck();
\OC_JSON::checkLoggedIn();
// Manually load apps to ensure hooks work correctly (workaround for issue 1503)
\OC_App::loadApps();
if (isset($_POST['username'])) {
$username = $_POST['username'];
} else {
$l = new \OC_L10n('settings');
\OC_JSON::error(array('data' => array('message' => $l->t('No user supplied'))));
exit;
}
$password = isset($_POST['password']) ? $_POST['password'] : null;
$recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null;
if (\OC_User::isAdminUser(\OC_User::getUser())) {
$userstatus = 'admin';
} elseif (\OC_SubAdmin::isUserAccessible(\OC_User::getUser(), $username)) {
$userstatus = 'subadmin';
} else {
$l = new \OC_L10n('settings');
\OC_JSON::error(array('data' => array('message' => $l->t('Authentication error'))));
exit;
}
if (\OC_App::isEnabled('files_encryption')) {
//handle the recovery case
$util = new \OCA\Encryption\Util(new \OC_FilesystemView('/'), $username);
$recoveryAdminEnabled = \OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
$validRecoveryPassword = false;
$recoveryPasswordSupported = false;
if ($recoveryAdminEnabled) {
$validRecoveryPassword = $util->checkRecoveryPassword($recoveryPassword);
$recoveryEnabledForUser = $util->recoveryEnabledForUser();
}
if ($recoveryEnabledForUser && $recoveryPassword === '') {
$l = new \OC_L10n('settings');
\OC_JSON::error(array('data' => array('message' => $l->t('Please provide an admin recovery password, otherwise all user data will be lost'))));
} elseif ($recoveryEnabledForUser && !$validRecoveryPassword) {
$l = new \OC_L10n('settings');
\OC_JSON::error(array('data' => array('message' => $l->t('Wrong admin recovery password. Please check the password and try again.'))));
} else {
// now we know that everything is fine regarding the recovery password, let's try to change the password
$result = \OC_User::setPassword($username, $password, $recoveryPassword);
if (!$result && $recoveryPasswordSupported) {
$l = new \OC_L10n('settings');
\OC_JSON::error(array("data" => array("message" => $l->t("Back-end doesn't support password change, but the users encryption key was successfully updated."))));
} elseif (!$result && !$recoveryPasswordSupported) {
$l = new \OC_L10n('settings');
\OC_JSON::error(array("data" => array("message" => $l->t("Unable to change password"))));
} else {
\OC_JSON::success(array("data" => array("username" => $username)));
}
}
} else {
// if encryption is disabled, proceed
if (!is_null($password) && \OC_User::setPassword($username, $password)) {
\OC_JSON::success(array('data' => array('username' => $username)));
} else {
$l = new \OC_L10n('settings');
\OC_JSON::error(array('data' => array('message' => $l->t('Unable to change password'))));
}
}
}
$quotaPreset = explode(',', $quotaPreset);
foreach ($quotaPreset as &$preset) {
$preset = trim($preset);
}
$quotaPreset = array_diff($quotaPreset, array('default', 'none'));
$defaultQuota = OC_Appconfig::getValue('files', 'default_quota', 'none');
$defaultQuotaIsUserDefined = array_search($defaultQuota, $quotaPreset) === false && array_search($defaultQuota, array('none', 'default')) === false;
// load users and quota
foreach ($accessibleusers as $uid => $displayName) {
$quota = OC_Preferences::getValue($uid, 'files', 'quota', 'default');
$isQuotaUserDefined = array_search($quota, $quotaPreset) === false && array_search($quota, array('none', 'default')) === false;
$name = $displayName;
if ($displayName !== $uid) {
$name = $name . ' (' . $uid . ')';
}
$users[] = array("name" => $uid, "displayName" => $displayName, "groups" => OC_Group::getUserGroups($uid), 'quota' => $quota, 'isQuotaUserDefined' => $isQuotaUserDefined, 'subadmin' => OC_SubAdmin::getSubAdminsGroups($uid));
}
foreach ($accessiblegroups as $i) {
// Do some more work here soon
$groups[] = array("name" => $i);
}
$tmpl = new OC_Template("settings", "users", "user");
$tmpl->assign('users', $users);
$tmpl->assign('groups', $groups);
$tmpl->assign('isadmin', (int) $isadmin);
$tmpl->assign('subadmins', $subadmins);
$tmpl->assign('numofgroups', count($accessiblegroups));
$tmpl->assign('quota_preset', $quotaPreset);
$tmpl->assign('default_quota', $defaultQuota);
$tmpl->assign('defaultQuotaIsUserDefined', $defaultQuotaIsUserDefined);
$tmpl->assign('recoveryAdminEnabled', $recoveryAdminEnabled);
<?php
/**
* Copyright (c) 2012, Robin Appelman <*****@*****.**>
* This file is licensed under the Affero General Public License version 3 or later.
