Merge pull request #846 from nextcloud/provisioning_api_ocs

Move Provisioning API to the AppFramework
This commit is contained in:
Joas Schilling 2016-08-17 10:23:13 +02:00 committed by GitHub
commit 027069cbae
15 changed files with 1000 additions and 919 deletions

View file

@ -26,53 +26,40 @@
*
*/
namespace OCA\Provisioning_API\AppInfo;
use OCA\Provisioning_API\Apps;
use OCA\Provisioning_API\Groups;
use OCA\Provisioning_API\Users;
use OCP\API;
// Users
$users = new Users(
\OC::$server->getUserManager(),
\OC::$server->getConfig(),
\OC::$server->getGroupManager(),
\OC::$server->getUserSession(),
\OC::$server->getLogger()
);
API::register('get', '/cloud/users', [$users, 'getUsers'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('post', '/cloud/users', [$users, 'addUser'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('get', '/cloud/users/{userid}', [$users, 'getUser'], 'provisioning_api', API::USER_AUTH);
API::register('put', '/cloud/users/{userid}', [$users, 'editUser'], 'provisioning_api', API::USER_AUTH);
API::register('delete', '/cloud/users/{userid}', [$users, 'deleteUser'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('put', '/cloud/users/{userid}/enable', [$users, 'enableUser'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('put', '/cloud/users/{userid}/disable', [$users, 'disableUser'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('get', '/cloud/users/{userid}/groups', [$users, 'getUsersGroups'], 'provisioning_api', API::USER_AUTH);
API::register('post', '/cloud/users/{userid}/groups', [$users, 'addToGroup'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('delete', '/cloud/users/{userid}/groups', [$users, 'removeFromGroup'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('post', '/cloud/users/{userid}/subadmins', [$users, 'addSubAdmin'], 'provisioning_api', API::ADMIN_AUTH);
API::register('delete', '/cloud/users/{userid}/subadmins', [$users, 'removeSubAdmin'], 'provisioning_api', API::ADMIN_AUTH);
API::register('get', '/cloud/users/{userid}/subadmins', [$users, 'getUserSubAdminGroups'], 'provisioning_api', API::ADMIN_AUTH);
$app = new \OCA\Provisioning_API\AppInfo\Application();
$app->registerRoutes($this, [
'ocs' => [
// Apps
['root' => '/cloud', 'name' => 'Apps#getApps', 'url' => '/apps', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Apps#getAppInfo', 'url' => '/apps/{app}', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Apps#enable', 'url' => '/apps/{app}', 'verb' => 'POST'],
['root' => '/cloud', 'name' => 'Apps#disable', 'url' => '/apps/{app}', 'verb' => 'DELETE'],
// Groups
$groups = new Groups(
\OC::$server->getGroupManager(),
\OC::$server->getUserSession(),
\OC::$server->getRequest()
);
API::register('get', '/cloud/groups', [$groups, 'getGroups'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('post', '/cloud/groups', [$groups, 'addGroup'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('get', '/cloud/groups/{groupid}', [$groups, 'getGroup'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('delete', '/cloud/groups/{groupid}', [$groups, 'deleteGroup'], 'provisioning_api', API::ADMIN_AUTH);
API::register('get', '/cloud/groups/{groupid}/subadmins', [$groups, 'getSubAdminsOfGroup'], 'provisioning_api', API::ADMIN_AUTH);
// Groups
['root' => '/cloud', 'name' => 'Groups#getGroups', 'url' => '/groups', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Groups#getGroup', 'url' => '/groups/{groupId}', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Groups#addGroup', 'url' => '/groups', 'verb' => 'POST'],
['root' => '/cloud', 'name' => 'Groups#deleteGroup', 'url' => '/groups/{groupId}', 'verb' => 'DELETE'],
['root' => '/cloud', 'name' => 'Groups#getSubAdminsOfGroup', 'url' => '/groups/{groupId}/subadmins', 'verb' => 'GET'],
// Apps
$apps = new Apps(
\OC::$server->getAppManager(),
\OC::$server->getOcsClient()
);
API::register('get', '/cloud/apps', [$apps, 'getApps'], 'provisioning_api', API::ADMIN_AUTH);
API::register('get', '/cloud/apps/{appid}', [$apps, 'getAppInfo'], 'provisioning_api', API::ADMIN_AUTH);
API::register('post', '/cloud/apps/{appid}', [$apps, 'enable'], 'provisioning_api', API::ADMIN_AUTH);
API::register('delete', '/cloud/apps/{appid}', [$apps, 'disable'], 'provisioning_api', API::ADMIN_AUTH);
//Users
['root' => '/cloud', 'name' => 'Users#getUsers', 'url' => '/users', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Users#addUser', 'url' => '/users', 'verb' => 'POST'],
['root' => '/cloud', 'name' => 'Users#getUser', 'url' => '/users/{userId}', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Users#editUser', 'url' => '/users/{userId}', 'verb' => 'PUT'],
['root' => '/cloud', 'name' => 'Users#deleteUser', 'url' => '/users/{userId}', 'verb' => 'DELETE'],
['root' => '/cloud', 'name' => 'Users#enableUser', 'url' => '/users/{userId}/enable', 'verb' => 'PUT'],
['root' => '/cloud', 'name' => 'Users#disableUser', 'url' => '/users/{userId}/disable', 'verb' => 'PUT'],
['root' => '/cloud', 'name' => 'Users#getUsersGroups', 'url' => '/users/{userId}/groups', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Users#addToGroup', 'url' => '/users/{userId}/groups', 'verb' => 'POST'],
['root' => '/cloud', 'name' => 'Users#removeFromGroup', 'url' => '/users/{userId}/groups', 'verb' => 'DELETE'],
['root' => '/cloud', 'name' => 'Users#getUserSubAdminGroups', 'url' => '/users/{userId}/subadmins', 'verb' => 'GET'],
['root' => '/cloud', 'name' => 'Users#addSubAdmin', 'url' => '/users/{userId}/subadmins', 'verb' => 'POST'],
['root' => '/cloud', 'name' => 'Users#removeSubAdmin', 'url' => '/users/{userId}/subadmins', 'verb' => 'DELETE'],
],
]);

View file

@ -0,0 +1,28 @@
<?php
namespace OCA\Provisioning_API\AppInfo;
use OC\AppFramework\Utility\SimpleContainer;
use OCA\Provisioning_API\Middleware\ProvisioningApiMiddleware;
use OCP\AppFramework\App;
class Application extends App {
public function __construct(array $urlParams = array()) {
parent::__construct('provisioning_api', $urlParams);
$container = $this->getContainer();
$server = $container->getServer();
$container->registerService('ProvisioningApiMiddleware', function(SimpleContainer $c) use ($server) {
$user = $server->getUserManager()->get($c['UserId']);
$isAdmin = $user !== null ? $server->getGroupManager()->isAdmin($user->getUID()) : false;
$isSubAdmin = $user !== null ? $server->getGroupManager()->getSubAdmin()->isSubAdmin($user) : false;
return new ProvisioningApiMiddleware(
$c['ControllerMethodReflector'],
$isAdmin,
$isSubAdmin
);
});
$container->registerMiddleWare('ProvisioningApiMiddleware');
}
}

