8 files changed, 995 insertions, 0 deletions

diff --git a/lib/Service/ActivityService.php b/lib/Service/ActivityService.php
new file mode 100644
index 00000000..f941a8af
--- /dev/null
+++ b/lib/Service/ActivityService.php
@@ -0,0 +1,67 @@
+<?php
+/**
+ * Nextcloud - passman
+ *
+ * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com)
+ * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es)
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Passman\Service;
+
+use OCP\IConfig;
+use OCP\AppFramework\Db\DoesNotExistException;
+
+use OCA\Passman\Db\FileMapper;
+
+
+class ActivityService {
+
+	private $manager;
+
+	public function __construct() {
+			$this->manager = \OC::$server->getActivityManager();
+	}
+
+	/**
+	 * Create a new activity
+	 * @param $subject string Subject of the activity
+	 * @param $subjectParams array
+	 * @param $message string
+	 * @param $messageParams array
+	 * @param $link string
+	 * @param $user string
+	 * @param $type string
+	 * @return array
+	 */
+	public function add($subject,$subjectParams=array(),
+						$message='',$messageParams=array(),
+						$link='',$user=null,$type='') {
+		if($user) {
+			$activity = $this->manager->generateEvent();
+			$activity->setType($type);
+			$activity->setApp('passman');
+			$activity->setSubject($subject, $subjectParams);
+			$activity->setLink($link);
+			$activity->setAffectedUser($user);
+			$activity->setAuthor($user);
+			$activity->setTimestamp(time());
+			$activity->setMessage($message, $messageParams);
+		}
+		return array('success'=>'ok');
+	}
+}
\ No newline at end of file
diff --git a/lib/Service/CredentialRevisionService.php b/lib/Service/CredentialRevisionService.php
new file mode 100644
index 00000000..06113371
--- /dev/null
+++ b/lib/Service/CredentialRevisionService.php
@@ -0,0 +1,91 @@
+<?php
+/**
+ * Nextcloud - passman
+ *
+ * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com)
+ * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es)
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Passman\Service;
+
+use OCA\Passman\Db\CredentialRevision;
+use OCP\IConfig;
+use OCP\AppFramework\Db\DoesNotExistException;
+
+use OCA\Passman\Db\CredentialRevisionMapper;
+
+
+class CredentialRevisionService {
+
+	private $credentialRevisionMapper;
+
+	public function __construct(CredentialRevisionMapper $credentialRevisionMapper) {
+		$this->credentialRevisionMapper = $credentialRevisionMapper;
+	}
+
+	/**
+	 * Create a new revision for a credential
+	 * @param $credential
+	 * @param $userId
+	 * @param $credential_id
+	 * @param $edited_by
+	 * @return CredentialRevision
+	 */
+	public function createRevision($credential, $userId, $credential_id, $edited_by) {
+		return $this->credentialRevisionMapper->create($credential, $userId, $credential_id, $edited_by);
+	}
+
+	/**
+	 * Get revisions of a credential
+	 * @param $credential_id
+	 * @param null $user_id
+	 * @return CredentialRevision[]
+	 */
+	public function getRevisions($credential_id, $user_id = null){
+		return $this->credentialRevisionMapper->getRevisions($credential_id, $user_id);
+	}
+
+	/**
+	 *
+	 * @param $credential_id
+	 * @param null $user_id
+	 * @return CredentialRevision
+	 */
+	public function getRevision($credential_id, $user_id = null){
+		return $this->credentialRevisionMapper->getRevision($credential_id, $user_id);
+	}
+
+	/**
+	 * Delete a revision
+	 * @param $revision_id
+	 * @param $user_id
+	 * @return CredentialRevision
+	 */
+	public function deleteRevision($revision_id, $user_id){
+		return $this->credentialRevisionMapper->deleteRevision($revision_id, $user_id);
+	}
+
+	/**
+	 * Update revision
