0
0
Fork 0
mirror of https://github.com/verdigado/organization_folders.git synced 2024-11-24 21:50:26 +01:00
organization_folders/lib/Service/ResourceService.php

395 lines
13 KiB
PHP
Raw Normal View History

2024-10-17 13:56:32 +02:00
<?php
namespace OCA\OrganizationFolders\Service;
use Exception;
2024-11-06 19:58:57 +01:00
use Psr\Container\ContainerInterface;
2024-10-17 13:56:32 +02:00
use OCP\AppFramework\Db\DoesNotExistException;
use OCP\AppFramework\Db\MultipleObjectsReturnedException;
2024-11-04 19:24:12 +01:00
use OCA\GroupFolders\ACL\UserMapping\UserMappingManager;
use OCA\GroupFolders\ACL\Rule;
2024-10-17 13:56:32 +02:00
use OCA\OrganizationFolders\Db\Resource;
use OCA\OrganizationFolders\Db\FolderResource;
use OCA\OrganizationFolders\Db\ResourceMapper;
2024-11-04 19:24:12 +01:00
use OCA\OrganizationFolders\Model\OrganizationFolder;
use OCA\OrganizationFolders\Enum\MemberPermissionLevel;
use OCA\OrganizationFolders\Enum\MemberType;
2024-10-17 13:56:32 +02:00
use OCA\OrganizationFolders\Errors\InvalidResourceType;
use OCA\OrganizationFolders\Errors\ResourceNotFound;
2024-10-30 01:51:48 +01:00
use OCA\OrganizationFolders\Errors\ResourceNameNotUnique;
2024-11-04 19:24:12 +01:00
use OCA\OrganizationFolders\Manager\PathManager;
use OCA\OrganizationFolders\Manager\ACLManager;
use OCA\OrganizationFolders\OrganizationProvider\OrganizationProviderManager;
2024-10-17 13:56:32 +02:00
class ResourceService {
public function __construct(
protected ResourceMapper $mapper,
protected PathManager $pathManager,
2024-11-04 19:24:12 +01:00
protected ACLManager $aclManager,
protected UserMappingManager $userMappingManager,
protected OrganizationProviderManager $organizationProviderManager,
2024-11-06 19:58:57 +01:00
protected OrganizationFolderService $organizationFolderService,
protected ContainerInterface $container,
2024-10-17 13:56:32 +02:00
) {
}
2024-11-04 19:24:12 +01:00
public function findAll(int $organizationFolderId, int $parentResourceId = null, array $filters = []) {
return $this->mapper->findAll($organizationFolderId, $parentResourceId, $filters);
2024-10-30 01:51:48 +01:00
}
2024-10-17 13:56:32 +02:00
private function handleException(Exception $e, int $id): void {
if ($e instanceof DoesNotExistException ||
$e instanceof MultipleObjectsReturnedException) {
throw new ResourceNotFound($id);
} else {
throw $e;
}
}
public function find(int $id): Resource {
try {
return $this->mapper->find($id);
} catch (Exception $e) {
$this->handleException($e, $id);
}
}
public function findByFileId(int $fileId): FolderResource {
// TODO: improve error handling
return $this->mapper->findByFileId($fileId);
}
2024-10-17 13:56:32 +02:00
/* Use named arguments to call this function */
public function create(
string $type,
int $organizationFolderId,
2024-10-30 01:51:48 +01:00
string $name,
2024-11-04 19:24:12 +01:00
?int $parentResourceId = null,
2024-10-17 13:56:32 +02:00
bool $active = true,
bool $inheritManagers = true,
2024-10-17 13:56:32 +02:00
?int $membersAclPermission = null,
?int $managersAclPermission = null,
?int $inheritedAclPermission = null,
) {
if($type === "folder") {
$resource = new FolderResource();
} else {
throw new InvalidResourceType($type);
}
2024-11-04 19:24:12 +01:00
if(!$this->mapper->existsWithName($organizationFolderId, $parentResourceId, $name)) {
2024-10-31 17:29:15 +01:00
$resource->setOrganizationFolderId($organizationFolderId);
2024-10-30 01:51:48 +01:00
$resource->setName($name);
$resource->setActive($active);
