Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
Browse Source

Merge pull request #5223 from nextcloud/do-not-allow-to-set-invisible-fields 

Don't allow the user to set fields they can't see
pull/5271/head
Morris Jobke 9 years ago
committed by GitHub
parent
811f7b527a f39fdaf46e
commit
15314b6f5b
4 changed files with 110 additions and 28 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 31
      apps/provisioning_api/lib/Controller/UsersController.php
  2. 11
      apps/provisioning_api/tests/Controller/UsersControllerTest.php
  3. 50
      settings/Controller/UsersController.php
  4. 46
      tests/Settings/Controller/UsersControllerTest.php

31
apps/provisioning_api/lib/Controller/UsersController.php
View File

@ -32,6 +32,7 @@ namespace OCA\Provisioning_API\Controller;
use OC\Accounts\AccountManager; use OC\Accounts\AccountManager;
use OC\Settings\Mailer\NewUserMailHelper; use OC\Settings\Mailer\NewUserMailHelper;
use OC_Helper; use OC_Helper;
use OCP\App\IAppManager;
use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSException; use OCP\AppFramework\OCS\OCSException;
use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCS\OCSForbiddenException;
@ -52,6 +53,8 @@ class UsersController extends OCSController {
private $userManager; private $userManager;
/** @var IConfig */ /** @var IConfig */
private $config; private $config;
/** @var IAppManager */
private $appManager;
/** @var IGroupManager|\OC\Group\Manager */ // FIXME Requires a method that is not on the interface /** @var IGroupManager|\OC\Group\Manager */ // FIXME Requires a method that is not on the interface
private $groupManager; private $groupManager;
/** @var IUserSession */ /** @var IUserSession */
@ -70,6 +73,7 @@ class UsersController extends OCSController {
* @param IRequest $request * @param IRequest $request
* @param IUserManager $userManager * @param IUserManager $userManager
* @param IConfig $config * @param IConfig $config
* @param IAppManager $appManager
* @param IGroupManager $groupManager * @param IGroupManager $groupManager
* @param IUserSession $userSession * @param IUserSession $userSession
* @param AccountManager $accountManager * @param AccountManager $accountManager
@ -81,6 +85,7 @@ class UsersController extends OCSController {
IRequest $request, IRequest $request,
IUserManager $userManager, IUserManager $userManager,
IConfig $config, IConfig $config,
IAppManager $appManager,
IGroupManager $groupManager, IGroupManager $groupManager,
IUserSession $userSession, IUserSession $userSession,
AccountManager $accountManager, AccountManager $accountManager,
@ -91,6 +96,7 @@ class UsersController extends OCSController {
$this->userManager = $userManager; $this->userManager = $userManager;
$this->config = $config; $this->config = $config;
$this->appManager = $appManager;
$this->groupManager = $groupManager; $this->groupManager = $groupManager;
$this->userSession = $userSession; $this->userSession = $userSession;
$this->accountManager = $accountManager; $this->accountManager = $accountManager;
@ -309,14 +315,25 @@ class UsersController extends OCSController {
$permittedFields = []; $permittedFields = [];
if($targetUser->getUID() === $currentLoggedInUser->getUID()) { if($targetUser->getUID() === $currentLoggedInUser->getUID()) {
// Editing self (display, email) // Editing self (display, email)
$permittedFields[] = 'display';
$permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME;
$permittedFields[] = AccountManager::PROPERTY_EMAIL;
if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) {
$permittedFields[] = 'display';
$permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME;
$permittedFields[] = AccountManager::PROPERTY_EMAIL;
}
$permittedFields[] = 'password'; $permittedFields[] = 'password';
$permittedFields[] = AccountManager::PROPERTY_PHONE;
$permittedFields[] = AccountManager::PROPERTY_ADDRESS;
$permittedFields[] = AccountManager::PROPERTY_WEBSITE;
$permittedFields[] = AccountManager::PROPERTY_TWITTER;
if ($this->appManager->isEnabledForUser('federatedfilesharing')) {
$federatedFileSharing = new \OCA\FederatedFileSharing\AppInfo\Application();
$shareProvider = $federatedFileSharing->getFederatedShareProvider();
if ($shareProvider->isLookupServerUploadEnabled()) {
$permittedFields[] = AccountManager::PROPERTY_PHONE;
$permittedFields[] = AccountManager::PROPERTY_ADDRESS;
$permittedFields[] = AccountManager::PROPERTY_WEBSITE;
$permittedFields[] = AccountManager::PROPERTY_TWITTER;
}
}
// If admin they can edit their own quota // If admin they can edit their own quota
if($this->groupManager->isAdmin($currentLoggedInUser->getUID())) { if($this->groupManager->isAdmin($currentLoggedInUser->getUID())) {
$permittedFields[] = 'quota'; $permittedFields[] = 'quota';

