Browse Source

Add option to enable the app only for users in a specific group (#135)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
master
Lukas Reschke 2 years ago
parent
commit
9bf62db3aa

+ 10
- 0
appinfo/app.php View File

@@ -23,6 +23,16 @@
namespace OCA\Richdocuments\AppInfo;

use OC\Security\CSP\ContentSecurityPolicy;
use OCA\Richdocuments\PermissionManager;

$currentUser = \OC::$server->getUserSession()->getUser();
if($currentUser !== null) {
/** @var PermissionManager $permissionManager */
$permissionManager = \OC::$server->query(PermissionManager::class);
if(!$permissionManager->isEnabledForUser($currentUser)) {
return;
}
}

$eventDispatcher = \OC::$server->getEventDispatcher();
$eventDispatcher->addListener(

+ 39
- 13
js/admin.js View File

@@ -40,15 +40,11 @@ var documentsSettings = {
);
},

saveGroups: function(groups) {
var data = {
'edit_groups': groups
};

saveGroups: function(data) {
$.post(
OC.filePath('richdocuments', 'ajax', 'admin.php'),
data
);
);
},

saveDocFormat: function(format) {
@@ -80,14 +76,23 @@ var documentsSettings = {
OC.msg.finishedAction('#enable-external-apps-section-msg', response);
},

initEditGroups: function() {
var groups = $('#edit_group_select').val();
initGroups: function() {
var selectorPrefixes = [
'edit',
'use'
];

for (i = 0; i < selectorPrefixes.length; i++) {
var selectorPrefix = selectorPrefixes[i];

var groups = $('#' + selectorPrefix + '_group_select').val();
if (groups !== '') {
OC.Settings.setupGroupsSelect($('#edit_group_select'));
$('.edit-groups-enable').attr('checked', 'checked');
OC.Settings.setupGroupsSelect($('#' + selectorPrefix + '_group_select'));
$('.' + selectorPrefix + '-groups-enable').attr('checked', 'checked');
} else {
$('.edit-groups-enable').attr('checked', null);
$('.' + selectorPrefix + '-groups-enable').attr('checked', null);
}
}
},

initExternalApps: function() {
@@ -106,7 +111,7 @@ var documentsSettings = {
},

initialize: function() {
documentsSettings.initEditGroups();
documentsSettings.initGroups();
documentsSettings.initExternalApps();

$('#wopi_apply').on('click', documentsSettings.save);
@@ -189,7 +194,7 @@ var documentsSettings = {
$(document).on('change', '#edit_group_select', function() {
var element = $(this).parent().find('input.edit-groups-enable');
var groups = $(this).val();
documentsSettings.saveGroups(groups);
documentsSettings.saveGroups({edit_groups: groups});
});

$(document).on('change', '.edit-groups-enable', function() {
@@ -207,6 +212,27 @@ var documentsSettings = {
$select.change();
});

$(document).on('change', '#use_group_select', function() {
var element = $(this).parent().find('input.use-groups-enable');
var groups = $(this).val();
documentsSettings.saveGroups({use_groups: groups});
});

$(document).on('change', '.use-groups-enable', function() {
var $select = $(this).parent().find('#use_group_select');
$select.val('');

if (this.checked) {
OC.Settings.setupGroupsSelect($select, {
placeholder: t('core', 'All')
});
} else {
$select.select2('destroy');
}

$select.change();
});

}
};


+ 7
- 0
lib/Controller/SettingsController.php View File

@@ -53,6 +53,7 @@ class SettingsController extends Controller{
public function getSettings() {
return new JSONResponse([
'wopi_url' => $this->appConfig->getAppValue('wopi_url'),
'use_groups' => $this->appConfig->getAppValue('use_groups'),
'edit_groups' => $this->appConfig->getAppValue('edit_groups'),
'doc_format' => $this->appConfig->getAppValue('doc_format'),
]);
@@ -61,11 +62,13 @@ class SettingsController extends Controller{
/**
* @param string $wopi_url
* @param string $edit_groups
* @param string $use_groups
* @param string $doc_format
* @return JSONResponse
*/
public function setSettings($wopi_url,
$edit_groups,
$use_groups,
$doc_format,
$external_apps){
$message = $this->l10n->t('Saved');
@@ -83,6 +86,10 @@ class SettingsController extends Controller{
$this->appConfig->setAppValue('edit_groups', $edit_groups);
}

if ($use_groups !== null){
$this->appConfig->setAppValue('use_groups', $use_groups);
}

if ($doc_format !== null) {
$this->appConfig->setAppValue('doc_format', $doc_format);
}

+ 65
- 0
lib/PermissionManager.php View File

@@ -0,0 +1,65 @@
<?php
/**
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/

namespace OCA\Richdocuments;

use OCP\IConfig;
use OCP\IGroupManager;
use OCP\IUser;

class PermissionManager {
const APP_ID = 'richdocuments';
/** @var IConfig */
private $config;
/** @var IGroupManager */
private $groupManager;

public function __construct(IConfig $config,
IGroupManager $groupManager) {
$this->config = $config;
$this->groupManager = $groupManager;
}

/**
* @param string $groupString
* @return array
*/
private function splitGroups($groupString) {
return explode('|', $groupString);
}

public function isEnabledForUser(IUser $user) {
$enabledForGroups = $this->config->getAppValue(self::APP_ID, 'use_groups', '');
if($enabledForGroups === '') {
return true;
}