+	 * @param CredentialRevision $credentialRevision
+	 * @return CredentialRevision
+	 */
+	public function updateRevision(CredentialRevision $credentialRevision){
+		return $this->credentialRevisionMapper->update($credentialRevision);
+	}
+}
\ No newline at end of file
diff --git a/lib/Service/CredentialService.php b/lib/Service/CredentialService.php
new file mode 100644
index 00000000..3fb61113
--- /dev/null
+++ b/lib/Service/CredentialService.php
@@ -0,0 +1,152 @@
+<?php
+/**
+ * Nextcloud - passman
+ *
+ * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com)
+ * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es)
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Passman\Service;
+
+use OCA\Passman\Db\Credential;
+use OCA\Passman\Db\CredentialRevision;
+use OCA\Passman\Db\SharingACL;
+use OCA\Passman\Db\SharingACLMapper;
+use OCP\IConfig;
+use OCP\AppFramework\Db\DoesNotExistException;
+
+use OCA\Passman\Db\CredentialMapper;
+
+
+class CredentialService {
+
+	private $credentialMapper;
+    private $sharingACL;
+
+	public function __construct(CredentialMapper $credentialMapper, SharingACLMapper $sharingACL) {
+		$this->credentialMapper = $credentialMapper;
+        $this->sharingACL = $sharingACL;
+	}
+
+	/**
+	 * Create a new credential
+	 * @param $user_id
+	 * @param $item_guid
+	 * @return Credential
+	 */
+	public function createCredential($credential) {
+		return $this->credentialMapper->create($credential);
+	}
+
+	/**
+	 * Update credential
+	 * @param $credential array
+	 * @return Credential
+	 */
+	public function updateCredential($credential) {
+		return $this->credentialMapper->updateCredential($credential);
+	}
+
+	/**
+	 * Update credential
+	 * @param $credential Credential
+	 */
+	public function upd(Credential $credential) {
+		return $this->credentialMapper->upd($credential);
+	}
+
+	/**
+	 * Delete credential
+	 * @param Credential $credential
+	 * @return \OCP\AppFramework\Db\Entity
+	 */
+	public function deleteCredential(Credential $credential){
+		return $this->credentialMapper->deleteCredential($credential);
+	}
+
+	/**
+	 * Get credentials by vault id
+	 * @param $vault_id
+	 * @param $user_id
+	 * @return \OCA\Passman\Db\Vault[]
+	 */
+	public function getCredentialsByVaultId($vault_id, $user_id) {
+		return $this->credentialMapper->getCredentialsByVaultId($vault_id, $user_id);
+	}
+
+	/**
+	 * Get a random credential from given vault
+	 * @param $vault_id
+	 * @param $user_id
+	 * @return mixed
+	 */
+	public function getRandomCredentialByVaultId($vault_id, $user_id) {
+		$credentials = $this->credentialMapper->getRandomCredentialByVaultId($vault_id, $user_id);
+		return array_pop($credentials);
+	}
+
+	/**
+	 * Get expired credentials.
+	 * @param $timestamp
+	 * @return \OCA\Passman\Db\Credential[]
+	 */
+	public function getExpiredCredentials($timestamp) {
+		return $this->credentialMapper->getExpiredCredentials($timestamp);
+	}
+
+	/**
+	 * Get a single credential.
+	 * @param $credential_id
+	 * @param $user_id
+	 * @return Credential
+	 * @throws DoesNotExistException
+	 */
+	public function getCredentialById($credential_id, $user_id){
+        $credential = $this->credentialMapper->getCredentialById($credential_id);
+        if ($credential->getUserId() === $user_id){
+            return $credential;
+        }
+        else {
+            $acl = $this->sharingACL->getItemACL($user_id, $credential->getGuid());
+            if ($acl->hasPermission(SharingACL::READ)) {
+				return $credential;
+			} else {
+				throw new DoesNotExistException("Did expect one result but found none when executing");
+			}
+        }
+	}
+
+	/**
+	 * Get credential label by credential id.
