RISCI_ATOM
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342
							<?php
/**
 * @author Morris Jobke <hey@morrisjobke.de>
 * @author Tom Needham <tom@owncloud.com>
 *
 * @copyright Copyright (c) 2015, ownCloud, Inc.
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */

namespace OCA\Provisioning_API;

use \OC_OCS_Result;
use \OC_SubAdmin;
use \OC_User;
use \OC_Group;
use \OC_Helper;

class Users {

	/**
	 * returns a list of users
	 */
	public static function getUsers(){
		$search = !empty($_GET['search']) ? $_GET['search'] : '';
		$limit = !empty($_GET['limit']) ? $_GET['limit'] : null;
		$offset = !empty($_GET['offset']) ? $_GET['offset'] : null;
		return new OC_OCS_Result(array('users' => OC_User::getUsers($search, $limit, $offset)));
	}

	public static function addUser(){
		$userId = isset($_POST['userid']) ? $_POST['userid'] : null;
		$password = isset($_POST['password']) ? $_POST['password'] : null;
		if(OC_User::userExists($userId)) {
			\OC_Log::write('ocs_api', 'Failed addUser attempt: User already exists.', \OC_Log::ERROR);
			return new OC_OCS_Result(null, 102, 'User already exists');
		} else {
			try {
				OC_User::createUser($userId, $password);
				\OC_Log::write('ocs_api', 'Successful addUser call with userid: '.$_POST['userid'], \OC_Log::INFO);
				return new OC_OCS_Result(null, 100);
			} catch (\Exception $e) {
				\OC_Log::write('ocs_api', 'Failed addUser attempt with exception: '.$e->getMessage(), \OC_Log::ERROR);
				return new OC_OCS_Result(null, 101, 'Bad request');
			}
		}
	}

	/**
	 * gets user info
	 */
	public static function getUser($parameters){
		$userId = $parameters['userid'];
		// Admin? Or SubAdmin?
		if(OC_User::isAdminUser(OC_User::getUser()) || OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)) {
			// Check they exist
			if(!OC_User::userExists($userId)) {
				return new OC_OCS_Result(null, \OC_API::RESPOND_NOT_FOUND, 'The requested user could not be found');
			}
			// Show all
			$return = array(
				'email',
				'enabled',
				);
			if(OC_User::getUser() != $userId) {
				$return[] = 'quota';
			}
		} else {
			// Check they are looking up themselves
			if(OC_User::getUser() != $userId) {
				return new OC_OCS_Result(null, \OC_API::RESPOND_UNAUTHORISED);
			}
			// Return some additional information compared to the core route
			$return = array(
				'email',
				'displayname',
				);
		}

		$config = \OC::$server->getConfig();

		// Find the data
		$data = array();
		\OC_Util::tearDownFS();
		\OC_Util::setupFS($userId);
		$storage = OC_Helper::getStorageInfo('/');
		$data['quota'] = array(
			'free' =>  $storage['free'],
			'used' =>  $storage['used'],
			'total' =>  $storage['total'],
			'relative' => $storage['relative'],
			);
		$data['enabled'] = $config->getUserValue($userId, 'core', 'enabled', 'true');
		$data['email'] = $config->getUserValue($userId, 'settings', 'email');
		$data['displayname'] = OC_User::getDisplayName($parameters['userid']);

		// Return the appropriate data
		$responseData = array();
		foreach($return as $key) {
			$responseData[$key] = $data[$key];
		}

		return new OC_OCS_Result($responseData);
	}

	/** 
	 * edit users
	 */
	public static function editUser($parameters){
		$userId = $parameters['userid'];
		if($userId === OC_User::getUser()) {
			// Editing self (display, email)
			$permittedFields[] = 'display';
			$permittedFields[] = 'email';
			$permittedFields[] = 'password';
			// If admin they can edit their own quota
			if(OC_User::isAdminUser(OC_User::getUser())) {
				$permittedFields[] = 'quota';
			}
		} else {
			// Check if admin / subadmin
			if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $userId)
			|| OC_User::isAdminUser(OC_User::getUser())) {
				// They have permissions over the user
				$permittedFields[] = 'display';
				$permittedFields[] = 'quota';
				$permittedFields[] = 'password';
				$permittedFields[] = 'email';
			} else {
				// No rights
				return new OC_OCS_Result(null, 997);
			}
		}
		// Check if permitted to edit this field
		if(!in_array($parameters['_put']['key'], $permittedFields)) {
			return new OC_OCS_Result(null, 997);
		}
		// Process the edit
		switch($parameters['_put']['key']){
			case 'display':
				OC_User::setDisplayName($userId, $parameters['_put']['value']);
				break;
			case 'quota':
				$quota = $parameters['_put']['value'];
				if($quota !== 'none' and $quota !== 'default') {
					$quota = OC_Helper::computerFileSize($quota);
					if($quota == 0) {
						$quota = 'default';
					}else if($quota == -1){
						$quota = 'none';
					} else {
						$quota = OC_Helper::humanFileSize($quota);
					}
				}
				\OC::$server->getConfig()->setUserValue($userId, 'files', 'quota', $quota);
				break;
			case 'password':
				OC_User::setPassword($userId, $parameters['_put']['value']);
				break;
			case 'email':
				if(filter_var($parameters['_put']['value'], FILTER_VALIDATE_EMAIL)) {
					\OC::$server->getConfig()->setUserValue($userId, 'settings', 'email', $parameters['_put']['value']);
				} else {
					return new OC_OCS_Result(null, 102);
				}
				break;
			default:
				return new OC_OCS_Result(null, 103);
				break;
		}
		return new OC_OCS_Result(null, 100);
	}

