123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111 |
- <?php
- declare(strict_types=1);
- /**
- * SPDX-FileCopyrightText: 2023 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
- namespace OCA\User_LDAP\Command;
- use OCA\User_LDAP\Group_Proxy;
- use OCP\IGroup;
- use OCP\IGroupManager;
- use Symfony\Component\Console\Command\Command;
- use Symfony\Component\Console\Helper\QuestionHelper;
- use Symfony\Component\Console\Input\InputArgument;
- use Symfony\Component\Console\Input\InputInterface;
- use Symfony\Component\Console\Input\InputOption;
- use Symfony\Component\Console\Output\OutputInterface;
- use Symfony\Component\Console\Question\Question;
- class PromoteGroup extends Command {
- public function __construct(
- private IGroupManager $groupManager,
- private Group_Proxy $backend
- ) {
- parent::__construct();
- }
- protected function configure(): void {
- $this
- ->setName('ldap:promote-group')
- ->setDescription('declares the specified group as admin group (only one is possible per LDAP configuration)')
- ->addArgument(
- 'group',
- InputArgument::REQUIRED,
- 'the group ID in Nextcloud or a group name'
- )
- ->addOption(
- 'yes',
- 'y',
- InputOption::VALUE_NONE,
- 'do not ask for confirmation'
- );
- }
- protected function formatGroupName(IGroup $group): string {
- $idLabel = '';
- if ($group->getGID() !== $group->getDisplayName()) {
- $idLabel = sprintf(' (Group ID: %s)', $group->getGID());
- }
- return sprintf('%s%s', $group->getDisplayName(), $idLabel);
- }
- protected function promoteGroup(IGroup $group, InputInterface $input, OutputInterface $output): void {
- $access = $this->backend->getLDAPAccess($group->getGID());
- $currentlyPromotedGroupId = $access->connection->ldapAdminGroup;
- if ($currentlyPromotedGroupId === $group->getGID()) {
- $output->writeln('<info>The specified group is already promoted</info>');
- return;
- }
- if ($input->getOption('yes') === false) {
- $currentlyPromotedGroup = $this->groupManager->get($currentlyPromotedGroupId);
- $demoteLabel = '';
- if ($currentlyPromotedGroup instanceof IGroup && $this->backend->groupExists($currentlyPromotedGroup->getGID())) {
- $groupNameLabel = $this->formatGroupName($currentlyPromotedGroup);
- $demoteLabel = sprintf('and demote %s ', $groupNameLabel);
- }
- /** @var QuestionHelper $helper */
- $helper = $this->getHelper('question');
- $q = new Question(sprintf('Promote %s to the admin group %s(y|N)? ', $this->formatGroupName($group), $demoteLabel));
- $input->setOption('yes', $helper->ask($input, $output, $q) === 'y');
- }
- if ($input->getOption('yes') === true) {
- $access->connection->setConfiguration(['ldapAdminGroup' => $group->getGID()]);
- $access->connection->saveConfiguration();
- $output->writeln(sprintf('<info>Group %s was promoted</info>', $group->getDisplayName()));
- } else {
- $output->writeln('<comment>Group promotion cancelled</comment>');
- }
- }
- protected function execute(InputInterface $input, OutputInterface $output): int {
- $groupInput = (string)$input->getArgument('group');
- $group = $this->groupManager->get($groupInput);
- if ($group instanceof IGroup && $this->backend->groupExists($group->getGID())) {
- $this->promoteGroup($group, $input, $output);
- return 0;
- }
- $groupCandidates = $this->backend->getGroups($groupInput, 20);
- foreach ($groupCandidates as $gidCandidate) {
- $group = $this->groupManager->get($gidCandidate);
- if ($group !== null
- && $this->backend->groupExists($group->getGID()) // ensure it is an LDAP group
- && ($group->getGID() === $groupInput
- || $group->getDisplayName() === $groupInput)
- ) {
- $this->promoteGroup($group, $input, $output);
- return 0;
- }
- }
- $output->writeln('<error>No matching group found</error>');
- return 1;
- }
- }
|