2014-12-04 13:15:55 +00:00
< ? php
/**
2016-07-21 15:07:57 +00:00
* @ copyright Copyright ( c ) 2016 , ownCloud , Inc .
*
2016-05-26 17:56:05 +00:00
* @ author Arthur Schiwon < blizzz @ arthur - schiwon . de >
2015-06-25 09:43:55 +00:00
* @ author Clark Tomlinson < fallen013 @ gmail . com >
2016-07-21 15:07:57 +00:00
* @ author Joas Schilling < coding @ schilljs . com >
2016-05-26 17:56:05 +00:00
* @ author Lukas Reschke < lukas @ statuscode . ch >
2015-03-26 10:44:34 +00:00
* @ author Morris Jobke < hey @ morrisjobke . de >
2016-07-21 16:13:36 +00:00
* @ author Robin Appelman < robin @ icewind . nl >
2016-07-21 15:07:57 +00:00
* @ author Roeland Jago Douma < roeland @ famdouma . nl >
2015-03-26 10:44:34 +00:00
* @ author Thomas Müller < thomas . mueller @ tmit . eu >
2016-01-12 14:02:16 +00:00
* @ author Vincent Petry < pvince81 @ owncloud . com >
2015-03-26 10:44:34 +00:00
*
* @ license AGPL - 3.0
*
* This code is free software : you can redistribute it and / or modify
* it under the terms of the GNU Affero General Public License , version 3 ,
* as published by the Free Software Foundation .
*
* This program is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU Affero General Public License for more details .
*
* You should have received a copy of the GNU Affero General Public License , version 3 ,
* along with this program . If not , see < http :// www . gnu . org / licenses />
2014-12-04 13:15:55 +00:00
*
*/
2015-02-26 10:37:37 +00:00
2014-12-04 13:15:55 +00:00
namespace OC\Settings\Controller ;
2016-04-25 12:56:11 +00:00
use OC\Accounts\AccountManager ;
2014-12-08 14:32:59 +00:00
use OC\AppFramework\Http ;
2016-04-26 14:19:10 +00:00
use OC\ForbiddenException ;
2017-04-07 12:51:05 +00:00
use OC\Settings\Mailer\NewUserMailHelper ;
2017-03-14 15:56:11 +00:00
use OC\Security\IdentityProof\Manager ;
2015-01-23 16:45:45 +00:00
use OCP\App\IAppManager ;
use OCP\AppFramework\Controller ;
2014-12-04 13:15:55 +00:00
use OCP\AppFramework\Http\DataResponse ;
2017-04-21 10:09:42 +00:00
use OCP\AppFramework\Utility\ITimeFactory ;
use OCP\BackgroundJob\IJobList ;
2014-12-04 13:15:55 +00:00
use OCP\IConfig ;
use OCP\IGroupManager ;
use OCP\IL10N ;
2014-12-16 08:08:38 +00:00
use OCP\ILogger ;
2014-12-04 13:15:55 +00:00
use OCP\IRequest ;
2014-12-16 08:08:38 +00:00
use OCP\IURLGenerator ;
Expose backend type via REST API
This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620.
For example:
````json
[{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}]
```
2014-12-08 21:38:54 +00:00
use OCP\IUser ;
2014-12-04 13:15:55 +00:00
use OCP\IUserManager ;
use OCP\IUserSession ;
2015-02-12 12:53:27 +00:00
use OCP\Mail\IMailer ;
2015-12-04 13:30:12 +00:00
use OCP\IAvatarManager ;
2017-04-21 10:09:42 +00:00
use OCP\Security\ICrypto ;
2016-11-23 18:50:58 +00:00
use OCP\Security\ISecureRandom ;
2014-12-04 13:15:55 +00:00
/**
* @ package OC\Settings\Controller
*/
class UsersController extends Controller {
/** @var IL10N */
private $l10n ;
/** @var IUserSession */
private $userSession ;
/** @var bool */
private $isAdmin ;
/** @var IUserManager */
private $userManager ;
2016-11-21 08:07:50 +00:00
/** @var IGroupManager */
2014-12-04 13:15:55 +00:00
private $groupManager ;
/** @var IConfig */
private $config ;
2014-12-16 08:08:38 +00:00
/** @var ILogger */
private $log ;
2015-02-12 12:53:27 +00:00
/** @var IMailer */
private $mailer ;
2015-01-23 16:45:45 +00:00
/** @var bool contains the state of the encryption app */
private $isEncryptionAppEnabled ;
/** @var bool contains the state of the admin recovery setting */
private $isRestoreEnabled = false ;
2015-12-04 13:30:12 +00:00
/** @var IAvatarManager */
private $avatarManager ;
2016-04-25 12:56:11 +00:00
/** @var AccountManager */
private $accountManager ;
2016-11-23 18:50:58 +00:00
/** @var ISecureRandom */
private $secureRandom ;
2017-04-07 12:51:05 +00:00
/** @var NewUserMailHelper */
private $newUserMailHelper ;
2017-03-14 15:56:11 +00:00
/** @var ITimeFactory */
private $timeFactory ;
/** @var ICrypto */
private $crypto ;
/** @var Manager */
private $keyManager ;
2017-04-21 10:09:42 +00:00
/** @var IJobList */
private $jobList ;
2014-12-04 13:15:55 +00:00
/**
* @ param string $appName
* @ param IRequest $request
* @ param IUserManager $userManager
* @ param IGroupManager $groupManager
* @ param IUserSession $userSession
* @ param IConfig $config
* @ param bool $isAdmin
* @ param IL10N $l10n
2014-12-16 08:08:38 +00:00
* @ param ILogger $log
2015-02-12 12:53:27 +00:00
* @ param IMailer $mailer
2015-01-30 13:16:16 +00:00
* @ param IURLGenerator $urlGenerator
2015-01-23 16:45:45 +00:00
* @ param IAppManager $appManager
