diff options
Diffstat (limited to 'lib/Service')
-rw-r--r-- | lib/Service/ActivityService.php | 67 | ||||
-rw-r--r-- | lib/Service/CredentialRevisionService.php | 91 | ||||
-rw-r--r-- | lib/Service/CredentialService.php | 152 | ||||
-rw-r--r-- | lib/Service/CronService.php | 74 | ||||
-rw-r--r-- | lib/Service/FileService.php | 89 | ||||
-rw-r--r-- | lib/Service/NotificationService.php | 109 | ||||
-rw-r--r-- | lib/Service/ShareService.php | 306 | ||||
-rw-r--r-- | lib/Service/VaultService.php | 107 |
8 files changed, 995 insertions, 0 deletions
diff --git a/lib/Service/ActivityService.php b/lib/Service/ActivityService.php new file mode 100644 index 00000000..f941a8af --- /dev/null +++ b/lib/Service/ActivityService.php @@ -0,0 +1,67 @@ +<?php +/** + * Nextcloud - passman + * + * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com) + * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es) + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Passman\Service; + +use OCP\IConfig; +use OCP\AppFramework\Db\DoesNotExistException; + +use OCA\Passman\Db\FileMapper; + + +class ActivityService { + + private $manager; + + public function __construct() { + $this->manager = \OC::$server->getActivityManager(); + } + + /** + * Create a new activity + * @param $subject string Subject of the activity + * @param $subjectParams array + * @param $message string + * @param $messageParams array + * @param $link string + * @param $user string + * @param $type string + * @return array + */ + public function add($subject,$subjectParams=array(), + $message='',$messageParams=array(), + $link='',$user=null,$type='') { + if($user) { + $activity = $this->manager->generateEvent(); + $activity->setType($type); + $activity->setApp('passman'); + $activity->setSubject($subject, $subjectParams); + $activity->setLink($link); + $activity->setAffectedUser($user); + $activity->setAuthor($user); + $activity->setTimestamp(time()); + $activity->setMessage($message, $messageParams); + } + return array('success'=>'ok'); + } +}
\ No newline at end of file diff --git a/lib/Service/CredentialRevisionService.php b/lib/Service/CredentialRevisionService.php new file mode 100644 index 00000000..06113371 --- /dev/null +++ b/lib/Service/CredentialRevisionService.php @@ -0,0 +1,91 @@ +<?php +/** + * Nextcloud - passman + * + * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com) + * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es) + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Passman\Service; + +use OCA\Passman\Db\CredentialRevision; +use OCP\IConfig; +use OCP\AppFramework\Db\DoesNotExistException; + +use OCA\Passman\Db\CredentialRevisionMapper; + + +class CredentialRevisionService { + + private $credentialRevisionMapper; + + public function __construct(CredentialRevisionMapper $credentialRevisionMapper) { + $this->credentialRevisionMapper = $credentialRevisionMapper; + } + + /** + * Create a new revision for a credential + * @param $credential + * @param $userId + * @param $credential_id + * @param $edited_by + * @return CredentialRevision + */ + public function createRevision($credential, $userId, $credential_id, $edited_by) { + return $this->credentialRevisionMapper->create($credential, $userId, $credential_id, $edited_by); + } + + /** + * Get revisions of a credential + * @param $credential_id + * @param null $user_id + * @return CredentialRevision[] + */ + public function getRevisions($credential_id, $user_id = null){ + return $this->credentialRevisionMapper->getRevisions($credential_id, $user_id); + } + + /** + * + * @param $credential_id + * @param null $user_id + * @return CredentialRevision + */ + public function getRevision($credential_id, $user_id = null){ + return $this->credentialRevisionMapper->getRevision($credential_id, $user_id); + } + + /** + * Delete a revision + * @param $revision_id + * @param $user_id + * @return CredentialRevision + */ + public function deleteRevision($revision_id, $user_id){ + return $this->credentialRevisionMapper->deleteRevision($revision_id, $user_id); + } + + /** + * Update revision + * @param CredentialRevision $credentialRevision + * @return CredentialRevision + */ + public function updateRevision(CredentialRevision $credentialRevision){ + return $this->credentialRevisionMapper->update($credentialRevision); + } +}
\ No newline at end of file diff --git a/lib/Service/CredentialService.php b/lib/Service/CredentialService.php new file mode 100644 index 00000000..3fb61113 --- /dev/null +++ b/lib/Service/CredentialService.php @@ -0,0 +1,152 @@ +<?php +/** + * Nextcloud - passman + * + * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com) + * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es) + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Passman\Service; + +use OCA\Passman\Db\Credential; +use OCA\Passman\Db\CredentialRevision; +use OCA\Passman\Db\SharingACL; +use OCA\Passman\Db\SharingACLMapper; +use OCP\IConfig; +use OCP\AppFramework\Db\DoesNotExistException; + +use OCA\Passman\Db\CredentialMapper; + + +class CredentialService { + + private $credentialMapper; + private $sharingACL; + + public function __construct(CredentialMapper $credentialMapper, SharingACLMapper $sharingACL) { + $this->credentialMapper = $credentialMapper; + $this->sharingACL = $sharingACL; + } + + /** + * Create a new credential + * @param $user_id + * @param $item_guid + * @return Credential + */ + public function createCredential($credential) { + return $this->credentialMapper->create($credential); + } + + /** + * Update credential + * @param $credential array + * @return Credential + */ + public function updateCredential($credential) { + return $this->credentialMapper->updateCredential($credential); + } + + /** + * Update credential + * @param $credential Credential + */ + public function upd(Credential $credential) { + return $this->credentialMapper->upd($credential); + } + + /** + * Delete credential + * @param Credential $credential + * @return \OCP\AppFramework\Db\Entity + */ + public function deleteCredential(Credential $credential){ + return $this->credentialMapper->deleteCredential($credential); + } + + /** + * Get credentials by vault id + * @param $vault_id + * @param $user_id + * @return \OCA\Passman\Db\Vault[] + */ + public function getCredentialsByVaultId($vault_id, $user_id) { + return $this->credentialMapper->getCredentialsByVaultId($vault_id, $user_id); + } + + /** + * Get a random credential from given vault + * @param $vault_id + * @param $user_id + * @return mixed + */ + public function getRandomCredentialByVaultId($vault_id, $user_id) { + $credentials = $this->credentialMapper->getRandomCredentialByVaultId($vault_id, $user_id); + return array_pop($credentials); + } + + /** + * Get expired credentials. + * @param $timestamp + * @return \OCA\Passman\Db\Credential[] + */ + public function getExpiredCredentials($timestamp) { + return $this->credentialMapper->getExpiredCredentials($timestamp); + } + + /** + * Get a single credential. + * @param $credential_id + * @param $user_id + * @return Credential + * @throws DoesNotExistException + */ + public function getCredentialById($credential_id, $user_id){ + $credential = $this->credentialMapper->getCredentialById($credential_id); + if ($credential->getUserId() === $user_id){ + return $credential; + } + else { + $acl = $this->sharingACL->getItemACL($user_id, $credential->getGuid()); + if ($acl->hasPermission(SharingACL::READ)) { + return $credential; + } else { + throw new DoesNotExistException("Did expect one result but found none when executing"); + } + } + } + + /** + * Get credential label by credential id. + * @param $credential_id + * @return Credential + */ + public function getCredentialLabelById($credential_id){ + return $this->credentialMapper->getCredentialLabelById($credential_id); + } + + /** + * Get credential by guid + * @param $credential_guid + * @param null $user_id + * @return Credential + */ + public function getCredentialByGUID($credential_guid, $user_id = null){ + return $this->credentialMapper->getCredentialByGUID($credential_guid, $user_id); + } +}
