[Bot] push changes from Files.com

Author: files-opensource-bot

README.md

@@ -583,7 +583,6 @@ Exception
 |`ApiKeyOnlyForDesktopAppException`|  `NotAuthorizedException` |
 |`ApiKeyOnlyForMobileAppException`|  `NotAuthorizedException` |
 |`ApiKeyOnlyForOfficeIntegrationException`|  `NotAuthorizedException` |
-|`BillingOrSiteAdminPermissionRequiredException`|  `NotAuthorizedException` |
 |`BillingPermissionRequiredException`|  `NotAuthorizedException` |
 |`BundleMaximumUsesReachedException`|  `NotAuthorizedException` |
 |`BundlePermissionRequiredException`|  `NotAuthorizedException` |
@@ -615,6 +614,11 @@ Exception
 |`ReauthenticationNeededActionException`|  `NotAuthorizedException` |
 |`RecaptchaFailedException`|  `NotAuthorizedException` |
 |`SelfManagedRequiredException`|  `NotAuthorizedException` |
+|`SiteAdminOrPartnerAdminPermissionRequiredException`|  `NotAuthorizedException` |
+|`SiteAdminOrWorkspaceAdminOrFolderAdminPermissionRequiredException`|  `NotAuthorizedException` |
+|`SiteAdminOrWorkspaceAdminOrPartnerAdminOrFolderAdminPermissionRequiredException`|  `NotAuthorizedException` |
+|`SiteAdminOrWorkspaceAdminOrPartnerAdminPermissionRequiredException`|  `NotAuthorizedException` |
+|`SiteAdminOrWorkspaceAdminPermissionRequiredException`|  `NotAuthorizedException` |
 |`SiteAdminRequiredException`|  `NotAuthorizedException` |
 |`SiteFilesAreImmutableException`|  `NotAuthorizedException` |
 |`TwoFactorAuthenticationRequiredException`|  `NotAuthorizedException` |

_VERSION

@@ -1 +1 @@
-2.0.527
+2.0.528

docs/Model/Partner.md

@@ -5,6 +5,7 @@
 ```
 {
   "allow_bypassing_2fa_policies": true,
+  "allowed_ips": "10.0.0.0/8\n127.0.0.1",
   "allow_credential_changes": true,
   "allow_providing_gpg_keys": true,
   "allow_user_creation": true,
@@ -28,6 +29,7 @@
 ```
 
 * `allow_bypassing_2fa_policies` (boolean): Allow Partner Admins to change Two-Factor Authentication requirements for Partner Users.
+* `allowed_ips` (string): A list of allowed IPs for this Partner. Newline delimited. Partner User IP access is allowed when the IP matches the Partner, User, or Site allowed IP lists.
 * `allow_credential_changes` (boolean): Allow Partner Admins to change or reset credentials for users belonging to this Partner.
 * `allow_providing_gpg_keys` (boolean): Allow Partner Admins to provide GPG keys.
 * `allow_user_creation` (boolean): Allow Partner Admins to create users.
@@ -78,6 +80,7 @@ $partner->find($id);
 ```
 $partner = new \Files\Model\Partner();
 $partner->create(, [
+  'allowed_ips' => "10.0.0.0/8\n127.0.0.1",
   'allow_bypassing_2fa_policies' => false,
   'allow_credential_changes' => false,
   'allow_providing_gpg_keys' => false,
@@ -93,6 +96,7 @@ $partner->create(, [
 
 ### Parameters
 
+* `allowed_ips` (string): A list of allowed IPs for this Partner. Newline delimited. Partner User IP access is allowed when the IP matches the Partner, User, or Site allowed IP lists.
 * `allow_bypassing_2fa_policies` (boolean): Allow Partner Admins to change Two-Factor Authentication requirements for Partner Users.
 * `allow_credential_changes` (boolean): Allow Partner Admins to change or reset credentials for users belonging to this Partner.
 * `allow_providing_gpg_keys` (boolean): Allow Partner Admins to provide GPG keys.
@@ -111,6 +115,7 @@ $partner->create(, [
 $partner = \Files\Model\Partner::find($id);
 
 $partner->update([
+  'allowed_ips' => "10.0.0.0/8\n127.0.0.1",
   'allow_bypassing_2fa_policies' => false,
   'allow_credential_changes' => false,
   'allow_providing_gpg_keys' => false,
@@ -125,6 +130,7 @@ $partner->update([
 ### Parameters
 
 * `id` (int64): Required - Partner ID.
+* `allowed_ips` (string): A list of allowed IPs for this Partner. Newline delimited. Partner User IP access is allowed when the IP matches the Partner, User, or Site allowed IP lists.
 * `allow_bypassing_2fa_policies` (boolean): Allow Partner Admins to change Two-Factor Authentication requirements for Partner Users.
 * `allow_credential_changes` (boolean): Allow Partner Admins to change or reset credentials for users belonging to this Partner.
 * `allow_providing_gpg_keys` (boolean): Allow Partner Admins to provide GPG keys.
@@ -139,6 +145,7 @@ $partner->update([
 ```json
 {
   "allow_bypassing_2fa_policies": true,
+  "allowed_ips": "10.0.0.0/8\n127.0.0.1",
   "allow_credential_changes": true,
   "allow_providing_gpg_keys": true,
   "allow_user_creation": true,

