From dad6b97a38348f620d20e5d20108a628269645ee Mon Sep 17 00:00:00 2001 From: dartcafe Date: Fri, 7 Aug 2020 22:47:10 +0200 Subject: public subscription for shares with mail address --- lib/Controller/PollController.php | 18 ++--- lib/Controller/SubscriptionController.php | 10 +-- lib/Model/Acl.php | 110 +++++++++++------------------- lib/Service/CommentService.php | 6 +- lib/Service/OptionService.php | 19 +++--- lib/Service/PollService.php | 36 +++------- lib/Service/ShareService.php | 12 ++-- lib/Service/SubscriptionService.php | 34 +++++---- lib/Service/VoteService.php | 6 +- 9 files changed, 105 insertions(+), 146 deletions(-) (limited to 'lib') diff --git a/lib/Controller/PollController.php b/lib/Controller/PollController.php index 04445482..a564fe40 100644 --- a/lib/Controller/PollController.php +++ b/lib/Controller/PollController.php @@ -121,14 +121,10 @@ class PollController extends Controller { * @return DataResponse */ public function get($pollId, $token) { + try { - if ($token) { - $poll = $this->pollService->getByToken($token); - $acl = $this->acl->setToken($token); - } else { - $poll = $this->pollService->get($pollId); - $acl = $this->acl->setPollId($pollId); - } + $acl = $this->acl->set($pollId, $token); + $poll = $this->pollService->get($pollId, $token); } catch (DoesNotExistException $e) { return new DataResponse(['error' => 'Not found'], Http::STATUS_NOT_FOUND); @@ -137,25 +133,25 @@ class PollController extends Controller { } try { - $comments = $this->commentService->list($poll->getId(), $token); + $comments = $this->commentService->list($pollId, $token); } catch (Exception $e) { $comments = []; } try { - $options = $this->optionService->list($poll->getId(), $token); + $options = $this->optionService->list($pollId, $token); } catch (Exception $e) { $options = []; } try { - $votes = $this->voteService->list($poll->getId(), $token); + $votes = $this->voteService->list($pollId, $token); } catch (Exception $e) { $votes = []; } try { - $shares = $this->shareService->list($poll->getId()); + $shares = $this->shareService->list($pollId, $token); } catch (Exception $e) { $shares = []; } diff --git a/lib/Controller/SubscriptionController.php b/lib/Controller/SubscriptionController.php index f2517237..ea1e9e49 100644 --- a/lib/Controller/SubscriptionController.php +++ b/lib/Controller/SubscriptionController.php @@ -57,15 +57,16 @@ class SubscriptionController extends Controller { /** * Get subscription status + * @PublicPage * @NoAdminRequired * @param int $pollId * @return DataResponse * @throws DoesNotExistException * @throws NotAuthorizedException */ - public function get($pollId) { + public function get($pollId, $token) { try { - return new DataResponse($this->subscriptionService->get($pollId), Http::STATUS_OK); + return new DataResponse($this->subscriptionService->get($pollId, $token), Http::STATUS_OK); } catch (NotAuthorizedException $e) { return new DataResponse(['error' => $e->getMessage()], $e->getStatus()); } catch (DoesNotExistException $e) { @@ -75,15 +76,16 @@ class SubscriptionController extends Controller { /** * Switch subscription status + * @PublicPage * @NoAdminRequired * @param int $pollId * @param int $subscribed * @return DataResponse * @throws NotAuthorizedException */ - public function set($pollId, $subscribed) { + public function set($pollId, $token, $subscribed) { try { - return new DataResponse($this->subscriptionService->set($pollId, $subscribed), Http::STATUS_OK); + return new DataResponse($this->subscriptionService->set($pollId, $token, $subscribed), Http::STATUS_OK); } catch (NotAuthorizedException $e) { return new DataResponse(['error' => $e->getMessage()], $e->getStatus()); } diff --git a/lib/Model/Acl.php b/lib/Model/Acl.php index 10760008..ee7b627b 100644 --- a/lib/Model/Acl.php +++ b/lib/Model/Acl.php @@ -27,6 +27,7 @@ namespace OCA\Polls\Model; use JsonSerializable; use Exception; use OCP\AppFramework\Db\DoesNotExistException; +use OCA\Polls\Exceptions\NotAuthorizedException; use OCP\IUserManager; use OCP\IGroupManager; @@ -104,6 +105,44 @@ class Acl implements JsonSerializable { $this->poll = $poll; } + /** + * @NoAdminRequired + * @return bool + */ + public function set($pollId = 0, $token = ''): Acl { + + if ($token) { + \OC::$server->getLogger()->debug('Share token: ' . $token); + + $this->token = $token; + $this->pollId = 0; + $this->userId = null; + $share = $this->shareMapper->findByToken($token); + + if (\OC::$server->getUserSession()->isLoggedIn()) { + if ($share->getType() !