mirror of https://github.com/nextcloud/server
fix(admin role): fix old and wrong way to determine whether user is admin
- fixes Settings knowing who is an admin of non-local group backend groups - obsoletes and removes a little old, deprecated code - double checks proper parameter type on Group\Manager::isAdmin - also fixes legacy OC_User code to check whether user is an admin Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
This commit is contained in:
Arthur Schiwon
parent
1bc8129623
commit
c98b0462e3
|
|
@ -134,10 +134,6 @@ class Application extends App implements IBootstrap {
|
|||
/**
|
||||
* Core class wrappers
|
||||
*/
|
||||
/** FIXME: Remove once OC_User is non-static and mockable */
|
||||
$context->registerService('isAdmin', function () {
|
||||
return \OC_User::isAdminUser(\OC_User::getUser());
|
||||
});
|
||||
/** FIXME: Remove once OC_SubAdmin is non-static and mockable */
|
||||
$context->registerService('isSubAdmin', function () {
|
||||
$userObject = \OC::$server->getUserSession()->getUser();
|
||||
|
|
|
|||
|
|
@ -83,8 +83,6 @@ class UsersController extends Controller {
|
|||
private $userSession;
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
/** @var bool */
|
||||
private $isAdmin;
|
||||
/** @var IL10N */
|
||||
private $l10n;
|
||||
/** @var IMailer */
|
||||
|
|
@ -114,7 +112,6 @@ class UsersController extends Controller {
|
|||
IGroupManager $groupManager,
|
||||
IUserSession $userSession,
|
||||
IConfig $config,
|
||||
bool $isAdmin,
|
||||
IL10N $l10n,
|
||||
IMailer $mailer,
|
||||
IFactory $l10nFactory,
|
||||
|
|
@ -131,7 +128,6 @@ class UsersController extends Controller {
|
|||
$this->groupManager = $groupManager;
|
||||
$this->userSession = $userSession;
|
||||
$this->config = $config;
|
||||
$this->isAdmin = $isAdmin;
|
||||
$this->l10n = $l10n;
|
||||
$this->mailer = $mailer;
|
||||
$this->l10nFactory = $l10nFactory;
|
||||
|
|
@ -168,6 +164,7 @@ class UsersController extends Controller {
|
|||
public function usersList(): TemplateResponse {
|
||||
$user = $this->userSession->getUser();
|
||||
$uid = $user->getUID();
|
||||
$isAdmin = $this->groupManager->isAdmin($uid);
|
||||
|
||||
\OC::$server->getNavigationManager()->setActiveEntry('core_users');
|
||||
|
||||
|
|
@ -192,7 +189,7 @@ class UsersController extends Controller {
|
|||
/* GROUPS */
|
||||
$groupsInfo = new \OC\Group\MetaData(
|
||||
$uid,
|
||||
$this->isAdmin,
|
||||
$isAdmin,
|
||||
$this->groupManager,
|
||||
$this->userSession
|
||||
);
|
||||
|
|
@ -210,7 +207,7 @@ class UsersController extends Controller {
|
|||
$userCount = 0;
|
||||
|
||||
if (!$isLDAPUsed) {
|
||||
if ($this->isAdmin) {
|
||||
if ($isAdmin) {
|
||||
$disabledUsers = $this->userManager->countDisabledUsers();
|
||||
$userCount = array_reduce($this->userManager->countUsers(), function ($v, $w) {
|
||||
return $v + (int)$w;
|
||||
|
|
@ -265,7 +262,7 @@ class UsersController extends Controller {
|
|||
// groups
|
||||
$serverData['groups'] = array_merge_recursive($adminGroup, [$disabledUsersGroup], $groups);
|
||||
// Various data
|
||||
$serverData['isAdmin'] = $this->isAdmin;
|
||||
$serverData['isAdmin'] = $isAdmin;
|
||||
$serverData['sortGroups'] = $sortGroupsBy;
|
||||
$serverData['quotaPreset'] = $quotaPreset;
|
||||
$serverData['allowUnlimitedQuota'] = $allowUnlimitedQuota;
|
||||
|
|
|
|||
|
|
@ -137,6 +137,10 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
* @return UsersController | \PHPUnit\Framework\MockObject\MockObject
|
||||
*/
|
||||
protected function getController($isAdmin = false, $mockedMethods = []) {
|
||||
$this->groupManager->expects($this->any())
|
||||
->method('isAdmin')
|
||||
->willReturn($isAdmin);
|
||||
|
||||
if (empty($mockedMethods)) {
|
||||
return new UsersController(
|
||||
'settings',
|
||||
|
|
@ -145,7 +149,6 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
$this->groupManager,
|
||||
$this->userSession,
|
||||
$this->config,
|
||||
$isAdmin,
|
||||
$this->l,
|
||||
$this->mailer,
|
||||
$this->l10nFactory,
|
||||
|
|