+	 * @param $credential_id
+	 * @return Credential
+	 */
+	public function getCredentialLabelById($credential_id){
+		return $this->credentialMapper->getCredentialLabelById($credential_id);
+	}
+
+	/**
+	 * Get credential by guid
+	 * @param $credential_guid
+	 * @param null $user_id
+	 * @return Credential
+	 */
+	public function getCredentialByGUID($credential_guid, $user_id = null){
+	    return $this->credentialMapper->getCredentialByGUID($credential_guid, $user_id);
+    }
+}
\ No newline at end of file
diff --git a/lib/Service/CronService.php b/lib/Service/CronService.php
new file mode 100644
index 00000000..3ee3660e
--- /dev/null
+++ b/lib/Service/CronService.php
@@ -0,0 +1,74 @@
+<?php
+/**
+ * Nextcloud - passman
+ *
+ * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com)
+ * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es)
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Passman\Service;
+
+use OCP\IConfig;
+use OCP\AppFramework\Db\DoesNotExistException;
+use OCP\ILogger;
+use OCA\Passman\Utility\Utils;
+use OCA\Passman\Activity;
+use OCP\IDBConnection;
+class CronService {
+
+	private $credentialService;
+	private $logger;
+	private $utils;
+	private $notificationService;
+	private $activityService;
+	private $db;
+	public function __construct(CredentialService $credentialService, ILogger $logger, Utils $utils, NotificationService $notificationService, ActivityService $activityService, IDBConnection $db) {
+		$this->credentialService = $credentialService;
+		$this->logger = $logger;
+		$this->utils = $utils;
+		$this->notificationService = $notificationService;
+		$this->activityService = $activityService;
+		$this->db = $db;
+	}
+
+
+	public function expireCredentials() {
+		$this->logger->info('Passman cron test', array('app' => 'passman'));
+		$expired_credentials = $this->credentialService->getExpiredCredentials($this->utils->getTime());
+		foreach($expired_credentials as $credential){
+			$link = ''; // @TODO create direct link to credential
+
+			$sql = 'SELECT count(*) as rows from `*PREFIX*notifications` WHERE `subject`= \'credential_expired\' AND object_id=?';
+			$id = $credential->getId();
+			$result = $this->db->executeQuery($sql, array($id));
+			$this->logger->debug($credential->getLabel() .' is expired, checking notifications!', array('app' => 'passman'));
+			$notifications = intval($result->fetch()['rows']);
+			if($notifications === 0) {
+				$this->logger->debug($credential->getLabel() .' is expired, adding notification!', array('app' => 'passman'));
+				$this->activityService->add(
+					Activity::SUBJECT_ITEM_EXPIRED, array($credential->getLabel(), $credential->getUserId()),
+					'', array(),
+					$link, $credential->getUserId(), Activity::TYPE_ITEM_EXPIRED);
+				$this->notificationService->credentialExpiredNotification($credential);
+			} else {
+				$this->logger->debug($credential->getLabel() .' is expired, already notified!', array('app' => 'passman'));
+			}
+
+		}
+	}
+}
\ No newline at end of file
diff --git a/lib/Service/FileService.php b/lib/Service/FileService.php
new file mode 100644
index 00000000..63da182a
--- /dev/null
+++ b/lib/Service/FileService.php
@@ -0,0 +1,89 @@
+<?php
+/**
+ * Nextcloud - passman
+ *
+ * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com)
+ * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es)
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Passman\Service;
+
+use OCP\IConfig;
+use OCP\AppFramework\Db\DoesNotExistException;
+
+use OCA\Passman\Db\FileMapper;
+
+
+class FileService {
+
+	private $fileMapper;
+
+	public function __construct(FileMapper $fileMapper) {
+		$this->fileMapper = $fileMapper;
+	}
+
+	/**
+	 * Get a single file. This function also returns the file content.
+	 * @param $fileId
+	 * @param null $userId
+	 * @return \OCA\Passman\Db\File
+	 */
+	public function getFile($fileId, $userId = null) {
+		return $this->fileMapper->getFile($fileId, $userId);
+	}
+
+	/**
+	 * Get a single file. This function also returns the file content.
+	 * @param $file_guid
+	 * @param null $userId
+	 * @return \OCA\Passman\Db\File
+	 */
+	public function getFileByGuid($file_guid, $userId = null) {
+		return $this->fileMapper->getFileByGuid($file_guid, $userId);
+	}
+
+	/**
+	 * Upload a new file,
+	 * @param $file array
+	 * @param $userId
+	 * @return \OCA\Passman\Db\File
+	 */
+	public function createFile($file, $userId) {
+		return $this->fileMapper->create($file, $userId);
+	}
+
+	/**
+	 * Delete file
+	 * @param $file_id
+	 * @param $userId
+	 * @return \OCA\Passman\Db\File
+	 */
+	public function deleteFile($file_id, $userId) {
+		return $this->fileMapper->deleteFile($file_id, $userId);
+	}
+
+	/**
+	 * Update file
+	 * @param $file_id
+	 * @return \OCA\Passman\Db\File
+	 */
+	public function updateFile($file_id) {
+		return $this->fileMapper->updateFile($file_id);
+	}
+
+}
\ No newline at end of file
diff --git a/lib/Service/NotificationService.php b/lib/Service/NotificationService.php
new file mode 100644
index 00000000..61b251bb
--- /dev/null
+++ b/lib/Service/NotificationService.php
@@ -0,0 +1,109 @@
+<?php
+/**
+ * Nextcloud - passman
+ *
+ * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com)
+ * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es)
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Passman\Service;
+
+use OCP\IConfig;
+use OCP\AppFramework\Db\DoesNotExistException;
+
+use OCA\Passman\Db\FileMapper;
+
+
+class NotificationService {
+
+	private $manager;
+
+	public function __construct() {
+		$this->manager = \OC::$server->getNotificationManager();
+	}
+
+	function credentialExpiredNotification($credential){
+		$urlGenerator = \OC::$server->getURLGenerator();
+		$link = $urlGenerator->getAbsoluteURL($urlGenerator->linkTo('','index.php/apps/passman/#/vault/'. $credential->getVaultId() .'/edit/'. $credential->getId()));
+		$api = $urlGenerator->getAbsoluteURL($urlGenerator->linkTo('', 'index.php/apps/passman'));
+		$notification = $this->manager->createNotification();
+		$remindAction = $notification->createAction();
+		$remindAction->setLabel('remind')
+			->setLink($api. '/api/internal/notifications/remind/'. $credential->getId() , 'POST');
+
+		$declineAction = $notification->createAction();
+		$declineAction->setLabel('ignore')
+			->setLink($api . '/api/internal/notifications/read/'. $credential->getId(), 'DELETE');
+
+		$notification->setApp('passman')
+			->setUser($credential->getUserId())
+			->setDateTime(new \DateTime())
+			->setObject('credential', $credential->getId()) // Set notification type and id
+			->setSubject('credential_expired', [$credential->getLabel()]) // set subject and parameters
+			->setLink($link)
+			->addAction($declineAction)
+			->addAction($remindAction);
+
+		$this->manager->notify($notification);
+	}
+
+
+	function credentialSharedNotification($data){
+		$urlGenerator = \OC::$server->getURLGenerator();
+		$link = $urlGenerator->getAbsoluteURL($urlGenerator->linkTo('','index.php/apps/passman/#/'));
+		$api = $urlGenerator->getAbsoluteURL($urlGenerator->linkTo('', 'index.php/apps/passman'));
+		$notification = $this->manager->createNotification();
+
+		$declineAction = $notification->createAction();
+		$declineAction->setLabel('decline')
+			->setLink($api . '/api/v2/sharing/decline/'. $data['req_id'], 'DELETE');
+
+		$notification->setApp('passman')
+			->setUser($data['target_user'])
+			->setDateTime(new \DateTime())
+			->setObject('passman_share_request', $data['req_id']) // type and id
+			->setSubject('credential_shared', [$data['from_user'], $data['credential_label']]) // subject and parameters
+			->setLink($link)
+			->addAction($declineAction);
+
+		$this->manager->notify($notification);
+	}
+
+
+	function credentialDeclinedSharedNotification($data){
+		$notification = $this->manager->createNotification();
+		$notification->setApp('passman')
+			->setUser($data['target_user'])
+			->setDateTime(new \DateTime())
+			->setObject('passman_share_request', $data['req_id']) // type and id
+			->setSubject('credential_share_denied', [$data['from_user'], $data['credential_label']]); // subject and parameters
+		$this->manager->notify($notification);
+	}
+
+
+	function credentialAcceptedSharedNotification($data){
+		$notification = $this->manager->createNotification();
+		$notification->setApp('passman')
+			->setUser($data['target_user'])
+			->setDateTime(new \DateTime())
+			->setObject('passman_share_request', $data['req_id']) // type and id
+			->setSubject('credential_share_accepted', [$data['from_user'], $data['credential_label']]); // subject and parameters
+		$this->manager->notify($notification);
+	}
+
+}
\ No newline at end of file
diff --git a/lib/Service/ShareService.php b/lib/Service/ShareService.php
new file mode 100644
index 00000000..02fe7aa5
--- /dev/null
+++ b/lib/Service/ShareService.php
@@ -0,0 +1,306 @@
+<?php
+/**
+ * Nextcloud - passman
+ *
+ * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com)
+ * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es)
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Passman\Service;
+
+
+use Icewind\SMB\Share;
+use OCA\Passman\Db\CredentialMapper;
+use OCA\Passman\Db\CredentialRevision;
+use OCA\Passman\Db\ShareRequest;
+use OCA\Passman\Db\ShareRequestMapper;
+use OCA\Passman\Db\SharingACL;
+use OCA\Passman\Db\SharingACLMapper;
+use OCA\Passman\Utility\Utils;
+use OCP\AppFramework\Db\DoesNotExistException;
+
+class ShareService {
+	private $sharingACL;
+	private $shareRequest;
+	private $credential;
+	private $revisions;
+
+	public function __construct(
+		SharingACLMapper $sharingACL,
+		ShareRequestMapper $shareRequest,
+		CredentialMapper $credentials,
+		CredentialRevisionService $revisions
+	) {
+		$this->sharingACL = $sharingACL;
+		$this->shareRequest = $shareRequest;
+		$this->credential = $credentials;
+		$this->revisions = $revisions;
+	}
+
+	/**
+	 * Creates requests for all the items on the request array of objects.
