/**
* @param string $id
* @return DataResponse
*/
public function create($id)
{
if ($this->groupManager->groupExists($id)) {
return new DataResponse(array('message' => (string) $this->l10n->t('Group already exists.')), Http::STATUS_CONFLICT);
}
if ($this->groupManager->createGroup($id)) {
return new DataResponse(array('groupname' => $id), Http::STATUS_CREATED);
}
return new DataResponse(array('status' => 'error', 'data' => array('message' => (string) $this->l10n->t('Unable to add group.'))), Http::STATUS_FORBIDDEN);
}
/**
* Creates a subadmin
*
* @param array $parameters
* @return OC_OCS_Result
*/
public function addSubAdmin($parameters)
{
$group = $_POST['groupid'];
$user = $parameters['userid'];
// Check if the user exists
if (!$this->userManager->userExists($user)) {
return new OC_OCS_Result(null, 101, 'User does not exist');
}
// Check if group exists
if (!$this->groupManager->groupExists($group)) {
return new OC_OCS_Result(null, 102, 'Group:' . $group . ' does not exist');
}
// Check if trying to make subadmin of admin group
if (strtolower($group) === 'admin') {
return new OC_OCS_Result(null, 103, 'Cannot create subadmins for admin group');
}
// We cannot be subadmin twice
if (OC_Subadmin::isSubAdminOfGroup($user, $group)) {
return new OC_OCS_Result(null, 100);
}
// Go
if (OC_Subadmin::createSubAdmin($user, $group)) {
return new OC_OCS_Result(null, 100);
} else {
return new OC_OCS_Result(null, 103, 'Unknown error occured');
}
}
/**
* Check for generic requirements before creating a share
*
* @param \OCP\Share\IShare $share
* @throws \InvalidArgumentException
* @throws GenericShareException
*/
protected function generalCreateChecks(\OCP\Share\IShare $share)
{
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) {
// We expect a valid user as sharedWith for user shares
if (!$this->userManager->userExists($share->getSharedWith())) {
throw new \InvalidArgumentException('SharedWith is not a valid user');
}
} else {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) {
// We expect a valid group as sharedWith for group shares
if (!$this->groupManager->groupExists($share->getSharedWith())) {
throw new \InvalidArgumentException('SharedWith is not a valid group');
}
} else {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
if ($share->getSharedWith() !== null) {
throw new \InvalidArgumentException('SharedWith should be empty');
}
} else {
// We can't handle other types yet
throw new \InvalidArgumentException('unkown share type');
}
}
}
// Verify the initiator of the share is set
if ($share->getSharedBy() === null) {
throw new \InvalidArgumentException('SharedBy should be set');
}
// Cannot share with yourself
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && $share->getSharedWith() === $share->getSharedBy()) {
throw new \InvalidArgumentException('Can\'t share with yourself');
}
// The path should be set
if ($share->getNode() === null) {
throw new \InvalidArgumentException('Path should be set');
}
// And it should be a file or a folder
if (!$share->getNode() instanceof \OCP\Files\File && !$share->getNode() instanceof \OCP\Files\Folder) {
throw new \InvalidArgumentException('Path should be either a file or a folder');
}
// Check if we actually have share permissions
if (!$share->getNode()->isShareable()) {
$message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]);
throw new GenericShareException($message_t, $message_t, 404);
}
// Permissions should be set
if ($share->getPermissions() === null) {
throw new \InvalidArgumentException('A share requires permissions');
}
// Check that we do not share with more permissions than we have
if ($share->getPermissions() & ~$share->getNode()->getPermissions()) {
$message_t = $this->l->t('Cannot increase permissions of %s', [$share->getNode()->getPath()]);
throw new GenericShareException($message_t, $message_t, 404);
}
// Check that read permissions are always set
if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) {
throw new \InvalidArgumentException('Shares need at least read permissions');