@ -167,7 +170,6 @@ class UsersControllerTest extends \Test\TestCase {
|
|||
$this->groupManager,
|
||||
$this->userSession,
|
||||
$this->config,
|
||||
$isAdmin,
|
||||
$this->l,
|
||||
$this->mailer,
|
||||
$this->l10nFactory,
|
||||
|
|
|
|||
|
|
@ -52,6 +52,7 @@ use OCP\IGroup;
|
|||
use OCP\IGroupManager;
|
||||
use OCP\IUser;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use function is_string;
|
||||
|
||||
/**
|
||||
* Class Manager
|
||||
|
|
@ -356,7 +357,7 @@ class Manager extends PublicEmitter implements IGroupManager {
|
|||
*/
|
||||
public function isAdmin($userId) {
|
||||
foreach ($this->backends as $backend) {
|
||||
if ($backend->implementsActions(Backend::IS_ADMIN) && $backend->isAdmin($userId)) {
|
||||
if (is_string($userId) && $backend->implementsActions(Backend::IS_ADMIN) && $backend->isAdmin($userId)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -38,7 +38,10 @@
|
|||
|
||||
use OC\User\LoginException;
|
||||
use OCP\EventDispatcher\IEventDispatcher;
|
||||
use OCP\IGroupManager;
|
||||
use OCP\IUser;
|
||||
use OCP\IUserManager;
|
||||
use OCP\Server;
|
||||
use OCP\User\Events\BeforeUserLoggedInEvent;
|
||||
use OCP\User\Events\UserLoggedInEvent;
|
||||
use Psr\Log\LoggerInterface;
|
||||
|
|
@ -93,7 +96,7 @@ class OC_User {
|
|||
case 'database':
|
||||
case 'mysql':
|
||||
case 'sqlite':
|
||||
\OCP\Server::get(LoggerInterface::class)->debug('Adding user backend ' . $backend . '.', ['app' => 'core']);
|
||||
Server::get(LoggerInterface::class)->debug('Adding user backend ' . $backend . '.', ['app' => 'core']);
|
||||
self::$_usedBackends[$backend] = new \OC\User\Database();
|
||||
\OC::$server->getUserManager()->registerBackend(self::$_usedBackends[$backend]);
|
||||
break;
|
||||
|
|
@ -102,7 +105,7 @@ class OC_User {
|
|||
\OC::$server->getUserManager()->registerBackend(self::$_usedBackends[$backend]);
|
||||
break;
|
||||
default:
|
||||
\OCP\Server::get(LoggerInterface::class)->debug('Adding default user backend ' . $backend . '.', ['app' => 'core']);
|
||||
Server::get(LoggerInterface::class)->debug('Adding default user backend ' . $backend . '.', ['app' => 'core']);
|
||||
$className = 'OC_USER_' . strtoupper($backend);
|
||||
self::$_usedBackends[$backend] = new $className();
|
||||
\OC::$server->getUserManager()->registerBackend(self::$_usedBackends[$backend]);
|
||||
|
|
@ -147,10 +150,10 @@ class OC_User {
|
|||
self::useBackend($backend);
|
||||
self::$_setupedBackends[] = $i;
|
||||
} else {
|
||||
\OCP\Server::get(LoggerInterface::class)->debug('User backend ' . $class . ' already initialized.', ['app' => 'core']);
|
||||
Server::get(LoggerInterface::class)->debug('User backend ' . $class . ' already initialized.', ['app' => 'core']);
|
||||
}
|
||||
} else {
|
||||
\OCP\Server::get(LoggerInterface::class)->error('User backend ' . $class . ' not found.', ['app' => 'core']);
|
||||
Server::get(LoggerInterface::class)->error('User backend ' . $class . ' not found.', ['app' => 'core']);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -303,7 +306,7 @@ class OC_User {
|
|||
}
|
||||
|
||||
$user = \OC::$server->getUserSession()->getUser();
|
||||
if ($user instanceof \OCP\IUser) {
|
||||
if ($user instanceof IUser) {
|
||||
$backend = $user->getBackend();
|
||||
if ($backend instanceof \OCP\User\Backend\ICustomLogout) {
|
||||
return $backend->getLogoutUrl();
|
||||
|
|
@ -323,12 +326,9 @@ class OC_User {
|
|||
* @return bool
|
||||
*/
|
||||
public static function isAdminUser($uid) {
|
||||
$group = \OC::$server->getGroupManager()->get('admin');
|
||||
$user = \OC::$server->getUserManager()->get($uid);
|
||||
if ($group && $user && $group->inGroup($user) && self::$incognitoMode === false) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
$user = Server::get(IUserManager::class)->get($uid);
|
||||
$isAdmin = $user && Server::get(IGroupManager::class)->isAdmin($user->getUID());
|
||||
return $isAdmin && self::$incognitoMode === false;
|
||||
}
|
||||
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue