Merge pull request #3527 from nextcloud/backport/3500/stable22

lib/Db/BoardMapper.php

@@ -24,6 +24,7 @@
 namespace OCA\Deck\Db;
 
 use OC\Cache\CappedMemoryCache;
+use OCA\Deck\Service\CirclesService;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\IDBConnection;
 use OCP\IUserManager;
@@ -36,10 +37,10 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
 	private $stackMapper;
 	private $userManager;
 	private $groupManager;
+	private $circlesService;
 	private $logger;
 
-	private $circlesEnabled;
-
+	/** @var CappedMemoryCache */
 	private $userBoardCache;
 
 	public function __construct(
@@ -49,6 +50,7 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
 		StackMapper $stackMapper,
 		IUserManager $userManager,
 		IGroupManager $groupManager,
+		CirclesService $circlesService,
 		LoggerInterface $logger
 	) {
 		parent::__construct($db, 'deck_boards', Board::class);
@@ -57,12 +59,10 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
 		$this->stackMapper = $stackMapper;
 		$this->userManager = $userManager;
 		$this->groupManager = $groupManager;
+		$this->circlesService = $circlesService;
 		$this->logger = $logger;
 
 		$this->userBoardCache = new CappedMemoryCache();
-
-
-		$this->circlesEnabled = \OC::$server->getAppManager()->isEnabledForUser('circles');
 	}
 
 
@@ -181,12 +181,7 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
 	}
 
 	public function findAllByCircles($userId, $limit = null, $offset = null, $since = -1,$includeArchived = true) {
-		if (!$this->circlesEnabled) {
-			return [];
-		}
-		$circles = array_map(function ($circle) {
-			return $circle->getUniqueId();
-		}, \OCA\Circles\Api\v1\Circles::joinedCircles($userId, true));
+		$circles = $this->circlesService->getUserCircles($userId);
 		if (count($circles) === 0) {
 			return [];
 		}
@@ -277,11 +272,11 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
 				return null;
 			}
 			if ($acl->getType() === Acl::PERMISSION_TYPE_CIRCLE) {
-				if (!$this->circlesEnabled) {
+				if (!$this->circlesService->isCirclesEnabled()) {
 					return null;
 				}
 				try {
-					$circle = \OCA\Circles\Api\v1\Circles::detailsCircle($acl->getParticipant(), true);
+					$circle = $this->circlesService->getCircle($acl->getParticipant());
 					if ($circle) {
 						return new Circle($circle);
 					}

lib/Service/CardService.php

@@ -37,6 +37,7 @@ use OCA\Deck\Db\StackMapper;
 use OCA\Deck\Event\CardCreatedEvent;
 use OCA\Deck\Event\CardDeletedEvent;
 use OCA\Deck\Event\CardUpdatedEvent;
+use OCA\Deck\NoPermissionException;
 use OCA\Deck\Notification\NotificationHelper;
 use OCA\Deck\Db\BoardMapper;
 use OCA\Deck\Db\LabelMapper;
@@ -154,7 +155,12 @@ class CardService {
 	}
 
 	public function findCalendarEntries($boardId) {
-		$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ);
+		try {
+			$this->permissionService->checkPermission($this->boardMapper, $boardId, Acl::PERMISSION_READ);
+		} catch (NoPermissionException $e) {
+			\OC::$server->getLogger()->error('Unable to check permission for a previously obtained board ' . $boardId, ['exception' => $e]);
+			return [];
+		}
 		$cards = $this->cardMapper->findCalendarEntries($boardId);
 		foreach ($cards as $card) {
 			$this->enrich($card);

lib/Service/CirclesService.php

@@ -27,8 +27,11 @@ declare(strict_types=1);
 namespace OCA\Deck\Service;
 
 use OCA\Circles\CirclesManager;
+use OCA\Circles\Model\Circle;
 use OCA\Circles\Model\Member;
+use OCA\Circles\Model\Probes\CircleProbe;
 use OCP\App\IAppManager;
+use Throwable;
 
 /**
  * Wrapper around circles app API since it is not in a public namespace so we need to make sure that
@@ -45,15 +48,24 @@ class CirclesService {
 		return $this->circlesEnabled;
 	}
 
-	public function getCircle($circleId) {
+	public function getCircle(string $circleId): ?Circle {
 		if (!$this->circlesEnabled) {
 			return null;
 		}
 
-		return \OCA\Circles\Api\v1\Circles::detailsCircle($circleId, true);
+		try {
+
+			// Enforce current user condition since we always want the full list of members
+			/** @var CirclesManager $circlesManager */
+			$circlesManager = \OC::$server->get(CirclesManager::class);
+			$circlesManager->startSuperSession();
+			return $circlesManager->getCircle($circleId);
+		} catch (Throwable $e) {
+		}
+		return null;
 	}
 
