mirror of
https://github.com/verdigado/organization_folders.git
synced 2024-12-06 11:22:41 +01:00
added user-has-manager-permissions dav prop; added principal model and simplified the ACL code with it
This commit is contained in:
parent
72fbc9e20e
commit
8bfa9dfa29
11 changed files with 172 additions and 114 deletions
|
|
@ -13,7 +13,7 @@ use OCA\OrganizationFolders\Db\ResourceMember;
|
|||
use OCA\OrganizationFolders\Db\ResourceMemberMapper;
|
||||
|
||||
use OCA\OrganizationFolders\Enum\MemberPermissionLevel;
|
||||
use OCA\OrganizationFolders\Enum\MemberType;
|
||||
use OCA\OrganizationFolders\Model\Principal;
|
||||
|
||||
class ResourceMemberService {
|
||||
public function __construct(
|
||||
|
|
@ -23,6 +23,12 @@ class ResourceMemberService {
|
|||
) {
|
||||
}
|
||||
|
||||
/**
|
||||
* @param int $resourceId
|
||||
* @psalm-param int $resourceId
|
||||
* @return array
|
||||
* @psalm-return ResourceMember[]
|
||||
*/
|
||||
public function findAll(int $resourceId): array {
|
||||
return $this->mapper->findAll($resourceId);
|
||||
}
|
||||
|
|
@ -47,8 +53,7 @@ class ResourceMemberService {
|
|||
public function create(
|
||||
int $resourceId,
|
||||
MemberPermissionLevel $permissionLevel,
|
||||
MemberType $type,
|
||||
string $principal
|
||||
Principal $principal,
|
||||
): ResourceMember {
|
||||
$resource = $this->resourceService->find($resourceId);
|
||||
|
||||
|
|
@ -56,10 +61,7 @@ class ResourceMemberService {
|
|||
|
||||
$member->setResourceId($resource->getId());
|
||||
$member->setPermissionLevel($permissionLevel->value);
|
||||
$member->setType($type->value);
|
||||
|
||||
// TODO: check if principal fits format
|
||||
$member->setPrincipal($principal);
|
||||
$member->setPrincipal($principal);
|
||||
$member->setCreatedTimestamp(time());
|
||||
$member->setLastUpdatedTimestamp(time());
|
||||
|
||||
|
|
@ -70,7 +72,7 @@ class ResourceMemberService {
|
|||
return $member;
|
||||
}
|
||||
|
||||
public function update(int $id, ?MemberPermissionLevel $permissionLevel = null, ?MemberType $type = null, ?string $principal = null): ResourceMember {
|
||||
public function update(int $id, ?MemberPermissionLevel $permissionLevel = null, ?Principal $principal = null): ResourceMember {
|
||||
try {
|
||||
$member = $this->mapper->find($id);
|
||||
|
||||
|
|
@ -78,12 +80,8 @@ class ResourceMemberService {
|
|||
$member->setPermissionLevel($permissionLevel->value);
|
||||
}
|
||||
|
||||
if(isset($type)) {
|
||||
$member->setType($type->value);
|
||||
}
|
||||
|
||||
if(isset($principal)) {
|
||||
$member->setPrincipal($principal);
|
||||
$member->setPrincipal($principal);
|
||||
}
|
||||
|
||||
if(count($member->getUpdatedFields()) > 0) {
|
||||
|
|
|
|||
|
|
@ -16,8 +16,9 @@ use OCA\OrganizationFolders\Db\Resource;
|
|||
use OCA\OrganizationFolders\Db\FolderResource;
|
||||
use OCA\OrganizationFolders\Db\ResourceMapper;
|
||||
use OCA\OrganizationFolders\Model\OrganizationFolder;
|
||||
use \OCA\OrganizationFolders\Model\Principal;
|
||||
use OCA\OrganizationFolders\Enum\MemberPermissionLevel;
|
||||
use OCA\OrganizationFolders\Enum\MemberType;
|
||||
use OCA\OrganizationFolders\Enum\PrincipalType;
|
||||
use OCA\OrganizationFolders\Errors\InvalidResourceType;
|
||||
use OCA\OrganizationFolders\Errors\ResourceNotFound;
|
||||
use OCA\OrganizationFolders\Errors\ResourceNameNotUnique;
|
||||
|
|
@ -37,7 +38,16 @@ class ResourceService {
