2011-04-17 11:15:55 +00:00
|
|
|
<?php
|
2015-03-26 10:44:34 +00:00
|
|
|
/**
|
2016-07-21 15:07:57 +00:00
|
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
|
|
*
|
2015-03-26 10:44:34 +00:00
|
|
|
* @author Bart Visscher <bartv@thisnet.nl>
|
|
|
|
* @author Christopher Schäpers <kondou@ts.unde.re>
|
|
|
|
* @author Georg Ehrke <georg@owncloud.com>
|
|
|
|
* @author Jakob Sack <mail@jakobsack.de>
|
2016-05-26 17:56:05 +00:00
|
|
|
* @author Lukas Reschke <lukas@statuscode.ch>
|
2016-07-21 16:13:36 +00:00
|
|
|
* @author Robin Appelman <robin@icewind.nl>
|
2015-03-26 10:44:34 +00:00
|
|
|
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
|
|
|
*
|
|
|
|
* @license AGPL-3.0
|
|
|
|
*
|
|
|
|
* This code is free software: you can redistribute it and/or modify
|
|
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
|
|
* as published by the Free Software Foundation.
|
|
|
|
*
|
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU Affero General Public License for more details.
|
|
|
|
*
|
|
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
|
|
*
|
|
|
|
*/
|
2012-07-20 13:13:51 +00:00
|
|
|
OC_JSON::checkSubAdminUser();
|
2012-07-07 13:27:04 +00:00
|
|
|
OCP\JSON::callCheck();
|
2011-04-17 11:15:55 +00:00
|
|
|
|
2011-04-17 16:05:49 +00:00
|
|
|
$success = true;
|
2015-02-13 12:33:20 +00:00
|
|
|
$username = (string)$_POST['username'];
|
|
|
|
$group = (string)$_POST['group'];
|
2011-04-17 16:05:49 +00:00
|
|
|
|
2013-04-17 13:32:03 +00:00
|
|
|
if($username === OC_User::getUser() && $group === "admin" && OC_User::isAdminUser($username)) {
|
2014-08-31 08:05:59 +00:00
|
|
|
$l = \OC::$server->getL10N('core');
|
2012-11-28 16:57:31 +00:00
|
|
|
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
|
2015-10-27 13:09:45 +00:00
|
|
|
$isUserAccessible = false;
|
|
|
|
$isGroupAccessible = false;
|
|
|
|
$currentUserObject = \OC::$server->getUserSession()->getUser();
|
|
|
|
$targetUserObject = \OC::$server->getUserManager()->get($username);
|
|
|
|
$targetGroupObject = \OC::$server->getGroupManager()->get($group);
|
|
|
|
if($targetUserObject !== null && $currentUserObject !== null && $targetGroupObject !== null) {
|
|
|
|
$isUserAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isUserAccessible($currentUserObject, $targetUserObject);
|
|
|
|
$isGroupAccessible = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdminofGroup($currentUserObject, $targetGroupObject);
|
|
|
|
}
|
|
|
|
|
2013-02-14 22:29:51 +00:00
|
|
|
if(!OC_User::isAdminUser(OC_User::getUser())
|
2015-10-27 13:09:45 +00:00
|
|
|
&& (!$isUserAccessible
|
|
|
|
|| !$isGroupAccessible)) {
|
2014-08-31 08:05:59 +00:00
|
|
|
$l = \OC::$server->getL10N('core');
|
2012-07-20 13:13:51 +00:00
|
|
|
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
|
2012-09-04 09:58:07 +00:00
|
|
|
if(!OC_Group::groupExists($group)) {
|
2011-08-10 18:51:35 +00:00
|
|
|
OC_Group::createGroup($group);
|
|
|
|
}
|
|
|
|
|
2014-08-31 08:05:59 +00:00
|
|
|
$l = \OC::$server->getL10N('settings');
|
2012-09-04 18:47:15 +00:00
|
|
|
|
|
|
|
$error = $l->t("Unable to add user to group %s", $group);
|
|
|
|
$action = "add";
|
|
|
|
|
2011-04-17 16:05:49 +00:00
|
|
|
// Toggle group
|
2012-09-04 09:58:07 +00:00
|
|
|
if( OC_Group::inGroup( $username, $group )) {
|
2011-04-18 10:39:28 +00:00
|
|
|
$action = "remove";
|
2013-01-14 19:30:28 +00:00
|
|
|
$error = $l->t("Unable to remove user from group %s", $group);
|
|
|
|
$success = OC_Group::removeFromGroup( $username, $group );
|
2011-08-11 08:12:03 +00:00
|
|
|
$usersInGroup=OC_Group::usersInGroup($group);
|
2011-04-17 16:05:49 +00:00
|
|
|
}
|
|
|
|
else{
|
2011-07-29 19:36:03 +00:00
|
|
|
$success = OC_Group::addToGroup( $username, $group );
|
2011-04-17 16:05:49 +00:00
|
|
|
}
|
2011-04-17 11:15:55 +00:00
|
|
|
|
|
|
|
// Return Success story
|
2012-09-04 09:58:07 +00:00
|
|
|
if( $success ) {
|
2011-09-23 20:22:59 +00:00
|
|
|
OC_JSON::success(array("data" => array( "username" => $username, "action" => $action, "groupname" => $group )));
|
2011-04-17 11:15:55 +00:00
|
|
|
}
|
|
|
|
else{
|
2012-09-04 18:47:15 +00:00
|
|
|
OC_JSON::error(array("data" => array( "message" => $error )));
|
2011-04-17 11:15:55 +00:00
|
|
|
}
|