* See the COPYING-README file.
*/
// Init owncloud
require_once '../../lib/base.php';
OC_JSON::checkSubAdminUser();
OCP\JSON::callCheck();
$username = isset($_POST["username"]) ? $_POST["username"] : '';
if ($username == '' && !OC_Group::inGroup(OC_User::getUser(), 'admin') || !OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
$l = OC_L10N::get('core');
OC_JSON::error(array('data' => array('message' => $l->t('Authentication error'))));
exit;
}
//make sure the quota is in the expected format
$quota = $_POST["quota"];
if ($quota != 'none' and $quota != 'default') {
$quota = OC_Helper::computerFileSize($quota);
if ($quota == 0) {
$quota = 'default';
} else {
$quota = OC_Helper::humanFileSize($quota);
}
}
// Return Success story
if ($username) {
OC_Preferences::setValue($username, 'files', 'quota', $quota);
} else {
$UserTokenSeed = "";
$UserLocked = "";
$UserAlgorithm = "";
$UserPin = "";
$UserPrefixPin = "";
//get otp information :
$OtpExist = $mOtp->CheckUserExists($uid);
if ($OtpExist) {
$mOtp->SetUser($uid);
$UserTokenSeed = base32_encode(hex2bin($mOtp->GetUserTokenSeed()));
$UserLocked = $mOtp->GetUserLocked();
$UserAlgorithm = $mOtp->GetUserAlgorithm();
$UserPin = $mOtp->GetUserPin();
$UserPrefixPin = $mOtp->GetUserPrefixPin();
}
$users[] = array("name" => $uid, "displayName" => $displayName, "groups" => OC_Group::getUserGroups($uid), 'subadmin' => OC_SubAdmin::getSubAdminsGroups($uid), 'OtpExist' => $OtpExist, 'UserTokenSeed' => $UserTokenSeed, 'UserLocked' => $UserLocked, 'UserAlgorithm' => $UserAlgorithm, 'UserPin' => $UserPin, 'UserPrefixPin' => $UserPrefixPin);
}
foreach ($accessiblegroups as $i) {
// Do some more work here soon
$groups[] = array("name" => $i);
}
$tmpl = new OC_Template("user_otp", "list_users", "user");
$tmpl->assign('PrefixPin', OCP\Config::getAppValue('user_otp', 'UserPrefixPin', '0') ? 1 : 0);
$tmpl->assign('users', $users);
$tmpl->assign('groups', $groups);
$tmpl->assign('isadmin', (int) $isadmin);
$tmpl->assign('subadmins', $subadmins);
$tmpl->assign('numofgroups', count($accessiblegroups));
//~ $tmpl->assign( 'quota_preset', $quotaPreset);
//~ $tmpl->assign( 'default_quota', $defaultQuota);
//~ $tmpl->assign( 'defaultQuotaIsUserDefined', $defaultQuotaIsUserDefined);
/**
* @param IUser $user
* @param array $userGroups
* @return array
*/
private function formatUserForIndex(IUser $user, array $userGroups = null)
{
// TODO: eliminate this encryption specific code below and somehow
// hook in additional user info from other apps
// recovery isn't possible if admin or user has it disabled and encryption
// is enabled - so we eliminate the else paths in the conditional tree
// below
$restorePossible = false;
if ($this->isEncryptionAppEnabled) {
if ($this->isRestoreEnabled) {
// check for the users recovery setting
$recoveryMode = $this->config->getUserValue($user->getUID(), 'encryption', 'recoveryEnabled', '0');
// method call inside empty is possible with PHP 5.5+
$recoveryModeEnabled = !empty($recoveryMode);
if ($recoveryModeEnabled) {
// user also has recovery mode enabled
$restorePossible = true;
}
}
} else {
// recovery is possible if encryption is disabled (plain files are
// available)
$restorePossible = true;
}