View file

@ -23,89 +23,101 @@
*
*/
namespace OCA\Provisioning_API;
namespace OCA\Provisioning_API\Controller;
use OC\OCSClient;
use \OC_App;
use OCP\App\IAppManager;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\IRequest;
class Apps {
class AppsController extends OCSController {
/** @var \OCP\App\IAppManager */
private $appManager;
/** @var OCSClient */
private $ocsClient;
/**
* @param \OCP\App\IAppManager $appManager
* @param string $appName
* @param IRequest $request
* @param IAppManager $appManager
* @param OCSClient $ocsClient
*/
public function __construct(\OCP\App\IAppManager $appManager,
OCSClient $ocsClient) {
public function __construct(
$appName,
IRequest $request,
IAppManager $appManager,
OCSClient $ocsClient
) {
parent::__construct($appName, $request);
$this->appManager = $appManager;
$this->ocsClient = $ocsClient;
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $filter
* @return DataResponse
* @throws OCSException
*/
public function getApps($parameters) {
public function getApps($filter = null) {
$apps = OC_App::listAllApps(false, true, $this->ocsClient);
$list = [];
foreach($apps as $app) {
$list[] = $app['id'];
}
$filter = isset($_GET['filter']) ? $_GET['filter'] : false;
if($filter){
switch($filter){
case 'enabled':
return new \OC\OCS\Result(array('apps' => \OC_App::getEnabledApps()));
return new DataResponse(['apps' => \OC_App::getEnabledApps()]);
break;
case 'disabled':
$enabled = OC_App::getEnabledApps();
return new \OC\OCS\Result(array('apps' => array_diff($list, $enabled)));
return new DataResponse(['apps' => array_diff($list, $enabled)]);
break;
default:
// Invalid filter variable
return new \OC\OCS\Result(null, 101);
break;
throw new OCSException('', 101);
}
} else {
return new \OC\OCS\Result(array('apps' => $list));
return new DataResponse(['apps' => $list]);
}
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $app
* @return DataResponse
* @throws OCSNotFoundException
*/
public function getAppInfo($parameters) {
$app = $parameters['appid'];
public function getAppInfo($app) {
$info = \OCP\App::getAppInfo($app);
if(!is_null($info)) {
return new \OC\OCS\Result(OC_App::getAppInfo($app));
return new DataResponse(OC_App::getAppInfo($app));
} else {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The request app was not found');
throw new OCSException('The request app was not found', \OCP\API::RESPOND_NOT_FOUND);
}
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $app
* @return DataResponse
*/
public function enable($parameters) {
$app = $parameters['appid'];
public function enable($app) {
$this->appManager->enableApp($app);
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $app
* @return DataResponse
*/
public function disable($parameters) {
$app = $parameters['appid'];
public function disable($app) {
$this->appManager->disableApp($app);
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
}

View file

@ -23,46 +23,54 @@
*
*/
namespace OCA\Provisioning_API;
namespace OCA\Provisioning_API\Controller;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCSController;
use OCP\IGroup;
use OCP\IGroupManager;
use OCP\IRequest;
use OCP\IUserSession;
use OCP\IUser;
class Groups{
/** @var \OCP\IGroupManager */
class GroupsController extends OCSController {
/** @var IGroupManager */
private $groupManager;
/** @var \OCP\IUserSession */
/** @var IUserSession */
private $userSession;
/** @var \OCP\IRequest */
private $request;
/**
* @param \OCP\IGroupManager $groupManager
* @param \OCP\IUserSession $userSession
* @param \OCP\IRequest $request
* @param string $appName
* @param IRequest $request
* @param IGroupManager $groupManager
* @param IUserSession $userSession
*/
public function __construct(\OCP\IGroupManager $groupManager,
\OCP\IUserSession $userSession,
\OCP\IRequest $request) {
public function __construct(
$appName,
IRequest $request,
IGroupManager $groupManager,
IUserSession $userSession) {
parent::__construct($appName, $request);
$this->groupManager = $groupManager;
$this->userSession = $userSession;
$this->request = $request;
}
/**
* returns a list of groups
*
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $search
* @param int $limit
* @param int $offset
* @return DataResponse
*/
public function getGroups($parameters) {
$search = $this->request->getParam('search', '');
$limit = $this->request->getParam('limit');
$offset = $this->request->getParam('offset');
public function getGroups($search = '', $limit = null, $offset = null) {
if ($limit !== null) {
$limit = (int)$limit;
}
@ -76,27 +84,24 @@ class Groups{
return $group->getGID();
}, $groups);
return new \OC\OCS\Result(['groups' => $groups]);
return new DataResponse(['groups' => $groups]);
}
/**
* returns an array of users in the group specified
*
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $groupId
* @return DataResponse
* @throws OCSException
*/
public function getGroup($parameters) {
// Check if user is logged in
public function getGroup($groupId) {
$user = $this->userSession->getUser();
if ($user === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$groupId = $parameters['groupid'];
// Check the group exists
if(!$this->groupManager->groupExists($groupId)) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested group could not be found');
throw new OCSException('The requested group could not be found', \OCP\API::RESPOND_NOT_FOUND);
}
$isSubadminOfGroup = false;
@ -114,59 +119,62 @@ class Groups{
return $user->getUID();
}, $users);
$users = array_values($users);
return new \OC\OCS\Result(['users' => $users]);
return new DataResponse(['users' => $users]);
} else {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED, 'User does not have access to specified group');
throw new OCSException('User does not have access to specified group', \OCP\API::RESPOND_UNAUTHORISED);
}
}
/**
* creates a new group
*
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $groupid
* @return DataResponse
* @throws OCSException
*/
public function addGroup($parameters) {
public function addGroup($groupid) {
// Validate name
$groupId = $this->request->getParam('groupid', '');
if(empty($groupId)){
if(empty($groupid)){
\OCP\Util::writeLog('provisioning_api', 'Group name not supplied', \OCP\Util::ERROR);
return new \OC\OCS\Result(null, 101, 'Invalid group name');
throw new OCSException('Invalid group name', 101);
}
// Check if it exists
if($this->groupManager->groupExists($groupId)){
return new \OC\OCS\Result(null, 102);
if($this->groupManager->groupExists($groupid)){
throw new OCSException('', 102);
}
$this->groupManager->createGroup($groupId);
return new \OC\OCS\Result(null, 100);
$this->groupManager->createGroup($groupid);
return new DataResponse();
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $groupId
* @return DataResponse
* @throws OCSException
*/
public function deleteGroup($parameters) {
public function deleteGroup($groupId) {
// Check it exists
if(!$this->groupManager->groupExists($parameters['groupid'])){
return new \OC\OCS\Result(null, 101);
} else if($parameters['groupid'] === 'admin' || !$this->groupManager->get($parameters['groupid'])->delete()){
if(!$this->groupManager->groupExists($groupId)){
throw new OCSException('', 101);
} else if($groupId === 'admin' || !$this->groupManager->get($groupId)->delete()){
// Cannot delete admin group
return new \OC\OCS\Result(null, 102);
} else {
return new \OC\OCS\Result(null, 100);
throw new OCSException('', 102);
}
return new DataResponse(null, 100);
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $groupId
* @return DataResponse
* @throws OCSException
*/
public function getSubAdminsOfGroup($parameters) {
$group = $parameters['groupid'];
public function getSubAdminsOfGroup($groupId) {
// Check group exists
$targetGroup = $this->groupManager->get($group);
$targetGroup = $this->groupManager->get($groupId);
if($targetGroup === null) {
return new \OC\OCS\Result(null, 101, 'Group does not exist');
throw new OCSException('Group does not exist', 101);
}
$subadmins = $this->groupManager->getSubAdmin()->getGroupsSubAdmins($targetGroup);
@ -176,7 +184,7 @@ class Groups{
$uids[] = $user->getUID();
}
return new \OC\OCS\Result($uids);
return new DataResponse($uids);
}
}

