Skip to content
Snippets Groups Projects
Commit 3b88c469 authored by michag86's avatar michag86 Committed by Roeland Jago Douma
Browse files

enable api addUser for subadmins 

* Fix existing unit tests
parent aff4aed4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
apps/provisioning_api/appinfo/routes.php
+ 1
1
View file @ 3b88c469
...@@ -37,7 +37,7 @@ $users = new \OCA\Provisioning_API\Users( ...@@ -37,7 +37,7 @@ $users = new \OCA\Provisioning_API\Users(
\OC::$server->getLogger() \OC::$server->getLogger()
); );
API::register('get', '/cloud/users', [$users, 'getUsers'], 'provisioning_api', API::SUBADMIN_AUTH); API::register('get', '/cloud/users', [$users, 'getUsers'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('post', '/cloud/users', [$users, 'addUser'], 'provisioning_api', API::ADMIN_AUTH); API::register('post', '/cloud/users', [$users, 'addUser'], 'provisioning_api', API::SUBADMIN_AUTH);
API::register('get', '/cloud/users/{userid}', [$users, 'getUser'], 'provisioning_api', API::USER_AUTH); API::register('get', '/cloud/users/{userid}', [$users, 'getUser'], 'provisioning_api', API::USER_AUTH);
API::register('put', '/cloud/users/{userid}', [$users, 'editUser'], 'provisioning_api', API::USER_AUTH); API::register('put', '/cloud/users/{userid}', [$users, 'editUser'], 'provisioning_api', API::USER_AUTH);
API::register('delete', '/cloud/users/{userid}', [$users, 'deleteUser'], 'provisioning_api', API::SUBADMIN_AUTH); API::register('delete', '/cloud/users/{userid}', [$users, 'deleteUser'], 'provisioning_api', API::SUBADMIN_AUTH);
......
apps/provisioning_api/lib/users.php
+ 37
7
View file @ 3b88c469
...@@ -117,18 +117,48 @@ class Users { ...@@ -117,18 +117,48 @@ class Users {
public function addUser() { public function addUser() {
$userId = isset($_POST['userid']) ? $_POST['userid'] : null; $userId = isset($_POST['userid']) ? $_POST['userid'] : null;
$password = isset($_POST['password']) ? $_POST['password'] : null; $password = isset($_POST['password']) ? $_POST['password'] : null;
$groups = isset($_POST['groups']) ? $_POST['groups'] : null;
$user = $this->userSession->getUser();
$isAdmin = $this->groupManager->isAdmin($user->getUID());
if (!$isAdmin && !$this->groupManager->getSubAdmin()->isSubAdmin($user)) {
return new OC_OCS_Result(null, \OCP\API::RESPOND_UNAUTHORISED);
}
if($this->userManager->userExists($userId)) { if($this->userManager->userExists($userId)) {
$this->logger->error('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']); $this->logger->error('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']);
return new OC_OCS_Result(null, 102, 'User already exists'); return new OC_OCS_Result(null, 102, 'User already exists');
}
if(is_array($groups)) {
foreach ($groups as $key => $group) {
if(!$this->groupManager->groupExists($group)){
return new OC_OCS_Result(null, 104, 'group '.$group.' does not exist');
}
if(!$isAdmin && !$this->groupManager->getSubAdmin()->isSubAdminofGroup($user, $this->groupManager->get($group))) {
return new OC_OCS_Result(null, 105, 'insufficient privileges for group '. $group);
}
}
} else { } else {
try { if(!$isAdmin) {
$this->userManager->createUser($userId, $password); return new OC_OCS_Result(null, 106, 'no group specified (required for subadmins)');
$this->logger->info('Successful addUser call with userid: '.$_POST['userid'], ['app' => 'ocs_api']); }
return new OC_OCS_Result(null, 100); }
} catch (\Exception $e) {
$this->logger->error('Failed addUser attempt with exception: '.$e->getMessage(), ['app' => 'ocs_api']); try {
return new OC_OCS_Result(null, 101, 'Bad request'); $user = $this->userManager->createUser($userId, $password);
$this->logger->info('Successful addUser call with userid: '.$_POST['userid'], ['app' => 'ocs_api']);
if (is_array($groups)) {
foreach ($groups as $group) {
$this->groupManager->get($group)->addUser($user);
$this->logger->info('Added user (' . $user->getUID() . ') to group ' . $group, ['app' => 'ocs_api']);
}
} }
return new OC_OCS_Result(null, 100);
} catch (\Exception $e) {
$this->logger->error('Failed addUser attempt with exception: '.$e->getMessage(), ['app' => 'ocs_api']);
return new OC_OCS_Result(null, 101, 'Bad request');
} }
} }
......
