mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-02-13 23:49:05 -06:00
Code Issues Packages Projects Releases Wiki Activity

feat: list users as regular user

Browse Source
This commit is contained in:
Juan Pablo Villafáñez
2023-12-04 10:07:44 +01:00
committed by Ralf Haferkamp
parent 30f16dd80c
commit d86352dccd
2 changed files with 40 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
services/graph/pkg/service/v0/service.go
View File

@@ -247,7 +247,7 @@ func NewService(opts ...Option) (Graph, error) {
r.Post("/changePassword", svc.ChangeOwnPassword)
})
r.Route("/users", func(r chi.Router) {
r.With(requireAdmin).Get("/", svc.GetUsers)
r.Get("/", svc.GetUsers)
r.With(requireAdmin).Post("/", svc.PostUser)
r.Route("/{userID}", func(r chi.Router) {
r.Get("/", svc.GetUser)

39
services/graph/pkg/service/v0/users.go
View File

@@ -195,6 +195,21 @@ func (g Graph) GetUserDrive(w http.ResponseWriter, r *http.Request) {
}
}
func (g Graph) contextUserHasFullAccountPerms(reqctx context.Context) bool {
// mostly copied from the canCreateSpace method
pr, err := g.permissionsService.GetPermissionByID(reqctx, &settingssvc.GetPermissionByIDRequest{
PermissionId: defaults.AccountManagementPermission(0).Id,
})
if err != nil || pr.Permission == nil {
return false
}
if pr.Permission.Constraint != defaults.All {
return false
}
return true
}
// GetUsers implements the Service interface.
func (g Graph) GetUsers(w http.ResponseWriter, r *http.Request) {
logger := g.logger.SubloggerWithRequestID(r.Context())
@@ -207,6 +222,21 @@ func (g Graph) GetUsers(w http.ResponseWriter, r *http.Request) {
return
}
ctxHasFullPerms := g.contextUserHasFullAccountPerms(r.Context())
if !ctxHasFullPerms && (odataReq.Query == nil || odataReq.Query.Search == nil || len(odataReq.Query.Search.RawValue) < 3) {
// regular user must search with at least 3 chars
logger.Debug().Interface("query", r.URL.Query()).Msg("search with less than 3 chars for a regular user")
errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "regular users must enter at least 3 characters to search")
return
}
if !ctxHasFullPerms && (odataReq.Query.Filter != nil || odataReq.Query.Apply != nil || odataReq.Query.Expand != nil || odataReq.Query.Compute != nil) {
// regular users can't use filter, apply, expand and compute
logger.Debug().Interface("query", r.URL.Query()).Msg("forbidden query elements for a regular user")
errorcode.InvalidRequest.Render(w, r, http.StatusBadRequest, "query has forbidden elements for regular users")
return
}
logger.Debug().Interface("query", r.URL.Query()).Msg("calling get users on backend")
var users []*libregraph.User
@@ -232,6 +262,15 @@ func (g Graph) GetUsers(w http.ResponseWriter, r *http.Request) {
return
}
// If the user isn't admin, we'll show just the minimum user attibutes
if !ctxHasFullPerms {
finalUsers := make([]*libregraph.User, len(users))
for i, u := range users {
finalUsers[i] = &libregraph.User{Id: u.Id, DisplayName: u.DisplayName, Mail: u.Mail}
}
users = finalUsers
}
exp, err := identity.GetExpandValues(odataReq.Query)
if err != nil {
logger.Debug().Err(err).Interface("query", r.URL.Query()).Msg("could not get users: $expand error")