From 7c95783ab50f76e2cad84a104b07c77f4d93ebdd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julius=20H=C3=A4rtl?= <jus@bitgrid.net>
Date: Tue, 4 Dec 2018 09:11:50 +0100
Subject: [PATCH] Add group limit for creating boards
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Julius Härtl <jus@bitgrid.net>
---
 appinfo/routes.php                  |   3 +
 css/style.scss                      |  23 +++++-
 js/controller/ListController.js     |  62 +++++++++++++--
 lib/Controller/ConfigController.php | 118 ++++++++++++++++++++++++++++
 lib/Controller/PageController.php   |  11 ++-
 lib/Service/BoardService.php        |   5 ++
 lib/Service/PermissionService.php   |  26 +++++-
 templates/main.php                  |   2 +-
 templates/part.boardlist.php        |   2 +-
 templates/part.navigation.php       |   2 +-
 templates/part.settings.php         |  21 ++++-
 11 files changed, 257 insertions(+), 18 deletions(-)
 create mode 100644 lib/Controller/ConfigController.php

diff --git a/appinfo/routes.php b/appinfo/routes.php
index dd55fb408..5899c005a 100644
--- a/appinfo/routes.php
+++ b/appinfo/routes.php
@@ -26,6 +26,9 @@ return [
 	'routes' => [
 		['name' => 'page#index', 'url' => '/', 'verb' => 'GET'],
 
+		['name' => 'Config#get', 'url' => '/config', 'verb' => 'GET'],
+		['name' => 'Config#setValue', 'url' => '/config/{key}', 'verb' => 'POST'],
+
 		// boards
 		['name' => 'board#index', 'url' => '/boards', 'verb' => 'GET'],
 		['name' => 'board#create', 'url' => '/boards', 'verb' => 'POST'],
diff --git a/css/style.scss b/css/style.scss
index 40fba0d0a..779eccffa 100644
--- a/css/style.scss
+++ b/css/style.scss
@@ -148,6 +148,22 @@ input.input-inline {
 
 }
 
+#app-settings-content {
+	overflow: initial;
+
+	.ui-select-match-item {
+		border: 1px solid var(--color-background-darker) !important;
+		.select-label {
+			color: var(--color-main-text);
+		}
+	}
+
+	p.hint {
+		margin-top: 10px;
+		color: var(--color-text-light);
+	}
+}
+
 /**
  * Board view
  */
@@ -1246,6 +1262,7 @@ input.input-inline {
 		display: inline-block;
 		overflow: hidden;
 		vertical-align: middle;
+		flex-grow: 1;
 	}
 
 	.icon-delete {
@@ -1404,6 +1421,10 @@ input.input-inline {
 		}
 		.select2-search-field {
 			margin-right: -10px;
+			flex-grow: 1;
+			input {
+				width: 100% !important;
+			}
 		}
 	}
 
@@ -1537,7 +1558,7 @@ input.input-inline {
 	table {
 		margin-bottom: 10px;
 		border-collapse: collapse;
-		
+
 		thead {
 			background-color: var(--color-background-dark, $color-lightgrey);
 		}
diff --git a/js/controller/ListController.js b/js/controller/ListController.js
index f3c0baefd..6f2a0205f 100644
--- a/js/controller/ListController.js
+++ b/js/controller/ListController.js
@@ -4,25 +4,25 @@
  * @author Julius Härtl <jus@bitgrid.net>
  *
  * @license GNU AGPL version 3 or any later version
- *  
+ *
  *  This program is free software: you can redistribute it and/or modify
  *  it under the terms of the GNU Affero General Public License as
  *  published by the Free Software Foundation, either version 3 of the
  *  License, or (at your option) any later version.
- *  
+ *
  *  This program is distributed in the hope that it will be useful,
  *  but WITHOUT ANY WARRANTY; without even the implied warranty of
  *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  *  GNU Affero General Public License for more details.
- *  
+ *
  *  You should have received a copy of the GNU Affero General Public License
  *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *  
+ *
  */
 
