/**
* Check if an app is enabled for user
*
* @param string $appId
* @param \OCP\IUser $user (optional) if not defined, the currently logged in user will be used
* @return bool
*/
public function isEnabledForUser($appId, $user = null)
{
if (is_null($user)) {
$user = $this->userSession->getUser();
}
$installedApps = $this->getInstalledApps();
if (isset($installedApps[$appId])) {
$enabled = $installedApps[$appId];
if ($enabled === 'yes') {
return true;
} elseif (is_null($user)) {
return false;
} else {
$groupIds = json_decode($enabled);
$userGroups = $this->groupManager->getUserGroupIds($user);
foreach ($userGroups as $groupId) {
if (array_search($groupId, $groupIds) !== false) {
return true;
}
}
return false;
}
} else {
return false;
}
}
protected function readDBConfig()
{
$userMounts = $this->dbConfig->getAdminMountsFor(DBConfigService::APPLICABLE_TYPE_USER, $this->getUser()->getUID());
$globalMounts = $this->dbConfig->getAdminMountsFor(DBConfigService::APPLICABLE_TYPE_GLOBAL, null);
$groups = $this->groupManager->getUserGroupIds($this->getUser());
if (is_array($groups) && count($groups) !== 0) {
$groupMounts = $this->dbConfig->getAdminMountsForMultiple(DBConfigService::APPLICABLE_TYPE_GROUP, $groups);
} else {
$groupMounts = [];
}
return array_merge($userMounts, $groupMounts, $globalMounts);
}
/**
* Detect unmerged received shares and merge them properly
*/
private function fixUnmergedShares(IOutput $out, IUser $user)
{
$groups = $this->groupManager->getUserGroupIds($user);
if (empty($groups)) {
// user is in no groups, so can't have received group shares
return;
}
$subSharesByItemSource = $this->getSharesWithUser(DefaultShareProvider::SHARE_TYPE_USERGROUP, [$user->getUID()]);
if (empty($subSharesByItemSource)) {
// nothing to repair for this user
return;
}
$groupSharesByItemSource = $this->getSharesWithUser(Constants::SHARE_TYPE_GROUP, $groups);
if (empty($groupSharesByItemSource)) {
// shouldn't happen, those invalid shares must be cleant already by RepairInvalidShares
return;
}
// because sometimes one wants to give the user more permissions than the group share
$userSharesByItemSource = $this->getSharesWithUser(Constants::SHARE_TYPE_USER, [$user->getUID()]);
foreach ($groupSharesByItemSource as $itemSource => $groupShares) {
if (!isset($subSharesByItemSource[$itemSource])) {
// no subshares for this item source, skip it
continue;
}
$subShares = $subSharesByItemSource[$itemSource];
if (isset($userSharesByItemSource[$itemSource])) {
// add it to the subshares to get a similar treatment
$subShares = array_merge($subShares, $userSharesByItemSource[$itemSource]);
}
$this->fixThisShare($groupShares, $subShares);
}
}
/**
* Copied from \OC_Util::isSharingDisabledForUser
*
* TODO: Deprecate fuction from OC_Util
*
* @param string $userId
* @return bool
*/
public function sharingDisabledForUser($userId)
{
if ($userId === null) {
return false;
}
if (isset($this->sharingDisabledForUsersCache[$userId])) {
return $this->sharingDisabledForUsersCache[$userId];
}
if ($this->config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') {
$groupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
$excludedGroups = json_decode($groupsList);
if (is_null($excludedGroups)) {
$excludedGroups = explode(',', $groupsList);
$newValue = json_encode($excludedGroups);
$this->config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue);
}
$user = $this->userManager->get($userId);
$usersGroups = $this->groupManager->getUserGroupIds($user);
if (!empty($usersGroups)) {
$remainingGroups = array_diff($usersGroups, $excludedGroups);
// if the user is only in groups which are disabled for sharing then
// sharing is also disabled for the user
if (empty($remainingGroups)) {
$this->sharingDisabledForUsersCache[$userId] = true;
return true;
}
}
}
$this->sharingDisabledForUsersCache[$userId] = false;
return false;
}
/**
* @param string $enabled
* @param IUser $user
* @return bool
*/
private function checkAppForUser($enabled, $user)
{
if ($enabled === 'yes') {
return true;
} elseif (is_null($user)) {
return false;
} else {
if (empty($enabled)) {
return false;
}
$groupIds = json_decode($enabled);
if (!is_array($groupIds)) {
$jsonError = json_last_error();
\OC::$server->getLogger()->warning('AppManger::checkAppForUser - can\'t decode group IDs: ' . print_r($enabled, true) . ' - json error code: ' . $jsonError, ['app' => 'lib']);
return false;
}
$userGroups = $this->groupManager->getUserGroupIds($user);
foreach ($userGroups as $groupId) {
if (array_search($groupId, $groupIds) !== false) {
return true;
}
}
return false;
}
}
/**
* @param array $parameters
* @return OC_OCS_Result
*/
public function getUsersGroups($parameters)
{
// Check if user is logged in
$loggedInUser = $this->userSession->getUser();
if ($loggedInUser === null) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$targetUser = $this->userManager->get($parameters['userid']);
if ($targetUser === null) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND);
}
if ($targetUser->getUID() === $loggedInUser->getUID() || $this->groupManager->isAdmin($loggedInUser->getUID())) {
// Self lookup or admin lookup
return new OC_OCS_Result(['groups' => $this->groupManager->getUserGroupIds($targetUser)]);
} else {
$subAdminManager = $this->groupManager->getSubAdmin();
// Looking up someone else
if ($subAdminManager->isUserAccessible($loggedInUser, $targetUser)) {
// Return the group that the method caller is subadmin of for the user in question
$getSubAdminsGroups = $subAdminManager->getSubAdminsGroups($loggedInUser);
foreach ($getSubAdminsGroups as $key => $group) {
$getSubAdminsGroups[$key] = $group->getGID();
}
$groups = array_intersect($getSubAdminsGroups, $this->groupManager->getUserGroupIds($targetUser));
return new OC_OCS_Result(array('groups' => $groups));
} else {
// Not permitted
return new OC_OCS_Result(null, 997);
}
}
}
/**
* @NoAdminRequired
*
* @param string $username
* @param string $password
* @param array $groups
* @param string $email
* @return DataResponse
*/
public function create($username, $password, array $groups = array(), $email = '')
{
if ($email !== '' && !$this->mail->validateAddress($email)) {
return new DataResponse(array('message' => (string) $this->l10n->t('Invalid mail address')), Http::STATUS_UNPROCESSABLE_ENTITY);
}
if (!$this->isAdmin) {
$userId = $this->userSession->getUser()->getUID();
if (!empty($groups)) {
foreach ($groups as $key => $group) {
if (!$this->subAdminFactory->isGroupAccessible($userId, $group)) {
unset($groups[$key]);
}
}
}
if (empty($groups)) {
$groups = $this->subAdminFactory->getSubAdminsOfGroups($userId);
}
}
if ($this->userManager->userExists($username)) {
return new DataResponse(array('message' => (string) $this->l10n->t('A user with that name already exists.')), Http::STATUS_CONFLICT);
}
try {
$user = $this->userManager->createUser($username, $password);
} catch (\Exception $exception) {
return new DataResponse(array('message' => (string) $this->l10n->t('Unable to create user.')), Http::STATUS_FORBIDDEN);
}
if ($user instanceof User) {
if ($groups !== null) {
foreach ($groups as $groupName) {
$group = $this->groupManager->get($groupName);
if (empty($group)) {
$group = $this->groupManager->createGroup($groupName);
}
