diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index 1beceac88e28707aaeaa730130a3730520d5f194..24c5f79574a967db784ba770185bf2fb6e0d5357 100644 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -26,8 +26,6 @@ declare(strict_types=1); namespace OCA\EcloudAccounts\AppInfo; -use OC\Files\Filesystem; -use OCA\EcloudAccounts\Filesystem\StorageWrapper; use OCA\EcloudAccounts\Listeners\BeforeTemplateRenderedListener; use OCA\EcloudAccounts\Listeners\BeforeUserDeletedListener; use OCA\EcloudAccounts\Listeners\PasswordUpdatedListener; @@ -41,12 +39,10 @@ use OCP\AppFramework\Bootstrap\IBootContext; use OCP\AppFramework\Bootstrap\IBootstrap; use OCP\AppFramework\Bootstrap\IRegistrationContext; use OCP\AppFramework\Http\Events\BeforeTemplateRenderedEvent; -use OCP\Files\Storage\IStorage; use OCP\IUserManager; use OCP\User\Events\BeforeUserDeletedEvent; use OCP\User\Events\PasswordUpdatedEvent; use OCP\User\Events\UserChangedEvent; -use OCP\Util; class Application extends App implements IBootstrap { public const APP_ID = 'ecloud-accounts'; @@ -56,7 +52,6 @@ class Application extends App implements IBootstrap { } public function register(IRegistrationContext $context): void { - Util::connectHook('OC_Filesystem', 'preSetup', $this, 'addStorageWrapper'); $context->registerEventListener(BeforeTemplateRenderedEvent::class, BeforeTemplateRenderedListener::class); $context->registerEventListener(BeforeUserDeletedEvent::class, BeforeUserDeletedListener::class); $context->registerEventListener(UserChangedEvent::class, UserChangedListener::class); @@ -74,30 +69,4 @@ class Application extends App implements IBootstrap { ); }); } - - /** - * @internal - */ - public function addStorageWrapper(): void { - Filesystem::addStorageWrapper('ecloud-accounts', [$this, 'addStorageWrapperCallback'], -10); - } - - /** - * @internal - * @param $mountPoint - * @param IStorage $storage - * @return StorageWrapper|IStorage - */ - public function addStorageWrapperCallback($mountPoint, IStorage $storage) { - $instanceId = \OC::$server->getConfig()->getSystemValue('instanceid', ''); - $appdataFolder = 'appdata_' . $instanceId; - if ($mountPoint !== '/' && strpos($mountPoint, '/' . $appdataFolder) !== 0) { - return new StorageWrapper([ - 'storage' => $storage, - 'mountPoint' => $mountPoint, - ]); - } - - return $storage; - } } diff --git a/lib/Controller/AccountController.php b/lib/Controller/AccountController.php index 835841997babe6a602ae65d1d179243ffebee884..774e9122a82df02d06ec2764a35e980ce675439d 100644 --- a/lib/Controller/AccountController.php +++ b/lib/Controller/AccountController.php @@ -12,6 +12,7 @@ use OCA\EcloudAccounts\Exception\AddUsernameToCommonStoreException; use OCA\EcloudAccounts\Exception\LDAPUserCreationException; use OCA\EcloudAccounts\Exception\RecoveryEmailValidationException; use OCA\EcloudAccounts\Service\CaptchaService; +use OCA\EcloudAccounts\Service\FilesystemService; use OCA\EcloudAccounts\Service\HCaptchaService; use OCA\EcloudAccounts\Service\NewsLetterService; use OCA\EcloudAccounts\Service\UserService; @@ -45,6 +46,7 @@ class AccountController extends Controller { private IConfig $config; private IInitialState $initialState; private IAppData $appData; + private FilesystemService $fsService; private const SESSION_VERIFIED_USERNAME = 'verified_username'; private const SESSION_VERIFIED_DISPLAYNAME = 'verified_displayname'; private const CAPTCHA_VERIFIED_CHECK = 'captcha_verified'; @@ -69,7 +71,8 @@ class AccountController extends Controller { IConfig $config, ILogger $logger, IInitialState $initialState, - IAppData $appData + IAppData $appData, + FilesystemService $fsService ) { parent::__construct($AppName, $request); $this->appName = $AppName; @@ -86,6 +89,7 @@ class AccountController extends Controller { $this->request = $request; $this->initialState = $initialState; $this->appData = $appData; + $this->fsService = $fsService; } /** @@ -209,6 +213,8 @@ class