== 'group' && $share->getType() !== 'public') { + throw new NotAuthorizedException; + } + + $this->userId = \OC::$server->getUserSession()->getUser()->getUID(); + } else { + if ($share->getType() === 'group' || $share->getType() === 'user') { + throw new NotAuthorizedException; + } + + $this->userId = $share->getUserId(); + } + + $this->pollId = $share->getPollId(); + } elseif ($pollId) { + $this->user = \OC::$server->getUserSession()->getUser()->getUID(); + $this->pollId = $pollId; + } + + $this->poll = $this->pollMapper->find($this->pollId); + + return $this; + } /** * @NoAdminRequired @@ -133,31 +172,6 @@ class Acl implements JsonSerializable { return !($this->userManager->get($this->userId) instanceof IUser); } - - /** - * @NoAdminRequired - * @return bool - */ - public function setPollIdOrToken($pollId = 0, $token = '') { - - if ($token) { - $this->setToken($token); - } elseif ($pollId) { - $this->setPollId($pollId); - } - - return $this; - } - - /** - * @NoAdminRequired - * @return string - */ - public function setUserId($userId): Acl { - $this->userId = $userId; - return $this; - } - /** * @NoAdminRequired * @return string @@ -174,18 +188,6 @@ class Acl implements JsonSerializable { return $this->pollId; } - /** - * @NoAdminRequired - * @return int - */ - public function setPollId(int $pollId): Acl { - $this->pollId = $pollId; - $this->poll = $this->pollMapper->find($this->pollId); - $this->shares = $this->shareMapper->findByPoll($this->pollId); - - return $this; - } - /** * @NoAdminRequired * @return bool @@ -346,40 +348,6 @@ class Acl implements JsonSerializable { return $this->token; } - /** - * @NoAdminRequired - * @return string - */ - public function setToken(string $token): Acl { - \OC::$server->getLogger()->debug('Share PollId: ' . $token); - try { - - $this->token = $token; - $share = $this->shareMapper->findByToken($token); - $this->setPollId($share->getPollId()); - \OC::$server->getLogger()->debug('Share PollId: ' . $share->getPollId()); - - if (($share->getType() === 'group' || $share->getType() === 'user') && !\OC::$server->getUserSession()->isLoggedIn()) { - // User must be logged in for shareType user and group - $this->setPollId(0); - $this->setUserId(null); - $this->token = ''; - } else if (($share->getType() === 'group' || $share->getType() === 'public') && \OC::$server->getUserSession()->isLoggedIn()) { - // Use user name of authorized user shareType public and group if user is logged in - $this->setUserId($this->userId); - } else { - $this->setUserId($share->getUserId()); - } - - - } catch (DoesNotExistException $e) { - $this->setPollId(0); - $this->setUserId(null); - $this->token = ''; - } - return $this; - } - /** * @return array */ diff --git a/lib/Service/CommentService.php b/lib/Service/CommentService.php index 6c5f89b6..cdb2616a 100644 --- a/lib/Service/CommentService.php +++ b/lib/Service/CommentService.php @@ -78,7 +78,7 @@ class CommentService { */ public function list($pollId = 0, $token = '') { - if (!$this->acl->setPollIdOrToken($pollId, $token)->getAllowView()) { + if (!$this->acl->set($pollId, $token)->getAllowView()) { throw new NotAuthorizedException; } @@ -101,7 +101,7 @@ class CommentService { */ public function add($pollId = 0, $message, $token = '') { - if (!$this->acl->setPollIdOrToken($pollId, $token)->getAllowComment()) { + if (!