Merge pull request #984 from nextcloud/backport/974/974-stable22

[stable22] limit some feature when Circles is managed by an app

Author: ArtificialOwl

lib/CirclesManager.php

@@ -31,7 +31,6 @@
 
 namespace OCA\Circles;
 
-use OCA\Circles\Tools\Exceptions\InvalidItemException;
 use OCA\Circles\Exceptions\CircleNotFoundException;
 use OCA\Circles\Exceptions\ContactAddressBookNotFoundException;
 use OCA\Circles\Exceptions\ContactFormatException;
@@ -59,10 +58,11 @@
 use OCA\Circles\Model\Membership;
 use OCA\Circles\Model\Probes\CircleProbe;
 use OCA\Circles\Service\CircleService;
+use OCA\Circles\Service\ConfigService;
 use OCA\Circles\Service\FederatedUserService;
 use OCA\Circles\Service\MemberService;
 use OCA\Circles\Service\MembershipService;
-use OCP\IUserSession;
+use OCA\Circles\Tools\Exceptions\InvalidItemException;
 
 /**
  * Class CirclesManager
@@ -72,9 +72,6 @@
 class CirclesManager {
 
 
-	/** @var CirclesQueryHelper */
-	private $circlesQueryHelper;
-
 	/** @var FederatedUserService */
 	private $federatedUserService;
 
@@ -87,27 +84,36 @@ class CirclesManager {
 	/** @var MembershipService */
 	private $membershipService;
 
+	/** @var ConfigService */
+	private $configService;
+
+	/** @var CirclesQueryHelper */
+	private $circlesQueryHelper;
+
 
 	/**
 	 * CirclesManager constructor.
 	 *
-	 * @param IUserSession $userSession
 	 * @param FederatedUserService $federatedUserService
 	 * @param CircleService $circleService
 	 * @param MemberService $memberService
+	 * @param MembershipService $membershipService
+	 * @param ConfigService $configService
 	 * @param CirclesQueryHelper $circlesQueryHelper
 	 */
 	public function __construct(
 		FederatedUserService $federatedUserService,
 		CircleService $circleService,
 		MemberService $memberService,
 		MembershipService $membershipService,
+		ConfigService $configService,
 		CirclesQueryHelper $circlesQueryHelper
 	) {
 		$this->federatedUserService = $federatedUserService;
 		$this->circleService = $circleService;
 		$this->memberService = $memberService;
 		$this->membershipService = $membershipService;
+		$this->configService = $configService;
 		$this->circlesQueryHelper = $circlesQueryHelper;
 	}
 
@@ -136,6 +142,29 @@ public function getFederatedUser(string $federatedId, int $type = Member::TYPE_S
 		return $this->federatedUserService->getFederatedUser($federatedId, $type);
 	}
 
+	/**
+	 * @param string $userId
+	 *
+	 * @return FederatedUser
+	 * @throws CircleNotFoundException
+	 * @throws FederatedItemException
+	 * @throws FederatedUserException
+	 * @throws FederatedUserNotFoundException
+	 * @throws InvalidIdException
+	 * @throws MemberNotFoundException
+	 * @throws OwnerNotFoundException
+	 * @throws RemoteInstanceException
+	 * @throws RemoteNotFoundException
+	 * @throws RemoteResourceNotFoundException
+	 * @throws RequestBuilderException
+	 * @throws SingleCircleNotFoundException
+	 * @throws UnknownRemoteException
+	 * @throws UserTypeNotFoundException
+	 */
+	public function getLocalFederatedUser(string $userId): FederatedUser {
+		return $this->getFederatedUser($userId, Member::TYPE_USER);
+	}
+
 
 	/**
 	 * @throws FederatedUserNotFoundException
@@ -161,6 +190,22 @@ public function startSuperSession(): void {
 	}
 
