Add SharingMiddleware for permission checks and small fixes

lib/Db/AclMapper.php

@@ -23,30 +23,48 @@
 
 namespace OCA\Deck\Db;
 
+use OCA\Deck\NoPermissionException;
 use OCP\AppFramework\Db\Entity;
 use OCP\IDb;
 use OCP\AppFramework\Db\Mapper;
 
 
-class AclMapper extends DeckMapper {
+class AclMapper extends DeckMapper implements IPermissionMapper {
 
     public function __construct(IDb $db) {
         parent::__construct($db, 'deck_board_acl', '\OCA\Deck\Db\Acl');
     }
 
     public function findAll($boardId, $limit=null, $offset=null) {
-        $sql = 'SELECT id, board_id, type, participant, permission_write, permission_invite, permission_manage, 0 as owner FROM `*PREFIX*deck_board_acl` WHERE `board_id` = ? UNION SELECT 0, id, \'user\', owner, 1, 1, 1, 1 FROM `*PREFIX*deck_boards` WHERE `id` = ? ';
+        $sql = 'SELECT id, board_id, type, participant, permission_write, permission_invite, permission_manage, 0 as owner FROM `*PREFIX*deck_board_acl` WHERE `board_id` = ? ' .
+            'UNION SELECT 0, id, \'user\', owner, 1, 1, 1, 1 FROM `*PREFIX*deck_boards` WHERE `id` = ? ';
         return $this->findEntities($sql, [$boardId, $boardId], $limit, $offset);
     }
 
+    public function findAllShared($boardId) {
+        $sql = 'SELECT id, board_id, type, participant, permission_write, permission_invite, permission_manage FROM `*PREFIX*deck_board_acl` WHERE `board_id` = ? ';
+        return $this->findEntities($sql, [$boardId]);
+    }
     public function findAllForCard($cardId, $userId) {
         $findBoardId = "(SELECT board_id from oc_deck_stacks WHERE id IN (SELECT stack_id from oc_deck_cards WHERE id = 15))";
-        $sql = "SELECT 0, id, 'user', owner, 1, 1, 1, 1 as owner FROM `oc_deck_boards` WHERE `id` IN (SELECT board_id from oc_deck_stacks WHERE id IN (SELECT stack_id from oc_deck_cards WHERE id = 15))
+        $sql = "SELECT 0, id, 'user', owner, 1, 1, 1, 1 as owner FROM `oc_deck_boards` " .
+            "WHERE `id` IN (SELECT board_id from oc_deck_stacks WHERE id IN (SELECT stack_id from oc_deck_cards WHERE id = 15))
 UNION
 SELECT id, board_id, type, participant, permission_write, permission_invite, permission_manage, 0 FROM oc_deck_board_acl 
 WHERE participant = 'admin' AND board_id IN (SELECT board_id from oc_deck_stacks WHERE id IN (SELECT stack_id from oc_deck_cards WHERE id = 15));";
 
     }
 
+    public function isOwner($userId, $aclId) {
+        $sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_board_acl` WHERE id = ?)';
+        $stmt = $this->execute($sql, [$aclId]);
+        $row = $stmt->fetch();
+        return ($row['owner'] === $userId);
+    }
+
+    public function findBoardId($aclId) {
+        $entity = $this->find($aclId);
+        return $entity->getBoardId();
+    }
 
 }

lib/Db/BoardMapper.php

@@ -28,7 +28,7 @@ use OCP\AppFramework\Db\Mapper;
 use Symfony\Component\Config\Definition\Exception\Exception;
 
 
-class BoardMapper extends Mapper {
+class BoardMapper extends Mapper implements IPermissionMapper {
 
     private $labelMapper;
     private $_relationMappers = array();
@@ -136,4 +136,14 @@ class BoardMapper extends Mapper {
 
     }
 
+    public function isOwner($userId, $boardId) {
+        $board = $this->find($boardId);
+        return ($board->getOwner() === $userId);
+    }
+
+    public function findBoardId($id) {
+        return $id;
+    }
+
+
 }

lib/Db/CardMapper.php

@@ -29,7 +29,7 @@ use OCP\AppFramework\Db\Mapper;
 