}
}
public function testDeleteGroup()
{
$group = $this->groupManager->createGroup($this->getUniqueId());
$result = $this->api->deleteGroup(['groupid' => $group->getGID()]);
$this->assertInstanceOf('OC_OCS_Result', $result);
$this->assertTrue($result->succeeded());
$this->assertFalse($this->groupManager->groupExists($group->getGID()));
}
public function setup()
{
$this->users = [];
$this->groups = [];
$this->userManager = \OC::$server->getUserManager();
$this->groupManager = \OC::$server->getGroupManager();
$this->dbConn = \OC::$server->getDatabaseConnection();
// Create 3 users and 3 groups
for ($i = 0; $i < 3; $i++) {
$this->users[] = $this->userManager->createUser('user' . $i, 'user');
$this->groups[] = $this->groupManager->createGroup('group' . $i);
}
// Create admin group
if (!$this->groupManager->groupExists('admin')) {
$this->groupManager->createGroup('admin');
}
}
public function getSubAdminsOfGroup($parameters)
{
$group = $parameters['groupid'];
// Check group exists
if (!$this->groupManager->groupExists($group)) {
return new OC_OCS_Result(null, 101, 'Group does not exist');
}
// Go
if (!($subadmins = OC_Subadmin::getGroupsSubAdmins($group))) {
return new OC_OCS_Result(null, 102, 'Unknown error occured');
} else {
return new OC_OCS_Result($subadmins);
}
}
/**
* @param array $parameters
* @return OC_OCS_Result
*/
public function deleteGroup($parameters)
{
// Check it exists
if (!$this->groupManager->groupExists($parameters['groupid'])) {
return new OC_OCS_Result(null, 101);
} else {
if ($parameters['groupid'] === 'admin' || !$this->groupManager->get($parameters['groupid'])->delete()) {
// Cannot delete admin group
return new OC_OCS_Result(null, 102);
} else {
return new OC_OCS_Result(null, 100);
}
}
}
public function setup()
{
$this->users = [];
$this->groups = [];
$this->userManager = \OC::$server->getUserManager();
$this->groupManager = \OC::$server->getGroupManager();
$this->dbConn = \OC::$server->getDatabaseConnection();
// Create 3 users and 3 groups
for ($i = 0; $i < 3; $i++) {
$this->users[] = $this->userManager->createUser('user' . $i, 'user');
$this->groups[] = $this->groupManager->createGroup('group' . $i);
}
// Create admin group
if (!$this->groupManager->groupExists('admin')) {
$this->groupManager->createGroup('admin');
}
// Create "orphaned" users and groups (scenario: temporarily disabled
// backend)
$qb = $this->dbConn->getQueryBuilder();
$qb->insert('group_admin')->values(['gid' => $qb->createNamedParameter($this->groups[0]->getGID()), 'uid' => $qb->createNamedParameter('orphanedUser')])->execute();
$qb->insert('group_admin')->values(['gid' => $qb->createNamedParameter('orphanedGroup'), 'uid' => $qb->createNamedParameter('orphanedUser')])->execute();
$qb->insert('group_admin')->values(['gid' => $qb->createNamedParameter('orphanedGroup'), 'uid' => $qb->createNamedParameter($this->users[0]->getUID())])->execute();
}
protected function execute(InputInterface $input, OutputInterface $output)
{
$mountId = $input->getArgument('mount_id');
try {
$mount = $this->globalService->getStorage($mountId);
} catch (NotFoundException $e) {
$output->writeln('<error>Mount with id "' . $mountId . ' not found, check "occ files_external:list" to get available mounts</error>');
return 404;
}
if ($mount->getType() === StorageConfig::MOUNT_TYPE_PERSONAl) {
$output->writeln('<error>Can\'t change applicables on personal mounts</error>');
return 1;
}
$addUsers = $input->getOption('add-user');
$removeUsers = $input->getOption('remove-user');
$addGroups = $input->getOption('add-group');
$removeGroups = $input->getOption('remove-group');
$applicableUsers = $mount->getApplicableUsers();
$applicableGroups = $mount->getApplicableGroups();
if (count($addUsers) + count($removeUsers) + count($addGroups) + count($removeGroups) > 0 || $input->getOption('remove-all')) {
foreach ($addUsers as $addUser) {
if (!$this->userManager->userExists($addUser)) {
$output->writeln('<error>User "' . $addUser . '" not found</error>');
return 404;
