Add value if restore of data is possible for a user

* reason: nice to know before password change in user management
* restore is possible:
	* encryption is disabled
	* encryption is enabled, admin and user has checked the
	  restore option
* if not possible:
	* highlight users row in red once the admin wants to change the password
	* show also a little tipsy

4 files changed, 69 insertions, 9 deletions

diff --git a/settings/application.php b/settings/application.php
index f7ba72f3bfc..d5516a1eefd 100644
--- a/settings/application.php
+++ b/settings/application.php
@@ -90,7 +90,8 @@ class Application extends App {
 				$c->query('Defaults'),
 				$c->query('Mail'),
 				$c->query('DefaultMailAddress'),
-				$c->query('URLGenerator')
+				$c->query('URLGenerator'),
+				$c->query('OCP\\App\\IAppManager')
 			);
 		});
 		$container->registerService('LogSettingsController', function(IContainer $c) {
diff --git a/settings/controller/userscontroller.php b/settings/controller/userscontroller.php
index 1be2f4db9b9..be1b26f86ad 100644
--- a/settings/controller/userscontroller.php
+++ b/settings/controller/userscontroller.php
@@ -11,9 +11,9 @@
 namespace OC\Settings\Controller;
 
 use OC\AppFramework\Http;
-use OC\User\Manager;
 use OC\User\User;
-use \OCP\AppFramework\Controller;
+use OCP\App\IAppManager;
+use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\IConfig;
@@ -52,6 +52,10 @@ class UsersController extends Controller {
 	private $fromMailAddress;
 	/** @var IURLGenerator */
 	private $urlGenerator;
+	/** @var bool contains the state of the encryption app */
+	private $isEncryptionAppEnabled;
+	/** @var bool contains the state of the admin recovery setting */
+	private $isRestoreEnabled = false;
 
 	/**
 	 * @param string $appName
@@ -66,6 +70,7 @@ class UsersController extends Controller {
 	 * @param \OC_Defaults $defaults
 	 * @param \OC_Mail $mail
 	 * @param string $fromMailAddress
+	 * @param IAppManager $appManager
 	 */
 	public function __construct($appName,
 								IRequest $request,
@@ -79,7 +84,8 @@ class UsersController extends Controller {
 								\OC_Defaults $defaults,
 								\OC_Mail $mail,
 								$fromMailAddress,
-								IURLGenerator $urlGenerator) {
+								IURLGenerator $urlGenerator,
+								IAppManager $appManager) {
 		parent::__construct($appName, $request);
 		$this->userManager = $userManager;
 		$this->groupManager = $groupManager;
@@ -92,6 +98,14 @@ class UsersController extends Controller {
 		$this->mail = $mail;
 		$this->fromMailAddress = $fromMailAddress;
 		$this->urlGenerator = $urlGenerator;
+
+		// check for encryption state - TODO see formatUserForIndex
+		$this->isEncryptionAppEnabled = $appManager->isEnabledForUser('files_encryption');
+		if($this->isEncryptionAppEnabled) {
+			// putting this directly in empty is possible in PHP 5.5+
+			$result = $config->getAppValue('files_encryption', 'recoveryAdminEnabled', 0);
+			$this->isRestoreEnabled = !empty($result);
+		}
 	}
 
 	/**
@@ -100,7 +114,33 @@ class UsersController extends Controller {
 	 * @return array
 	 */
 	private function formatUserForIndex(IUser $user, array $userGroups = null) {
-		return array(
+
+		// TODO: eliminate this encryption specific code below and somehow
+		// hook in additional user info from other apps
+
+		// recovery isn't possible if admin or user has it disabled and encryption
+		// is enabled - so we eliminate the else paths in the conditional tree
+		// below
+		$restorePossible = false;
+
+		if ($this->isEncryptionAppEnabled) {
+			if ($this->isRestoreEnabled) {
+				// check for the users recovery setting
+				$recoveryMode = $this->config->getUserValue($user->getUID(), 'files_encryption', 'recovery_enabled', '0');
+				// method call inside empty is possible with PHP 5.5+
+				$recoveryModeEnabled = !empty($recoveryMode);
+				if ($recoveryModeEnabled) {
+					// user also has recovery mode enabled
+					$restorePossible = true;
+				}
+			}
+		} else {
+			// recovery is possible if encryption is disabled (plain files are
+			// available)
+			$restorePossible = true;
+		}
+
+		return [
 			'name' => $user->getUID(),
 			'displayname' => $user->getDisplayName(),
 			'groups' => (empty($userGroups)) ? $this->groupManager->getUserGroupIds($user) : $userGroups,
@@ -109,8 +149,9 @@ class UsersController extends Controller {
 			'storageLocation' => $user->getHome(),
 			'lastLogin' => $user->getLastLogin(),
 			'backend' => $user->getBackendClassName(),
-			'email' => $this->config->getUserValue($user->getUID(), 'settings', 'email', '')
-		);
+			'email' => $this->config->getUserValue($user->getUID(), 'settings', 'email', ''),
+			'isRestoreDisabled' => !$restorePossible,
+		];
 	}
 
