From 8d781f5001b12aa520adf81c3ea2faf2fd476af9 Mon Sep 17 00:00:00 2001
From: Jonathan Treffler <jonathan.treffler@verdigado.com>
Date: Tue, 5 Nov 2024 00:45:44 +0100
Subject: [PATCH] continued development of ACL rule management; fixed getting
 filesystem node of folder resources

---
 lib/Db/ResourceMember.php                 |  2 +
 lib/Db/ResourceMemberMapper.php           | 13 ++++
 lib/Manager/PathManager.php               | 27 +++++--
 lib/Service/OrganizationFolderService.php |  3 +-
 lib/Service/ResourceMemberService.php     |  2 +
 lib/Service/ResourceService.php           | 88 +++++++++++++++++++++--
 6 files changed, 121 insertions(+), 14 deletions(-)

diff --git a/lib/Db/ResourceMember.php b/lib/Db/ResourceMember.php
index b3a61bb..97b5110 100644
--- a/lib/Db/ResourceMember.php
+++ b/lib/Db/ResourceMember.php
@@ -28,6 +28,7 @@ class ResourceMember extends Entity implements JsonSerializable, TableSerializab
 
     public function jsonSerialize(): array {
 		return [
+			'id' => $this->id,
 			'resourceId' => $this->resourceId,
 			'permissionLevel' => $this->permissionLevel,
 			'type' => $this->type,
@@ -39,6 +40,7 @@ class ResourceMember extends Entity implements JsonSerializable, TableSerializab
 
     public function tableSerialize(?array $params = null): array {
 		return [
+			'Id' => $this->id,
 			'Resource Id' => $this->resourceId,
 			'Permission Level' => MemberPermissionLevel::from($this->permissionLevel)->name,
 			'Type' => MemberType::from($this->type)->name,
diff --git a/lib/Db/ResourceMemberMapper.php b/lib/Db/ResourceMemberMapper.php
index 05be516..74b8b66 100644
--- a/lib/Db/ResourceMemberMapper.php
+++ b/lib/Db/ResourceMemberMapper.php
@@ -46,4 +46,17 @@ class ResourceMemberMapper extends QBMapper {
 		
 		return $this->findEntities($qb);
 	}
+
+	public function exists(int $resourceId, int $type, string $principal): bool {
+		/* @var $qb IQueryBuilder */
+		$qb = $this->db->getQueryBuilder();
+
+		$qb->select($qb->createFunction('COUNT(1)'))
+			->from(self::RESOURCE_MEMBERS_TABLE)
+			->where($qb->expr()->eq('resource_id', $qb->createNamedParameter($resourceId, IQueryBuilder::PARAM_INT)))
+			->andWhere($qb->expr()->eq('type', $qb->createNamedParameter($type, IQueryBuilder::PARAM_INT)))
+			->andWhere($qb->expr()->eq('principal', $qb->createNamedParameter($principal)));
+
+		return $qb->executeQuery()->fetch()["COUNT(1)"] === 1;
+	}
 }
\ No newline at end of file
diff --git a/lib/Manager/PathManager.php b/lib/Manager/PathManager.php
index b0ebec3..5f0d717 100644
--- a/lib/Manager/PathManager.php
+++ b/lib/Manager/PathManager.php
@@ -28,14 +28,29 @@ class PathManager {
 	public function getOrganizationFolderNode(OrganizationFolder $organizationFolder): ?Folder {
 		return $this->getOrganizationFolderNodeById($organizationFolder->getId());
 	}
-
-	public function getOrganizationFolderNodeById(int $id): ?Folder {
-		return $this->mountProvider->getFolder($id, False);
+	/** Get underlying groupfolder folder node for the organization folder
+	 * (or if it was never before used create it in the filesystem and filecache!)
+	*/
+	public function getOrganizationFolderNodeById(int $id)/*: ?Folder*/ {
+		return $this->mountProvider->getFolder(id: $id, create: True);
 	}
 
-	public function getFolderResourceNode(FolderResource $resource): ?Folder {
-		$organizationFolderNode = $this->getOrganizationFolderNodeById($resource->getOrganizationFolderId());
+	public function getOrganizationFolderSubfolder(OrganizationFolder $organizationFolder, array $path) {
+		return $this->getOrganizationFolderByIdSubfolder($organizationFolder->getId(), $path);
+	}
 
-		return $organizationFolderNode->getFirstNodeById($resource->getFileId());
+	public function getOrganizationFolderByIdSubfolder(int $id, array $path): ?Folder {
+		$organizationFolderNode = $this->getOrganizationFolderNodeById($id);
+		$currentFolder = $organizationFolderNode;
+
+		foreach($path as $subfolder) {
+			try {
+				$currentFolder = $currentFolder->get($subfolder);
+			} catch (\OCP\Files\NotFoundException $e) {
+				return null;
+			}
+		}
+
+		return $currentFolder;
 	}
 }
\ No newline at end of file
diff --git a/lib/Service/OrganizationFolderService.php b/lib/Service/OrganizationFolderService.php
index 7c6a3d2..5524e7c 100644
--- a/lib/Service/OrganizationFolderService.php
+++ b/lib/Service/OrganizationFolderService.php
@@ -188,7 +188,8 @@ class OrganizationFolderService {
 
         $acls = [];
         foreach($groups as $group) {
-            $acls[] = new Rule(userMapping: $this->userMappingManager->mappingFromId("group", $group),
+            $acls[] = new Rule(
+                userMapping: $this->userMappingManager->mappingFromId("group", $group),
                 fileId: $fileId,
                 mask: 31,
                 permissions: 1,
diff --git a/lib/Service/ResourceMemberService.php b/lib/Service/ResourceMemberService.php
index f1e8aa1..8d87a2b 100644
--- a/lib/Service/ResourceMemberService.php
+++ b/lib/Service/ResourceMemberService.php
@@ -52,6 +52,8 @@ class ResourceMemberService {
 		$member->setResourceId($resourceId);
 		$member->setPermissionLevel($permissionLevel->value);
         $member->setType($type->value);
+		
+		// TODO: check if principal fits format
         $member->setPrincipal($principal);
         $member->setCreatedTimestamp(time());
         $member->setLastUpdatedTimestamp(time());
diff --git a/lib/Service/ResourceService.php b/lib/Service/ResourceService.php
index bc553bc..4e77650 100644
--- a/lib/Service/ResourceService.php
+++ b/lib/Service/ResourceService.php
@@ -14,18 +14,23 @@ use OCA\OrganizationFolders\Db\Resource;
 use OCA\OrganizationFolders\Db\FolderResource;
 use OCA\OrganizationFolders\Db\ResourceMapper;
 use OCA\OrganizationFolders\Model\OrganizationFolder;
+use OCA\OrganizationFolders\Enum\MemberPermissionLevel;
+use OCA\OrganizationFolders\Enum\MemberType;
 use OCA\OrganizationFolders\Errors\InvalidResourceType;
 use OCA\OrganizationFolders\Errors\ResourceNotFound;
 use OCA\OrganizationFolders\Errors\ResourceNameNotUnique;
 use OCA\OrganizationFolders\Manager\PathManager;
 use OCA\OrganizationFolders\Manager\ACLManager;
+use OCA\OrganizationFolders\OrganizationProvider\OrganizationProviderManager;
 
 class ResourceService {
 	public function __construct(
-		private ResourceMapper $mapper,
-		private PathManager $pathManager,
+		protected ResourceMapper $mapper,
+		protected PathManager $pathManager,
 		protected ACLManager $aclManager,
-		private UserMappingManager $userMappingManager,
+		protected UserMappingManager $userMappingManager,
+		protected ResourceMemberService $resourceMemberService,
+		protected OrganizationProviderManager $organizationProviderManager,
 	) {
 	}
 
@@ -77,9 +82,13 @@ class ResourceService {
 			if(isset($parentResourceId)) {
 				$parentResource = $this->find($parentResourceId);
 
-				$resource->setParentResource($parentResource->getId());
+				if($parentResource->getOrganizationFolderId() === $organizationFolderId) {
+					$resource->setParentResource($parentResource->getId());
+				} else {
+					throw new Exception("Cannot create child-resource of parent in different organizationId");
+				}
 
