nextcloud
diff --git a/‎appinfo/info.xml‎
Lines changed: 1 addition & 1 deletion b/‎appinfo/info.xml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎appinfo/routes.php‎
Lines changed: 20 additions & 0 deletions b/‎appinfo/routes.php‎
Lines changed: 20 additions & 0 deletions
diff --git a/‎lib/Controller/AccountApiController.php‎
Lines changed: 24 additions & 2 deletions b/‎lib/Controller/AccountApiController.php‎
Lines changed: 24 additions & 2 deletions
diff --git a/‎lib/Controller/AccountsController.php‎
Lines changed: 10 additions & 0 deletions b/‎lib/Controller/AccountsController.php‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎lib/Controller/AliasesController.php‎
Lines changed: 15 additions & 6 deletions b/‎lib/Controller/AliasesController.php‎
Lines changed: 15 additions & 6 deletions
diff --git a/‎lib/Controller/DelegationController.php‎
Lines changed: 141 additions & 0 deletions b/‎lib/Controller/DelegationController.php‎
Lines changed: 141 additions & 0 deletions
diff --git a/‎lib/Controller/FilterController.php‎
Lines changed: 6 additions & 11 deletions b/‎lib/Controller/FilterController.php‎
Lines changed: 6 additions & 11 deletions
@@ -34,7 +34,7 @@ The rating depends on the installed text processing backend. See [the rating ove
 
 Learn more about the Nextcloud Ethical AI Rating [in our blog](https://nextcloud.com/blog/nextcloud-ethical-ai-rating/).
 	]]></description>
-	<version>5.8.0-dev.2</version>
+	<version>5.8.0-dev.3</version>
 	<licence>agpl</licence>
 	<author homepage="https://github.com/ChristophWurst">Christoph Wurst</author>
 	<author homepage="https://github.com/GretaD">GretaD</author>
 
@@ -505,6 +505,26 @@
 			'url' => '/api/follow-up/check-message-ids',
 			'verb' => 'POST',
 		],
+		[
+			'name' => 'delegation#getDelegatedAccounts',
+			'url' => '/api/delegations',
+			'verb' => 'GET',
+		],
+		[
+			'name' => 'delegation#getDelegatedUsers',
+			'url' => '/api/delegations/{accountId}',
+			'verb' => 'GET',
+		],
+		[
+			'name' => 'delegation#delegate',
+			'url' => '/api/delegations/{accountId}',
+			'verb' => 'POST',
+		],
+		[
+			'name' => 'delegation#unDelegate',
+			'url' => '/api/delegations/{accountId}/{userId}',
+			'verb' => 'DELETE',
+		],
 		[
 			'name' => 'textBlockShares#getTextBlockShares',
 			'url' => '/api/textBlocks/{id}/shares',
 
@@ -14,6 +14,7 @@
 use OCA\Mail\ResponseDefinitions;
 use OCA\Mail\Service\AccountService;
 use OCA\Mail\Service\AliasesService;
+use OCA\Mail\Service\DelegationService;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
 use OCP\AppFramework\Http\Attribute\NoAdminRequired;
@@ -32,6 +33,7 @@ public function __construct(
 		private readonly ?string $userId,
 		private readonly AccountService $accountService,
 		private readonly AliasesService $aliasesService,
+		private readonly DelegationService $delegationService,
 	) {
 		parent::__construct($appName, $request);
 	}
@@ -54,17 +56,37 @@ public function list(): DataResponse {
 		}
 
