Skip to content

Commit

Permalink
Merge pull request #982 from nextcloud/backport/974/stable23
Browse files Browse the repository at this point in the history
[stable23] limit some feature when Circles is managed by an app
  • Loading branch information
ArtificialOwl authored Mar 31, 2022
2 parents f3b9fde + de38cab commit d95fa53
Show file tree
Hide file tree
Showing 13 changed files with 372 additions and 76 deletions.
117 changes: 111 additions & 6 deletions lib/CirclesManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@

namespace OCA\Circles;

use OCA\Circles\Tools\Exceptions\InvalidItemException;
use OCA\Circles\Exceptions\CircleNotFoundException;
use OCA\Circles\Exceptions\ContactAddressBookNotFoundException;
use OCA\Circles\Exceptions\ContactFormatException;
Expand Down Expand Up @@ -59,10 +58,11 @@
use OCA\Circles\Model\Membership;
use OCA\Circles\Model\Probes\CircleProbe;
use OCA\Circles\Service\CircleService;
use OCA\Circles\Service\ConfigService;
use OCA\Circles\Service\FederatedUserService;
use OCA\Circles\Service\MemberService;
use OCA\Circles\Service\MembershipService;
use OCP\IUserSession;
use OCA\Circles\Tools\Exceptions\InvalidItemException;

/**
* Class CirclesManager
Expand All @@ -72,9 +72,6 @@
class CirclesManager {


/** @var CirclesQueryHelper */
private $circlesQueryHelper;

/** @var FederatedUserService */
private $federatedUserService;

Expand All @@ -87,27 +84,36 @@ class CirclesManager {
/** @var MembershipService */
private $membershipService;

/** @var ConfigService */
private $configService;

/** @var CirclesQueryHelper */
private $circlesQueryHelper;


/**
* CirclesManager constructor.
*
* @param IUserSession $userSession
* @param FederatedUserService $federatedUserService
* @param CircleService $circleService
* @param MemberService $memberService
* @param MembershipService $membershipService
* @param ConfigService $configService
* @param CirclesQueryHelper $circlesQueryHelper
*/
public function __construct(
FederatedUserService $federatedUserService,
CircleService $circleService,
MemberService $memberService,
MembershipService $membershipService,
ConfigService $configService,
CirclesQueryHelper $circlesQueryHelper
) {
$this->federatedUserService = $federatedUserService;
$this->circleService = $circleService;
$this->memberService = $memberService;
$this->membershipService = $membershipService;
$this->configService = $configService;
$this->circlesQueryHelper = $circlesQueryHelper;
}

Expand Down Expand Up @@ -136,6 +142,29 @@ public function getFederatedUser(string $federatedId, int $type = Member::TYPE_S
return $this->federatedUserService->getFederatedUser($federatedId, $type);
}

/**
* @param string $userId
*
* @return FederatedUser
* @throws CircleNotFoundException
* @throws FederatedItemException
* @throws FederatedUserException
* @throws FederatedUserNotFoundException
* @throws InvalidIdException
* @throws MemberNotFoundException
* @throws OwnerNotFoundException
* @throws RemoteInstanceException
* @throws RemoteNotFoundException
* @throws RemoteResourceNotFoundException
* @throws RequestBuilderException
* @throws SingleCircleNotFoundException
* @throws UnknownRemoteException
* @throws UserTypeNotFoundException
*/
public function getLocalFederatedUser(string $userId): FederatedUser {
return $this->getFederatedUser($userId, Member::TYPE_USER);
}


/**
* @throws FederatedUserNotFoundException
Expand All @@ -161,6 +190,22 @@ public function startSuperSession(): void {
}


/**
* @param string $appId
* @param int $appSerial
*
* @throws ContactAddressBookNotFoundException
* @throws ContactFormatException
* @throws ContactNotFoundException
* @throws FederatedUserException
* @throws InvalidIdException
* @throws RequestBuilderException
* @throws SingleCircleNotFoundException
*/
public function startAppSession(string $appId, int $appSerial = Member::APP_DEFAULT): void {
$this->federatedUserService->setLocalCurrentApp($appId, $appSerial);
}

/**
* $userId - userId to emulate as initiator (can be empty)
* $userType - specify if userIs not a singleId
Expand Down Expand Up @@ -304,6 +349,66 @@ public function getCircle(string $singleId, ?CircleProbe $probe = null): Circle
}


/**
* @param Circle $circle
*
* @throws CircleNotFoundException
* @throws FederatedEventException
* @throws FederatedItemException
* @throws InitiatorNotConfirmedException
* @throws InitiatorNotFoundException
* @throws OwnerNotFoundException
* @throws RemoteInstanceException
* @throws RemoteNotFoundException
* @throws RemoteResourceNotFoundException
* @throws RequestBuilderException
* @throws UnknownRemoteException
*/
public function updateConfig(Circle $circle): void {
$this->circleService->updateConfig($circle->getSingleId(), $circle->getConfig());
}


/**
* @param string $circleId
* @param bool $enabled
*
* @throws CircleNotFoundException
* @throws FederatedEventException
* @throws FederatedItemException
* @throws FederatedUserException
* @throws InitiatorNotConfirmedException
* @throws InitiatorNotFoundException
* @throws OwnerNotFoundException
* @throws RemoteInstanceException
* @throws RemoteNotFoundException
* @throws RemoteResourceNotFoundException
* @throws RequestBuilderException
* @throws UnknownRemoteException
*/
public function flagAsAppManaged(string $circleId, bool $enabled = true): void {
$this->federatedUserService->confirmSuperSession();
$this->federatedUserService->setOwnerAsCurrentUser($circleId);

$probe = new CircleProbe();
$probe->includeSystemCircles();