View file

@ -27,17 +27,23 @@
*
*/
namespace OCA\Provisioning_API;
namespace OCA\Provisioning_API\Controller;
use \OC_Helper;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\Files\NotFoundException;
use OCP\IConfig;
use OCP\IGroupManager;
use OCP\ILogger;
use OCP\IRequest;
use OCP\IUserManager;
use OCP\IUserSession;
class Users {
class UsersController extends OCSController {
/** @var IUserManager */
private $userManager;
@ -51,17 +57,23 @@ class Users {
private $logger;
/**
* @param string $appName
* @param IRequest $request
* @param IUserManager $userManager
* @param IConfig $config
* @param IGroupManager $groupManager
* @param IUserSession $userSession
* @param ILogger $logger
*/
public function __construct(IUserManager $userManager,
public function __construct($appName,
IRequest $request,
IUserManager $userManager,
IConfig $config,
IGroupManager $groupManager,
IUserSession $userSession,
ILogger $logger) {
parent::__construct($appName, $request);
$this->userManager = $userManager;
$this->config = $config;
$this->groupManager = $groupManager;
@ -70,20 +82,17 @@ class Users {
}
/**
* @NoAdminRequired
*
* returns a list of users
*
* @return \OC\OCS\Result
* @param string $search
* @param int $limit
* @param int $offset
* @return DataResponse
*/
public function getUsers() {
$search = !empty($_GET['search']) ? $_GET['search'] : '';
$limit = !empty($_GET['limit']) ? $_GET['limit'] : null;
$offset = !empty($_GET['offset']) ? $_GET['offset'] : null;
// Check if user is logged in
public function getUsers($search = '', $limit = null, $offset = null) {
$user = $this->userSession->getUser();
if ($user === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
// Admin? Or SubAdmin?
$uid = $user->getUID();
@ -106,89 +115,85 @@ class Users {
}
$users = array_slice($users, $offset, $limit);
} else {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$users = array_keys($users);
return new \OC\OCS\Result([
return new DataResponse([
'users' => $users
]);
}
/**
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $userid
* @param string $password
* @param array $groups
* @return DataResponse
* @throws OCSException
*/
public function addUser() {
$userId = isset($_POST['userid']) ? $_POST['userid'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null;
$groups = isset($_POST['groups']) ? $_POST['groups'] : null;
public function addUser($userid, $password, $groups = null) {
$user = $this->userSession->getUser();
$isAdmin = $this->groupManager->isAdmin($user->getUID());
$subAdminManager = $this->groupManager->getSubAdmin();
if (!$isAdmin && !$subAdminManager->isSubAdmin($user)) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
if($this->userManager->userExists($userId)) {
if($this->userManager->userExists($userid)) {
$this->logger->error('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']);
return new \OC\OCS\Result(null, 102, 'User already exists');
throw new OCSException('User already exists', 102);
}
if(is_array($groups)) {
foreach ($groups as $group) {
if(!$this->groupManager->groupExists($group)){
return new \OC\OCS\Result(null, 104, 'group '.$group.' does not exist');
if(!$this->groupManager->groupExists($group)) {
throw new OCSException('group '.$group.' does not exist', 104);
}
if(!$isAdmin && !$subAdminManager->isSubAdminofGroup($user, $this->groupManager->get($group))) {
return new \OC\OCS\Result(null, 105, 'insufficient privileges for group '. $group);
throw new OCSException('insufficient privileges for group '. $group, 105);
}
}
} else {
if(!$isAdmin) {
return new \OC\OCS\Result(null, 106, 'no group specified (required for subadmins)');
throw new OCSException('no group specified (required for subadmins)', 106);
}
}
try {
$newUser = $this->userManager->createUser($userId, $password);
$this->logger->info('Successful addUser call with userid: '.$userId, ['app' => 'ocs_api']);
$newUser = $this->userManager->createUser($userid, $password);
$this->logger->info('Successful addUser call with userid: '.$userid, ['app' => 'ocs_api']);
if (is_array($groups)) {
foreach ($groups as $group) {
$this->groupManager->get($group)->addUser($newUser);
$this->logger->info('Added userid '.$userId.' to group '.$group, ['app' => 'ocs_api']);
$this->logger->info('Added userid '.$userid.' to group '.$group, ['app' => 'ocs_api']);
}
}
return new \OC\OCS\Result(null, 100);
return new DataResponse();
} catch (\Exception $e) {
$this->logger->error('Failed addUser attempt with exception: '.$e->getMessage(), ['app' => 'ocs_api']);
return new \OC\OCS\Result(null, 101, 'Bad request');
throw new OCSException('Bad request', 101);
}
}
/**
* @NoAdminRequired
* @NoSubAdminRequired
*
* gets user info
*
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @return DataResponse
* @throws OCSException
*/
public function getUser($parameters) {
$userId = $parameters['userid'];
// Check if user is logged in
public function getUser($userId) {
$currentLoggedInUser = $this->userSession->getUser();
if ($currentLoggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$data = [];
// Check if the target user exists
$targetUserObject = $this->userManager->get($userId);
if($targetUserObject === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested user could not be found');
throw new OCSException('The requested user could not be found', \OCP\API::RESPOND_NOT_FOUND);
}
// Admin? Or SubAdmin?
@ -198,7 +203,7 @@ class Users {
} else {
// Check they are looking up themselves
if($currentLoggedInUser->getUID() !== $userId) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
}
@ -207,32 +212,32 @@ class Users {
$data['email'] = $targetUserObject->getEMailAddress();
$data['displayname'] = $targetUserObject->getDisplayName();
return new \OC\OCS\Result($data);
return new DataResponse($data);
}
/**
/**
* @NoAdminRequired
* @NoSubAdminRequired
*
* edit users
*
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @param string $key
* @param string $value
* @return DataResponse
* @throws OCSException
* @throws OCSForbiddenException
*/
public function editUser($parameters) {
/** @var string $targetUserId */
$targetUserId = $parameters['userid'];
// Check if user is logged in
public function editUser($userId, $key, $value) {
$currentLoggedInUser = $this->userSession->getUser();
if ($currentLoggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$targetUser = $this->userManager->get($targetUserId);
$targetUser = $this->userManager->get($userId);
if($targetUser === null) {
return new \OC\OCS\Result(null, 997);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
$permittedFields = [];
if($targetUserId === $currentLoggedInUser->getUID()) {
if($userId === $currentLoggedInUser->getUID()) {
// Editing self (display, email)
$permittedFields[] = 'display';
$permittedFields[] = 'email';
@ -253,20 +258,20 @@ class Users {
$permittedFields[] = 'email';
} else {
// No rights
return new \OC\OCS\Result(null, 997);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
}
// Check if permitted to edit this field
if(!in_array($parameters['_put']['key'], $permittedFields)) {
return new \OC\OCS\Result(null, 997);
if(!in_array($key, $permittedFields)) {
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
// Process the edit
switch($parameters['_put']['key']) {
switch($key) {
case 'display':
$targetUser->setDisplayName($parameters['_put']['value']);
$targetUser->setDisplayName($value);
break;
case 'quota':
$quota = $parameters['_put']['value'];
$quota = $value;
if($quota !== 'none' and $quota !== 'default') {
if (is_numeric($quota)) {
$quota = floatval($quota);
@ -274,7 +279,7 @@ class Users {
$quota = \OCP\Util::computerFileSize($quota);
}
if ($quota === false) {
return new \OC\OCS\Result(null, 103, "Invalid quota value {$parameters['_put']['value']}");
throw new OCSException('Invalid quota value '.$value, 103);
}
if($quota === 0) {
$quota = 'default';
@ -287,115 +292,118 @@ class Users {
$targetUser->setQuota($quota);
break;
case 'password':
$targetUser->setPassword($parameters['_put']['value']);
$targetUser->setPassword($value);
break;
case 'email':
if(filter_var($parameters['_put']['value'], FILTER_VALIDATE_EMAIL)) {
$targetUser->setEMailAddress($parameters['_put']['value']);
if(filter_var($value, FILTER_VALIDATE_EMAIL)) {
$targetUser->setEMailAddress($value);
} else {
return new \OC\OCS\Result(null, 102);
throw new OCSException('', 102);
}
break;
default:
return new \OC\OCS\Result(null, 103);
throw new OCSException('', 103);
}
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $userId
* @return DataResponse
* @throws OCSException
* @throws OCSForbiddenException
*/
public function deleteUser($parameters) {
// Check if user is logged in
public function deleteUser($userId) {
$currentLoggedInUser = $this->userSession->getUser();
if ($currentLoggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$targetUser = $this->userManager->get($parameters['userid']);
$targetUser = $this->userManager->get($userId);
if($targetUser === null || $targetUser->getUID() === $currentLoggedInUser->getUID()) {
return new \OC\OCS\Result(null, 101);
throw new OCSException('', 101);
}
// If not permitted
$subAdminManager = $this->groupManager->getSubAdmin();
if(!$this->groupManager->isAdmin($currentLoggedInUser->getUID()) && !$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) {
return new \OC\OCS\Result(null, 997);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
// Go ahead with the delete
if($targetUser->delete()) {
return new \OC\OCS\Result(null, 100);
return new DataResponse();
} else {
return new \OC\OCS\Result(null, 101);
throw new OCSException('', 101);
}
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $userId
* @return DataResponse
*/
public function disableUser($parameters) {
return $this->setEnabled($parameters, false);
public function disableUser($userId) {
return $this->setEnabled($userId, false);
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string $userId