 
+	/**
+	 * @param string $appId
+	 * @param int $appSerial
+	 *
+	 * @throws ContactAddressBookNotFoundException
+	 * @throws ContactFormatException
+	 * @throws ContactNotFoundException
+	 * @throws FederatedUserException
+	 * @throws InvalidIdException
+	 * @throws RequestBuilderException
+	 * @throws SingleCircleNotFoundException
+	 */
+	public function startAppSession(string $appId, int $appSerial = Member::APP_DEFAULT): void {
+		$this->federatedUserService->setLocalCurrentApp($appId, $appSerial);
+	}
+
 	/**
 	 * $userId - userId to emulate as initiator (can be empty)
 	 * $userType - specify if userIs not a singleId
@@ -304,6 +349,66 @@ public function getCircle(string $singleId, ?CircleProbe $probe = null): Circle
 	}
 
 
+	/**
+	 * @param Circle $circle
+	 *
+	 * @throws CircleNotFoundException
+	 * @throws FederatedEventException
+	 * @throws FederatedItemException
+	 * @throws InitiatorNotConfirmedException
+	 * @throws InitiatorNotFoundException
+	 * @throws OwnerNotFoundException
+	 * @throws RemoteInstanceException
+	 * @throws RemoteNotFoundException
+	 * @throws RemoteResourceNotFoundException
+	 * @throws RequestBuilderException
+	 * @throws UnknownRemoteException
+	 */
+	public function updateConfig(Circle $circle): void {
+		$this->circleService->updateConfig($circle->getSingleId(), $circle->getConfig());
+	}
+
+
+	/**
+	 * @param string $circleId
+	 * @param bool $enabled
+	 *
+	 * @throws CircleNotFoundException
+	 * @throws FederatedEventException
+	 * @throws FederatedItemException
+	 * @throws FederatedUserException
+	 * @throws InitiatorNotConfirmedException
+	 * @throws InitiatorNotFoundException
+	 * @throws OwnerNotFoundException
+	 * @throws RemoteInstanceException
+	 * @throws RemoteNotFoundException
+	 * @throws RemoteResourceNotFoundException
+	 * @throws RequestBuilderException
+	 * @throws UnknownRemoteException
+	 */
+	public function flagAsAppManaged(string $circleId, bool $enabled = true): void {
+		$this->federatedUserService->confirmSuperSession();
+		$this->federatedUserService->setOwnerAsCurrentUser($circleId);
+
+		$probe = new CircleProbe();
+		$probe->includeSystemCircles();
+
+		$localCircle = $this->circleService->getCircle($circleId, $probe);
+		if (!$this->configService->isLocalInstance($localCircle->getInstance())) {
+			throw new CircleNotFoundException('This Circle is not managed from this instance');
+		}
+
+		$config = $localCircle->getConfig();
+		if ($enabled) {
+			$config |= Circle::CFG_APP;
+		} else {
+			$config &= ~Circle::CFG_APP;
+		}
+
+		$this->circleService->updateConfig($circleId, $config);
+	}
+
+
 	/**
 	 * @param string $circleId
 	 * @param FederatedUser $federatedUser

lib/Command/CirclesConfig.php

@@ -102,6 +102,10 @@ protected function configure() {
 			 )
 			 ->addOption('initiator', '', InputOption::VALUE_REQUIRED, 'set an initiator to the request', '')
 			 ->addOption('initiator-type', '', InputOption::VALUE_REQUIRED, 'set initiator type', '0')
+			 ->addOption(
+				 'super-session', '',
+				 InputOption::VALUE_NONE, 'use super session to bypass some condition'
+			 )
 			 ->addOption('status-code', '', InputOption::VALUE_NONE, 'display status code on exception');
 	}
 
@@ -133,12 +137,16 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 		$circleId = (string)$input->getArgument('circle_id');
 
 		try {
-			$this->federatedUserService->commandLineInitiator(
-				$input->getOption('initiator'),
-				Member::parseTypeString($input->getOption('initiator-type')),
-				$circleId,
-				false
-			);
+			if ($input->getArgument('super-session')) {
+				$this->federatedUserService->bypassCurrentUserCondition(true);
+			} else {
+				$this->federatedUserService->commandLineInitiator(
+					$input->getOption('initiator'),
+					Member::parseTypeString($input->getOption('initiator-type')),
+					$circleId,
+					false
+				);
+			}
 