+	 * This array must follow this spec:
+	 *      user_id:    The target user id
+	 *      vault_id:   The id of the target vault
+	 *      guid:       The guid of the target vault
+	 *      key:        The shared key cyphered with the target vault RSA public key
+	 *
+	 * @param $target_item_id   string      The shared item ID
+	 * @param $target_item_guid string      The shared item GUID
+	 * @param $request_array    array
+	 * @param $permissions      integer     Must be created with a bitmask from options on the ShareRequest class
+	 * @return array                        Array of sharing requests
+	 */
+	public function createBulkRequests($target_item_id, $target_item_guid, $request_array, $permissions, $credential_owner) {
+		$created = Utils::getTime();
+		$requests = array();
+		foreach ($request_array as $req) {
+			$t = new ShareRequest();
+			$t->setItemId($target_item_id);
+			$t->setItemGuid($target_item_guid);
+			$t->setTargetUserId($req['user_id']);
+			$t->setTargetVaultId($req['vault_id']);
+			$t->setTargetVaultGuid($req['guid']);
+			$t->setSharedKey($req['key']);
+			$t->setPermissions($permissions);
+			$t->setCreated($created);
+			$t->setFromUserId($credential_owner);
+			array_push($requests, $this->shareRequest->createRequest($t));
+		}
+		return $requests;
+	}
+
+	public function createACLEntry(SharingACL $acl) {
+		if ($acl->getCreated() === null) $acl->setCreated((new \DateTime())->getTimestamp());
+		return $this->sharingACL->createACLEntry($acl);
+	}
+
+	/**
+	 * Applies the given share, defaults to no expire
+	 *
+	 * @param $item_guid
+	 * @param $target_vault_guid
+	 * @param $final_shared_key
+	 */
+	public function applyShare($item_guid, $target_vault_guid, $final_shared_key) {
+		$request = $this->shareRequest->getRequestByItemAndVaultGuid($item_guid, $target_vault_guid);
+		$permissions = $request->getPermissions();
+
+		$acl = new SharingACL();
+		$acl->setItemId($request->getItemId());
+		$acl->setItemGuid($request->getItemGuid());
+		$acl->setUserId($request->getTargetUserId());
+		$acl->setCreated($request->getCreated());
+		$acl->setExpire(0);
+		$acl->setPermissions($permissions);
+		$acl->setVaultId($request->getTargetVaultId());
+		$acl->setVaultGuid($request->getTargetVaultGuid());
+		$acl->setSharedKey($final_shared_key);
+
+		$this->sharingACL->createACLEntry($acl);
+		$this->shareRequest->cleanItemRequestsForUser($request->getItemId(), $request->getTargetUserId());
+	}
+
+	/**
+	 * Obtains pending requests for the given user ID
+	 *
+	 * @param $user_id
+	 * @return \OCA\Passman\Db\ShareRequest[]
+	 */
+	public function getUserPendingRequests($user_id) {
+		return $this->shareRequest->getUserPendingRequests($user_id);
+	}
+
+	/**
+	 * Get shared credentials from a user
+	 *
+	 * @param $user_id
+	 * @param $vault_guid
+	 * @return \OCA\Passman\Db\SharingACL[]
+	 */
+	public function getSharedItems($user_id, $vault_guid) {
+		$entries = $this->sharingACL->getVaultEntries($user_id, $vault_guid);
+
+		$return = [];
+		foreach ($entries as $entry) {
+			// Check if the user can read the credential, probably unnecesary, but just to be sure
+			if (!$entry->hasPermission(SharingACL::READ)) continue;
+
+			$tmp = $entry->jsonSerialize();
+			$tmp['credential_data'] = $this->credential->getCredentialById($entry->getItemId())->jsonSerialize();
+
+			if (!$entry->hasPermission(SharingACL::FILES)) unset($tmp['credential_data']['files']);
+			unset($tmp['credential_data']['shared_key']);