* @return DataResponse
*/
public function enableUser($parameters) {
return $this->setEnabled($parameters, true);
public function enableUser($userId) {
return $this->setEnabled($userId, true);
}
/**
* @param array $parameters
* @param string $userId
* @param bool $value
* @return \OC\OCS\Result
* @return DataResponse
* @throws OCSException
* @throws OCSForbiddenException
*/
private function setEnabled($parameters, $value) {
// Check if user is logged in
private function setEnabled($userId, $value) {
$currentLoggedInUser = $this->userSession->getUser();
if ($currentLoggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$targetUser = $this->userManager->get($parameters['userid']);
$targetUser = $this->userManager->get($userId);
if($targetUser === null || $targetUser->getUID() === $currentLoggedInUser->getUID()) {
return new \OC\OCS\Result(null, 101);
throw new OCSException('', 101);
}
// If not permitted
$subAdminManager = $this->groupManager->getSubAdmin();
if(!$this->groupManager->isAdmin($currentLoggedInUser->getUID()) && !$subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) {
return new \OC\OCS\Result(null, 997);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
// enable/disable the user now
$targetUser->setEnabled($value);
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
* @NoSubAdminRequired
*
* @param string $userId
* @return DataResponse
* @throws OCSForbiddenException
* @throws OCSNotFoundException
*/
public function getUsersGroups($parameters) {
// Check if user is logged in
public function getUsersGroups($userId) {
$loggedInUser = $this->userSession->getUser();
if ($loggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$targetUser = $this->userManager->get($parameters['userid']);
$targetUser = $this->userManager->get($userId);
if($targetUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_NOT_FOUND);
throw new OCSException('', \OCP\API::RESPOND_NOT_FOUND);
}
if($targetUser->getUID() === $loggedInUser->getUID() || $this->groupManager->isAdmin($loggedInUser->getUID())) {
// Self lookup or admin lookup
return new \OC\OCS\Result([
return new DataResponse([
'groups' => $this->groupManager->getUserGroupIds($targetUser)
]);
} else {
@ -412,87 +420,75 @@ class Users {
$getSubAdminsGroups,
$this->groupManager->getUserGroupIds($targetUser)
);
return new \OC\OCS\Result(array('groups' => $groups));
return new DataResponse(['groups' => $groups]);
} else {
// Not permitted
return new \OC\OCS\Result(null, 997);
throw new OCSException('', \OCP\API::RESPOND_UNAUTHORISED);
}
}
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @param string $groupid
* @return DataResponse
* @throws OCSException
*/
public function addToGroup($parameters) {
// Check if user is logged in
$user = $this->userSession->getUser();
if ($user === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
public function addToGroup($userId, $groupid = '') {
if($groupid === '') {
throw new OCSException('', 101);
}
// Check they're an admin
if(!$this->groupManager->isAdmin($user->getUID())) {
// This user doesn't have rights to add a user to this group
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
$groupId = !empty($_POST['groupid']) ? $_POST['groupid'] : null;
if($groupId === null) {
return new \OC\OCS\Result(null, 101);
}
$group = $this->groupManager->get($groupId);
$targetUser = $this->userManager->get($parameters['userid']);
$group = $this->groupManager->get($groupid);
$targetUser = $this->userManager->get($userId);
if($group === null) {
return new \OC\OCS\Result(null, 102);
throw new OCSException('', 102);
}
if($targetUser === null) {
return new \OC\OCS\Result(null, 103);
throw new OCSException('', 103);
}
// Add user to group
$group->addUser($targetUser);
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
/**
* @param array $parameters
* @return \OC\OCS\Result
* @NoAdminRequired
*
* @param string userId
* @param string $groupid
* @return DataResponse
* @throws OCSException
*/
public function removeFromGroup($parameters) {
// Check if user is logged in
public function removeFromGroup($userId, $groupid) {
$loggedInUser = $this->userSession->getUser();
if ($loggedInUser === null) {
return new \OC\OCS\Result(null, \OCP\API::RESPOND_UNAUTHORISED);
if($groupid === null) {
throw new OCSException('', 101);
}
$group = !empty($parameters['_delete']['groupid']) ? $parameters['_delete']['groupid'] : null;
$group = $this->groupManager->get($groupid);
if($group === null) {
return new \OC\OCS\Result(null, 101);
throw new OCSException('', 102);
}
$group = $this->groupManager->get($group);
if($group === null) {
return new \OC\OCS\Result(null, 102);
}
$targetUser = $this->userManager->get($parameters['userid']);
$targetUser = $this->userManager->get($userId);
if($targetUser === null) {
return new \OC\OCS\Result(null, 103);
throw new OCSException('', 103);
}
// If they're not an admin, check they are a subadmin of the group in question
$subAdminManager = $this->groupManager->getSubAdmin();
if(!$this->groupManager->isAdmin($loggedInUser->getUID()) && !$subAdminManager->isSubAdminofGroup($loggedInUser, $group)) {
return new \OC\OCS\Result(null, 104);
throw new OCSException('', 104);
}
// Check they aren't removing themselves from 'admin' or their 'subadmin; group
if($parameters['userid'] === $loggedInUser->getUID()) {
if($userId === $loggedInUser->getUID()) {
if($this->groupManager->isAdmin($loggedInUser->getUID())) {
if($group->getGID() === 'admin') {
return new \OC\OCS\Result(null, 105, 'Cannot remove yourself from the admin group');
throw new OCSException('Cannot remove yourself from the admin group', 105);
}
} else {
// Not an admin, check they are not removing themself from their subadmin group
@ -502,96 +498,101 @@ class Users {
}
if(in_array($group->getGID(), $subAdminGroups, true)) {
return new \OC\OCS\Result(null, 105, 'Cannot remove yourself from this group as you are a SubAdmin');
throw new OCSException('Cannot remove yourself from this group as you are a SubAdmin', 105);
}
}
}
// Remove user from group
$group->removeUser($targetUser);
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
/**
* Creates a subadmin
*
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @param string $groupid
* @return DataResponse
* @throws OCSException
*/
public function addSubAdmin($parameters) {
$group = $this->groupManager->get($_POST['groupid']);
$user = $this->userManager->get($parameters['userid']);
public function addSubAdmin($userId, $groupid) {
$group = $this->groupManager->get($groupid);
$user = $this->userManager->get($userId);
// Check if the user exists
if($user === null) {
return new \OC\OCS\Result(null, 101, 'User does not exist');
throw new OCSException('User does not exist', 101);
}
// Check if group exists
if($group === null) {
return new \OC\OCS\Result(null, 102, 'Group:'.$_POST['groupid'].' does not exist');
throw new OCSException('Group:'.$groupid.' does not exist', 102);
}
// Check if trying to make subadmin of admin group
if(strtolower($_POST['groupid']) === 'admin') {
return new \OC\OCS\Result(null, 103, 'Cannot create subadmins for admin group');
if(strtolower($groupid) === 'admin') {
throw new OCSException('Cannot create subadmins for admin group', 103);
}
$subAdminManager = $this->groupManager->getSubAdmin();
// We cannot be subadmin twice
if ($subAdminManager->isSubAdminofGroup($user, $group)) {
return new \OC\OCS\Result(null, 100);
return new DataResponse();
}
// Go
if($subAdminManager->createSubAdmin($user, $group)) {
return new \OC\OCS\Result(null, 100);
return new DataResponse();
} else {
return new \OC\OCS\Result(null, 103, 'Unknown error occurred');
throw new OCSException('Unknown error occurred', 103);
}
}
/**
* Removes a subadmin from a group
*
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @param string $groupid
* @return DataResponse
* @throws OCSException
*/
public function removeSubAdmin($parameters) {
$group = $this->groupManager->get($parameters['_delete']['groupid']);
$user = $this->userManager->get($parameters['userid']);
public function removeSubAdmin($userId, $groupid) {
$group = $this->groupManager->get($groupid);
$user = $this->userManager->get($userId);
$subAdminManager = $this->groupManager->getSubAdmin();
// Check if the user exists
if($user === null) {
return new \OC\OCS\Result(null, 101, 'User does not exist');
throw new OCSException('User does not exist', 101);
}
// Check if the group exists
if($group === null) {
return new \OC\OCS\Result(null, 101, 'Group does not exist');
throw new OCSException('Group does not exist', 101);
}
// Check if they are a subadmin of this said group
if(!$subAdminManager->isSubAdminofGroup($user, $group)) {
return new \OC\OCS\Result(null, 102, 'User is not a subadmin of this group');
throw new OCSException('User is not a subadmin of this group', 102);
}
// Go
if($subAdminManager->deleteSubAdmin($user, $group)) {
return new \OC\OCS\Result(null, 100);
return new DataResponse();
} else {
return new \OC\OCS\Result(null, 103, 'Unknown error occurred');
throw new OCSException('Unknown error occurred', 103);
}
}
/**
* Get the groups a user is a subadmin of
*
* @param array $parameters
* @return \OC\OCS\Result
* @param string $userId
* @return DataResponse
* @throws OCSException
*/
public function getUserSubAdminGroups($parameters) {
$user = $this->userManager->get($parameters['userid']);
public function getUserSubAdminGroups($userId) {
$user = $this->userManager->get($userId);
// Check if the user exists
if($user === null) {
return new \OC\OCS\Result(null, 101, 'User does not exist');
throw new OCSException('User does not exist', 101);
}
// Get the subadmin groups
@ -601,9 +602,9 @@ class Users {
}
if(!$groups) {
return new \OC\OCS\Result(null, 102, 'Unknown error occurred');
throw new OCSException('Unknown error occurred', 102);
} else {
return new \OC\OCS\Result($groups);
return new DataResponse($groups);
}
}

