UpdateGroupsService.php 8.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * @copyright Copyright (c) 2016, ownCloud, Inc.
  5. *
  6. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  7. * @author Bart Visscher <bartv@thisnet.nl>
  8. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  9. * @author Côme Chilliet <come.chilliet@nextcloud.com>
  10. * @author Joas Schilling <coding@schilljs.com>
  11. * @author Lukas Reschke <lukas@statuscode.ch>
  12. * @author Morris Jobke <hey@morrisjobke.de>
  13. * @author Robin Appelman <robin@icewind.nl>
  14. * @author Robin McCorkell <robin@mccorkell.me.uk>
  15. *
  16. * @license AGPL-3.0
  17. *
  18. * This code is free software: you can redistribute it and/or modify
  19. * it under the terms of the GNU Affero General Public License, version 3,
  20. * as published by the Free Software Foundation.
  21. *
  22. * This program is distributed in the hope that it will be useful,
  23. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  24. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25. * GNU Affero General Public License for more details.
  26. *
  27. * You should have received a copy of the GNU Affero General Public License, version 3,
  28. * along with this program. If not, see <http://www.gnu.org/licenses/>
  29. *
  30. */
  31. namespace OCA\User_LDAP\Service;
  32. use OCA\User_LDAP\Db\GroupMembership;
  33. use OCA\User_LDAP\Db\GroupMembershipMapper;
  34. use OCA\User_LDAP\Group_Proxy;
  35. use OCP\DB\Exception;
  36. use OCP\EventDispatcher\IEventDispatcher;
  37. use OCP\Group\Events\UserAddedEvent;
  38. use OCP\Group\Events\UserRemovedEvent;
  39. use OCP\IGroup;
  40. use OCP\IGroupManager;
  41. use OCP\IUser;
  42. use OCP\IUserManager;
  43. use Psr\Log\LoggerInterface;
  44. class UpdateGroupsService {
  45. public function __construct(
  46. private Group_Proxy $groupBackend,
  47. private IEventDispatcher $dispatcher,
  48. private IGroupManager $groupManager,
  49. private IUserManager $userManager,
  50. private LoggerInterface $logger,
  51. private GroupMembershipMapper $groupMembershipMapper,
  52. ) {
  53. }
  54. /**
  55. * @throws Exception
  56. */
  57. public function updateGroups(): void {
  58. $knownGroups = $this->groupMembershipMapper->getKnownGroups();
  59. $actualGroups = $this->groupBackend->getGroups();
  60. if (empty($actualGroups) && empty($knownGroups)) {
  61. $this->logger->info(
  62. 'service "updateGroups" - groups do not seem to be configured properly, aborting.',
  63. );
  64. return;
  65. }
  66. $this->handleKnownGroups(array_intersect($actualGroups, $knownGroups));
  67. $this->handleCreatedGroups(array_diff($actualGroups, $knownGroups));
  68. $this->handleRemovedGroups(array_diff($knownGroups, $actualGroups));
  69. $this->logger->debug('service "updateGroups" - Finished.');
  70. }
  71. /**
  72. * @param string[] $groups
  73. * @throws Exception
  74. */
  75. public function handleKnownGroups(array $groups): void {
  76. $this->logger->debug('service "updateGroups" - Dealing with known Groups.');
  77. foreach ($groups as $group) {
  78. $this->logger->debug('service "updateGroups" - Dealing with {group}.', ['group' => $group]);
  79. $groupMemberships = $this->groupMembershipMapper->findGroupMemberships($group);
  80. $knownUsers = array_map(
  81. static fn (GroupMembership $groupMembership): string => $groupMembership->getUserid(),
  82. $groupMemberships
  83. );
  84. $groupMemberships = array_combine($knownUsers, $groupMemberships);
  85. $actualUsers = $this->groupBackend->usersInGroup($group);
  86. $groupObject = $this->groupManager->get($group);
  87. if ($groupObject === null) {
  88. /* We are not expecting the group to not be found since it was returned by $this->groupBackend->getGroups() */
  89. $this->logger->error(
  90. 'service "updateGroups" - Failed to get group {group} for update',
  91. [
  92. 'group' => $group
  93. ]
  94. );
  95. continue;
  96. }
  97. foreach (array_diff($knownUsers, $actualUsers) as $removedUser) {
  98. try {
  99. $this->groupMembershipMapper->delete($groupMemberships[$removedUser]);
  100. } catch (Exception $e) {
  101. if ($e->getReason() !== Exception::REASON_DATABASE_OBJECT_NOT_FOUND) {
  102. /* If reason is not found something else removed the membership, that’s fine */
  103. $this->logger->error(
  104. __CLASS__ . ' - group {group} membership failed to be removed (user {user})',
  105. [
  106. 'app' => 'user_ldap',
