1
0

GroupPrincipalBackend.php 7.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  5. * SPDX-License-Identifier: AGPL-3.0-only
  6. */
  7. namespace OCA\DAV\DAV;
  8. use OCP\Constants;
  9. use OCP\IConfig;
  10. use OCP\IGroup;
  11. use OCP\IGroupManager;
  12. use OCP\IUser;
  13. use OCP\IUserSession;
  14. use OCP\Share\IManager as IShareManager;
  15. use Sabre\DAV\Exception;
  16. use Sabre\DAV\PropPatch;
  17. use Sabre\DAVACL\PrincipalBackend\BackendInterface;
  18. class GroupPrincipalBackend implements BackendInterface {
  19. public const PRINCIPAL_PREFIX = 'principals/groups';
  20. /** @var IGroupManager */
  21. private $groupManager;
  22. /** @var IUserSession */
  23. private $userSession;
  24. /** @var IShareManager */
  25. private $shareManager;
  26. /** @var IConfig */
  27. private $config;
  28. /**
  29. * @param IGroupManager $IGroupManager
  30. * @param IUserSession $userSession
  31. * @param IShareManager $shareManager
  32. */
  33. public function __construct(
  34. IGroupManager $IGroupManager,
  35. IUserSession $userSession,
  36. IShareManager $shareManager,
  37. IConfig $config,
  38. ) {
  39. $this->groupManager = $IGroupManager;
  40. $this->userSession = $userSession;
  41. $this->shareManager = $shareManager;
  42. $this->config = $config;
  43. }
  44. /**
  45. * Returns a list of principals based on a prefix.
  46. *
  47. * This prefix will often contain something like 'principals'. You are only
  48. * expected to return principals that are in this base path.
  49. *
  50. * You are expected to return at least a 'uri' for every user, you can
  51. * return any additional properties if you wish so. Common properties are:
  52. * {DAV:}displayname
  53. *
  54. * @param string $prefixPath
  55. * @return string[]
  56. */
  57. public function getPrincipalsByPrefix($prefixPath) {
  58. $principals = [];
  59. if ($prefixPath === self::PRINCIPAL_PREFIX) {
  60. foreach ($this->groupManager->search('') as $user) {
  61. $principals[] = $this->groupToPrincipal($user);
  62. }
  63. }
  64. return $principals;
  65. }
  66. /**
  67. * Returns a specific principal, specified by it's path.
  68. * The returned structure should be the exact same as from
  69. * getPrincipalsByPrefix.
  70. *
  71. * @param string $path
  72. * @return array
  73. */
  74. public function getPrincipalByPath($path) {
  75. $elements = explode('/', $path, 3);
  76. if ($elements[0] !== 'principals') {
  77. return null;
  78. }
  79. if ($elements[1] !== 'groups') {
  80. return null;
  81. }
  82. $name = urldecode($elements[2]);
  83. $group = $this->groupManager->get($name);
  84. if (!is_null($group)) {
  85. return $this->groupToPrincipal($group);
  86. }
  87. return null;
  88. }
  89. /**
  90. * Returns the list of members for a group-principal
  91. *
  92. * @param string $principal
  93. * @return array
  94. * @throws Exception
  95. */
  96. public function getGroupMemberSet($principal) {
  97. $elements = explode('/', $principal);
  98. if ($elements[0] !== 'principals') {
  99. return [];
  100. }
  101. if ($elements[1] !== 'groups') {
  102. return [];
  103. }
  104. $name = $elements[2];
  105. $group = $this->groupManager->get($name);
  106. if (is_null($group)) {
  107. return [];
  108. }
  109. return array_map(function ($user) {
  110. return $this->userToPrincipal($user);
  111. }, $group->getUsers());
  112. }
  113. /**
  114. * Returns the list of groups a principal is a member of
  115. *
  116. * @param string $principal
  117. * @return array
  118. * @throws Exception
  119. */
  120. public function getGroupMembership($principal) {
  121. return [];
  122. }
  123. /**
  124. * Updates the list of group members for a group principal.
  125. *
  126. * The principals should be passed as a list of uri's.