$localCircle = $this->circleService->getCircle($circleId, $probe);
if (!$this->configService->isLocalInstance($localCircle->getInstance())) {
throw new CircleNotFoundException('This Circle is not managed from this instance');
}

$config = $localCircle->getConfig();
if ($enabled) {
$config |= Circle::CFG_APP;
} else {
$config &= ~Circle::CFG_APP;
}

$this->circleService->updateConfig($circleId, $config);
}


/**
* @param string $circleId
* @param FederatedUser $federatedUser
Expand Down
20 changes: 14 additions & 6 deletions lib/Command/CirclesConfig.php
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,10 @@ protected function configure() {
)
->addOption('initiator', '', InputOption::VALUE_REQUIRED, 'set an initiator to the request', '')
->addOption('initiator-type', '', InputOption::VALUE_REQUIRED, 'set initiator type', '0')
->addOption(
'super-session', '',
InputOption::VALUE_NONE, 'use super session to bypass some condition'
)
->addOption('status-code', '', InputOption::VALUE_NONE, 'display status code on exception');
}

Expand Down Expand Up @@ -133,12 +137,16 @@ protected function execute(InputInterface $input, OutputInterface $output): int
$circleId = (string)$input->getArgument('circle_id');

try {
$this->federatedUserService->commandLineInitiator(
$input->getOption('initiator'),
Member::parseTypeString($input->getOption('initiator-type')),
$circleId,
false
);
if ($input->getArgument('super-session')) {
$this->federatedUserService->bypassCurrentUserCondition(true);
} else {
$this->federatedUserService->commandLineInitiator(
$input->getOption('initiator'),
Member::parseTypeString($input->getOption('initiator-type')),
$circleId,
false
);
}

$circle = $this->circleService->getCircle($circleId);

Expand Down
34 changes: 34 additions & 0 deletions lib/Exceptions/RemoteCircleException.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
<?php

declare(strict_types=1);


/**
* Circles - Bring cloud-users closer together.
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Maxence Lange <maxence@artificial-owl.com>
* @copyright 2021
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/

namespace OCA\Circles\Exceptions;

class RemoteCircleException extends FederatedItemBadRequestException {
}
34 changes: 34 additions & 0 deletions lib/Exceptions/SuperSessionException.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
<?php

declare(strict_types=1);


/**
* Circles - Bring cloud-users closer together.
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Maxence Lange <maxence@artificial-owl.com>
* @copyright 2022
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/

namespace OCA\Circles\Exceptions;

class SuperSessionException extends FederatedItemUnauthorizedException {
}
11 changes: 10 additions & 1 deletion lib/FederatedItems/CircleConfig.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@

namespace OCA\Circles\FederatedItems;

use OCA\Circles\Tools\Traits\TDeserialize;
use OCA\Circles\Db\CircleRequest;
use OCA\Circles\Exceptions\FederatedItemBadRequestException;
use OCA\Circles\Exceptions\FederatedItemException;
Expand All @@ -41,6 +40,7 @@
use OCA\Circles\Model\Federated\FederatedEvent;
use OCA\Circles\Model\Helpers\MemberHelper;
use OCA\Circles\Service\ConfigService;
use OCA\Circles\Tools\Traits\TDeserialize;

/**
* Class CircleConfig
Expand Down Expand Up @@ -89,6 +89,15 @@ public function verify(FederatedEvent $event): void {
$listing = array_merge($listing, Circle::$DEF_CFG_SYSTEM_FILTER);
}

// filtering config values when not using Super Session
if (!$event->getParams()->gBool('superSession')) {
if ($circle->isConfig(Circle::CFG_APP)) {
$config |= Circle::CFG_APP;
} else {
$config &= ~Circle::CFG_APP;
}
}

$confirmed = true;
foreach ($listing as $item) {
if ($circle->isConfig($item, $config)) {
Expand Down
16 changes: 15 additions & 1 deletion lib/FederatedItems/CircleDestroy.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,18 +31,22 @@

namespace OCA\Circles\FederatedItems;

use OCA\Circles\Tools\Traits\TDeserialize;
use OCA\Circles\Db\CircleRequest;
use OCA\Circles\Db\MemberRequest;
use OCA\Circles\Exceptions\FederatedItemBadRequestException;
use OCA\Circles\Exceptions\RequestBuilderException;
use OCA\Circles\IFederatedItem;
use OCA\Circles\IFederatedItemAsyncProcess;
use OCA\Circles\IFederatedItemHighSeverity;
use OCA\Circles\IFederatedItemMemberEmpty;
use OCA\Circles\Model\Circle;
use OCA\Circles\Model\Federated\FederatedEvent;
use OCA\Circles\Model\Helpers\MemberHelper;
use OCA\Circles\Service\EventService;
use OCA\Circles\Service\MembershipService;
use OCA\Circles\StatusCode;
use OCA\Circles\Tools\Traits\TDeserialize;
use OCA\Circles\Tools\Traits\TStringTools;

/**
* Class CircleDestroy
Expand All @@ -54,6 +58,7 @@ class CircleDestroy implements
IFederatedItemHighSeverity,
IFederatedItemAsyncProcess,
IFederatedItemMemberEmpty {
use TStringTools;
use TDeserialize;


Expand Down Expand Up @@ -91,9 +96,18 @@ public function __construct(

/**
* @param FederatedEvent $event
*
* @throws FederatedItemBadRequestException
*/
public function verify(FederatedEvent $event): void {
$circle = $event->getCircle();
if ($circle->isConfig(Circle::CFG_APP)) {
throw new FederatedItemBadRequestException(
StatusCode::$CIRCLE_DESTROY[120],
120
);
}

$initiator = $circle->getInitiator();

$initiatorHelper = new MemberHelper($initiator);
Expand Down
Loading

0 comments on commit d95fa53

Please sign in to comment.