2016-09-23 18:02:41 +08:00
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* Nextcloud - passman
|
|
|
|
|
*
|
|
|
|
|
* This file is licensed under the Affero General Public License version 3 or
|
|
|
|
|
* later. See the COPYING file.
|
|
|
|
|
*
|
|
|
|
|
* @author Sander Brand <brantje@gmail.com>
|
|
|
|
|
* @copyright Sander Brand 2016
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
namespace OCA\Passman\Controller;
|
|
|
|
|
|
2016-10-02 23:19:12 +08:00
|
|
|
use OCA\Passman\Db\ShareRequest;
|
2016-10-04 04:55:33 +08:00
|
|
|
use OCA\Passman\Db\SharingACL;
|
2016-09-27 02:36:51 +08:00
|
|
|
use OCA\Passman\Db\Vault;
|
2016-10-02 20:41:38 +08:00
|
|
|
use OCA\Passman\Service\CredentialService;
|
|
|
|
|
use OCA\Passman\Service\NotificationService;
|
2016-10-02 07:56:36 +08:00
|
|
|
use OCA\Passman\Service\ShareService;
|
2016-10-04 04:43:36 +08:00
|
|
|
use OCP\AppFramework\Db\DoesNotExistException;
|
|
|
|
|
use OCP\AppFramework\Http\NotFoundResponse;
|
2016-09-23 18:02:41 +08:00
|
|
|
use OCP\IRequest;
|
|
|
|
|
use OCP\AppFramework\Http\JSONResponse;
|
|
|
|
|
use OCP\AppFramework\ApiController;
|
|
|
|
|
|
|
|
|
|
use OCP\IGroup;
|
|
|
|
|
use OCP\IGroupManager;
|
|
|
|
|
use OCP\IUserManager;
|
|
|
|
|
use OCP\IUser;
|
|
|
|
|
|
|
|
|
|
use OCA\Passman\Service\VaultService;
|
2016-09-24 21:58:02 +08:00
|
|
|
use OCA\Passman\Service\ActivityService;
|
2016-10-02 19:35:49 +08:00
|
|
|
use OCA\Passman\Activity;
|
2016-09-24 21:58:02 +08:00
|
|
|
|
2016-09-23 18:02:41 +08:00
|
|
|
|
|
|
|
|
class ShareController extends ApiController {
|
|
|
|
|
private $userId;
|
2016-09-23 23:03:36 +08:00
|
|
|
private $activityService;
|
2016-09-23 18:02:41 +08:00
|
|
|
private $groupManager;
|
|
|
|
|
private $userManager;
|
2016-09-27 02:36:51 +08:00
|
|
|
private $vaultService;
|
2016-10-02 20:41:38 +08:00
|
|
|
private $shareService;
|
|
|
|
|
private $credentialService;
|
|
|
|
|
private $notificationService;
|
2016-10-02 07:56:36 +08:00
|
|
|
|
2016-09-23 18:02:41 +08:00
|
|
|
private $limit = 50;
|
|
|
|
|
private $offset = 0;
|
|
|
|
|
|
|
|
|
|
public function __construct($AppName,
|
|
|
|
|
IRequest $request,
|
2016-10-04 21:00:24 +08:00
|
|
|
IUser $UserId,
|
2016-09-23 18:02:41 +08:00
|
|
|
IGroupManager $groupManager,
|
2016-09-23 23:03:36 +08:00
|
|
|
IUserManager $userManager,
|
2016-09-27 02:36:51 +08:00
|
|
|
ActivityService $activityService,
|
2016-10-02 07:56:36 +08:00
|
|
|
VaultService $vaultService,
|
2016-10-02 20:41:38 +08:00
|
|
|
ShareService $shareService,
|
|
|
|
|
CredentialService $credentialService,
|
|
|
|
|
NotificationService $notificationService
|
2016-09-23 18:02:41 +08:00
|
|
|
) {
|
|
|
|
|
parent::__construct($AppName, $request);
|
2016-10-02 20:41:38 +08:00
|
|
|
|
2016-09-23 18:02:41 +08:00
|
|
|
$this->userId = $UserId;
|
|
|
|
|
$this->userManager = $userManager;
|
|
|
|
|
$this->groupManager = $groupManager;
|
2016-09-23 23:03:36 +08:00
|
|
|
$this->activityService = $activityService;
|
