Group_Proxy.php 11 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Christopher Schäpers <kondou@ts.unde.re>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Joas Schilling <coding@schilljs.com>
  9. * @author Johannes Leuker <j.leuker@hosting.de>
  10. * @author Morris Jobke <hey@morrisjobke.de>
  11. * @author Robin McCorkell <robin@mccorkell.me.uk>
  12. * @author Vinicius Cubas Brand <vinicius@eita.org.br>
  13. *
  14. * @license AGPL-3.0
  15. *
  16. * This code is free software: you can redistribute it and/or modify
  17. * it under the terms of the GNU Affero General Public License, version 3,
  18. * as published by the Free Software Foundation.
  19. *
  20. * This program is distributed in the hope that it will be useful,
  21. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  22. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  23. * GNU Affero General Public License for more details.
  24. *
  25. * You should have received a copy of the GNU Affero General Public License, version 3,
  26. * along with this program. If not, see <http://www.gnu.org/licenses/>
  27. *
  28. */
  29. namespace OCA\User_LDAP;
  30. use OC\ServerNotAvailableException;
  31. use OCP\Group\Backend\IBatchMethodsBackend;
  32. use OCP\Group\Backend\IDeleteGroupBackend;
  33. use OCP\Group\Backend\IGetDisplayNameBackend;
  34. use OCP\Group\Backend\IGroupDetailsBackend;
  35. use OCP\Group\Backend\IIsAdminBackend;
  36. use OCP\Group\Backend\INamedBackend;
  37. use OCP\GroupInterface;
  38. use OCP\IConfig;
  39. use OCP\IUserManager;
  40. class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend, INamedBackend, IDeleteGroupBackend, IBatchMethodsBackend, IIsAdminBackend {
  41. private $backends = [];
  42. private ?Group_LDAP $refBackend = null;
  43. private Helper $helper;
  44. private GroupPluginManager $groupPluginManager;
  45. private bool $isSetUp = false;
  46. private IConfig $config;
  47. private IUserManager $ncUserManager;
  48. public function __construct(
  49. Helper $helper,
  50. ILDAPWrapper $ldap,
  51. AccessFactory $accessFactory,
  52. GroupPluginManager $groupPluginManager,
  53. IConfig $config,
  54. IUserManager $ncUserManager,
  55. ) {
  56. parent::__construct($ldap, $accessFactory);
  57. $this->helper = $helper;
  58. $this->groupPluginManager = $groupPluginManager;
  59. $this->config = $config;
  60. $this->ncUserManager = $ncUserManager;
  61. }
  62. protected function setup(): void {
  63. if ($this->isSetUp) {
  64. return;
  65. }
  66. $serverConfigPrefixes = $this->helper->getServerConfigurationPrefixes(true);
  67. foreach ($serverConfigPrefixes as $configPrefix) {
  68. $this->backends[$configPrefix] =
  69. new Group_LDAP($this->getAccess($configPrefix), $this->groupPluginManager, $this->config, $this->ncUserManager);
  70. if (is_null($this->refBackend)) {
  71. $this->refBackend = &$this->backends[$configPrefix];
  72. }
  73. }
  74. $this->isSetUp = true;
  75. }
  76. /**
  77. * Tries the backends one after the other until a positive result is returned from the specified method
  78. *
  79. * @param string $id the gid connected to the request
  80. * @param string $method the method of the group backend that shall be called
  81. * @param array $parameters an array of parameters to be passed
  82. * @return mixed the result of the method or false
  83. */
  84. protected function walkBackends($id, $method, $parameters) {
  85. $this->setup();
  86. $gid = $id;
  87. $cacheKey = $this->getGroupCacheKey($gid);
  88. foreach ($this->backends as $configPrefix => $backend) {
  89. if ($result = call_user_func_array([$backend, $method], $parameters)) {
  90. if (!$this->isSingleBackend()) {
  91. $this->writeToCache($cacheKey, $configPrefix);
  92. }
  93. return $result;
  94. }
  95. }
  96. return false;
  97. }
  98. /**
  99. * Asks the backend connected to the server that supposely takes care of the gid from the request.
