123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342 |
- <?php
- /**
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Tom Needham <tom@owncloud.com>
- *
- * @copyright Copyright (c) 2015, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program. If not, see <http://www.gnu.org/licenses/>
- *
- */
- namespace OCA\Provisioning_API;
- use \OC_OCS_Result;
- use \OC_SubAdmin;
- use \OC_User;
- use \OC_Group;
- use \OC_Helper;
- class Users {
- /**
- * returns a list of users
- */
- public static function getUsers(){
- $search = !empty($_GET['search']) ? $_GET['search'] : '';
- $limit = !empty($_GET['limit']) ? $_GET['limit'] : null;
- $offset = !empty($_GET['offset']) ? $_GET['offset'] : null;
- return new OC_OCS_Result(array('users' => OC_User::getUsers($search, $limit, $offset)));
- }
- public static function addUser(){
- $userId = isset($_POST['userid']) ? $_POST['userid'] : null;
- $password = isset($_POST['password']) ? $_POST['password'] : null;
- if(OC_User::userExists($userId)) {
- \OC_Log::write('ocs_api', 'Failed addUser attempt: User already exists.', \OC_Log::ERROR);
- return new OC_OCS_Result(null, 102, 'User already exists');
- } else {
- try {
- OC_User::createUser($userId, $password);
- \OC_Log::write('ocs_api', 'Successful addUser call with userid: '.$_POST['userid'], \OC_Log::INFO);
- return new OC_OCS_Result(null, 100);
- } catch (\Exception $e) {
- \OC_Log::write('ocs_api', 'Failed addUser attempt with exception: '.$e->getMessage(), \OC_Log::ERROR);
- return new OC_OCS_Result(null, 101, 'Bad request');
- }
- }
- }
- /**
- * gets user info
- */
- public static function getUser($parameters){
- $userId = $parameters['userid'];
- // Admin? Or SubAdmin?
- if(OC_User::isAdminUser(OC_User::getUser()) || OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)) {
- // Check they exist
- if(!OC_User::userExists($userId)) {
- return new OC_OCS_Result(null, \OC_API::RESPOND_NOT_FOUND, 'The requested user could not be found');
- }
- // Show all
- $return = array(
- 'email',
- 'enabled',
- );
- if(OC_User::getUser() != $userId) {
- $return[] = 'quota';
- }
- } else {
- // Check they are looking up themselves
- if(OC_User::getUser() != $userId) {
- return new OC_OCS_Result(null, \OC_API::RESPOND_UNAUTHORISED);
- }
- // Return some additional information compared to the core route
- $return = array(
- 'email',
- 'displayname',
- );
- }
- $config = \OC::$server->getConfig();
- // Find the data
- $data = array();
- \OC_Util::tearDownFS();
- \OC_Util::setupFS($userId);
- $storage = OC_Helper::getStorageInfo('/');
- $data['quota'] = array(
- 'free' => $storage['free'],
- 'used' => $storage['used'],
- 'total' => $storage['total'],
- 'relative' => $storage['relative'],
- );
- $data['enabled'] = $config->getUserValue($userId, 'core', 'enabled', 'true');
- $data['email'] = $config->getUserValue($userId, 'settings', 'email');
- $data['displayname'] = OC_User::getDisplayName($parameters['userid']);
- // Return the appropriate data
- $responseData = array();
- foreach($return as $key) {
- $responseData[$key] = $data[$key];
- }
- return new OC_OCS_Result($responseData);
- }
- /**
- * edit users
- */
- public static function editUser($parameters){
- $userId = $parameters['userid'];
- if($userId === OC_User::getUser()) {
- // Editing self (display, email)
- $permittedFields[] = 'display';
- $permittedFields[] = 'email';
- $permittedFields[] = 'password';
- // If admin they can edit their own quota
- if(OC_User::isAdminUser(OC_User::getUser())) {
- $permittedFields[] = 'quota';
- }
- } else {
- // Check if admin / subadmin
- if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)
- || OC_User::isAdminUser(OC_User::getUser())) {
- // They have permissions over the user
- $permittedFields[] = 'display';
- $permittedFields[] = 'quota';
- $permittedFields[] = 'password';
- $permittedFields[] = 'email';
- } else {
- // No rights
- return new OC_OCS_Result(null, 997);
- }
- }
- // Check if permitted to edit this field
- if(!in_array($parameters['_put']['key'], $permittedFields)) {
- return new OC_OCS_Result(null, 997);
- }
- // Process the edit
- switch($parameters['_put']['key']){
- case 'display':
- OC_User::setDisplayName($userId, $parameters['_put']['value']);
- break;
- case 'quota':
- $quota = $parameters['_put']['value'];
- if($quota !== 'none' and $quota !== 'default') {
- $quota = OC_Helper::computerFileSize($quota);
- if($quota == 0) {
- $quota = 'default';
- }else if($quota == -1){
- $quota = 'none';
- } else {
- $quota = OC_Helper::humanFileSize($quota);
- }
- }
- \OC::$server->getConfig()->setUserValue($userId, 'files', 'quota', $quota);
- break;
- case 'password':
- OC_User::setPassword($userId, $parameters['_put']['value']);
- break;
- case 'email':
- if(filter_var($parameters['_put']['value'], FILTER_VALIDATE_EMAIL)) {
- \OC::$server->getConfig()->setUserValue($userId, 'settings', 'email', $parameters['_put']['value']);
- } else {
- return new OC_OCS_Result(null, 102);
- }
- break;
- default:
- return new OC_OCS_Result(null, 103);
- break;
- }
- return new OC_OCS_Result(null, 100);
- }
- public static function deleteUser($parameters){
- if(!OC_User::userExists($parameters['userid'])
- || $parameters['userid'] === OC_User::getUser()) {
