1
0

users.php 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342
  1. <?php
  2. /**
  3. * @author Morris Jobke <hey@morrisjobke.de>
  4. * @author Tom Needham <tom@owncloud.com>
  5. *
  6. * @copyright Copyright (c) 2015, ownCloud, Inc.
  7. * @license AGPL-3.0
  8. *
  9. * This code is free software: you can redistribute it and/or modify
  10. * it under the terms of the GNU Affero General Public License, version 3,
  11. * as published by the Free Software Foundation.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU Affero General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU Affero General Public License, version 3,
  19. * along with this program. If not, see <http://www.gnu.org/licenses/>
  20. *
  21. */
  22. namespace OCA\Provisioning_API;
  23. use \OC_OCS_Result;
  24. use \OC_SubAdmin;
  25. use \OC_User;
  26. use \OC_Group;
  27. use \OC_Helper;
  28. class Users {
  29. /**
  30. * returns a list of users
  31. */
  32. public static function getUsers(){
  33. $search = !empty($_GET['search']) ? $_GET['search'] : '';
  34. $limit = !empty($_GET['limit']) ? $_GET['limit'] : null;
  35. $offset = !empty($_GET['offset']) ? $_GET['offset'] : null;
  36. return new OC_OCS_Result(array('users' => OC_User::getUsers($search, $limit, $offset)));
  37. }
  38. public static function addUser(){
  39. $userId = isset($_POST['userid']) ? $_POST['userid'] : null;
  40. $password = isset($_POST['password']) ? $_POST['password'] : null;
  41. if(OC_User::userExists($userId)) {
  42. \OC_Log::write('ocs_api', 'Failed addUser attempt: User already exists.', \OC_Log::ERROR);
  43. return new OC_OCS_Result(null, 102, 'User already exists');
  44. } else {
  45. try {
  46. OC_User::createUser($userId, $password);
  47. \OC_Log::write('ocs_api', 'Successful addUser call with userid: '.$_POST['userid'], \OC_Log::INFO);
  48. return new OC_OCS_Result(null, 100);
  49. } catch (\Exception $e) {
  50. \OC_Log::write('ocs_api', 'Failed addUser attempt with exception: '.$e->getMessage(), \OC_Log::ERROR);
  51. return new OC_OCS_Result(null, 101, 'Bad request');
  52. }
  53. }
  54. }
  55. /**
  56. * gets user info
  57. */
  58. public static function getUser($parameters){
  59. $userId = $parameters['userid'];
  60. // Admin? Or SubAdmin?
  61. if(OC_User::isAdminUser(OC_User::getUser()) || OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)) {
  62. // Check they exist
  63. if(!OC_User::userExists($userId)) {
  64. return new OC_OCS_Result(null, \OC_API::RESPOND_NOT_FOUND, 'The requested user could not be found');
  65. }
  66. // Show all
  67. $return = array(
  68. 'email',
  69. 'enabled',
  70. );
  71. if(OC_User::getUser() != $userId) {
  72. $return[] = 'quota';
  73. }
  74. } else {
  75. // Check they are looking up themselves
  76. if(OC_User::getUser() != $userId) {
  77. return new OC_OCS_Result(null, \OC_API::RESPOND_UNAUTHORISED);
  78. }
  79. // Return some additional information compared to the core route
  80. $return = array(
  81. 'email',
  82. 'displayname',
  83. );
  84. }
  85. $config = \OC::$server->getConfig();
  86. // Find the data
  87. $data = array();
  88. \OC_Util::tearDownFS();
  89. \OC_Util::setupFS($userId);
  90. $storage = OC_Helper::getStorageInfo('/');
  91. $data['quota'] = array(
  92. 'free' => $storage['free'],
  93. 'used' => $storage['used'],
  94. 'total' => $storage['total'],
  95. 'relative' => $storage['relative'],
  96. );
  97. $data['enabled'] = $config->getUserValue($userId, 'core', 'enabled', 'true');
  98. $data['email'] = $config->getUserValue($userId, 'settings', 'email');
  99. $data['displayname'] = OC_User::getDisplayName($parameters['userid']);
  100. // Return the appropriate data
  101. $responseData = array();
  102. foreach($return as $key) {
  103. $responseData[$key] = $data[$key];
  104. }
  105. return new OC_OCS_Result($responseData);
  106. }
  107. /**
  108. * edit users
  109. */
  110. public static function editUser($parameters){
  111. $userId = $parameters['userid'];
  112. if($userId === OC_User::getUser()) {
  113. // Editing self (display, email)