 
 
-class CardMapper extends Mapper {
+class CardMapper extends Mapper implements IPermissionMapper {
 
     private $labelMapper;
 
@@ -79,7 +79,6 @@ class CardMapper extends Mapper {
         return $entities;
     }
 
-    // TODO: test
     public function findAllArchived($stackId, $limit=null, $offset=null) {
         $sql = 'SELECT * FROM `*PREFIX*deck_cards` WHERE `stack_id`=? AND archived ORDER BY `last_modified`';
         $entities = $this->findEntities($sql, [$stackId], $limit, $offset);
@@ -107,5 +106,19 @@ class CardMapper extends Mapper {
         $stmt->execute();
     }
 
+    public function isOwner($userId, $cardId) {
+        $sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id IN (SELECT stack_id FROM `*PREFIX*deck_cards` WHERE id = ?))';
+        $stmt = $this->execute($sql, [$cardId]);
+        $row = $stmt->fetch();
+        return ($row['owner'] === $userId);
+    }
+
+    public function findBoardId($cardId) {
+        $sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id IN (SELECT stack_id FROM `*PREFIX*deck_cards` WHERE id = ?))';
+        $stmt = $this->execute($sql, [$cardId]);
+        $row = $stmt->fetch();
+        return $row['id'];
+    }
+
 
 }

lib/Db/DeckMapper.php

@@ -23,7 +23,6 @@
 
 namespace OCA\Deck\Db;
 
-use OCP\AppFramework\Db\Entity;
 use OCP\AppFramework\Db\Mapper;
 
 abstract class DeckMapper extends Mapper {

lib/Db/IPermissionMapper.php

@@ -0,0 +1,41 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Julius Härtl <jus@bitgrid.net>
+ *
+ * @author Julius Härtl <jus@bitgrid.net>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as
+ *  published by the Free Software Foundation, either version 3 of the
+ *  License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+/**
+ * Created by PhpStorm.
+ * User: jus
+ * Date: 19.08.16
+ * Time: 22:25
+ */
+
+namespace OCA\Deck\Db;
+
+
+interface IPermissionMapper {
+
+	public function isOwner($userId, $id);
+
+	public function findBoardId($id);
+
+	
+}

lib/Db/LabelMapper.php

@@ -28,7 +28,7 @@ use OCP\IDb;
 use OCP\AppFramework\Db\Mapper;
 
 
-class LabelMapper extends DeckMapper {
+class LabelMapper extends DeckMapper implements IPermissionMapper {
 
     public function __construct(IDb $db) {
         parent::__construct($db, 'deck_labels', '\OCA\Deck\Db\Label');
@@ -66,4 +66,16 @@ class LabelMapper extends DeckMapper {
         }
         return $result;
     }
+
+    public function isOwner($userId, $labelId) {
+        $sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_labels` WHERE id = ?)';
+        $stmt = $this->execute($sql, [$labelId]);
+        $row = $stmt->fetch();
+        return ($row['owner'] === $userId);
+    }
+
+    public function findBoardId($labelId) {
+        $entity = $this->find($labelId);
+        return $entity->getBoardId();
+    }
 }

lib/Db/StackMapper.php

@@ -28,7 +28,7 @@ use OCP\IDb;
 use OCP\AppFramework\Db\Mapper;
 
 
-class StackMapper extends Mapper {
+class StackMapper extends Mapper implements IPermissionMapper {
 
     private $cardMapper;
 
@@ -59,4 +59,16 @@ class StackMapper extends Mapper {
         // FIXME: delete linked elements, because owncloud doesn't support foreign keys for apps
         return parent::delete($entity);
     }
+
+    public function isOwner($userId, $stackId) {
+        $sql = 'SELECT * FROM `*PREFIX*deck_boards` WHERE `id` IN (SELECT board_id FROM `*PREFIX*deck_stacks` WHERE id = ?)';
+        $stmt = $this->execute($sql, [$stackId]);
+        $row = $stmt->fetch();
+        return ($row['owner'] === $userId);
+    }
+
+    public function findBoardId($stackId) {
+        $entity = $this->find($stackId);
+        return $entity->getBoardId();
+    }
 }