From 5dacb827de05371b54c5df3fb88fde597d30bebb Mon Sep 17 00:00:00 2001 From: Hoang Pham Date: Mon, 18 Nov 2024 16:40:42 +0700 Subject: [PATCH] share with teams Signed-off-by: Hoang Pham --- lib/Capabilities.php | 11 ++- lib/Constants/ShareReceiverType.php | 17 ++++ lib/Db/LegacyRowMapper.php | 7 +- lib/Db/RowCellMapperSuper.php | 5 +- lib/Db/Share.php | 2 +- lib/Db/ShareMapper.php | 9 +- lib/Helper/CircleHelper.php | 85 +++++++++++++++++ lib/Helper/UserHelper.php | 2 + lib/Middleware/PermissionMiddleware.php | 2 +- lib/Service/PermissionsService.php | 40 +++++++- lib/Service/ShareService.php | 47 ++++++++-- openapi.json | 4 + package-lock.json | 2 + package.json | 1 + src/modules/sidebar/mixins/shareAPI.js | 43 ++++++++- src/modules/sidebar/partials/ShareForm.vue | 91 +++++++++++++++---- src/modules/sidebar/partials/ShareList.vue | 28 +++--- src/shared/mixins/searchUserGroup.js | 29 +++--- src/shared/mixins/shareTypesMixin.js | 9 ++ src/shared/modals/DialogConfirmation.vue | 4 +- src/types/openapi/openapi.ts | 1 + tests/unit/Service/PermissionsServiceTest.php | 4 +- 22 files changed, 375 insertions(+), 68 deletions(-) create mode 100644 lib/Constants/ShareReceiverType.php create mode 100644 lib/Helper/CircleHelper.php diff --git a/lib/Capabilities.php b/lib/Capabilities.php index dea9ddd49..e4971a2fb 100644 --- a/lib/Capabilities.php +++ b/lib/Capabilities.php @@ -6,6 +6,7 @@ namespace OCA\Tables; +use OCA\Tables\Helper\CircleHelper; use OCP\App\IAppManager; use OCP\Capabilities\ICapability; use OCP\IConfig; @@ -18,18 +19,23 @@ */ class Capabilities implements ICapability { private IAppManager $appManager; + private LoggerInterface $logger; + private IConfig $config; - public function __construct(IAppManager $appManager, LoggerInterface $logger, IConfig $config) { + private CircleHelper $circleHelper; + + public function __construct(IAppManager $appManager, LoggerInterface $logger, IConfig $config, CircleHelper $circleHelper) { $this->appManager = $appManager; $this->logger = $logger; $this->config = $config; + $this->circleHelper = $circleHelper; } /** * - * @return array{tables: array{enabled: bool, version: string, apiVersions: string[], features: string[], column_types: string[]}} + * @return array{tables: array{enabled: bool, version: string, apiVersions: string[], features: string[], isCirclesEnabled: bool, column_types: string[]}} * * @inheritDoc */ @@ -52,6 +58,7 @@ public function getCapabilities(): array { 'favorite', 'archive', ], + 'isCirclesEnabled' => $this->circleHelper->isCirclesEnabled(), 'column_types' => [ 'text-line', $textColumnVariant, diff --git a/lib/Constants/ShareReceiverType.php b/lib/Constants/ShareReceiverType.php new file mode 100644 index 000000000..481044cce --- /dev/null +++ b/lib/Constants/ShareReceiverType.php @@ -0,0 +1,17 @@ + $filterGroup + */ + private function getInnerFilterExpressions(IQueryBuilder $qb, array $filterGroup, int $groupIndex): array { $innerFilterExpressions = []; foreach ($filterGroup as $index => $filter) { $innerFilterExpressions[] = $this->buildFilterByColumnType($qb, $filter, $groupIndex.