  100. *
  101. * @param string $id the gid connected to the request
  102. * @param string $method the method of the group backend that shall be called
  103. * @param array $parameters an array of parameters to be passed
  104. * @param mixed $passOnWhen the result matches this variable
  105. * @return mixed the result of the method or false
  106. */
  107. protected function callOnLastSeenOn($id, $method, $parameters, $passOnWhen) {
  108. $this->setup();
  109. $gid = $id;
  110. $cacheKey = $this->getGroupCacheKey($gid);
  111. $prefix = $this->getFromCache($cacheKey);
  112. //in case the uid has been found in the past, try this stored connection first
  113. if (!is_null($prefix)) {
  114. if (isset($this->backends[$prefix])) {
  115. $result = call_user_func_array([$this->backends[$prefix], $method], $parameters);
  116. if ($result === $passOnWhen) {
  117. //not found here, reset cache to null if group vanished
  118. //because sometimes methods return false with a reason
  119. $groupExists = call_user_func_array(
  120. [$this->backends[$prefix], 'groupExists'],
  121. [$gid]
  122. );
  123. if (!$groupExists) {
  124. $this->writeToCache($cacheKey, null);
  125. }
  126. }
  127. return $result;
  128. }
  129. }
  130. return false;
  131. }
  132. protected function activeBackends(): int {
  133. $this->setup();
  134. return count($this->backends);
  135. }
  136. /**
  137. * is user in group?
  138. *
  139. * @param string $uid uid of the user
  140. * @param string $gid gid of the group
  141. * @return bool
  142. *
  143. * Checks whether the user is member of a group or not.
  144. */
  145. public function inGroup($uid, $gid) {
  146. return $this->handleRequest($gid, 'inGroup', [$uid, $gid]);
  147. }
  148. /**
  149. * Get all groups a user belongs to
  150. *
  151. * @param string $uid Name of the user
  152. * @return string[] with group names
  153. *
  154. * This function fetches all groups a user belongs to. It does not check
  155. * if the user exists at all.
  156. */
  157. public function getUserGroups($uid) {
  158. $this->setup();
  159. $groups = [];
  160. foreach ($this->backends as $backend) {
  161. $backendGroups = $backend->getUserGroups($uid);
  162. if (is_array($backendGroups)) {
  163. $groups = array_merge($groups, $backendGroups);
  164. }
  165. }
  166. return $groups;
  167. }
  168. /**
  169. * get a list of all users in a group
  170. *
  171. * @return array<int,string> user ids
  172. */
  173. public function usersInGroup($gid, $search = '', $limit = -1, $offset = 0) {
  174. $this->setup();
  175. $users = [];
  176. foreach ($this->backends as $backend) {
  177. $backendUsers = $backend->usersInGroup($gid, $search, $limit, $offset);
  178. if (is_array($backendUsers)) {
  179. $users = array_merge($users, $backendUsers);
  180. }
  181. }
  182. return $users;
  183. }
  184. /**
  185. * @param string $gid
  186. * @return bool
  187. */
  188. public function createGroup($gid) {
  189. return $this->handleRequest(
  190. $gid, 'createGroup', [$gid]);
  191. }
  192. /**
  193. * delete a group
  194. */
  195. public function deleteGroup(string $gid): bool {
  196. return $this->handleRequest(
  197. $gid, 'deleteGroup', [$gid]);
  198. }
  199. /**
  200. * Add a user to a group
  201. *
  202. * @param string $uid Name of the user to add to group
  203. * @param string $gid Name of the group in which add the user
  204. * @return bool
  205. *
  206. * Adds a user to a group.
  207. */
  208. public function addToGroup($uid, $gid) {
  209. return $this->handleRequest(
  210. $gid, 'addToGroup', [$uid, $gid]);
  211. }
  212. /**
  213. * Removes a user from a group
  214. *
  215. * @param string $uid Name of the user to remove from group
  216. * @param string $gid Name of the group from which remove the user
  217. * @return bool
  218. *
  219. * removes the user from a group.