View file

@ -0,0 +1,11 @@
<?php
namespace OCA\Provisioning_API\Middleware\Exceptions;
use OCP\AppFramework\Http;
class NotSubAdminException extends \Exception {
public function __construct() {
parent::__construct('Logged in user must be at least a sub admin', Http::STATUS_FORBIDDEN);
}
}

View file

@ -0,0 +1,64 @@
<?php
namespace OCA\Provisioning_API\Middleware;
use OCA\Provisioning_API\Middleware\Exceptions\NotSubAdminException;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\Middleware;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\Utility\IControllerMethodReflector;
class ProvisioningApiMiddleware extends Middleware {
/** @var IControllerMethodReflector */
private $reflector;
/** @var bool */
private $isAdmin;
/** @var bool */
private $isSubAdmin;
/**
* ProvisioningApiMiddleware constructor.
*
* @param IControllerMethodReflector $reflector
* @param bool $isAdmin
* @param bool $isSubAdmin
*/
public function __construct(
IControllerMethodReflector $reflector,
$isAdmin,
$isSubAdmin) {
$this->reflector = $reflector;
$this->isAdmin = $isAdmin;
$this->isSubAdmin = $isSubAdmin;
}
/**
* @param \OCP\AppFramework\Controller $controller
* @param string $methodName
*
* @throws NotSubAdminException
*/
public function beforeController($controller, $methodName) {
if (!$this->isAdmin && !$this->reflector->hasAnnotation('NoSubAdminRequired') && !$this->isSubAdmin) {
throw new NotSubAdminException();
}
}
/**
* @param \OCP\AppFramework\Controller $controller
* @param string $methodName
* @param \Exception $exception
* @throws \Exception
* @return Response
*/
public function afterException($controller, $methodName, \Exception $exception) {
if ($exception instanceof NotSubAdminException) {
throw new OCSException($exception->getMessage(), \OCP\API::RESPOND_UNAUTHORISED);
}
throw $exception;
}
}