2016-10-06 12:05:52 +00:00
* @ param IAvatarManager $avatarManager
2016-04-25 12:56:11 +00:00
* @ param AccountManager $accountManager
2016-11-23 18:50:58 +00:00
* @ param ISecureRandom $secureRandom
2017-04-07 12:51:05 +00:00
* @ param NewUserMailHelper $newUserMailHelper
2017-03-14 15:56:11 +00:00
* @ param ITimeFactory $timeFactory
* @ param ICrypto $crypto
* @ param Manager $keyManager
2017-04-21 10:09:42 +00:00
* @ param IJobList $jobList
2014-12-04 13:15:55 +00:00
*/
public function __construct ( $appName ,
IRequest $request ,
IUserManager $userManager ,
IGroupManager $groupManager ,
IUserSession $userSession ,
IConfig $config ,
$isAdmin ,
2014-12-16 08:08:38 +00:00
IL10N $l10n ,
ILogger $log ,
2015-02-12 12:53:27 +00:00
IMailer $mailer ,
2015-01-23 16:45:45 +00:00
IURLGenerator $urlGenerator ,
2015-12-04 13:30:12 +00:00
IAppManager $appManager ,
2016-04-25 12:56:11 +00:00
IAvatarManager $avatarManager ,
2016-11-23 18:50:58 +00:00
AccountManager $accountManager ,
ISecureRandom $secureRandom ,
2017-03-14 15:56:11 +00:00
NewUserMailHelper $newUserMailHelper ,
ITimeFactory $timeFactory ,
ICrypto $crypto ,
2017-04-21 10:09:42 +00:00
Manager $keyManager ,
IJobList $jobList ) {
2014-12-04 13:15:55 +00:00
parent :: __construct ( $appName , $request );
$this -> userManager = $userManager ;
$this -> groupManager = $groupManager ;
$this -> userSession = $userSession ;
$this -> config = $config ;
$this -> isAdmin = $isAdmin ;
$this -> l10n = $l10n ;
2014-12-16 08:08:38 +00:00
$this -> log = $log ;
2015-02-12 12:53:27 +00:00
$this -> mailer = $mailer ;
2015-12-04 13:30:12 +00:00
$this -> avatarManager = $avatarManager ;
2016-04-25 12:56:11 +00:00
$this -> accountManager = $accountManager ;
2016-11-23 18:50:58 +00:00
$this -> secureRandom = $secureRandom ;
2017-04-07 12:51:05 +00:00
$this -> newUserMailHelper = $newUserMailHelper ;
2017-03-14 15:56:11 +00:00
$this -> timeFactory = $timeFactory ;
$this -> crypto = $crypto ;
$this -> keyManager = $keyManager ;
2017-04-21 10:09:42 +00:00
$this -> jobList = $jobList ;
2015-01-23 16:45:45 +00:00
// check for encryption state - TODO see formatUserForIndex
2015-04-30 14:44:44 +00:00
$this -> isEncryptionAppEnabled = $appManager -> isEnabledForUser ( 'encryption' );
2015-01-23 16:45:45 +00:00
if ( $this -> isEncryptionAppEnabled ) {
// putting this directly in empty is possible in PHP 5.5+
2015-04-30 14:44:44 +00:00
$result = $config -> getAppValue ( 'encryption' , 'recoveryAdminEnabled' , 0 );
2015-01-23 16:45:45 +00:00
$this -> isRestoreEnabled = ! empty ( $result );
}
2014-12-04 13:15:55 +00:00
}
Expose backend type via REST API
This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620.
For example:
````json
[{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}]
```
2014-12-08 21:38:54 +00:00
/**
* @ param IUser $user
* @ param array $userGroups
* @ return array
*/
private function formatUserForIndex ( IUser $user , array $userGroups = null ) {
2015-01-23 16:45:45 +00:00
// TODO: eliminate this encryption specific code below and somehow
// hook in additional user info from other apps
// recovery isn't possible if admin or user has it disabled and encryption
// is enabled - so we eliminate the else paths in the conditional tree
// below
$restorePossible = false ;
if ( $this -> isEncryptionAppEnabled ) {
if ( $this -> isRestoreEnabled ) {
// check for the users recovery setting
2015-04-30 14:44:44 +00:00
$recoveryMode = $this -> config -> getUserValue ( $user -> getUID (), 'encryption' , 'recoveryEnabled' , '0' );
2015-01-23 16:45:45 +00:00
// method call inside empty is possible with PHP 5.5+
$recoveryModeEnabled = ! empty ( $recoveryMode );
if ( $recoveryModeEnabled ) {
// user also has recovery mode enabled
$restorePossible = true ;
}
}
} else {
// recovery is possible if encryption is disabled (plain files are
// available)
$restorePossible = true ;
}
2015-10-27 13:09:45 +00:00
$subAdminGroups = $this -> groupManager -> getSubAdmin () -> getSubAdminsGroups ( $user );
foreach ( $subAdminGroups as $key => $subAdminGroup ) {
$subAdminGroups [ $key ] = $subAdminGroup -> getGID ();
}
2015-12-01 11:05:40 +00:00
$displayName = $user -> getEMailAddress ();
if ( is_null ( $displayName )) {
$displayName = '' ;
}
2015-12-04 13:30:12 +00:00
$avatarAvailable = false ;
2017-02-13 23:49:05 +00:00
try {
$avatarAvailable = $this -> avatarManager -> getAvatar ( $user -> getUID ()) -> exists ();
} catch ( \Exception $e ) {
//No avatar yet
2015-12-04 13:30:12 +00:00
}
2015-01-23 16:45:45 +00:00
return [
Expose backend type via REST API
This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620.