AccountController extends Controller { $this->session->remove(self::CAPTCHA_VERIFIED_CHECK); $ipAddress = $this->request->getRemoteAddress(); $this->userService->addUsernameToCommonDataStore($username, $ipAddress, $recoveryEmail); + // temporary fix to add user in 'files-enabled' group + $this->fsService->addUserInFilesEnabledGroup($username); $response->setStatus(200); $response->setData(['success' => true]); diff --git a/lib/Filesystem/CacheWrapper.php b/lib/Filesystem/CacheWrapper.php deleted file mode 100644 index da6e32537a1603509f851e699e253113ae32d3fc..0000000000000000000000000000000000000000 --- a/lib/Filesystem/CacheWrapper.php +++ /dev/null @@ -1,57 +0,0 @@ -mask = Constants::PERMISSION_ALL - & ~Constants::PERMISSION_READ - & ~Constants::PERMISSION_CREATE - & ~Constants::PERMISSION_UPDATE - & ~Constants::PERMISSION_DELETE; - } - - protected function formatCacheEntry($entry) { - if (isset($entry['path']) && isset($entry['permissions'])) { - try { - throw new ForbiddenException('Access denied', false); - } catch (ForbiddenException) { - $entry['permissions'] &= $this->mask; - } - } - return $entry; - } - - public function insert($file, $data) { - throw new \Exception('User data cache insert is disabled.'); - } - - public function update($id, $data) { - throw new \Exception('User data cache update is disabled.'); - } - - public function remove($fileId) { - throw new \Exception('User data cache removal is disabled.'); - } - - public function searchQuery(ISearchQuery $searchQuery) { - return []; - } - - public function getCacheEntryFromSearchResult(ICacheEntry $rawEntry): ?ICacheEntry { - return null; - } -} diff --git a/lib/Filesystem/StorageWrapper.php b/lib/Filesystem/StorageWrapper.php deleted file mode 100644 index f35a55105be582163fcfdbfbe44eab87292767be..0000000000000000000000000000000000000000 --- a/lib/Filesystem/StorageWrapper.php +++ /dev/null @@ -1,260 +0,0 @@ -checkFileAccess($path, true); - } - - /** - * see http://php.net/manual/en/function.rmdir.php - * - * @param string $path - * @return bool - * @throws ForbiddenException - */ - public function rmdir($path) { - $this->checkFileAccess($path, true); - } - - /** - * check if a file can be created in $path - * - * @param string $path - * @return bool - */ - public function isCreatable($path) { - try { - $this->checkFileAccess($path); - } catch (ForbiddenException $e) { - return false; - } - } - - /** - * check if a file can be read - * - * @param string $path - * @return bool - */ - public function isReadable($path) { - try { - $this->checkFileAccess($path); - } catch (ForbiddenException $e) { - return false; - } - } - - /** - * check if a file can be written to - * - * @param string $path - * @return bool - */ - public function isUpdatable($path) { - try { - $this->checkFileAccess($path); - } catch (ForbiddenException $e) { - return false; - } - } - - /** - * check if a file can be deleted - * - * @param string $path - * @return bool - */ - public function isDeletable($path) { - try { - $this->checkFileAccess($path); - } catch (ForbiddenException $e) { - return false; - } - } - - public function getPermissions($path) { - try { - $this->checkFileAccess($path); - } catch (ForbiddenException $e) { - return $this->mask; - } - } - - /** - * see http://php.net/manual/en/function.file_get_contents.php - * - * @param string $path - * @return string - * @throws ForbiddenException - */ - public function file_get_contents($path) { - $this->checkFileAccess($path); - } - - /** - * see http://php.net/manual/en/function.file_put_contents.php - * - * @param string $path - * @param string $data - * @return bool - * @throws ForbiddenException - */ - public function file_put_contents($path, $data) { - $this->checkFileAccess($path); - } - - /** - * see http://php.net/manual/en/function.unlink.php - * - * @param string $path - * @return bool - * @throws ForbiddenException - */ - public function