GroupPrincipalBackend.php 8.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. * @copyright Copyright (c) 2018, Georg Ehrke
  5. *
  6. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Georg Ehrke <oc.list@georgehrke.com>
  9. * @author John Molakvoæ <skjnldsv@protonmail.com>
  10. * @author Roeland Jago Douma <roeland@famdouma.nl>
  11. * @author Thomas Citharel <nextcloud@tcit.fr>
  12. * @author Thomas Müller <thomas.mueller@tmit.eu>
  13. *
  14. * @license AGPL-3.0
  15. *
  16. * This code is free software: you can redistribute it and/or modify
  17. * it under the terms of the GNU Affero General Public License, version 3,
  18. * as published by the Free Software Foundation.
  19. *
  20. * This program is distributed in the hope that it will be useful,
  21. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  22. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  23. * GNU Affero General Public License for more details.
  24. *
  25. * You should have received a copy of the GNU Affero General Public License, version 3,
  26. * along with this program. If not, see <http://www.gnu.org/licenses/>
  27. *
  28. */
  29. namespace OCA\DAV\DAV;
  30. use OCP\Constants;
  31. use OCP\IConfig;
  32. use OCP\IGroup;
  33. use OCP\IGroupManager;
  34. use OCP\IUser;
  35. use OCP\IUserSession;
  36. use OCP\Share\IManager as IShareManager;
  37. use Sabre\DAV\Exception;
  38. use Sabre\DAV\PropPatch;
  39. use Sabre\DAVACL\PrincipalBackend\BackendInterface;
  40. class GroupPrincipalBackend implements BackendInterface {
  41. public const PRINCIPAL_PREFIX = 'principals/groups';
  42. /** @var IGroupManager */
  43. private $groupManager;
  44. /** @var IUserSession */
  45. private $userSession;
  46. /** @var IShareManager */
  47. private $shareManager;
  48. /** @var IConfig */
  49. private $config;
  50. /**
  51. * @param IGroupManager $IGroupManager
  52. * @param IUserSession $userSession
  53. * @param IShareManager $shareManager
  54. */
  55. public function __construct(
  56. IGroupManager $IGroupManager,
  57. IUserSession $userSession,
  58. IShareManager $shareManager,
  59. IConfig $config
  60. ) {
  61. $this->groupManager = $IGroupManager;
  62. $this->userSession = $userSession;
  63. $this->shareManager = $shareManager;
  64. $this->config = $config;
  65. }
  66. /**
  67. * Returns a list of principals based on a prefix.
  68. *
  69. * This prefix will often contain something like 'principals'. You are only
  70. * expected to return principals that are in this base path.
  71. *
  72. * You are expected to return at least a 'uri' for every user, you can
  73. * return any additional properties if you wish so. Common properties are:
  74. * {DAV:}displayname
  75. *
  76. * @param string $prefixPath
  77. * @return string[]
  78. */
  79. public function getPrincipalsByPrefix($prefixPath) {
  80. $principals = [];
  81. if ($prefixPath === self::PRINCIPAL_PREFIX) {
  82. foreach ($this->groupManager->search('') as $user) {
  83. $principals[] = $this->groupToPrincipal($user);
  84. }
  85. }
  86. return $principals;
  87. }
  88. /**
  89. * Returns a specific principal, specified by it's path.
  90. * The returned structure should be the exact same as from
  91. * getPrincipalsByPrefix.
  92. *
  93. * @param string $path
  94. * @return array
  95. */
  96. public function getPrincipalByPath($path) {
  97. $elements = explode('/', $path, 3);
  98. if ($elements[0] !== 'principals') {
  99. return null;
  100. }
  101. if ($elements[1] !== 'groups') {
  102. return null;
  103. }
  104. $name = urldecode($elements[2]);
  105. $group = $this->groupManager->get($name);
  106. if (!is_null($group)) {
  107. return $this->groupToPrincipal($group);
  108. }
  109. return null;
  110. }
  111. /**
  112. * Returns the list of members for a group-principal
  113. *
  114. * @param string $principal
  115. * @return array
  116. * @throws Exception
  117. */
  118. public function getGroupMemberSet($principal) {
  119. $elements = explode('/', $principal);
  120. if ($elements[0] !== 'principals') {
  121. return [];
  122. }
  123. if ($elements[1] !== 'groups') {
  124. return [];
  125. }
  126. $name = $elements[2];
  127. $group = $this->groupManager->get($name);
  128. if (is_null($group)) {
  129. return [];
  130. }
  131. return array_map(function ($user) {
  132. return $this->userToPrincipal($user);
  133. }, $group->getUsers());
  134. }
  135. /**
  136. * Returns the list of groups a principal is a member of
  137. *
  138. * @param string $principal
  139. * @return array
  140. * @throws Exception
  141. */
  142. public function getGroupMembership($principal) {
  143. return [];
  144. }
  145. /**
  146. * Updates the list of group members for a group principal.
  147. *
  148. * The principals should be passed as a list of uri's.