For example:
````json
[{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}]
```
2014-12-08 21:38:54 +00:00
'name' => $user -> getUID (),
'displayname' => $user -> getDisplayName (),
'groups' => ( empty ( $userGroups )) ? $this -> groupManager -> getUserGroupIds ( $user ) : $userGroups ,
2015-10-27 13:09:45 +00:00
'subadmin' => $subAdminGroups ,
2016-02-09 16:16:43 +00:00
'quota' => $user -> getQuota (),
Expose backend type via REST API
This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620.
For example:
````json
[{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}]
```
2014-12-08 21:38:54 +00:00
'storageLocation' => $user -> getHome (),
2015-02-16 16:41:44 +00:00
'lastLogin' => $user -> getLastLogin () * 1000 ,
2014-12-15 11:43:42 +00:00
'backend' => $user -> getBackendClassName (),
2015-12-01 11:05:40 +00:00
'email' => $displayName ,
2015-01-23 16:45:45 +00:00
'isRestoreDisabled' => ! $restorePossible ,
2015-12-04 13:30:12 +00:00
'isAvatarAvailable' => $avatarAvailable ,
2016-07-08 11:22:34 +00:00
'isEnabled' => $user -> isEnabled (),
2015-01-23 16:45:45 +00:00
];
Expose backend type via REST API
This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620.
For example:
````json
[{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}]
```
2014-12-08 21:38:54 +00:00
}
2014-12-09 17:36:40 +00:00
/**
2014-12-12 15:50:14 +00:00
* @ param array $userIDs Array with schema [ $uid => $displayName ]
2014-12-09 17:36:40 +00:00
* @ return IUser []
*/
private function getUsersForUID ( array $userIDs ) {
$users = [];
2014-12-12 15:42:25 +00:00
foreach ( $userIDs as $uid => $displayName ) {
2015-01-30 11:00:57 +00:00
$users [ $uid ] = $this -> userManager -> get ( $uid );
2014-12-09 17:36:40 +00:00
}
return $users ;
}
2014-12-04 13:15:55 +00:00
/**
* @ NoAdminRequired
Expose backend type via REST API
This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620.
For example:
````json
[{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}]
```
2014-12-08 21:38:54 +00:00
*
2014-12-04 13:15:55 +00:00
* @ param int $offset
* @ param int $limit
2014-12-09 17:36:40 +00:00
* @ param string $gid GID to filter for
* @ param string $pattern Pattern to search for in the username
* @ param string $backend Backend to filter for ( class - name )
2014-12-04 13:15:55 +00:00
* @ return DataResponse
*
* TODO : Tidy up and write unit tests - code is mainly static method calls
*/
2014-12-09 17:36:40 +00:00
public function index ( $offset = 0 , $limit = 10 , $gid = '' , $pattern = '' , $backend = '' ) {
// Remove backends
if ( ! empty ( $backend )) {
$activeBackends = $this -> userManager -> getBackends ();
$this -> userManager -> clearBackends ();
foreach ( $activeBackends as $singleActiveBackend ) {
if ( $backend === get_class ( $singleActiveBackend )) {
$this -> userManager -> registerBackend ( $singleActiveBackend );
2014-12-11 11:29:53 +00:00
break ;
2014-12-09 17:36:40 +00:00
}
}
}
2015-01-30 11:00:57 +00:00
$users = [];
2014-12-04 13:15:55 +00:00
if ( $this -> isAdmin ) {
2016-09-12 14:16:20 +00:00
if ( $gid !== '' && $gid !== '_disabledUsers' ) {
2014-12-09 17:36:40 +00:00
$batch = $this -> getUsersForUID ( $this -> groupManager -> displayNamesInGroup ( $gid , $pattern , $limit , $offset ));
2014-12-04 13:15:55 +00:00
} else {
2015-01-18 17:31:03 +00:00
$batch = $this -> userManager -> search ( $pattern , $limit , $offset );
2014-12-04 13:15:55 +00:00
}
2014-12-09 17:36:40 +00:00
foreach ( $batch as $user ) {
2016-09-12 14:16:20 +00:00
if ( ( $gid !== '_disabledUsers' && $user -> isEnabled ()) ||
( $gid === '_disabledUsers' && ! $user -> isEnabled ())
2016-07-08 11:22:34 +00:00
) {
$users [] = $this -> formatUserForIndex ( $user );
}
2014-12-04 13:15:55 +00:00
}
2014-12-09 17:36:40 +00:00
2014-12-04 13:15:55 +00:00
} else {
2015-10-27 13:09:45 +00:00
$subAdminOfGroups = $this -> groupManager -> getSubAdmin () -> getSubAdminsGroups ( $this -> userSession -> getUser ());
// New class returns IGroup[] so convert back
$gids = [];
foreach ( $subAdminOfGroups as $group ) {
$gids [] = $group -> getGID ();
}
$subAdminOfGroups = $gids ;
2014-12-12 15:45:11 +00:00
// Set the $gid parameter to an empty value if the subadmin has no rights to access a specific group
2016-09-12 14:16:20 +00:00
if ( $gid !== '' && $gid !== '_disabledUsers' && ! in_array ( $gid , $subAdminOfGroups )) {
2014-12-09 17:36:40 +00:00
$gid = '' ;
2014-12-04 13:15:55 +00:00
}
2015-01-30 11:00:57 +00:00
// Batch all groups the user is subadmin of when a group is specified
$batch = [];
if ( $gid === '' ) {
2015-01-30 16:24:42 +00:00
foreach ( $subAdminOfGroups as $group ) {
2015-01-30 11:00:57 +00:00
$groupUsers = $this -> groupManager -> displayNamesInGroup ( $group , $pattern , $limit , $offset );
2015-10-27 13:09:45 +00:00
2015-01-30 11:00:57 +00:00
foreach ( $groupUsers as $uid => $displayName ) {
$batch [ $uid ] = $displayName ;
}
}
} else {
$batch = $this -> groupManager -> displayNamesInGroup ( $gid , $pattern , $limit , $offset );
}
$batch = $this -> getUsersForUID ( $batch );
2014-12-09 17:36:40 +00:00
foreach ( $batch as $user ) {
2014-12-04 13:15:55 +00:00
// Only add the groups, this user is a subadmin of
2015-01-30 13:16:16 +00:00
$userGroups = array_values ( array_intersect (
$this -> groupManager -> getUserGroupIds ( $user ),
2015-01-30 16:24:42 +00:00
$subAdminOfGroups
2015-01-30 13:16:16 +00:00
));
2016-09-12 14:16:20 +00:00
if ( ( $gid !== '_disabledUsers' && $user -> isEnabled ()) ||
( $gid === '_disabledUsers' && ! $user -> isEnabled ())
2016-07-08 11:22:34 +00:00
) {
$users [] = $this -> formatUserForIndex ( $user , $userGroups );
}
2014-12-04 13:15:55 +00:00
}
}
Expose backend type via REST API
This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620.