|
|||
) {
|
||||
}
|
||||
|
||||
public function findAll(int $organizationFolderId, int $parentResourceId = null, array $filters = []) {
|
||||
/**
|
||||
* @param int $organizationFolderId
|
||||
* @psalm-param int $organizationFolderId
|
||||
* @param int|null $parentResourceId
|
||||
* @psalm-param int|null $parentResourceId
|
||||
* @param array $filters
|
||||
* @psalm-param array $filters
|
||||
* @psalm-return Resource[]
|
||||
*/
|
||||
public function findAll(int $organizationFolderId, ?int $parentResourceId = null, array $filters = []): array {
|
||||
return $this->mapper->findAll($organizationFolderId, $parentResourceId, $filters);
|
||||
}
|
||||
|
||||
|
|
@ -93,7 +103,11 @@ class ResourceService {
|
|||
$parentResource = $this->find($parentResourceId);
|
||||
|
||||
if($parentResource->getOrganizationFolderId() === $organizationFolderId) {
|
||||
$resource->setParentResource($parentResource->getId());
|
||||
if($parentResource->getType() !== "folder") {
|
||||
throw new Exception("Only folder resources can have sub-resources");
|
||||
} else {
|
||||
$resource->setParentResource($parentResource->getId());
|
||||
}
|
||||
} else {
|
||||
throw new Exception("Cannot create child-resource of parent in different organizationId");
|
||||
}
|
||||
|
|
@ -136,7 +150,6 @@ class ResourceService {
|
|||
int $id,
|
||||
|
||||
?string $name = null,
|
||||
?int $parentResource = null,
|
||||
?bool $active = null,
|
||||
?bool $inheritManagers = null,
|
||||
|
||||
|
|
@ -146,10 +159,6 @@ class ResourceService {
|
|||
): Resource {
|
||||
$resource = $this->find($id);
|
||||
|
||||
if(isset($parentResource)) {
|
||||
$resource->setParentResource($parentResource);
|
||||
}
|
||||
|
||||
if(isset($name)) {
|
||||
if($this->mapper->existsWithName($resource->getOrganizationFolderId(), $resource->getParentResource(), $name)) {
|
||||
throw new ResourceNameNotUnique();
|
||||
|
|
@ -206,10 +215,7 @@ class ResourceService {
|
|||
|
||||
$inheritingPrincipals = [];
|
||||
foreach($inheritingGroups as $inheritingGroup) {
|
||||
$inheritingPrincipals[] = [
|
||||
"type" => "group",
|
||||
"groupId" => $inheritingGroup,
|
||||
];
|
||||
$inheritingPrincipals[] = new Principal(PrincipalType::GROUP, $inheritingGroup);
|
||||
}
|
||||
|
||||
return $this->recursivelySetFolderResourceALCs($topLevelFolderResources, "", $inheritingPrincipals);
|
||||
|
|
@ -222,8 +228,8 @@ class ResourceService {
|
|||
* @psalm-param FolderResource[] $folderResources
|
||||
* @param string $path
|
||||
* @psalm-param string $path
|
||||
* @param array $inheritingGroups
|
||||
* @psalm-param string[] $inheritingGroups
|
||||
* @param array $inheritingPrincipals
|
||||
* @psalm-param Principal[] $inheritingPrincipals
|
||||
*/
|
||||
public function recursivelySetFolderResourceALCs(array $folderResources, string $path, array $inheritingPrincipals) {
|
||||
foreach($folderResources as $folderResource) {
|
||||
|
|
@ -232,20 +238,16 @@ class ResourceService {
|
|||
|
||||
// inherit ACLs
|
||||
foreach($inheritingPrincipals as $inheritingPrincipal) {
|
||||
if($inheritingPrincipal["type"] === "group") {
|
||||
$acls[] = new Rule(
|
||||
userMapping: $this->userMappingManager->mappingFromId("group", $inheritingPrincipal["groupId"]),
|
||||
fileId: $resourceFileId,
|
||||
mask: 31,
|
||||
permissions: $folderResource->getInheritedAclPermission(),
|
||||
);
|
||||