2016-09-27 02:36:51 +08:00
|
|
|
$this->vaultService = $vaultService;
|
2016-10-02 20:41:38 +08:00
|
|
|
$this->shareService = $shareService;
|
|
|
|
|
$this->credentialService = $credentialService;
|
|
|
|
|
$this->notificationService = $notificationService;
|
2016-09-23 18:02:41 +08:00
|
|
|
}
|
|
|
|
|
|
2016-10-04 04:55:33 +08:00
|
|
|
/**
|
|
|
|
|
* @param $item_id
|
|
|
|
|
* @param $item_guid
|
|
|
|
|
* @param $permissions
|
|
|
|
|
* @param $expire_timestamp
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
2016-10-04 05:33:32 +08:00
|
|
|
public function createPublicShare($item_id, $item_guid, $permissions, $expire_timestamp, $expire_views) {
|
2016-10-04 04:55:33 +08:00
|
|
|
$acl = new SharingACL();
|
|
|
|
|
|
|
|
|
|
$acl->setItemId($item_id);
|
2016-10-04 05:43:38 +08:00
|
|
|
$acl->setItemGuid($item_guid);
|
2016-10-04 04:55:33 +08:00
|
|
|
$acl->setPermissions($permissions);
|
|
|
|
|
$acl->setExpire($expire_timestamp);
|
2016-10-04 05:33:32 +08:00
|
|
|
$acl->setExpireViews($expire_views);
|
2016-10-04 04:55:33 +08:00
|
|
|
|
2016-10-04 05:53:46 +08:00
|
|
|
$this->shareService->createACLEntry($acl);
|
2016-10-04 04:55:33 +08:00
|
|
|
}
|
2016-10-02 21:39:52 +08:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
2016-10-02 20:41:38 +08:00
|
|
|
public function applyIntermediateShare($item_id, $item_guid, $vaults, $permissions) {
|
|
|
|
|
/**
|
|
|
|
|
* Assemble notification
|
|
|
|
|
*/
|
2016-10-04 06:36:40 +08:00
|
|
|
//@TODO add expire_time
|
|
|
|
|
//@TODO add expire_views
|
2016-10-02 20:41:38 +08:00
|
|
|
$credential = $this->credentialService->getCredentialById($item_id, $this->userId->getUID());
|
2016-10-02 22:10:04 +08:00
|
|
|
$credential_owner = $credential->getUserId();
|
|
|
|
|
$result = $this->shareService->createBulkRequests($item_id, $item_guid, $vaults, $permissions, $credential_owner);
|
2016-10-02 20:41:38 +08:00
|
|
|
if ($credential) {
|
|
|
|
|
$processed_users = array();
|
|
|
|
|
|
|
|
|
|
foreach ($result as $vault){
|
|
|
|
|
if(!in_array($vault->getTargetUserId(), $processed_users)){
|
|
|
|
|
$target_user = $vault->getTargetUserId();
|
|
|
|
|
$notification = array(
|
|
|
|
|
'from_user' => ucfirst($this->userId->getDisplayName()),
|
|
|
|
|
'credential_label' => $credential->getLabel(),
|
|
|
|
|
'credential_id' => $credential->getId(),
|
|
|
|
|
'item_id' => $credential->getId(),
|
|
|
|
|
'target_user' => $target_user,
|
|
|
|
|
'req_id' => $vault->getId()
|
|
|
|
|
);
|
|
|
|
|
$this->notificationService->credentialSharedNotification(
|
|
|
|
|
$notification
|
|
|
|
|
);
|
|
|
|
|
array_push($processed_users, $target_user);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
return new JSONResponse($result);
|
|
|
|
|
}
|
2016-09-23 18:02:41 +08:00
|
|
|
|
2016-10-02 21:39:52 +08:00
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
2016-09-23 18:02:41 +08:00
|
|
|
public function searchUsers($search) {
|
|
|
|
|
$users = array();
|
|
|
|
|