return ['name' => $user->getUID(), 'displayname' => $user->getDisplayName(), 'groups' => empty($userGroups) ? $this->groupManager->getUserGroupIds($user) : $userGroups, 'subadmin' => \OC_SubAdmin::getSubAdminsGroups($user->getUID()), 'quota' => $this->config->getUserValue($user->getUID(), 'files', 'quota', 'default'), 'storageLocation' => $user->getHome(), 'lastLogin' => $user->getLastLogin() * 1000, 'backend' => $user->getBackendClassName(), 'email' => $this->config->getUserValue($user->getUID(), 'settings', 'email', ''), 'isRestoreDisabled' => !$restorePossible];
}
public function testGetSubAdminsOfGroup()
{
$user1 = $this->generateUsers();
$user2 = $this->generateUsers();
$this->userSession->setUser($user1);
$this->groupManager->get('admin')->addUser($user1);
$group1 = $this->groupManager->createGroup($this->getUniqueID());
\OC_SubAdmin::createSubAdmin($user2->getUID(), $group1->getGID());
$result = $this->api->getSubAdminsOfGroup(['groupid' => $group1->getGID()]);
$this->assertInstanceOf('OC_OCS_Result', $result);
$this->assertTrue($result->succeeded());
$data = $result->getData();
$this->assertEquals($user2->getUID(), reset($data));
$group1->delete();
$user1 = $this->generateUsers();
$this->userSession->setUser($user1);
$this->groupManager->get('admin')->addUser($user1);
$result = $this->api->getSubAdminsOfGroup(['groupid' => $this->getUniqueID()]);
$this->assertInstanceOf('OC_OCS_Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
}
/**
* Set the mail address of a user
*
* @NoAdminRequired
* @NoSubadminRequired
*
* @param string $id
* @param string $mailAddress
* @return DataResponse
*
* TODO: Tidy up and write unit tests - code is mainly static method calls
*/
public function setMailAddress($id, $mailAddress)
{
// FIXME: Remove this static function call at some point…
if ($this->userSession->getUser()->getUID() !== $id && !$this->isAdmin && !\OC_SubAdmin::isUserAccessible($this->userSession->getUser()->getUID(), $id)) {
return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Forbidden'))), Http::STATUS_FORBIDDEN);
}
if ($mailAddress !== '' && !$this->mail->validateAddress($mailAddress)) {
return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Invalid mail address'))), Http::STATUS_UNPROCESSABLE_ENTITY);
}
$user = $this->userManager->get($id);
if (!$user) {
return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Invalid user'))), Http::STATUS_UNPROCESSABLE_ENTITY);
}
// this is the only permission a backend provides and is also used
// for the permission of setting a email address
if (!$user->canChangeDisplayName()) {
return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Unable to change mail address'))), Http::STATUS_FORBIDDEN);
}
$this->config->setUserValue($id, 'settings', 'email', $mailAddress);
return new DataResponse(array('status' => 'success', 'data' => array('username' => $id, 'mailAddress' => $mailAddress, 'message' => (string) $this->l10n->t('Email saved'))), Http::STATUS_OK);
}
/**
* Check if the user is a subadmin, redirects to home if not
* @return array $groups where the current user is subadmin
*/
public static function checkSubAdminUser()
{
// Check if we are a user
self::checkLoggedIn();
self::verifyUser();
if (OC_Group::inGroup(OC_User::getUser(), 'admin')) {
return true;
}
if (!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
