Disable ui elements if permissions are not sufficient

2016-10-29 02:08:28 +02:00
parent fabeb8347d
commit 5d85771ac0
19 changed files with 197 additions and 67 deletions
--- a/lib/AppInfo/Application.php
+++ b/lib/AppInfo/Application.php
@@ -49,6 +49,7 @@ class Application extends App {
 				$container->query('ControllerMethodReflector')
 			);
 		});
+		/** @noinspection PhpMethodOrClassCallIsNotCaseSensitiveInspection */
 		$container->registerMiddleware('SharingMiddleware');

 	}
--- a/lib/Controller/BoardController.php
+++ b/lib/Controller/BoardController.php
@@ -23,6 +23,7 @@

 namespace OCA\Deck\Controller;

+use OCA\Deck\Db\Acl;
 use OCA\Deck\Service\BoardService;

 use OCP\IRequest;
@@ -121,6 +122,33 @@ class BoardController extends Controller {
        return $this->boardService->labels($boardId);
    }

+	/**
+	 * @NoAdminRequired
+	 * @RequireReadPermission
+	 * @param $boardId
+	 * @return array|bool
+	 * @internal param $userId
+	 */
+	public function getUserPermissions($boardId) {
+		$board = $this->boardService->find($boardId);
+		if($this->userId === $board->getOwner()) {
+			return [
+				'PERMISSION_READ' => true,
+				'PERMISSION_EDIT' => true,
+				'PERMISSION_MANAGE' => true,
+				'PERMISSION_SHARE' => true,
+			];
+		}
+
+		return [
+			'PERMISSION_READ' => $this->boardService->getPermission($boardId, $this->userId, Acl::PERMISSION_READ),
+			'PERMISSION_EDIT' => $this->boardService->getPermission($boardId, $this->userId, Acl::PERMISSION_EDIT),
+			'PERMISSION_MANAGE' => $this->boardService->getPermission($boardId, $this->userId, Acl::PERMISSION_MANAGE),
+			'PERMISSION_SHARE' => $this->boardService->getPermission($boardId, $this->userId, Acl::PERMISSION_SHARE),
+		];
+
+	}
+
 	/**
 	 * @NoAdminRequired
 	 * @RequireManagePermission
--- a/lib/Controller/ShareController.php
+++ b/lib/Controller/ShareController.php
@@ -24,6 +24,8 @@
 namespace OCA\Deck\Controller;

 use OCA\Deck\Db\Acl;
+
+use OCA\Deck\Service\BoardService;
 use OCP\IGroupManager;
 use OCP\IRequest;
 use OCP\AppFramework\Controller;
@@ -31,20 +33,23 @@ use OCP\IUserManager;

 class ShareController extends Controller {

-    protected $userManager;
-    protected $groupManager;
+    private $userManager;
+    private $groupManager;
+	private $boardService;
    private $userId;

    public function __construct($appName,
                                IRequest $request,
                                IUserManager $userManager,
                                IGroupManager $groupManager,
+								BoardService $boardService,
                                $userId
    ){
        parent::__construct($appName, $request);
        $this->userManager = $userManager;
        $this->groupManager = $groupManager;
        $this->userId = $userId;
+		$this->boardService = $boardService;

    }

@@ -81,4 +86,8 @@ class ShareController extends Controller {
        }
        return $result;
    }
+
+
+
+
 }
--- a/lib/Db/BoardMapper.php
+++ b/lib/Db/BoardMapper.php
@@ -42,9 +42,11 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {

 	/**
 	 * @param $id
+	 * @param bool $withLabels
+	 * @param bool $withAcl
 	 * @return \OCP\AppFramework\Db\Entity if not found
 	 */
-    public function find($id) {
+    public function find($id, $withLabels=false, $withAcl=false) {
        $sql = 'SELECT id, title, owner, color, archived FROM `*PREFIX*deck_boards` ' .
            'WHERE `id` = ?';
        $board = $this->findEntity($sql, [$id]);
@@ -95,13 +97,12 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
        }
        $sql = 'SELECT boards.id, title, owner, color, archived, 2 as shared FROM oc_deck_boards as boards ' .
            'INNER JOIN oc_deck_board_acl as acl ON boards.id=acl.board_id WHERE owner != ? AND type=\'group\' AND (';
-        $countGroups = 0;
-		// FIXME: group unused?
-        foreach ($groups as $group) {
-            $sql .= 'acl.participant = ? ';
-            if(count($groups)>1 && $countGroups++<count($groups)-1)
-                $sql .= ' OR ';
-        }
+		for($i=0;$i<count($groups);$i++) {
+			$sql .= 'acl.participant = ? ';
+			if(count($groups)>1 && $i<count($groups)-1) {
+				$sql .= ' OR ';
+			}
+		}
        $sql .= ');';
        $entries = $this->findEntities($sql,  array_merge([$userId], $groups), $limit, $offset);
        /* @var Board $entry */
@@ -112,7 +113,8 @@ class BoardMapper extends DeckMapper implements IPermissionMapper {
        return $entries;
    }

-    public function delete(\OCP\AppFramework\Db\Entity $entity) {
+    public function delete(/** @noinspection PhpUnnecessaryFullyQualifiedNameInspection */
+		\OCP\AppFramework\Db\Entity $entity) {
    	// delete acl
 		$acl = $this->aclMapper->findAll($entity->getId());
 		foreach ($acl as $item) {
--- a/lib/Db/CardMapper.php
+++ b/lib/Db/CardMapper.php
@@ -25,8 +25,6 @@ namespace OCA\Deck\Db;

 use OCP\AppFramework\Db\Entity;
 use OCP\IDb;
-use OCP\AppFramework\Db\Mapper;
-


 class CardMapper extends DeckMapper implements IPermissionMapper {
--- a/lib/Db/DeckMapper.php
+++ b/lib/Db/DeckMapper.php
@@ -51,6 +51,8 @@ abstract class DeckMapper extends Mapper {

 	protected function execute($sql, array $params = [], $limit = null, $offset = null) {
 		// FIXME: remove on release
+		/** @noinspection PhpUnnecessaryFullyQualifiedNameInspection */
+		/** @noinspection PhpUnnecessaryFullyQualifiedNameInspection */
 		\OCP\Util::writeLog('deck', "DeckMapper SQL: " . $sql . " with " . implode("|", $params), \OCP\Util::DEBUG);
 		return parent::execute($sql, $params, $limit, $offset);
 	}
--- a/lib/Db/StackMapper.php
+++ b/lib/Db/StackMapper.php
@@ -25,7 +25,6 @@ namespace OCA\Deck\Db;

 use OCP\AppFramework\Db\Entity;
 use OCP\IDb;
-use OCP\AppFramework\Db\Mapper;


 class StackMapper extends DeckMapper implements IPermissionMapper {
--- a/lib/Middleware/SharingMiddleware.php
+++ b/lib/Middleware/SharingMiddleware.php
@@ -27,9 +27,11 @@ use OCA\Deck\Controller\BoardController;
 use OCA\Deck\Controller\CardController;
 use OCA\Deck\Controller\LabelController;
 use OCA\Deck\Controller\PageController;
-use OCA\Deck\Controller\ShareController;
+
+
 use OCA\Deck\NoPermissionException;
 use OCA\Deck\NotFoundException;
+
 use \OCP\AppFramework\Middleware;
 use OCP\IContainer;
 use OCP\IRequest;
@@ -47,6 +49,7 @@ class SharingMiddleware extends Middleware {
 	private $reflector;
 	private $groupManager;
 	private $aclMapper;
+	private $boardService;


 	public function __construct(
@@ -61,6 +64,7 @@ class SharingMiddleware extends Middleware {
 		$this->reflector = $reflector;
 		$this->aclMapper = $this->container->query('OCA\Deck\Db\AclMapper');
 		$this->groupManager = $this->container->query('\OCP\IGroupManager');
+		$this->boardService = $this->container->query('OCA\Deck\Service\BoardService');
 	}

