open-dsi
/
nextcloud-server
mirror of https://github.com/nextcloud/server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Check if user is admin - bool

Browse Source 
There was no "isAdminUser()" function which returned bool. This is
irritiating as there were a loooooooot of places in the code which
checked this itself with `OC_Group::inGroup($uid, 'admin)` - why not
use a function for this?
(Especially if you consider that we might change the group name in the
future, which would lead to problems then)

Additionally, @Raydiation needed such a method for his AppFramework :)
remotes/origin/stable5
Lukas Reschke 12 years ago
parent fa78fbe0c3
commit 31b1a73e1f
16 changed files with 38 additions and 37 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      lib/api.php
  2. 4
      lib/app.php
  3. 8
      lib/json.php
  4. 2
      lib/migrate.php
  5. 4
      lib/ocs/cloud.php
  6. 7
      lib/subadmin.php
  7. 13
      lib/user.php
  8. 11
      lib/util.php
  9. 2
      settings/ajax/changepassword.php
  10. 4
      settings/ajax/createuser.php
  11. 2
      settings/ajax/removeuser.php
  12. 2
      settings/ajax/setquota.php
  13. 4
      settings/ajax/togglegroups.php
  14. 2
      settings/ajax/userlist.php
  15. 2
      settings/help.php
  16. 3
      settings/users.php

5
lib/api.php
Unescape View File

@ -127,8 +127,7 @@ class OC_API {
return false; return false;
} else { } else {
$subAdmin = OC_SubAdmin::isSubAdmin($user); $subAdmin = OC_SubAdmin::isSubAdmin($user);
$admin = OC_Group::inGroup($user, 'admin'); if($subAdmin) {
if($subAdmin || $admin) {
return true; return true;
} else { } else {
return false; return false;
@ -141,7 +140,7 @@ class OC_API {
if(!$user) { if(!$user) {
return false; return false;
} else { } else {
return OC_Group::inGroup($user, 'admin'); return OC_User::isAdminUser($user);
} }
break; break;
default: default:

4
lib/app.php
Unescape View File

@ -313,14 +313,14 @@ class OC_App{
$settings[]=array( "id" => "settings", "order" => 1000, "href" => OC_Helper::linkToRoute( "settings_settings" ), "name" => $l->t("Settings"), "icon" => OC_Helper::imagePath( "settings", "settings.svg" )); $settings[]=array( "id" => "settings", "order" => 1000, "href" => OC_Helper::linkToRoute( "settings_settings" ), "name" => $l->t("Settings"), "icon" => OC_Helper::imagePath( "settings", "settings.svg" ));
//SubAdmins are also allowed to access user management //SubAdmins are also allowed to access user management
if(OC_SubAdmin::isSubAdmin($_SESSION["user_id"]) || OC_Group::inGroup( $_SESSION["user_id"], "admin" )) { if(OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
// admin users menu // admin users menu
$settings[] = array( "id" => "core_users", "order" => 2, "href" => OC_Helper::linkToRoute( "settings_users" ), "name" => $l->t("Users"), "icon" => OC_Helper::imagePath( "settings", "users.svg" )); $settings[] = array( "id" => "core_users", "order" => 2, "href" => OC_Helper::linkToRoute( "settings_users" ), "name" => $l->t("Users"), "icon" => OC_Helper::imagePath( "settings", "users.svg" ));
} }
// if the user is an admin // if the user is an admin
if(OC_Group::inGroup( $_SESSION["user_id"], "admin" )) { if(OC_User::isAdminUser(OC_User::getUser())) {
// admin apps menu // admin apps menu
$settings[] = array( "id" => "core_apps", "order" => 3, "href" => OC_Helper::linkToRoute( "settings_apps" ).'?installed', "name" => $l->t("Apps"), "icon" => OC_Helper::imagePath( "settings", "apps.svg" )); $settings[] = array( "id" => "core_apps", "order" => 3, "href" => OC_Helper::linkToRoute( "settings_apps" ).'?installed', "name" => $l->t("Apps"), "icon" => OC_Helper::imagePath( "settings", "apps.svg" ));

8
lib/json.php
Unescape View File

@ -57,9 +57,7 @@ class OC_JSON{
* Check if the user is a admin, send json error msg if not * Check if the user is a admin, send json error msg if not
*/ */
public static function checkAdminUser() { public static function checkAdminUser() {
self::checkLoggedIn(); if( !OC_User::isAdminUser(OC_User::getUser())) {
self::verifyUser();
if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
$l = OC_L10N::get('lib'); $l = OC_L10N::get('lib');
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit(); exit();
@ -70,9 +68,7 @@ class OC_JSON{
* Check if the user is a subadmin, send json error msg if not * Check if the user is a subadmin, send json error msg if not
*/ */
public static function checkSubAdminUser() { public static function checkSubAdminUser() {
self::checkLoggedIn(); if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
self::verifyUser();
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
$l = OC_L10N::get('lib'); $l = OC_L10N::get('lib');
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit(); exit();