$groups = $this->splitGroups($enabledForGroups);
$uid = $user->getUID();
foreach($groups as $group) {
if($this->groupManager->isInGroup($uid, $group)) {
return true;
}
}

return false;
}
}

+ 1
- 0
lib/Settings/Admin.php View File

@@ -48,6 +48,7 @@ class Admin implements ISettings {
[
'wopi_url' => $this->config->getAppValue('richdocuments', 'wopi_url'),
'edit_groups' => $this->config->getAppValue('richdocuments', 'edit_groups'),
'use_groups' => $this->config->getAppValue('richdocuments', 'use_groups'),
'doc_format' => $this->config->getAppValue('richdocuments', 'doc_format'),
'external_apps' => $this->config->getAppValue('richdocuments', 'external_apps'),
],

+ 6
- 1
templates/admin.php View File

@@ -1,5 +1,6 @@
<?php
script('richdocuments', 'admin');
/** @var array $_ */
?>
<div class="section" id="richdocuments">
<h2><?php p($l->t('Collabora Online')) ?></h2>
@@ -9,8 +10,12 @@ script('richdocuments', 'admin');
<br/><button type="button" id="wopi_apply"><?php p($l->t('Apply')) ?></button>
<span id="documents-admin-msg" class="msg"></span>
<br/>
<input type="checkbox" class="use-groups-enable" id="use_groups_enable-richdocuments" />
<label for="use_groups_enable-richdocuments"><?php p($l->t('Restrict usage to specific groups')) ?></label>
<input type="hidden" id="use_group_select" value="<?php p($_['use_groups'])?>" title="<?php p($l->t('All')); ?>" style="width: 200px">
<br/>
<input type="checkbox" class="edit-groups-enable" id="edit_groups_enable-richdocuments" />
<label for="edit_groups_enable-richdocuments"><?php p($l->t('Enable edit for specific groups')) ?></label>
<label for="edit_groups_enable-richdocuments"><?php p($l->t('Restrict edit to specific groups')) ?></label>
<input type="hidden" id="edit_group_select" value="<?php p($_['edit_groups'])?>" title="<?php p($l->t('All')); ?>" style="width: 200px">
<br/>
<input type="checkbox" class="doc-format-ooxml" id="doc_format_ooxml_enable-richdocuments" <?php p($_['doc_format'] === 'ooxml' ? 'checked' : '') ?> />

+ 118
- 0
tests/lib/PermissionManagerTest.php View File

@@ -0,0 +1,118 @@
<?php
/**
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/

namespace Tests\Richdocuments;

use OCA\Richdocuments\PermissionManager;
use OCP\IConfig;
use OCP\IGroupManager;
use OCP\IUser;
use Test\TestCase;

class PermissionManagerTest extends TestCase {
/** @var IConfig|\PHPUnit_Framework_MockObject_MockBuilder */
private $config;
/** @var IGroupManager|\PHPUnit_Framework_MockObject_MockBuilder */
private $groupManager;
/** @var PermissionManager */
private $permissionManager;

public function setUp() {
parent::setUp();
$this->config = $this->createMock(IConfig::class);
$this->groupManager = $this->createMock(IGroupManager::class);
$this->permissionManager = new PermissionManager($this->config, $this->groupManager);
}

public function testIsEnabledForUserEnabledNoRestrictions() {
/** @var IUser|\PHPUnit_Framework_MockObject_MockBuilder $user */
$user = $this->createMock(IUser::class);

$this->config
->expects($this->once())
->method('getAppValue')
->with('richdocuments', 'use_groups', '')
->willReturn('');

$this->assertTrue($this->permissionManager->isEnabledForUser($user));
}

public function testIsEnabledForUserEnabledNotInGroup() {
/** @var IUser|\PHPUnit_Framework_MockObject_MockBuilder $user */
$user = $this->createMock(IUser::class);
$user
->expects($this->once())
->method('getUID')
->willReturn('TestUser');

$this->config
->expects($this->once())
->method('getAppValue')
->with('richdocuments', 'use_groups', '')
->willReturn('Enabled1|Enabled2|Enabled3');

$this->groupManager
->expects($this->at(0))
->method('isInGroup')
->with('TestUser', 'Enabled1')
->willReturn(false);
$this->groupManager
->expects($this->at(1))
->method('isInGroup')
->with('TestUser', 'Enabled2')
->willReturn(false);
$this->groupManager
->expects($this->at(2))
->method('isInGroup')
->with('TestUser', 'Enabled3')
->willReturn(false);

$this->assertFalse($this->permissionManager->isEnabledForUser($user));
}

public function testIsEnabledForUserEnabledInGroup() {
/** @var IUser|\PHPUnit_Framework_MockObject_MockBuilder $user */
$user = $this->createMock(IUser::class);
$user
->expects($this->once())
->method('getUID')
->willReturn('TestUser');

$this->config
->expects($this->once())
->method('getAppValue')
->with('richdocuments', 'use_groups', '')
->willReturn('Enabled1|Enabled2|Enabled3');

$this->groupManager
->expects($this->at(0))
->method('isInGroup')
->with('TestUser', 'Enabled1')
->willReturn(false);
$this->groupManager
->expects($this->at(1))
->method('isInGroup')
->with('TestUser', 'Enabled2')
->willReturn(true);

$this->assertTrue($this->permissionManager->isEnabledForUser($user));
}
}

Loading…
Cancel
Save