  114. $permittedFields[] = 'display';
  115. $permittedFields[] = 'email';
  116. $permittedFields[] = 'password';
  117. // If admin they can edit their own quota
  118. if(OC_User::isAdminUser(OC_User::getUser())) {
  119. $permittedFields[] = 'quota';
  120. }
  121. } else {
  122. // Check if admin / subadmin
  123. if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)
  124. || OC_User::isAdminUser(OC_User::getUser())) {
  125. // They have permissions over the user
  126. $permittedFields[] = 'display';
  127. $permittedFields[] = 'quota';
  128. $permittedFields[] = 'password';
  129. $permittedFields[] = 'email';
  130. } else {
  131. // No rights
  132. return new OC_OCS_Result(null, 997);
  133. }
  134. }
  135. // Check if permitted to edit this field
  136. if(!in_array($parameters['_put']['key'], $permittedFields)) {
  137. return new OC_OCS_Result(null, 997);
  138. }
  139. // Process the edit
  140. switch($parameters['_put']['key']){
  141. case 'display':
  142. OC_User::setDisplayName($userId, $parameters['_put']['value']);
  143. break;
  144. case 'quota':
  145. $quota = $parameters['_put']['value'];
  146. if($quota !== 'none' and $quota !== 'default') {
  147. $quota = OC_Helper::computerFileSize($quota);
  148. if($quota == 0) {
  149. $quota = 'default';
  150. }else if($quota == -1){
  151. $quota = 'none';
  152. } else {
  153. $quota = OC_Helper::humanFileSize($quota);
  154. }
  155. }
  156. \OC::$server->getConfig()->setUserValue($userId, 'files', 'quota', $quota);
  157. break;
  158. case 'password':
  159. OC_User::setPassword($userId, $parameters['_put']['value']);
  160. break;
  161. case 'email':
  162. if(filter_var($parameters['_put']['value'], FILTER_VALIDATE_EMAIL)) {
  163. \OC::$server->getConfig()->setUserValue($userId, 'settings', 'email', $parameters['_put']['value']);
  164. } else {
  165. return new OC_OCS_Result(null, 102);
  166. }
  167. break;
  168. default:
  169. return new OC_OCS_Result(null, 103);
  170. break;
  171. }
  172. return new OC_OCS_Result(null, 100);
  173. }
  174. public static function deleteUser($parameters){
  175. if(!OC_User::userExists($parameters['userid'])
  176. || $parameters['userid'] === OC_User::getUser()) {
  177. return new OC_OCS_Result(null, 101);
  178. }
  179. // If not permitted
  180. if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) {
  181. return new OC_OCS_Result(null, 997);
  182. }
  183. // Go ahead with the delete
  184. if(OC_User::deleteUser($parameters['userid'])) {
  185. return new OC_OCS_Result(null, 100);
  186. } else {
  187. return new OC_OCS_Result(null, 101);
  188. }
  189. }
  190. public static function getUsersGroups($parameters){
  191. if($parameters['userid'] === OC_User::getUser() || OC_User::isAdminUser(OC_User::getUser())) {
  192. // Self lookup or admin lookup
  193. return new OC_OCS_Result(array('groups' => OC_Group::getUserGroups($parameters['userid'])));
  194. } else {
  195. // Looking up someone else
  196. if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) {
  197. // Return the group that the method caller is subadmin of for the user in question
  198. $groups = array_intersect(OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()), OC_Group::getUserGroups($parameters['userid']));
  199. return new OC_OCS_Result(array('groups' => $groups));
  200. } else {
  201. // Not permitted
  202. return new OC_OCS_Result(null, 997);
  203. }
  204. }
  205. }
  206. public static function addToGroup($parameters){
  207. $group = !empty($_POST['groupid']) ? $_POST['groupid'] : null;
  208. if(is_null($group)){
  209. return new OC_OCS_Result(null, 101);
  210. }
  211. // Check they're an admin
  212. if(!OC_Group::inGroup(OC_User::getUser(), 'admin')){
  213. // This user doesn't have rights to add a user to this group
  214. return new OC_OCS_Result(null, \OC_API::RESPOND_UNAUTHORISED);
  215. }
  216. // Check if the group exists
  217. if(!OC_Group::groupExists($group)){
  218. return new OC_OCS_Result(null, 102);
  219. }
  220. // Check if the user exists
  221. if(!OC_User::userExists($parameters['userid'])){
