SubAdmin.php 8.2 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  6. * @author Bart Visscher <bartv@thisnet.nl>
  7. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  8. * @author Georg Ehrke <oc.list@georgehrke.com>
  9. * @author Joas Schilling <coding@schilljs.com>
  10. * @author John Molakvoæ <skjnldsv@protonmail.com>
  11. * @author Lukas Reschke <lukas@statuscode.ch>
  12. * @author Mikael Hammarin <mikael@try2.se>
  13. * @author Morris Jobke <hey@morrisjobke.de>
  14. * @author Roeland Jago Douma <roeland@famdouma.nl>
  15. *
  16. * @license AGPL-3.0
  17. *
  18. * This code is free software: you can redistribute it and/or modify
  19. * it under the terms of the GNU Affero General Public License, version 3,
  20. * as published by the Free Software Foundation.
  21. *
  22. * This program is distributed in the hope that it will be useful,
  23. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  24. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  25. * GNU Affero General Public License for more details.
  26. *
  27. * You should have received a copy of the GNU Affero General Public License, version 3,
  28. * along with this program. If not, see <http://www.gnu.org/licenses/>
  29. *
  30. */
  31. namespace OC;
  32. use OC\Hooks\PublicEmitter;
  33. use OCP\EventDispatcher\IEventDispatcher;
  34. use OCP\Group\Events\SubAdminAddedEvent;
  35. use OCP\Group\Events\SubAdminRemovedEvent;
  36. use OCP\Group\ISubAdmin;
  37. use OCP\IDBConnection;
  38. use OCP\IGroup;
  39. use OCP\IGroupManager;
  40. use OCP\IUser;
  41. use OCP\IUserManager;
  42. class SubAdmin extends PublicEmitter implements ISubAdmin {
  43. /** @var IUserManager */
  44. private $userManager;
  45. /** @var IGroupManager */
  46. private $groupManager;
  47. /** @var IDBConnection */
  48. private $dbConn;
  49. /** @var IEventDispatcher */
  50. private $eventDispatcher;
  51. /**
  52. * @param IUserManager $userManager
  53. * @param IGroupManager $groupManager
  54. * @param IDBConnection $dbConn
  55. */
  56. public function __construct(IUserManager $userManager,
  57. IGroupManager $groupManager,
  58. IDBConnection $dbConn,
  59. IEventDispatcher $eventDispatcher) {
  60. $this->userManager = $userManager;
  61. $this->groupManager = $groupManager;
  62. $this->dbConn = $dbConn;
  63. $this->eventDispatcher = $eventDispatcher;
  64. $this->userManager->listen('\OC\User', 'postDelete', function ($user) {
  65. $this->post_deleteUser($user);
  66. });
  67. $this->groupManager->listen('\OC\Group', 'postDelete', function ($group) {
  68. $this->post_deleteGroup($group);
  69. });
  70. }
  71. /**
  72. * add a SubAdmin
  73. * @param IUser $user user to be SubAdmin
  74. * @param IGroup $group group $user becomes subadmin of
  75. */
  76. public function createSubAdmin(IUser $user, IGroup $group): void {
  77. $qb = $this->dbConn->getQueryBuilder();
  78. $qb->insert('group_admin')
  79. ->values([
  80. 'gid' => $qb->createNamedParameter($group->getGID()),
  81. 'uid' => $qb->createNamedParameter($user->getUID())
  82. ])
  83. ->execute();
  84. /** @deprecated 21.0.0 - use type SubAdminAddedEvent instead */
  85. $this->emit('\OC\SubAdmin', 'postCreateSubAdmin', [$user, $group]);
  86. $event = new SubAdminAddedEvent($group, $user);
  87. $this->eventDispatcher->dispatchTyped($event);
  88. }
  89. /**
  90. * delete a SubAdmin
  91. * @param IUser $user the user that is the SubAdmin
  92. * @param IGroup $group the group
  93. */
  94. public function deleteSubAdmin(IUser $user, IGroup $group): void {
  95. $qb = $this->dbConn->getQueryBuilder();
  96. $qb->delete('group_admin')
  97. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  98. ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  99. ->execute();
  100. /** @deprecated 21.0.0 - use type SubAdminRemovedEvent instead */
  101. $this->emit('\OC\SubAdmin', 'postDeleteSubAdmin', [$user, $group]);
  102. $event = new SubAdminRemovedEvent($group, $user);
  103. $this->eventDispatcher->dispatchTyped($event);
  104. }
  105. /**
  106. * get groups of a SubAdmin
  107. * @param IUser $user the SubAdmin
  108. * @return IGroup[]
  109. */
  110. public function getSubAdminsGroups(IUser $user): array {
  111. $groupIds = $this->getSubAdminsGroupIds($user);
  112. $groups = [];
  113. foreach ($groupIds as $groupId) {
  114. $group = $this->groupManager->get($groupId);
  115. if ($group !== null) {
  116. $groups[$group->getGID()] = $group;
  117. }
  118. }
  119. return $groups;
  120. }
  121. /**
  122. * Get group ids of a SubAdmin
  123. * @param IUser $user the SubAdmin
  124. * @return string[]
  125. */
  126. public function getSubAdminsGroupIds(IUser $user): array {