apps/provisioning_api/tests/userstest.php
+ 42
0
View file @ 3b88c469
...@@ -218,6 +218,20 @@ class UsersTest extends OriginalTest { ...@@ -218,6 +218,20 @@ class UsersTest extends OriginalTest {
->expects($this->once()) ->expects($this->once())
->method('error') ->method('error')
->with('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']); ->with('Failed addUser attempt: User already exists.', ['app' => 'ocs_api']);
$loggedInUser = $this->getMock('\OCP\IUser');
$loggedInUser
->expects($this->once())
->method('getUID')
->will($this->returnValue('adminUser'));
$this->userSession
->expects($this->once())
->method('getUser')
->will($this->returnValue($loggedInUser));
$this->groupManager
->expects($this->once())
->method('isAdmin')
->with('adminUser')
->willReturn(true);
$expected = new \OC_OCS_Result(null, 102, 'User already exists'); $expected = new \OC_OCS_Result(null, 102, 'User already exists');
$this->assertEquals($expected, $this->api->addUser()); $this->assertEquals($expected, $this->api->addUser());
...@@ -239,6 +253,20 @@ class UsersTest extends OriginalTest { ...@@ -239,6 +253,20 @@ class UsersTest extends OriginalTest {
->expects($this->once()) ->expects($this->once())
->method('info') ->method('info')
->with('Successful addUser call with userid: NewUser', ['app' => 'ocs_api']); ->with('Successful addUser call with userid: NewUser', ['app' => 'ocs_api']);
$loggedInUser = $this->getMock('\OCP\IUser');
$loggedInUser
->expects($this->once())
->method('getUID')
->will($this->returnValue('adminUser'));
$this->userSession
->expects($this->once())
->method('getUser')
->will($this->returnValue($loggedInUser));
$this->groupManager
->expects($this->once())
->method('isAdmin')
->with('adminUser')
->willReturn(true);
$expected = new \OC_OCS_Result(null, 100); $expected = new \OC_OCS_Result(null, 100);
$this->assertEquals($expected, $this->api->addUser()); $this->assertEquals($expected, $this->api->addUser());
...@@ -261,6 +289,20 @@ class UsersTest extends OriginalTest { ...@@ -261,6 +289,20 @@ class UsersTest extends OriginalTest {
->expects($this->once()) ->expects($this->once())
->method('error') ->method('error')
->with('Failed addUser attempt with exception: User backend not found.', ['app' => 'ocs_api']); ->with('Failed addUser attempt with exception: User backend not found.', ['app' => 'ocs_api']);
$loggedInUser = $this->getMock('\OCP\IUser');
$loggedInUser
->expects($this->once())
->method('getUID')
->will($this->returnValue('adminUser'));
$this->userSession
->expects($this->once())
->method('getUser')
->will($this->returnValue($loggedInUser));
$this->groupManager
->expects($this->once())
->method('isAdmin')
->with('adminUser')
->willReturn(true);
$expected = new \OC_OCS_Result(null, 101, 'Bad request'); $expected = new \OC_OCS_Result(null, 101, 'Bad request');
$this->assertEquals($expected, $this->api->addUser()); $this->assertEquals($expected, $this->api->addUser());
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment