SubAdmin.php 7.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Bart Visscher <bartv@thisnet.nl>
  7. * @author Georg Ehrke <oc.list@georgehrke.com>
  8. * @author John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
  9. * @author Lukas Reschke <lukas@statuscode.ch>
  10. * @author Morris Jobke <hey@morrisjobke.de>
  11. * @author Roeland Jago Douma <roeland@famdouma.nl>
  12. *
  13. * @license AGPL-3.0
  14. *
  15. * This code is free software: you can redistribute it and/or modify
  16. * it under the terms of the GNU Affero General Public License, version 3,
  17. * as published by the Free Software Foundation.
  18. *
  19. * This program is distributed in the hope that it will be useful,
  20. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  21. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  22. * GNU Affero General Public License for more details.
  23. *
  24. * You should have received a copy of the GNU Affero General Public License, version 3,
  25. * along with this program. If not, see <http://www.gnu.org/licenses/>
  26. *
  27. */
  28. namespace OC;
  29. use OC\Hooks\PublicEmitter;
  30. use OCP\Group\ISubAdmin;
  31. use OCP\IDBConnection;
  32. use OCP\IGroup;
  33. use OCP\IGroupManager;
  34. use OCP\IUser;
  35. use OCP\IUserManager;
  36. class SubAdmin extends PublicEmitter implements ISubAdmin {
  37. /** @var IUserManager */
  38. private $userManager;
  39. /** @var IGroupManager */
  40. private $groupManager;
  41. /** @var IDBConnection */
  42. private $dbConn;
  43. /**
  44. * @param IUserManager $userManager
  45. * @param IGroupManager $groupManager
  46. * @param IDBConnection $dbConn
  47. */
  48. public function __construct(IUserManager $userManager,
  49. IGroupManager $groupManager,
  50. IDBConnection $dbConn) {
  51. $this->userManager = $userManager;
  52. $this->groupManager = $groupManager;
  53. $this->dbConn = $dbConn;
  54. $this->userManager->listen('\OC\User', 'postDelete', function($user) {
  55. $this->post_deleteUser($user);
  56. });
  57. $this->groupManager->listen('\OC\Group', 'postDelete', function($group) {
  58. $this->post_deleteGroup($group);
  59. });
  60. }
  61. /**
  62. * add a SubAdmin
  63. * @param IUser $user user to be SubAdmin
  64. * @param IGroup $group group $user becomes subadmin of
  65. */
  66. public function createSubAdmin(IUser $user, IGroup $group): void {
  67. $qb = $this->dbConn->getQueryBuilder();
  68. $qb->insert('group_admin')
  69. ->values([
  70. 'gid' => $qb->createNamedParameter($group->getGID()),
  71. 'uid' => $qb->createNamedParameter($user->getUID())
  72. ])
  73. ->execute();
  74. $this->emit('\OC\SubAdmin', 'postCreateSubAdmin', [$user, $group]);
  75. \OC_Hook::emit("OC_SubAdmin", "post_createSubAdmin", ["gid" => $group->getGID()]);
  76. }
  77. /**
  78. * delete a SubAdmin
  79. * @param IUser $user the user that is the SubAdmin
  80. * @param IGroup $group the group
  81. */
  82. public function deleteSubAdmin(IUser $user, IGroup $group): void {
  83. $qb = $this->dbConn->getQueryBuilder();
  84. $qb->delete('group_admin')
  85. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  86. ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  87. ->execute();
  88. $this->emit('\OC\SubAdmin', 'postDeleteSubAdmin', [$user, $group]);
  89. \OC_Hook::emit("OC_SubAdmin", "post_deleteSubAdmin", ["gid" => $group->getGID()]);
  90. }
  91. /**
  92. * get groups of a SubAdmin
  93. * @param IUser $user the SubAdmin
  94. * @return IGroup[]
  95. */
  96. public function getSubAdminsGroups(IUser $user): array {
  97. $qb = $this->dbConn->getQueryBuilder();
  98. $result = $qb->select('gid')
  99. ->from('group_admin')
  100. ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  101. ->execute();
  102. $groups = [];
  103. while($row = $result->fetch()) {
  104. $group = $this->groupManager->get($row['gid']);
  105. if(!is_null($group)) {
  106. $groups[$group->getGID()] = $group;
  107. }
  108. }
  109. $result->closeCursor();
  110. return $groups;
  111. }
  112. /**
  113. * get an array of groupid and displayName for a user
  114. * @param IUser $user