-/* global app angular */
+/* global app angular oc_isadmin */
 
-var ListController = function ($scope, $location, $filter, BoardService, $element, $timeout, $stateParams, $state, StatusService) {
+var ListController = function ($scope, $location, $filter, BoardService, $element, $timeout, $stateParams, $state, StatusService, $http, $q, $rootScope) {
 
 	function calculateNewColor() {
 		var boards = BoardService.getAll();
@@ -55,6 +55,56 @@ var ListController = function ($scope, $location, $filter, BoardService, $elemen
 	$scope.colors = ['0082c9', '00c9c6','00c906', 'c92b00', 'F1DB50', '7C31CC', '3A3B3D', 'CACBCD'];
 	$scope.boardservice = BoardService;
 	$scope.updatingBoard = null;
+	$scope.isAdmin = oc_isadmin;
+	$scope.canCreate = $rootScope.config.canCreate;
+
+	if ($scope.isAdmin) {
+		OC.Apps.enableDynamicSlideToggle();
+		$scope.groups = [];
+		$scope.groupLimit = [];
+		$scope.groupLimitDisabled = true;
+		let fetchGroups = function () {
+			var deferred = $q.defer();
+			$http.get(OC.linkToOCS('cloud', 2) + 'groups/details').then(function (response) {
+				$scope.groups = response.data.ocs.data.groups;
+				deferred.resolve(response.data.ocs.data.groups);
+			}, function (error) {
+				deferred.reject('Error while loading groups');
+			});
+			$http.get(OC.generateUrl('apps/deck/config')).then(function (response) {
+				$scope.groupLimit = response.data.groupLimit;
+				$scope.groupLimitDisabled = false;
+				deferred.resolve(response.data);
+			}, function (error) {
+				deferred.reject('Error while loading groupLimit');
+			});
+			return deferred.promise;
+		};
+
+		let updateConfig = function() {
+			$scope.groupLimitDisabled = true;
+			var deferred = $q.defer();
+			$http.post(OC.generateUrl('apps/deck/config/groupLimit'), {value: $scope.groupLimit}).then(function (response) {
+				$scope.groupLimitDisabled = false;
+				deferred.resolve(response.data);
+			}, function (error) {
+				deferred.reject('Error while saving groupLimit');
+			});
+			return deferred.promise;
+		};
+
+		$scope.groupLimitAdd = function (element, model) {
+			$scope.groupLimit.push(element);
+			updateConfig();
+		};
+		$scope.groupLimitRemove = function (element, model) {
+			$scope.groupLimit = $scope.groupLimit.filter((el) => {
+				return el.id !== element.id;
+			});
+			updateConfig();
+		};
+		fetchGroups();
+	}
 
 	var filterData = function () {
 		if($element.attr('id') === 'app-navigation') {
diff --git a/lib/Controller/ConfigController.php b/lib/Controller/ConfigController.php
new file mode 100644
index 000000000..98390fd58
--- /dev/null
+++ b/lib/Controller/ConfigController.php
@@ -0,0 +1,118 @@
+<?php
+/**
+ * @copyright Copyright (c) 2018 Julius Härtl <jus@bitgrid.net>
+ *
+ * @author Julius Härtl <jus@bitgrid.net>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Deck\Controller;
+
+use OCA\Deck\Service\DefaultBoardService;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\Http\NotFoundResponse;
+use OCP\IConfig;
+use OCP\IGroup;
+use OCP\IGroupManager;
+use OCP\IRequest;
+use OCP\AppFramework\Http\TemplateResponse;
+use OCP\AppFramework\Controller;
+use OCP\IL10N;
+
+class ConfigController extends Controller {
+
+	private $config;
+	private $userId;
+	private $groupManager;
+
+	public function __construct(
+		$AppName,
+		IRequest $request,
+		IConfig $config,
+		IGroupManager $groupManager,
+		$userId
+		) {
+		parent::__construct($AppName, $request);
+
+		$this->userId = $userId;
+		$this->groupManager = $groupManager;
+		$this->config = $config;
+	}
+
+	/**
+	 * @NoCSRFRequired
+	 */
+	public function get() {
+		$data = [
+			'groupLimit' => $this->getGroupLimit(),
+		];
+		return new DataResponse($data);
+	}
+
+	/**
+	 * @NoCSRFRequired
+	 */
+	public function setValue($key, $value) {
+		switch ($key) {
+			case 'groupLimit':
+				$result = $this->setGroupLimit($value);
+				break;
+		}
+		if ($result === null) {
+			return new NotFoundResponse();
+		}
+		return new DataResponse($result);
+	}
+
+	private function setGroupLimit($value) {
+		$groups = [];
+		foreach ($value as $group) {
+			$groups[] = $group['id'];
+		}
+		$data = implode(',', $groups);
+		$this->config->setAppValue($this->appName, 'groupLimit', $data);
+		return $groups;
+	}
+
+	private function getGroupLimitList() {
+		$value = $this->config->getAppValue($this->appName, 'groupLimit', '');
+		$groups = explode(',', $value);
+		if ($value === '') {
+			return [];
+		}
+		return $groups;
+	}
+
+	private function getGroupLimit() {
+		$groups = $this->getGroupLimitList();
+		$groups = array_map(function($groupId) {
+			/** @var IGroup $groups */
+			$group = $this->groupManager->get($groupId);
+			return [
+				'id' => $group->getGID(),
+				'displayname' => $group->getDisplayName(),
+				'usercount' => $group->count(),
+				'disabled' => $group->countDisabled(),
+				'canAdd' => $group->canAddUser(),
+				'canRemove' => $group->canRemoveUser(),
+			];
+		}, $groups);
+		return $groups;
+	}
+
+}
diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php
index e457c154f..4cb9f79e6 100644
--- a/lib/Controller/PageController.php
+++ b/lib/Controller/PageController.php
@@ -24,6 +24,7 @@
 namespace OCA\Deck\Controller;
 