$usersTmp = $this->userManager->searchDisplayName($search, $this->limit, $this->offset);
|
|
|
|
|
|
|
|
|
|
foreach ($usersTmp as $user) {
|
2016-10-03 04:11:26 +08:00
|
|
|
if ($this->userId->getUID() != $user->getUID() && count($this->vaultService->getByUser($user->getUID())) >= 1) {
|
2016-09-27 01:20:48 +08:00
|
|
|
$users[] = array(
|
|
|
|
|
'text' => $user->getDisplayName(),
|
|
|
|
|
'uid' => $user->getUID(),
|
|
|
|
|
'type' => 'user'
|
|
|
|
|
);
|
|
|
|
|
}
|
2016-09-23 18:02:41 +08:00
|
|
|
}
|
2016-10-02 16:53:15 +08:00
|
|
|
return $users;
|
2016-09-23 18:02:41 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2016-10-03 21:50:10 +08:00
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
|
|
|
|
public function unshareCredential($item_guid){
|
|
|
|
|
$acl_list = $this->shareService->getCredentialAclList($item_guid);
|
|
|
|
|
$request_list = $this->shareService->getShareRequestsByGuid($item_guid);
|
|
|
|
|
foreach ($acl_list as $ACL){
|
|
|
|
|
$this->shareService->deleteShareACL($ACL);
|
|
|
|
|
}
|
|
|
|
|
foreach($request_list as $request){
|
|
|
|
|
$this->shareService->deleteShareRequest($request);
|
|
|
|
|
}
|
|
|
|
|
return new JSONResponse(array('result' => true));
|
|
|
|
|
}
|
|
|
|
|
|
2016-09-23 18:02:41 +08:00
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
|
|
|
|
public function search($search) {
|
2016-10-02 16:53:15 +08:00
|
|
|
$user_search = $this->searchUsers($search);
|
|
|
|
|
return new JSONResponse($user_search);
|
2016-09-23 18:02:41 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
2016-09-27 02:36:51 +08:00
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
2016-10-02 20:41:38 +08:00
|
|
|
public function getVaultsByUser($user_id) {
|
2016-09-27 02:36:51 +08:00
|
|
|
$user_vaults = $this->vaultService->getByUser($user_id);
|
|
|
|
|
$result = array();
|
2016-10-02 20:41:38 +08:00
|
|
|
foreach ($user_vaults as $vault) {
|
2016-09-27 02:36:51 +08:00
|
|
|
array_push($result,
|
|
|
|
|
array(
|
2016-10-02 07:56:36 +08:00
|
|
|
'vault_id' => $vault->getId(),
|
2016-09-27 02:36:51 +08:00
|
|
|
'guid' => $vault->getGuid(),
|
|
|
|
|
'public_sharing_key' => $vault->getPublicSharingKey(),
|
|
|
|
|
'user_id' => $user_id,
|
|
|
|
|
));
|
|
|
|
|
}
|
|
|
|
|
return new JSONResponse($result);
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-02 21:39:52 +08:00
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
2016-10-02 19:48:23 +08:00
|
|
|
public function savePendingRequest($item_guid, $target_vault_guid, $final_shared_key) {
|
2016-10-04 20:51:13 +08:00
|
|
|
try {
|
|
|
|
|
$sr = $this->shareService->getRequestByGuid($item_guid, $target_vault_guid);
|
|
|
|
|
}
|
|
|
|
|
catch (DoesNotExistException $ex){
|
|
|
|
|
return new NotFoundResponse();
|
|
|
|
|
}
|
2016-10-03 00:42:43 +08:00
|
|
|
|
|
|
|
|
$manager = \OC::$server->getNotificationManager();
|
|
|
|
|
$notification = $manager->createNotification();
|
|
|
|
|
$notification->setApp('passman')
|
|
|
|
|
->setObject('passman_share_request', $sr->getId())