$index); diff --git a/lib/Db/RowCellMapperSuper.php b/lib/Db/RowCellMapperSuper.php index a7dde5a08..d0bf704c8 100644 --- a/lib/Db/RowCellMapperSuper.php +++ b/lib/Db/RowCellMapperSuper.php @@ -41,7 +41,10 @@ public function formatEntity(Column $column, RowCellSuper $cell) { * Transform value from a filter rule to the actual query parameter used * for constructing the view filter query */ - public function filterValueToQueryParam(Column $column, $value) { + /** + * @param float|string $value + */ + public function filterValueToQueryParam(Column $column, string|float $value) { return $value; } diff --git a/lib/Db/Share.php b/lib/Db/Share.php index 36e85eea6..7109cc9fc 100644 --- a/lib/Db/Share.php +++ b/lib/Db/Share.php @@ -49,7 +49,7 @@ class Share extends Entity implements JsonSerializable { protected ?string $receiver = null; protected ?string $receiverDisplayName = null; - protected ?string $receiverType = null; // user, group + protected ?string $receiverType = null; // user, group, circle protected ?int $nodeId = null; protected ?string $nodeType = null; protected ?bool $permissionRead = null; diff --git a/lib/Db/ShareMapper.php b/lib/Db/ShareMapper.php index 82ae8a41a..1df77394c 100644 --- a/lib/Db/ShareMapper.php +++ b/lib/Db/ShareMapper.php @@ -102,16 +102,21 @@ public function findAllSharesFor(string $nodeType, string $receiver, string $use * @param string $nodeType * @param int $nodeId * @param string $sender + * @param array $excluded receiver types to exclude from results * @return array * @throws Exception */ - public function findAllSharesForNode(string $nodeType, int $nodeId, string $sender): array { - // TODO filter for sender... + public function findAllSharesForNode(string $nodeType, int $nodeId, string $sender, array $excluded = []): array { $qb = $this->db->getQueryBuilder(); $qb->select('*') ->from($this->table) ->andWhere($qb->expr()->eq('node_type', $qb->createNamedParameter($nodeType, IQueryBuilder::PARAM_STR))) ->andWhere($qb->expr()->eq('node_id', $qb->createNamedParameter($nodeId, IQueryBuilder::PARAM_INT))); + + if (!empty($excluded)) { + $qb->andWhere($qb->expr()->notIn('receiver_type', $qb->createNamedParameter($excluded, IQueryBuilder::PARAM_STR_ARRAY))); + } + return $this->findEntities($qb); } diff --git a/lib/Helper/CircleHelper.php b/lib/Helper/CircleHelper.php new file mode 100644 index 000000000..e40282fab --- /dev/null +++ b/lib/Helper/CircleHelper.php @@ -0,0 +1,85 @@ +circlesEnabled = $appManager->isEnabledForUser('circles'); + $this->circlesManager = null; + + if ($this->circlesEnabled) { + try { + $this->circlesManager = Server::get(CirclesManager::class); + } catch (Throwable $e) { + $this->logger->warning('Failed to get CirclesManager: ' . $e->getMessage()); + $this->circlesEnabled = false; + } + } + } + + public function isCirclesEnabled(): bool { + return $this->circlesEnabled; + } + + public function getCircleDisplayName(string $circleId, string $userId): string { + if (!$this->circlesEnabled) { + return $circleId; + } + + try { + $federatedUser = $this->circlesManager->getFederatedUser($userId, Member::TYPE_USER); + $this->circlesManager->startSession($federatedUser); + + $circle = $this->circlesManager->getCircle($circleId); + return $circle ? ($circle->getDisplayName() ?: $circleId) : $circleId; + } catch (Throwable $e) { + $this->logger->warning('Failed to get circle display name: ' . $e->getMessage(), [ + 'circleId' => $circleId, + 'userId' => $userId + ]); + return $circleId; + } + } + + public function getUserCircles(string $userId): array { + if (!$this->circlesEnabled) { + return []; + } + + try { + $federatedUser = $this->circlesManager->getFederatedUser($userId, Member::TYPE_USER); + $this->circlesManager->startSession($federatedUser); + $probe = new CircleProbe(); + $probe->mustBeMember(); + return $this->circlesManager->getCircles($probe); + } catch (Throwable $e) { + $this->logger->warning('Failed to get user circles: ' . $e->getMessage()); + return []; + } + } +} diff --git a/lib/Helper/UserHelper.php b/lib/Helper/UserHelper.php index 3596af057..e5be4f911 100644 --- a/lib/Helper/UserHelper.php +++ b/lib/Helper/UserHelper.php @@ -18,6 +18,7 @@ class UserHelper { private IUserManager $userManager; private LoggerInterface $logger; + private IGroupManager $groupManager; public function __construct(IUserManager $userManager, LoggerInterface $logger, IGroupManager $groupManager) { @@ -25,6 +26,7 @@ public function __construct(IUserManager $userManager, LoggerInterface $logger, $this->logger = $logger; $this->groupManager = $groupManager; } + public function getUserDisplayName(string $userId): string { try { $user = $this->getUser($userId); diff --git a/lib/Middleware/PermissionMiddleware.php b/lib/Middleware/PermissionMiddleware.php index c16d958cc..4170f2752 100644 --- a/lib/Middleware/PermissionMiddleware.php +++ b/lib/Middleware/PermissionMiddleware.php @@ -50,7 +50,7 @@ public function beforeController(Controller $controller, string $methodName) { $this->assertCanManageContext(); } - protected function assertPermission($controller, $methodName): void { + protected function assertPermission(Controller $controller, string $methodName): void { $reflectionMethod = new \ReflectionMethod($controller, $methodName); $permissionReqs = $reflectionMethod->getAttributes(RequirePermission::class); if ($permissionReqs) { diff --git a/lib/Service/PermissionsService.php b/lib/Service/PermissionsService.php index cacf99abe..e35c972a0 100644 --- a/lib/Service/PermissionsService.php +++ b/lib/Service/PermissionsService.php @@ -18,6 +18,7 @@ use OCA\Tables\Db\ViewMapper; use OCA\Tables\Errors\InternalError; use OCA\Tables\Errors\NotFoundError; +use OCA\Tables\Helper\CircleHelper; use OCA\Tables\Helper\ConversionHelper; use OCA\Tables\Helper\UserHelper; use OCA\Tables\Model\Permissions; @@ -25,6 +26,7 @@ use OCP\AppFramework\Db\MultipleObjectsReturnedException; use OCP\DB\Exception; use Psr\Log\LoggerInterface; +use Throwable; class PermissionsService { private TableMapper $tableMapper; @@ -35,11 +37,14 @@ class PermissionsService { private UserHelper $userHelper; + private CircleHelper $circleHelper; + protected LoggerInterface $logger; protected ?string $userId = null; protected bool $isCli = false; + private ContextMapper $contextMapper; public function __construct( @@ -50,6 +55,7 @@ public function __construct( ShareMapper $shareMapper, ContextMapper $contextMapper, UserHelper $userHelper, + CircleHelper $circleHelper, bool $isCLI ) { $this->tableMapper = $tableMapper; @@ -60,6 +66,7 @@ public function __construct( $this->userId = $userId; $this->isCli = $isCLI; $this->contextMapper = $contextMapper; + $this->circleHelper = $circleHelper; } @@ -420,6 +427,7 @@ public function canReadShare(Share $share, ?string $userId = null): bool { * @param int $elementId * @param 'table'|'view' $elementType * @param string $userId + * @return Permissions * @throws NotFoundError */ public function getSharedPermissionsIfSharedWithMe(int $elementId, string $elementType, string $userId): Permissions { @@ -436,16 +444,40 @@ public function getSharedPermissionsIfSharedWithMe(int $elementId, string $eleme $this->logger->warning('Exception occurred: '.$e->getMessage().' Permission denied.'); return new Permissions(); } - $additionalShares = []; + $groupShares = []; foreach ($userGroups as $userGroup) { try { - $additionalShares[] = $this->shareMapper->findAllSharesForNodeFor($elementType, $elementId, $userGroup->getGid(), 'group'); + $groupShares[] = $this->shareMapper->findAllSharesForNodeFor($elementType, $elementId, $userGroup->getGid(), 'group'); } catch (Exception $e) { $this->logger->warning('Exception occurred: '.$e->getMessage().' Permission denied.'); return new Permissions(); } } - $shares = array_merge($shares, ...$additionalShares); + + $shares = array_merge($shares, ...$groupShares); + + if ($this->circleHelper->isCirclesEnabled()) { + $circleShares = []; + + try { + $userCircles = $this->circleHelper->getUserCircles($userId); + } catch (Throwable $e) { + $this->logger->warning('Exception occurred: ' . $e->getMessage() . ' Permission denied.'); + return new Permissions(); + } + + foreach ($userCircles as $userCircle) { + try { + $circleShares[] = $this->shareMapper->findAllSharesForNodeFor($elementType, $elementId, $userCircle->getSingleId(), 'circle'); + } catch (Exception $e) { + $this->logger->warning('Exception occurred: ' . $e->getMessage() . ' Permission denied.'); + return new Permissions(); + } + } + + $shares = array_merge($shares, ...$circleShares); + } + if (count($shares) > 0) { $read = array_reduce($shares, function ($carry, $share) { return $carry || ($share->getPermissionRead()); @@ -520,7 +552,7 @@ private function hasPermission(int $existingPermissions, string $permissionName) $constantName = 'PERMISSION_' . strtoupper($permissionName); try { $permissionBit = constant(Application::class . "::$constantName"); - } catch (\Throwable $t) { + } catch (Throwable $t) { $this->logger->error('Unexpected permission string {permission}', [ 'app' => Application::APP_ID, 'permission' => $permissionName, diff --git a/lib/Service/ShareService.php b/lib/Service/ShareService.php index 53f39ae83..c84bc228f 100644 --- a/lib/Service/ShareService.php +++ b/lib/Service/ShareService.php @@ -12,6 +12,7 @@ use DateTime; use InvalidArgumentException; +use OCA\Tables\Constants\ShareReceiverType; use OCA\Tables\Db\Context; use OCA\Tables\Db\ContextNavigation; use OCA\Tables\Db\ContextNavigationMapper; @@ -24,9 +25,9 @@ use OCA\Tables\Errors\InternalError; use OCA\Tables\Errors\NotFoundError; use OCA\Tables\Errors\PermissionError; +use OCA\Tables\Helper\CircleHelper; use OCA\Tables\Helper\GroupHelper; use OCA\Tables\Helper\UserHelper; - use OCA\Tables\Model\Permissions; use OCA\Tables\ResponseDefinitions; use OCP\AppFramework\Db\DoesNotExistException; @@ -35,6 +36,7 @@ use OCP\DB\Exception; use OCP\IDBConnection; use Psr\Log\LoggerInterface; +use Throwable; /** * @psalm-import-type TablesShare from ResponseDefinitions @@ -51,7 +53,11 @@ class ShareService extends SuperService { protected UserHelper $userHelper; protected GroupHelper $groupHelper; + + protected CircleHelper $circleHelper; + private ContextNavigationMapper $contextNavigationMapper; + private IDBConnection $dbc; public function __construct( @@ -63,6 +69,7 @@ public function __construct( ViewMapper $viewMapper, UserHelper $userHelper, GroupHelper $groupHelper, + CircleHelper $circleHelper, ContextNavigationMapper $contextNavigationMapper, IDBConnection $dbc, ) { @@ -72,6 +79,7 @@ public function __construct( $this->viewMapper = $viewMapper; $this->userHelper = $userHelper; $this->groupHelper = $groupHelper; + $this->circleHelper = $circleHelper; $this->contextNavigationMapper = $contextNavigationMapper; $this->dbc = $dbc; } @@ -85,7 +93,9 @@ public function findAll(string $nodeType, int $nodeId, ?string $userId = null, b $userId = $this->permissionsService->preCheckUserId($userId); try { - $shares = $this->mapper->findAllSharesForNode($nodeType, $nodeId, $userId); + $excluded = !