Add ldap:reset-group command to unmap groups from LDAP

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
author: Côme Chilliet <come.chilliet@nextcloud.com> 2022-03-22 14:31:44 +0300
committer: Côme Chilliet (Rebase PR Action) <come-nc@users.noreply.github.com> 2022-04-01 15:18:02 +0300
commit: 77bdad84c21f2d836b778a2741eb8e8512ee19eb (patch)
tree: b381c26b71b0521da62986d3d026df45eb4c8cb7 /apps
parent: d3d53494d499c036f230f11b24f4b4acfbcc34db (diff)
7 files changed, 51 insertions, 18 deletions
diff --git a/apps/user_ldap/appinfo/info.xml b/apps/user_ldap/appinfo/info.xml
index 2dae4845241..d654d34d66e 100644
--- a/apps/user_ldap/appinfo/info.xml
+++ b/apps/user_ldap/appinfo/info.xml
@@ -50,6 +50,7 @@ A user logs into Nextcloud with their LDAP or AD credentials, and is granted acc
 		<command>OCA\User_LDAP\Command\CheckUser</command>
 		<command>OCA\User_LDAP\Command\CreateEmptyConfig</command>
 		<command>OCA\User_LDAP\Command\DeleteConfig</command>
+		<command>OCA\User_LDAP\Command\ResetGroup</command>
 		<command>OCA\User_LDAP\Command\ResetUser</command>
 		<command>OCA\User_LDAP\Command\Search</command>
 		<command>OCA\User_LDAP\Command\SetConfig</command>
diff --git a/apps/user_ldap/composer/composer/autoload_classmap.php b/apps/user_ldap/composer/composer/autoload_classmap.php
index 12ede37a941..1fca642fc9f 100644
--- a/apps/user_ldap/composer/composer/autoload_classmap.php
+++ b/apps/user_ldap/composer/composer/autoload_classmap.php
@@ -14,6 +14,7 @@ return array(
     'OCA\\User_LDAP\\Command\\CheckUser' => $baseDir . '/../lib/Command/CheckUser.php',
     'OCA\\User_LDAP\\Command\\CreateEmptyConfig' => $baseDir . '/../lib/Command/CreateEmptyConfig.php',
     'OCA\\User_LDAP\\Command\\DeleteConfig' => $baseDir . '/../lib/Command/DeleteConfig.php',
+    'OCA\\User_LDAP\\Command\\ResetGroup' => $baseDir . '/../lib/Command/ResetGroup.php',
     'OCA\\User_LDAP\\Command\\ResetUser' => $baseDir . '/../lib/Command/ResetUser.php',
     'OCA\\User_LDAP\\Command\\Search' => $baseDir . '/../lib/Command/Search.php',
     'OCA\\User_LDAP\\Command\\SetConfig' => $baseDir . '/../lib/Command/SetConfig.php',
diff --git a/apps/user_ldap/composer/composer/autoload_static.php b/apps/user_ldap/composer/composer/autoload_static.php
index ecf5e4167f6..9d8c33406e8 100644
--- a/apps/user_ldap/composer/composer/autoload_static.php
+++ b/apps/user_ldap/composer/composer/autoload_static.php
@@ -29,6 +29,7 @@ class ComposerStaticInitUser_LDAP
         'OCA\\User_LDAP\\Command\\CheckUser' => __DIR__ . '/..' . '/../lib/Command/CheckUser.php',
         'OCA\\User_LDAP\\Command\\CreateEmptyConfig' => __DIR__ . '/..' . '/../lib/Command/CreateEmptyConfig.php',
         'OCA\\User_LDAP\\Command\\DeleteConfig' => __DIR__ . '/..' . '/../lib/Command/DeleteConfig.php',
+        'OCA\\User_LDAP\\Command\\ResetGroup' => __DIR__ . '/..' . '/../lib/Command/ResetGroup.php',
         'OCA\\User_LDAP\\Command\\ResetUser' => __DIR__ . '/..' . '/../lib/Command/ResetUser.php',
         'OCA\\User_LDAP\\Command\\Search' => __DIR__ . '/..' . '/../lib/Command/Search.php',
         'OCA\\User_LDAP\\Command\\SetConfig' => __DIR__ . '/..' . '/../lib/Command/SetConfig.php',
diff --git a/apps/user_ldap/lib/GroupPluginManager.php b/apps/user_ldap/lib/GroupPluginManager.php
index d23e9d4d443..a25665e4691 100644
--- a/apps/user_ldap/lib/GroupPluginManager.php
+++ b/apps/user_ldap/lib/GroupPluginManager.php
@@ -26,9 +26,9 @@ namespace OCA\User_LDAP;
 use OCP\GroupInterface;
 