  127. $qb = $this->dbConn->getQueryBuilder();
  128. $result = $qb->select('gid')
  129. ->from('group_admin')
  130. ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  131. ->execute();
  132. $groups = [];
  133. while ($row = $result->fetch()) {
  134. $groups[] = $row['gid'];
  135. }
  136. $result->closeCursor();
  137. return $groups;
  138. }
  139. /**
  140. * get an array of groupid and displayName for a user
  141. * @param IUser $user
  142. * @return array ['displayName' => displayname]
  143. */
  144. public function getSubAdminsGroupsName(IUser $user): array {
  145. return array_map(function ($group) {
  146. return ['displayName' => $group->getDisplayName()];
  147. }, $this->getSubAdminsGroups($user));
  148. }
  149. /**
  150. * get SubAdmins of a group
  151. * @param IGroup $group the group
  152. * @return IUser[]
  153. */
  154. public function getGroupsSubAdmins(IGroup $group): array {
  155. $qb = $this->dbConn->getQueryBuilder();
  156. $result = $qb->select('uid')
  157. ->from('group_admin')
  158. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  159. ->execute();
  160. $users = [];
  161. while ($row = $result->fetch()) {
  162. $user = $this->userManager->get($row['uid']);
  163. if (!is_null($user)) {
  164. $users[] = $user;
  165. }
  166. }
  167. $result->closeCursor();
  168. return $users;
  169. }
  170. /**
  171. * get all SubAdmins
  172. * @return array
  173. */
  174. public function getAllSubAdmins(): array {
  175. $qb = $this->dbConn->getQueryBuilder();
  176. $result = $qb->select('*')
  177. ->from('group_admin')
  178. ->execute();
  179. $subadmins = [];
  180. while ($row = $result->fetch()) {
  181. $user = $this->userManager->get($row['uid']);
  182. $group = $this->groupManager->get($row['gid']);
  183. if (!is_null($user) && !is_null($group)) {
  184. $subadmins[] = [
  185. 'user' => $user,
  186. 'group' => $group
  187. ];
  188. }
  189. }
  190. $result->closeCursor();
  191. return $subadmins;
  192. }
  193. /**
  194. * checks if a user is a SubAdmin of a group
  195. * @param IUser $user
  196. * @param IGroup $group
  197. * @return bool
  198. */
  199. public function isSubAdminOfGroup(IUser $user, IGroup $group): bool {
  200. $qb = $this->dbConn->getQueryBuilder();
  201. /*
  202. * Primary key is ('gid', 'uid') so max 1 result possible here
  203. */
  204. $result = $qb->select('*')
  205. ->from('group_admin')
  206. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  207. ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  208. ->execute();
  209. $fetch = $result->fetch();
  210. $result->closeCursor();
  211. $result = !empty($fetch) ? true : false;
  212. return $result;
  213. }
  214. /**
  215. * checks if a user is a SubAdmin
  216. * @param IUser $user
  217. * @return bool
  218. */
  219. public function isSubAdmin(IUser $user): bool {
  220. // Check if the user is already an admin
  221. if ($this->groupManager->isAdmin($user->getUID())) {
  222. return true;
  223. }
  224. $qb = $this->dbConn->getQueryBuilder();
  225. $result = $qb->select('gid')
  226. ->from('group_admin')
  227. ->andWhere($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  228. ->setMaxResults(1)
  229. ->execute();
  230. $isSubAdmin = $result->fetch();
  231. $result->closeCursor();
  232. return $isSubAdmin !== false;
  233. }
  234. /**
  235. * checks if a user is a accessible by a subadmin
  236. * @param IUser $subadmin
  237. * @param IUser $user
  238. * @return bool
  239. */
  240. public function isUserAccessible(IUser $subadmin, IUser $user): bool {
  241. if (!$this->isSubAdmin($subadmin)) {
  242. return false;
  243. }
  244. if ($this->groupManager->isAdmin($user->getUID())) {
  245. return false;
  246. }
  247. $accessibleGroups = $this->getSubAdminsGroupIds($subadmin);
  248. $userGroups = $this->groupManager->getUserGroupIds($user);
  249. return !empty(array_intersect($accessibleGroups, $userGroups));
  250. }
  251. /**
  252. * delete all SubAdmins by $user
  253. * @param IUser $user
  254. */
  255. private function post_deleteUser(IUser $user) {
  256. $qb = $this->dbConn->getQueryBuilder();
  257. $qb->delete('group_admin')
  258. ->where($qb->expr()->eq('uid', $qb->createNamedParameter($user->getUID())))
  259. ->execute();
  260. }
  261. /**
  262. * delete all SubAdmins by $group
  263. * @param IGroup $group
  264. */
  265. private function post_deleteGroup(IGroup $group) {
  266. $qb = $this->dbConn->getQueryBuilder();
  267. $qb->delete('group_admin')
  268. ->where($qb->expr()->eq('gid', $qb->createNamedParameter($group->getGID())))
  269. ->execute();
  270. }
  271. }