View file

@ -25,11 +25,11 @@
*
*/
namespace OCA\Provisioning_API\Tests;
namespace OCA\Provisioning_API\Tests\Controller;
use OC\OCSClient;
use OCA\Provisioning_API\Apps;
use OCA\Provisioning_API\Controller\AppsController;
use OCP\API;
use OCP\App\IAppManager;
use OCP\IUserSession;
@ -41,10 +41,10 @@ use OCP\IUserSession;
*
* @package OCA\Provisioning_API\Tests
*/
class AppsTest extends TestCase {
class AppsControllerTest extends \OCA\Provisioning_API\Tests\TestCase {
/** @var IAppManager */
private $appManager;
/** @var Apps */
/** @var AppsController */
private $api;
/** @var IUserSession */
private $userSession;
@ -61,20 +61,30 @@ class AppsTest extends TestCase {
->disableOriginalConstructor()
->getMock();
$this->api = new Apps($this->appManager, $this->ocsClient);
$request = $this->getMockBuilder('OCP\IRequest')
->disableOriginalConstructor()
->getMock();
$this->api = new AppsController(
'provisioning_api',
$request,
$this->appManager,
$this->ocsClient
);
}
public function testGetAppInfo() {
$result = $this->api->getAppInfo(['appid' => 'provisioning_api']);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$result = $this->api->getAppInfo('provisioning_api');
$expected = \OC_App::getAppInfo('provisioning_api');
$this->assertEquals($expected, $result->getData());
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 998
*/
public function testGetAppInfoOnBadAppID() {
$result = $this->api->getAppInfo(['appid' => 'not_provisioning_api']);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(API::RESPOND_NOT_FOUND, $result->getStatusCode());
$this->api->getAppInfo('not_provisioning_api');
}
public function testGetApps() {
@ -86,17 +96,14 @@ class AppsTest extends TestCase {
$this->groupManager->get('admin')->addUser($user);
$this->userSession->setUser($user);
$result = $this->api->getApps([]);
$result = $this->api->getApps();
$this->assertTrue($result->succeeded());
$data = $result->getData();
$this->assertEquals(count(\OC_App::listAllApps(false, true, $this->ocsClient)), count($data['apps']));
}
public function testGetAppsEnabled() {
$_GET['filter'] = 'enabled';
$result = $this->api->getApps(['filter' => 'enabled']);
$this->assertTrue($result->succeeded());
$result = $this->api->getApps('enabled');
$data = $result->getData();
$this->assertEquals(count(\OC_App::getEnabledApps()), count($data['apps']));
}
@ -106,9 +113,7 @@ class AppsTest extends TestCase {
->expects($this->any())
->method($this->anything())
->will($this->returnValue(null));
$_GET['filter'] = 'disabled';
$result = $this->api->getApps(['filter' => 'disabled']);
$this->assertTrue($result->succeeded());
$result = $this->api->getApps('disabled');
$data = $result->getData();
$apps = \OC_App::listAllApps(false, true, $this->ocsClient);
$list = array();
@ -119,10 +124,11 @@ class AppsTest extends TestCase {
$this->assertEquals(count($disabled), count($data['apps']));
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 101
*/
public function testGetAppsInvalidFilter() {
$_GET['filter'] = 'foo';
$result = $this->api->getApps([]);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
$this->api->getApps('foo');
}
}

View file

@ -24,24 +24,20 @@
*
*/
namespace OCA\Provisioning_API\Tests;
namespace OCA\Provisioning_API\Tests\Controller;
use OCA\Provisioning_API\Groups;
use OCP\API;
use OCA\Provisioning_API\Controller\GroupsController;
use OCP\IGroupManager;
use OCP\IUserSession;
use OCP\IRequest;
class GroupsTest extends \Test\TestCase {
class GroupsControllerTest extends \Test\TestCase {
/** @var IGroupManager|\PHPUnit_Framework_MockObject_MockObject */
protected $groupManager;
/** @var IUserSession|\PHPUnit_Framework_MockObject_MockObject */
protected $userSession;
/** @var IRequest|\PHPUnit_Framework_MockObject_MockObject */
protected $request;
/** @var \OC\SubAdmin|\PHPUnit_Framework_MockObject_MockObject */
protected $subAdminManager;
/** @var Groups */
/** @var GroupsController */
protected $api;
protected function setUp() {
@ -61,13 +57,14 @@ class GroupsTest extends \Test\TestCase {
$this->userSession = $this->getMockBuilder('OCP\IUserSession')
->disableOriginalConstructor()
->getMock();
$this->request = $this->getMockBuilder('OCP\IRequest')
$request = $this->getMockBuilder('OCP\IRequest')
->disableOriginalConstructor()
->getMock();
$this->api = new Groups(
$this->api = new GroupsController(
'provisioning_api',
$request,
$this->groupManager,
$this->userSession,
$this->request
$this->userSession
);
}
@ -148,15 +145,6 @@ class GroupsTest extends \Test\TestCase {
* @param int|null $offset
*/
public function testGetGroups($search, $limit, $offset) {
$this->request
->expects($this->exactly(3))
->method('getParam')
->will($this->returnValueMap([
['search', '', $search],
['limit', null, $limit],
['offset', null, $offset],
]));
$groups = [$this->createGroup('group1'), $this->createGroup('group2')];
$search = $search === null ? '' : $search;
@ -167,19 +155,8 @@ class GroupsTest extends \Test\TestCase {
->with($search, $limit, $offset)
->willReturn($groups);
$result = $this->api->getGroups([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->assertEquals(['group1', 'group2'], $result->getData()['groups']);
}
public function testGetGroupAsUser() {
$result = $this->api->getGroup([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(API::RESPOND_UNAUTHORISED, $result->getStatusCode());
$result = $this->api->getGroups($search, $limit, $offset);
$this->assertEquals(['groups' => ['group1', 'group2']], $result->getData());
}
public function testGetGroupAsSubadmin() {
@ -201,17 +178,15 @@ class GroupsTest extends \Test\TestCase {
$this->createUser('user2')
]);
$result = $this->api->getGroup([
'groupid' => 'group',
]);
$result = $this->api->getGroup('group');
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->assertEquals(1, sizeof($result->getData()), 'Asserting the result data array only has the "users" key');
$this->assertArrayHasKey('users', $result->getData());
$this->assertEquals(['user1', 'user2'], $result->getData()['users']);
$this->assertEquals(['users' => ['user1', 'user2']], $result->getData());
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 997
*/
public function testGetGroupAsIrrelevantSubadmin() {
$group = $this->createGroup('group');
$otherGroup = $this->createGroup('otherGroup');
@ -226,13 +201,7 @@ class GroupsTest extends \Test\TestCase {
->with('group')
->willReturn(true);
$result = $this->api->getGroup([
'groupid' => 'group',
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(API::RESPOND_UNAUTHORISED, $result->getStatusCode());
$this->api->getGroup('group');
}
public function testGetGroupAsAdmin() {
@ -254,39 +223,29 @@ class GroupsTest extends \Test\TestCase {
$this->createUser('user2')
]);
$result = $this->api->getGroup([
'groupid' => 'group',
]);
$result = $this->api->getGroup('group');
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->assertEquals(1, sizeof($result->getData()), 'Asserting the result data array only has the "users" key');
$this->assertArrayHasKey('users', $result->getData());
$this->assertEquals(['user1', 'user2'], $result->getData()['users']);
$this->assertEquals(['users' => ['user1', 'user2']], $result->getData());
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 998
* @expectedExceptionMessage The requested group could not be found
*/
public function testGetGroupNonExisting() {
$this->asUser();
$result = $this->api->getGroup([
'groupid' => $this->getUniqueID()
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(API::RESPOND_NOT_FOUND, $result->getStatusCode());
$this->assertEquals('The requested group could not be found', $result->getMeta()['message']);
$this->api->getGroup($this->getUniqueID());
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 101
* @expectedExceptionMessage Group does not exist
*/
public function testGetSubAdminsOfGroupsNotExists() {
$result = $this->api->getSubAdminsOfGroup([
'groupid' => 'NonExistingGroup',
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
$this->assertEquals('Group does not exist', $result->getMeta()['message']);
$this->api->getSubAdminsOfGroup('NonExistingGroup');
}
public function testGetSubAdminsOfGroup() {
@ -305,12 +264,7 @@ class GroupsTest extends \Test\TestCase {
$this->createUser('SubAdmin2'),
]);
$result = $this->api->getSubAdminsOfGroup([
'groupid' => 'GroupWithSubAdmins',
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$result = $this->api->getSubAdminsOfGroup('GroupWithSubAdmins');
$this->assertEquals(['SubAdmin1', 'SubAdmin2'], $result->getData());
}
@ -328,53 +282,33 @@ class GroupsTest extends \Test\TestCase {
->willReturn([
]);
$result = $this->api->getSubAdminsOfGroup([
'groupid' => 'GroupWithOutSubAdmins',
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$result = $this->api->getSubAdminsOfGroup('GroupWithOutSubAdmins');
$this->assertEquals([], $result->getData());
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 101
* @expectedExceptionMessage Invalid group name
*/
public function testAddGroupEmptyGroup() {
$this->request
->method('getParam')
->with('groupid')
->willReturn('');
$result = $this->api->addGroup([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
$this->assertEquals('Invalid group name', $result->getMeta()['message']);
$this->api->addGroup('');
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 102
*/
public function testAddGroupExistingGroup() {
$this->request
->method('getParam')
->with('groupid')
->willReturn('ExistingGroup');
$this->groupManager
->method('groupExists')
->with('ExistingGroup')
->willReturn(true);
$result = $this->api->addGroup([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(102, $result->getStatusCode());
$this->api->addGroup('ExistingGroup');
}
public function testAddGroup() {
$this->request
->method('getParam')
->with('groupid')
->willReturn('NewGroup');
$this->groupManager
->method('groupExists')
->with('NewGroup')
@ -385,17 +319,10 @@ class GroupsTest extends \Test\TestCase {
->method('createGroup')
->with('NewGroup');
$result = $this->api->addGroup([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->api->addGroup('NewGroup');
}
public function testAddGroupWithSpecialChar() {
$this->request
->method('getParam')
->with('groupid')
->willReturn('Iñtërnâtiônàlizætiøn');
$this->groupManager
->method('groupExists')
->with('Iñtërnâtiônàlizætiøn')
@ -406,32 +333,28 @@ class GroupsTest extends \Test\TestCase {
->method('createGroup')
->with('Iñtërnâtiônàlizætiøn');
$result = $this->api->addGroup([]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->api->addGroup('Iñtërnâtiônàlizætiøn');
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 101
*/
public function testDeleteGroupNonExisting() {
$result = $this->api->deleteGroup([
'groupid' => 'NonExistingGroup'
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(101, $result->getStatusCode());
$this->api->deleteGroup('NonExistingGroup');
}
/**
* @expectedException \OCP\AppFramework\OCS\OCSException
* @expectedExceptionCode 102
*/
public function testDeleteAdminGroup() {
$this->groupManager
->method('groupExists')
->with('admin')
->willReturn('true');
$result = $this->api->deleteGroup([
'groupid' => 'admin'
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertFalse($result->succeeded());
$this->assertEquals(102, $result->getStatusCode());
$this->api->deleteGroup('admin');
}
public function testDeleteGroup() {
@ -450,10 +373,6 @@ class GroupsTest extends \Test\TestCase {
->method('delete')
->willReturn(true);
$result = $this->api->deleteGroup([
'groupid' => 'ExistingGroup',
]);
$this->assertInstanceOf('\OC\OCS\Result', $result);
$this->assertTrue($result->succeeded());
$this->api->deleteGroup('ExistingGroup');
}
}