$resource->setInheritManagers($inheritManagers);
2024-10-30 01:51:48 +01:00
$resource->setLastUpdatedTimestamp(time());
2024-10-17 13:56:32 +02:00
2024-11-04 19:24:12 +01:00
if(isset($parentResourceId)) {
$parentResource = $this->find($parentResourceId);
if($parentResource->getOrganizationFolderId() === $organizationFolderId) {
$resource->setParentResource($parentResource->getId());
} else {
throw new Exception("Cannot create child-resource of parent in different organizationId");
}
2024-11-04 19:24:12 +01:00
$parentNode = $this->getFolderResourceFilesystemNode($parentResource);
2024-11-04 19:24:12 +01:00
} else {
$parentNode = $this->pathManager->getOrganizationFolderNodeById($organizationFolderId);
}
2024-10-30 01:51:48 +01:00
if($type === "folder") {
2024-11-04 19:24:12 +01:00
$resourceNode = $parentNode->newFolder($name);
$fileId = $resourceNode->getId();
if($fileId === -1) {
throw new Exception("Unknown error occured while creating resource folder");
}
2024-10-30 01:51:48 +01:00
if(isset($membersAclPermission, $managersAclPermission, $inheritedAclPermission)) {
$resource->setMembersAclPermission($membersAclPermission);
$resource->setManagersAclPermission($managersAclPermission);
$resource->setInheritedAclPermission($inheritedAclPermission);
2024-11-04 19:24:12 +01:00
$resource->setFileId($fileId);
2024-10-30 01:51:48 +01:00
} else {
throw new \InvalidArgumentException("Folder specific parameters must be included, when creating a resource of type folder");
}
2024-10-17 13:56:32 +02:00
}
2024-10-30 01:51:48 +01:00
$resource = $this->mapper->insert($resource);
2024-10-17 13:56:32 +02:00
2024-11-06 19:58:57 +01:00
$this->organizationFolderService->applyPermissions($organizationFolderId);
2024-10-30 01:51:48 +01:00
return $resource;
} else {
throw new ResourceNameNotUnique();
}
2024-10-17 13:56:32 +02:00
}
/* Use named arguments to call this function */
public function update(
int $id,
2024-10-30 01:51:48 +01:00
?string $name = null,
2024-10-17 13:56:32 +02:00
?int $parentResource = null,
?bool $active = null,
?bool $inheritManagers = null,
2024-10-17 13:56:32 +02:00
?int $membersAclPermission = null,
?int $managersAclPermission = null,
?int $inheritedAclPermission = null,
): Resource {
$resource = $this->find($id);
if(isset($parentResource)) {
$resource->setParentResource($parentResource);
}
2024-10-30 01:51:48 +01:00
if(isset($name)) {
if($this->mapper->existsWithName($resource->getOrganizationFolderId(), $resource->getParentResource(), $name)) {
2024-10-30 01:51:48 +01:00
throw new ResourceNameNotUnique();
} else {
if($resource->getType() === "folder") {
$resourceNode = $this->getFolderResourceFilesystemNode($resource);
$newPath = $resourceNode->getParent()->getPath() . "/" . $name;
$resourceNode->move($newPath);
}
2024-10-30 01:51:48 +01:00
$resource->setName($name);
}
}
2024-10-17 13:56:32 +02:00
if(isset($active)) {
$resource->setActive($active);
}
if(isset($inheritManagers)) {
$resource->setInheritManagers($inheritManagers);
}
2024-10-17 13:56:32 +02:00
if($resource->getType() === "folder") {
if(isset($membersAclPermission)) {
$resource->setMembersAclPermission($membersAclPermission);
}
if(isset($managersAclPermission)) {
$resource->setManagersAclPermission($managersAclPermission);
}
if(isset($inheritedAclPermission)) {
$resource->setInheritedAclPermission($inheritedAclPermission);
}
} else {
throw new InvalidResourceType($resource->getType());
}
if(count($resource->getUpdatedFields()) > 0) {
