mirror of
https://github.com/verdigado/organization_folders.git
synced 2024-11-21 20:28:11 +01:00
continued development of ACL rule management; fixed getting filesystem node of folder resources
This commit is contained in:
parent
5500ded3fb
commit
8d781f5001
6 changed files with 121 additions and 14 deletions
|
@ -28,6 +28,7 @@ class ResourceMember extends Entity implements JsonSerializable, TableSerializab
|
||||||
|
|
||||||
public function jsonSerialize(): array {
|
public function jsonSerialize(): array {
|
||||||
return [
|
return [
|
||||||
|
'id' => $this->id,
|
||||||
'resourceId' => $this->resourceId,
|
'resourceId' => $this->resourceId,
|
||||||
'permissionLevel' => $this->permissionLevel,
|
'permissionLevel' => $this->permissionLevel,
|
||||||
'type' => $this->type,
|
'type' => $this->type,
|
||||||
|
@ -39,6 +40,7 @@ class ResourceMember extends Entity implements JsonSerializable, TableSerializab
|
||||||
|
|
||||||
public function tableSerialize(?array $params = null): array {
|
public function tableSerialize(?array $params = null): array {
|
||||||
return [
|
return [
|
||||||
|
'Id' => $this->id,
|
||||||
'Resource Id' => $this->resourceId,
|
'Resource Id' => $this->resourceId,
|
||||||
'Permission Level' => MemberPermissionLevel::from($this->permissionLevel)->name,
|
'Permission Level' => MemberPermissionLevel::from($this->permissionLevel)->name,
|
||||||
'Type' => MemberType::from($this->type)->name,
|
'Type' => MemberType::from($this->type)->name,
|
||||||
|
|
|
@ -46,4 +46,17 @@ class ResourceMemberMapper extends QBMapper {
|
||||||
|
|
||||||
return $this->findEntities($qb);
|
return $this->findEntities($qb);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function exists(int $resourceId, int $type, string $principal): bool {
|
||||||
|
/* @var $qb IQueryBuilder */
|
||||||
|
$qb = $this->db->getQueryBuilder();
|
||||||
|
|
||||||
|
$qb->select($qb->createFunction('COUNT(1)'))
|
||||||
|
->from(self::RESOURCE_MEMBERS_TABLE)
|
||||||
|
->where($qb->expr()->eq('resource_id', $qb->createNamedParameter($resourceId, IQueryBuilder::PARAM_INT)))
|
||||||
|
->andWhere($qb->expr()->eq('type', $qb->createNamedParameter($type, IQueryBuilder::PARAM_INT)))
|
||||||
|
->andWhere($qb->expr()->eq('principal', $qb->createNamedParameter($principal)));
|
||||||
|
|
||||||
|
return $qb->executeQuery()->fetch()["COUNT(1)"] === 1;
|
||||||
|
}
|
||||||
}
|
}
|
|
@ -28,14 +28,29 @@ class PathManager {
|
||||||
public function getOrganizationFolderNode(OrganizationFolder $organizationFolder): ?Folder {
|
public function getOrganizationFolderNode(OrganizationFolder $organizationFolder): ?Folder {
|
||||||
return $this->getOrganizationFolderNodeById($organizationFolder->getId());
|
return $this->getOrganizationFolderNodeById($organizationFolder->getId());
|
||||||
}
|
}
|
||||||
|
/** Get underlying groupfolder folder node for the organization folder
|
||||||
public function getOrganizationFolderNodeById(int $id): ?Folder {
|
* (or if it was never before used create it in the filesystem and filecache!)
|
||||||
return $this->mountProvider->getFolder($id, False);
|
*/
|
||||||
|
public function getOrganizationFolderNodeById(int $id)/*: ?Folder*/ {
|
||||||
|
return $this->mountProvider->getFolder(id: $id, create: True);
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getFolderResourceNode(FolderResource $resource): ?Folder {
|
public function getOrganizationFolderSubfolder(OrganizationFolder $organizationFolder, array $path) {
|
||||||
$organizationFolderNode = $this->getOrganizationFolderNodeById($resource->getOrganizationFolderId());
|
return $this->getOrganizationFolderByIdSubfolder($organizationFolder->getId(), $path);
|
||||||
|
}
|
||||||
|
|
||||||
return $organizationFolderNode->getFirstNodeById($resource->getFileId());
|
public function getOrganizationFolderByIdSubfolder(int $id, array $path): ?Folder {
|
||||||
|
$organizationFolderNode = $this->getOrganizationFolderNodeById($id);
|
||||||
|
$currentFolder = $organizationFolderNode;
|
||||||
|
|
||||||
|
foreach($path as $subfolder) {
|
||||||
|
try {
|
||||||
|
$currentFolder = $currentFolder->get($subfolder);
|
||||||
|
} catch (\OCP\Files\NotFoundException $e) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $currentFolder;
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -188,7 +188,8 @@ class OrganizationFolderService {
|
||||||
|
|
||||||
$acls = [];
|
$acls = [];
|
||||||
foreach($groups as $group) {
|
foreach($groups as $group) {
|
||||||
$acls[] = new Rule(userMapping: $this->userMappingManager->mappingFromId("group", $group),
|
$acls[] = new Rule(
|
||||||
|
userMapping: $this->userMappingManager->mappingFromId("group", $group),
|
||||||
fileId: $fileId,
|
fileId: $fileId,
|
||||||
mask: 31,
|
mask: 31,
|
||||||
permissions: 1,
|
permissions: 1,
|
||||||
|
|
|
@ -52,6 +52,8 @@ class ResourceMemberService {
|
||||||
$member->setResourceId($resourceId);
|
$member->setResourceId($resourceId);
|
||||||
$member->setPermissionLevel($permissionLevel->value);
|
$member->setPermissionLevel($permissionLevel->value);
|
||||||
$member->setType($type->value);
|
$member->setType($type->value);
|
||||||
|
|
||||||
|
// TODO: check if principal fits format
|
||||||
$member->setPrincipal($principal);
|
$member->setPrincipal($principal);
|
||||||
$member->setCreatedTimestamp(time());
|
$member->setCreatedTimestamp(time());
|
||||||
$member->setLastUpdatedTimestamp(time());
|
$member->setLastUpdatedTimestamp(time());
|
||||||
|
|
|
@ -14,18 +14,23 @@ use OCA\OrganizationFolders\Db\Resource;
|
||||||
use OCA\OrganizationFolders\Db\FolderResource;
|
use OCA\OrganizationFolders\Db\FolderResource;
|
||||||
use OCA\OrganizationFolders\Db\ResourceMapper;
|
use OCA\OrganizationFolders\Db\ResourceMapper;
|
||||||
use OCA\OrganizationFolders\Model\OrganizationFolder;
|
use OCA\OrganizationFolders\Model\OrganizationFolder;
|
||||||
|
use OCA\OrganizationFolders\Enum\MemberPermissionLevel;
|
||||||
|
use OCA\OrganizationFolders\Enum\MemberType;
|
||||||
use OCA\OrganizationFolders\Errors\InvalidResourceType;
|
use OCA\OrganizationFolders\Errors\InvalidResourceType;
|
||||||
use OCA\OrganizationFolders\Errors\ResourceNotFound;
|
use OCA\OrganizationFolders\Errors\ResourceNotFound;
|
||||||
use OCA\OrganizationFolders\Errors\ResourceNameNotUnique;
|
use OCA\OrganizationFolders\Errors\ResourceNameNotUnique;
|
||||||
use OCA\OrganizationFolders\Manager\PathManager;
|
use OCA\OrganizationFolders\Manager\PathManager;
|
||||||
use OCA\OrganizationFolders\Manager\ACLManager;
|
use OCA\OrganizationFolders\Manager\ACLManager;
|
||||||
|
use OCA\OrganizationFolders\OrganizationProvider\OrganizationProviderManager;