+			$return[] = $tmp;
+		}
+		return $return;
+	}
+
+	/**
+	 * Gets the acl for a given item guid
+	 * @param $user_id
+	 * @param $item_guid
+	 * @return SharingACL
+	 */
+	public function getACL($user_id, $item_guid) {
+		return $this->sharingACL->getItemACL($user_id, $item_guid);
+	}
+
+	public function getSharedItem($user_id, $item_guid) {
+		$acl = $this->sharingACL->getItemACL($user_id, $item_guid);
+
+		// Check if the user can read the credential, probably unnecesary, but just to be sure
+		if (!$acl->hasPermission(SharingACL::READ)) throw new DoesNotExistException("Item not found or wrong access level");
+
+		$tmp = $acl->jsonSerialize();
+		$tmp['credential_data'] = $this->credential->getCredentialById($acl->getItemId())->jsonSerialize();
+
+		if (!$acl->hasPermission(SharingACL::FILES)) unset($tmp['credential_data']['files']);
+		unset($tmp['credential_data']['shared_key']);
+
+		return $tmp;
+	}
+
+	/**
+	 * Gets history from the given item checking the user's permissions to access it
+	 *
+	 * @param $user_id
+	 * @param $item_guid
+	 * @return CredentialRevision[]
+	 */
+	public function getItemHistory($user_id, $item_guid) {
+		$acl = $this->sharingACL->getItemACL($user_id, $item_guid);
+		if (!$acl->hasPermission(SharingACL::READ | SharingACL::HISTORY)) return [];
+
+		return $this->revisions->getRevisions($acl->getItemId());
+	}
+
+
+    /**
+     * Deletes a share request by the item ID
+     * @param ShareRequest $request
+     * @return \PDOStatement
+     */
+	public function cleanItemRequestsForUser(ShareRequest $request) {
+		return $this->shareRequest->cleanItemRequestsForUser($request->getItemId(), $request->getTargetUserId());
+	}
+
+    /**
+     * Get an share request by id
+     * @param $id
+     * @return ShareRequest
+     */
+	public function getShareRequestById($id) {
+		return $this->shareRequest->getShareRequestById($id);
+	}
+
+    /**
+     * Get an share request by $item_guid and $target_vault_guid
+     *
+     * @param $item_guid
+     * @param $target_vault_guid
+     * @return ShareRequest
+     */
+	public function getRequestByGuid($item_guid, $target_vault_guid) {
+		return $this->shareRequest->getRequestByItemAndVaultGuid($item_guid, $target_vault_guid);
+	}
+
+	/**
+	 * Get the access control list by item guid
+	 *
+	 * @param string $item_guid
+	 * @return \OCA\Passman\Db\SharingACL[]
+	 */
+	public function getCredentialAclList($item_guid) {
+		return $this->sharingACL->getCredentialAclList($item_guid);
+	}
+
+	public function getCredentialPendingAclList($item_guid) {
+		return $this->shareRequest->getRequestsByItemGuidGroupedByUser($item_guid);
+	}
+
+	/**
+	 * Gets the ACL on the credential for the user
+	 *
+	 * @param $user_id
+	 * @param $item_guid
+	 * @return SharingACL
+	 */
+	public function getCredentialAclForUser($user_id, $item_guid) {
+		return $this->sharingACL->getItemACL($user_id, $item_guid);
+	}
+
+	/**
+	 * Get pending share requests by guid
+	 *
+	 * @param  string $item_guid
+	 * @return \OCA\Passman\Db\ShareRequest[]
+	 */
+	public function getShareRequestsByGuid($item_guid) {
+		return $this->shareRequest->getShareRequestsByItemGuid($item_guid);
+	}
+
+	/**
+	 * Get pending share requests by guid
+	 *
+	 * @param  ShareRequest $request
+	 * @return ShareRequest
+	 */
+	public function deleteShareRequest(ShareRequest $request) {
+		return $this->shareRequest->deleteShareRequest($request);
+	}
+
+	/**
+	 * Delete ACL
+	 *
+	 * @param  ShareRequest $request
+	 * @return \OCA\Passman\Db\ShareRequest[]
+	 */
+	public function deleteShareACL(SharingACL $ACL) {
+		return $this->sharingACL->deleteShareACL($ACL);
+	}
+
+    /**
+     * Updates the given ACL entry
+     * @param SharingACL $sharingACL
+     * @return SharingACL
+     */
+	public function updateCredentialACL(SharingACL $sharingACL) {
+		return $this->sharingACL->updateCredentialACL($sharingACL);
+	}
+
+	public function updateCredentialShareRequest(ShareRequest $shareRequest) {
+		return $this->shareRequest->updateShareRequest($shareRequest);
+	}
+
+
+	/**
+	 * Get pending share requests by guid and uid
+	 *
+	 * @param  ShareRequest $request
+	 * @return \OCA\Passman\Db\ShareRequest[]
+	 */
+	public function getPendingShareRequestsForCredential($item_guid, $user_id) {
+		return $this->shareRequest->getPendingShareRequests($item_guid, $user_id);
+	}
+
+
+	public function updatePendingShareRequestsForCredential($item_guid, $user_id, $permissions){
+	    return $this->shareRequest->updatePendingRequestPermissions($item_guid, $user_id, $permissions);
+    }
+}
\ No newline at end of file
diff --git a/lib/Service/VaultService.php b/lib/Service/VaultService.php
new file mode 100644
index 00000000..8e7a8d83
--- /dev/null
+++ b/lib/Service/VaultService.php
@@ -0,0 +1,107 @@
+<?php
+/**
+ * Nextcloud - passman
+ *
+ * @copyright Copyright (c) 2016, Sander Brand (brantje@gmail.com)
+ * @copyright Copyright (c) 2016, Marcos Zuriaga Miguel (wolfi@wolfi.es)
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Passman\Service;
+
+use OCP\IConfig;
+use OCP\AppFramework\Db\DoesNotExistException;
+
+use OCA\Passman\Db\VaultMapper;
+
+
+class VaultService {
+
+	private $vaultMapper;
+
+	public function __construct(VaultMapper $vaultMapper) {
+		$this->vaultMapper = $vaultMapper;
+	}
+
+	/**
+	 * Get vaults from a user.
+	 * @param $userId
+	 * @return \OCA\Passman\Db\Vault[]
+	 */
+	public function getByUser($userId) {
+		return $this->vaultMapper->findVaultsFromUser($userId);
+	}
+
+	/**
+	 * Get a single vault
+	 * @param $vault_id
+	 * @param $user_id
+	 * @return \OCA\Passman\Db\Vault[]
+	 */
+	public function getById($vault_id, $user_id) {
+		$vault = $this->vaultMapper->find($vault_id, $user_id);
+		return $vault;
+	}
+
+	/**
+	 * Get a single vault.
+	 * @param $vault_guid
+	 * @param $user_id
+	 * @return \OCA\Passman\Db\Vault
+	 */
+	public function getByGuid($vault_guid, $user_id) {
+		$vault = $this->vaultMapper->findByGuid($vault_guid, $user_id);
+		return $vault;
+	}
+
+	/**
+	 * Create a new vault.
+	 * @param $vault_name
+	 * @param $userId
+	 * @return \OCA\Passman\Db\Vault
+	 */
+	public function createVault($vault_name, $userId) {
+		return $this->vaultMapper->create($vault_name, $userId);
+	}
+
+	/**
+	 * Update vault
+	 * @param $vault
+	 */
+	public function updateVault($vault) {
+		return $this->vaultMapper->updateVault($vault);
+	}
+
+	/**
+	 * Update last access time of a vault.
+	 * @param $vault_id
+	 * @param $user_id
+	 */
+	public function setLastAccess($vault_id, $user_id){
+		return $this->vaultMapper->setLastAccess($vault_id, $user_id);
+	}
+
+	/**
+	 * Uodate sharing keys of a vault.
+	 * @param $vault_id
+	 * @param $privateKey
+	 * @param $publicKey
+	 */
+	public function updateSharingKeys($vault_id, $privateKey, $publicKey){
+		return $this->vaultMapper->updateSharingKeys($vault_id, $privateKey, $publicKey);
+	}
+}
\ No newline at end of file