 	/**
@@ -117,8 +121,7 @@ class SharingMiddleware extends Middleware {
 		$mapper = null;
 		$id = null;

-		// FIXME: ShareController#search should be limited to board users/groups
-		if ($controller instanceof BoardController or $controller instanceof ShareController) {
+		if ($controller instanceof BoardController) {
 			$mapper = $this->container->query('OCA\Deck\Db\BoardMapper');
 			$id = $params['boardId'];
 		}
@@ -198,29 +201,12 @@ class SharingMiddleware extends Middleware {
 		if ($mapper->isOwner($userId, $id)) {
 			return true;
 		}
-		
 		// find related board
 		$boardId = $mapper->findBoardId($id);
 		if(!$boardId) {
 			throw new NotFoundException("Entity not found");
 		}
-		// check if is in acl
-
-		$acls = $this->aclMapper->findAll($boardId);
-		// check for users
-		foreach ($acls as $acl) {
-			if ($acl->getType() === "user" && $acl->getParticipant() === $userId) {
-				return $acl->getPermission($permission);
-			}
-		}
-		// check for groups
-		$hasGroupPermission = false;
-		foreach ($acls as $acl) {
-			if (!$hasGroupPermission && $acl->getType() === "group" && $this->groupManager->isInGroup($userId, $acl->getParticipant())) {
-				$hasGroupPermission = $acl->getPermission($permission);
-			}
-		}
-		return $hasGroupPermission;
+		return $this->boardService->getPermission($boardId, $userId, $permission);
 	}

 	/**
--- a/lib/Service/BoardService.php
+++ b/lib/Service/BoardService.php
@@ -26,6 +26,7 @@ namespace OCA\Deck\Service;
 use OCA\Deck\Db\Acl;
 use OCA\Deck\Db\AclMapper;
 use OCA\Deck\Db\Label;
+use OCP\IGroupManager;
 use OCP\ILogger;
 use OCP\IL10N;

@@ -33,6 +34,7 @@ use OCP\IL10N;
 use \OCA\Deck\Db\Board;
 use \OCA\Deck\Db\BoardMapper;
 use \OCA\Deck\Db\LabelMapper;
+use OCP\IUserManager;


 class BoardService {
@@ -47,12 +49,16 @@ class BoardService {
                                ILogger $logger,
                                IL10N $l10n,
                                LabelMapper $labelMapper,
-                                AclMapper $aclMapper) {
+                                AclMapper $aclMapper,
+								IUserManager $userManager,
+								IGroupManager $groupManager) {
        $this->boardMapper = $boardMapper;
        $this->labelMapper = $labelMapper;
        $this->aclMapper = $aclMapper;
        $this->logger = $logger;
        $this->l10n = $l10n;
+		$this->userManager = $userManager;
+		$this->groupManager = $groupManager;
    }

    public function findAll($userInfo) {
@@ -127,4 +133,22 @@ class BoardService {
        $acl = $this->aclMapper->find($id);
        return $this->aclMapper->delete($acl);
    }
+
+	public function getPermission($boardId, $user, $permission) {
+		$acls = $this->aclMapper->findAll($boardId);
+		// check for users
+		foreach ($acls as $acl) {
+			if ($acl->getType() === "user" && $acl->getParticipant() === $user) {
+				return $acl->getPermission($permission);
+			}
+		}
+		// check for groups
+		$hasGroupPermission = false;
+		foreach ($acls as $acl) {
+			if (!$hasGroupPermission && $acl->getType() === "group" && $this->groupManager->isInGroup($user, $acl->getParticipant())) {
+				$hasGroupPermission = $acl->getPermission($permission);
+			}
+		}
+		return $hasGroupPermission;
+	}
 }