  220. */
  221. public function removeFromGroup($uid, $gid) {
  222. return $this->handleRequest(
  223. $gid, 'removeFromGroup', [$uid, $gid]);
  224. }
  225. /**
  226. * returns the number of users in a group, who match the search term
  227. *
  228. * @param string $gid the internal group name
  229. * @param string $search optional, a search string
  230. * @return int|bool
  231. */
  232. public function countUsersInGroup($gid, $search = '') {
  233. return $this->handleRequest(
  234. $gid, 'countUsersInGroup', [$gid, $search]);
  235. }
  236. /**
  237. * get an array with group details
  238. *
  239. * @param string $gid
  240. * @return array|false
  241. */
  242. public function getGroupDetails($gid) {
  243. return $this->handleRequest(
  244. $gid, 'getGroupDetails', [$gid]);
  245. }
  246. /**
  247. * {@inheritdoc}
  248. */
  249. public function getGroupsDetails(array $gids): array {
  250. if (!($this instanceof IGroupDetailsBackend || $this->implementsActions(GroupInterface::GROUP_DETAILS))) {
  251. throw new \Exception("Should not have been called");
  252. }
  253. $groupData = [];
  254. foreach ($gids as $gid) {
  255. $groupData[$gid] = $this->handleRequest($gid, 'getGroupDetails', [$gid]);
  256. }
  257. return $groupData;
  258. }
  259. /**
  260. * get a list of all groups
  261. *
  262. * @return string[] with group names
  263. *
  264. * Returns a list with all groups
  265. */
  266. public function getGroups($search = '', $limit = -1, $offset = 0) {
  267. $this->setup();
  268. $groups = [];
  269. foreach ($this->backends as $backend) {
  270. $backendGroups = $backend->getGroups($search, $limit, $offset);
  271. if (is_array($backendGroups)) {
  272. $groups = array_merge($groups, $backendGroups);
  273. }
  274. }
  275. return $groups;
  276. }
  277. /**
  278. * check if a group exists
  279. *
  280. * @param string $gid
  281. * @return bool
  282. */
  283. public function groupExists($gid) {
  284. return $this->handleRequest($gid, 'groupExists', [$gid]);
  285. }
  286. /**
  287. * Check if a group exists
  288. *
  289. * @throws ServerNotAvailableException
  290. */
  291. public function groupExistsOnLDAP(string $gid, bool $ignoreCache = false): bool {
  292. return $this->handleRequest($gid, 'groupExistsOnLDAP', [$gid, $ignoreCache]);
  293. }
  294. /**
  295. * returns the groupname for the given LDAP DN, if available
  296. */
  297. public function dn2GroupName(string $dn): string|false {
  298. $id = 'DN,' . $dn;
  299. return $this->handleRequest($id, 'dn2GroupName', [$dn]);
  300. }
  301. /**
  302. * {@inheritdoc}
  303. */
  304. public function groupsExists(array $gids): array {
  305. return array_values(array_filter(
  306. $gids,
  307. fn (string $gid): bool => $this->handleRequest($gid, 'groupExists', [$gid]),
  308. ));
  309. }
  310. /**
  311. * Check if backend implements actions
  312. *
  313. * @param int $actions bitwise-or'ed actions
  314. * @return boolean
  315. *
  316. * Returns the supported actions as int to be
  317. * compared with \OCP\GroupInterface::CREATE_GROUP etc.
  318. */
  319. public function implementsActions($actions) {
  320. $this->setup();
  321. //it's the same across all our user backends obviously
  322. return $this->refBackend->implementsActions($actions);
  323. }
  324. /**
  325. * Return access for LDAP interaction.
  326. *
  327. * @param string $gid
  328. * @return Access instance of Access for LDAP interaction
  329. */
  330. public function getLDAPAccess($gid) {
  331. return $this->handleRequest($gid, 'getLDAPAccess', [$gid]);
  332. }
  333. /**
  334. * Return a new LDAP connection for the specified group.
  335. * The connection needs to be closed manually.
  336. *
  337. * @param string $gid
  338. * @return resource|\LDAP\Connection The LDAP connection
  339. */
  340. public function getNewLDAPConnection($gid) {
  341. return $this->handleRequest($gid, 'getNewLDAPConnection', [$gid]);
  342. }
  343. public function getDisplayName(string $gid): string {
  344. return $this->handleRequest($gid, 'getDisplayName', [$gid]);
  345. }
  346. /**
  347. * Backend name to be shown in group management
  348. * @return string the name of the backend to be shown
  349. * @since 22.0.0
  350. */
  351. public function getBackendName(): string {
  352. return 'LDAP';
  353. }
  354. public function searchInGroup(string $gid, string $search = '', int $limit = -1, int $offset = 0): array {
  355. return $this->handleRequest($gid, 'searchInGroup', [$gid, $search, $limit, $offset]);
  356. }
  357. public function addRelationshipToCaches(string $uid, ?string $dnUser, string $gid): void {
  358. $this->handleRequest($gid, 'addRelationshipToCaches', [$uid, $dnUser, $gid]);
  359. }
  360. public function isAdmin(string $uid): bool {
  361. return $this->handleRequest($uid, 'isAdmin', [$uid]);
  362. }
  363. }