} else if($inheritingPrincipal["type"] === "user") {
|
||||
$acls[] = new Rule(
|
||||
userMapping: $this->userMappingManager->mappingFromId("user", $inheritingPrincipal["userId"]),
|
||||
fileId: $resourceFileId,
|
||||
mask: 31,
|
||||
permissions: $folderResource->getInheritedAclPermission(),
|
||||
);
|
||||
$newACL = $this->aclManager->createAclRuleForPrincipal(
|
||||
principal: $inheritingPrincipal,
|
||||
fileId: $resourceFileId,
|
||||
mask: 31,
|
||||
permissions: $folderResource->getInheritedAclPermission(),
|
||||
);
|
||||
|
||||
// if mapping for principal could not be created, skip creating rule for it
|
||||
if(!is_null($newACL)) {
|
||||
$acls[] = $newACL;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -260,6 +262,7 @@ class ResourceService {
|
|||
/** @var ResourceService */
|
||||
$resourceMemberService = $this->container->get(ResourceMemberService::class);
|
||||
$resourceMembers = $resourceMemberService->findAll($folderResource->getId());
|
||||
|
||||
foreach($resourceMembers as $resourceMember) {
|
||||
if($resourceMember->getPermissionLevel() === MemberPermissionLevel::MANAGER->value) {
|
||||
$resourceMemberPermissions = $folderResource->getManagersAclPermission();
|
||||
|
|
@ -270,43 +273,20 @@ class ResourceService {
|
|||
}
|
||||
|
||||
if($resourceMemberPermissions !== 0) {
|
||||
if($resourceMember->getType() === MemberType::USER->value) {
|
||||
$mapping = $this->userMappingManager->mappingFromId("user", $resourceMember->getPrincipal());
|
||||
$nextInheritingPrincipals[] = [
|
||||
"type" => "user",
|
||||
"userId" => $resourceMember->getPrincipal(),
|
||||
];
|
||||
} else if($resourceMember->getType() === MemberType::GROUP->value) {
|
||||
$mapping = $this->userMappingManager->mappingFromId("group", $resourceMember->getPrincipal());
|
||||
$nextInheritingPrincipals[] = [
|
||||
"type" => "group",
|
||||
"groupId" => $resourceMember->getPrincipal(),
|
||||
];
|
||||
} else if($resourceMember->getType() === MemberType::ROLE->value) {
|
||||
['organizationProviderId' => $organizationProviderId, 'roleId' => $roleId] = $resourceMember->getParsedPrincipal();
|
||||
$resourceMemberPrincipal = $resourceMember->getPrincipal();
|
||||
|
||||
$organizationProvider = $this->organizationProviderManager->getOrganizationProvider($organizationProviderId);
|
||||
$role = $organizationProvider->getRole($roleId);
|
||||
$mapping = $this->userMappingManager->mappingFromId("group", $role->getMembersGroup());
|
||||
$nextInheritingPrincipals[] = [
|
||||
"type" => "group",
|
||||
"groupId" => $role->getMembersGroup(),
|
||||
];
|
||||
} else {
|
||||
throw new Exception("invalid resource member type");
|
||||
}
|
||||
|
||||
if(is_null($mapping)) {
|
||||
// TODO: skip member instead of crashing
|
||||
throw new Exception(message: "invalid mapping, likely non-existing group");
|
||||
}
|
||||
|
||||
$acls[] = new Rule(
|
||||
userMapping: $mapping,
|
||||
$newACL = $this->aclManager->createAclRuleForPrincipal(
|
||||
principal: $resourceMemberPrincipal,
|
||||
fileId: $resourceFileId,
|
||||
mask: 31,
|
||||
permissions: $resourceMemberPermissions,
|
||||
);
|
||||
|
||||
// if mapping for principal could not be created, skip creating rule for it
|
||||
if(!is_null($newACL)) {
|
||||
$acls[] = $newACL;
|
||||
$nextInheritingPrincipals[] = $resourceMemberPrincipal;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue