diff options
author | Joas Schilling <coding@schilljs.com> | 2018-02-21 13:53:06 +0300 |
---|---|---|
committer | Joas Schilling <coding@schilljs.com> | 2018-02-23 11:19:32 +0300 |
commit | 262654303ef6f544fb706a7ab754f8f3fc544628 (patch) | |
tree | e76a1928dd697f001b03e4c216321b540ab78f14 /lib | |
parent | c8911608091e853c10f7260f53c9077f3eff644a (diff) |
Allow to select which groups can impersonate
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'lib')
-rw-r--r-- | lib/AdminSettings.php | 71 | ||||
-rw-r--r-- | lib/Controller/SettingsController.php | 18 |
2 files changed, 89 insertions, 0 deletions
diff --git a/lib/AdminSettings.php b/lib/AdminSettings.php new file mode 100644 index 0000000..a86fed2 --- /dev/null +++ b/lib/AdminSettings.php @@ -0,0 +1,71 @@ +<?php +/** + * @copyright Copyright (c) 2018 Joas Schilling <coding@schilljs.com> + * + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Impersonate; + + +use OCP\AppFramework\Http\TemplateResponse; +use OCP\IConfig; +use OCP\Settings\ISettings; + +class AdminSettings implements ISettings { + + /** @var IConfig */ + protected $config; + + /** + * @param IConfig $config + */ + public function __construct(IConfig $config) { + $this->config = $config; + } + + /** + * @return TemplateResponse returns the instance with all parameters set, ready to be rendered + * @since 9.1 + */ + public function getForm() { + $authorized = $this->config->getAppValue('impersonate', 'authorized', '["admin"]'); + return new TemplateResponse('impersonate', 'admin_settings', [ + 'authorized' => implode('|', json_decode($authorized, true)), + ], 'blank'); + } + + /** + * @return string the section ID, e.g. 'sharing' + * @since 9.1 + */ + public function getSection() { + return 'additional'; + } + + /** + * @return int whether the form should be rather on the top or bottom of + * the admin section. The forms are arranged in ascending order of the + * priority values. It is required to return a value between 0 and 100. + * + * E.g.: 70 + * @since 9.1 + */ + public function getPriority() { + return 50; + } +} diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php index 8b7f05a..03b4490 100644 --- a/lib/Controller/SettingsController.php +++ b/lib/Controller/SettingsController.php @@ -14,6 +14,7 @@ namespace OCA\Impersonate\Controller; use OC\Group\Manager; use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; +use OCP\IConfig; use OCP\IGroupManager; use OCP\IL10N; use OCP\ILogger; @@ -33,6 +34,8 @@ class SettingsController extends Controller { private $userSession; /** @var ISession */ private $session; + /** @var IConfig */ + private $config; /** @var ILogger */ private $logger; /** @var IL10N */ @@ -45,6 +48,7 @@ class SettingsController extends Controller { * @param IGroupManager $groupManager * @param IUserSession $userSession * @param ISession $session + * @param IConfig $config * @param ILogger $logger * @param IL10N $l */ @@ -54,6 +58,7 @@ class SettingsController extends Controller { IGroupManager $groupManager, IUserSession $userSession, ISession $session, + IConfig $config, ILogger $logger, IL10N $l) { parent::__construct($appName, $request); @@ -61,6 +66,7 @@ class SettingsController extends Controller { $this->groupManager = $groupManager; $this->userSession = $userSession; $this->session = $session; + $this->config = $config; $this->logger = $logger; $this->l = $l; } @@ -110,6 +116,18 @@ class SettingsController extends Controller { ); } + $authorized = json_decode($this->config->getAppValue('impersonate', 'authorized', '["admin"]')); + $userGroups = $this->groupManager->getUserGroupIds($currentUser); + + if (!array_intersect($userGroups, $authorized)) { + return new JSONResponse( + [ + 'message' => $this->l->t('Not enough permissions to impersonate user'), + ], + Http::STATUS_FORBIDDEN + ); + } + if ($user->getLastLogin() === 0) { return new JSONResponse( [ |