ProfileApiController.php 2.7 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-License-Identifier: AGPL-3.0-or-later
  6. */
  7. namespace OC\Core\Controller;
  8. use OC\Core\Db\ProfileConfigMapper;
  9. use OC\Profile\ProfileManager;
  10. use OCP\AppFramework\Http;
  11. use OCP\AppFramework\Http\Attribute\ApiRoute;
  12. use OCP\AppFramework\Http\Attribute\NoAdminRequired;
  13. use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired;
  14. use OCP\AppFramework\Http\Attribute\UserRateLimit;
  15. use OCP\AppFramework\Http\DataResponse;
  16. use OCP\AppFramework\OCS\OCSBadRequestException;
  17. use OCP\AppFramework\OCS\OCSForbiddenException;
  18. use OCP\AppFramework\OCS\OCSNotFoundException;
  19. use OCP\AppFramework\OCSController;
  20. use OCP\IRequest;
  21. use OCP\IUserManager;
  22. use OCP\IUserSession;
  23. class ProfileApiController extends OCSController {
  24. public function __construct(
  25. IRequest $request,
  26. private ProfileConfigMapper $configMapper,
  27. private ProfileManager $profileManager,
  28. private IUserManager $userManager,
  29. private IUserSession $userSession,
  30. ) {
  31. parent::__construct('core', $request);
  32. }
  33. /**
  34. * @NoSubAdminRequired
  35. *
  36. * Update the visibility of a parameter
  37. *
  38. * @param string $targetUserId ID of the user
  39. * @param string $paramId ID of the parameter
  40. * @param string $visibility New visibility
  41. * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
  42. * @throws OCSBadRequestException Updating visibility is not possible
  43. * @throws OCSForbiddenException Not allowed to edit other users visibility
  44. * @throws OCSNotFoundException Account not found
  45. *
  46. * 200: Visibility updated successfully
  47. */
  48. #[NoAdminRequired]
  49. #[PasswordConfirmationRequired]
  50. #[UserRateLimit(40, 600)]
  51. #[ApiRoute(verb: 'PUT', url: '/{targetUserId}', root: '/profile')]
  52. public function setVisibility(string $targetUserId, string $paramId, string $visibility): DataResponse {
  53. $requestingUser = $this->userSession->getUser();
  54. $targetUser = $this->userManager->get($targetUserId);
  55. if (!$this->userManager->userExists($targetUserId)) {
  56. throw new OCSNotFoundException('Account does not exist');
  57. }
  58. if ($requestingUser !== $targetUser) {
  59. throw new OCSForbiddenException('People can only edit their own visibility settings');
  60. }
  61. // Ensure that a profile config is created in the database
  62. $this->profileManager->getProfileConfig($targetUser, $targetUser);
  63. $config = $this->configMapper->get($targetUserId);
  64. if (!in_array($paramId, array_keys($config->getVisibilityMap()), true)) {
  65. throw new OCSBadRequestException('Account does not have a profile parameter with ID: ' . $paramId);
  66. }
  67. $config->setVisibility($paramId, $visibility);
  68. $this->configMapper->update($config);
  69. return new DataResponse();
  70. }
  71. }