For example:
````json
[{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}]
```
2014-12-08 21:38:54 +00:00
return new DataResponse ( $users );
2014-12-04 13:15:55 +00:00
}
/**
* @ NoAdminRequired
2016-10-25 11:05:13 +00:00
* @ PasswordConfirmationRequired
2014-12-04 13:15:55 +00:00
*
* @ param string $username
* @ param string $password
* @ param array $groups
2014-12-16 08:08:38 +00:00
* @ param string $email
2014-12-04 13:15:55 +00:00
* @ return DataResponse
*/
2017-04-18 06:56:06 +00:00
public function create ( $username , $password , array $groups = [], $email = '' ) {
2015-02-19 17:55:27 +00:00
if ( $email !== '' && ! $this -> mailer -> validateMailAddress ( $email )) {
2014-12-16 08:08:38 +00:00
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2014-12-16 08:08:38 +00:00
'message' => ( string ) $this -> l10n -> t ( 'Invalid mail address' )
2017-04-18 06:56:06 +00:00
],
2014-12-16 08:08:38 +00:00
Http :: STATUS_UNPROCESSABLE_ENTITY
);
}
2015-10-27 13:09:45 +00:00
$currentUser = $this -> userSession -> getUser ();
2014-12-04 13:15:55 +00:00
if ( ! $this -> isAdmin ) {
if ( ! empty ( $groups )) {
foreach ( $groups as $key => $group ) {
2015-10-27 13:09:45 +00:00
$groupObject = $this -> groupManager -> get ( $group );
if ( $groupObject === null ) {
unset ( $groups [ $key ]);
continue ;
}
if ( ! $this -> groupManager -> getSubAdmin () -> isSubAdminofGroup ( $currentUser , $groupObject )) {
2014-12-04 13:15:55 +00:00
unset ( $groups [ $key ]);
}
}
}
2015-10-27 13:09:45 +00:00
2014-12-04 13:15:55 +00:00
if ( empty ( $groups )) {
2017-01-23 10:23:38 +00:00
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2017-01-23 10:23:38 +00:00
'message' => $this -> l10n -> t ( 'No valid group selected' ),
2017-04-18 06:56:06 +00:00
],
2017-01-23 10:23:38 +00:00
Http :: STATUS_FORBIDDEN
);
2014-12-04 13:15:55 +00:00
}
}
2015-03-20 03:24:50 +00:00
if ( $this -> userManager -> userExists ( $username )) {
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2015-03-20 03:24:50 +00:00
'message' => ( string ) $this -> l10n -> t ( 'A user with that name already exists.' )
2017-04-18 06:56:06 +00:00
],
2015-03-20 03:24:50 +00:00
Http :: STATUS_CONFLICT
);
}
2017-04-07 12:51:05 +00:00
$generatePasswordResetToken = false ;
2017-02-15 18:17:55 +00:00
if ( $password === '' ) {
if ( $email === '' ) {
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2017-02-15 18:17:55 +00:00
'message' => ( string ) $this -> l10n -> t ( 'To send a password link to the user an email address is required.' )
2017-04-18 06:56:06 +00:00
],
2017-02-15 18:17:55 +00:00
Http :: STATUS_UNPROCESSABLE_ENTITY
);
}
$password = $this -> secureRandom -> generate ( 32 );
2017-04-07 12:51:05 +00:00
$generatePasswordResetToken = true ;
2017-02-15 18:17:55 +00:00
}
2014-12-04 13:15:55 +00:00
try {
$user = $this -> userManager -> createUser ( $username , $password );
} catch ( \Exception $exception ) {
2016-05-11 17:41:13 +00:00
$message = $exception -> getMessage ();
if ( ! $message ) {
$message = $this -> l10n -> t ( 'Unable to create user.' );
}
2014-12-04 13:15:55 +00:00
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-05-11 17:41:13 +00:00
'message' => ( string ) $message ,
2017-04-18 06:56:06 +00:00
],
2014-12-08 14:32:59 +00:00
Http :: STATUS_FORBIDDEN
2014-12-04 13:15:55 +00:00
);
}
2017-01-23 10:23:38 +00:00
if ( $user instanceof IUser ) {
2014-12-16 08:08:38 +00:00
if ( $groups !== null ) {
2015-01-30 16:24:42 +00:00
foreach ( $groups as $groupName ) {
2014-12-16 08:08:38 +00:00
$group = $this -> groupManager -> get ( $groupName );
if ( empty ( $group )) {
$group = $this -> groupManager -> createGroup ( $groupName );
}
$group -> addUser ( $user );
}
}
/**
* Send new user mail only if a mail is set
*/
if ( $email !== '' ) {
2016-01-18 19:27:43 +00:00
$user -> setEMailAddress ( $email );
2014-12-16 08:08:38 +00:00
try {
2017-04-07 12:51:05 +00:00
$emailTemplate = $this -> newUserMailHelper -> generateTemplate ( $user , $generatePasswordResetToken );
$this -> newUserMailHelper -> sendMail ( $user , $emailTemplate );
2014-12-16 08:08:38 +00:00
} catch ( \Exception $e ) {
2017-04-18 06:56:06 +00:00
$this -> log -> error ( " Can't send new user mail to $email : " . $e -> getMessage (), [ 'app' => 'settings' ]);
2014-12-04 13:15:55 +00:00
}
}
2014-12-15 11:43:42 +00:00
// fetch users groups
$userGroups = $this -> groupManager -> getUserGroupIds ( $user );
return new DataResponse (
$this -> formatUserForIndex ( $user , $userGroups ),