unlink($path) { - $this->checkFileAccess($path); - } - - /** - * see http://php.net/manual/en/function.rename.php - * - * @param string $path1 - * @param string $path2 - * @return bool - * @throws ForbiddenException - */ - public function rename($path1, $path2) { - $this->checkFileAccess($path1); - $this->checkFileAccess($path2); - } - - /** - * see http://php.net/manual/en/function.copy.php - * - * @param string $path1 - * @param string $path2 - * @return bool - * @throws ForbiddenException - */ - public function copy($path1, $path2) { - $this->checkFileAccess($path1); - $this->checkFileAccess($path2); - } - - /** - * see http://php.net/manual/en/function.fopen.php - * - * @param string $path - * @param string $mode - * @return resource - * @throws ForbiddenException - */ - public function fopen($path, $mode) { - $this->checkFileAccess($path); - } - - /** - * see http://php.net/manual/en/function.touch.php - * If the backend does not support the operation, false should be returned - * - * @param string $path - * @param int $mtime - * @return bool - * @throws ForbiddenException - */ - public function touch($path, $mtime = null) { - $this->checkFileAccess($path); - } - - /** - * get a cache instance for the storage - * - * @param string $path - * @param Storage (optional) the storage to pass to the cache - * @return Cache - */ - public function getCache($path = '', $storage = null) { - if (!$storage) { - $storage = $this; - } - $cache = $this->storage->getCache($path, $storage); - return new CacheWrapper($cache, $storage); - } - - /** - * A custom storage implementation can return an url for direct download of a give file. - * - * For now the returned array can hold the parameter url - in future more attributes might follow. - * - * @param string $path - * @return array - * @throws ForbiddenException - */ - public function getDirectDownload($path) { - $this->checkFileAccess($path); - } - - /** - * @param IStorage $sourceStorage - * @param string $sourceInternalPath - * @param string $targetInternalPath - * @return bool - * @throws ForbiddenException - */ - public function copyFromStorage(IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath) { - $this->checkFileAccess($targetInternalPath); - } - - /** - * @param IStorage $sourceStorage - * @param string $sourceInternalPath - * @param string $targetInternalPath - * @return bool - * @throws ForbiddenException - */ - public function moveFromStorage(IStorage $sourceStorage, $sourceInternalPath, $targetInternalPath) { - $this->checkFileAccess($targetInternalPath); - } - - /** - * @throws ForbiddenException - */ - public function writeStream(string $path, $stream, ?int $size = null): int { - $this->checkFileAccess($path); - } -} diff --git a/lib/Service/FilesystemService.php b/lib/Service/FilesystemService.php new file mode 100644 index 0000000000000000000000000000000000000000..3ac7f25b912ce44f46f84c7bd437a3bdc7e3a157 --- /dev/null +++ b/lib/Service/FilesystemService.php @@ -0,0 +1,61 @@ +userManager = $userManager; + $this->config = $config; + $this->logger = $logger; + $this->groupManager = $groupManager; + } + + public function addUserInFilesEnabledGroup($username): bool { + $user = $this->userManager->get($username); + if (!$user) { + return false; + } + + $groupName = $this->config->getSystemValue('files_access_group_name', ''); + if (!$this->groupManager->groupExists($groupName)) { + $this->logger->error("$groupName group not exist."); + return false; + } + + $group = $this->groupManager->get($groupName); + $group->addUser($user); + return true; + } + + public function checkFilesGroupAccess($username): bool { + $groupName = $this->config->getSystemValue('files_access_group_name', ''); + + if (!$this->groupManager->groupExists($groupName)) { + $this->logger->error("$groupName group not exist."); + return false; + } + + if ($this->groupManager->isInGroup($username, $groupName)) { + return true; + } + + return false; + } + +}