diff options
| author | Joas Schilling <213943+nickvergessen@users.noreply.github.com> | 2020-04-30 13:49:57 +0300 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-04-30 13:49:57 +0300 |
| commit | 5b5550dbbaa16f29582f630c7e7a8146daa3c76f (patch) | |
| tree | c5b40f6aa824c0df9d1e2367198ca3fdf4fcd5e1 | |
| parent | 2139b29701e89d6559556f770148e3aa7456f8bf (diff) | |
| parent | e24e9ec0a9cf7081eea0f9fd41ac27f29a674c31 (diff) | |
Merge pull request #20677 from nextcloud/followup/17718/scaling-user-provisioning
Scaling user provisioning for subadmins with many groups
| -rw-r--r-- | apps/provisioning_api/lib/Controller/UsersController.php | 4 | ||||
| -rw-r--r-- | lib/private/SubAdmin.php | 36 |
2 files changed, 27 insertions, 13 deletions
diff --git a/apps/provisioning_api/lib/Controller/UsersController.php b/apps/provisioning_api/lib/Controller/UsersController.php index bd327ffe441..07a1514dd1f 100644 --- a/apps/provisioning_api/lib/Controller/UsersController.php +++ b/apps/provisioning_api/lib/Controller/UsersController.php @@ -504,8 +504,8 @@ class UsersController extends AUserData { } else { // Check if admin / subadmin $subAdminManager = $this->groupManager->getSubAdmin(); - if ($subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser) - || $this->groupManager->isAdmin($currentLoggedInUser->getUID())) { + if ($this->groupManager->isAdmin($currentLoggedInUser->getUID()) + || $subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) { // They have permissions over the user $permittedFields[] = 'display'; $permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME; diff --git a/lib/private/SubAdmin.php b/lib/private/SubAdmin.php index d292e998ab9..890bcf67b3b 100644 --- a/lib/private/SubAdmin.php +++ b/lib/private/SubAdmin.php @@ -110,6 +110,25 @@ class SubAdmin extends PublicEmitter implements ISubAdmin { * @return IGroup[] */ public function getSubAdminsGroups(IUser $user): array { + $groupIds = $this->getSubAdminsGroupIds($user); + + $groups = []; + foreach ($groupIds as $groupId) { + $group = $this->groupManager->get($groupId); + if ($group !== null) { + $groups[$group->getGID()] = $group; + } + } + + return $groups; + } + + /** + * Get group ids of a SubAdmin + * @param IUser $user the SubAdmin + * @return string[] + */ + public function getSubAdminsGroupIds(IUser $user): array { $qb = $this->dbConn->getQueryBuilder(); $result = $qb->select('gid') @@ -119,10 +138,7 @@ class SubAdmin extends PublicEmitter implements ISubAdmin { $groups = []; while ($row = $result->fetch()) { - $group = $this->groupManager->get($row['gid']); - if (!is_null($group)) { - $groups[$group->getGID()] = $group; - } + $groups[] = $row['gid']; } $result->closeCursor(); @@ -255,13 +271,11 @@ class SubAdmin extends PublicEmitter implements ISubAdmin { if ($this->groupManager->isAdmin($user->getUID())) { return false; } - $accessibleGroups = $this->getSubAdminsGroups($subadmin); - foreach ($accessibleGroups as $accessibleGroup) { - if ($accessibleGroup->inGroup($user)) { - return true; - } - } - return false; + + $accessibleGroups = $this->getSubAdminsGroupIds($subadmin); + $userGroups = $this->groupManager->getUserGroupIds($user); + + return !empty(array_intersect($accessibleGroups, $userGroups)); } /** |