}
}
foreach ($addGroups as $addGroup) {
if (!$this->groupManager->groupExists($addGroup)) {
$output->writeln('<error>Group "' . $addGroup . '" not found</error>');
return 404;
}
}
if ($input->getOption('remove-all')) {
$applicableUsers = [];
$applicableGroups = [];
} else {
$applicableUsers = array_unique(array_merge($applicableUsers, $addUsers));
$applicableUsers = array_values(array_diff($applicableUsers, $removeUsers));
$applicableGroups = array_unique(array_merge($applicableGroups, $addGroups));
$applicableGroups = array_values(array_diff($applicableGroups, $removeGroups));
}
$mount->setApplicableUsers($applicableUsers);
$mount->setApplicableGroups($applicableGroups);
$this->globalService->updateStorage($mount);
}
$this->writeArrayInOutputFormat($input, $output, ['users' => $applicableUsers, 'groups' => $applicableGroups]);
}
/**
* @return OC_OCS_Result
*/
public function addUser()
{
$userId = isset($_POST['userid']) ? $_POST['userid'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
$groups = isset($_POST['groups']) ? $_POST['groups'] : null;
$user = $this->userSession->getUser();
$isAdmin = $this->groupManager->isAdmin($user->getUID());
$subAdminManager = $this->groupManager->getSubAdmin();
if (!$isAdmin && !$subAdminManager->isSubAdmin($user)) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
if ($this->userManager->userExists($userId)) {
$this->logger->error('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']);
return new OC_OCS_Result(null, 102, 'User already exists');
}
if (is_array($groups)) {
foreach ($groups as $group) {
if (!$this->groupManager->groupExists($group)) {
return new OC_OCS_Result(null, 104, 'group ' . $group . ' does not exist');
}
if (!$isAdmin && !$subAdminManager->isSubAdminofGroup($user, $this->groupManager->get($group))) {
return new OC_OCS_Result(null, 105, 'insufficient privileges for group ' . $group);
}
}
} else {
if (!$isAdmin) {
return new OC_OCS_Result(null, 106, 'no group specified (required for subadmins)');
}
}
try {
$newUser = $this->userManager->createUser($userId, $password);
$this->logger->info('Successful addUser call with userid: ' . $userId, ['app' => 'ocs_api']);
if (is_array($groups)) {
foreach ($groups as $group) {
$this->groupManager->get($group)->addUser($newUser);
$this->logger->info('Added userid ' . $userId . ' to group ' . $group, ['app' => 'ocs_api']);
}
}
return new OC_OCS_Result(null, 100);
} catch (\Exception $e) {
$this->logger->error('Failed addUser attempt with exception: ' . $e->getMessage(), ['app' => 'ocs_api']);
return new OC_OCS_Result(null, 101, 'Bad request');
}
}
/**
* Check for generic requirements before creating a share
*
* @param \OCP\Share\IShare $share
* @throws \InvalidArgumentException
* @throws GenericShareException
*/
protected function generalCreateChecks(\OCP\Share\IShare $share)
{
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER) {
// We expect a valid user as sharedWith for user shares
if (!$this->userManager->userExists($share->getSharedWith())) {
throw new \InvalidArgumentException('SharedWith is not a valid user');
}
} else {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_GROUP) {
// We expect a valid group as sharedWith for group shares
if (!$this->groupManager->groupExists($share->getSharedWith())) {
throw new \InvalidArgumentException('SharedWith is not a valid group');
}
} else {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_LINK) {
if ($share->getSharedWith() !== null) {
throw new \InvalidArgumentException('SharedWith should be empty');
}
} else {
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_REMOTE) {
if ($share->getSharedWith() === null) {
throw new \InvalidArgumentException('SharedWith should not be empty');
}
} else {
// We can't handle other types yet
throw new \InvalidArgumentException('unkown share type');
}
}
}
}
// Verify the initiator of the share is set
if ($share->getSharedBy() === null) {
throw new \InvalidArgumentException('SharedBy should be set');
}
// Cannot share with yourself