	public static function deleteUser($parameters){
		if(!OC_User::userExists($parameters['userid']) 
		|| $parameters['userid'] === OC_User::getUser()) {
			return new OC_OCS_Result(null, 101);
		}
		// If not permitted
		if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) {
			return new OC_OCS_Result(null, 997);
		}
		// Go ahead with the delete
		if(OC_User::deleteUser($parameters['userid'])) {
			return new OC_OCS_Result(null, 100);
		} else {
			return new OC_OCS_Result(null, 101);
		}
	}

	public static function getUsersGroups($parameters){
		if($parameters['userid'] === OC_User::getUser() || OC_User::isAdminUser(OC_User::getUser())) {
			// Self lookup or admin lookup
			return new OC_OCS_Result(array('groups' => OC_Group::getUserGroups($parameters['userid'])));
		} else {
			// Looking up someone else
			if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $parameters['userid'])) {
				// Return the group that the method caller is subadmin of for the user in question
				$groups = array_intersect(OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()), OC_Group::getUserGroups($parameters['userid']));
				return new OC_OCS_Result(array('groups' => $groups));
			} else {
				// Not permitted
				return new OC_OCS_Result(null, 997);
			}
		}
		
	}

	public static function addToGroup($parameters){
		$group = !empty($_POST['groupid']) ? $_POST['groupid'] : null;
		if(is_null($group)){
			return new OC_OCS_Result(null, 101);
		}
		// Check they're an admin
		if(!OC_Group::inGroup(OC_User::getUser(), 'admin')){
			// This user doesn't have rights to add a user to this group
			return new OC_OCS_Result(null, \OC_API::RESPOND_UNAUTHORISED);
		}
		// Check if the group exists
		if(!OC_Group::groupExists($group)){
			return new OC_OCS_Result(null, 102);
		}
		// Check if the user exists
		if(!OC_User::userExists($parameters['userid'])){
			return new OC_OCS_Result(null, 103);
		}
		// Add user to group
		return OC_Group::addToGroup($parameters['userid'], $group) ? new OC_OCS_Result(null, 100) : new OC_OCS_Result(null, 105);
	}

	public static function removeFromGroup($parameters){
		$group = !empty($parameters['_delete']['groupid']) ? $parameters['_delete']['groupid'] : null;
		if(is_null($group)){
			return new OC_OCS_Result(null, 101);
		}
		// If they're not an admin, check they are a subadmin of the group in question
		if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdminofGroup(OC_User::getUser(), $group)){
			return new OC_OCS_Result(null, 104);
		}
		// Check they aren't removing themselves from 'admin' or their 'subadmin; group
		if($parameters['userid'] === OC_User::getUser()){
			if(OC_Group::inGroup(OC_User::getUser(), 'admin')){
				if($group === 'admin'){
					return new OC_OCS_Result(null, 105, 'Cannot remove yourself from the admin group');
				}
			} else {
				// Not an admin, check they are not removing themself from their subadmin group
				if(in_array($group, OC_SubAdmin::getSubAdminsGroups(OC_User::getUser()))){
					return new OC_OCS_Result(null, 105, 'Cannot remove yourself from this group as you are a SubAdmin');
				}
			}
		}
		// Check if the group exists
		if(!OC_Group::groupExists($group)){
			return new OC_OCS_Result(null, 102);
		}
		// Check if the user exists
		if(!OC_User::userExists($parameters['userid'])){
			return new OC_OCS_Result(null, 103);
		}
		// Remove user from group
		return OC_Group::removeFromGroup($parameters['userid'], $group) ? new OC_OCS_Result(null, 100) : new OC_OCS_Result(null, 105);
	}

	/**
	 * Creates a subadmin
	 */
	public static function addSubAdmin($parameters) {
		$group = $_POST['groupid'];
		$user = $parameters['userid'];	
		// Check if the user exists
		if(!OC_User::userExists($user)) {
			return new OC_OCS_Result(null, 101, 'User does not exist');
		}
		// Check if group exists
		if(!OC_Group::groupExists($group)) {
			return new OC_OCS_Result(null, 102, 'Group:'.$group.' does not exist');
		}
		// Check if trying to make subadmin of admin group
		if(strtolower($group) == 'admin') {
			return new OC_OCS_Result(null, 103, 'Cannot create subadmins for admin group');
		}
		// Go
		if(OC_Subadmin::createSubAdmin($user, $group)) {
			return new OC_OCS_Result(null, 100);
		} else {
			return new OC_OCS_Result(null, 103, 'Unknown error occured');
		}

	}

	/**
	 * Removes a subadmin from a group
	 */
	public static function removeSubAdmin($parameters) {
		$group = $parameters['_delete']['groupid'];
		$user = $parameters['userid'];	
		// Check if the user exists
		if(!OC_User::userExists($user)) {
			return new OC_OCS_Result(null, 101, 'User does not exist');
		}
		// Check if they are a subadmin of this said group
		if(!OC_SubAdmin::isSubAdminofGroup($user, $group)) {
			return new OC_OCS_Result(null, 102, 'User is not a subadmin of this group');
		}
		// Go
		if(OC_Subadmin::deleteSubAdmin($user, $group)) {
			return new OC_OCS_Result(null, 100);
		} else {
			return new OC_OCS_Result(null, 103, 'Unknown error occurred');
		}
	}

	/**
	 * @Get the groups a user is a subadmin of
	 */
	public static function getUserSubAdminGroups($parameters) {
		$user = $parameters['userid'];
		// Check if the user exists
		if(!OC_User::userExists($user)) {
			return new OC_OCS_Result(null, 101, 'User does not exist');
		}
		// Get the subadmin groups
		if(!$groups = OC_SubAdmin::getSubAdminsGroups($user)) {
			return new OC_OCS_Result(null, 102, 'Unknown error occurred');
		} else {
			return new OC_OCS_Result($groups);
		}
	}
}