|
|
|
|
|
->setUser($this->userId->getUID());
|
|
|
|
|
$manager->markProcessed($notification);
|
|
|
|
|
|
2016-10-03 00:47:02 +08:00
|
|
|
$notification = array(
|
|
|
|
|
'from_user' => ucfirst($this->userId->getDisplayName()),
|
|
|
|
|
'credential_label' => $this->credentialService->getCredentialLabelById($sr->getItemId())->getLabel(),
|
|
|
|
|
'target_user' => $sr->getFromUserId(),
|
|
|
|
|
'req_id' => $sr->getId()
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
$this->notificationService->credentialAcceptedSharedNotification(
|
|
|
|
|
$notification
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
2016-10-02 20:41:38 +08:00
|
|
|
$this->shareService->applyShare($item_guid, $target_vault_guid, $final_shared_key);
|
|
|
|
|
}
|
2016-10-02 19:48:23 +08:00
|
|
|
|
2016-10-02 21:39:52 +08:00
|
|
|
/**
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
2016-10-02 19:48:23 +08:00
|
|
|
public function getPendingRequests() {
|
2016-10-04 20:51:13 +08:00
|
|
|
try {
|
|
|
|
|
$requests = $this->shareService->getUserPendingRequests($this->userId->getUID());
|
|
|
|
|
$results = array();
|
|
|
|
|
foreach ($requests as $request) {
|
|
|
|
|
$result = $request->jsonSerialize();
|
|
|
|
|
$c = $this->credentialService->getCredentialLabelById($request->getItemId());
|
|
|
|
|
$result['credential_label'] = $c->getLabel();
|
|
|
|
|
array_push($results, $result);
|
|
|
|
|
}
|
|
|
|
|
return new JSONResponse($results);
|
|
|
|
|
}
|
|
|
|
|
catch (DoesNotExistException $ex){
|
|
|
|
|
return new NotFoundResponse();
|
|
|
|
|
}
|
2016-10-02 20:41:38 +08:00
|
|
|
}
|
2016-10-02 19:48:23 +08:00
|
|
|
|
2016-10-04 04:43:36 +08:00
|
|
|
/**
|
|
|
|
|
* @param $item_guid
|
|
|
|
|
* @return JSONResponse
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
2016-10-03 23:20:57 +08:00
|
|
|
public function getRevisions($item_guid){
|
2016-10-04 20:51:13 +08:00
|
|
|
try {
|
|
|
|
|
return new JSONResponse($this->shareService->getItemHistory($this->userId, $item_guid));
|
|
|
|
|
}
|
|
|
|
|
catch (DoesNotExistException $ex){
|
|
|
|
|
return new NotFoundResponse();
|
|
|
|
|
}
|
2016-10-03 23:20:57 +08:00
|
|
|
}
|
|
|
|
|
|
2016-10-02 23:32:22 +08:00
|
|
|
/**
|
|
|
|
|
* Obtains the list of credentials shared with this vault
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
2016-10-03 01:04:19 +08:00
|
|
|
public function getVaultItems($vault_guid){
|
2016-10-04 20:51:13 +08:00
|
|
|
try {
|
|
|
|
|
return new JSONResponse($this->shareService->getSharedItems($this->userId->getUID(), $vault_guid));
|
|
|
|
|
}
|
|
|
|
|
catch (DoesNotExistException $ex){
|
|
|
|
|
return new NotFoundResponse();
|
|
|
|
|
}
|
2016-10-02 23:32:22 +08:00
|
|
|
}
|
|
|
|
|
|
2016-10-04 04:43:36 +08:00
|
|
|
/**
|
|
|
|
|
* @param $share_request_id
|
|
|
|
|
* @return JSONResponse
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
*/
|
2016-10-02 23:19:12 +08:00
|
|
|
public function deleteShareRequest($share_request_id){
|
2016-10-04 20:51:13 +08:00