$resource->setLastUpdatedTimestamp(time());
}
2024-11-06 19:58:57 +01:00
$resource = $this->mapper->update($resource);
$this->organizationFolderService->applyPermissions($resource->getOrganizationFolderId());
return $resource;
// TODO: improve error handing: if db update fails roll back changes in the filesystem
2024-10-17 13:56:32 +02:00
}
2024-11-04 19:24:12 +01:00
public function setAllFolderResourceAclsInOrganizationFolder(OrganizationFolder $organizationFolder, array $inheritingGroups) {
$topLevelFolderResources = $this->findAll($organizationFolder->getId(), null, ["type" => "folder"]);
2024-11-06 19:58:57 +01:00
$inheritingPrincipals = [];
foreach($inheritingGroups as $inheritingGroup) {
$inheritingPrincipals[] = [
"type" => "group",
"groupId" => $inheritingGroup,
];
}
return $this->recursivelySetFolderResourceALCs($topLevelFolderResources, "", $inheritingPrincipals);
2024-11-04 19:24:12 +01:00
}
/**
* Recursively overwrite ACL rules for an array of folder resources
*
* @param array $folderResources
* @psalm-param FolderResource[] $folderResources
* @param string $path
* @psalm-param string $path
* @param array $inheritingGroups
* @psalm-param string[] $inheritingGroups
*/
2024-11-06 19:58:57 +01:00
public function recursivelySetFolderResourceALCs(array $folderResources, string $path, array $inheritingPrincipals) {
2024-11-04 19:24:12 +01:00
foreach($folderResources as $folderResource) {
$resourceFileId = $folderResource->getFileId();
$acls = [];
// inherit ACLs
2024-11-06 19:58:57 +01:00
foreach($inheritingPrincipals as $inheritingPrincipal) {
if($inheritingPrincipal["type"] === "group") {
$acls[] = new Rule(
userMapping: $this->userMappingManager->mappingFromId("group", $inheritingPrincipal["groupId"]),
fileId: $resourceFileId,
mask: 31,
permissions: $folderResource->getInheritedAclPermission(),
);
} else if($inheritingPrincipal["type"] === "user") {
$acls[] = new Rule(
userMapping: $this->userMappingManager->mappingFromId("user", $inheritingPrincipal["userId"]),
fileId: $resourceFileId,
mask: 31,
permissions: $folderResource->getInheritedAclPermission(),
);
}
}
// inherited principals will affect resources further down, if they have any permissions at this level
if($folderResource->getInheritedAclPermission() !== 0) {
$nextInheritingPrincipals = $inheritingPrincipals;
} else {
$nextInheritingPrincipals = [];
2024-11-04 19:24:12 +01:00
}
// member ACLs
2024-11-06 19:58:57 +01:00
/** @var ResourceService */
$resourceMemberService = $this->container->get(ResourceMemberService::class);
$resourceMembers = $resourceMemberService->findAll($folderResource->getId());
foreach($resourceMembers as $resourceMember) {
if($resourceMember->getPermissionLevel() === MemberPermissionLevel::MANAGER->value) {
$resourceMemberPermissions = $folderResource->getManagersAclPermission();
} else if($resourceMember->getPermissionLevel() === MemberPermissionLevel::MEMBER->value) {
$resourceMemberPermissions = $folderResource->getMembersAclPermission();
} else {
throw new Exception("invalid resource member permission level");
}
2024-11-06 19:58:57 +01:00
if($resourceMemberPermissions !== 0) {
if($resourceMember->getType() === MemberType::USER->value) {
$mapping = $this->userMappingManager->mappingFromId("user", $resourceMember->getPrincipal());
$nextInheritingPrincipals[] = [
"type" => "user",
"userId" => $resourceMember->getPrincipal(),
];
} else if($resourceMember->getType() === MemberType::GROUP->value) {