-				$parentNode = $this->pathManager->getFolderResourceNode($parentResource);
+				$parentNode = $this->getFolderResourceFilesystemNode($parentResource);
 			} else {
 				$parentNode = $this->pathManager->getOrganizationFolderNodeById($organizationFolderId);
 			}
@@ -129,9 +138,15 @@ class ResourceService {
 		}
 
 		if(isset($name)) {
-			if($this->mapper->existsWithName($resource->getGroupFolderId(), $resource->getParentResource(), $name)) {
+			if($this->mapper->existsWithName($resource->getOrganizationFolderId(), $resource->getParentResource(), $name)) {
 				throw new ResourceNameNotUnique();
 			} else {
+				if($resource->getType() === "folder") {
+					$resourceNode = $this->getFolderResourceFilesystemNode($resource);
+					$newPath = $resourceNode->getParent()->getPath() . "/" . $name;
+					$resourceNode->move($newPath);
+				}
+
 				$resource->setName($name);
 			}
 		}
@@ -161,6 +176,7 @@ class ResourceService {
 		}
 
 		return $this->mapper->update($resource);
+		// TODO: improve error handing: if db update fails roll back changes in the filesystem
 	}
 
 	public function setAllFolderResourceAclsInOrganizationFolder(OrganizationFolder $organizationFolder, array $inheritingGroups) {
@@ -184,20 +200,78 @@ class ResourceService {
 			$resourceFileId = $folderResource->getFileId();
 			$acls = [];
 
+			// inherit ACLs
 			foreach($inheritingGroups as $inheritingGroup) {
-				$acls[] = new Rule(userMapping: $this->userMappingManager->mappingFromId("group", $inheritingGroup),
+				$acls[] = new Rule(
+					userMapping: $this->userMappingManager->mappingFromId("group", $inheritingGroup),
 					fileId: $resourceFileId,
 					mask: 31,
 					permissions: $folderResource->getInheritedAclPermission(),
 				);
 			}
 
+			// member ACLs
+			$resourceMembers = $this->resourceMemberService->findAll($folderResource->getId());
+			foreach($resourceMembers as $resourceMember) {
+				if($resourceMember->getPermissionLevel() === MemberPermissionLevel::MANAGER->value) {
+					$resourceMemberPermissions = $folderResource->getManagersAclPermission();
+				} else if($resourceMember->getPermissionLevel() === MemberPermissionLevel::MEMBER->value) {
+					$resourceMemberPermissions = $folderResource->getMembersAclPermission();
+				} else {
+					throw new Exception("invalid resource member permission level");
+				}
+
+				if($resourceMember->getType() === MemberType::USER->value) {
+					$mapping = $this->userMappingManager->mappingFromId("user", $resourceMember->getPrincipal());
+				} else if($resourceMember->getType() === MemberType::GROUP->value) {
+					$mapping = $this->userMappingManager->mappingFromId("group", $resourceMember->getPrincipal());
+				} else if($resourceMember->getType() === MemberType::ROLE->value) {
+					[$organizationProviderId, $roleId] = explode(":", $resourceMember->getPrincipal(), 2);
+					$organizationProvider = $this->organizationProviderManager->getOrganizationProvider($organizationProviderId);
+					$role = $organizationProvider->getRole($roleId);
+					$mapping = $this->userMappingManager->mappingFromId("group", $role->getMembersGroup());
+				} else {
+					throw new Exception("invalid resource member type");
+				}
+
+				if(is_null($mapping)) {
+					// TODO: skip member instead of crashing
+					throw new Exception(message: "invalid mapping, likely non-existing group");
+				}
+				
+				$acls[] = new Rule(
+					userMapping: $mapping,
+					fileId: $resourceFileId,
+					mask: 31,
+					permissions: $resourceMemberPermissions,
+				);
+			}
+
 			$this->aclManager->overwriteACLsForFileId($resourceFileId, $acls);
 
 			// TODO: recurse sub-resources
 		}
 	}
 
+	public function getResourcePath(FolderResource $resource) {
+		$currentResource = $resource;
+		
+		$invertedPath = [];
+
+		$invertedPath[] = $currentResource->getName();
+
+		while($currentResource->getParentResource()) {
+			$currentResource = $this->find($currentResource->getParentResource());
+			$invertedPath[] = $currentResource->getName();
+		}
+
+		return array_reverse($invertedPath);
+	}
+
+	public function getFolderResourceFilesystemNode(FolderResource $resource) {
+		return $this->pathManager->getOrganizationFolderByIdSubfolder($resource->getOrganizationFolderId(), $this->getResourcePath($resource));
+	}
+
 	public function delete(int $id): Resource {
 		try {
 			$resource = $this->mapper->find($id);