$group->addUser($user);
}
}
/**
* Send new user mail only if a mail is set
*/
if ($email !== '') {
$this->config->setUserValue($username, 'settings', 'email', $email);
// data for the mail template
$mailData = array('username' => $username, 'url' => $this->urlGenerator->getAbsoluteURL('/'));
$mail = new TemplateResponse('settings', 'email.new_user', $mailData, 'blank');
$mailContent = $mail->render();
$mail = new TemplateResponse('settings', 'email.new_user_plain_text', $mailData, 'blank');
$plainTextMailContent = $mail->render();
$subject = $this->l10n->t('Your %s account was created', [$this->defaults->getName()]);
try {
$this->mail->send($email, $username, $subject, $mailContent, $this->fromMailAddress, $this->defaults->getName(), 1, $plainTextMailContent);
} catch (\Exception $e) {
$this->log->error("Can't send new user mail to {$email}: " . $e->getMessage(), array('app' => 'settings'));
}
}
// fetch users groups
$userGroups = $this->groupManager->getUserGroupIds($user);
return new DataResponse($this->formatUserForIndex($user, $userGroups), Http::STATUS_CREATED);
}
return new DataResponse(array('message' => (string) $this->l10n->t('Unable to create user.')), Http::STATUS_FORBIDDEN);
}
/**
* @param string $search
*/
protected function getUsers($search)
{
$this->result['users'] = $this->result['exact']['users'] = $users = [];
$userGroups = [];
if ($this->shareWithGroupOnly) {
// Search in all the groups this user is part of
$userGroups = $this->groupManager->getUserGroupIds($this->userSession->getUser());
foreach ($userGroups as $userGroup) {
$usersTmp = $this->groupManager->displayNamesInGroup($userGroup, $search, $this->limit, $this->offset);
foreach ($usersTmp as $uid => $userDisplayName) {
$users[$uid] = $userDisplayName;
}
}
} else {
// Search in all users
$usersTmp = $this->userManager->searchDisplayName($search, $this->limit, $this->offset);
foreach ($usersTmp as $user) {
$users[$user->getUID()] = $user->getDisplayName();
}
}
if (!$this->shareeEnumeration || sizeof($users) < $this->limit) {
$this->reachedEndFor[] = 'users';
}
$foundUserById = false;
foreach ($users as $uid => $userDisplayName) {
if (strtolower($uid) === $search || strtolower($userDisplayName) === $search) {
if (strtolower($uid) === $search) {
$foundUserById = true;
}
$this->result['exact']['users'][] = ['label' => $userDisplayName, 'value' => ['shareType' => Share::SHARE_TYPE_USER, 'shareWith' => $uid]];
} else {
$this->result['users'][] = ['label' => $userDisplayName, 'value' => ['shareType' => Share::SHARE_TYPE_USER, 'shareWith' => $uid]];
}
}
if ($this->offset === 0 && !$foundUserById) {
// On page one we try if the search result has a direct hit on the
// user id and if so, we add that to the exact match list
$user = $this->userManager->get($search);
if ($user instanceof IUser) {
$addUser = true;
if ($this->shareWithGroupOnly) {
// Only add, if we have a common group
$commonGroups = array_intersect($userGroups, $this->groupManager->getUserGroupIds($user));
$addUser = !empty($commonGroups);
}
if ($addUser) {
array_push($this->result['exact']['users'], ['label' => $user->getDisplayName(), 'value' => ['shareType' => Share::SHARE_TYPE_USER, 'shareWith' => $user->getUID()]]);
}
}
}
if (!$this->shareeEnumeration) {
$this->result['users'] = [];
}
}
/**
* Check if the user for this recipient propagator is the recipient of a share
*
* @param array $share
* @return bool
*/
private function isRecipientOfShare($share)
{
if ($share['share_with'] === $this->userId && $share['share_type'] == \OCP\Share::SHARE_TYPE_USER) {
// == since 'share_type' is a string
return true;
}