2
lib/migrate.php
Unescape View File

@ -219,7 +219,7 @@ class OC_Migrate{
// We need to be an admin if we are not importing our own data // We need to be an admin if we are not importing our own data
if(($type == 'user' && self::$uid != $currentuser) || $type != 'user' ) { if(($type == 'user' && self::$uid != $currentuser) || $type != 'user' ) {
if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) { if( !OC_User::isAdminUser($currentuser)) {
// Naughty. // Naughty.
OC_Log::write( 'migration', 'Import not permitted.', OC_Log::ERROR ); OC_Log::write( 'migration', 'Import not permitted.', OC_Log::ERROR );
return json_encode( array( 'success' => false ) ); return json_encode( array( 'success' => false ) );

4
lib/ocs/cloud.php
Unescape View File

@ -40,7 +40,7 @@ class OC_OCS_Cloud {
public static function getUserQuota($parameters) { public static function getUserQuota($parameters) {
$user = OC_User::getUser(); $user = OC_User::getUser();
if(OC_Group::inGroup($user, 'admin') or ($user==$parameters['user'])) { if(OC_User::isAdminUser($user) or ($user==$parameters['user'])) {
if(OC_User::userExists($parameters['user'])) { if(OC_User::userExists($parameters['user'])) {
// calculate the disc space // calculate the disc space
@ -82,7 +82,7 @@ class OC_OCS_Cloud {
public static function getUserPrivatekey($parameters) { public static function getUserPrivatekey($parameters) {
$user = OC_User::getUser(); $user = OC_User::getUser();
if(OC_Group::inGroup($user, 'admin') or ($user==$parameters['user'])) { if(OC_User::isAdminUser($user) or ($user==$parameters['user'])) {
if(OC_User::userExists($user)) { if(OC_User::userExists($user)) {
// calculate the disc space // calculate the disc space

7
lib/subadmin.php
Unescape View File

@ -122,6 +122,11 @@ class OC_SubAdmin{
* @return bool * @return bool
*/ */
public static function isSubAdmin($uid) { public static function isSubAdmin($uid) {
// Check if the user is already an admin
if(OC_Group::inGroup($uid, 'admin' )) {
return true;
}
$stmt = OC_DB::prepare('SELECT COUNT(*) AS `count` FROM `*PREFIX*group_admin` WHERE `uid` = ?'); $stmt = OC_DB::prepare('SELECT COUNT(*) AS `count` FROM `*PREFIX*group_admin` WHERE `uid` = ?');
$result = $stmt->execute(array($uid)); $result = $stmt->execute(array($uid));
$result = $result->fetchRow(); $result = $result->fetchRow();
@ -141,7 +146,7 @@ class OC_SubAdmin{
if(!self::isSubAdmin($subadmin)) { if(!self::isSubAdmin($subadmin)) {
return false; return false;
} }
if(OC_Group::inGroup($user, 'admin')) { if(OC_User::isAdminUser($user)) {
return false; return false;
} }
$accessiblegroups = self::getSubAdminsGroups($subadmin); $accessiblegroups = self::getSubAdminsGroups($subadmin);

13
lib/user.php
Unescape View File

@ -299,6 +299,19 @@ class OC_User {
return false; return false;
} }
/**
* @brief Check if the user is an admin user
* @param $uid uid of the admin
* @returns bool
*/
public static function isAdminUser($uid) {
if(OC_Group::inGroup($uid, 'admin' )) {
return true;
}
return false;
}
/** /**
* @brief get the user id of the user currently logged in. * @brief get the user id of the user currently logged in.
* @return string uid or false * @return string uid or false

11
lib/util.php
Unescape View File

@ -342,10 +342,7 @@ class OC_Util {
* Check if the user is a admin, redirects to home if not * Check if the user is a admin, redirects to home if not
*/ */
public static function checkAdminUser() { public static function checkAdminUser() {
// Check if we are a user if( !OC_User::isAdminUser(OC_User::getUser())) {
self::checkLoggedIn();
self::verifyUser();
if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' )); header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
exit(); exit();
} }
@ -356,12 +353,6 @@ class OC_Util {
* @return array $groups where the current user is subadmin * @return array $groups where the current user is subadmin
*/ */
public static function checkSubAdminUser() { public static function checkSubAdminUser() {
// Check if we are a user
self::checkLoggedIn();
self::verifyUser();
if(OC_Group::inGroup(OC_User::getUser(), 'admin')) {
return true;
}
if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) { if(!OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' )); header( 'Location: '.OC_Helper::linkToAbsolute( '', 'index.php' ));
exit(); exit();

2
settings/ajax/changepassword.php
Unescape View File

@ -9,7 +9,7 @@ $password = $_POST["password"];
$oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:''; $oldPassword=isset($_POST["oldpassword"])?$_POST["oldpassword"]:'';
$userstatus = null; $userstatus = null;
if(OC_Group::inGroup(OC_User::getUser(), 'admin')) { if(OC_User::isAdminUser(OC_User::getUser()) {
$userstatus = 'admin'; $userstatus = 'admin';
} }
if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { if(OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {

4
settings/ajax/createuser.php
Unescape View File

@ -3,9 +3,7 @@
OCP\JSON::callCheck(); OCP\JSON::callCheck();
OC_JSON::checkSubAdminUser(); OC_JSON::checkSubAdminUser();
$isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin')?true:false; if(OC_User::isAdminUser(OC_User::getUser())) {
if($isadmin) {
$groups = array(); $groups = array();
if( isset( $_POST["groups"] )) { if( isset( $_POST["groups"] )) {
$groups = $_POST["groups"]; $groups = $_POST["groups"];

2
settings/ajax/removeuser.php
Unescape View File

@ -10,7 +10,7 @@ if(OC_User::getUser() === $username) {
exit; exit;
} }
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) { if(!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username)) {
$l = OC_L10N::get('core'); $l = OC_L10N::get('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit(); exit();

2
settings/ajax/setquota.php
Unescape View File

@ -10,7 +10,7 @@ OCP\JSON::callCheck();
$username = isset($_POST["username"])?$_POST["username"]:''; $username = isset($_POST["username"])?$_POST["username"]:'';
if(($username == '' && !OC_Group::inGroup(OC_User::getUser(), 'admin')) || (!OC_Group::inGroup(OC_User::getUser(), 'admin') && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username))) { if(($username == '' && !OC_User::isAdminUser($user)) || (!OC_User::isAdminUser(OC_User::getUser()) && !OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username))) {
$l = OC_L10N::get('core'); $l = OC_L10N::get('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit(); exit();

4
settings/ajax/togglegroups.php
Unescape View File

@ -7,13 +7,13 @@ $success = true;
$username = $_POST["username"]; $username = $_POST["username"];
$group = $_POST["group"]; $group = $_POST["group"];
if($username == OC_User::getUser() && $group == "admin" && OC_Group::inGroup($username, 'admin')) { if($username == OC_User::getUser() && $group == "admin" && OC_User::isAdminUser($username)) {
$l = OC_L10N::get('core'); $l = OC_L10N::get('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group')))); OC_JSON::error(array( 'data' => array( 'message' => $l->t('Admins can\'t remove themself from the admin group'))));
exit(); exit();
} }
if(!OC_Group::inGroup(OC_User::getUser(), 'admin') && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) { if(!OC_User::isAdminUser(OC_User::getUser()) && (!OC_SubAdmin::isUserAccessible(OC_User::getUser(), $username) || !OC_SubAdmin::isGroupAccessible(OC_User::getUser(), $group))) {
$l = OC_L10N::get('core'); $l = OC_L10N::get('core');
OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') ))); OC_JSON::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit(); exit();

2
settings/ajax/userlist.php
Unescape View File

@ -28,7 +28,7 @@ if (isset($_GET['offset'])) {
$offset = 0; $offset = 0;
} }
$users = array(); $users = array();
if (OC_Group::inGroup(OC_User::getUser(), 'admin')) { if (OC_User::isAdminUser(OC_User::getUser())) {
$batch = OC_User::getUsers('', 10, $offset); $batch = OC_User::getUsers('', 10, $offset);
foreach ($batch as $user) { foreach ($batch as $user) {
$users[] = array( $users[] = array(

2
settings/help.php
Unescape View File

@ -27,7 +27,7 @@ $url1=OC_Helper::linkToRoute( "settings_help" ).'?mode=user';
$url2=OC_Helper::linkToRoute( "settings_help" ).'?mode=admin'; $url2=OC_Helper::linkToRoute( "settings_help" ).'?mode=admin';
$tmpl = new OC_Template( "settings", "help", "user" ); $tmpl = new OC_Template( "settings", "help", "user" );
$tmpl->assign( "admin", OC_Group::inGroup(OC_User::getUser(), 'admin') ); $tmpl->assign( "admin", OC_User::isAdminUser(OC_User::getUser()));
$tmpl->assign( "url", $url ); $tmpl->assign( "url", $url );
$tmpl->assign( "url1", $url1 ); $tmpl->assign( "url1", $url1 );
$tmpl->assign( "url2", $url2 ); $tmpl->assign( "url2", $url2 );

3
settings/users.php
Unescape View File

@ -18,8 +18,7 @@ OC_App::setActiveNavigationEntry( 'core_users' );
$users = array(); $users = array();
$groups = array(); $groups = array();
$isadmin = OC_Group::inGroup(OC_User::getUser(), 'admin')?true:false; if(OC_User::isAdminUser(OC_User::getUser())) {
if($isadmin) {
$accessiblegroups = OC_Group::getGroups(); $accessiblegroups = OC_Group::getGroups();
$accessibleusers = OC_User::getUsers('', 30); $accessibleusers = OC_User::getUsers('', 30);
$subadmins = OC_SubAdmin::getAllSubAdmins(); $subadmins = OC_SubAdmin::getAllSubAdmins();

Write Preview
Loading…
Cancel
Save