|
||||||
|
|
||||||
class ResourceService {
|
class ResourceService {
|
||||||
public function __construct(
|
public function __construct(
|
||||||
private ResourceMapper $mapper,
|
protected ResourceMapper $mapper,
|
||||||
private PathManager $pathManager,
|
protected PathManager $pathManager,
|
||||||
protected ACLManager $aclManager,
|
protected ACLManager $aclManager,
|
||||||
private UserMappingManager $userMappingManager,
|
protected UserMappingManager $userMappingManager,
|
||||||
|
protected ResourceMemberService $resourceMemberService,
|
||||||
|
protected OrganizationProviderManager $organizationProviderManager,
|
||||||
) {
|
) {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -77,9 +82,13 @@ class ResourceService {
|
||||||
if(isset($parentResourceId)) {
|
if(isset($parentResourceId)) {
|
||||||
$parentResource = $this->find($parentResourceId);
|
$parentResource = $this->find($parentResourceId);
|
||||||
|
|
||||||
|
if($parentResource->getOrganizationFolderId() === $organizationFolderId) {
|
||||||
$resource->setParentResource($parentResource->getId());
|
$resource->setParentResource($parentResource->getId());
|
||||||
|
} else {
|
||||||
|
throw new Exception("Cannot create child-resource of parent in different organizationId");
|
||||||
|
}
|
||||||
|
|
||||||
$parentNode = $this->pathManager->getFolderResourceNode($parentResource);
|
$parentNode = $this->getFolderResourceFilesystemNode($parentResource);
|
||||||
} else {
|
} else {
|
||||||
$parentNode = $this->pathManager->getOrganizationFolderNodeById($organizationFolderId);
|
$parentNode = $this->pathManager->getOrganizationFolderNodeById($organizationFolderId);
|
||||||
}
|
}
|
||||||
|
@ -129,9 +138,15 @@ class ResourceService {
|
||||||
}
|
}
|
||||||
|
|
||||||
if(isset($name)) {
|
if(isset($name)) {
|
||||||
if($this->mapper->existsWithName($resource->getGroupFolderId(), $resource->getParentResource(), $name)) {
|
if($this->mapper->existsWithName($resource->getOrganizationFolderId(), $resource->getParentResource(), $name)) {
|
||||||
throw new ResourceNameNotUnique();
|
throw new ResourceNameNotUnique();
|
||||||
} else {
|
} else {
|
||||||
|
if($resource->getType() === "folder") {
|
||||||
|
$resourceNode = $this->getFolderResourceFilesystemNode($resource);
|
||||||
|
$newPath = $resourceNode->getParent()->getPath() . "/" . $name;
|
||||||
|
$resourceNode->move($newPath);
|
||||||
|
}
|
||||||
|
|
||||||
$resource->setName($name);
|
$resource->setName($name);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -161,6 +176,7 @@ class ResourceService {
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->mapper->update($resource);
|
return $this->mapper->update($resource);
|
||||||
|
// TODO: improve error handing: if db update fails roll back changes in the filesystem
|
||||||
}
|
}
|
||||||
|
|
||||||
public function setAllFolderResourceAclsInOrganizationFolder(OrganizationFolder $organizationFolder, array $inheritingGroups) {
|
public function setAllFolderResourceAclsInOrganizationFolder(OrganizationFolder $organizationFolder, array $inheritingGroups) {
|
||||||
|
@ -184,20 +200,78 @@ class ResourceService {
|
||||||
$resourceFileId = $folderResource->getFileId();
|
$resourceFileId = $folderResource->getFileId();
|
||||||
$acls = [];
|
$acls = [];
|
||||||
|
|
||||||
|
// inherit ACLs
|
||||||
foreach($inheritingGroups as $inheritingGroup) {
|
foreach($inheritingGroups as $inheritingGroup) {
|
||||||
$acls[] = new Rule(userMapping: $this->userMappingManager->mappingFromId("group", $inheritingGroup),
|
$acls[] = new Rule(
|
||||||
|
userMapping: $this->userMappingManager->mappingFromId("group", $inheritingGroup),
|
||||||
fileId: $resourceFileId,
|
fileId: $resourceFileId,
|
||||||
mask: 31,
|
mask: 31,
|
||||||
permissions: $folderResource->getInheritedAclPermission(),
|
permissions: $folderResource->getInheritedAclPermission(),
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// member ACLs
|
||||||
|
$resourceMembers = $this->resourceMemberService->findAll($folderResource->getId());
|
||||||
|
foreach($resourceMembers as $resourceMember) {
|
||||||
|
if($resourceMember->getPermissionLevel() === MemberPermissionLevel::MANAGER->value) {
|
||||||
|
$resourceMemberPermissions = $folderResource->getManagersAclPermission();
|
||||||
|
} else if($resourceMember->getPermissionLevel() === MemberPermissionLevel::MEMBER->value) {
|
||||||
|
$resourceMemberPermissions = $folderResource->getMembersAclPermission();
|
||||||
|
} else {
|
||||||
|
throw new Exception("invalid resource member permission level");
|
||||||
|
}
|
||||||
|
|
||||||
|
if($resourceMember->getType() === MemberType::USER->value) {
|
||||||
|
$mapping = $this->userMappingManager->mappingFromId("user", $resourceMember->getPrincipal());
|
||||||
|
} else if($resourceMember->getType() === MemberType::GROUP->value) {
|
||||||
|
$mapping = $this->userMappingManager->mappingFromId("group", $resourceMember->getPrincipal());
|
||||||
|
} else if($resourceMember->getType() === MemberType::ROLE->value) {
|
||||||
|
[$organizationProviderId, $roleId] = explode(":", $resourceMember->getPrincipal(), 2);
|
||||||
|
$organizationProvider = $this->organizationProviderManager->getOrganizationProvider($organizationProviderId);
|
||||||
|
$role = $organizationProvider->getRole($roleId);
|
||||||
|
$mapping = $this->userMappingManager->mappingFromId("group", $role->getMembersGroup());
|
||||||
|
} else {
|
||||||
|
throw new Exception("invalid resource member type");
|
||||||
|
}
|
||||||
|
|
||||||
|
if(is_null($mapping)) {
|
||||||
|
// TODO: skip member instead of crashing
|
||||||
|
throw new Exception(message: "invalid mapping, likely non-existing group");
|
||||||
|
}
|
||||||
|
|
||||||
|
$acls[] = new Rule(
|
||||||
|
userMapping: $mapping,
|
||||||
|
fileId: $resourceFileId,
|
||||||
|
mask: 31,
|
||||||
|
permissions: $resourceMemberPermissions,
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
$this->aclManager->overwriteACLsForFileId($resourceFileId, $acls);
|
$this->aclManager->overwriteACLsForFileId($resourceFileId, $acls);
|
||||||
|
|
||||||
// TODO: recurse sub-resources
|
// TODO: recurse sub-resources
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function getResourcePath(FolderResource $resource) {
|
||||||
|
$currentResource = $resource;
|
||||||
|
|
||||||
|
$invertedPath = [];
|
||||||
|
|
||||||
|
$invertedPath[] = $currentResource->getName();
|
||||||
|
|
||||||
|
while($currentResource->getParentResource()) {
|
||||||
|
$currentResource = $this->find($currentResource->getParentResource());
|
||||||
|
$invertedPath[] = $currentResource->getName();
|
||||||
|
}
|
||||||
|
|
||||||
|
return array_reverse($invertedPath);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getFolderResourceFilesystemNode(FolderResource $resource) {
|
||||||
|
return $this->pathManager->getOrganizationFolderByIdSubfolder($resource->getOrganizationFolderId(), $this->getResourcePath($resource));
|
||||||
|
}
|
||||||
|
|
||||||
public function delete(int $id): Resource {
|
public function delete(int $id): Resource {
|
||||||
try {
|
try {
|
||||||
$resource = $this->mapper->find($id);
|
$resource = $this->mapper->find($id);
|
||||||
|
|
Loading…
Reference in a new issue