$this->acl->set($pollId, $token)->getAllowComment()) { throw new NotAuthorizedException; } @@ -136,7 +136,7 @@ class CommentService { public function delete($commentId, $token = '') { $this->comment = $this->commentMapper->find($commentId); - if ($this->acl->setPollIdOrToken($this->comment->getPollId(), $token)->getUserId() !== $this->acl->getUserId()) { + if ($this->acl->set($this->comment->getPollId(), $token)->getUserId() !== $this->acl->getUserId()) { throw new NotAuthorizedException; } diff --git a/lib/Service/OptionService.php b/lib/Service/OptionService.php index 3cabc5ae..c598073e 100644 --- a/lib/Service/OptionService.php +++ b/lib/Service/OptionService.php @@ -90,13 +90,14 @@ class OptionService { * @throws NotAuthorizedException */ public function list($pollId = 0, $token = '') { + $acl = $this->acl->set($pollId, $token); - if (!$this->acl->setPollIdOrToken($pollId, $token)->getAllowView()) { + if (!$acl->getAllowView()) { throw new NotAuthorizedException; } try { - return $this->optionMapper->findByPoll($pollId); + return $this->optionMapper->findByPoll($acl->getPollId()); } catch (DoesNotExistException $e) { return []; } @@ -115,7 +116,7 @@ class OptionService { public function add($pollId, $timestamp = 0, $pollOptionText = '') { $this->poll = $this->pollMapper->find($pollId); - if (!$this->acl->setPollId($pollId)->getAllowEdit()) { + if (!$this->acl->set($pollId)->getAllowEdit()) { throw new NotAuthorizedException; } @@ -141,7 +142,7 @@ class OptionService { $this->option = $this->optionMapper->find($optionId); $this->poll = $this->pollMapper->find($this->option->getPollId()); - if (!$this->acl->setPollId($this->option->getPollId())->getAllowEdit()) { + if (!$this->acl->set($this->option->getPollId())->getAllowEdit()) { throw new NotAuthorizedException; } @@ -160,7 +161,7 @@ class OptionService { public function delete($optionId) { $this->option = $this->optionMapper->find($optionId); - if (!$this->acl->setPollId($this->option->getPollId())->getAllowEdit()) { + if (!$this->acl->set($this->option->getPollId())->getAllowEdit()) { throw new NotAuthorizedException; } @@ -179,7 +180,7 @@ class OptionService { public function confirm($optionId) { $this->option = $this->optionMapper->find($optionId); - if (!$this->acl->setPollId($this->option->getPollId())->getAllowEdit()) { + if (!$this->acl->set($this->option->getPollId())->getAllowEdit()) { throw new NotAuthorizedException; } @@ -202,7 +203,7 @@ class OptionService { */ public function clone($fromPollId, $toPollId) { - if (!$this->acl->setPollId($fromPollId)->getAllowView()) { + if (!$this->acl->set($fromPollId)->getAllowView()) { throw new NotAuthorizedException; } @@ -232,7 +233,7 @@ class OptionService { $this->poll = $this->pollMapper->find($pollId); - if (!$this->acl->setPollId($pollId)->getAllowEdit()) { + if (!$this->acl->set($pollId)->getAllowEdit()) { throw new NotAuthorizedException; } @@ -267,7 +268,7 @@ class OptionService { $pollId = $this->option->getPollId(); $this->poll = $this->pollMapper->find($pollId); - if (!$this->acl->setPollId($pollId)->getAllowEdit()) { + if (!$this->acl->set($pollId)->getAllowEdit()) { throw new NotAuthorizedException; } diff --git a/lib/Service/PollService.php b/lib/Service/PollService.php index 73b2044c..b9fdbdef 100644 --- a/lib/Service/PollService.php +++ b/lib/Service/PollService.php @@ -111,7 +111,7 @@ class PollService { // TODO: Not the elegant way. Improvement neccessary foreach ($polls as $poll) { $combinedPoll = (object) array_merge( - (array) json_decode(json_encode($poll)), (array) json_decode(json_encode($this->acl->setPollId($poll->getId())))); + (array) json_decode(json_encode($poll)), (array) json_decode(json_encode($this->acl->set($poll->getId())))); if ($combinedPoll->allowView) { $pollList[] = $combinedPoll; } @@ -127,30 +127,14 @@ class PollService { * @return Poll * @throws NotAuthorizedException */ - public function get($pollId) { + public function get($pollId, $token) { + $acl = $this->acl->set($pollId, $token); - if (!