\ No newline at end of file diff --git a/lib/Service/CronService.php b/lib/Service/CronService.php new file mode 100644 index 00000000..3ee3660e --- /dev/null +++ b/lib/Service/CronService.php @@ -0,0 +1,74 @@ +<?php +/** + * Nextcloud - passman + * + * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com) + * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es) + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Passman\Service; + +use OCP\IConfig; +use OCP\AppFramework\Db\DoesNotExistException; +use OCP\ILogger; +use OCA\Passman\Utility\Utils; +use OCA\Passman\Activity; +use OCP\IDBConnection; +class CronService { + + private $credentialService; + private $logger; + private $utils; + private $notificationService; + private $activityService; + private $db; + public function __construct(CredentialService $credentialService, ILogger $logger, Utils $utils, NotificationService $notificationService, ActivityService $activityService, IDBConnection $db) { + $this->credentialService = $credentialService; + $this->logger = $logger; + $this->utils = $utils; + $this->notificationService = $notificationService; + $this->activityService = $activityService; + $this->db = $db; + } + + + public function expireCredentials() { + $this->logger->info('Passman cron test', array('app' => 'passman')); + $expired_credentials = $this->credentialService->getExpiredCredentials($this->utils->getTime()); + foreach($expired_credentials as $credential){ + $link = ''; // @TODO create direct link to credential + + $sql = 'SELECT count(*) as rows from `*PREFIX*notifications` WHERE `subject`= \'credential_expired\' AND object_id=?'; + $id = $credential->getId(); + $result = $this->db->executeQuery($sql, array($id)); + $this->logger->debug($credential->getLabel() .' is expired, checking notifications!', array('app' => 'passman')); + $notifications = intval($result->fetch()['rows']); + if($notifications === 0) { + $this->logger->debug($credential->getLabel() .' is expired, adding notification!', array('app' => 'passman')); + $this->activityService->add( + Activity::SUBJECT_ITEM_EXPIRED, array($credential->getLabel(), $credential->getUserId()), + '', array(), + $link, $credential->getUserId(), Activity::TYPE_ITEM_EXPIRED); + $this->notificationService->credentialExpiredNotification($credential); + } else { + $this->logger->debug($credential->getLabel() .' is expired, already notified!', array('app' => 'passman')); + } + + } + } +}
\ No newline at end of file diff --git a/lib/Service/FileService.php b/lib/Service/FileService.php new file mode 100644 index 00000000..63da182a --- /dev/null +++ b/lib/Service/FileService.php @@ -0,0 +1,89 @@ +<?php +/** + * Nextcloud - passman + * + * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com) + * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es) + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Passman\Service; + +use OCP\IConfig; +use OCP\AppFramework\Db\DoesNotExistException; + +use OCA\Passman\Db\FileMapper; + + +class FileService { + + private $fileMapper; + + public function __construct(FileMapper $fileMapper) { + $this->fileMapper = $fileMapper; + } + + /** + * Get a single file. This function also returns the file content. + * @param $fileId + * @param null $userId + * @return \OCA\Passman\Db\File + */ + public function getFile($fileId, $userId = null) { + return $this->fileMapper->getFile($fileId, $userId); + } + + /** + * Get a single file. This function also returns the file content. + * @param $file_guid + * @param null $userId + * @return \OCA\Passman\Db\File + */ + public function getFileByGuid($file_guid, $userId = null) { + return $this->fileMapper->getFileByGuid($file_guid, $userId); + } + + /** + * Upload a new file, + * @param $file array + * @param $userId + * @return \OCA\Passman\Db\File + */ + public function createFile($file, $userId) { + return $this->fileMapper->create($file, $userId); + } + + /** + * Delete file + * @param $file_id + * @param $userId + * @return \OCA\Passman\Db\File + */ + public function deleteFile($file_id, $userId) { + return $this->fileMapper->deleteFile($file_id, $userId); + } + + /** + * Update file + * @param $file_id + * @return \OCA\Passman\Db\File + */ + public function updateFile($file_id) { + return $this->fileMapper->updateFile($file_id); + } + +}
\ No newline at end of file diff --git a/lib/Service/NotificationService.php b/lib/Service/NotificationService.php new file mode 100644 index 00000000..61b251bb --- /dev/null +++ b/lib/Service/NotificationService.php @@ -0,0 +1,109 @@ +<?php +/** + * Nextcloud - passman + * + * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com) + * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es) + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Passman\Service; + +use OCP\IConfig; +use OCP\AppFramework\Db\DoesNotExistException; + +use OCA\Passman\Db\FileMapper; + + +class NotificationService { + + private $manager; + + public function __construct() { + $this->manager = \OC::$server->getNotificationManager(); + } + + function credentialExpiredNotification($credential){ + $urlGenerator = \OC::$server->getURLGenerator(); + $link = $urlGenerator->getAbsoluteURL($urlGenerator->linkTo('','index.php/apps/passman/#/vault/'. $credential->getVaultId() .'/edit/'. $credential->getId())); + $api = $urlGenerator->getAbsoluteURL($urlGenerator->linkTo('', 'index.php/apps/passman')); + $notification = $this->manager->createNotification(); + $remindAction = $notification->createAction(); + $remindAction->setLabel('remind') + ->setLink($api. '/api/internal/notifications/remind/'. $credential->getId() , 'POST'); + + $declineAction = $notification->createAction(); + $declineAction->setLabel('ignore') + ->setLink($api . '/api/internal/notifications/read/'. $credential->getId(), 'DELETE'); + + $notification->setApp('passman') + ->setUser($credential->getUserId()) + ->setDateTime(new \DateTime()) + ->setObject('credential', $credential->getId()) // Set notification type and id + ->setSubject('credential_expired', [$credential->getLabel()]) // set subject and parameters + ->setLink($link) + ->addAction($declineAction) + ->addAction($remindAction); + + $this->manager->notify($notification); + } + + + function credentialSharedNotification($data){ + $urlGenerator = \OC::$server->getURLGenerator(); + $link = $urlGenerator->getAbsoluteURL($urlGenerator->linkTo('','index.php/apps/passman/#/')); + $api = $urlGenerator->getAbsoluteURL($urlGenerator->linkTo('', 'index.php/apps/passman')); + $notification = $this->manager->createNotification(); + + $declineAction = $notification->createAction(); + $declineAction->setLabel('decline') + ->setLink($api . '/api/v2/sharing/decline/'. $data['req_id'], 'DELETE'); + + $notification->setApp('passman') + ->setUser($data['target_user']) + ->setDateTime(new \DateTime()) + ->setObject('passman_share_request', $data['req_id']) // type and id + ->setSubject('credential_shared', [$data['from_user'], $data['credential_label']]) // subject and parameters + ->setLink($link) + ->addAction($declineAction); + + $this->manager->notify($notification); + } + + + function credentialDeclinedSharedNotification($data){ + $notification = $this->manager->createNotification(); + $notification->setApp('passman') + ->setUser($data['target_user']) + ->setDateTime(new \DateTime()) + ->setObject('passman_share_request', $data['req_id']) // type and id + ->setSubject('credential_share_denied', [$data['from_user'], $data['credential_label']]); // subject and parameters + $this->manager->notify($notification); + } + + + function credentialAcceptedSharedNotification($data){ + $notification = $this->manager->createNotification(); + $notification->setApp('passman') + ->setUser($data['target_user']) + ->setDateTime(new \DateTime()) + ->setObject('passman_share_request', $data['req_id']) // type and id + ->setSubject('credential_share_accepted', [$data['from_user'], $data['credential_label']]); // subject and parameters + $this->manager->notify($notification); + } + +}
