1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
|
<?php
/**
* @author Cyrille Bollu <cyr.debian@bollu.be> for Arawa (https://arawa.fr)
*
* GroupFolders
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\GroupFolders\Service;
use OC\Settings\AuthorizedGroupMapper;
use OCA\GroupFolders\Controller\DelegationController;
use OCA\GroupFolders\Settings\Admin;
use OCA\Settings\Service\AuthorizedGroupService;
use OCP\IConfig;
use OCP\IGroupManager;
use OCP\IUserSession;
class DelegationService {
/**
* Has access to the entire groupfolders
*/
private const CLASS_NAME_ADMIN_DELEGATION = Admin::class;
/**
* Has access only to the groupfolders in which the user has advanced
* permissions.
*/
private const CLASS_API_ACCESS = DelegationController::class;
private AuthorizedGroupService $authorizedGroupService;
private IConfig $config;
private IGroupManager $groupManager;
private IUserSession $userSession;
private AuthorizedGroupMapper $groupAuthorizationMapper;
public function __construct(
AuthorizedGroupService $authorizedGroupService,
IConfig $config,
IGroupManager $groupManager,
IUserSession $userSession,
AuthorizedGroupMapper $groupAuthorizationMapper
) {
$this->authorizedGroupService = $authorizedGroupService;
$this->config = $config;
$this->groupManager = $groupManager;
$this->userSession = $userSession;
$this->groupAuthorizationMapper = $groupAuthorizationMapper;
}
/**
* @return bool true is admin of nextcloud otherwise false.
*/
public function isAdminNextcloud(): bool {
return $this->groupManager->isAdmin($this->userSession->getUser()->getUID());
}
/**
* @return bool true if the user is a delegated admin
*/
public function isDelegatedAdmin(): bool {
$authorized = false;
return $this->getAccessLevel([
self::CLASS_NAME_ADMIN_DELEGATION,
]);
}
/**
* @return bool true if the user has api access
*/
public function hasApiAccess(): bool {
if ($this->isAdminNextcloud()) {
return true;
}
return $this->getAccessLevel([
self::CLASS_API_ACCESS,
self::CLASS_NAME_ADMIN_DELEGATION,
]);
}
/**
* @return bool true if the user has api access
*/
public function hasOnlyApiAccess(): bool {
return $this->getAccessLevel([
self::CLASS_API_ACCESS,
]);
}
private function getAccessLevel(array $settingClasses) {
$authorized = false;
$authorizedClasses = $this->groupAuthorizationMapper->findAllClassesForUser($this->userSession->getUser());
foreach ($settingClasses as $settingClass) {
$authorized = in_array($settingClass, $authorizedClasses, true);
if ($authorized) {
break;
}
}
return $authorized;
}
}
|