docs/Model/Site.md

@@ -88,6 +88,12 @@
   "non_sso_groups_allowed": true,
   "non_sso_users_allowed": true,
   "folder_permissions_groups_only": true,
+  "group_admins_can_add_users": true,
+  "group_admins_can_delete_users": true,
+  "group_admins_can_enable_disable_users": true,
+  "group_admins_can_modify_users": true,
+  "group_admins_can_reset_passwords": true,
+  "group_admins_can_set_user_password": true,
   "hipaa": true,
   "icon128": {
     "name": "My logo",
@@ -270,6 +276,7 @@
     "partner_name": "example",
     "password_set_at": "2000-01-01T01:00:00Z",
     "password_validity_days": 1,
+    "primary_group_id": 1,
     "public_keys_count": 1,
     "receive_admin_alerts": true,
     "require_2fa": "always_require",
@@ -315,8 +322,7 @@
   "welcome_email_subject": "example",
   "welcome_email_enabled": true,
   "welcome_screen": "user_controlled",
-  "windows_mode_ftp": true,
-  "group_admins_can_set_user_password": true
+  "windows_mode_ftp": true
 }
 ```
 
@@ -395,6 +401,12 @@
 * `non_sso_groups_allowed` (boolean): If true, groups can be manually created / modified / deleted by Site Admins. Otherwise, groups can only be managed via your SSO provider.
 * `non_sso_users_allowed` (boolean): If true, users can be manually created / modified / deleted by Site Admins. Otherwise, users can only be managed via your SSO provider.
 * `folder_permissions_groups_only` (boolean): If true, permissions for this site must be bound to a group (not a user).
+* `group_admins_can_add_users` (boolean): Allow group admins to create users in their groups
+* `group_admins_can_delete_users` (boolean): Allow group admins to delete users in their groups
+* `group_admins_can_enable_disable_users` (boolean): Allow group admins to enable or disable users in their groups
+* `group_admins_can_modify_users` (boolean): Allow group admins to modify users in their groups
+* `group_admins_can_reset_passwords` (boolean): Allow group admins to reset passwords for users in their groups
+* `group_admins_can_set_user_password` (boolean): Allow group admins to set password authentication method
 * `hipaa` (boolean): Is there a signed HIPAA BAA between Files.com and this site?
 * `icon128` (Image): Branded icon 128x128
 * `icon16` (Image): Branded icon 16x16
@@ -496,7 +508,6 @@
 * `welcome_email_enabled` (boolean): Will the welcome email be sent to new users?
 * `welcome_screen` (string): Does the welcome screen appear?
 * `windows_mode_ftp` (boolean): Does FTP user Windows emulation mode?
-* `group_admins_can_set_user_password` (boolean): Allow group admins set password authentication method
 
 ---
 
@@ -629,6 +640,11 @@ $site->update(, [
   'protocol_access_groups_only' => false,
   'revoke_bundle_access_on_disable_or_delete' => false,
   'bundle_watermark_value' => {"key":"example value"},
+  'group_admins_can_add_users' => false,
+  'group_admins_can_delete_users' => false,
+  'group_admins_can_enable_disable_users' => false,
+  'group_admins_can_modify_users' => false,
+  'group_admins_can_reset_passwords' => false,
   'group_admins_can_set_user_password' => false,
   'bundle_recipient_blacklist_free_email_domains' => false,
   'bundle_recipient_blacklist_domains' => ["example"],
@@ -795,7 +811,12 @@ $site->update(, [
 * `protocol_access_groups_only` (boolean): If true, protocol access permissions on users will be ignored, and only protocol access permissions set on Groups will be honored.  Make sure that your current user is a member of a group with API permission when changing this value to avoid locking yourself out of your site.
 * `revoke_bundle_access_on_disable_or_delete` (boolean): Auto-removes bundles for disabled/deleted users and enforces bundle expiry within user access period.
 * `bundle_watermark_value` (object): Preview watermark settings applied to all bundle items. Uses the same keys as Behavior.value
-* `group_admins_can_set_user_password` (boolean): Allow group admins set password authentication method
+* `group_admins_can_add_users` (boolean): Allow group admins to create users in their groups
+* `group_admins_can_delete_users` (boolean): Allow group admins to delete users in their groups
+* `group_admins_can_enable_disable_users` (boolean): Allow group admins to enable or disable users in their groups
+* `group_admins_can_modify_users` (boolean): Allow group admins to modify users in their groups
+* `group_admins_can_reset_passwords` (boolean): Allow group admins to reset passwords for users in their groups
+* `group_admins_can_set_user_password` (boolean): Allow group admins to set password authentication method
 * `bundle_recipient_blacklist_free_email_domains` (boolean): Disallow free email domains for Bundle/Inbox recipients?
 * `bundle_recipient_blacklist_domains` (array(string)): List of email domains to disallow when entering a Bundle/Inbox recipients
 * `admins_bypass_locked_subfolders` (boolean): Allow admins to bypass the locked subfolders setting.

docs/Model/User.md

@@ -52,6 +52,7 @@
   "partner_name": "example",
   "password_set_at": "2000-01-01T01:00:00Z",
   "password_validity_days": 1,
+  "primary_group_id": 1,
   "public_keys_count": 1,
   "receive_admin_alerts": true,
   "require_2fa": "always_require",
@@ -129,6 +130,7 @@
 * `partner_name` (string): Name of the Partner if this user belongs to a Partner
 * `password_set_at` (date-time): Last time the user's password was set
 * `password_validity_days` (int64): Number of days to allow user to use the same password
+* `primary_group_id` (int64): Primary group ID for Group Admin scoping
 * `public_keys_count` (int64): Number of public keys associated with this user
 * `receive_admin_alerts` (boolean): Should the user receive admin alerts such a certificate expiration notifications and overages?
 * `require_2fa` (string): 2FA required setting
@@ -245,6 +247,7 @@ $user->create(, [
   'partner_admin' => true,
   'partner_id' => 1,
   'password_validity_days' => 1,
+  'primary_group_id' => 1,
   'readonly_site_admin' => true,
   'receive_admin_alerts' => true,
   'require_login_by' => "2000-01-01T01:00:00Z",
@@ -305,6 +308,7 @@ $user->create(, [
 * `partner_admin` (boolean): Is this user a Partner administrator?
 * `partner_id` (int64): Partner ID if this user belongs to a Partner
 * `password_validity_days` (int64): Number of days to allow user to use the same password
+* `primary_group_id` (int64): Primary group ID for Group Admin scoping
 * `readonly_site_admin` (boolean): Is the user an allowed to view all (non-billing) site configuration for this site?
 * `receive_admin_alerts` (boolean): Should the user receive admin alerts such a certificate expiration notifications and overages?
