Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[stable23] limit some feature when Circles is managed by an app #982

Merged
merged 1 commit into from
Mar 31, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
117 changes: 111 additions & 6 deletions lib/CirclesManager.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@

namespace OCA\Circles;

use OCA\Circles\Tools\Exceptions\InvalidItemException;
use OCA\Circles\Exceptions\CircleNotFoundException;
use OCA\Circles\Exceptions\ContactAddressBookNotFoundException;
use OCA\Circles\Exceptions\ContactFormatException;
Expand Down Expand Up @@ -59,10 +58,11 @@
use OCA\Circles\Model\Membership;
use OCA\Circles\Model\Probes\CircleProbe;
use OCA\Circles\Service\CircleService;
use OCA\Circles\Service\ConfigService;
use OCA\Circles\Service\FederatedUserService;
use OCA\Circles\Service\MemberService;
use OCA\Circles\Service\MembershipService;
use OCP\IUserSession;
use OCA\Circles\Tools\Exceptions\InvalidItemException;

/**
* Class CirclesManager
Expand All @@ -72,9 +72,6 @@
class CirclesManager {


/** @var CirclesQueryHelper */
private $circlesQueryHelper;

/** @var FederatedUserService */
private $federatedUserService;

Expand All @@ -87,27 +84,36 @@ class CirclesManager {
/** @var MembershipService */
private $membershipService;

/** @var ConfigService */
private $configService;

/** @var CirclesQueryHelper */
private $circlesQueryHelper;


/**
* CirclesManager constructor.
*
* @param IUserSession $userSession
* @param FederatedUserService $federatedUserService
* @param CircleService $circleService
* @param MemberService $memberService
* @param MembershipService $membershipService
* @param ConfigService $configService
* @param CirclesQueryHelper $circlesQueryHelper
*/
public function __construct(
FederatedUserService $federatedUserService,
CircleService $circleService,
MemberService $memberService,
MembershipService $membershipService,
ConfigService $configService,
CirclesQueryHelper $circlesQueryHelper
) {
$this->federatedUserService = $federatedUserService;
$this->circleService = $circleService;
$this->memberService = $memberService;
$this->membershipService = $membershipService;
$this->configService = $configService;
$this->circlesQueryHelper = $circlesQueryHelper;
}

Expand Down Expand Up @@ -136,6 +142,29 @@ public function getFederatedUser(string $federatedId, int $type = Member::TYPE_S
return $this->federatedUserService->getFederatedUser($federatedId, $type);
}

/**
* @param string $userId
*
* @return FederatedUser
* @throws CircleNotFoundException
* @throws FederatedItemException
* @throws FederatedUserException
* @throws FederatedUserNotFoundException
* @throws InvalidIdException
* @throws MemberNotFoundException
* @throws OwnerNotFoundException
* @throws RemoteInstanceException
* @throws RemoteNotFoundException
* @throws RemoteResourceNotFoundException
* @throws RequestBuilderException
* @throws SingleCircleNotFoundException
* @throws UnknownRemoteException
* @throws UserTypeNotFoundException
*/
public function getLocalFederatedUser(string $userId): FederatedUser {
return $this->getFederatedUser($userId, Member::TYPE_USER);
}


/**
* @throws FederatedUserNotFoundException
Expand All @@ -161,6 +190,22 @@ public function startSuperSession(): void {
}


/**
* @param string $appId
* @param int $appSerial
*
* @throws ContactAddressBookNotFoundException
* @throws ContactFormatException
* @throws ContactNotFoundException
* @throws FederatedUserException
* @throws InvalidIdException
* @throws RequestBuilderException
* @throws SingleCircleNotFoundException
*/
public function startAppSession(string $appId, int $appSerial = Member::APP_DEFAULT): void {
$this->federatedUserService->setLocalCurrentApp($appId, $appSerial);
}

/**
* $userId - userId to emulate as initiator (can be empty)
* $userType - specify if userIs not a singleId
Expand Down Expand Up @@ -304,6 +349,66 @@ public function getCircle(string $singleId, ?CircleProbe $probe = null): Circle
}


/**
* @param Circle $circle
*
* @throws CircleNotFoundException
* @throws FederatedEventException
* @throws FederatedItemException
* @throws InitiatorNotConfirmedException
* @throws InitiatorNotFoundException
* @throws OwnerNotFoundException
* @throws RemoteInstanceException
* @throws RemoteNotFoundException
* @throws RemoteResourceNotFoundException
* @throws RequestBuilderException
* @throws UnknownRemoteException
*/
public function updateConfig(Circle $circle): void {
$this->circleService->updateConfig($circle->getSingleId(), $circle->getConfig());
}


/**
* @param string $circleId
* @param bool $enabled
*
* @throws CircleNotFoundException
* @throws FederatedEventException
* @throws FederatedItemException
* @throws FederatedUserException
* @throws InitiatorNotConfirmedException
* @throws InitiatorNotFoundException
* @throws OwnerNotFoundException
* @throws RemoteInstanceException
* @throws RemoteNotFoundException
* @throws RemoteResourceNotFoundException
* @throws RequestBuilderException
* @throws UnknownRemoteException
*/
public function flagAsAppManaged(string $circleId, bool $enabled = true): void {
$this->federatedUserService->confirmSuperSession();
$this->federatedUserService->setOwnerAsCurrentUser($circleId);

$probe = new CircleProbe();
$probe->includeSystemCircles();

$localCircle = $this->circleService->getCircle($circleId, $probe);
if (!$this->configService->isLocalInstance($localCircle->getInstance())) {
throw new CircleNotFoundException('This Circle is not managed from this instance');
}

