From c3d8a5bf515c80885d451c1413142c8a1ac5d52f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=B6rn=20Friedrich=20Dreyer?= <jfd@butonic.de>
Date: Thu, 29 Oct 2020 15:53:22 +0100
Subject: [PATCH] ocs: allow users to look up other users
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>
---
 ocs/pkg/middleware/requireuser.go | 32 +++++++++++++++++++++++++++++++
 ocs/pkg/service/v0/service.go     |  6 ++++--
 2 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 ocs/pkg/middleware/requireuser.go

diff --git a/ocs/pkg/middleware/requireuser.go b/ocs/pkg/middleware/requireuser.go
new file mode 100644
index 0000000000..8d3885aac6
--- /dev/null
+++ b/ocs/pkg/middleware/requireuser.go
@@ -0,0 +1,32 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/cs3org/reva/pkg/user"
+	"github.com/go-chi/render"
+	"github.com/owncloud/ocis/ocs/pkg/service/v0/data"
+	"github.com/owncloud/ocis/ocs/pkg/service/v0/response"
+)
+
+// RequireUser middleware is used to require a user in context
+func RequireUser() func(next http.Handler) http.Handler {
+
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+			u, ok := user.ContextGetUser(r.Context())
+			if !ok {
+				render.Render(w, r, response.ErrRender(data.MetaUnauthorized.StatusCode, "Unauthorized"))
+				return
+			}
+			if u.Id == nil || u.Id.OpaqueId == "" {
+				render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "user is missing an id"))
+				return
+			}
+
+			next.ServeHTTP(w, r)
+
+		})
+	}
+}
diff --git a/ocs/pkg/service/v0/service.go b/ocs/pkg/service/v0/service.go
index 030f60f7ea..d1817b41dd 100644
--- a/ocs/pkg/service/v0/service.go
+++ b/ocs/pkg/service/v0/service.go
@@ -61,6 +61,8 @@ func NewService(opts ...Option) Service {
 		logger:      options.Logger,
 	}
 
+	requireUser := ocsm.RequireUser()
+
 	requireAdmin := ocsm.RequireAdmin(
 		ocsm.RoleManager(roleManager),
 	)
@@ -94,7 +96,7 @@ func NewService(opts ...Option) Service {
 					r.With(requireAdmin).Get("/", svc.ListUsers)
 					r.With(requireAdmin).Post("/", svc.AddUser)
 					r.Route("/{userid}", func(r chi.Router) {
-						r.With(requireSelfOrAdmin).Get("/", svc.GetUser)
+						r.With(requireUser).Get("/", svc.GetUser)
 						r.With(requireSelfOrAdmin).Put("/", svc.EditUser)
 						r.With(requireAdmin).Delete("/", svc.DeleteUser)
 						r.With(requireAdmin).Put("/enable", svc.EnableUser)
@@ -124,7 +126,7 @@ func NewService(opts ...Option) Service {
 				})
 			})
 			r.Route("/config", func(r chi.Router) {
-				r.Get("/", svc.GetConfig)
+				r.With(requireUser).Get("/", svc.GetConfig)
 			})
 		})
 	})