 * `require_login_by` (string): Require user to login by specified date otherwise it will be disabled.
@@ -406,6 +410,7 @@ $user->update([
   'partner_admin' => true,
   'partner_id' => 1,
   'password_validity_days' => 1,
+  'primary_group_id' => 1,
   'readonly_site_admin' => true,
   'receive_admin_alerts' => true,
   'require_login_by' => "2000-01-01T01:00:00Z",
@@ -467,6 +472,7 @@ $user->update([
 * `partner_admin` (boolean): Is this user a Partner administrator?
 * `partner_id` (int64): Partner ID if this user belongs to a Partner
 * `password_validity_days` (int64): Number of days to allow user to use the same password
+* `primary_group_id` (int64): Primary group ID for Group Admin scoping
 * `readonly_site_admin` (boolean): Is the user an allowed to view all (non-billing) site configuration for this site?
 * `receive_admin_alerts` (boolean): Should the user receive admin alerts such a certificate expiration notifications and overages?
 * `require_login_by` (string): Require user to login by specified date otherwise it will be disabled.
@@ -541,6 +547,7 @@ $user->update([
   "partner_name": "example",
   "password_set_at": "2000-01-01T01:00:00Z",
   "password_validity_days": 1,
+  "primary_group_id": 1,
   "public_keys_count": 1,
   "receive_admin_alerts": true,
   "require_2fa": "always_require",

lib/Api.php

@@ -20,7 +20,7 @@ function middlewareRemoveHeader($header)
 
 class Api
 {
-    const VERSION = "2.0.527";
+    const VERSION = "2.0.528";
     private static function pushRetryHandler($handlerStack)
     {
         $shouldRetry = function ($retries, $request, $response, $exception) {

…SiteAdminPermissionRequiredException.php …tnerAdminPermissionRequiredException.phplib/Exception/NotAuthorized/BillingOrSiteAdminPermissionRequiredException.php renamed to lib/Exception/NotAuthorized/SiteAdminOrPartnerAdminPermissionRequiredException.php lib/Exception/NotAuthorized/BillingOrSiteAdminPermissionRequiredException.php renamed to lib/Exception/NotAuthorized/SiteAdminOrPartnerAdminPermissionRequiredException.php

@@ -4,6 +4,6 @@
 
 use Files\Exception\NotAuthorizedException;
 
-class BillingOrSiteAdminPermissionRequiredException extends NotAuthorizedException
+class SiteAdminOrPartnerAdminPermissionRequiredException extends NotAuthorizedException
 {
 }

lib/Exception/NotAuthorized/SiteAdminOrWorkspaceAdminOrFolderAdminPermissionRequiredException.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace Files\Exception\NotAuthorized;
+
+use Files\Exception\NotAuthorizedException;
+
+class SiteAdminOrWorkspaceAdminOrFolderAdminPermissionRequiredException extends NotAuthorizedException
+{
+}

lib/Exception/NotAuthorized/SiteAdminOrWorkspaceAdminOrPartnerAdminOrFolderAdminPermissionRequiredException.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace Files\Exception\NotAuthorized;
+
+use Files\Exception\NotAuthorizedException;
+
+class SiteAdminOrWorkspaceAdminOrPartnerAdminOrFolderAdminPermissionRequiredException extends NotAuthorizedException
+{
+}

lib/Exception/NotAuthorized/SiteAdminOrWorkspaceAdminOrPartnerAdminPermissionRequiredException.php

@@ -0,0 +1,9 @@
+<?php
+
+namespace Files\Exception\NotAuthorized;
+
+use Files\Exception\NotAuthorizedException;
+
+class SiteAdminOrWorkspaceAdminOrPartnerAdminPermissionRequiredException extends NotAuthorizedException
+{
+}