Http :: STATUS_CREATED
);
2014-12-04 13:15:55 +00:00
}
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
'message' => ( string ) $this -> l10n -> t ( 'Unable to create user.' )
],
2014-12-15 11:43:42 +00:00
Http :: STATUS_FORBIDDEN
2014-12-04 13:15:55 +00:00
);
}
/**
* @ NoAdminRequired
2016-10-25 11:05:13 +00:00
* @ PasswordConfirmationRequired
2014-12-04 13:15:55 +00:00
*
* @ param string $id
* @ return DataResponse
*/
public function destroy ( $id ) {
2015-01-30 17:31:04 +00:00
$userId = $this -> userSession -> getUser () -> getUID ();
2015-10-27 13:09:45 +00:00
$user = $this -> userManager -> get ( $id );
2015-01-30 17:31:04 +00:00
if ( $userId === $id ) {
2014-12-04 13:15:55 +00:00
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2014-12-04 13:15:55 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
'message' => ( string ) $this -> l10n -> t ( 'Unable to delete user.' )
]
],
2014-12-08 14:32:59 +00:00
Http :: STATUS_FORBIDDEN
2014-12-04 13:15:55 +00:00
);
}
2015-10-27 13:09:45 +00:00
if ( ! $this -> isAdmin && ! $this -> groupManager -> getSubAdmin () -> isUserAccessible ( $this -> userSession -> getUser (), $user )) {
2014-12-04 13:15:55 +00:00
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2014-12-04 13:15:55 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
2014-12-08 14:32:59 +00:00
'message' => ( string ) $this -> l10n -> t ( 'Authentication error' )
2017-04-18 06:56:06 +00:00
]
],
2014-12-08 14:32:59 +00:00
Http :: STATUS_FORBIDDEN
2014-12-04 13:15:55 +00:00
);
}
if ( $user ) {
if ( $user -> delete ()) {
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2014-12-04 13:15:55 +00:00
'status' => 'success' ,
2017-04-18 06:56:06 +00:00
'data' => [
2014-12-04 13:15:55 +00:00
'username' => $id
2017-04-18 06:56:06 +00:00
]
],
2014-12-08 14:32:59 +00:00
Http :: STATUS_NO_CONTENT
2014-12-04 13:15:55 +00:00
);
}
}
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2014-12-04 13:15:55 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
2014-12-04 13:15:55 +00:00
'message' => ( string ) $this -> l10n -> t ( 'Unable to delete user.' )
2017-04-18 06:56:06 +00:00
]
],
2014-12-08 14:32:59 +00:00
Http :: STATUS_FORBIDDEN
2014-12-04 13:15:55 +00:00
);
}
2014-12-15 11:43:42 +00:00
/**
2016-07-08 11:22:34 +00:00
* @ NoAdminRequired
*
* @ param string $id
2017-04-26 10:45:23 +00:00
* @ param int $enabled
2016-07-08 11:22:34 +00:00
* @ return DataResponse
*/
2017-04-26 10:45:23 +00:00
public function setEnabled ( $id , $enabled ) {
$enabled = ( bool ) $enabled ;
if ( $enabled ) {
$errorMsgGeneral = ( string ) $this -> l10n -> t ( 'Error while enabling user.' );
2016-07-08 11:22:34 +00:00
} else {
2017-04-26 10:45:23 +00:00
$errorMsgGeneral = ( string ) $this -> l10n -> t ( 'Error while disabling user.' );
2016-07-08 11:22:34 +00:00
}
$userId = $this -> userSession -> getUser () -> getUID ();
$user = $this -> userManager -> get ( $id );
2017-04-18 06:56:06 +00:00
if ( $userId === $id ) {
2016-07-08 11:22:34 +00:00
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-07-08 11:22:34 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
2017-04-26 10:45:23 +00:00
'message' => $errorMsgGeneral
]
], Http :: STATUS_FORBIDDEN
2016-07-08 11:22:34 +00:00
);
}
if ( $user ) {
2017-04-18 06:56:06 +00:00
if ( ! $this -> isAdmin && ! $this -> groupManager -> getSubAdmin () -> isUserAccessible ( $this -> userSession -> getUser (), $user )) {
2016-10-06 13:24:22 +00:00
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-10-06 13:24:22 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
'message' => ( string ) $this -> l10n -> t ( 'Authentication error' )
]
],
2016-10-06 13:24:22 +00:00
Http :: STATUS_FORBIDDEN
);
}
2017-04-26 10:45:23 +00:00
$user -> setEnabled ( $enabled );
2016-07-08 11:22:34 +00:00
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-07-08 11:22:34 +00:00
'status' => 'success' ,
2017-04-18 06:56:06 +00:00
'data' => [
2016-07-08 11:22:34 +00:00
'username' => $id ,
2017-04-26 10:45:23 +00:00
'enabled' => $enabled
2017-04-18 06:56:06 +00:00
]
]
2016-07-08 11:22:34 +00:00
);
} else {
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-07-08 11:22:34 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
2017-04-26 10:45:23 +00:00
'message' => $errorMsgGeneral
2017-04-18 06:56:06 +00:00
]
],
2016-10-11 10:07:20 +00:00
Http :: STATUS_FORBIDDEN
2016-07-08 11:22:34 +00:00
);
}
}
/**
* Set the mail address of a user
*
2014-12-15 11:43:42 +00:00