  107. 'user' => $removedUser,
  108. 'group' => $group,
  109. 'exception' => $e,
  110. ]
  111. );
  112. }
  113. /* We failed to delete the groupmembership so we do not want to advertise it */
  114. continue;
  115. }
  116. $userObject = $this->userManager->get($removedUser);
  117. if ($userObject instanceof IUser) {
  118. $this->dispatcher->dispatchTyped(new UserRemovedEvent($groupObject, $userObject));
  119. }
  120. $this->logger->info(
  121. 'service "updateGroups" - {user} removed from {group}',
  122. [
  123. 'user' => $removedUser,
  124. 'group' => $group
  125. ]
  126. );
  127. }
  128. foreach (array_diff($actualUsers, $knownUsers) as $addedUser) {
  129. try {
  130. $this->groupMembershipMapper->insert(GroupMembership::fromParams(['groupid' => $group,'userid' => $addedUser]));
  131. } catch (Exception $e) {
  132. if ($e->getReason() !== Exception::REASON_UNIQUE_CONSTRAINT_VIOLATION) {
  133. /* If reason is unique constraint something else added the membership, that’s fine */
  134. $this->logger->error(
  135. __CLASS__ . ' - group {group} membership failed to be added (user {user})',
  136. [
  137. 'app' => 'user_ldap',
  138. 'user' => $addedUser,
  139. 'group' => $group,
  140. 'exception' => $e,
  141. ]
  142. );
  143. }
  144. /* We failed to insert the groupmembership so we do not want to advertise it */
  145. continue;
  146. }
  147. $userObject = $this->userManager->get($addedUser);
  148. if ($userObject instanceof IUser) {
  149. $this->dispatcher->dispatchTyped(new UserAddedEvent($groupObject, $userObject));
  150. }
  151. $this->logger->info(
  152. 'service "updateGroups" - {user} added to {group}',
  153. [
  154. 'user' => $addedUser,
  155. 'group' => $group
  156. ]
  157. );
  158. }
  159. }
  160. $this->logger->debug('service "updateGroups" - FINISHED dealing with known Groups.');
  161. }
  162. /**
  163. * @param string[] $createdGroups
  164. * @throws Exception
  165. */
  166. public function handleCreatedGroups(array $createdGroups): void {
  167. $this->logger->debug('service "updateGroups" - dealing with created Groups.');
  168. foreach ($createdGroups as $createdGroup) {
  169. $this->logger->info('service "updateGroups" - new group "' . $createdGroup . '" found.');
  170. $users = $this->groupBackend->usersInGroup($createdGroup);
  171. $groupObject = $this->groupManager->get($createdGroup);
  172. foreach ($users as $user) {
  173. try {
  174. $this->groupMembershipMapper->insert(GroupMembership::fromParams(['groupid' => $createdGroup,'userid' => $user]));
  175. } catch (Exception $e) {
  176. if ($e->getReason() !== Exception::REASON_UNIQUE_CONSTRAINT_VIOLATION) {
  177. $this->logger->error(
  178. __CLASS__ . ' - group {group} membership failed to be added (user {user})',
  179. [
  180. 'app' => 'user_ldap',
  181. 'user' => $user,
  182. 'group' => $createdGroup,
  183. 'exception' => $e,
  184. ]
  185. );
  186. }
  187. /* We failed to insert the groupmembership so we do not want to advertise it */
  188. continue;
  189. }
  190. if ($groupObject instanceof IGroup) {
  191. $userObject = $this->userManager->get($user);
  192. if ($userObject instanceof IUser) {
  193. $this->dispatcher->dispatchTyped(new UserAddedEvent($groupObject, $userObject));
  194. }
  195. }
  196. }
  197. }
  198. $this->logger->debug('service "updateGroups" - FINISHED dealing with created Groups.');
  199. }
  200. /**
  201. * @param string[] $removedGroups
  202. * @throws Exception
  203. */
  204. public function handleRemovedGroups(array $removedGroups): void {
  205. $this->logger->debug('service "updateGroups" - dealing with removed groups.');
  206. $this->groupMembershipMapper->deleteGroups($removedGroups);
  207. foreach ($removedGroups as $group) {
  208. $groupObject = $this->groupManager->get($group);
  209. if ($groupObject instanceof IGroup) {
  210. $groupMemberships = $this->groupMembershipMapper->findGroupMemberships($group);
  211. foreach ($groupMemberships as $groupMembership) {
  212. $userObject = $this->userManager->get($groupMembership->getUserid());
  213. if ($userObject instanceof IUser) {
  214. $this->dispatcher->dispatchTyped(new UserRemovedEvent($groupObject, $userObject));
  215. }
  216. }
  217. }
  218. }
  219. $this->logger->info(
  220. 'service "updateGroups" - groups {removedGroups} were removed.',
  221. [
  222. 'removedGroups' => $removedGroups
  223. ]
  224. );
  225. }
  226. }