  222. return new OC_OCS_Result(null, 103);
  223. }
  224. // Add user to group
  225. return OC_Group::addToGroup($parameters['userid'], $group) ? new OC_OCS_Result(null, 100) : new OC_OCS_Result(null, 105);
  226. }
  227. public static function removeFromGroup($parameters){
  228. $group = !empty($parameters['_delete']['groupid']) ? $parameters['_delete']['groupid'] : null;
  229. if(is_null($group)){
  230. return new OC_OCS_Result(null, 101);
  231. }
  232. // If they're not an admin, check they are a subadmin of the group in question
  233. if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdminofGroup(OC_User::getUser(), $group)){
  234. return new OC_OCS_Result(null, 104);
  235. }
  236. // Check they aren't removing themselves from 'admin' or their 'subadmin; group
  237. if($parameters['userid'] === OC_User::getUser()){
  238. if(OC_Group::inGroup(OC_User::getUser(), 'admin')){
  239. if($group === 'admin'){
  240. return new OC_OCS_Result(null, 105, 'Cannot remove yourself from the admin group');
  241. }
  242. } else {
  243. // Not an admin, check they are not removing themself from their subadmin group
  244. if(in_array($group, OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()))){
  245. return new OC_OCS_Result(null, 105, 'Cannot remove yourself from this group as you are a SubAdmin');
  246. }
  247. }
  248. }
  249. // Check if the group exists
  250. if(!OC_Group::groupExists($group)){
  251. return new OC_OCS_Result(null, 102);
  252. }
  253. // Check if the user exists
  254. if(!OC_User::userExists($parameters['userid'])){
  255. return new OC_OCS_Result(null, 103);
  256. }
  257. // Remove user from group
  258. return OC_Group::removeFromGroup($parameters['userid'], $group) ? new OC_OCS_Result(null, 100) : new OC_OCS_Result(null, 105);
  259. }
  260. /**
  261. * Creates a subadmin
  262. */
  263. public static function addSubAdmin($parameters) {
  264. $group = $_POST['groupid'];
  265. $user = $parameters['userid'];
  266. // Check if the user exists
  267. if(!OC_User::userExists($user)) {
  268. return new OC_OCS_Result(null, 101, 'User does not exist');
  269. }
  270. // Check if group exists
  271. if(!OC_Group::groupExists($group)) {
  272. return new OC_OCS_Result(null, 102, 'Group:'.$group.' does not exist');
  273. }
  274. // Check if trying to make subadmin of admin group
  275. if(strtolower($group) == 'admin') {
  276. return new OC_OCS_Result(null, 103, 'Cannot create subadmins for admin group');
  277. }
  278. // Go
  279. if(OC_Subadmin::createSubAdmin($user, $group)) {
  280. return new OC_OCS_Result(null, 100);
  281. } else {
  282. return new OC_OCS_Result(null, 103, 'Unknown error occured');
  283. }
  284. }
  285. /**
  286. * Removes a subadmin from a group
  287. */
  288. public static function removeSubAdmin($parameters) {
  289. $group = $parameters['_delete']['groupid'];
  290. $user = $parameters['userid'];
  291. // Check if the user exists
  292. if(!OC_User::userExists($user)) {
  293. return new OC_OCS_Result(null, 101, 'User does not exist');
  294. }
  295. // Check if they are a subadmin of this said group
  296. if(!OC_SubAdmin::isSubAdminofGroup($user, $group)) {
  297. return new OC_OCS_Result(null, 102, 'User is not a subadmin of this group');
  298. }
  299. // Go
  300. if(OC_Subadmin::deleteSubAdmin($user, $group)) {
  301. return new OC_OCS_Result(null, 100);
  302. } else {
  303. return new OC_OCS_Result(null, 103, 'Unknown error occurred');
  304. }
  305. }
  306. /**
  307. * @Get the groups a user is a subadmin of
  308. */
  309. public static function getUserSubAdminGroups($parameters) {
  310. $user = $parameters['userid'];
  311. // Check if the user exists
  312. if(!OC_User::userExists($user)) {
  313. return new OC_OCS_Result(null, 101, 'User does not exist');
  314. }
  315. // Get the subadmin groups
  316. if(!$groups = OC_SubAdmin::getSubAdminsGroups($user)) {
  317. return new OC_OCS_Result(null, 102, 'Unknown error occurred');
  318. } else {
  319. return new OC_OCS_Result($groups);
  320. }
  321. }
  322. }