11
apps/provisioning_api/tests/Controller/UsersControllerTest.php
View File

@ -32,6 +32,7 @@ namespace OCA\Provisioning_API\Tests\Controller;
use Exception; use Exception;
use OC\Accounts\AccountManager; use OC\Accounts\AccountManager;
use OC\Group\Manager; use OC\Group\Manager;
use OCP\App\IAppManager;
use OCP\Mail\IEMailTemplate; use OCP\Mail\IEMailTemplate;
use OC\Settings\Mailer\NewUserMailHelper; use OC\Settings\Mailer\NewUserMailHelper;
use OC\SubAdmin; use OC\SubAdmin;
@ -58,6 +59,8 @@ class UsersControllerTest extends TestCase {
protected $userManager; protected $userManager;
/** @var IConfig|PHPUnit_Framework_MockObject_MockObject */ /** @var IConfig|PHPUnit_Framework_MockObject_MockObject */
protected $config; protected $config;
/** @var IAppManager|PHPUnit_Framework_MockObject_MockObject */
protected $appManager;
/** @var Manager|PHPUnit_Framework_MockObject_MockObject */ /** @var Manager|PHPUnit_Framework_MockObject_MockObject */
protected $groupManager; protected $groupManager;
/** @var IUserSession|PHPUnit_Framework_MockObject_MockObject */ /** @var IUserSession|PHPUnit_Framework_MockObject_MockObject */
@ -66,9 +69,9 @@ class UsersControllerTest extends TestCase {
protected $logger; protected $logger;
/** @var UsersController|PHPUnit_Framework_MockObject_MockObject */ /** @var UsersController|PHPUnit_Framework_MockObject_MockObject */
protected $api; protected $api;
/** @var AccountManager|PHPUnit_Framework_MockObject_MockObject */
/** @var AccountManager|PHPUnit_Framework_MockObject_MockObject */
protected $accountManager; protected $accountManager;
/** @var IRequest|PHPUnit_Framework_MockObject_MockObject */
/** @var IRequest|PHPUnit_Framework_MockObject_MockObject */
protected $request; protected $request;
/** @var IFactory|PHPUnit_Framework_MockObject_MockObject */ /** @var IFactory|PHPUnit_Framework_MockObject_MockObject */
private $l10nFactory; private $l10nFactory;
@ -80,6 +83,7 @@ class UsersControllerTest extends TestCase {
$this->userManager = $this->createMock(IUserManager::class); $this->userManager = $this->createMock(IUserManager::class);
$this->config = $this->createMock(IConfig::class); $this->config = $this->createMock(IConfig::class);
$this->appManager = $this->createMock(IAppManager::class);
$this->groupManager = $this->createMock(Manager::class); $this->groupManager = $this->createMock(Manager::class);
$this->userSession = $this->createMock(IUserSession::class); $this->userSession = $this->createMock(IUserSession::class);
$this->logger = $this->createMock(ILogger::class); $this->logger = $this->createMock(ILogger::class);
@ -94,6 +98,7 @@ class UsersControllerTest extends TestCase {
$this->request, $this->request,
$this->userManager, $this->userManager,
$this->config, $this->config,
$this->appManager,
$this->groupManager, $this->groupManager,
$this->userSession, $this->userSession,
$this->accountManager, $this->accountManager,
@ -2647,6 +2652,7 @@ class UsersControllerTest extends TestCase {
$this->request, $this->request,
$this->userManager, $this->userManager,
$this->config, $this->config,
$this->appManager,
$this->groupManager, $this->groupManager,
$this->userSession, $this->userSession,
$this->accountManager, $this->accountManager,
@ -2707,6 +2713,7 @@ class UsersControllerTest extends TestCase {
$this->request, $this->request,
$this->userManager, $this->userManager,
$this->config, $this->config,
$this->appManager,
$this->groupManager, $this->groupManager,
$this->userSession, $this->userSession,
$this->accountManager, $this->accountManager,

