ProfileApiController.php 3.3 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright 2021 Christopher Ng <chrng8@gmail.com>
  5. *
  6. * @author Christopher Ng <chrng8@gmail.com>
  7. * @author Kate Döen <kate.doeen@nextcloud.com>
  8. *
  9. * @license GNU AGPL version 3 or any later version
  10. *
  11. * This program is free software: you can redistribute it and/or modify
  12. * it under the terms of the GNU Affero General Public License as
  13. * published by the Free Software Foundation, either version 3 of the
  14. * License, or (at your option) any later version.
  15. *
  16. * This program is distributed in the hope that it will be useful,
  17. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  18. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  19. * GNU Affero General Public License for more details.
  20. *
  21. * You should have received a copy of the GNU Affero General Public License
  22. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  23. *
  24. */
  25. namespace OC\Core\Controller;
  26. use OC\Core\Db\ProfileConfigMapper;
  27. use OC\Profile\ProfileManager;
  28. use OCP\AppFramework\Http;
  29. use OCP\AppFramework\Http\Attribute\ApiRoute;
  30. use OCP\AppFramework\Http\DataResponse;
  31. use OCP\AppFramework\OCS\OCSBadRequestException;
  32. use OCP\AppFramework\OCS\OCSForbiddenException;
  33. use OCP\AppFramework\OCS\OCSNotFoundException;
  34. use OCP\AppFramework\OCSController;
  35. use OCP\IRequest;
  36. use OCP\IUserManager;
  37. use OCP\IUserSession;
  38. class ProfileApiController extends OCSController {
  39. public function __construct(
  40. IRequest $request,
  41. private ProfileConfigMapper $configMapper,
  42. private ProfileManager $profileManager,
  43. private IUserManager $userManager,
  44. private IUserSession $userSession,
  45. ) {
  46. parent::__construct('core', $request);
  47. }
  48. /**
  49. * @NoAdminRequired
  50. * @NoSubAdminRequired
  51. * @PasswordConfirmationRequired
  52. * @UserRateThrottle(limit=40, period=600)
  53. *
  54. * Update the visibility of a parameter
  55. *
  56. * @param string $targetUserId ID of the user
  57. * @param string $paramId ID of the parameter
  58. * @param string $visibility New visibility
  59. * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
  60. * @throws OCSBadRequestException Updating visibility is not possible
  61. * @throws OCSForbiddenException Not allowed to edit other users visibility
  62. * @throws OCSNotFoundException Account not found
  63. *
  64. * 200: Visibility updated successfully
  65. */
  66. #[ApiRoute(verb: 'PUT', url: '/{targetUserId}', root: '/profile')]
  67. public function setVisibility(string $targetUserId, string $paramId, string $visibility): DataResponse {
  68. $requestingUser = $this->userSession->getUser();
  69. $targetUser = $this->userManager->get($targetUserId);
  70. if (!$this->userManager->userExists($targetUserId)) {
  71. throw new OCSNotFoundException('Account does not exist');
  72. }
  73. if ($requestingUser !== $targetUser) {
  74. throw new OCSForbiddenException('People can only edit their own visibility settings');
  75. }
  76. // Ensure that a profile config is created in the database
  77. $this->profileManager->getProfileConfig($targetUser, $targetUser);
  78. $config = $this->configMapper->get($targetUserId);
  79. if (!in_array($paramId, array_keys($config->getVisibilityMap()), true)) {
  80. throw new OCSBadRequestException('Account does not have a profile parameter with ID: ' . $paramId);
  81. }
  82. $config->setVisibility($paramId, $visibility);
  83. $this->configMapper->update($config);
  84. return new DataResponse();
  85. }
  86. }