 		$accounts = $this->accountService->findByUserId($userId);
-		return new DataResponse(array_map(function (Account $account) use ($userId) {
+		$result = array_map(function (Account $account) use ($userId) {
 			$aliases = $this->aliasesService->findAll($account->getId(), $userId);
 			return [
 				'id' => $account->getId(),
 				'email' => $account->getEmail(),
+				'isDelegated' => false,
 				'aliases' => array_map(static fn (Alias $alias) => [
 					'id' => $alias->getId(),
 					'email' => $alias->getAlias(),
 					'name' => $alias->getName(),
 				], $aliases),
 			];
-		}, $accounts));
+		}, $accounts);
+
+		$delegatedAccounts = $this->accountService->findDelegatedAccounts($userId);
+		foreach ($delegatedAccounts as $mailAccount) {
+			$account = new Account($mailAccount);
+			$ownerUserId = $mailAccount->getUserId();
+			$aliases = $this->aliasesService->findAll($account->getId(), $ownerUserId);
+			$result[] = [
+				'id' => $account->getId(),
+				'email' => $account->getEmail(),
+				'isDelegated' => true,
+				'aliases' => array_map(static fn (Alias $alias) => [
+					'id' => $alias->getId(),
+					'email' => $alias->getAlias(),
+					'name' => $alias->getName(),
+				], $aliases),
+			];
+		}
+
+		return new DataResponse($result);
 	}
 }
@@ -98,8 +98,18 @@ public function index(): JSONResponse {
 		foreach ($mailAccounts as $mailAccount) {
 			$conf = $mailAccount->jsonSerialize();
 			$conf['aliases'] = $this->aliasesService->findAll($conf['accountId'], $this->currentUserId);
+			$conf['isDelegated'] = false;
 			$json[] = $conf;
 		}
+
+		$delegatedAccounts = $this->accountService->findDelegatedAccounts($this->currentUserId);
+		foreach ($delegatedAccounts as $delegatedAccount) {
+			$conf = $delegatedAccount->jsonSerialize();
+			$conf['isDelegated'] = true;
+			$conf['aliases'] = $this->aliasesService->findAll($conf['accountId'], $delegatedAccount->getUserId());
+			$json[] = $conf;
+		}
+
 		return new JSONResponse($json);
 	}
 
 
@@ -12,6 +12,7 @@
 use OCA\Mail\Exception\NotImplemented;
 use OCA\Mail\Http\TrapError;
 use OCA\Mail\Service\AliasesService;
+use OCA\Mail\Service\DelegationService;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Http;
@@ -23,14 +24,17 @@
 class AliasesController extends Controller {
 	private AliasesService $aliasService;
 	private string $currentUserId;
+	private DelegationService $delegationService;
 
 	public function __construct(string $appName,
 		IRequest $request,
 		AliasesService $aliasesService,
-		string $userId) {
+		string $userId,
+		DelegationService $delegationService) {
 		parent::__construct($appName, $request);
 		$this->aliasService = $aliasesService;
 		$this->currentUserId = $userId;
+		$this->delegationService = $delegationService;
 	}
 
 	/**
@@ -42,7 +46,8 @@ public function __construct(string $appName,
 	 */
 	#[TrapError]
 	public function index(int $accountId): JSONResponse {
-		return new JSONResponse($this->aliasService->findAll($accountId, $this->currentUserId));
+		$effectiveUserId = $this->delegationService->resolveAccountUserId($accountId, $this->currentUserId);
+		return new JSONResponse($this->aliasService->findAll($accountId, $effectiveUserId));
 	}
 
 	/**
@@ -64,9 +69,10 @@ public function update(int $id,
 		string $alias,
 		string $aliasName,
 		?int $smimeCertificateId = null): JSONResponse {
+		$effectiveUserId = $this->delegationService->resolveAliasUserId($id, $this->currentUserId);
 		return new JSONResponse(
 			$this->aliasService->update(
-				$this->currentUserId,
+				$effectiveUserId,
 				$id,
 				$alias,
 				$aliasName,
@@ -83,7 +89,8 @@ public function update(int $id,
 	 */
 	#[TrapError]
 	public function destroy(int $id): JSONResponse {
-		return new JSONResponse($this->aliasService->delete($this->currentUserId, $id));
+		$effectiveUserId = $this->delegationService->resolveAliasUserId($id, $this->currentUserId);
+		return new JSONResponse($this->aliasService->delete($effectiveUserId, $id));
 	}
 