 class GroupPluginManager {
-	private $respondToActions = 0;
+	private int $respondToActions = 0;
 
-	private $which = [
+	private array $which = [
 		GroupInterface::CREATE_GROUP => null,
 		GroupInterface::DELETE_GROUP => null,
 		GroupInterface::ADD_TO_GROUP => null,
@@ -37,6 +37,8 @@ class GroupPluginManager {
 		GroupInterface::GROUP_DETAILS => null
 	];
 
+	private bool $suppressDeletion = false;
+
 	/**
 	 * @return int All implemented actions
 	 */
@@ -84,6 +86,19 @@ class GroupPluginManager {
 		throw new \Exception('No plugin implements createGroup in this LDAP Backend.');
 	}
 
+	public function canDeleteGroup(): bool {
+		return !$this->suppressDeletion && ($this->which[GroupInterface::DELETE_GROUP] !== null);
+	}
+
+	/**
+	 * @return bool – the value before the change
+	 */
+	public function setSuppressDeletion(bool $value): bool {
+		$old = $this->suppressDeletion;
+		$this->suppressDeletion = $value;
+		return $old;
+	}
+
 	/**
 	 * Delete a group
 	 * @param string $gid Group Id of the group to delete
@@ -94,6 +109,9 @@ class GroupPluginManager {
 		$plugin = $this->which[GroupInterface::DELETE_GROUP];
 
 		if ($plugin) {
+			if ($this->suppressDeletion) {
+				return false;
+			}
 			return $plugin->deleteGroup($gid);
 		}
 		throw new \Exception('No plugin implements deleteGroup in this LDAP Backend.');
diff --git a/apps/user_ldap/lib/Group_LDAP.php b/apps/user_ldap/lib/Group_LDAP.php
index 766b77bf521..f9d9b061743 100644
--- a/apps/user_ldap/lib/Group_LDAP.php
+++ b/apps/user_ldap/lib/Group_LDAP.php
@@ -48,10 +48,11 @@ use OC;
 use OC\Cache\CappedMemoryCache;
 use OC\ServerNotAvailableException;
 use OCP\Group\Backend\IGetDisplayNameBackend;
+use OCP\Group\Backend\IDeleteGroupBackend;
 use OCP\GroupInterface;
 use Psr\Log\LoggerInterface;
 
-class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, IGetDisplayNameBackend {
+class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, IGetDisplayNameBackend, IDeleteGroupBackend {
 	protected $enabled = false;
 
 	/** @var string[][] $cachedGroupMembers array of users with gid as key */
@@ -1204,6 +1205,7 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
 	 */
 	public function implementsActions($actions) {
 		return (bool)((GroupInterface::COUNT_USERS |
+				GroupInterface::DELETE_GROUP |
 				$this->groupPluginManager->getImplementedActions()) & $actions);
 	}
 