* @ NoAdminRequired
2017-03-14 15:56:11 +00:00
* @ NoSubadminRequired
* @ PasswordConfirmationRequired
*
* @ param string $account
2017-04-27 10:27:36 +00:00
* @ param bool $onlyVerificationCode only return verification code without updating the data
2017-03-14 15:56:11 +00:00
* @ return DataResponse
*/
2017-04-27 10:27:36 +00:00
public function getVerificationCode ( $account , $onlyVerificationCode ) {
2017-03-14 15:56:11 +00:00
$user = $this -> userSession -> getUser ();
2017-03-23 15:06:57 +00:00
if ( $user === null ) {
return new DataResponse ([], Http :: STATUS_BAD_REQUEST );
}
$accountData = $this -> accountManager -> getUser ( $user );
2017-03-14 15:56:11 +00:00
$cloudId = $user -> getCloudId ();
$message = " Use my Federated Cloud ID to share with me: " . $cloudId ;
2017-04-21 10:09:42 +00:00
$signature = $this -> signMessage ( $user , $message );
2017-03-14 15:56:11 +00:00
2017-04-21 10:09:42 +00:00
$code = $message . ' ' . $signature ;
$codeMd5 = $message . ' ' . md5 ( $signature );
2017-03-14 15:56:11 +00:00
switch ( $account ) {
case 'verify-twitter' :
2017-03-23 15:06:57 +00:00
$accountData [ AccountManager :: PROPERTY_TWITTER ][ 'verified' ] = AccountManager :: VERIFICATION_IN_PROGRESS ;
2017-04-26 18:39:40 +00:00
$msg = $this -> l10n -> t ( 'In order to verify your Twitter account post following tweet on Twitter (please make sure to post it without any line breaks):' );
2017-03-14 15:56:11 +00:00
$code = $codeMd5 ;
2017-04-21 10:09:42 +00:00
$type = AccountManager :: PROPERTY_TWITTER ;
$data = $accountData [ AccountManager :: PROPERTY_TWITTER ][ 'value' ];
2017-04-28 16:05:55 +00:00
$accountData [ AccountManager :: PROPERTY_TWITTER ][ 'signature' ] = $signature ;
2017-03-14 15:56:11 +00:00
break ;
case 'verify-website' :
2017-03-23 15:06:57 +00:00
$accountData [ AccountManager :: PROPERTY_WEBSITE ][ 'verified' ] = AccountManager :: VERIFICATION_IN_PROGRESS ;
2017-04-27 15:58:30 +00:00
$msg = $this -> l10n -> t ( 'In order to verify your Website store following content in your web-root at \'.well-known/CloudIdVerificationCode.txt\' (please make sure that the complete text is in one line):' );
2017-04-21 10:09:42 +00:00
$type = AccountManager :: PROPERTY_WEBSITE ;
$data = $accountData [ AccountManager :: PROPERTY_WEBSITE ][ 'value' ];
2017-04-28 16:05:55 +00:00
$accountData [ AccountManager :: PROPERTY_WEBSITE ][ 'signature' ] = $signature ;
2017-03-14 15:56:11 +00:00
break ;
default :
return new DataResponse ([], Http :: STATUS_BAD_REQUEST );
}
2017-04-27 10:27:36 +00:00
if ( $onlyVerificationCode === false ) {
$this -> accountManager -> updateUser ( $user , $accountData );
$this -> jobList -> add ( 'OC\Settings\BackgroundJobs\VerifyUserData' ,
[
'verificationCode' => $code ,
'data' => $data ,
'type' => $type ,
'uid' => $user -> getUID (),
'try' => 0 ,
'lastRun' => $this -> getCurrentTime ()
]
);
}
2017-04-21 10:09:42 +00:00
2017-03-14 15:56:11 +00:00
return new DataResponse ([ 'msg' => $msg , 'code' => $code ]);
}
2017-04-21 10:09:42 +00:00
/**
* get current timestamp
*
* @ return int
*/
protected function getCurrentTime () {
return time ();
}
/**
* sign message with users private key
*
* @ param IUser $user
* @ param string $message
*
* @ return string base64 encoded signature
*/
protected function signMessage ( IUser $user , $message ) {
$privateKey = $this -> keyManager -> getKey ( $user ) -> getPrivate ();
openssl_sign ( json_encode ( $message ), $signature , $privateKey , OPENSSL_ALGO_SHA512 );
$signatureBase64 = base64_encode ( $signature );
return $signatureBase64 ;
}
2017-03-14 15:56:11 +00:00
/**
* @ NoAdminRequired
2014-12-15 11:43:42 +00:00
* @ NoSubadminRequired
2016-09-19 14:14:51 +00:00
* @ PasswordConfirmationRequired
2014-12-15 11:43:42 +00:00
*
2016-04-21 09:19:10 +00:00
* @ param string $avatarScope
2016-04-20 15:03:50 +00:00
* @ param string $displayname
* @ param string $displaynameScope
* @ param string $phone
* @ param string $phoneScope
* @ param string $email
* @ param string $emailScope
* @ param string $website
* @ param string $websiteScope
* @ param string $address
* @ param string $addressScope
2016-11-11 13:36:17 +00:00
* @ param string $twitter
* @ param string $twitterScope
2016-04-20 15:03:50 +00:00
* @ return DataResponse
*/
2016-04-26 14:19:10 +00:00
public function setUserSettings ( $avatarScope ,
2016-11-18 09:10:05 +00:00
$displayname ,
$displaynameScope ,
$phone ,
$phoneScope ,
$email ,
$emailScope ,
$website ,
$websiteScope ,
$address ,
$addressScope ,
$twitter ,
$twitterScope
2016-04-26 14:19:10 +00:00
) {
2017-04-18 06:56:06 +00:00
if ( ! empty ( $email ) && ! $this -> mailer -> validateMailAddress ( $email )) {
2016-04-26 14:19:10 +00:00
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-04-26 14:19:10 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
'message' => ( string ) $this -> l10n -> t ( 'Invalid mail address' )
]
],
2016-04-26 14:19:10 +00:00
Http :: STATUS_UNPROCESSABLE_ENTITY
);
2016-04-25 12:56:11 +00:00
}
$data = [
2016-11-11 13:36:17 +00:00
AccountManager :: PROPERTY_AVATAR => [ 'scope' => $avatarScope ],
AccountManager :: PROPERTY_DISPLAYNAME => [ 'value' => $displayname , 'scope' => $displaynameScope ],
AccountManager :: PROPERTY_EMAIL => [ 'value' => $email , 'scope' => $emailScope ],
AccountManager :: PROPERTY_WEBSITE => [ 'value' => $website , 'scope' => $websiteScope ],
AccountManager :: PROPERTY_ADDRESS => [ 'value' => $address , 'scope' => $addressScope ],
AccountManager :: PROPERTY_PHONE => [ 'value' => $phone , 'scope' => $phoneScope ],
AccountManager :: PROPERTY_TWITTER => [ 'value' => $twitter , 'scope' => $twitterScope ]
2016-04-25 12:56:11 +00:00
];
2016-11-23 12:05:01 +00:00
$user = $this -> userSession -> getUser ();
2016-04-25 12:56:11 +00:00
2016-04-26 14:19:10 +00:00
try {
2016-11-11 13:36:17 +00:00
$this -> saveUserSettings ( $user , $data );
2014-12-15 11:43:42 +00:00
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-04-26 14:19:10 +00:00
'status' => 'success' ,
2017-04-18 06:56:06 +00:00
'data' => [
2016-11-11 13:36:17 +00:00
'userId' => $user -> getUID (),
2016-04-26 14:19:10 +00:00
'avatarScope' => $avatarScope ,
'displayname' => $displayname ,
'displaynameScope' => $displaynameScope ,
'email' => $email ,
'emailScope' => $emailScope ,
'website' => $website ,
'websiteScope' => $websiteScope ,
'address' => $address ,
'addressScope' => $addressScope ,
2017-04-18 06:56:06 +00:00
'message' => ( string ) $this -> l10n -> t ( 'Settings saved' )
]
],
2016-04-26 14:19:10 +00:00
Http :: STATUS_OK
2014-12-15 11:43:42 +00:00
);
2016-04-26 14:19:10 +00:00
} catch ( ForbiddenException $e ) {
return new DataResponse ([
'status' => 'error' ,
'data' => [
'message' => $e -> getMessage ()
],
]);
2014-12-15 11:43:42 +00:00
}
2016-04-26 14:19:10 +00:00
}
2014-12-15 11:43:42 +00:00
2016-04-26 14:19:10 +00:00
/**
* update account manager with new user data
*
2016-11-11 13:36:17 +00:00
* @ param IUser $user
2016-04-26 14:19:10 +00:00
* @ param array $data
* @ throws ForbiddenException
*/
2016-11-23 12:05:01 +00:00
protected function saveUserSettings ( IUser $user , $data ) {
2016-04-26 14:19:10 +00:00
// keep the user back-end up-to-date with the latest display name and email
// address
2016-11-17 17:51:59 +00:00
$oldDisplayName = $user -> getDisplayName ();
2016-12-02 15:54:17 +00:00
$oldDisplayName = is_null ( $oldDisplayName ) ? '' : $oldDisplayName ;
2016-11-23 12:05:01 +00:00
if ( isset ( $data [ AccountManager :: PROPERTY_DISPLAYNAME ][ 'value' ])
&& $oldDisplayName !== $data [ AccountManager :: PROPERTY_DISPLAYNAME ][ 'value' ]
) {
2016-11-17 17:51:59 +00:00
$result = $user -> setDisplayName ( $data [ AccountManager :: PROPERTY_DISPLAYNAME ][ 'value' ]);
2016-04-26 14:19:10 +00:00
if ( $result === false ) {
throw new ForbiddenException ( $this -> l10n -> t ( 'Unable to change full name' ));
}
2014-12-15 11:43:42 +00:00
}
2016-11-23 12:05:01 +00:00
$oldEmailAddress = $user -> getEMailAddress ();
2016-12-02 15:54:17 +00:00
$oldEmailAddress = is_null ( $oldEmailAddress ) ? '' : $oldEmailAddress ;
2016-11-23 12:05:01 +00:00
if ( isset ( $data [ AccountManager :: PROPERTY_EMAIL ][ 'value' ])
&& $oldEmailAddress !== $data [ AccountManager :: PROPERTY_EMAIL ][ 'value' ]
) {
2016-11-23 22:57:20 +00:00
// this is the only permission a backend provides and is also used
// for the permission of setting a email address
if ( ! $user -> canChangeDisplayName ()) {
throw new ForbiddenException ( $this -> l10n -> t ( 'Unable to change email address' ));
2016-04-26 14:19:10 +00:00
}
2016-11-23 22:57:20 +00:00
$user -> setEMailAddress ( $data [ AccountManager :: PROPERTY_EMAIL ][ 'value' ]);
2016-04-26 14:19:10 +00:00
}
2014-12-15 11:43:42 +00:00
2016-11-11 13:36:17 +00:00
$this -> accountManager -> updateUser ( $user , $data );
2014-12-15 11:43:42 +00:00
}
2015-10-29 15:40:39 +00:00
/**
* Count all unique users visible for the current admin / subadmin .