$this->circleHelper->isCirclesEnabled() ? [ShareReceiverType::CIRCLE] : []; + $shares = $this->mapper->findAllSharesForNode($nodeType, $nodeId, $userId, $excluded); + return $enhanceShares ? $this->addReceiverDisplayNames($shares) : $shares; } catch (Exception $e) { $this->logger->error($e->getMessage()); @@ -112,7 +122,10 @@ public function find(int $id):Share { try { $item = $this->mapper->find($id); - // security + if (!$this->circleHelper->isCirclesEnabled() && $item->getReceiverType() === ShareReceiverType::CIRCLE) { + throw new NotFoundError('Share not found - Circles app is disabled'); + } + if (!$this->permissionsService->canReadShare($item)) { throw new PermissionError('PermissionError: can not read share with id '.$id); } @@ -160,10 +173,20 @@ private function findElementsSharedWithMe(string $elementType = 'table', ?string // get all views or tables that are shared with me by group $userGroups = $this->userHelper->getGroupsForUser($userId); foreach ($userGroups as $userGroup) { - $shares = $this->mapper->findAllSharesFor($elementType, $userGroup->getGid(), $userId, 'group'); + $shares = $this->mapper->findAllSharesFor($elementType, $userGroup->getGid(), $userId, ShareReceiverType::GROUP); $elementsSharedWithMe = array_merge($elementsSharedWithMe, $shares); } - } catch (Exception $e) { + + // get all views or tables that are shared with me by circle + if ($this->circleHelper->isCirclesEnabled()) { + $userCircles = $this->circleHelper->getUserCircles($userId); + + foreach ($userCircles as $userCircle) { + $shares = $this->mapper->findAllSharesFor($elementType, $userCircle->getSingleId(), $userId, ShareReceiverType::CIRCLE); + $elementsSharedWithMe = array_merge($elementsSharedWithMe, $shares); + } + } + } catch (Throwable $e) { throw new InternalError($e->getMessage()); } foreach ($elementsSharedWithMe as $share) { @@ -394,10 +417,20 @@ public function delete(int $id): Share { * @return Share */ private function addReceiverDisplayName(Share $share):Share { - if ($share->getReceiverType() === 'user') { + if ($share->getReceiverType() === ShareReceiverType::USER) { $share->setReceiverDisplayName($this->userHelper->getUserDisplayName($share->getReceiver())); - } elseif ($share->getReceiverType() === 'group') { + } elseif ($share->getReceiverType() === ShareReceiverType::GROUP) { $share->setReceiverDisplayName($this->groupHelper->getGroupDisplayName($share->getReceiver())); + } elseif ($share->getReceiverType() === ShareReceiverType::CIRCLE) { + if ($this->circleHelper->isCirclesEnabled()) { + $share->setReceiverDisplayName($this->circleHelper->getCircleDisplayName($share->getReceiver(), $this->userId)); + } else { + $this->logger->info( + 'Could not get display name for receiver type {type}', + ['type' => $share->getReceiverType()] + ); + $share->setReceiverDisplayName($share->getReceiver()); + } } else { $this->logger->info('can not use receiver type to get display name'); $share->setReceiverDisplayName($share->getReceiver()); diff --git a/openapi.json b/openapi.json index fddafc065..a18714b08 100644 --- a/openapi.json +++ b/openapi.json @@ -33,6 +33,7 @@ "version", "apiVersions", "features", + "isCirclesEnabled", "column_types" ], "properties": { @@ -54,6 +55,9 @@ "type": "string" } }, + "isCirclesEnabled": { + "type": "boolean" + }, "column_types": { "type": "array", "items": { diff --git a/package-lock.json b/package-lock.json index 4a087e7b2..d3df19d99 100644 --- a/package-lock.json +++ b/package-lock.json @@ -12,6 +12,7 @@ "@mdi/svg": "^7.4.47", "@nextcloud/auth": "^2.4.0", "@nextcloud/axios": "^2.5.1", + "@nextcloud/capabilities": "^1.2.0", "@nextcloud/dialogs": "^6.0.1", "@nextcloud/event-bus": "^3.3.1", "@nextcloud/files": "^3.10.0", @@ -2641,6 +2642,7 @@ "version": "1.2.0", "resolved": "https://registry.npmjs.org/@nextcloud/capabilities/-/capabilities-1.2.0.tgz", "integrity": "sha512-L1NQtOfHWzkfj0Ple1MEJt6HmOHWAi3y4qs+OnwSWexqJT0DtXTVPyRxi7ADyITwRxS5H9R/HMl6USAj4Nr1nQ==", + "license": "GPL-3.0-or-later", "dependencies": { "@nextcloud/initial-state": "^2.1.0" }, diff --git a/package.json b/package.json index ce540b429..0c51de143 100644 --- a/package.json +++ b/package.json @@ -29,6 +29,7 @@ "@mdi/svg": "^7.4.47", "@nextcloud/auth": "^2.4.0", "@nextcloud/axios": "^2.5.1", + "@nextcloud/capabilities": "^1.2.0", "@nextcloud/dialogs": "^6.0.1", "@nextcloud/event-bus": "^3.3.1", "@nextcloud/files": "^3.10.0", diff --git a/src/modules/sidebar/mixins/shareAPI.js b/src/modules/sidebar/mixins/shareAPI.js index a60e32665..27b5a2de6 100644 --- a/src/modules/sidebar/mixins/shareAPI.js +++ b/src/modules/sidebar/mixins/shareAPI.js @@ -6,8 +6,11 @@ import axios from '@nextcloud/axios' import { generateUrl } from '@nextcloud/router' import '@nextcloud/dialogs/style.css' import displayError from '../../../shared/utils/displayError.js' +import ShareTypes from '../../../shared/mixins/shareTypesMixin.js' export default { + mixins: [ShareTypes], + methods: { async getSharedWithFromBE() { try { @@ -23,16 +26,23 @@ export default { return shares.concat(res.data) } } catch (e) { + console.error('Error fetching shares:', e) displayError(e, t('tables', 'Could not fetch shares.')) + return [] } }, async sendNewShareToBE(share) { + if (!this.isValidShareType(share.shareType)) { + console.warn('Unsupported share type:', share.shareType) + return false + } + const data = { nodeType: this.isView ? 'view' : 'table', nodeId: this.activeElement.id, receiver: share.user, - receiverType: (share.isNoUser) ? 'group' : 'user', + receiverType: this.getReceiverType(share.shareType), permissionRead: true, permissionCreate: true, permissionUpdate: true, @@ -45,8 +55,11 @@ export default { displayError(e, t('tables', 'Could not create share.')) return false } - if (this.isView) await this.$store.dispatch('setViewHasShares', { viewId: this.activeElement.id, hasShares: true }) - else await this.$store.dispatch('setTableHasShares', { tableId: this.isView ? this.activeElement.tableId : this.activeElement.id, hasShares: true }) + if (this.isView) { + await this.$store.dispatch('setViewHasShares', { viewId: this.activeElement.id, hasShares: true }) + } else { + await this.$store.dispatch('setTableHasShares', { tableId: this.isView ? this.activeElement.tableId : this.activeElement.id, hasShares: true }) + } return true }, async removeShareFromBE(shareId) { @@ -64,5 +77,29 @@ export default { displayError(e, t('tables', 'Could not update share.')) } }, + + isValidShareType(shareType) { + if (shareType === this.SHARE_TYPES.SHARE_TYPE_CIRCLE && !this.isCirclesEnabled) { + return false + } + return [ + this.SHARE_TYPES.SHARE_TYPE_USER, + this.SHARE_TYPES.SHARE_TYPE_GROUP, + ...(this.isCirclesEnabled ? [this.SHARE_TYPES.SHARE_TYPE_CIRCLE] : []), + ].includes(shareType) + }, + + getReceiverType(shareType) { + switch (shareType) { + case this.SHARE_TYPES.SHARE_TYPE_USER: + return 'user' + case this.SHARE_TYPES.SHARE_TYPE_GROUP: + return 'group' + case this.SHARE_TYPES.SHARE_TYPE_CIRCLE: + return 'circle' + default: + throw new Error('Invalid share type') + } + }, }, } diff --git a/src/modules/sidebar/partials/ShareForm.vue b/src/modules/sidebar/partials/ShareForm.vue index 2d5151125..733b50dc5 100644 --- a/src/modules/sidebar/partials/ShareForm.vue +++ b/src/modules/sidebar/partials/ShareForm.vue @@ -4,12 +4,11 @@ -->