Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[stable23] bypass/limit permissions #1001

Merged
merged 1 commit into from
Apr 6, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions lib/Command/CirclesConfig.php
Original file line number Diff line number Diff line change
Expand Up @@ -172,6 +172,14 @@ protected function execute(InputInterface $input, OutputInterface $output): int

if (strtolower($input->getOption('output')) === 'json') {
$output->writeln(json_encode($outcome, JSON_PRETTY_PRINT));
} elseif (strtolower($input->getOption('output')) !== 'none') {
$circle = $this->circleService->getCircle($circleId);
$output->writeln(
json_encode(
Circle::getCircleFlags($circle, Circle::FLAGS_LONG),
JSON_PRETTY_PRINT
)
);
}

return 0;
Expand Down
20 changes: 14 additions & 6 deletions lib/Controller/LocalController.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,8 +31,6 @@

namespace OCA\Circles\Controller;

use OCA\Circles\Tools\Traits\TDeserialize;
use OCA\Circles\Tools\Traits\TNCLogger;
use Exception;
use OCA\Circles\Exceptions\FederatedUserException;
use OCA\Circles\Exceptions\FederatedUserNotFoundException;
Expand All @@ -49,7 +47,10 @@
use OCA\Circles\Service\FederatedUserService;
use OCA\Circles\Service\MemberService;
use OCA\Circles\Service\MembershipService;
use OCA\Circles\Service\PermissionService;
use OCA\Circles\Service\SearchService;
use OCA\Circles\Tools\Traits\TDeserialize;
use OCA\Circles\Tools\Traits\TNCLogger;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCSController;
Expand Down Expand Up @@ -81,6 +82,9 @@ class LocalController extends OcsController {
/** @var MembershipService */
private $membershipService;

/** @var PermissionService */
private $permissionService;

/** @var SearchService */
private $searchService;

Expand Down Expand Up @@ -109,6 +113,7 @@ public function __construct(
CircleService $circleService,
MemberService $memberService,
MembershipService $membershipService,
PermissionService $permissionService,
SearchService $searchService,
ConfigService $configService
) {
Expand All @@ -119,6 +124,7 @@ public function __construct(
$this->circleService = $circleService;
$this->memberService = $memberService;
$this->membershipService = $membershipService;
$this->permissionService = $permissionService;
$this->searchService = $searchService;
$this->configService = $configService;

Expand All @@ -139,6 +145,7 @@ public function __construct(
public function create(string $name, bool $personal = false, bool $local = false): DataResponse {
try {
$this->setCurrentFederatedUser();
$this->permissionService->confirmCircleCreation();

$circle = $this->circleService->create($name, null, $personal, $local);

Expand Down Expand Up @@ -572,14 +579,15 @@ public function link(string $circleId, string $singleId): DataResponse {


/**
* @return void
* @throws FederatedUserException
* @throws FederatedUserNotFoundException
* @throws FrontendException
* @throws InvalidIdException
* @throws FederatedUserException
* @throws SingleCircleNotFoundException
* @throws RequestBuilderException
* @throws FrontendException
* @throws SingleCircleNotFoundException
*/
private function setCurrentFederatedUser() {
private function setCurrentFederatedUser(): void {
if (!$this->configService->getAppValueBool(ConfigService::FRONTEND_ENABLED)) {
throw new FrontendException('frontend disabled');
}
Expand Down
35 changes: 35 additions & 0 deletions lib/Exceptions/InsufficientPermissionException.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
<?php

declare(strict_types=1);


/**
* Circles - Bring cloud-users closer together.
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Maxence Lange <maxence@artificial-owl.com>
* @copyright 2021
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/


namespace OCA\Circles\Exceptions;

class InsufficientPermissionException extends FederatedItemForbiddenException {
}
16 changes: 14 additions & 2 deletions lib/FederatedItems/CircleConfig.php
Original file line number Diff line number Diff line change
Expand Up @@ -34,12 +34,14 @@
use OCA\Circles\Db\CircleRequest;
use OCA\Circles\Exceptions\FederatedItemBadRequestException;
use OCA\Circles\Exceptions\FederatedItemException;
use OCA\Circles\Exceptions\RequestBuilderException;
use OCA\Circles\IFederatedItem;
use OCA\Circles\IFederatedItemAsyncProcess;
use OCA\Circles\Model\Circle;
use OCA\Circles\Model\Federated\FederatedEvent;
use OCA\Circles\Model\Helpers\MemberHelper;
use OCA\Circles\Service\ConfigService;
use OCA\Circles\Service\PermissionService;
use OCA\Circles\Tools\Traits\TDeserialize;

