-
Notifications
You must be signed in to change notification settings - Fork 88
Expand file tree
/
Copy pathSystemSettings.php
More file actions
126 lines (111 loc) · 4.16 KB
/
Copy pathSystemSettings.php
File metadata and controls
126 lines (111 loc) · 4.16 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2017 Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\Polls\Model\Settings;
use OCA\Polls\UserSession;
use OCP\IAppConfig;
class SystemSettings {
/** @psalm-suppress PossiblyUnusedMethod */
public function __construct(
private IAppConfig $appConfig,
private UserSession $userSession,
) {
}
/** Getters for core settings regarding share creation */
/**
* Permission to create shares is controlled by core settings
*/
public function getShareCreateAllowed(): bool {
if (!$this->userSession->getIsLoggedIn()) {
// only logged in users can create shares
return false;
}
// first check group exception mode
$groupExceptionMode = $this->getCoreLimitSharingMode();
if ($groupExceptionMode === 'off') {
// no group exceptions are set, allow share creation
return true;
}
// get group exceptions
$exceptionGroups = $this->getCoreLimitSharingGroups();
if ($groupExceptionMode === 'denyGroup') {
// exception mode is 'Exclude some Groups from sharing'
// if user is in exception group, deny share creation
return !$this->userSession->getCurrentUser()->getIsInGroupArray($exceptionGroups);
}
// exception mode is 'Limit sharing to some groups'
// if user is in exception group, allow share creation
return $this->userSession->getCurrentUser()->getIsInGroupArray($exceptionGroups);
}
/**
* Get share group exception mode
* @return 'open'|'closed'|'archived'
* @psalm-return 'denyGroup'|'allowGroup'|'off'
* Take value from the core setting 'shareapi_exclude_groups' and translate
* 'yes' => 'denyGroup' ('Exclude some groups from sharing') existing groups are handeled as deny groups
* 'allow' => 'allowGroup' (Limit sharing to some groups) existing groups are handeled as allow groups
* default => 'off' (Allow sharing for everyone) or setting absent - sharing is allowed for everyone
*/
private function getCoreLimitSharingMode(): string {
$excludedMode = $this->appConfig->getValueString('core', 'shareapi_exclude_groups', '');
return match ($excludedMode) {
'yes' => 'denyGroup',
'allow' => 'allowGroup',
default => 'off',
};
}
/**
* Get core setting 'shareapi_exclude_groups_list', subsetting of 'Limit sharing to some groups'
* Lists Groups, which are either denied or allowed to creating shares (depending on )
* @return array
*/
private function getCoreLimitSharingGroups(): array {
return $this->appConfig->getValueArray('core', 'shareapi_exclude_groups_list', []);
}
/** Getters for core settings regarding external link creation */
/**
* Is creation of external links via email allowed for the current user?
* @psalm-return bool
* @return bool
*/
public function getExternalShareCreationAllowed(): bool {
if ($this->getCoreExternalShareCreationMode() === 'off') {
// external share creation is disabled
return false;
}
$excludedGroups = $this->getCoreExternalShareCreationGroups();
if ($excludedGroups) {
// if user is in exception group, disallow external share creation
return !$this->userSession->getCurrentUser()->getIsInGroupArray($excludedGroups);
}
return true;
}
/**
* Get external share creation mode
* @return string
* @psalm-return 'denyGroup'|'off'
* Take value from the core setting 'shareapi_allow_links' and translate
* 'no' => 'off' (Creating external links is disabled) or setting absent
* 'yes' => 'denyGroup' ('Creating external links is enablede, but groups may be excluded')
* default => 'denyGroup' System default
*/
private function getCoreExternalShareCreationMode(): string {
$excludedMode = $this->appConfig->getValueString('core', 'shareapi_allow_links', '');
return match ($excludedMode) {
'no' => 'off',
'yes' => 'denyGroup',
default => 'denyGroup',
};
}
/**
* Get core setting 'shareapi_allow_links_exclude_groups', subsetting of 'Allow users to share via link and emails'
* Lists Groups, which are excluded from creating external link shares
* @return array
*/
private function getCoreExternalShareCreationGroups(): array {
return $this->appConfig->getValueArray('core', 'shareapi_allow_links_exclude_groups', []);
}
}