$mapping = $this->userMappingManager->mappingFromId("group", $resourceMember->getPrincipal());
$nextInheritingPrincipals[] = [
"type" => "group",
"groupId" => $resourceMember->getPrincipal(),
];
} else if($resourceMember->getType() === MemberType::ROLE->value) {
['organizationProviderId' => $organizationProviderId, 'roleId' => $roleId] = $resourceMember->getParsedPrincipal();
$organizationProvider = $this->organizationProviderManager->getOrganizationProvider($organizationProviderId);
$role = $organizationProvider->getRole($roleId);
$mapping = $this->userMappingManager->mappingFromId("group", $role->getMembersGroup());
$nextInheritingPrincipals[] = [
"type" => "group",
"groupId" => $role->getMembersGroup(),
];
} else {
throw new Exception("invalid resource member type");
}
if(is_null($mapping)) {
// TODO: skip member instead of crashing
throw new Exception(message: "invalid mapping, likely non-existing group");
}
$acls[] = new Rule(
userMapping: $mapping,
fileId: $resourceFileId,
mask: 31,
permissions: $resourceMemberPermissions,
);
}
}
2024-11-04 19:24:12 +01:00
$this->aclManager->overwriteACLsForFileId($resourceFileId, $acls);
2024-11-06 19:58:57 +01:00
// recurse sub-resources
$subFolderResources = $this->getSubResources($folderResource, ["type" => "folder"]);
$this->recursivelySetFolderResourceALCs($subFolderResources, $path . $folderResource->getName() . "/", $nextInheritingPrincipals);
2024-11-04 19:24:12 +01:00
}
}
public function getResourcePath(FolderResource $resource) {
$currentResource = $resource;
$invertedPath = [];
$invertedPath[] = $currentResource->getName();
while($currentResource->getParentResource()) {
$currentResource = $this->find($currentResource->getParentResource());
$invertedPath[] = $currentResource->getName();
}
return array_reverse($invertedPath);
}
public function getFolderResourceFilesystemNode(FolderResource $resource) {
return $this->pathManager->getOrganizationFolderByIdSubfolder($resource->getOrganizationFolderId(), $this->getResourcePath($resource));
}
/**
* get all direct sub-resources
*/
2024-11-06 19:58:57 +01:00
public function getSubResources(Resource $resource, array $filters = []) {
return $this->findAll($resource->getOrganizationFolderId(), $resource->getId(), $filters);
}
/**
* get all sub-resources recursively
*/
public function getAllSubResources(Resource $resource) {
$subResources = $this->getSubResources($resource);
foreach($subResources as $subResource) {
$subResources = array_merge($subResources, $this->getAllSubResources($subResource));
}
return $subResources;
}
public function getParentResource(Resource $resource): ?Resource {
if(!is_null($resource->getParentResource())) {
return $this->find($resource->getParentResource());
} else {
return null;
}
}
public function deleteById(int $id): Resource {
2024-10-17 13:56:32 +02:00
try {
$resource = $this->mapper->find($id);
return $this->delete($resource);
2024-10-17 13:56:32 +02:00
} catch (Exception $e) {
$this->handleException($e, $resource->getId());
}
}
public function delete(Resource $resource): Resource {
// first delete all subresources recursively
$subResources = $this->getSubResources($resource);
foreach($subResources as $subResource) {
$this->delete($subResource);
2024-10-17 13:56:32 +02:00
}
// delete in filesystem if type folder
if($resource->getType() === "folder") {
$this->getFolderResourceFilesystemNode($resource)->delete();
}
// delete in database
$this->mapper->delete($resource);
return $resource;
2024-10-17 13:56:32 +02:00
}
}