$config = $localCircle->getConfig();
if ($enabled) {
$config |= Circle::CFG_APP;
} else {
$config &= ~Circle::CFG_APP;
}

$this->circleService->updateConfig($circleId, $config);
}


/**
* @param string $circleId
* @param FederatedUser $federatedUser
Expand Down
20 changes: 14 additions & 6 deletions lib/Command/CirclesConfig.php
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,10 @@ protected function configure() {
)
->addOption('initiator', '', InputOption::VALUE_REQUIRED, 'set an initiator to the request', '')
->addOption('initiator-type', '', InputOption::VALUE_REQUIRED, 'set initiator type', '0')
->addOption(
'super-session', '',
InputOption::VALUE_NONE, 'use super session to bypass some condition'
)
->addOption('status-code', '', InputOption::VALUE_NONE, 'display status code on exception');
}

Expand Down Expand Up @@ -133,12 +137,16 @@ protected function execute(InputInterface $input, OutputInterface $output): int
$circleId = (string)$input->getArgument('circle_id');

try {
$this->federatedUserService->commandLineInitiator(
$input->getOption('initiator'),
Member::parseTypeString($input->getOption('initiator-type')),
$circleId,
false
);
if ($input->getArgument('super-session')) {
$this->federatedUserService->bypassCurrentUserCondition(true);
} else {
$this->federatedUserService->commandLineInitiator(
$input->getOption('initiator'),
Member::parseTypeString($input->getOption('initiator-type')),
$circleId,
false
);
}

$circle = $this->circleService->getCircle($circleId);

Expand Down
34 changes: 34 additions & 0 deletions lib/Exceptions/RemoteCircleException.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
<?php

declare(strict_types=1);


/**
* Circles - Bring cloud-users closer together.
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Maxence Lange <maxence@artificial-owl.com>
* @copyright 2021
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/

namespace OCA\Circles\Exceptions;

class RemoteCircleException extends FederatedItemBadRequestException {
}
34 changes: 34 additions & 0 deletions lib/Exceptions/SuperSessionException.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
<?php

declare(strict_types=1);


/**
* Circles - Bring cloud-users closer together.
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Maxence Lange <maxence@artificial-owl.com>
* @copyright 2022
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/

namespace OCA\Circles\Exceptions;

class SuperSessionException extends FederatedItemUnauthorizedException {
}
11 changes: 10 additions & 1 deletion lib/FederatedItems/CircleConfig.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,6 @@

namespace OCA\Circles\FederatedItems;

use OCA\Circles\Tools\Traits\TDeserialize;
use OCA\Circles\Db\CircleRequest;
use OCA\Circles\Exceptions\FederatedItemBadRequestException;
use OCA\Circles\Exceptions\FederatedItemException;
Expand All @@ -41,6 +40,7 @@
use OCA\Circles\Model\Federated\FederatedEvent;
use OCA\Circles\Model\Helpers\MemberHelper;
use OCA\Circles\Service\ConfigService;
use OCA\Circles\Tools\Traits\TDeserialize;

/**
* Class CircleConfig
Expand Down Expand Up @@ -89,6 +89,15 @@ public function verify(FederatedEvent $event): void {
$listing = array_merge($listing, Circle::$DEF_CFG_SYSTEM_FILTER);
}

// filtering config values when not using Super Session
if (!$event->getParams()->gBool('superSession')) {
if ($circle->isConfig(Circle::CFG_APP)) {
$config |= Circle::CFG_APP;
} else {
$config &= ~Circle::CFG_APP;
}
}

$confirmed = true;
foreach ($listing as $item) {
if ($circle->isConfig($item, $config)) {
Expand Down
16 changes: 15 additions & 1 deletion lib/FederatedItems/CircleDestroy.php
Original file line number Diff line number Diff line change
Expand Up @@ -31,18 +31,22 @@

namespace OCA\Circles\FederatedItems;

use OCA\Circles\Tools\Traits\TDeserialize;
use OCA\Circles\Db\CircleRequest;
use OCA\Circles\Db\MemberRequest;
use OCA\Circles\Exceptions\FederatedItemBadRequestException;
use OCA\Circles\Exceptions\RequestBuilderException;
use OCA\Circles\IFederatedItem;
use OCA\Circles\IFederatedItemAsyncProcess;
use OCA\Circles\IFederatedItemHighSeverity;
use OCA\Circles\IFederatedItemMemberEmpty;
use OCA\Circles\Model\Circle;
use OCA\Circles\Model\Federated\FederatedEvent;
use OCA\Circles\Model\Helpers\MemberHelper;
use OCA\Circles\Service\EventService;
use OCA\Circles\Service\MembershipService;
use OCA\Circles\StatusCode;
use OCA\Circles\Tools\Traits\TDeserialize;
use OCA\Circles\Tools\Traits\TStringTools;

/**
* Class CircleDestroy
Expand All @@ -54,6 +58,7 @@ class CircleDestroy implements
IFederatedItemHighSeverity,
IFederatedItemAsyncProcess,
IFederatedItemMemberEmpty {
use TStringTools;
use TDeserialize;


Expand Down Expand Up @@ -91,9 +96,18 @@ public function __construct(

/**
* @param FederatedEvent $event
*
* @throws FederatedItemBadRequestException
*/
public function verify(FederatedEvent $event): void {
$circle = $event->getCircle();
if ($circle->isConfig(Circle::CFG_APP)) {
throw new FederatedItemBadRequestException(
StatusCode::$CIRCLE_DESTROY[120],
120
);
}

$initiator = $circle->getInitiator();

$initiatorHelper = new MemberHelper($initiator);
Expand Down
Loading