50
settings/Controller/UsersController.php
View File

@ -78,6 +78,8 @@ class UsersController extends Controller {
private $isEncryptionAppEnabled; private $isEncryptionAppEnabled;
/** @var bool contains the state of the admin recovery setting */ /** @var bool contains the state of the admin recovery setting */
private $isRestoreEnabled = false; private $isRestoreEnabled = false;
/** @var IAppManager */
private $appManager;
/** @var IAvatarManager */ /** @var IAvatarManager */
private $avatarManager; private $avatarManager;
/** @var AccountManager */ /** @var AccountManager */
@ -146,6 +148,7 @@ class UsersController extends Controller {
$this->l10n = $l10n; $this->l10n = $l10n;
$this->log = $log; $this->log = $log;
$this->mailer = $mailer; $this->mailer = $mailer;
$this->appManager = $appManager;
$this->avatarManager = $avatarManager; $this->avatarManager = $avatarManager;
$this->accountManager = $accountManager; $this->accountManager = $accountManager;
$this->secureRandom = $secureRandom; $this->secureRandom = $secureRandom;
@ -718,18 +721,27 @@ class UsersController extends Controller {
); );
} }
$data = [
AccountManager::PROPERTY_AVATAR => ['scope' => $avatarScope],
AccountManager::PROPERTY_DISPLAYNAME => ['value' => $displayname, 'scope' => $displaynameScope],
AccountManager::PROPERTY_EMAIL=> ['value' => $email, 'scope' => $emailScope],
AccountManager::PROPERTY_WEBSITE => ['value' => $website, 'scope' => $websiteScope],
AccountManager::PROPERTY_ADDRESS => ['value' => $address, 'scope' => $addressScope],
AccountManager::PROPERTY_PHONE => ['value' => $phone, 'scope' => $phoneScope],
AccountManager::PROPERTY_TWITTER => ['value' => $twitter, 'scope' => $twitterScope]
];
$user = $this->userSession->getUser(); $user = $this->userSession->getUser();
$data = $this->accountManager->getUser($user);
$data[AccountManager::PROPERTY_AVATAR] = ['scope' => $avatarScope];
if ($this->config->getSystemValue('allow_user_to_change_display_name', true) !== false) {
$data[AccountManager::PROPERTY_DISPLAYNAME] = ['value' => $displayname, 'scope' => $displaynameScope];
$data[AccountManager::PROPERTY_EMAIL] = ['value' => $email, 'scope' => $emailScope];
}
if ($this->appManager->isEnabledForUser('federatedfilesharing')) {
$federatedFileSharing = new \OCA\FederatedFileSharing\AppInfo\Application();
$shareProvider = $federatedFileSharing->getFederatedShareProvider();
if ($shareProvider->isLookupServerUploadEnabled()) {
$data[AccountManager::PROPERTY_WEBSITE] = ['value' => $website, 'scope' => $websiteScope];
$data[AccountManager::PROPERTY_ADDRESS] = ['value' => $address, 'scope' => $addressScope];
$data[AccountManager::PROPERTY_PHONE] = ['value' => $phone, 'scope' => $phoneScope];
$data[AccountManager::PROPERTY_TWITTER] = ['value' => $twitter, 'scope' => $twitterScope];
}
}
try { try {
$this->saveUserSettings($user, $data); $this->saveUserSettings($user, $data);
return new DataResponse( return new DataResponse(
@ -737,15 +749,15 @@ class UsersController extends Controller {
'status' => 'success', 'status' => 'success',
'data' => [ 'data' => [
'userId' => $user->getUID(), 'userId' => $user->getUID(),
'avatarScope' => $avatarScope,
'displayname' => $displayname,
'displaynameScope' => $displaynameScope,
'email' => $email,
'emailScope' => $emailScope,
'website' => $website,
'websiteScope' => $websiteScope,
'address' => $address,
'addressScope' => $addressScope,
'avatarScope' => $data[AccountManager::PROPERTY_AVATAR]['scope'],
'displayname' => $data[AccountManager::PROPERTY_DISPLAYNAME]['value'],
'displaynameScope' => $data[AccountManager::PROPERTY_DISPLAYNAME]['scope'],
'email' => $data[AccountManager::PROPERTY_EMAIL]['value'],
'emailScope' => $data[AccountManager::PROPERTY_EMAIL]['scope'],
'website' => $data[AccountManager::PROPERTY_WEBSITE]['value'],
'websiteScope' => $data[AccountManager::PROPERTY_WEBSITE]['scope'],
'address' => $data[AccountManager::PROPERTY_ADDRESS]['value'],
'addressScope' => $data[AccountManager::PROPERTY_ADDRESS]['scope'],
'message' => (string) $this->l10n->t('Settings saved') 'message' => (string) $this->l10n->t('Settings saved')
] ]
], ],