if ($share['share_type'] == \OCP\Share::SHARE_TYPE_GROUP) {
$groups = $this->groupManager->getUserGroupIds($this->user);
return in_array($share['share_with'], $groups);
}
return false;
}
/**
* @param string $enabled
* @param IUser $user
* @return bool
*/
private function checkAppForUser($enabled, $user)
{
if ($enabled === 'yes') {
return true;
} elseif (is_null($user)) {
return false;
} else {
$groupIds = json_decode($enabled);
$userGroups = $this->groupManager->getUserGroupIds($user);
foreach ($userGroups as $groupId) {
if (array_search($groupId, $groupIds) !== false) {
return true;
}
}
return false;
}
}
protected function isApplicable(StorageConfig $config)
{
$applicableUsers = $config->getApplicableUsers();
$applicableGroups = $config->getApplicableGroups();
if (count($applicableUsers) === 0 && count($applicableGroups) === 0) {
return true;
}
if (in_array($this->getUser()->getUID(), $applicableUsers, true)) {
return true;
}
$groupIds = $this->groupManager->getUserGroupIds($this->getUser());
foreach ($groupIds as $groupId) {
if (in_array($groupId, $applicableGroups, true)) {
return true;
}
}
return false;
}
/**
* {@inheritdoc}
*/
public function canUserAssignTag(ISystemTag $tag, IUser $user)
{
// early check to avoid unneeded group lookups
if ($tag->isUserAssignable() && $tag->isUserVisible()) {
return true;
}
if ($this->groupManager->isAdmin($user->getUID())) {
return true;
}
if (!$tag->isUserVisible()) {
return false;
}
$groupIds = $this->groupManager->getUserGroupIds($user);
if (!empty($groupIds)) {
$matchingGroups = array_intersect($groupIds, $this->getTagGroups($tag));
if (!empty($matchingGroups)) {
return true;
}
}
return false;
}
/**
* @param array $parameters
* @return OC_OCS_Result
*/
public function getUsersGroups($parameters)
{
// Check if user is logged in
$user = $this->userSession->getUser();
if ($user === null) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
if ($parameters['userid'] === $user->getUID() || $this->groupManager->isAdmin($user->getUID())) {
// Self lookup or admin lookup
return new OC_OCS_Result(['groups' => $this->groupManager->getUserGroupIds($this->userManager->get($parameters['userid']))]);
} else {
// Looking up someone else
if (OC_SubAdmin::isUserAccessible($user->getUID(), $parameters['userid'])) {
// Return the group that the method caller is subadmin of for the user in question
$groups = array_intersect(OC_SubAdmin::getSubAdminsGroups($user->getUID()), $this->groupManager->getUserGroupIds($this->userManager->get($parameters['userid'])));
return new OC_OCS_Result(array('groups' => $groups));
} else {
// Not permitted
return new OC_OCS_Result(null, 997);
}
}
}
/**
* check if sharing is disabled for the current user
* @param IConfig $config
* @param IGroupManager $groupManager
* @param IUser|null $user
* @return bool
*/
public static function isSharingDisabledForUser(IConfig $config, IGroupManager $groupManager, $user)
{
if ($config->getAppValue('core', 'shareapi_exclude_groups', 'no') === 'yes') {
$groupsList = $config->getAppValue('core', 'shareapi_exclude_groups_list', '');
$excludedGroups = json_decode($groupsList);
if (is_null($excludedGroups)) {
$excludedGroups = explode(',', $groupsList);
$newValue = json_encode($excludedGroups);
$config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue);
}
$usersGroups = $groupManager->getUserGroupIds($user);
if (!empty($usersGroups)) {
$remainingGroups = array_diff($usersGroups, $excludedGroups);
// if the user is only in groups which are disabled for sharing then
// sharing is also disabled for the user
if (empty($remainingGroups)) {
return true;
}
}
}
return false;
}
