1
0

SubAdmin.php 7.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OC;
  8. use OC\Hooks\PublicEmitter;
  9. use OCP\EventDispatcher\IEventDispatcher;
  10. use OCP\Group\Events\SubAdminAddedEvent;
  11. use OCP\Group\Events\SubAdminRemovedEvent;
  12. use OCP\Group\ISubAdmin;
  13. use OCP\IDBConnection;
  14. use OCP\IGroup;
  15. use OCP\IGroupManager;
  16. use OCP\IUser;
  17. use OCP\IUserManager;
  18. class SubAdmin extends PublicEmitter implements ISubAdmin {
  19. /** @var IUserManager */
  20. private $userManager;
  21. /** @var IGroupManager */
  22. private $groupManager;
  23. /** @var IDBConnection */
  24. private $dbConn;
  25. /** @var IEventDispatcher */
  26. private $eventDispatcher;
  27. /**
  28. * @param IUserManager $userManager
  29. * @param IGroupManager $groupManager
  30. * @param IDBConnection $dbConn
  31. */
  32. public function __construct(IUserManager $userManager,
  33. IGroupManager $groupManager,
  34. IDBConnection $dbConn,
  35. IEventDispatcher $eventDispatcher) {
  36. $this->userManager = $userManager;
  37. $this->groupManager = $groupManager;
  38. $this->dbConn = $dbConn;
  39. $this->eventDispatcher = $eventDispatcher;
  40. $this->userManager->listen('\OC\User', 'postDelete', function ($user) {
  41. $this->post_deleteUser($user);
  42. });
  43. $this->groupManager->listen('\OC\Group', 'postDelete', function ($group) {
  44. $this->post_deleteGroup($group);
  45. });
  46. }
  47. /**
  48. * add a SubAdmin
  49. * @param IUser $user user to be SubAdmin
  50. * @param IGroup $group group $user becomes subadmin of
  51. */
  52. public function createSubAdmin(IUser $user, IGroup $group): void {
  53. $qb = $this->dbConn->getQueryBuilder();
  54. $qb->insert('group_admin')
  55. ->values([
  56. 'gid' => $qb->createNamedParameter($group->getGID()),
  57. 'uid' => $qb->createNamedParameter($user->getUID())
  58. ])
  59. ->execute();
  60. /** @deprecated 21.0.0 - use type SubAdminAddedEvent instead */
  61. $this->emit('\OC\SubAdmin', 'postCreateSubAdmin', [$user, $group]);
  62. $event = new SubAdminAddedEvent($group, $user);
  63. $this->eventDispatcher->dispatchTyped($event);
  64. }
  65. /**
  66. * delete a SubAdmin
  67. * @param IUser $user the user that is the SubAdmin
  68. * @param IGroup $group the group
  69. */
  70. public function deleteSubAdmin(IUser $user, IGroup $group): void {
  71. $qb = $this->dbConn->getQueryBuilder();
  72. $qb->delete('group_admin')
  73. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  74. ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  75. ->execute();
  76. /** @deprecated 21.0.0 - use type SubAdminRemovedEvent instead */
  77. $this->emit('\OC\SubAdmin', 'postDeleteSubAdmin', [$user, $group]);
  78. $event = new SubAdminRemovedEvent($group, $user);
  79. $this->eventDispatcher->dispatchTyped($event);
  80. }
  81. /**
  82. * get groups of a SubAdmin
  83. * @param IUser $user the SubAdmin
  84. * @return IGroup[]
  85. */
  86. public function getSubAdminsGroups(IUser $user): array {
  87. $groupIds = $this->getSubAdminsGroupIds($user);
  88. $groups = [];
  89. foreach ($groupIds as $groupId) {
  90. $group = $this->groupManager->get($groupId);
  91. if ($group !== null) {
  92. $groups[$group->getGID()] = $group;
  93. }
  94. }
  95. return $groups;
  96. }
  97. /**
  98. * Get group ids of a SubAdmin
  99. * @param IUser $user the SubAdmin
  100. * @return string[]
  101. */
  102. public function getSubAdminsGroupIds(IUser $user): array {
  103. $qb = $this->dbConn->getQueryBuilder();
  104. $result = $qb->select('gid')
  105. ->from('group_admin')
  106. ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  107. ->execute();
  108. $groups = [];
  109. while ($row = $result->fetch()) {
  110. $groups[] = $row['gid'];
  111. }
  112. $result->closeCursor();
  113. return $groups;
  114. }
  115. /**
  116. * get an array of groupid and displayName for a user
  117. * @param IUser $user
  118. * @return array ['displayName' => displayname]
  119. */