  149. *
  150. * @param string $principal
  151. * @param string[] $members
  152. * @throws Exception
  153. */
  154. public function setGroupMemberSet($principal, array $members) {
  155. throw new Exception('Setting members of the group is not supported yet');
  156. }
  157. /**
  158. * @param string $path
  159. * @param PropPatch $propPatch
  160. * @return int
  161. */
  162. public function updatePrincipal($path, PropPatch $propPatch) {
  163. return 0;
  164. }
  165. /**
  166. * @param string $prefixPath
  167. * @param array $searchProperties
  168. * @param string $test
  169. * @return array
  170. */
  171. public function searchPrincipals($prefixPath, array $searchProperties, $test = 'allof') {
  172. $results = [];
  173. if (\count($searchProperties) === 0) {
  174. return [];
  175. }
  176. if ($prefixPath !== self::PRINCIPAL_PREFIX) {
  177. return [];
  178. }
  179. // If sharing or group sharing is disabled, return the empty array
  180. if (!$this->groupSharingEnabled()) {
  181. return [];
  182. }
  183. // If sharing is restricted to group members only,
  184. // return only members that have groups in common
  185. $restrictGroups = false;
  186. if ($this->shareManager->shareWithGroupMembersOnly()) {
  187. $user = $this->userSession->getUser();
  188. if (!$user) {
  189. return [];
  190. }
  191. $restrictGroups = $this->groupManager->getUserGroupIds($user);
  192. }
  193. $searchLimit = $this->config->getSystemValueInt('sharing.maxAutocompleteResults', Constants::SHARING_MAX_AUTOCOMPLETE_RESULTS_DEFAULT);
  194. if ($searchLimit <= 0) {
  195. $searchLimit = null;
  196. }
  197. foreach ($searchProperties as $prop => $value) {
  198. switch ($prop) {
  199. case '{DAV:}displayname':
  200. $groups = $this->groupManager->search($value, $searchLimit);
  201. $results[] = array_reduce($groups, function (array $carry, IGroup $group) use ($restrictGroups) {
  202. $gid = $group->getGID();
  203. // is sharing restricted to groups only?
  204. if ($restrictGroups !== false) {
  205. if (!\in_array($gid, $restrictGroups, true)) {
  206. return $carry;
  207. }
  208. }
  209. $carry[] = self::PRINCIPAL_PREFIX . '/' . urlencode($gid);
  210. return $carry;
  211. }, []);
  212. break;
  213. case '{urn:ietf:params:xml:ns:caldav}calendar-user-address-set':
  214. // If you add support for more search properties that qualify as a user-address,
  215. // please also add them to the array below
  216. $results[] = $this->searchPrincipals(self::PRINCIPAL_PREFIX, [
  217. ], 'anyof');
  218. break;
  219. default:
  220. $results[] = [];
  221. break;
  222. }
  223. }
  224. // results is an array of arrays, so this is not the first search result
  225. // but the results of the first searchProperty
  226. if (count($results) === 1) {
  227. return $results[0];
  228. }
  229. switch ($test) {
  230. case 'anyof':
  231. return array_values(array_unique(array_merge(...$results)));
  232. case 'allof':
  233. default:
  234. return array_values(array_intersect(...$results));
  235. }
  236. }
  237. /**
  238. * @param string $uri
  239. * @param string $principalPrefix
  240. * @return string
  241. */
  242. public function findByUri($uri, $principalPrefix) {
  243. // If sharing is disabled, return the empty array
  244. if (!$this->groupSharingEnabled()) {
  245. return null;
  246. }
  247. // If sharing is restricted to group members only,
  248. // return only members that have groups in common
  249. $restrictGroups = false;
  250. if ($this->shareManager->shareWithGroupMembersOnly()) {
  251. $user = $this->userSession->getUser();
  252. if (!$user) {
  253. return null;
  254. }
  255. $restrictGroups = $this->groupManager->getUserGroupIds($user);
  256. }
  257. if (strpos($uri, 'principal:principals/groups/') === 0) {
  258. $name = urlencode(substr($uri, 28));
  259. if ($restrictGroups !== false && !\in_array($name, $restrictGroups, true)) {
  260. return null;
  261. }
  262. return substr($uri, 10);
  263. }
  264. return null;
  265. }
  266. /**
  267. * @param IGroup $group
  268. * @return array
  269. */
  270. protected function groupToPrincipal($group) {
  271. $groupId = $group->getGID();
  272. // getDisplayName returns UID if none
  273. $displayName = $group->getDisplayName();
  274. return [
  275. 'uri' => 'principals/groups/' . urlencode($groupId),
  276. '{DAV:}displayname' => $displayName,
  277. '{urn:ietf:params:xml:ns:caldav}calendar-user-type' => 'GROUP',
  278. ];
  279. }
  280. /**
  281. * @param IUser $user
  282. * @return array
  283. */
  284. protected function userToPrincipal($user) {
  285. $userId = $user->getUID();
  286. // getDisplayName returns UID if none
  287. $displayName = $user->getDisplayName();
  288. $principal = [
  289. 'uri' => 'principals/users/' . $userId,
  290. '{DAV:}displayname' => $displayName,
  291. '{urn:ietf:params:xml:ns:caldav}calendar-user-type' => 'INDIVIDUAL',
  292. ];
  293. $email = $user->getSystemEMailAddress();
  294. if (!empty($email)) {
  295. $principal['{http://sabredav.org/ns}email-address'] = $email;
  296. }
  297. return $principal;
  298. }
  299. /**
  300. * @return bool
  301. */
  302. private function groupSharingEnabled(): bool {
  303. return $this->shareManager->shareApiEnabled() && $this->shareManager->allowGroupSharing();
  304. }
  305. }