  115. * @return array ['displayName' => displayname]
  116. */
  117. public function getSubAdminsGroupsName(IUser $user): array {
  118. return array_map(function($group) {
  119. return array('displayName' => $group->getDisplayName());
  120. }, $this->getSubAdminsGroups($user));
  121. }
  122. /**
  123. * get SubAdmins of a group
  124. * @param IGroup $group the group
  125. * @return IUser[]
  126. */
  127. public function getGroupsSubAdmins(IGroup $group): array {
  128. $qb = $this->dbConn->getQueryBuilder();
  129. $result = $qb->select('uid')
  130. ->from('group_admin')
  131. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  132. ->execute();
  133. $users = [];
  134. while($row = $result->fetch()) {
  135. $user = $this->userManager->get($row['uid']);
  136. if(!is_null($user)) {
  137. $users[] = $user;
  138. }
  139. }
  140. $result->closeCursor();
  141. return $users;
  142. }
  143. /**
  144. * get all SubAdmins
  145. * @return array
  146. */
  147. public function getAllSubAdmins(): array {
  148. $qb = $this->dbConn->getQueryBuilder();
  149. $result = $qb->select('*')
  150. ->from('group_admin')
  151. ->execute();
  152. $subadmins = [];
  153. while($row = $result->fetch()) {
  154. $user = $this->userManager->get($row['uid']);
  155. $group = $this->groupManager->get($row['gid']);
  156. if(!is_null($user) && !is_null($group)) {
  157. $subadmins[] = [
  158. 'user' => $user,
  159. 'group' => $group
  160. ];
  161. }
  162. }
  163. $result->closeCursor();
  164. return $subadmins;
  165. }
  166. /**
  167. * checks if a user is a SubAdmin of a group
  168. * @param IUser $user
  169. * @param IGroup $group
  170. * @return bool
  171. */
  172. public function isSubAdminOfGroup(IUser $user, IGroup $group): bool {
  173. $qb = $this->dbConn->getQueryBuilder();
  174. /*
  175. * Primary key is ('gid', 'uid') so max 1 result possible here
  176. */
  177. $result = $qb->select('*')
  178. ->from('group_admin')
  179. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  180. ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  181. ->execute();
  182. $fetch = $result->fetch();
  183. $result->closeCursor();
  184. $result = !empty($fetch) ? true : false;
  185. return $result;
  186. }
  187. /**
  188. * checks if a user is a SubAdmin
  189. * @param IUser $user
  190. * @return bool
  191. */
  192. public function isSubAdmin(IUser $user): bool {
  193. // Check if the user is already an admin
  194. if ($this->groupManager->isAdmin($user->getUID())) {
  195. return true;
  196. }
  197. $qb = $this->dbConn->getQueryBuilder();
  198. $result = $qb->select('gid')
  199. ->from('group_admin')
  200. ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  201. ->setMaxResults(1)
  202. ->execute();
  203. $isSubAdmin = $result->fetch();
  204. $result->closeCursor();
  205. return $isSubAdmin !== false;
  206. }
  207. /**
  208. * checks if a user is a accessible by a subadmin
  209. * @param IUser $subadmin
  210. * @param IUser $user
  211. * @return bool
  212. */
  213. public function isUserAccessible(IUser $subadmin, IUser $user): bool {
  214. if(!$this->isSubAdmin($subadmin)) {
  215. return false;
  216. }
  217. if($this->groupManager->isAdmin($user->getUID())) {
  218. return false;
  219. }
  220. $accessibleGroups = $this->getSubAdminsGroups($subadmin);
  221. foreach($accessibleGroups as $accessibleGroup) {
  222. if($accessibleGroup->inGroup($user)) {
  223. return true;
  224. }
  225. }
  226. return false;
  227. }
  228. /**
  229. * delete all SubAdmins by $user
  230. * @param IUser $user
  231. */
  232. private function post_deleteUser(IUser $user) {
  233. $qb = $this->dbConn->getQueryBuilder();
  234. $qb->delete('group_admin')
  235. ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  236. ->execute();
  237. }
  238. /**
  239. * delete all SubAdmins by $group
  240. * @param IGroup $group
  241. */
  242. private function post_deleteGroup(IGroup $group) {
  243. $qb = $this->dbConn->getQueryBuilder();
  244. $qb->delete('group_admin')
  245. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  246. ->execute();
  247. }
  248. }