 			$circle = $this->circleService->getCircle($circleId);
 

lib/Exceptions/RemoteCircleException.php

@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+
+/**
+ * Circles - Bring cloud-users closer together.
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later. See the COPYING file.
+ *
+ * @author Maxence Lange <maxence@artificial-owl.com>
+ * @copyright 2021
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Circles\Exceptions;
+
+class RemoteCircleException extends FederatedItemBadRequestException {
+}

lib/Exceptions/SuperSessionException.php

@@ -0,0 +1,34 @@
+<?php
+
+declare(strict_types=1);
+
+
+/**
+ * Circles - Bring cloud-users closer together.
+ *
+ * This file is licensed under the Affero General Public License version 3 or
+ * later. See the COPYING file.
+ *
+ * @author Maxence Lange <maxence@artificial-owl.com>
+ * @copyright 2022
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Circles\Exceptions;
+
+class SuperSessionException extends FederatedItemUnauthorizedException {
+}

lib/FederatedItems/CircleConfig.php

@@ -31,7 +31,6 @@
 
 namespace OCA\Circles\FederatedItems;
 
-use OCA\Circles\Tools\Traits\TDeserialize;
 use OCA\Circles\Db\CircleRequest;
 use OCA\Circles\Exceptions\FederatedItemBadRequestException;
 use OCA\Circles\Exceptions\FederatedItemException;
@@ -41,6 +40,7 @@
 use OCA\Circles\Model\Federated\FederatedEvent;
 use OCA\Circles\Model\Helpers\MemberHelper;
 use OCA\Circles\Service\ConfigService;
+use OCA\Circles\Tools\Traits\TDeserialize;
 
 /**
  * Class CircleConfig
@@ -89,6 +89,15 @@ public function verify(FederatedEvent $event): void {
 			$listing = array_merge($listing, Circle::$DEF_CFG_SYSTEM_FILTER);
 		}
 
+		// filtering config values when not using Super Session
+		if (!$event->getParams()->gBool('superSession')) {
+			if ($circle->isConfig(Circle::CFG_APP)) {
+				$config |= Circle::CFG_APP;
+			} else {
+				$config &= ~Circle::CFG_APP;
+			}
+		}
+
 		$confirmed = true;
 		foreach ($listing as $item) {
 			if ($circle->isConfig($item, $config)) {

lib/FederatedItems/CircleDestroy.php

@@ -31,18 +31,22 @@
 
 namespace OCA\Circles\FederatedItems;
 
-use OCA\Circles\Tools\Traits\TDeserialize;
 use OCA\Circles\Db\CircleRequest;
 use OCA\Circles\Db\MemberRequest;
+use OCA\Circles\Exceptions\FederatedItemBadRequestException;
 use OCA\Circles\Exceptions\RequestBuilderException;
 use OCA\Circles\IFederatedItem;
 use OCA\Circles\IFederatedItemAsyncProcess;
 use OCA\Circles\IFederatedItemHighSeverity;
 use OCA\Circles\IFederatedItemMemberEmpty;
+use OCA\Circles\Model\Circle;
 use OCA\Circles\Model\Federated\FederatedEvent;
 use OCA\Circles\Model\Helpers\MemberHelper;
 use OCA\Circles\Service\EventService;
 use OCA\Circles\Service\MembershipService;
+use OCA\Circles\StatusCode;
+use OCA\Circles\Tools\Traits\TDeserialize;
+use OCA\Circles\Tools\Traits\TStringTools;
 
 /**
  * Class CircleDestroy
@@ -54,6 +58,7 @@ class CircleDestroy implements
 	IFederatedItemHighSeverity,
 	IFederatedItemAsyncProcess,
 	IFederatedItemMemberEmpty {
+	use TStringTools;
 	use TDeserialize;
 
 
@@ -91,9 +96,18 @@ public function __construct(
 
 	/**
 	 * @param FederatedEvent $event
+	 *
+	 * @throws FederatedItemBadRequestException
 	 */
 	public function verify(FederatedEvent $event): void {
 		$circle = $event->getCircle();
+		if ($circle->isConfig(Circle::CFG_APP)) {
+			throw new FederatedItemBadRequestException(
+				StatusCode::$CIRCLE_DESTROY[120],
+				120
+			);
+		}
+
 		$initiator = $circle->getInitiator();
 
 		$initiatorHelper = new MemberHelper($initiator);