if ($share->getShareType() === \OCP\Share::SHARE_TYPE_USER && $share->getSharedWith() === $share->getSharedBy()) {
throw new \InvalidArgumentException('Can\'t share with yourself');
}
// The path should be set
if ($share->getNode() === null) {
throw new \InvalidArgumentException('Path should be set');
}
// And it should be a file or a folder
if (!$share->getNode() instanceof \OCP\Files\File && !$share->getNode() instanceof \OCP\Files\Folder) {
throw new \InvalidArgumentException('Path should be either a file or a folder');
}
// And you can't share your rootfolder
if ($this->userManager->userExists($share->getSharedBy())) {
$sharedPath = $this->rootFolder->getUserFolder($share->getSharedBy())->getPath();
} else {
$sharedPath = $this->rootFolder->getUserFolder($share->getShareOwner())->getPath();
}
if ($sharedPath === $share->getNode()->getPath()) {
throw new \InvalidArgumentException('You can\'t share your root folder');
}
// Check if we actually have share permissions
if (!$share->getNode()->isShareable()) {
$message_t = $this->l->t('You are not allowed to share %s', [$share->getNode()->getPath()]);
throw new GenericShareException($message_t, $message_t, 404);
}
// Permissions should be set
if ($share->getPermissions() === null) {
throw new \InvalidArgumentException('A share requires permissions');
}
/*
* Quick fix for #23536
* Non moveable mount points do not have update and delete permissions
* while we 'most likely' do have that on the storage.
*/
$permissions = $share->getNode()->getPermissions();
$mount = $share->getNode()->getMountPoint();
if (!$mount instanceof MoveableMount) {
$permissions |= \OCP\Constants::PERMISSION_DELETE | \OCP\Constants::PERMISSION_UPDATE;
}
// Check that we do not share with more permissions than we have
if ($share->getPermissions() & ~$permissions) {
$message_t = $this->l->t('Cannot increase permissions of %s', [$share->getNode()->getPath()]);
throw new GenericShareException($message_t, $message_t, 404);
}
// Check that read permissions are always set
if (($share->getPermissions() & \OCP\Constants::PERMISSION_READ) === 0) {
throw new \InvalidArgumentException('Shares need at least read permissions');
}
if ($share->getNode() instanceof \OCP\Files\File) {
if ($share->getPermissions() & \OCP\Constants::PERMISSION_DELETE) {
$message_t = $this->l->t('Files can\'t be shared with delete permissions');
throw new GenericShareException($message_t);
}
if ($share->getPermissions() & \OCP\Constants::PERMISSION_CREATE) {
$message_t = $this->l->t('Files can\'t be shared with create permissions');
throw new GenericShareException($message_t);
}
}
}
/**
* @return \OC_OCS_Result
*/
public function createShare()
{
$share = $this->shareManager->newShare();
// Verify path
$path = $this->request->getParam('path', null);
if ($path === null) {
return new \OC_OCS_Result(null, 404, 'please specify a file or folder path');
}
$userFolder = $this->rootFolder->getUserFolder($this->currentUser->getUID());
try {
$path = $userFolder->get($path);
} catch (\OCP\Files\NotFoundException $e) {
return new \OC_OCS_Result(null, 404, 'wrong path, file/folder doesn\'t exist');
}
$share->setNode($path);
// Parse permissions (if available)
$permissions = $this->request->getParam('permissions', null);
if ($permissions === null) {
$permissions = \OCP\Constants::PERMISSION_ALL;
} else {
$permissions = (int) $permissions;
}
if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) {
return new \OC_OCS_Result(null, 404, 'invalid permissions');
}
// Shares always require read permissions
$permissions |= \OCP\Constants::PERMISSION_READ;
if ($path instanceof \OCP\Files\File) {
// Single file shares should never have delete or create permissions
$permissions &= ~\OCP\Constants::PERMISSION_DELETE;
$permissions &= ~\OCP\Constants::PERMISSION_CREATE;
}
/*
* Hack for https://github.com/owncloud/core/issues/22587
* We check the permissions via webdav. But the permissions of the mount point
* do not equal the share permissions. Here we fix that for federated mounts.