46
tests/Settings/Controller/UsersControllerTest.php
View File

@ -2005,6 +2005,52 @@ class UsersControllerTest extends \Test\TestCase {
$saveData = (!empty($email) && $validEmail) || empty($email); $saveData = (!empty($email) && $validEmail) || empty($email);
if ($saveData) { if ($saveData) {
$this->accountManager->expects($this->once())
->method('getUser')
->with($user)
->willReturn([
AccountManager::PROPERTY_DISPLAYNAME =>
[
'value' => 'Display name',
'scope' => AccountManager::VISIBILITY_CONTACTS_ONLY,
'verified' => AccountManager::NOT_VERIFIED,
],
AccountManager::PROPERTY_ADDRESS =>
[
'value' => '',
'scope' => AccountManager::VISIBILITY_PRIVATE,
'verified' => AccountManager::NOT_VERIFIED,
],
AccountManager::PROPERTY_WEBSITE =>
[
'value' => '',
'scope' => AccountManager::VISIBILITY_PRIVATE,
'verified' => AccountManager::NOT_VERIFIED,
],
AccountManager::PROPERTY_EMAIL =>
[
'value' => '',
'scope' => AccountManager::VISIBILITY_CONTACTS_ONLY,
'verified' => AccountManager::NOT_VERIFIED,
],
AccountManager::PROPERTY_AVATAR =>
[
'scope' => AccountManager::VISIBILITY_CONTACTS_ONLY
],
AccountManager::PROPERTY_PHONE =>
[
'value' => '',
'scope' => AccountManager::VISIBILITY_PRIVATE,
'verified' => AccountManager::NOT_VERIFIED,
],
AccountManager::PROPERTY_TWITTER =>
[
'value' => '',
'scope' => AccountManager::VISIBILITY_PRIVATE,
'verified' => AccountManager::NOT_VERIFIED,
],
]);
$controller->expects($this->once())->method('saveUserSettings'); $controller->expects($this->once())->method('saveUserSettings');
} else { } else {
$controller->expects($this->never())->method('saveUserSettings'); $controller->expects($this->never())->method('saveUserSettings');

Write Preview
Loading…
Cancel
Save