\ No newline at end of file diff --git a/lib/Service/ShareService.php b/lib/Service/ShareService.php new file mode 100644 index 00000000..02fe7aa5 --- /dev/null +++ b/lib/Service/ShareService.php @@ -0,0 +1,306 @@ +<?php +/** + * Nextcloud - passman + * + * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com) + * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es) + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Passman\Service; + + +use Icewind\SMB\Share; +use OCA\Passman\Db\CredentialMapper; +use OCA\Passman\Db\CredentialRevision; +use OCA\Passman\Db\ShareRequest; +use OCA\Passman\Db\ShareRequestMapper; +use OCA\Passman\Db\SharingACL; +use OCA\Passman\Db\SharingACLMapper; +use OCA\Passman\Utility\Utils; +use OCP\AppFramework\Db\DoesNotExistException; + +class ShareService { + private $sharingACL; + private $shareRequest; + private $credential; + private $revisions; + + public function __construct( + SharingACLMapper $sharingACL, + ShareRequestMapper $shareRequest, + CredentialMapper $credentials, + CredentialRevisionService $revisions + ) { + $this->sharingACL = $sharingACL; + $this->shareRequest = $shareRequest; + $this->credential = $credentials; + $this->revisions = $revisions; + } + + /** + * Creates requests for all the items on the request array of objects. + * This array must follow this spec: + * user_id: The target user id + * vault_id: The id of the target vault + * guid: The guid of the target vault + * key: The shared key cyphered with the target vault RSA public key + * + * @param $target_item_id string The shared item ID + * @param $target_item_guid string The shared item GUID + * @param $request_array array + * @param $permissions integer Must be created with a bitmask from options on the ShareRequest class + * @return array Array of sharing requests + */ + public function createBulkRequests($target_item_id, $target_item_guid, $request_array, $permissions, $credential_owner) { + $created = Utils::getTime(); + $requests = array(); + foreach ($request_array as $req) { + $t = new ShareRequest(); + $t->setItemId($target_item_id); + $t->setItemGuid($target_item_guid); + $t->setTargetUserId($req['user_id']); + $t->setTargetVaultId($req['vault_id']); + $t->setTargetVaultGuid($req['guid']); + $t->setSharedKey($req['key']); + $t->setPermissions($permissions); + $t->setCreated($created); + $t->setFromUserId($credential_owner); + array_push($requests, $this->shareRequest->createRequest($t)); + } + return $requests; + } + + public function createACLEntry(SharingACL $acl) { + if ($acl->getCreated() === null) $acl->setCreated((new \DateTime())->getTimestamp()); + return $this->sharingACL->createACLEntry($acl); + } + + /** + * Applies the given share, defaults to no expire + * + * @param $item_guid + * @param $target_vault_guid + * @param $final_shared_key + */ + public function applyShare($item_guid, $target_vault_guid, $final_shared_key) { + $request = $this->shareRequest->getRequestByItemAndVaultGuid($item_guid, $target_vault_guid); + $permissions = $request->getPermissions(); + + $acl = new SharingACL(); + $acl->setItemId($request->getItemId()); + $acl->setItemGuid($request->getItemGuid()); + $acl->setUserId($request->getTargetUserId()); + $acl->setCreated($request->getCreated()); + $acl->setExpire(0); + $acl->setPermissions($permissions); + $acl->setVaultId($request->getTargetVaultId()); + $acl->setVaultGuid($request->getTargetVaultGuid()); + $acl->setSharedKey($final_shared_key); + + $this->sharingACL->createACLEntry($acl); + $this->shareRequest->cleanItemRequestsForUser($request->getItemId(), $request->getTargetUserId()); + } + + /** + * Obtains pending requests for the given user ID + * + * @param $user_id + * @return \OCA\Passman\Db\ShareRequest[] + */ + public function getUserPendingRequests($user_id) { + return $this->shareRequest->getUserPendingRequests($user_id); + } + + /** + * Get shared credentials from a user + * + * @param $user_id + * @param $vault_guid + * @return \OCA\Passman\Db\SharingACL[] + */ + public function getSharedItems($user_id, $vault_guid) { + $entries = $this->sharingACL->getVaultEntries($user_id, $vault_guid); + + $return = []; + foreach ($entries as $entry) { + // Check if the user can read the credential, probably unnecesary, but just to be sure + if (!$entry->hasPermission(SharingACL::READ)) continue; + + $tmp = $entry->jsonSerialize(); + $tmp['credential_data'] = $this->credential->getCredentialById($entry->getItemId())->jsonSerialize(); + + if (!$entry->hasPermission(SharingACL::FILES)) unset($tmp['credential_data']['files']); + unset($tmp['credential_data']['shared_key']); + $return[] = $tmp; + } + return $return; + } + + /** + * Gets the acl for a given item guid + * @param $user_id + * @param $item_guid + * @return SharingACL + */ + public function getACL($user_id, $item_guid) { + return $this->sharingACL->getItemACL($user_id, $item_guid); + } + + public function getSharedItem($user_id, $item_guid) { + $acl = $this->sharingACL->getItemACL($user_id, $item_guid); + + // Check if the user can read the credential, probably unnecesary, but just to be sure + if (!$acl->hasPermission(SharingACL::READ)) throw new DoesNotExistException("Item not found or wrong access level"); + + $tmp = $acl->jsonSerialize(); + $tmp['credential_data'] = $this->credential->getCredentialById($acl->getItemId())->jsonSerialize(); + + if (!$acl->hasPermission(SharingACL::FILES)) unset($tmp['credential_data']['files']); + unset($tmp['credential_data']['shared_key']); + + return $tmp; + } + + /** + * Gets history from the given item checking the user's permissions to access it + * + * @param $user_id + * @param $item_guid + * @return CredentialRevision[] + */ + public function getItemHistory($user_id, $item_guid) { + $acl = $this->sharingACL->getItemACL($user_id, $item_guid); + if (!$acl->hasPermission(SharingACL::READ | SharingACL::HISTORY)) return []; + + return $this->revisions->getRevisions($acl->getItemId()); + } + + + /** + * Deletes a share request by the item ID + * @param ShareRequest $request + * @return \PDOStatement + */ + public function cleanItemRequestsForUser(ShareRequest $request) { + return $this->shareRequest->cleanItemRequestsForUser($request->getItemId(), $request->getTargetUserId()); + } + + /** + * Get an share request by id + * @param $id + * @return ShareRequest + */ + public function getShareRequestById($id) { + return $this->shareRequest->getShareRequestById($id); + } + + /** + * Get an share request by $item_guid and $target_vault_guid + * + * @param $item_guid + * @param $target_vault_guid + * @return ShareRequest + */ + public function getRequestByGuid($item_guid, $target_vault_guid) { + return $this->shareRequest->getRequestByItemAndVaultGuid($item_guid, $target_vault_guid); + } + + /** + * Get the access control list by item guid + * + * @param string $item_guid + * @return \OCA\Passman\Db\SharingACL[] + */ + public function getCredentialAclList($item_guid) { + return $this->sharingACL->getCredentialAclList($item_guid); + } + + public function getCredentialPendingAclList($item_guid) { + return $this->shareRequest->getRequestsByItemGuidGroupedByUser($item_guid); + } + + /** + * Gets the ACL on the credential for the user + * + * @param $user_id + * @param $item_guid + * @return SharingACL + */ + public function getCredentialAclForUser($user_id, $item_guid) { + return $this->sharingACL->getItemACL($user_id, $item_guid); + } + + /** + * Get pending share requests by guid + * + * @param string $item_guid + * @return \OCA\Passman\Db\ShareRequest[] + */ + public function getShareRequestsByGuid($item_guid) { + return $this->shareRequest->getShareRequestsByItemGuid($item_guid); + } + + /** + * Get pending share requests by guid + * + * @param ShareRequest $request + * @return ShareRequest + */ + public function deleteShareRequest(ShareRequest $request) { + return $this->shareRequest->deleteShareRequest($request); + } + + /** + * Delete ACL + * + * @param ShareRequest $request + * @return \OCA\Passman\Db\ShareRequest[] + */ + public function deleteShareACL(SharingACL $ACL) { + return $this->sharingACL->deleteShareACL($ACL); + } + + /** + * Updates the given ACL entry + * @param SharingACL $sharingACL + * @return SharingACL + */ + public function updateCredentialACL(SharingACL $sharingACL) { + return $this->sharingACL->updateCredentialACL($sharingACL); + } + + public function updateCredentialShareRequest(ShareRequest $shareRequest) { + return $this->shareRequest->updateShareRequest($shareRequest); + } + + + /** + * Get pending share requests by guid and uid + * + * @param ShareRequest $request + * @return \OCA\Passman\Db\ShareRequest[] + */ + public function getPendingShareRequestsForCredential($item_guid, $user_id) { + return $this->shareRequest->getPendingShareRequests($item_guid, $user_id); + } + + + public function updatePendingShareRequestsForCredential($item_guid, $user_id, $permissions){ + return $this->shareRequest->updatePendingRequestPermissions($item_guid, $user_id, $permissions); + } +}
\ No newline at end of file diff --git a/lib/Service/VaultService.php b/lib/Service/VaultService.php new file mode 100644 index 00000000..8e7a8d83 --- /dev/null +++ b/lib/Service/VaultService.php @@ -0,0 +1,107 @@ +<?php +/** + * Nextcloud - passman + * + * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com) + * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es) + * @license GNU AGPL version 3 or any later version + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + */ + +namespace OCA\Passman\Service; + +use OCP\IConfig; +use OCP\AppFramework\Db\DoesNotExistException; + +use OCA\Passman\Db\VaultMapper; + + +class VaultService { + + private $vaultMapper; + + public function __construct(VaultMapper $vaultMapper) { + $this->vaultMapper = $vaultMapper; + } + + /** + * Get vaults from a user. + * @param $userId + * @return \OCA\Passman\Db\Vault[] + */ + public function getByUser($userId) { + return $this->vaultMapper->findVaultsFromUser($userId); + } + + /** + * Get a single vault + * @param $vault_id + * @param $user_id + * @return \OCA\Passman\Db\Vault[] + */ + public function getById($vault_id, $user_id) { + $vault = $this->vaultMapper->find($vault_id, $user_id); + return $vault; + } + + /** + * Get a single vault. + * @param $vault_guid + * @param $user_id + * @return \OCA\Passman\Db\Vault + */ + public function getByGuid($vault_guid, $user_id) { + $vault = $this->vaultMapper->findByGuid($vault_guid, $user_id); + return $vault; + } + + /** + * Create a new vault. + * @param $vault_name + * @param $userId + * @return \OCA\Passman\Db\Vault + */ + public function createVault($vault_name, $userId) { + return $this->vaultMapper->create($vault_name, $userId); + } + + /** + * Update vault + * @param $vault + */ + public function updateVault($vault) { + return $this->vaultMapper->updateVault($vault); + } + + /** + * Update last access time of a vault. + * @param $vault_id + * @param $user_id + */ + public function setLastAccess($vault_id, $user_id){ + return $this->vaultMapper->setLastAccess($vault_id, $user_id); + } + + /** + * Uodate sharing keys of a vault. + * @param $vault_id + * @param $privateKey + * @param $publicKey + */ + public function updateSharingKeys($vault_id, $privateKey, $publicKey){ + return $this->vaultMapper->updateSharingKeys($vault_id, $privateKey, $publicKey); + } +}
\ No newline at end of file |