*/
if ($path->getStorage()->instanceOfStorage('OCA\\Files_Sharing\\External\\Storage')) {
$permissions &= ~($permissions & ~$path->getPermissions());
}
$shareWith = $this->request->getParam('shareWith', null);
$shareType = (int) $this->request->getParam('shareType', '-1');
if ($shareType === \OCP\Share::SHARE_TYPE_USER) {
// Valid user is required to share
if ($shareWith === null || !$this->userManager->userExists($shareWith)) {
return new \OC_OCS_Result(null, 404, 'please specify a valid user');
}
$share->setSharedWith($shareWith);
$share->setPermissions($permissions);
} else {
if ($shareType === \OCP\Share::SHARE_TYPE_GROUP) {
// Valid group is required to share
if ($shareWith === null || !$this->groupManager->groupExists($shareWith)) {
return new \OC_OCS_Result(null, 404, 'please specify a valid group');
}
$share->setSharedWith($shareWith);
$share->setPermissions($permissions);
} else {
if ($shareType === \OCP\Share::SHARE_TYPE_LINK) {
//Can we even share links?
if (!$this->shareManager->shareApiAllowLinks()) {
return new \OC_OCS_Result(null, 404, 'public link sharing is disabled by the administrator');
}
/*
* For now we only allow 1 link share.
* Return the existing link share if this is a duplicate
*/
$existingShares = $this->shareManager->getSharesBy($this->currentUser->getUID(), \OCP\Share::SHARE_TYPE_LINK, $path, false, 1, 0);
if (!empty($existingShares)) {
return new \OC_OCS_Result($this->formatShare($existingShares[0]));
}
$publicUpload = $this->request->getParam('publicUpload', null);
if ($publicUpload === 'true') {
// Check if public upload is allowed
if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
return new \OC_OCS_Result(null, 403, 'public upload disabled by the administrator');
}
// Public upload can only be set for folders
if ($path instanceof \OCP\Files\File) {
return new \OC_OCS_Result(null, 404, 'public upload is only possible for public shared folders');
}
$share->setPermissions(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE);
} else {
$share->setPermissions(\OCP\Constants::PERMISSION_READ);
}
// Set password
$password = $this->request->getParam('password', '');
if ($password !== '') {
$share->setPassword($password);
}
//Expire date
$expireDate = $this->request->getParam('expireDate', '');
if ($expireDate !== '') {
try {
$expireDate = $this->parseDate($expireDate);
$share->setExpirationDate($expireDate);
} catch (\Exception $e) {
return new \OC_OCS_Result(null, 404, 'Invalid Date. Format must be YYYY-MM-DD.');
}
}
} else {
if ($shareType === \OCP\Share::SHARE_TYPE_REMOTE) {
if (!$this->shareManager->outgoingServer2ServerSharesAllowed()) {
return new \OC_OCS_Result(null, 403, 'Sharing ' . $path->getPath() . ' failed, because the backend does not allow shares from type ' . $shareType);
}
$share->setSharedWith($shareWith);
$share->setPermissions($permissions);
} else {
return new \OC_OCS_Result(null, 400, "unknown share type");
}
}
}
}
$share->setShareType($shareType);
$share->setSharedBy($this->currentUser->getUID());
try {
$share = $this->shareManager->createShare($share);
} catch (GenericShareException $e) {
$code = $e->getCode() === 0 ? 403 : $e->getCode();
return new \OC_OCS_Result(null, $code, $e->getHint());
} catch (\Exception $e) {
return new \OC_OCS_Result(null, 403, $e->getMessage());
}
$share = $this->formatShare($share);
return new \OC_OCS_Result($share);
}
/**
* @return \OC_OCS_Result
*/
public function createShare()
{
$share = $this->shareManager->newShare();
// Verify path
$path = $this->request->getParam('path', null);
if ($path === null) {
return new \OC_OCS_Result(null, 404, 'please specify a file or folder path');
}
