setName('ldap:promote-group') ->setDescription('declares the specified group as admin group (only one is possible per LDAP configuration)') ->addArgument( 'group', InputArgument::REQUIRED, 'the group ID in Nextcloud or a group name' ) ->addOption( 'yes', 'y', InputOption::VALUE_NONE, 'do not ask for confirmation' ); } protected function formatGroupName(IGroup $group): string { $idLabel = ''; if ($group->getGID() !== $group->getDisplayName()) { $idLabel = sprintf(' (Group ID: %s)', $group->getGID()); } return sprintf('%s%s', $group->getDisplayName(), $idLabel); } protected function promoteGroup(IGroup $group, InputInterface $input, OutputInterface $output): void { $access = $this->backend->getLDAPAccess($group->getGID()); $currentlyPromotedGroupId = $access->connection->ldapAdminGroup; if ($currentlyPromotedGroupId === $group->getGID()) { $output->writeln('The specified group is already promoted'); return; } if ($input->getOption('yes') === false) { $currentlyPromotedGroup = $this->groupManager->get($currentlyPromotedGroupId); $demoteLabel = ''; if ($currentlyPromotedGroup instanceof IGroup && $this->backend->groupExists($currentlyPromotedGroup->getGID())) { $groupNameLabel = $this->formatGroupName($currentlyPromotedGroup); $demoteLabel = sprintf('and demote %s ', $groupNameLabel); } /** @var QuestionHelper $helper */ $helper = $this->getHelper('question'); $q = new Question(sprintf('Promote %s to the admin group %s(y|N)? ', $this->formatGroupName($group), $demoteLabel)); $input->setOption('yes', $helper->ask($input, $output, $q) === 'y'); } if ($input->getOption('yes') === true) { $access->connection->setConfiguration(['ldapAdminGroup' => $group->getGID()]); $access->connection->saveConfiguration(); $output->writeln(sprintf('Group %s was promoted', $group->getDisplayName())); } else { $output->writeln('Group promotion cancelled'); } } protected function execute(InputInterface $input, OutputInterface $output): int { $groupInput = (string)$input->getArgument('group'); $group = $this->groupManager->get($groupInput); if ($group instanceof IGroup && $this->backend->groupExists($group->getGID())) { $this->promoteGroup($group, $input, $output); return 0; } $groupCandidates = $this->backend->getGroups($groupInput, 20); foreach ($groupCandidates as $gidCandidate) { $group = $this->groupManager->get($gidCandidate); if ($group !== null && $this->backend->groupExists($group->getGID()) // ensure it is an LDAP group && ($group->getGID() === $groupInput || $group->getDisplayName() === $groupInput) ) { $this->promoteGroup($group, $input, $output); return 0; } } $output->writeln('No matching group found'); return 1; } }