  127. *
  128. * @param string $principal
  129. * @param string[] $members
  130. * @throws Exception
  131. */
  132. public function setGroupMemberSet($principal, array $members) {
  133. throw new Exception('Setting members of the group is not supported yet');
  134. }
  135. /**
  136. * @param string $path
  137. * @param PropPatch $propPatch
  138. * @return int
  139. */
  140. public function updatePrincipal($path, PropPatch $propPatch) {
  141. return 0;
  142. }
  143. /**
  144. * @param string $prefixPath
  145. * @param array $searchProperties
  146. * @param string $test
  147. * @return array
  148. */
  149. public function searchPrincipals($prefixPath, array $searchProperties, $test = 'allof') {
  150. $results = [];
  151. if (\count($searchProperties) === 0) {
  152. return [];
  153. }
  154. if ($prefixPath !== self::PRINCIPAL_PREFIX) {
  155. return [];
  156. }
  157. // If sharing or group sharing is disabled, return the empty array
  158. if (!$this->groupSharingEnabled()) {
  159. return [];
  160. }
  161. // If sharing is restricted to group members only,
  162. // return only members that have groups in common
  163. $restrictGroups = false;
  164. if ($this->shareManager->shareWithGroupMembersOnly()) {
  165. $user = $this->userSession->getUser();
  166. if (!$user) {
  167. return [];
  168. }
  169. $restrictGroups = $this->groupManager->getUserGroupIds($user);
  170. }
  171. $searchLimit = $this->config->getSystemValueInt('sharing.maxAutocompleteResults', Constants::SHARING_MAX_AUTOCOMPLETE_RESULTS_DEFAULT);
  172. if ($searchLimit <= 0) {
  173. $searchLimit = null;
  174. }
  175. foreach ($searchProperties as $prop => $value) {
  176. switch ($prop) {
  177. case '{DAV:}displayname':
  178. $groups = $this->groupManager->search($value, $searchLimit);
  179. $results[] = array_reduce($groups, function (array $carry, IGroup $group) use ($restrictGroups) {
  180. $gid = $group->getGID();
  181. // is sharing restricted to groups only?
  182. if ($restrictGroups !== false) {
  183. if (!\in_array($gid, $restrictGroups, true)) {
  184. return $carry;
  185. }
  186. }
  187. $carry[] = self::PRINCIPAL_PREFIX . '/' . urlencode($gid);
  188. return $carry;
  189. }, []);
  190. break;
  191. case '{urn:ietf:params:xml:ns:caldav}calendar-user-address-set':
  192. // If you add support for more search properties that qualify as a user-address,
  193. // please also add them to the array below
  194. $results[] = $this->searchPrincipals(self::PRINCIPAL_PREFIX, [
  195. ], 'anyof');
  196. break;
  197. default:
  198. $results[] = [];
  199. break;
  200. }
  201. }
  202. // results is an array of arrays, so this is not the first search result
  203. // but the results of the first searchProperty
  204. if (count($results) === 1) {
  205. return $results[0];
  206. }
  207. switch ($test) {
  208. case 'anyof':
  209. return array_values(array_unique(array_merge(...$results)));
  210. case 'allof':
  211. default:
  212. return array_values(array_intersect(...$results));
  213. }
  214. }
  215. /**
  216. * @param string $uri
  217. * @param string $principalPrefix
  218. * @return string
  219. */
  220. public function findByUri($uri, $principalPrefix) {
  221. // If sharing is disabled, return the empty array
  222. if (!$this->groupSharingEnabled()) {
  223. return null;
  224. }
  225. // If sharing is restricted to group members only,
  226. // return only members that have groups in common
  227. $restrictGroups = false;
  228. if ($this->shareManager->shareWithGroupMembersOnly()) {
  229. $user = $this->userSession->getUser();
  230. if (!$user) {
  231. return null;
  232. }
  233. $restrictGroups = $this->groupManager->getUserGroupIds($user);
  234. }
  235. if (str_starts_with($uri, 'principal:principals/groups/')) {
  236. $name = urlencode(substr($uri, 28));
  237. if ($restrictGroups !== false && !\in_array($name, $restrictGroups, true)) {
  238. return null;
  239. }
  240. return substr($uri, 10);
  241. }
  242. return null;
  243. }
  244. /**
  245. * @param IGroup $group
  246. * @return array
  247. */
  248. protected function groupToPrincipal($group) {
  249. $groupId = $group->getGID();
  250. // getDisplayName returns UID if none
  251. $displayName = $group->getDisplayName();
  252. return [
  253. 'uri' => 'principals/groups/' . urlencode($groupId),
  254. '{DAV:}displayname' => $displayName,
  255. '{urn:ietf:params:xml:ns:caldav}calendar-user-type' => 'GROUP',
  256. ];
  257. }
  258. /**
  259. * @param IUser $user
  260. * @return array
  261. */
  262. protected function userToPrincipal($user) {
  263. $userId = $user->getUID();
  264. // getDisplayName returns UID if none
  265. $displayName = $user->getDisplayName();
  266. $principal = [
  267. 'uri' => 'principals/users/' . $userId,
  268. '{DAV:}displayname' => $displayName,
  269. '{urn:ietf:params:xml:ns:caldav}calendar-user-type' => 'INDIVIDUAL',
  270. ];
  271. $email = $user->getSystemEMailAddress();
  272. if (!empty($email)) {
  273. $principal['{http://sabredav.org/ns}email-address'] = $email;
  274. }
  275. return $principal;
  276. }
  277. /**
  278. * @return bool
  279. */
  280. private function groupSharingEnabled(): bool {
  281. return $this->shareManager->shareApiEnabled() && $this->shareManager->allowGroupSharing();
  282. }
  283. }