View file

@ -165,6 +165,13 @@ trait BasicStructure {
$options['body'] = $fd;
}
// TODO: Fix this hack!
if ($verb === 'PUT' && $body === null) {
$options['body'] = [
'foo' => 'bar',
];
}
try {
$this->response = $client->send($client->createRequest($verb, $fullUrl, $options));
} catch (\GuzzleHttp\Exception\ClientException $ex) {

View file

@ -96,9 +96,12 @@ trait Provisioning {
}
$options['body'] = [
'userid' => $user,
'password' => '123456'
];
'userid' => $user,
'password' => '123456'
];
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->send($client->createRequest("POST", $fullUrl, $options));
if ($this->currentServer === 'LOCAL'){
@ -111,6 +114,9 @@ trait Provisioning {
$options2 = [
'auth' => [$user, '123456'],
];
$options2['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$url = $fullUrl.'/'.$user;
$client->send($client->createRequest('GET', $url, $options2));
}
@ -152,6 +158,9 @@ trait Provisioning {
$client = new Client();
$options = [];
$options['auth'] = $this->adminUser;
$options['headers'] = [
'OCS-APIREQUEST' => 'true'
];
$this->response = $client->get($fullUrl, $options);
}
@ -168,6 +177,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfGroupsResponded($this->response);
@ -183,6 +195,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfGroupsResponded($this->response);
@ -223,6 +238,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$groups = array($group);
@ -244,8 +262,11 @@ trait Provisioning {
}
$options['body'] = [
'groupid' => $group,
];
'groupid' => $group,
];
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->send($client->createRequest("POST", $fullUrl, $options));
if ($this->currentServer === 'LOCAL'){
@ -265,6 +286,13 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
// TODO: fix hack
$options['body'] = [
'foo' => 'bar'
];
$this->response = $client->send($client->createRequest("PUT", $fullUrl, $options));
}
@ -280,6 +308,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->send($client->createRequest("DELETE", $fullUrl, $options));
}
@ -295,6 +326,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->send($client->createRequest("DELETE", $fullUrl, $options));
}
@ -323,10 +357,13 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$options['body'] = [
'groupid' => $group,
];
'groupid' => $group,
];
$this->response = $client->send($client->createRequest("POST", $fullUrl, $options));
}
@ -337,6 +374,9 @@ trait Provisioning {
$client = new Client();
$options = [];
$options['auth'] = $this->adminUser;
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
}
@ -394,6 +434,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfSubadminsResponded($this->response);
@ -415,8 +458,11 @@ trait Provisioning {
$options['auth'] = $this->adminUser;
}
$options['body'] = [
'groupid' => $group
];
'groupid' => $group
];
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->send($client->createRequest("POST", $fullUrl, $options));
PHPUnit_Framework_Assert::assertEquals(200, $this->response->getStatusCode());
}
@ -433,6 +479,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfSubadminsResponded($this->response);
@ -561,6 +610,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfAppsResponded($this->response);
@ -579,6 +631,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
$respondedArray = $this->getArrayOfAppsResponded($this->response);
@ -597,6 +652,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
PHPUnit_Framework_Assert::assertEquals("false", $this->response->xml()->data[0]->enabled);
@ -613,6 +671,9 @@ trait Provisioning {
if ($this->currentUser === 'admin') {
$options['auth'] = $this->adminUser;
}
$options['headers'] = [
'OCS-APIREQUEST' => 'true',
];
$this->response = $client->get($fullUrl, $options);
PHPUnit_Framework_Assert::assertEquals("true", $this->response->xml()->data[0]->enabled);

View file

@ -408,6 +408,7 @@ class DIContainer extends SimpleContainer implements IAppContainer {
$this->registerService('MiddlewareDispatcher', function($c) use (&$middleWares) {
$dispatcher = new MiddlewareDispatcher();
$dispatcher->registerMiddleware($c['CORSMiddleware']);
$dispatcher->registerMiddleware($c['OCSMiddleware']);
$dispatcher->registerMiddleware($c['SecurityMiddleware']);
$dispatcher->registerMiddleWare($c['TwoFactorMiddleware']);
@ -416,7 +417,6 @@ class DIContainer extends SimpleContainer implements IAppContainer {
}
$dispatcher->registerMiddleware($c['SessionMiddleware']);
$dispatcher->registerMiddleware($c['OCSMiddleware']);
return $dispatcher;
});

