Skip to content

Commit

Permalink
Merge pull request #976 from nextcloud/enh/noid/limit-circle-creation
Browse files Browse the repository at this point in the history 
bypass/limit permissions
  • Loading branch information
@ArtificialOwl
ArtificialOwl authored Apr 6, 2022
2 parents 8772511 + d6544d4 commit 69bc43a
Show file tree
Hide file tree
Showing 9 changed files with 288 additions and 12 deletions.
8 changes: 8 additions & 0 deletions lib/Command/CirclesConfig.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,14 @@ protected function execute(InputInterface $input, OutputInterface $output): int

if (strtolower($input->getOption('output')) === 'json') {
$output->writeln(json_encode($outcome, JSON_PRETTY_PRINT));
} elseif (strtolower($input->getOption('output')) !== 'none') {
$circle = $this->circleService->getCircle($circleId);
$output->writeln(
json_encode(
Circle::getCircleFlags($circle, Circle::FLAGS_LONG),
JSON_PRETTY_PRINT
)
);
}

return 0;
Expand Down
20 changes: 14 additions & 6 deletions lib/Controller/LocalController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,6 @@

namespace OCA\Circles\Controller;

use OCA\Circles\Tools\Traits\TDeserialize;
use OCA\Circles\Tools\Traits\TNCLogger;
use Exception;
use OCA\Circles\Exceptions\FederatedUserException;
use OCA\Circles\Exceptions\FederatedUserNotFoundException;
Expand All @@ -49,7 +47,10 @@
use OCA\Circles\Service\FederatedUserService;
use OCA\Circles\Service\MemberService;
use OCA\Circles\Service\MembershipService;
use OCA\Circles\Service\PermissionService;
use OCA\Circles\Service\SearchService;
use OCA\Circles\Tools\Traits\TDeserialize;
use OCA\Circles\Tools\Traits\TNCLogger;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCSController;
Expand Down Expand Up @@ -81,6 +82,9 @@ class LocalController extends OcsController {
/** @var MembershipService */
private $membershipService;

/** @var PermissionService */
private $permissionService;

/** @var SearchService */
private $searchService;

Expand Down Expand Up @@ -109,6 +113,7 @@ public function __construct(
CircleService $circleService,
MemberService $memberService,
MembershipService $membershipService,
PermissionService $permissionService,
SearchService $searchService,
ConfigService $configService
) {
Expand All @@ -119,6 +124,7 @@ public function __construct(
$this->circleService = $circleService;
$this->memberService = $memberService;
$this->membershipService = $membershipService;
$this->permissionService = $permissionService;
$this->searchService = $searchService;
$this->configService = $configService;

Expand All @@ -139,6 +145,7 @@ public function __construct(
public function create(string $name, bool $personal = false, bool $local = false): DataResponse {
try {
$this->setCurrentFederatedUser();
$this->permissionService->confirmCircleCreation();

$circle = $this->circleService->create($name, null, $personal, $local);

Expand Down Expand Up @@ -572,14 +579,15 @@ public function link(string $circleId, string $singleId): DataResponse {


/**
* @return void
* @throws FederatedUserException
* @throws FederatedUserNotFoundException
* @throws FrontendException
* @throws InvalidIdException
* @throws FederatedUserException
* @throws SingleCircleNotFoundException
* @throws RequestBuilderException
* @throws FrontendException
* @throws SingleCircleNotFoundException
*/
private function setCurrentFederatedUser() {
private function setCurrentFederatedUser(): void {
if (!$this->configService->getAppValueBool(ConfigService::FRONTEND_ENABLED)) {
throw new FrontendException('frontend disabled');
}
Expand Down
35 changes: 35 additions & 0 deletions lib/Exceptions/InsufficientPermissionException.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<?php

declare(strict_types=1);


/**
* Circles - Bring cloud-users closer together.
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Maxence Lange <maxence@artificial-owl.com>
* @copyright 2021
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/


namespace OCA\Circles\Exceptions;

class InsufficientPermissionException extends FederatedItemForbiddenException {
}
16 changes: 14 additions & 2 deletions lib/FederatedItems/CircleConfig.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,14 @@
use OCA\Circles\Db\CircleRequest;
use OCA\Circles\Exceptions\FederatedItemBadRequestException;
use OCA\Circles\Exceptions\FederatedItemException;
use OCA\Circles\Exceptions\RequestBuilderException;
use OCA\Circles\IFederatedItem;
use OCA\Circles\IFederatedItemAsyncProcess;
use OCA\Circles\Model\Circle;
use OCA\Circles\Model\Federated\FederatedEvent;
use OCA\Circles\Model\Helpers\MemberHelper;
use OCA\Circles\Service\ConfigService;
use OCA\Circles\Service\PermissionService;
use OCA\Circles\Tools\Traits\TDeserialize;

