1
0

ShareDisableChecker.php 2.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-License-Identifier: AGPL-3.0-or-later
  5. */
  6. namespace OC\Share20;
  7. use OCP\Cache\CappedMemoryCache;
  8. use OCP\IConfig;
  9. use OCP\IGroupManager;
  10. use OCP\IUserManager;
  11. /**
  12. * split of from the share manager to allow using it with minimal DI
  13. */
  14. class ShareDisableChecker {
  15. private CappedMemoryCache $sharingDisabledForUsersCache;
  16. public function __construct(
  17. private IConfig $config,
  18. private IUserManager $userManager,
  19. private IGroupManager $groupManager,
  20. ) {
  21. $this->sharingDisabledForUsersCache = new CappedMemoryCache();
  22. }
  23. /**
  24. * @param ?string $userId
  25. * @return bool
  26. */
  27. public function sharingDisabledForUser(?string $userId) {
  28. if ($userId === null) {
  29. return false;
  30. }
  31. if (isset($this->sharingDisabledForUsersCache[$userId])) {
  32. return $this->sharingDisabledForUsersCache[$userId];
  33. }
  34. $excludeGroups = $this->config->getAppValue('core', 'shareapi_exclude_groups', 'no');
  35. if ($excludeGroups && $excludeGroups !== 'no') {
  36. $groupsList = $this->config->getAppValue('core', 'shareapi_exclude_groups_list', '');
  37. $excludedGroups = json_decode($groupsList);
  38. if (is_null($excludedGroups)) {
  39. $excludedGroups = explode(',', $groupsList);
  40. $newValue = json_encode($excludedGroups);
  41. $this->config->setAppValue('core', 'shareapi_exclude_groups_list', $newValue);
  42. }
  43. $user = $this->userManager->get($userId);
  44. if (!$user) {
  45. return false;
  46. }
  47. $usersGroups = $this->groupManager->getUserGroupIds($user);
  48. if ($excludeGroups !== 'allow') {
  49. if (!empty($usersGroups)) {
  50. $remainingGroups = array_diff($usersGroups, $excludedGroups);
  51. // if the user is only in groups which are disabled for sharing then
  52. // sharing is also disabled for the user
  53. if (empty($remainingGroups)) {
  54. $this->sharingDisabledForUsersCache[$userId] = true;
  55. return true;
  56. }
  57. }
  58. } else {
  59. if (!empty($usersGroups)) {
  60. $remainingGroups = array_intersect($usersGroups, $excludedGroups);
  61. // if the user is in any group which is allowed for sharing then
  62. // sharing is also allowed for the user
  63. if (!empty($remainingGroups)) {
  64. $this->sharingDisabledForUsersCache[$userId] = false;
  65. return false;
  66. }
  67. }
  68. $this->sharingDisabledForUsersCache[$userId] = true;
  69. return true;
  70. }
  71. }
  72. $this->sharingDisabledForUsersCache[$userId] = false;
  73. return false;
  74. }
  75. }