- return new OC_OCS_Result(null, 101);
- }
- // If not permitted
- if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) {
- return new OC_OCS_Result(null, 997);
- }
- // Go ahead with the delete
- if(OC_User::deleteUser($parameters['userid'])) {
- return new OC_OCS_Result(null, 100);
- } else {
- return new OC_OCS_Result(null, 101);
- }
- }
- public static function getUsersGroups($parameters){
- if($parameters['userid'] === OC_User::getUser() || OC_User::isAdminUser(OC_User::getUser())) {
- // Self lookup or admin lookup
- return new OC_OCS_Result(array('groups' => OC_Group::getUserGroups($parameters['userid'])));
- } else {
- // Looking up someone else
- if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) {
- // Return the group that the method caller is subadmin of for the user in question
- $groups = array_intersect(OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()), OC_Group::getUserGroups($parameters['userid']));
- return new OC_OCS_Result(array('groups' => $groups));
- } else {
- // Not permitted
- return new OC_OCS_Result(null, 997);
- }
- }
-
- }
- public static function addToGroup($parameters){
- $group = !empty($_POST['groupid']) ? $_POST['groupid'] : null;
- if(is_null($group)){
- return new OC_OCS_Result(null, 101);
- }
- // Check they're an admin
- if(!OC_Group::inGroup(OC_User::getUser(), 'admin')){
- // This user doesn't have rights to add a user to this group
- return new OC_OCS_Result(null, \OC_API::RESPOND_UNAUTHORISED);
- }
- // Check if the group exists
- if(!OC_Group::groupExists($group)){
- return new OC_OCS_Result(null, 102);
- }
- // Check if the user exists
- if(!OC_User::userExists($parameters['userid'])){
- return new OC_OCS_Result(null, 103);
- }
- // Add user to group
- return OC_Group::addToGroup($parameters['userid'], $group) ? new OC_OCS_Result(null, 100) : new OC_OCS_Result(null, 105);
- }
- public static function removeFromGroup($parameters){
- $group = !empty($parameters['_delete']['groupid']) ? $parameters['_delete']['groupid'] : null;
- if(is_null($group)){
- return new OC_OCS_Result(null, 101);
- }
- // If they're not an admin, check they are a subadmin of the group in question
- if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdminofGroup(OC_User::getUser(), $group)){
- return new OC_OCS_Result(null, 104);
- }
- // Check they aren't removing themselves from 'admin' or their 'subadmin; group
- if($parameters['userid'] === OC_User::getUser()){
- if(OC_Group::inGroup(OC_User::getUser(), 'admin')){
- if($group === 'admin'){
- return new OC_OCS_Result(null, 105, 'Cannot remove yourself from the admin group');
- }
- } else {
- // Not an admin, check they are not removing themself from their subadmin group
- if(in_array($group, OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()))){
- return new OC_OCS_Result(null, 105, 'Cannot remove yourself from this group as you are a SubAdmin');
- }
- }
- }
- // Check if the group exists
- if(!OC_Group::groupExists($group)){
- return new OC_OCS_Result(null, 102);
- }
- // Check if the user exists
- if(!OC_User::userExists($parameters['userid'])){
- return new OC_OCS_Result(null, 103);
- }
- // Remove user from group
- return OC_Group::removeFromGroup($parameters['userid'], $group) ? new OC_OCS_Result(null, 100) : new OC_OCS_Result(null, 105);
- }
- /**
- * Creates a subadmin
- */
- public static function addSubAdmin($parameters) {
- $group = $_POST['groupid'];
- $user = $parameters['userid'];
- // Check if the user exists
- if(!OC_User::userExists($user)) {
- return new OC_OCS_Result(null, 101, 'User does not exist');
- }
- // Check if group exists
- if(!OC_Group::groupExists($group)) {
- return new OC_OCS_Result(null, 102, 'Group:'.$group.' does not exist');
- }
- // Check if trying to make subadmin of admin group
- if(strtolower($group) == 'admin') {
- return new OC_OCS_Result(null, 103, 'Cannot create subadmins for admin group');
- }
- // Go
- if(OC_Subadmin::createSubAdmin($user, $group)) {
- return new OC_OCS_Result(null, 100);
- } else {
- return new OC_OCS_Result(null, 103, 'Unknown error occured');
- }
- }
- /**
- * Removes a subadmin from a group
- */
- public static function removeSubAdmin($parameters) {
- $group = $parameters['_delete']['groupid'];
- $user = $parameters['userid'];
- // Check if the user exists
- if(!OC_User::userExists($user)) {
- return new OC_OCS_Result(null, 101, 'User does not exist');
- }
- // Check if they are a subadmin of this said group
- if(!OC_SubAdmin::isSubAdminofGroup($user, $group)) {
- return new OC_OCS_Result(null, 102, 'User is not a subadmin of this group');
- }
- // Go
- if(OC_Subadmin::deleteSubAdmin($user, $group)) {
- return new OC_OCS_Result(null, 100);
- } else {
- return new OC_OCS_Result(null, 103, 'Unknown error occurred');
- }
- }
- /**
- * @Get the groups a user is a subadmin of
- */
- public static function getUserSubAdminGroups($parameters) {
- $user = $parameters['userid'];
- // Check if the user exists
- if(!OC_User::userExists($user)) {
- return new OC_OCS_Result(null, 101, 'User does not exist');
- }
- // Get the subadmin groups
- if(!$groups = OC_SubAdmin::getSubAdminsGroups($user)) {
- return new OC_OCS_Result(null, 102, 'Unknown error occurred');
- } else {
- return new OC_OCS_Result($groups);
- }
- }
- }
|