 	/**
@@ -98,8 +105,9 @@ public function destroy(int $id): JSONResponse {
 	 */
 	#[TrapError]
 	public function create(int $accountId, string $alias, string $aliasName): JSONResponse {
+		$effectiveUserId = $this->delegationService->resolveAccountUserId($accountId, $this->currentUserId);
 		return new JSONResponse(
-			$this->aliasService->create($this->currentUserId, $accountId, $alias, $aliasName),
+			$this->aliasService->create($effectiveUserId, $accountId, $alias, $aliasName),
 			Http::STATUS_CREATED
 		);
 	}
@@ -115,6 +123,7 @@ public function create(int $accountId, string $alias, string $aliasName): JSONRe
 	 */
 	#[TrapError]
 	public function updateSignature(int $id, ?string $signature = null): JSONResponse {
-		return new JSONResponse($this->aliasService->updateSignature($this->currentUserId, $id, $signature));
+		$effectiveUserId = $this->delegationService->resolveAliasUserId($id, $this->currentUserId);
+		return new JSONResponse($this->aliasService->updateSignature($effectiveUserId, $id, $signature));
 	}
 }
@@ -0,0 +1,141 @@
+<?php
+
+declare(strict_types=1);
+
+/**
+ * SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+
+namespace OCA\Mail\Controller;
+
+use OCA\Mail\Exception\DelegationExistsException;
+use OCA\Mail\Http\TrapError;
+use OCA\Mail\Service\AccountService;
+use OCA\Mail\Service\DelegationService;
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\JSONResponse;
+use OCP\IRequest;
+use OCP\IUserManager;
+
+#[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)]
+class DelegationController extends Controller {
+	private ?string $currentUserId;
+
+	public function __construct(
+		string $appName,
+		IRequest $request,
+		private DelegationService $delegationService,
+		private AccountService $accountService,
+		private IUserManager $userManager,
+		?string $UserId,
+	) {
+		parent::__construct($appName, $request);
+		$this->currentUserId = $UserId;
+	}
+
+	/**
+	 * Get all accounts delegated to the current user
+	 *
+	 * @NoAdminRequired
+	 *
+	 * @return JSONResponse
+	 */
+	#[TrapError]
+	public function getDelegatedAccounts(): JSONResponse {
+		if ($this->currentUserId === null) {
+			return new JSONResponse([], Http::STATUS_UNAUTHORIZED);
+		}
+
+		return new JSONResponse(
+			$this->delegationService->findDelegatedAccountForUser($this->currentUserId)
+		);
+	}
+
+	/**
+	 * Get all users that have delegation for a given account
+	 *
+	 * @NoAdminRequired
+	 *
+	 * @param int $accountId
+	 * @return JSONResponse
+	 */
+	#[TrapError]
+	public function getDelegatedUsers(int $accountId): JSONResponse {
+		if ($this->currentUserId === null) {
+			return new JSONResponse([], Http::STATUS_UNAUTHORIZED);
+		}
+
+		$account = $this->accountService->findById($accountId);
+		if ($account->getUserId() !== $this->currentUserId) {
+			return new JSONResponse([], Http::STATUS_NOT_FOUND);
+		}
+
+		return new JSONResponse(
+			$this->delegationService->findDelegatedToUsersForAccount($accountId)
+		);
+	}
+
+	/**
+	 * Delegate an account to a user
+	 *
+	 * @NoAdminRequired
+	 *
+	 * @param int $accountId
+	 * @param string $userId
+	 * @return JSONResponse
+	 */
+	#[TrapError]
+	public function delegate(int $accountId, string $userId): JSONResponse {
+		if ($this->currentUserId === null) {
+			return new JSONResponse([], Http::STATUS_UNAUTHORIZED);
+		}
+
+		$account = $this->accountService->findById($accountId);
+		if ($account->getUserId() !== $this->currentUserId) {
+			return new JSONResponse([], Http::STATUS_NOT_FOUND);
+		}
+
+		if ($userId === $this->currentUserId) {
+			return new JSONResponse(['message' => 'Cannot delegate to yourself'], Http::STATUS_BAD_REQUEST);
+		}
+
+		if (!$this->userManager->userExists($userId)) {
+			return new JSONResponse([], Http::STATUS_NOT_FOUND);
+		}
+
+		try {
+			$delegation = $this->delegationService->delegate($accountId, $userId);
+		} catch (DelegationExistsException) {
+			return new JSONResponse(['message' => 'Delegation already exists'], Http::STATUS_CONFLICT);
+		}
+
+		return new JSONResponse($delegation, Http::STATUS_CREATED);
+	}
+
+	/**
+	 * Revoke delegation of an account for a user
+	 *
+	 * @NoAdminRequired
+	 *
+	 * @param int $accountId
+	 * @param string $userId
+	 * @return JSONResponse
+	 */
+	#[TrapError]
+	public function unDelegate(int $accountId, string $userId): JSONResponse {
+		if ($this->currentUserId === null) {
+			return new JSONResponse([], Http::STATUS_UNAUTHORIZED);
+		}
+
+		$account = $this->accountService->findById($accountId);
+		if ($account->getUserId() !== $this->currentUserId) {
+			return new JSONResponse([], Http::STATUS_NOT_FOUND);
+		}
+
+		$this->delegationService->unDelegate($accountId, $userId);
+		return new JSONResponse([], Http::STATUS_OK);
+	}
+}
@@ -11,9 +11,9 @@
 