 	/**
diff --git a/settings/css/settings.css b/settings/css/settings.css
index 55367e716c2..57edc18bd9a 100644
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -132,7 +132,10 @@ input.userFilter {width: 200px;}
 .ie8 table.hascontrols{border-collapse:collapse;width: 100%;}
 .ie8 table.hascontrols tbody tr{border-collapse:collapse;border: 1px solid #ddd !important;}
 
-
+/* used to highlight a user row in red */
+#userlist tr.row-warning {
+	background-color: #FDD;
+}
 
 
 /* APPS */
diff --git a/settings/js/users/users.js b/settings/js/users/users.js
index f21c660b41f..1a755ab7b25 100644
--- a/settings/js/users/users.js
+++ b/settings/js/users/users.js
@@ -42,6 +42,7 @@ var UserList = {
 	 *				'lastLogin':		'1418632333'
 	 *				'backend':			'LDAP',
 	 *				'email':			'username@example.org'
+	 *				'isRestoreDisabled':false
 	 * 			}
 	 * @param sort
 	 * @returns table row created for this user
@@ -63,11 +64,12 @@ var UserList = {
 		}
 
 		/**
-		 * add username and displayname to row (in data and visible markup
+		 * add username and displayname to row (in data and visible markup)
 		 */
 		$tr.data('uid', user.name);
 		$tr.data('displayname', user.displayname);
 		$tr.data('mailAddress', user.email);
+		$tr.data('restoreDisabled', user.isRestoreDisabled);
 		$tr.find('td.name').text(user.name);
 		$tr.find('td.displayName > span').text(user.displayname);
 		$tr.find('td.mailAddress > span').text(user.email);
@@ -352,6 +354,9 @@ var UserList = {
 	getMailAddress: function(element) {
 		return ($(element).closest('tr').data('mailAddress') || '').toString();
 	},
+	getRestoreDisabled: function(element) {
+		return ($(element).closest('tr').data('restoreDisabled') || '');
+	},
 	initDeleteHandling: function() {
 		//set up handler
 		UserDeleteHandler = new DeleteHandler('/settings/users/users', 'username',
@@ -627,8 +632,16 @@ $(document).ready(function () {
 		event.stopPropagation();
 
 		var $td = $(this).closest('td');
+		var $tr = $(this).closest('tr');
 		var uid = UserList.getUID($td);
 		var $input = $('<input type="password">');
+		var isRestoreDisabled = UserList.getRestoreDisabled($td) === true;
+		if(isRestoreDisabled) {
+			$tr.addClass('row-warning');
+			// add tipsy if the password change could cause data loss - no recovery enabled
+			$input.tipsy({gravity:'s', fade:false});
+			$input.attr('title', t('settings', 'Changing the password will result in data loss, because data recovery is not available for this user'));
+		}
 		$td.find('img').hide();
 		$td.children('span').replaceWith($input);
 		$input
@@ -655,6 +668,8 @@ $(document).ready(function () {
 			.blur(function () {
 				$(this).replaceWith($('<span>●●●●●●●</span>'));
 				$td.find('img').show();
+				// remove highlight class from users without recovery ability
+				$tr.removeClass('row-warning');
 			});
 	});
 	$('input:password[id="recoveryPassword"]').keyup(function() {