header('Location: ' . OC_Helper::linkToAbsolute('', 'index.php'));
exit;
}
return true;
}
/**
* authenticate the api call
* @param array $action the action details as supplied to OC_API::register()
* @return bool
*/
private static function isAuthorised($action)
{
$level = $action['authlevel'];
switch ($level) {
case API::GUEST_AUTH:
// Anyone can access
return true;
break;
case API::USER_AUTH:
// User required
return self::loginUser();
break;
case API::SUBADMIN_AUTH:
// Check for subadmin
$user = self::loginUser();
if (!$user) {
return false;
} else {
$subAdmin = OC_SubAdmin::isSubAdmin($user);
$admin = OC_User::isAdminUser($user);
if ($subAdmin || $admin) {
return true;
} else {
return false;
}
}
break;
case API::ADMIN_AUTH:
// Check for admin
$user = self::loginUser();
if (!$user) {
return false;
} else {
return OC_User::isAdminUser($user);
}
break;
default:
// oops looks like invalid level supplied
return false;
break;
}
}
/**
* returns the available groups
* @param string $search a search string
* @return \OC\Group\Group[]
*/
private function getGroups($search = '')
{
if ($this->isAdmin) {
return $this->groupManager->search($search);
} else {
// FIXME: Remove static method call
$groupIds = \OC_SubAdmin::getSubAdminsGroups($this->user);
/* \OC_SubAdmin::getSubAdminsGroups() returns an array of GIDs, but this
* method is expected to return an array with the GIDs as keys and group objects as
* values, so we need to convert this information.
*/
$groups = array();
foreach ($groupIds as $gid) {
$group = $this->groupManager->get($gid);
if (!is_null($group)) {
$groups[$gid] = $group;
}
}
return $groups;
}
}
$sortGroupsBy = \OC\Group\MetaData::SORT_USERCOUNT;
if (\OC_App::isEnabled('user_ldap')) {
$isLDAPUsed = $groupManager->isBackendUsed('\\OCA\\user_ldap\\GROUP_LDAP') || $groupManager->isBackendUsed('\\OCA\\user_ldap\\Group_Proxy');
if ($isLDAPUsed) {
// LDAP user count can be slow, so we sort by group name here
$sortGroupsBy = \OC\Group\MetaData::SORT_GROUPNAME;
}
}
$config = \OC::$server->getConfig();
$isAdmin = OC_User::isAdminUser(OC_User::getUser());
$groupsInfo = new \OC\Group\MetaData(OC_User::getUser(), $isAdmin, $groupManager);
$groupsInfo->setSorting($sortGroupsBy);
list($adminGroup, $groups) = $groupsInfo->get();
$recoveryAdminEnabled = OC_App::isEnabled('encryption') && $config->getAppValue('encryption', 'recoveryAdminEnabled', null);
if ($isAdmin) {
$subadmins = OC_SubAdmin::getAllSubAdmins();
} else {
/* Retrieve group IDs from $groups array, so we can pass that information into OC_Group::displayNamesInGroups() */
$gids = array();
foreach ($groups as $group) {
if (isset($group['id'])) {
$gids[] = $group['id'];
}
}
$subadmins = false;
}
// load preset quotas
$quotaPreset = $config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB');
$quotaPreset = explode(',', $quotaPreset);
foreach ($quotaPreset as &$preset) {
$preset = trim($preset);
OC_Util::addStyle('settings', 'settings');
OC_App::setActiveNavigationEntry('core_users');
$users = array();
$groups = array();
$isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin') ? true : false;
if ($isadmin) {
$accessiblegroups = OC_Group::getGroups();
$accessibleusers = OC_User::getUsers('', 30);
$subadmins = OC_SubAdmin::getAllSubAdmins();