 use OCA\Mail\AppInfo\Application;
 use OCA\Mail\Service\AccountService;
+use OCA\Mail\Service\DelegationService;
 use OCA\Mail\Service\FilterService;
 use OCP\AppFramework\Controller;
-use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\Attribute\Route;
 use OCP\AppFramework\Http\JSONResponse;
@@ -27,6 +27,7 @@ public function __construct(
 		string $userId,
 		private FilterService $mailFilterService,
 		private AccountService $accountService,
+		private DelegationService $delegationService,
 	) {
 		parent::__construct(Application::APP_ID, $request);
 		$this->currentUserId = $userId;
@@ -39,11 +40,8 @@ public function __construct(
 	#[Route(Route::TYPE_FRONTPAGE, verb: 'GET', url: '/api/filter/{accountId}', requirements: ['accountId' => '[\d]+'])]
 	#[NoAdminRequired]
 	public function getFilters(int $accountId): JSONResponse {
-		$account = $this->accountService->findById($accountId);
-
-		if ($account->getUserId() !== $this->currentUserId) {
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
-		}
+		$effectiveUserId = $this->delegationService->resolveAccountUserId($accountId, $this->currentUserId);
+		$account = $this->accountService->find($effectiveUserId, $accountId);
 
 		$result = $this->mailFilterService->parse($account->getMailAccount());
 
@@ -56,11 +54,8 @@ public function getFilters(int $accountId): JSONResponse {
 	#[Route(Route::TYPE_FRONTPAGE, verb: 'PUT', url: '/api/filter/{accountId}', requirements: ['accountId' => '[\d]+'])]
 	#[NoAdminRequired]
 	public function updateFilters(int $accountId, array $filters): JSONResponse {
-		$account = $this->accountService->findById($accountId);
-
-		if ($account->getUserId() !== $this->currentUserId) {
-			return new JSONResponse([], Http::STATUS_NOT_FOUND);
-		}
+		$effectiveUserId = $this->delegationService->resolveAccountUserId($accountId, $this->currentUserId);
+		$account = $this->accountService->find($effectiveUserId, $accountId);
 
 		$this->mailFilterService->update($account->getMailAccount(), $filters);