View file

@ -23,8 +23,14 @@
namespace OC\AppFramework\Middleware;
use OC\AppFramework\Http;
use OCP\API;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\OCSResponse;
use OCP\AppFramework\Http\Response;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OCP\AppFramework\OCSController;
use OCP\IRequest;
use OCP\AppFramework\Middleware;
@ -54,12 +60,35 @@ class OCSMiddleware extends Middleware {
$code = $exception->getCode();
if ($code === 0) {
$code = Http::STATUS_INTERNAL_SERVER_ERROR;
$code = API::RESPOND_UNKNOWN_ERROR;
}
// Build the response
$response = new OCSResponse($format, $code, $exception->getMessage());
// Forbidden always sets 401 (even on v1.php)
if ($exception instanceof OCSForbiddenException || $code === API::RESPOND_UNAUTHORISED) {
$response->setStatus(Http::STATUS_UNAUTHORIZED);
}
// On v2.php we set actual HTTP error codes
if (substr_compare($this->request->getScriptName(), '/ocs/v2.php', -strlen('/ocs/v2.php')) === 0) {
$response->setStatus($code);
if ($code === API::RESPOND_NOT_FOUND) {
$response->setStatus(Http::STATUS_NOT_FOUND);
} else if ($code === API::RESPOND_SERVER_ERROR) {
$response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR);
} else if ($code === API::RESPOND_UNKNOWN_ERROR) {
$response->setStatus(Http::STATUS_INTERNAL_SERVER_ERROR);
} else if ($code === API::RESPOND_UNAUTHORISED) {
// Already set
}
// 4xx and 5xx codes are forwarded as is.
else if ($code >= 400 && $code < 600) {
$response->setStatus($code);
} else {
// All other codes get a bad request
$response->setStatus(Http::STATUS_BAD_REQUEST);
}
}
return $response;
}
@ -67,6 +96,35 @@ class OCSMiddleware extends Middleware {
throw $exception;
}
/**
* @param \OCP\AppFramework\Controller $controller
* @param string $methodName
* @param Response $response
* @return \OCP\AppFramework\Http\Response
*/
public function afterController($controller, $methodName, Response $response) {
/*
* If a different middleware has detected that a request unauthorized or forbidden
* we need to catch the response and convert it to a proper OCS response.
*/
if ($controller instanceof OCSController && !($response instanceof OCSResponse)) {
if ($response->getStatus() === Http::STATUS_UNAUTHORIZED ||
$response->getStatus() === Http::STATUS_FORBIDDEN) {
$format = $this->getFormat($controller);
$message = '';
if ($response instanceof JSONResponse) {
/** @var DataResponse $response */
$message = $response->getData()['message'];
}
$response = new OCSResponse($format, \OCP\API::RESPOND_UNAUTHORISED, $message);
$response->setStatus(Http::STATUS_UNAUTHORIZED);
}
}
return $response;
}
/**
* @param \OCP\AppFramework\Controller $controller
* @return string

View file

@ -27,14 +27,14 @@ use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException;
use OCP\AppFramework\OCS\OCSNotFoundException;
use OC\AppFramework\Http\Request;
use OCP\IRequest;
use OC\AppFramework\Middleware\OCSMiddleware;
class OCSMiddlewareTest extends \Test\TestCase {
/**
* @var Request
* @var IRequest
*/
private $request;
@ -101,8 +101,18 @@ class OCSMiddlewareTest extends \Test\TestCase {
$this->assertInstanceOf('OCP\AppFramework\Http\OCSResponse', $result);
$this->assertSame($message, $this->invokePrivate($result, 'message'));
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
$this->assertSame(200, $result->getStatus());
if ($exception->getCode() === 0) {
$this->assertSame(\OCP\API::RESPOND_UNKNOWN_ERROR, $this->invokePrivate($result, 'statuscode'));
} else {
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
}
if ($exception instanceof OCSForbiddenException) {
$this->assertSame(Http::STATUS_UNAUTHORIZED, $result->getStatus());
} else {
$this->assertSame(200, $result->getStatus());
}
} catch (\Exception $e) {
$this->assertTrue($forward);
$this->assertEquals($exception, $e);
@ -131,7 +141,11 @@ class OCSMiddlewareTest extends \Test\TestCase {
$this->assertInstanceOf('OCP\AppFramework\Http\OCSResponse', $result);
$this->assertSame($message, $this->invokePrivate($result, 'message'));
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
if ($exception->getCode() === 0) {
$this->assertSame(\OCP\API::RESPOND_UNKNOWN_ERROR, $this->invokePrivate($result, 'statuscode'));
} else {
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
}
$this->assertSame($code, $result->getStatus());
} catch (\Exception $e) {
$this->assertTrue($forward);
@ -161,7 +175,11 @@ class OCSMiddlewareTest extends \Test\TestCase {
$this->assertInstanceOf('OCP\AppFramework\Http\OCSResponse', $result);
$this->assertSame($message, $this->invokePrivate($result, 'message'));
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
if ($exception->getCode() === 0) {
$this->assertSame(\OCP\API::RESPOND_UNKNOWN_ERROR, $this->invokePrivate($result, 'statuscode'));
} else {
$this->assertSame($code, $this->invokePrivate($result, 'statuscode'));
}
$this->assertSame($code, $result->getStatus());
} catch (\Exception $e) {
$this->assertTrue($forward);
@ -169,4 +187,50 @@ class OCSMiddlewareTest extends \Test\TestCase {
}
}
public function dataAfterController() {
$OCSController = $this->getMockBuilder('OCP\AppFramework\OCSController')
->disableOriginalConstructor()
->getMock();
$controller = $this->getMockBuilder('OCP\AppFramework\Controller')
->disableOriginalConstructor()
->getMock();
return [
[$OCSController, new Http\Response(), false],
[$OCSController, new Http\JSONResponse(), false],
[$OCSController, new Http\JSONResponse(['message' => 'foo']), false],
[$OCSController, new Http\JSONResponse(['message' => 'foo'], Http::STATUS_UNAUTHORIZED), true],
[$OCSController, new Http\JSONResponse(['message' => 'foo'], Http::STATUS_FORBIDDEN), true],
[$controller, new Http\Response(), false],
[$controller, new Http\JSONResponse(), false],
[$controller, new Http\JSONResponse(['message' => 'foo']), false],
[$controller, new Http\JSONResponse(['message' => 'foo'], Http::STATUS_UNAUTHORIZED), false],
[$controller, new Http\JSONResponse(['message' => 'foo'], Http::STATUS_FORBIDDEN), false],
];
}
/**
* @dataProvider dataAfterController
*
* @param Controller $controller
* @param Http\Response $response
* @param bool $converted
*/
public function testAfterController($controller, $response, $converted) {
$OCSMiddleware = new OCSMiddleware($this->request);
$newResponse = $OCSMiddleware->afterController($controller, 'foo', $response);
if ($converted === false) {
$this->assertSame($response, $newResponse);
} else {
$this->assertInstanceOf('\OCP\AppFramework\Http\OCSResponse', $newResponse);
/** @var Http\OCSResponse $newResponse */
$this->assertSame($response->getData()['message'], $this->invokePrivate($newResponse, 'message'));
$this->assertSame(\OCP\API::RESPOND_UNAUTHORISED, $this->invokePrivate($newResponse, 'statuscode'));
$this->assertSame(Http::STATUS_UNAUTHORIZED, $newResponse->getStatus());
}
}
}