}, array{}> * * 200: Apps returned */ public function getApps(): DataResponse { return new DataResponse([ 'data' => $this->appConfig->getApps(), ]); } /** * Get the config keys of an app * * @param string $app ID of the app * @return DataResponse}, array{}>|DataResponse * * 200: Keys returned * 403: App is not allowed */ public function getKeys(string $app): DataResponse { try { $this->verifyAppId($app); } catch (\InvalidArgumentException $e) { return new DataResponse(['data' => ['message' => $e->getMessage()]], Http::STATUS_FORBIDDEN); } return new DataResponse([ 'data' => $this->appConfig->getKeys($app), ]); } /** * Get a the config value of an app * * @param string $app ID of the app * @param string $key Key * @param string $defaultValue Default returned value if the value is empty * @return DataResponse|DataResponse * * 200: Value returned * 403: App is not allowed */ public function getValue(string $app, string $key, string $defaultValue = ''): DataResponse { try { $this->verifyAppId($app); } catch (\InvalidArgumentException $e) { return new DataResponse(['data' => ['message' => $e->getMessage()]], Http::STATUS_FORBIDDEN); } /** @psalm-suppress InternalMethod */ $value = $this->appConfig->getValueMixed($app, $key, $defaultValue, null); return new DataResponse(['data' => $value]); } /** * @NoSubAdminRequired * * Update the config value of an app * * @param string $app ID of the app * @param string $key Key to update * @param string $value New value for the key * @return DataResponse, array{}>|DataResponse * * 200: Value updated successfully * 403: App or key is not allowed */ #[PasswordConfirmationRequired] #[NoAdminRequired] public function setValue(string $app, string $key, string $value): DataResponse { $user = $this->userSession->getUser(); if ($user === null) { throw new \Exception('User is not logged in.'); // Should not happen, since method is guarded by middleware } if (!$this->isAllowedToChangedKey($user, $app, $key)) { throw new NotAdminException($this->l10n->t('Logged in account must be an administrator or have authorization to edit this setting.')); } try { $this->verifyAppId($app); $this->verifyConfigKey($app, $key, $value); } catch (\InvalidArgumentException $e) { return new DataResponse(['data' => ['message' => $e->getMessage()]], Http::STATUS_FORBIDDEN); } $type = null; try { $configDetails = $this->appConfig->getDetails($app, $key); $type = $configDetails['type']; } catch (AppConfigUnknownKeyException) { } /** @psalm-suppress InternalMethod */ match ($type) { IAppConfig::VALUE_BOOL => $this->appConfig->setValueBool($app, $key, (bool)$value), IAppConfig::VALUE_FLOAT => $this->appConfig->setValueFloat($app, $key, (float)$value), IAppConfig::VALUE_INT => $this->appConfig->setValueInt($app, $key, (int)$value), IAppConfig::VALUE_STRING => $this->appConfig->setValueString($app, $key, $value), IAppConfig::VALUE_ARRAY => $this->appConfig->setValueArray($app, $key, \json_decode($value, true)), default => $this->appConfig->setValueMixed($app, $key, $value), }; return new DataResponse(); } /** * Delete a config key of an app * * @param string $app ID of the app * @param string $key Key to delete * @return DataResponse, array{}>|DataResponse * * 200: Key deleted successfully * 403: App or key is not allowed */ #[PasswordConfirmationRequired] public function deleteKey(string $app, string $key): DataResponse { try { $this->verifyAppId($app); $this->verifyConfigKey($app, $key, ''); } catch (\InvalidArgumentException $e) { return new DataResponse(['data' => ['message' => $e->getMessage()]], Http::STATUS_FORBIDDEN); } $this->appConfig->deleteKey($app, $key); return new DataResponse(); } /** * @throws \InvalidArgumentException */ protected function verifyAppId(string $app): void { if ($this->appManager->cleanAppId($app) !== $app) { throw new \InvalidArgumentException('Invalid app id given'); } } /** * @param string $app * @param string $key * @param string $value * @throws \InvalidArgumentException */ protected function verifyConfigKey(string $app, string $key, string $value) { if (in_array($key, ['installed_version', 'enabled', 'types'])) { throw new \InvalidArgumentException('The given key can not be set'); } if ($app === 'core' && $key === 'encryption_enabled' && $value !== 'yes') { throw new \InvalidArgumentException('The given key can not be set'); } if ($app === 'core' && (strpos($key, 'public_') === 0 || strpos($key, 'remote_') === 0)) { throw new \InvalidArgumentException('The given key can not be set'); } if ($app === 'files' && $key === 'default_quota' && $value === 'none' && $this->appConfig->getValueInt('files', 'allow_unlimited_quota', 1) === 0) { throw new \InvalidArgumentException('The given key can not be set, unlimited quota is forbidden on this instance'); } } private function isAllowedToChangedKey(IUser $user, string $app, string $key): bool { // Admin right verification $isAdmin = $this->groupManager->isAdmin($user->getUID()); if ($isAdmin) { return true; } $settings = $this->settingManager->getAllAllowedAdminSettings($user); foreach ($settings as $setting) { if (!($setting instanceof IDelegatedSettings)) { continue; } $allowedKeys = $setting->getAuthorizedAppConfig(); if (!array_key_exists($app, $allowedKeys)) { continue; } foreach ($allowedKeys[$app] as $regex) { if ($regex === $key || (str_starts_with($regex, '/') && preg_match($regex, $key) === 1)) { return true; } } } return false; } }