} else {
$accessiblegroups = OC_SubAdmin::getSubAdminsGroups(OC_User::getUser());
$accessibleusers = OC_Group::usersInGroups($accessiblegroups, '', 30);
$subadmins = false;
}
foreach ($accessibleusers as $i) {
$users[] = array("name" => $i, "groups" => join(", ", OC_Group::getUserGroups($i)), 'quota' => OC_Preferences::getValue($i, 'files', 'quota', 'default'), 'subadmin' => implode(', ', OC_SubAdmin::getSubAdminsGroups($i)));
}
foreach ($accessiblegroups as $i) {
// Do some more work here soon
$groups[] = array("name" => $i);
}
$quotaPreset = OC_Appconfig::getValue('files', 'quota_preset', 'default,none,1 GB, 5 GB, 10 GB');
$quotaPreset = explode(',', $quotaPreset);
foreach ($quotaPreset as &$preset) {
$preset = trim($preset);
}
$defaultQuota = OC_Appconfig::getValue('files', 'default_quota', 'none');
$tmpl = new OC_Template("settings", "users", "user");
$tmpl->assign("users", $users);
$tmpl->assign("groups", $groups);
$tmpl->assign('isadmin', (int) $isadmin);
/**
* Returns the Settings Navigation
* @return string
*
* This function returns an array containing all settings pages added. The
* entries are sorted by the key 'order' ascending.
*/
public static function getSettingsNavigation()
{
$l = \OC::$server->getL10N('lib');
$settings = array();
// by default, settings only contain the help menu
if (OC_Util::getEditionString() === '' && OC_Config::getValue('knowledgebaseenabled', true) == true) {
$settings = array(array("id" => "help", "order" => 1000, "href" => OC_Helper::linkToRoute("settings_help"), "name" => $l->t("Help"), "icon" => OC_Helper::imagePath("settings", "help.svg")));
}
// if the user is logged-in
if (OC_User::isLoggedIn()) {
// personal menu
$settings[] = array("id" => "personal", "order" => 1, "href" => OC_Helper::linkToRoute("settings_personal"), "name" => $l->t("Personal"), "icon" => OC_Helper::imagePath("settings", "personal.svg"));
// if there are some settings forms
if (!empty(self::$settingsForms)) {
// settings menu
$settings[] = array("id" => "settings", "order" => 1000, "href" => OC_Helper::linkToRoute("settings_settings"), "name" => $l->t("Settings"), "icon" => OC_Helper::imagePath("settings", "settings.svg"));
}
//SubAdmins are also allowed to access user management
if (OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
// admin users menu
$settings[] = array("id" => "core_users", "order" => 2, "href" => OC_Helper::linkToRoute("settings_users"), "name" => $l->t("Users"), "icon" => OC_Helper::imagePath("settings", "users.svg"));
}
// if the user is an admin
if (OC_User::isAdminUser(OC_User::getUser())) {
// admin settings
$settings[] = array("id" => "admin", "order" => 1000, "href" => OC_Helper::linkToRoute("settings_admin"), "name" => $l->t("Admin"), "icon" => OC_Helper::imagePath("settings", "admin.svg"));
}
}
$navigation = self::proceedNavigation($settings);
return $navigation;
}
/**
* @param array $calendar
* @param string $userId
* @return boolean
*/
private static function isAllowedToDeleteCalendar($calendar)
{
$userId = OCP\User::getUser();
if ($calendar['userid'] === $userId) {
return true;
}
if (OC_User::isAdminUser($userId)) {
return true;
}
if (OC_SubAdmin::isUserAccessible($userId, $calendar['userid'])) {
return true;
}
return false;
}