/**
Expand All @@ -56,6 +58,9 @@ class CircleConfig implements
/** @var CircleRequest */
private $circleRequest;

/** @var PermissionService */
private $permissionService;

/** @var ConfigService */
private $configService;

Expand All @@ -64,10 +69,16 @@ class CircleConfig implements
* CircleConfig constructor.
*
* @param CircleRequest $circleRequest
* @param PermissionService $permissionService
* @param ConfigService $configService
*/
public function __construct(CircleRequest $circleRequest, ConfigService $configService) {
public function __construct(
CircleRequest $circleRequest,
PermissionService $permissionService,
ConfigService $configService
) {
$this->circleRequest = $circleRequest;
$this->permissionService = $permissionService;
$this->configService = $configService;
}

Expand All @@ -76,6 +87,7 @@ public function __construct(CircleRequest $circleRequest, ConfigService $configS
* @param FederatedEvent $event
*
* @throws FederatedItemException
* @throws RequestBuilderException
*/
public function verify(FederatedEvent $event): void {
$circle = $event->getCircle();
Expand Down Expand Up @@ -150,7 +162,7 @@ public function verify(FederatedEvent $event): void {

$new = clone $circle;
$new->setConfig($config);
$this->configService->confirmAllowedCircleTypes($new);
$this->permissionService->confirmAllowedCircleTypes($new, $circle);

$event->getData()->sInt('config', $new->getConfig());

Expand Down
6 changes: 4 additions & 2 deletions lib/Model/Member.php
Original file line number Diff line number Diff line change
Expand Up @@ -738,8 +738,10 @@ public function getMemberships(): array {
* @throws RequestBuilderException
*/
public function getLink(string $singleId, bool $detailed = false): Membership {
$this->getManager()->getLink($this, $singleId, $detailed);

if ($singleId !== '') {
$this->getManager()->getLink($this, $singleId, $detailed);
}

throw new MembershipNotFoundException();
}

Expand Down
8 changes: 7 additions & 1 deletion lib/Service/CircleService.php
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,9 @@ class CircleService {
/** @var MemberService */
private $memberService;

/** @var PermissionService */
private $permissionService;

/** @var ConfigService */
private $configService;

Expand All @@ -114,6 +117,7 @@ class CircleService {
* @param FederatedUserService $federatedUserService
* @param FederatedEventService $federatedEventService
* @param MemberService $memberService
* @param PermissionService $permissionService
* @param ConfigService $configService
*/
public function __construct(
Expand All @@ -125,6 +129,7 @@ public function __construct(
FederatedUserService $federatedUserService,
FederatedEventService $federatedEventService,
MemberService $memberService,
PermissionService $permissionService,
ConfigService $configService
) {
$this->l10n = $l10n;
Expand All @@ -135,6 +140,7 @@ public function __construct(
$this->federatedUserService = $federatedUserService;
$this->federatedEventService = $federatedEventService;
$this->memberService = $memberService;
$this->permissionService = $permissionService;
$this->configService = $configService;

$this->setup('app', Application::APP_ID);
Expand Down Expand Up @@ -197,7 +203,7 @@ public function create(
}

$this->confirmName($circle);
$this->configService->confirmAllowedCircleTypes($circle);
$this->permissionService->confirmAllowedCircleTypes($circle);

$member = new Member();
$member->importFromIFederatedUser($owner);
Expand Down
7 changes: 7 additions & 0 deletions lib/Service/ConfigService.php
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,10 @@ class ConfigService {
public const ALLOWED_TYPES = 'allowed_types';
public const CIRCLE_TYPES_FORCE = 'circle_types_force';
public const CIRCLE_TYPES_BLOCK = 'circle_types_block';

public const BYPASS_CIRCLE_TYPES = 'bypass_circle_types';
public const LIMIT_CIRCLE_CREATION = 'limit_circle_creation';

public const MIGRATION_BYPASS = 'migration_bypass';
public const MIGRATION_22 = 'migration_22';
public const MIGRATION_22_1 = 'migration_22_1';
Expand Down Expand Up @@ -183,6 +187,9 @@ class ConfigService {
self::CIRCLE_TYPES_FORCE => '0',
self::CIRCLE_TYPES_BLOCK => '0',

self::BYPASS_CIRCLE_TYPES => '',
self::LIMIT_CIRCLE_CREATION => '',

self::MIGRATION_BYPASS => '0',
self::MIGRATION_22 => '0',
self::MIGRATION_22_1 => '0',
Expand Down
Loading