$this->acl->setPollId($pollId)->getAllowView()) { + if (!$acl->getAllowView()) { throw new NotAuthorizedException; } - return $this->pollMapper->find($pollId); - - } - - /** - * get poll configuration by token - * @NoAdminRequired - * @param int $pollId - * @return Poll - * @throws NotAuthorizedException - */ - public function getByToken($token) { - - if (!$this->acl->setToken($token)->getAllowView()) { - throw new NotAuthorizedException; - } - - return $this->pollMapper->find($this->acl->getPollId()); + return $this->pollMapper->find($acl->getPollId()); } @@ -219,7 +203,7 @@ class PollService { $this->poll = $this->pollMapper->find($pollId); - if (!$this->acl->setPollId($this->poll->getId())->getAllowEdit()) { + if (!$this->acl->set($this->poll->getId())->getAllowEdit()) { throw new NotAuthorizedException; } @@ -255,7 +239,7 @@ class PollService { public function delete($pollId) { $this->poll = $this->pollMapper->find($pollId); - if (!$this->acl->setPollId($pollId)->getAllowEdit()) { + if (!$this->acl->set($pollId)->getAllowEdit()) { throw new NotAuthorizedException; } @@ -282,7 +266,7 @@ class PollService { public function deletePermanently($pollId) { $this->poll = $this->pollMapper->find($pollId); - if (!$this->acl->setPollId($pollId)->getAllowEdit() || !$this->poll->getDeleted()) { + if (!$this->acl->set($pollId)->getAllowEdit() || !$this->poll->getDeleted()) { throw new NotAuthorizedException; } @@ -299,7 +283,7 @@ class PollService { public function clone($pollId) { $origin = $this->pollMapper->find($pollId); - if (!$this->acl->setPollId($origin->getId())->getAllowView()) { + if (!$this->acl->set($origin->getId())->getAllowView()) { throw new NotAuthorizedException; } @@ -334,7 +318,7 @@ class PollService { public function getParticipantsEmailAddresses($pollId) { $this->poll = $this->pollMapper->find($pollId); - if (!$this->acl->setPollId($pollId)->getAllowEdit()) { + if (!$this->acl->set($pollId)->getAllowEdit()) { return []; } diff --git a/lib/Service/ShareService.php b/lib/Service/ShareService.php index aaddefb8..70881cf9 100644 --- a/lib/Service/ShareService.php +++ b/lib/Service/ShareService.php @@ -82,8 +82,12 @@ class ShareService { * @return array array of Share * @throws NotAuthorizedException */ - public function list($pollId) { - if (!$this->acl->setPollId($pollId)->getAllowEdit()) { + public function list($pollId, $token) { + if ($token) { + return array($this->get($token)); + } + + if (!$this->acl->set($pollId)->getAllowEdit()) { throw new NotAuthorizedException; } @@ -112,7 +116,7 @@ class ShareService { */ public function add($pollId, $type, $userId, $userEmail = '') { - if (!$this->acl->setPollId($pollId)->getAllowEdit()) { + if (!$this->acl->set($pollId)->getAllowEdit()) { throw new NotAuthorizedException; } @@ -213,7 +217,7 @@ class ShareService { public function delete($token) { $this->share = $this->shareMapper->findByToken($token); - if (!$this->acl->setPollId($this->share->getPollId())->getAllowEdit()) { + if (!$this->acl->set($this->share->getPollId())->getAllowEdit()) { throw new NotAuthorizedException; } diff --git a/lib/Service/SubscriptionService.php b/lib/Service/SubscriptionService.php index 0f7d82a7..8678817e 100644 --- a/lib/Service/SubscriptionService.php +++ b/lib/Service/SubscriptionService.php @@ -59,16 +59,16 @@ class SubscriptionService { * @param int $pollId * @return array */ - public function get($pollId) { - if (!$this->acl->setPollId($pollId)->getAllowView()) { + public function get($pollId, $token) { + if (!