@@ -1249,19 +1251,32 @@ class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, I
 	 * delete a group
 	 *
 	 * @param string $gid gid of the group to delete
-	 * @return bool
 	 * @throws Exception
 	 */
-	public function deleteGroup($gid) {
-		if ($this->groupPluginManager->implementsActions(GroupInterface::DELETE_GROUP)) {
+	public function deleteGroup(string $gid): bool {
+		if ($this->groupPluginManager->canDeleteGroup()) {
 			if ($ret = $this->groupPluginManager->deleteGroup($gid)) {
-				#delete group in nextcloud internal db
+				// Delete group in nextcloud internal db
 				$this->access->getGroupMapper()->unmap($gid);
 				$this->access->connection->writeToCache("groupExists" . $gid, false);
 			}
 			return $ret;
 		}
-		throw new Exception('Could not delete group in LDAP backend.');
+
+		// Getting dn, if false the group is not mapped
+		$dn = $this->access->groupname2dn($gid);
+		if (!$dn) {
+			throw new Exception('Could not delete unknown group '.$gid.' in LDAP backend.');
+		}
+
+		if (!$this->groupExists($gid)) {
+			// The group does not exist in the LDAP, remove the mapping
+			$this->access->getGroupMapper()->unmap($gid);
+			$this->access->connection->writeToCache("groupExists" . $gid, false);
+			return true;
+		}
+
+		throw new Exception('Could not delete existing group '.$gid.' in LDAP backend.');
 	}
 
 	/**
diff --git a/apps/user_ldap/lib/Group_Proxy.php b/apps/user_ldap/lib/Group_Proxy.php
index 92a9041949e..ea2fcce679c 100644
--- a/apps/user_ldap/lib/Group_Proxy.php
+++ b/apps/user_ldap/lib/Group_Proxy.php
@@ -28,10 +28,11 @@
  */
 namespace OCA\User_LDAP;
 
-use OCP\Group\Backend\INamedBackend;
+use OCP\Group\Backend\IDeleteGroupBackend;
 use OCP\Group\Backend\IGetDisplayNameBackend;
+use OCP\Group\Backend\INamedBackend;
 
-class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend, INamedBackend {
+class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend, INamedBackend, IDeleteGroupBackend {
 	private $backends = [];
 	private $refBackend = null;
 
@@ -171,11 +172,8 @@ class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGet
 
 	/**
 	 * delete a group
-	 *
-	 * @param string $gid gid of the group to delete
-	 * @return bool
 	 */
-	public function deleteGroup($gid) {
+	public function deleteGroup(string $gid): bool {
 		return $this->handleRequest(
 			$gid, 'deleteGroup', [$gid]);
 	}
diff --git a/apps/user_ldap/lib/UserPluginManager.php b/apps/user_ldap/lib/UserPluginManager.php
index 035b7952dce..748a210cf60 100644
--- a/apps/user_ldap/lib/UserPluginManager.php
+++ b/apps/user_ldap/lib/UserPluginManager.php
@@ -28,9 +28,9 @@ namespace OCA\User_LDAP;
 use OC\User\Backend;
 
 class UserPluginManager {
-	private $respondToActions = 0;
+	private int $respondToActions = 0;
 
-	private $which = [
+	private array $which = [
 		Backend::CREATE_USER => null,
 		Backend::SET_PASSWORD => null,
 		Backend::GET_HOME => null,
@@ -41,8 +41,7 @@ class UserPluginManager {
 		'deleteUser' => null
 	];
 
-	/** @var bool */
-	private $suppressDeletion = false;
+	private bool $suppressDeletion = false;
 
 	/**
 	 * @return int All implemented actions, except for 'deleteUser'
author	Côme Chilliet <come.chilliet@nextcloud.com>	2022-03-22 14:31:44 +0300
committer	Côme Chilliet (Rebase PR Action) <come-nc@users.noreply.github.com>	2022-04-01 15:18:02 +0300
commit	77bdad84c21f2d836b778a2741eb8e8512ee19eb (patch)
tree	b381c26b71b0521da62986d3d026df45eb4c8cb7 /apps
parent	d3d53494d499c036f230f11b24f4b4acfbcc34db (diff)