 use OCA\Deck\Service\DefaultBoardService;
+use OCA\Deck\Service\PermissionService;
 use OCP\IRequest;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Controller;
@@ -32,13 +33,15 @@ use OCP\IL10N;
 class PageController extends Controller {
 
 	private $defaultBoardService;
+	private $permissionService;
 	private $userId;
 	private $l10n;
 
 	public function __construct(
-		$AppName, 
-		IRequest $request,		
+		$AppName,
+		IRequest $request,
 		DefaultBoardService $defaultBoardService,
+		PermissionService $permissionService,
 		IL10N $l10n,
 		$userId
 		) {
@@ -46,6 +49,7 @@ class PageController extends Controller {
 
 		$this->userId = $userId;
 		$this->defaultBoardService = $defaultBoardService;
+		$this->permissionService = $permissionService;
 		$this->l10n = $l10n;
 	}
 
@@ -60,8 +64,9 @@ class PageController extends Controller {
 		$params = [
 			'user' => $this->userId,
 			'maxUploadSize' => (int)\OCP\Util::uploadLimit(),
+			'canCreate' => $this->permissionService->canCreate()
 		];
-			
+
 		if ($this->defaultBoardService->checkFirstRun($this->userId, $this->appName)) {
 			$this->defaultBoardService->createDefaultBoard($this->l10n->t('Personal'), $this->userId, '000000');
 		}
diff --git a/lib/Service/BoardService.php b/lib/Service/BoardService.php
index 5d81965e7..d8997817a 100644
--- a/lib/Service/BoardService.php
+++ b/lib/Service/BoardService.php
@@ -31,6 +31,7 @@ use OCA\Deck\Db\AssignedUsersMapper;
 use OCA\Deck\Db\ChangeHelper;
 use OCA\Deck\Db\IPermissionMapper;
 use OCA\Deck\Db\Label;
+use OCA\Deck\NoPermissionException;
 use OCA\Deck\Notification\NotificationHelper;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\IGroupManager;
@@ -250,6 +251,10 @@ class BoardService {
 			throw new BadRequestException('color must be provided');
 		}
 
+		if (!$this->permissionService->canCreate()) {
+			throw new NoPermissionException('Creating boards has been disabled for your account.');
+		}
+
 		$board = new Board();
 		$board->setTitle($title);
 		$board->setOwner($userId);
diff --git a/lib/Service/PermissionService.php b/lib/Service/PermissionService.php
index 08eb9697e..0f98d0ab4 100644
--- a/lib/Service/PermissionService.php
+++ b/lib/Service/PermissionService.php
@@ -33,6 +33,7 @@ use OCA\Deck\NoPermissionException;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Db\Entity;
 use OCP\AppFramework\Db\MultipleObjectsReturnedException;
+use OCP\IConfig;
 use OCP\IGroupManager;
 use OCP\ILogger;
 use OCP\IUserManager;
@@ -50,6 +51,8 @@ class PermissionService {
 	private $userManager;
 	/** @var IGroupManager */
 	private $groupManager;
+	/** @var IConfig */
+	private $config;
 	/** @var string */
 	private $userId;
 	/** @var array */
@@ -61,6 +64,7 @@ class PermissionService {
 		BoardMapper $boardMapper,
 		IUserManager $userManager,
 		IGroupManager $groupManager,
+		IConfig $config,
 		$userId
 	) {
 		$this->aclMapper = $aclMapper;
@@ -68,6 +72,7 @@ class PermissionService {
 		$this->logger = $logger;
 		$this->userManager = $userManager;
 		$this->groupManager = $groupManager;
+		$this->config = $config;
 		$this->userId = $userId;
 	}
 
