|
12 | 12 |
|
13 | 13 | use InvalidArgumentException; |
14 | 14 | use OC\Authentication\Token\RemoteWipe; |
| 15 | +use OC\Group\Group; |
15 | 16 | use OC\KnownUser\KnownUserService; |
16 | 17 | use OC\User\Backend; |
17 | 18 | use OCA\Provisioning_API\ResponseDefinitions; |
|
50 | 51 | use Psr\Log\LoggerInterface; |
51 | 52 |
|
52 | 53 | /** |
| 54 | + * @psalm-import-type Provisioning_APIGroupDetails from ResponseDefinitions |
53 | 55 | * @psalm-import-type Provisioning_APIUserDetails from ResponseDefinitions |
54 | 56 | */ |
55 | 57 | class UsersController extends AUserData { |
@@ -1398,6 +1400,127 @@ public function getUsersGroups(string $userId): DataResponse { |
1398 | 1400 | } |
1399 | 1401 | } |
1400 | 1402 |
|
| 1403 | + /** |
| 1404 | + * @NoSubAdminRequired |
| 1405 | + * |
| 1406 | + * Get a list of groups with details |
| 1407 | + * |
| 1408 | + * @param string $userId ID of the user |
| 1409 | + * @return DataResponse<Http::STATUS_OK, array{groups: list<Provisioning_APIGroupDetails>}, array{}> |
| 1410 | + * @throws OCSException |
| 1411 | + * |
| 1412 | + * 200: Users groups returned |
| 1413 | + */ |
| 1414 | + #[NoAdminRequired] |
| 1415 | + public function getUsersGroupsDetails(string $userId): DataResponse { |
| 1416 | + $loggedInUser = $this->userSession->getUser(); |
| 1417 | + |
| 1418 | + $targetUser = $this->userManager->get($userId); |
| 1419 | + if ($targetUser === null) { |
| 1420 | + throw new OCSException('', OCSController::RESPOND_NOT_FOUND); |
| 1421 | + } |
| 1422 | + |
| 1423 | + $isAdmin = $this->groupManager->isAdmin($loggedInUser->getUID()); |
| 1424 | + $isDelegatedAdmin = $this->groupManager->isDelegatedAdmin($loggedInUser->getUID()); |
| 1425 | + if ($targetUser->getUID() === $loggedInUser->getUID() || $isAdmin || $isDelegatedAdmin) { |
| 1426 | + // Self lookup or admin lookup |
| 1427 | + $groups = array_map( |
| 1428 | + function (Group $group) { |
| 1429 | + return [ |
| 1430 | + 'id' => $group->getGID(), |
| 1431 | + 'displayname' => $group->getDisplayName(), |
| 1432 | + 'usercount' => $group->count(), |
| 1433 | + 'disabled' => $group->countDisabled(), |
| 1434 | + 'canAdd' => $group->canAddUser(), |
| 1435 | + 'canRemove' => $group->canRemoveUser(), |
| 1436 | + ]; |
| 1437 | + }, |
| 1438 | + array_values($this->groupManager->getUserGroups($targetUser)), |
| 1439 | + ); |
| 1440 | + return new DataResponse([ |
| 1441 | + 'groups' => $groups, |
| 1442 | + ]); |
| 1443 | + } else { |
| 1444 | + $subAdminManager = $this->groupManager->getSubAdmin(); |
| 1445 | + |
| 1446 | + // Looking up someone else |
| 1447 | + if ($subAdminManager->isUserAccessible($loggedInUser, $targetUser)) { |
| 1448 | + // Return the group that the method caller is subadmin of for the user in question |
| 1449 | + $gids = array_values(array_intersect( |
| 1450 | + array_map( |
| 1451 | + static fn (IGroup $group) => $group->getGID(), |
| 1452 | + $subAdminManager->getSubAdminsGroups($loggedInUser), |
| 1453 | + ), |
| 1454 | + $this->groupManager->getUserGroupIds($targetUser) |
| 1455 | + )); |
| 1456 | + $groups = array_map( |
| 1457 | + function (string $gid) { |
| 1458 | + $group = $this->groupManager->get($gid); |
| 1459 | + return [ |
| 1460 | + 'id' => $group->getGID(), |
| 1461 | + 'displayname' => $group->getDisplayName(), |
| 1462 | + 'usercount' => $group->count(), |
| 1463 | + 'disabled' => $group->countDisabled(), |
| 1464 | + 'canAdd' => $group->canAddUser(), |
| 1465 | + 'canRemove' => $group->canRemoveUser(), |
| 1466 | + ]; |
| 1467 | + }, |
| 1468 | + $gids, |
| 1469 | + ); |
| 1470 | + return new DataResponse([ |
| 1471 | + 'groups' => $groups, |
| 1472 | + ]); |
| 1473 | + } else { |
| 1474 | + // Not permitted |
| 1475 | + throw new OCSException('', OCSController::RESPOND_NOT_FOUND); |
| 1476 | + } |
| 1477 | + } |
| 1478 | + } |
| 1479 | + |
| 1480 | + /** |
| 1481 | + * @NoSubAdminRequired |
| 1482 | + * |
| 1483 | + * Get a list of the groups the user is a subadmin of, with details |
| 1484 | + * |
| 1485 | + * @param string $userId ID of the user |
| 1486 | + * @return DataResponse<Http::STATUS_OK, array{groups: list<Provisioning_APIGroupDetails>}, array{}> |
| 1487 | + * @throws OCSException |
| 1488 | + * |
| 1489 | + * 200: Users subadmin groups returned |
| 1490 | + */ |
| 1491 | + #[NoAdminRequired] |
| 1492 | + public function getUserSubAdminGroupsDetails(string $userId): DataResponse { |
| 1493 | + $loggedInUser = $this->userSession->getUser(); |
| 1494 | + |
| 1495 | + $targetUser = $this->userManager->get($userId); |
| 1496 | + if ($targetUser === null) { |
| 1497 | + throw new OCSException('', OCSController::RESPOND_NOT_FOUND); |
| 1498 | + } |
| 1499 | + |
| 1500 | + $isAdmin = $this->groupManager->isAdmin($loggedInUser->getUID()); |
| 1501 | + $isDelegatedAdmin = $this->groupManager->isDelegatedAdmin($loggedInUser->getUID()); |
| 1502 | + if ($targetUser->getUID() === $loggedInUser->getUID() || $isAdmin || $isDelegatedAdmin) { |
| 1503 | + $subAdminManager = $this->groupManager->getSubAdmin(); |
| 1504 | + $groups = array_map( |
| 1505 | + function (IGroup $group) { |
| 1506 | + return [ |
| 1507 | + 'id' => $group->getGID(), |
| 1508 | + 'displayname' => $group->getDisplayName(), |
| 1509 | + 'usercount' => $group->count(), |
| 1510 | + 'disabled' => $group->countDisabled(), |
| 1511 | + 'canAdd' => $group->canAddUser(), |
| 1512 | + 'canRemove' => $group->canRemoveUser(), |
| 1513 | + ]; |
| 1514 | + }, |
| 1515 | + array_values($subAdminManager->getSubAdminsGroups($targetUser)), |
| 1516 | + ); |
| 1517 | + return new DataResponse([ |
| 1518 | + 'groups' => $groups, |
| 1519 | + ]); |
| 1520 | + } |
| 1521 | + throw new OCSException('', OCSController::RESPOND_NOT_FOUND); |
| 1522 | + } |
| 1523 | + |
1401 | 1524 | /** |
1402 | 1525 | * Add a user to a group |
1403 | 1526 | * |
|
0 commit comments