ocs: allow users to look up other users

Signed-off-by: Jörn Friedrich Dreyer <jfd@butonic.de>

ocs/pkg/middleware/requireuser.go

@@ -0,0 +1,32 @@
+package middleware
+
+import (
+	"net/http"
+
+	"github.com/cs3org/reva/pkg/user"
+	"github.com/go-chi/render"
+	"github.com/owncloud/ocis/ocs/pkg/service/v0/data"
+	"github.com/owncloud/ocis/ocs/pkg/service/v0/response"
+)
+
+// RequireUser middleware is used to require a user in context
+func RequireUser() func(next http.Handler) http.Handler {
+
+	return func(next http.Handler) http.Handler {
+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+
+			u, ok := user.ContextGetUser(r.Context())
+			if !ok {
+				render.Render(w, r, response.ErrRender(data.MetaUnauthorized.StatusCode, "Unauthorized"))
+				return
+			}
+			if u.Id == nil || u.Id.OpaqueId == "" {
+				render.Render(w, r, response.ErrRender(data.MetaBadRequest.StatusCode, "user is missing an id"))
+				return
+			}
+
+			next.ServeHTTP(w, r)
+
+		})
+	}
+}

ocs/pkg/service/v0/service.go

@@ -61,6 +61,8 @@ func NewService(opts ...Option) Service {
 		logger:      options.Logger,
 	}
 
+	requireUser := ocsm.RequireUser()
+
 	requireAdmin := ocsm.RequireAdmin(
 		ocsm.RoleManager(roleManager),
 	)
@@ -94,7 +96,7 @@ func NewService(opts ...Option) Service {
 					r.With(requireAdmin).Get("/", svc.ListUsers)
 					r.With(requireAdmin).Post("/", svc.AddUser)
 					r.Route("/{userid}", func(r chi.Router) {
-						r.With(requireSelfOrAdmin).Get("/", svc.GetUser)
+						r.With(requireUser).Get("/", svc.GetUser)
 						r.With(requireSelfOrAdmin).Put("/", svc.EditUser)
 						r.With(requireAdmin).Delete("/", svc.DeleteUser)
 						r.With(requireAdmin).Put("/enable", svc.EnableUser)
@@ -124,7 +126,7 @@ func NewService(opts ...Option) Service {
 				})
 			})
 			r.Route("/config", func(r chi.Router) {
-				r.Get("/", svc.GetConfig)
+				r.With(requireUser).Get("/", svc.GetConfig)
 			})
 		})
 	})