$this->acl->set($pollId, $token)->getAllowView()) { throw new NotAuthorizedException; } try { - return $this->subscriptionMapper->findByUserAndPoll($pollId, $this->acl->getUserId()); + return $this->subscriptionMapper->findByUserAndPoll($this->acl->getPollId(), $this->acl->getUserId()); } catch (MultipleObjectsReturnedException $e) { // subscription should be unique. If duplicates are found resubscribe // duplicates are removed in $this->set() - return $this->set($pollId, true); + return $this->set($pollId, $token, true); } } @@ -76,51 +76,55 @@ class SubscriptionService { /** * @NoAdminRequired * @param int $pollId + * @param string $token + * @param bool $subscribed * @return array */ - public function set($pollId, $subscribed) { - if (!$this->acl->setPollId($pollId)->getAllowView()) { + public function set($pollId, $token, $subscribed) { + if (!$this->acl->set($pollId, $token)->getAllowView()) { + \OC::$server->getLogger()->alert('Share token: ' . $token); + \OC::$server->getLogger()->alert('Share PollId: ' . $pollId); throw new NotAuthorizedException; } try { - $subscription = $this->subscriptionMapper->findByUserAndPoll($pollId, $this->acl->getUserId()); + $subscription = $this->subscriptionMapper->findByUserAndPoll($this->acl->getPollId(), $this->acl->getUserId()); if (!$subscribed) { $this->subscriptionMapper->delete($subscription); - return ['status' => 'Unsubscribed from poll ' . $pollId]; + return ['status' => 'Unsubscribed from poll ' . $this->acl->getPollId()]; } else { // subscription already exists, just return the existing subscription - return ['status' => 'Subscribed to poll ' . $pollId]; + return ['status' => 'Subscribed to poll ' . $this->acl->getPollId()]; } } catch (DoesNotExistException $e) { if ($subscribed) { $subscription = new Subscription(); - $subscription->setPollId($pollId); + $subscription->setPollId($this->acl->getPollId()); $subscription->setUserId($this->acl->getUserId()); $this->subscriptionMapper->insert($subscription); - return ['status' => 'Subscribed to poll ' . $pollId]; + return ['status' => 'Subscribed to poll ' . $this->acl->getPollId()]; } else { // subscription is not found, just approve the unsubscription - return ['status' => 'Unsubscribed from poll ' . $pollId]; + return ['status' => 'Unsubscribed from poll ' . $this->acl->getPollId()]; } } catch (MultipleObjectsReturnedException $e) { // Duplicates should not exist but if found, fix it // unsubscribe from all and resubscribe, if requested \OC::$server->getLogger()->debug('Multiple subscription (dulpicates) found'); - $this->subscriptionMapper->unsubscribe($pollId, $this->acl->getUserId()); + $this->subscriptionMapper->unsubscribe($this->acl->getPollId(), $this->acl->getUserId()); \OC::$server->getLogger()->debug('Unsubscribed all for user ' . $this->acl->getUserId() . 'in poll' . $pollId); if ($subscribed) { $subscription = new Subscription(); - $subscription->setPollId($pollId); + $subscription->setPollId($this->acl->getPollId()); $subscription->setUserId($this->acl->getUserId()); $this->subscriptionMapper->insert($subscription); \OC::$server->getLogger()->debug('Added new subscription'); return $subscription; } else { - return ['status' => 'Unsubscribed from poll ' . $pollId]; + return ['status' => 'Unsubscribed from poll ' . $this->acl->getPollId()]; } } diff --git a/lib/Service/VoteService.php b/lib/Service/VoteService.php index 32076289..cbedb1ad 100644 --- a/lib/Service/VoteService.php +++ b/lib/Service/VoteService.php @@ -88,7 +88,7 @@ class VoteService { * @throws NotAuthorizedException */ public function list($pollId = 0, $token = '') { - if (!$this->acl->setPollIdOrToken($pollId, $token)->getAllowView()) { + if (!$this->acl->set($pollId, $token)->getAllowView()) { throw new NotAuthorizedException; } @@ -115,7 +115,7 @@ class VoteService { $option = $this->optionMapper->find($optionId); - if (!$this->acl->setPollIdOrToken($option->getPollId(), $token)->getAllowVote()) { + if (!$this->acl->set($option->getPollId(), $token)->getAllowVote()) { throw new NotAuthorizedException; } @@ -156,7 +156,7 @@ class VoteService { */ public function delete($pollId, $userId) { - if (!$this->acl->setPollId($pollId)->getAllowEdit()) { + if (!$this->acl->set($pollId)->getAllowEdit()) { throw new NotAuthorizedException; } -- cgit v1.2.3