$userFolder = $this->rootFolder->getUserFolder($this->currentUser->getUID());
try {
$path = $userFolder->get($path);
} catch (\OCP\Files\NotFoundException $e) {
return new \OC_OCS_Result(null, 404, 'wrong path, file/folder doesn\'t exist');
}
$share->setPath($path);
// Parse permissions (if available)
$permissions = $this->request->getParam('permissions', null);
if ($permissions === null) {
$permissions = \OCP\Constants::PERMISSION_ALL;
} else {
$permissions = (int) $permissions;
}
if ($permissions < 0 || $permissions > \OCP\Constants::PERMISSION_ALL) {
return new \OC_OCS_Result(null, 404, 'invalid permissions');
}
// Shares always require read permissions
$permissions |= \OCP\Constants::PERMISSION_READ;
if ($path instanceof \OCP\Files\File) {
// Single file shares should never have delete or create permissions
$permissions &= ~\OCP\Constants::PERMISSION_DELETE;
$permissions &= ~\OCP\Constants::PERMISSION_CREATE;
}
$shareWith = $this->request->getParam('shareWith', null);
$shareType = (int) $this->request->getParam('shareType', '-1');
if ($shareType === \OCP\Share::SHARE_TYPE_USER) {
// Valid user is required to share
if ($shareWith === null || !$this->userManager->userExists($shareWith)) {
return new \OC_OCS_Result(null, 404, 'please specify a valid user');
}
$share->setSharedWith($this->userManager->get($shareWith));
$share->setPermissions($permissions);
} else {
if ($shareType === \OCP\Share::SHARE_TYPE_GROUP) {
// Valid group is required to share
if ($shareWith === null || !$this->groupManager->groupExists($shareWith)) {
return new \OC_OCS_Result(null, 404, 'please specify a valid group');
}
$share->setSharedWith($this->groupManager->get($shareWith));
$share->setPermissions($permissions);
} else {
if ($shareType === \OCP\Share::SHARE_TYPE_LINK) {
//Can we even share links?
if (!$this->shareManager->shareApiAllowLinks()) {
return new \OC_OCS_Result(null, 404, 'public link sharing is disabled by the administrator');
}
$publicUpload = $this->request->getParam('publicUpload', null);
if ($publicUpload === 'true') {
// Check if public upload is allowed
if (!$this->shareManager->shareApiLinkAllowPublicUpload()) {
return new \OC_OCS_Result(null, 403, '"public upload disabled by the administrator');
}
// Public upload can only be set for folders
if ($path instanceof \OCP\Files\File) {
return new \OC_OCS_Result(null, 404, '"public upload is only possible for public shared folders');
}
$share->setPermissions(\OCP\Constants::PERMISSION_READ | \OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE);
} else {
$share->setPermissions(\OCP\Constants::PERMISSION_READ);
}
// Set password
$share->setPassword($this->request->getParam('password', null));
//Expire date
$expireDate = $this->request->getParam('expireDate', null);
if ($expireDate !== null) {
try {
$expireDate = $this->parseDate($expireDate);
$share->setExpirationDate($expireDate);
} catch (\Exception $e) {
return new \OC_OCS_Result(null, 404, 'Invalid Date. Format must be YYYY-MM-DD.');
}
}
} else {
if ($shareType === \OCP\Share::SHARE_TYPE_REMOTE) {
//fixme Remote shares are handled by old code path for now
return \OCA\Files_Sharing\API\Local::createShare([]);
} else {
return new \OC_OCS_Result(null, 400, "unknown share type");
}
}
}
}
$share->setShareType($shareType);
$share->setSharedBy($this->currentUser);
try {
$share = $this->shareManager->createShare($share);
} catch (\OC\HintException $e) {
$code = $e->getCode() === 0 ? 403 : $e->getCode();
return new \OC_OCS_Result(null, $code, $e->getHint());
} catch (\Exception $e) {
return new \OC_OCS_Result(null, 403, $e->getMessage());
}
$share = $this->formatShare($share);
return new \OC_OCS_Result($share);
}