/**
Expand All @@ -56,6 +58,9 @@ class CircleConfig implements
/** @var CircleRequest */
private $circleRequest;

/** @var PermissionService */
private $permissionService;

/** @var ConfigService */
private $configService;

Expand All @@ -64,10 +69,16 @@ class CircleConfig implements
* CircleConfig constructor.
*
* @param CircleRequest $circleRequest
* @param PermissionService $permissionService
* @param ConfigService $configService
*/
public function __construct(CircleRequest $circleRequest, ConfigService $configService) {
public function __construct(
CircleRequest $circleRequest,
PermissionService $permissionService,
ConfigService $configService
) {
$this->circleRequest = $circleRequest;
$this->permissionService = $permissionService;
$this->configService = $configService;
}

Expand All @@ -76,6 +87,7 @@ public function __construct(CircleRequest $circleRequest, ConfigService $configS
* @param FederatedEvent $event
*
* @throws FederatedItemException
* @throws RequestBuilderException
*/
public function verify(FederatedEvent $event): void {
$circle = $event->getCircle();
Expand Down Expand Up @@ -150,7 +162,7 @@ public function verify(FederatedEvent $event): void {

$new = clone $circle;
$new->setConfig($config);
$this->configService->confirmAllowedCircleTypes($new);
$this->permissionService->confirmAllowedCircleTypes($new, $circle);

$event->getData()->sInt('config', $new->getConfig());

Expand Down
6 changes: 4 additions & 2 deletions lib/Model/Member.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -738,8 +738,10 @@ public function getMemberships(): array {
* @throws RequestBuilderException
*/
public function getLink(string $singleId, bool $detailed = false): Membership {
$this->getManager()->getLink($this, $singleId, $detailed);

if ($singleId !== '') {
$this->getManager()->getLink($this, $singleId, $detailed);
}

throw new MembershipNotFoundException();
}

Expand Down
8 changes: 7 additions & 1 deletion lib/Service/CircleService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,9 @@ class CircleService {
/** @var MemberService */
private $memberService;

/** @var PermissionService */
private $permissionService;

/** @var ConfigService */
private $configService;

Expand All @@ -114,6 +117,7 @@ class CircleService {
* @param FederatedUserService $federatedUserService
* @param FederatedEventService $federatedEventService
* @param MemberService $memberService
* @param PermissionService $permissionService
* @param ConfigService $configService
*/
public function __construct(
Expand All @@ -125,6 +129,7 @@ public function __construct(
FederatedUserService $federatedUserService,
FederatedEventService $federatedEventService,
MemberService $memberService,
PermissionService $permissionService,
ConfigService $configService
) {
$this->l10n = $l10n;
Expand All @@ -135,6 +140,7 @@ public function __construct(
$this->federatedUserService = $federatedUserService;
$this->federatedEventService = $federatedEventService;
$this->memberService = $memberService;
$this->permissionService = $permissionService;
$this->configService = $configService;

$this->setup('app', Application::APP_ID);
Expand Down Expand Up @@ -197,7 +203,7 @@ public function create(
}

$this->confirmName($circle);
$this->configService->confirmAllowedCircleTypes($circle);
$this->permissionService->confirmAllowedCircleTypes($circle);

$member = new Member();
$member->importFromIFederatedUser($owner);
Expand Down
7 changes: 7 additions & 0 deletions lib/Service/ConfigService.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,10 @@ class ConfigService {
public const ALLOWED_TYPES = 'allowed_types';
public const CIRCLE_TYPES_FORCE = 'circle_types_force';
public const CIRCLE_TYPES_BLOCK = 'circle_types_block';

public const BYPASS_CIRCLE_TYPES = 'bypass_circle_types';
public const LIMIT_CIRCLE_CREATION = 'limit_circle_creation';

public const MIGRATION_BYPASS = 'migration_bypass';
public const MIGRATION_22 = 'migration_22';
public const MIGRATION_22_1 = 'migration_22_1';
Expand Down Expand Up @@ -183,6 +187,9 @@ class ConfigService {
self::CIRCLE_TYPES_FORCE => '0',
self::CIRCLE_TYPES_BLOCK => '0',

self::BYPASS_CIRCLE_TYPES => '',
self::LIMIT_CIRCLE_CREATION => '',

self::MIGRATION_BYPASS => '0',
self::MIGRATION_22 => '0',
self::MIGRATION_22_1 => '0',
Expand Down
Loading

0 comments on commit 69bc43a

Please sign in to comment.