  120. public function getSubAdminsGroupsName(IUser $user): array {
  121. return array_map(function ($group) {
  122. return ['displayName' => $group->getDisplayName()];
  123. }, $this->getSubAdminsGroups($user));
  124. }
  125. /**
  126. * get SubAdmins of a group
  127. * @param IGroup $group the group
  128. * @return IUser[]
  129. */
  130. public function getGroupsSubAdmins(IGroup $group): array {
  131. $qb = $this->dbConn->getQueryBuilder();
  132. $result = $qb->select('uid')
  133. ->from('group_admin')
  134. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  135. ->execute();
  136. $users = [];
  137. while ($row = $result->fetch()) {
  138. $user = $this->userManager->get($row['uid']);
  139. if (!is_null($user)) {
  140. $users[] = $user;
  141. }
  142. }
  143. $result->closeCursor();
  144. return $users;
  145. }
  146. /**
  147. * get all SubAdmins
  148. * @return array
  149. */
  150. public function getAllSubAdmins(): array {
  151. $qb = $this->dbConn->getQueryBuilder();
  152. $result = $qb->select('*')
  153. ->from('group_admin')
  154. ->execute();
  155. $subadmins = [];
  156. while ($row = $result->fetch()) {
  157. $user = $this->userManager->get($row['uid']);
  158. $group = $this->groupManager->get($row['gid']);
  159. if (!is_null($user) && !is_null($group)) {
  160. $subadmins[] = [
  161. 'user' => $user,
  162. 'group' => $group
  163. ];
  164. }
  165. }
  166. $result->closeCursor();
  167. return $subadmins;
  168. }
  169. /**
  170. * checks if a user is a SubAdmin of a group
  171. * @param IUser $user
  172. * @param IGroup $group
  173. * @return bool
  174. */
  175. public function isSubAdminOfGroup(IUser $user, IGroup $group): bool {
  176. $qb = $this->dbConn->getQueryBuilder();
  177. /*
  178. * Primary key is ('gid', 'uid') so max 1 result possible here
  179. */
  180. $result = $qb->select('*')
  181. ->from('group_admin')
  182. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  183. ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  184. ->execute();
  185. $fetch = $result->fetch();
  186. $result->closeCursor();
  187. $result = !empty($fetch) ? true : false;
  188. return $result;
  189. }
  190. /**
  191. * checks if a user is a SubAdmin
  192. * @param IUser $user
  193. * @return bool
  194. */
  195. public function isSubAdmin(IUser $user): bool {
  196. // Check if the user is already an admin
  197. if ($this->groupManager->isAdmin($user->getUID())) {
  198. return true;
  199. }
  200. $qb = $this->dbConn->getQueryBuilder();
  201. $result = $qb->select('gid')
  202. ->from('group_admin')
  203. ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  204. ->setMaxResults(1)
  205. ->execute();
  206. $isSubAdmin = $result->fetch();
  207. $result->closeCursor();
  208. return $isSubAdmin !== false;
  209. }
  210. /**
  211. * checks if a user is a accessible by a subadmin
  212. * @param IUser $subadmin
  213. * @param IUser $user
  214. * @return bool
  215. */
  216. public function isUserAccessible(IUser $subadmin, IUser $user): bool {
  217. if (!$this->isSubAdmin($subadmin)) {
  218. return false;
  219. }
  220. if ($this->groupManager->isAdmin($user->getUID())) {
  221. return false;
  222. }
  223. $accessibleGroups = $this->getSubAdminsGroupIds($subadmin);
  224. $userGroups = $this->groupManager->getUserGroupIds($user);
  225. return !empty(array_intersect($accessibleGroups, $userGroups));
  226. }
  227. /**
  228. * delete all SubAdmins by $user
  229. * @param IUser $user
  230. */
  231. private function post_deleteUser(IUser $user) {
  232. $qb = $this->dbConn->getQueryBuilder();
  233. $qb->delete('group_admin')
  234. ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  235. ->execute();
  236. }
  237. /**
  238. * delete all SubAdmins by $group
  239. * @param IGroup $group
  240. */
  241. private function post_deleteGroup(IGroup $group) {
  242. $qb = $this->dbConn->getQueryBuilder();
  243. $qb->delete('group_admin')
  244. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  245. ->execute();
  246. }
  247. }