-	public function isUserInCircle($circleId, $userId): bool {
+	public function isUserInCircle(string $circleId, string $userId): bool {
 		if (!$this->circlesEnabled) {
 			return false;
 		}
@@ -66,8 +78,32 @@ class CirclesService {
 			$circle = $circlesManager->getCircle($circleId);
 			$member = $circle->getInitiator();
 			return $member !== null && $member->getLevel() >= Member::LEVEL_MEMBER;
-		} catch (\Exception $e) {
+		} catch (Throwable $e) {
 		}
 		return false;
 	}
+
+	/**
+	 * @param string $userId
+	 * @return string[] circle single ids
+	 */
+	public function getUserCircles(string $userId): array {
+		if (!$this->circlesEnabled) {
+			return [];
+		}
+
+		try {
+			/** @var CirclesManager $circlesManager */
+			$circlesManager = \OC::$server->get(CirclesManager::class);
+			$federatedUser = $circlesManager->getFederatedUser($userId, Member::TYPE_USER);
+			$circlesManager->startSession($federatedUser);
+			$probe = new CircleProbe();
+			$probe->mustBeMember();
+			return array_map(function (Circle $circle) {
+				return $circle->getSingleId();
+			}, $circlesManager->getCircles($probe));
+		} catch (Throwable $e) {
+		}
+		return [];
+	}
 }

lib/Service/PermissionService.php

@@ -280,14 +280,14 @@ class PermissionService {
 
 			if ($this->circlesService->isCirclesEnabled() && $acl->getType() === Acl::PERMISSION_TYPE_CIRCLE) {
 				try {
-					$circle = \OCA\Circles\Api\v1\Circles::detailsCircle($acl->getParticipant(), true);
+					$circle = $this->circlesService->getCircle($acl->getParticipant());
 					if ($circle === null) {
 						$this->logger->info('No circle found for acl rule ' . $acl->getId());
 						continue;
 					}
 
 					foreach ($circle->getInheritedMembers() as $member) {
-						if ($member->getUserType() !== 1 || $member->getLevel() >= Member::LEVEL_MEMBER) {
+						if ($member->getUserType() !== 1 || $member->getLevel() < Member::LEVEL_MEMBER) {
 							// deck currently only supports user members in circles
 							continue;
 						}

lib/Service/StackService.php

@@ -35,6 +35,7 @@ use OCA\Deck\Db\ChangeHelper;
 use OCA\Deck\Db\LabelMapper;
 use OCA\Deck\Db\Stack;
 use OCA\Deck\Db\StackMapper;
+use OCA\Deck\NoPermissionException;
 use OCA\Deck\StatusException;
 
 class StackService {
@@ -142,7 +143,12 @@ class StackService {
 	}
 
 	public function findCalendarEntries($boardId) {
-		$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_READ);
+		try {
+			$this->permissionService->checkPermission(null, $boardId, Acl::PERMISSION_READ);
+		} catch (NoPermissionException $e) {
+			\OC::$server->getLogger()->error('Unable to check permission for a previously obtained board ' . $boardId, ['exception' => $e]);
+			return [];
+		}
 		return $this->stackMapper->findAll($boardId);
 	}
 

tests/psalm-baseline.xml

@@ -105,10 +105,6 @@
     <ParamNameMismatch occurrences="1">
       <code>$boardId</code>
     </ParamNameMismatch>
-    <UndefinedClass occurrences="2">
-      <code>\OCA\Circles\Api\v1\Circles</code>
-      <code>\OCA\Circles\Api\v1\Circles</code>
-    </UndefinedClass>
   </file>
   <file src="lib/Db/Card.php">
     <UndefinedClass occurrences="2">
@@ -205,9 +201,11 @@
   </file>
   <file src="lib/Service/CirclesService.php">
     <UndefinedClass occurrences="1">
-      <code>\OCA\Circles\Api\v1\Circles</code>
+      <code>?Circle</code>
     </UndefinedClass>
-    <UndefinedDocblockClass occurrences="1">
+    <UndefinedDocblockClass occurrences="3">
+      <code>$circlesManager</code>
+      <code>$circlesManager</code>
       <code>$circlesManager</code>
     </UndefinedDocblockClass>
   </file>
@@ -262,8 +260,8 @@
   </file>
   <file src="lib/Service/PermissionService.php">
     <UndefinedClass occurrences="2">
+      <code>$circle</code>
       <code>Member</code>
-      <code>\OCA\Circles\Api\v1\Circles</code>
     </UndefinedClass>
   </file>
   <file src="lib/Service/StackService.php">

tests/unit/Db/AclMapperTest.php

@@ -23,6 +23,7 @@
 
 namespace OCA\Deck\Db;
 
+use OCA\Deck\Service\CirclesService;
 use OCP\IGroupManager;
 use OCP\IUserManager;
 use Psr\Log\LoggerInterface;
@@ -56,6 +57,7 @@ class AclMapperTest extends MapperTestUtility {
 			\OC::$server->query(StackMapper::class),
 			$this->userManager,
 			$this->groupManager,
+			$this->createMock(CirclesService::class),
 			$this->createMock(LoggerInterface::class)
 		);
 

tests/unit/Db/BoardMapperTest.php

@@ -23,6 +23,7 @@
 
 namespace OCA\Deck\Db;
 
+use OCA\Deck\Service\CirclesService;
 use OCP\IDBConnection;
 use OCP\IGroupManager;
 use OCP\IUserManager;
@@ -63,6 +64,7 @@ class BoardMapperTest extends MapperTestUtility {
 			\OC::$server->query(StackMapper::class),
 			$this->userManager,
 			$this->groupManager,
+			$this->createMock(CirclesService::class),
 			$this->createMock(LoggerInterface::class)
 		);
 		$this->aclMapper = \OC::$server->query(AclMapper::class);