*
* @ NoAdminRequired
*
* @ return DataResponse
*/
public function stats () {
$userCount = 0 ;
if ( $this -> isAdmin ) {
$countByBackend = $this -> userManager -> countUsers ();
if ( ! empty ( $countByBackend )) {
foreach ( $countByBackend as $count ) {
$userCount += $count ;
}
}
} else {
$groups = $this -> groupManager -> getSubAdmin () -> getSubAdminsGroups ( $this -> userSession -> getUser ());
2015-11-04 08:39:51 +00:00
$uniqueUsers = [];
2015-10-29 15:40:39 +00:00
foreach ( $groups as $group ) {
foreach ( $group -> getUsers () as $uid => $displayName ) {
$uniqueUsers [ $uid ] = true ;
}
}
$userCount = count ( $uniqueUsers );
}
return new DataResponse (
[
'totalUsers' => $userCount
]
);
}
2015-11-08 21:08:19 +00:00
/**
* Set the displayName of a user
*
* @ NoAdminRequired
* @ NoSubadminRequired
2016-10-25 11:05:13 +00:00
* @ PasswordConfirmationRequired
2016-04-20 15:03:50 +00:00
* @ todo merge into saveUserSettings
2015-11-08 21:08:19 +00:00
*
* @ param string $username
* @ param string $displayName
* @ return DataResponse
*/
2016-04-26 14:19:10 +00:00
public function setDisplayName ( $username , $displayName ) {
2015-11-08 21:08:19 +00:00
$currentUser = $this -> userSession -> getUser ();
$user = $this -> userManager -> get ( $username );
2016-11-18 10:55:37 +00:00
if ( $user === null ||
! $user -> canChangeDisplayName () ||
(
! $this -> groupManager -> isAdmin ( $currentUser -> getUID ()) &&
! $this -> groupManager -> getSubAdmin () -> isUserAccessible ( $currentUser , $user ) &&
$currentUser -> getUID () !== $username
)
2016-04-26 14:19:10 +00:00
) {
2015-11-08 21:08:19 +00:00
return new DataResponse ([
'status' => 'error' ,
'data' => [
'message' => $this -> l10n -> t ( 'Authentication error' ),
],
]);
}
2016-11-11 13:36:17 +00:00
$userData = $this -> accountManager -> getUser ( $user );
$userData [ AccountManager :: PROPERTY_DISPLAYNAME ][ 'value' ] = $displayName ;
2016-04-26 14:19:10 +00:00
try {
2016-11-11 13:36:17 +00:00
$this -> saveUserSettings ( $user , $userData );
2015-11-08 21:08:19 +00:00
return new DataResponse ([
'status' => 'success' ,
'data' => [
'message' => $this -> l10n -> t ( 'Your full name has been changed.' ),
'username' => $username ,
'displayName' => $displayName ,
],
]);
2016-04-26 14:19:10 +00:00
} catch ( ForbiddenException $e ) {
2015-11-08 21:08:19 +00:00
return new DataResponse ([
'status' => 'error' ,
'data' => [
2016-04-26 14:19:10 +00:00
'message' => $e -> getMessage (),
2015-11-08 21:08:19 +00:00
'displayName' => $user -> getDisplayName (),
],
]);
}
}
2016-11-23 22:57:20 +00:00
/**
* Set the mail address of a user
*
* @ NoAdminRequired
* @ NoSubadminRequired
* @ PasswordConfirmationRequired
*
* @ param string $id
* @ param string $mailAddress
* @ return DataResponse
*/
public function setEMailAddress ( $id , $mailAddress ) {
$user = $this -> userManager -> get ( $id );
if ( ! $this -> isAdmin
&& ! $this -> groupManager -> getSubAdmin () -> isUserAccessible ( $this -> userSession -> getUser (), $user )
) {
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-11-23 22:57:20 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
'message' => ( string ) $this -> l10n -> t ( 'Forbidden' )
]
],
2016-11-23 22:57:20 +00:00
Http :: STATUS_FORBIDDEN
);
}
if ( $mailAddress !== '' && ! $this -> mailer -> validateMailAddress ( $mailAddress )) {
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-11-23 22:57:20 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
'message' => ( string ) $this -> l10n -> t ( 'Invalid mail address' )
]
],
2016-11-23 22:57:20 +00:00
Http :: STATUS_UNPROCESSABLE_ENTITY
);
}
if ( ! $user ) {
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-11-23 22:57:20 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
'message' => ( string ) $this -> l10n -> t ( 'Invalid user' )
]
],
2016-11-23 22:57:20 +00:00
Http :: STATUS_UNPROCESSABLE_ENTITY
);
}
// this is the only permission a backend provides and is also used
// for the permission of setting a email address
if ( ! $user -> canChangeDisplayName ()) {
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-11-23 22:57:20 +00:00
'status' => 'error' ,
2017-04-18 06:56:06 +00:00
'data' => [
'message' => ( string ) $this -> l10n -> t ( 'Unable to change mail address' )
]
],
2016-11-23 22:57:20 +00:00
Http :: STATUS_FORBIDDEN
);
}
$userData = $this -> accountManager -> getUser ( $user );
$userData [ AccountManager :: PROPERTY_EMAIL ][ 'value' ] = $mailAddress ;
try {
$this -> saveUserSettings ( $user , $userData );
return new DataResponse (
2017-04-18 06:56:06 +00:00
[
2016-11-23 22:57:20 +00:00
'status' => 'success' ,
2017-04-18 06:56:06 +00:00
'data' => [
2016-11-23 22:57:20 +00:00
'username' => $id ,
'mailAddress' => $mailAddress ,
2017-04-18 06:56:06 +00:00
'message' => ( string ) $this -> l10n -> t ( 'Email saved' )
]
],
2016-11-23 22:57:20 +00:00
Http :: STATUS_OK
);
} catch ( ForbiddenException $e ) {
return new DataResponse ([
'status' => 'error' ,
'data' => [
'message' => $e -> getMessage ()
],
]);
}
}
2014-12-04 13:15:55 +00:00
}