@@ -235,4 +240,23 @@ class PermissionService {
 		$this->users[(string) $boardId] = $users;
 		return $this->users[(string) $boardId];
 	}
-}
\ No newline at end of file
+
+	public function canCreate() {
+		$groups = $this->getGroupLimitList();
+		foreach ($groups as $group) {
+			if ($this->groupManager->isInGroup($this->userId, $group)) {
+				return false;
+			}
+		}
+		return true;
+	}
+
+	private function getGroupLimitList() {
+		$value = $this->config->getAppValue('deck', 'groupLimit', '');
+		$groups = explode(',', $value);
+		if ($value === '') {
+			return [];
+		}
+		return $groups;
+	}
+}
diff --git a/templates/main.php b/templates/main.php
index 73cb8271e..cc583fab5 100644
--- a/templates/main.php
+++ b/templates/main.php
@@ -53,7 +53,7 @@ if (\OC_Util::getVersion()[0] < 14) {
 
 	<div id="app-navigation" data-ng-controller="ListController" ng-init="initSidebar()">
 		<?php print_unescaped($this->inc('part.navigation')); ?>
-		<?php /* print_unescaped($this->inc('part.settings')); */ ?>
+		<?php print_unescaped($this->inc('part.settings')); ?>
 	</div>
 	<div id="app-content" ng-class="{ 'details-visible': sidebar.show }"><div id="app-navigation-toggle-custom" class="icon-menu" ng-click="toggleSidebar()"></div><div ui-view></div></div>
 	<div id="app-sidebar" ng-class="{ 'details-visible': sidebar.show }" ng-if="sidebar.show" class="details-view scroll-container" ui-view="sidebarView"></div>
diff --git a/templates/part.boardlist.php b/templates/part.boardlist.php
index fcffd0c79..8411706e7 100644
--- a/templates/part.boardlist.php
+++ b/templates/part.boardlist.php
@@ -95,7 +95,7 @@
 				</div>
 			</td>
 		</tr>
-		<tr ng-if="status.filter === '' && !status.addBoard" ng-click="status.addBoard=!status.addBoard" class="board-create">
+		<tr ng-if="canCreate && status.filter === '' && !status.addBoard" ng-click="status.addBoard=!status.addBoard" class="board-create">
 			<td><span class="icon icon-add"></span></td>
 			<td colspan="3">
 				<a ng-click="status.addBoard=!status.addBoard"
diff --git a/templates/part.navigation.php b/templates/part.navigation.php
index 1eb761d3c..0e38b5305 100644
--- a/templates/part.navigation.php
+++ b/templates/part.navigation.php
@@ -52,7 +52,7 @@
 		</div>
 	</li>
 
-	<li ng-class="{editing: status.addBoard}">
+	<li ng-class="{editing: status.addBoard}" ng-if="canCreate">
 		<a ng-click="status.addBoard=!status.addBoard" class="icon-add app-navigation-noclose">
 			<?php p($l->t('Create a new board')); ?>
 		</a>
diff --git a/templates/part.settings.php b/templates/part.settings.php
index b86b4f3ef..e746ac8d2 100644
--- a/templates/part.settings.php
+++ b/templates/part.settings.php
@@ -1,8 +1,21 @@
-<div id="app-settings">
+<div id="app-settings" ng-if="isAdmin">
 	<div id="app-settings-header">
-		<button class="settings-button" data-apps-slide-toggle="#app-settings-content"></button>
+		<button class="settings-button" data-apps-slide-toggle="#app-settings-content"><?php p($l->t('Settings')); ?></button>
 	</div>
-	<div id="app-settings-content">
-
+	<div id="app-settings-content" class="hidden">
+		<ui-select multiple tagging="" ng-model="groupLimit" theme="select2"
+				   title="<?php p($l->t('Limit deck to groups')); ?>"
+				   placeholder="<?php p($l->t('Limit deck to groups')); ?>"
+				   on-select="groupLimitAdd($item, $model)"
+				   on-remove="groupLimitRemove($item, $model)" ng-disabled="groupLimitDisabled">
+			<ui-select-match placeholder="<?php p($l->t('Limit deck to groups')); ?>">
+				<span class="select-label">{{$item.displayname}}&nbsp;</span>
+			</ui-select-match>
+			<ui-select-choices
+					repeat="group in groups | filter: $select.search | limitTo: 3 track by group.id" position="down">
+				<span class="choose-label">{{group.displayname}}</span>
+			</ui-select-choices>
+		</ui-select>
+		<p class="hint"><?php p($l->t('Limiting Deck will block users not part of those groups from creating their own boards. Users will still be able to work on boards that have been shared with them.')); ?></p>
 	</div>
 </div>