|
|
|
try{
|
|
|
|
|
|
|
|
|
|
$sr = $this->shareService->getShareRequestById($share_request_id);
|
|
|
|
|
$notification = array(
|
|
|
|
|
'from_user' => ucfirst($this->userId->getDisplayName()),
|
|
|
|
|
'credential_label' => $this->credentialService->getCredentialLabelById($sr->getItemId())->getLabel(),
|
|
|
|
|
'target_user' => $sr->getFromUserId(),
|
|
|
|
|
'req_id' => $sr->getId()
|
|
|
|
|
);
|
|
|
|
|
$this->notificationService->credentialDeclinedSharedNotification(
|
|
|
|
|
$notification
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$manager = \OC::$server->getNotificationManager();
|
|
|
|
|
$notification = $manager->createNotification();
|
|
|
|
|
$notification->setApp('passman')
|
|
|
|
|
->setObject('passman_share_request', $share_request_id)
|
|
|
|
|
->setUser($this->userId->getUID());
|
|
|
|
|
$manager->markProcessed($notification);
|
|
|
|
|
|
|
|
|
|
$this->shareService->cleanItemRequestsForUser($sr);
|
|
|
|
|
return new JSONResponse(array('result'=> true));
|
|
|
|
|
}
|
|
|
|
|
catch (DoesNotExistException $ex){
|
|
|
|
|
return new NotFoundResponse();
|
|
|
|
|
}
|
2016-10-02 23:19:12 +08:00
|
|
|
}
|
|
|
|
|
|
2016-10-04 04:43:36 +08:00
|
|
|
/**
|
|
|
|
|
* @param $credential_guid
|
|
|
|
|
* @return JSONResponse
|
|
|
|
|
* @NoAdminRequired
|
|
|
|
|
* @NoCSRFRequired
|
|
|
|
|
* @PublicPage
|
|
|
|
|
*/
|
2016-10-04 05:05:18 +08:00
|
|
|
public function getPublicCredentialData($credential_guid) {
|
2016-10-04 20:15:34 +08:00
|
|
|
|
2016-10-04 06:19:46 +08:00
|
|
|
//@TODO Check expire date
|
2016-10-04 19:11:37 +08:00
|
|
|
$acl = $this->shareService->getACL(null, $credential_guid);
|
|
|
|
|
$views = $acl->getExpireViews();
|
|
|
|
|
if($views === 0){
|
|
|
|
|
return new NotFoundResponse();
|
2016-10-04 20:15:34 +08:00
|
|
|
} else if($views != -1) {
|
2016-10-04 19:11:37 +08:00
|
|
|
$views--;
|
|
|
|
|
$acl->setExpireViews($views);
|
|
|
|
|
$this->shareService->updateCredentialACL($acl);
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-04 20:15:34 +08:00
|
|
|
if($acl->getExpire() > 0 && time() > $acl->getExpire()){
|
|
|
|
|
return new NotFoundResponse();
|
|
|
|
|
}
|
|
|
|
|
|
2016-10-04 04:43:36 +08:00
|
|
|
try {
|
2016-10-04 05:05:18 +08:00
|
|
|
$credential = $this->shareService->getSharedItem(null, $credential_guid);
|
2016-10-04 04:43:36 +08:00
|
|
|
return new JSONResponse($credential);
|
|
|
|
|
}
|
|
|
|
|
catch (DoesNotExistException $ex){
|
|
|
|
|
return new NotFoundResponse();
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-10-04 20:40:48 +08:00
|
|
|
|
|
|
|
|
public function getItemAcl($item_guid){
|
|
|
|
|
$acl = $this->shareService->getCredentialAclList($item_guid);
|
|
|
|
|
try {
|
|
|
|
|
$credential = $this->credentialService->getCredentialByGUID($item_guid);
|
2016-10-04 20:55:50 +08:00
|
|
|
if ($credential->getUserId() == $this->userId->getUID()){
|
2016-10-04 20:40:48 +08:00
|
|
|
return new JSONResponse($acl);
|
|
|
|
|
}
|
|
|
|
|
else{
|
|
|
|
|
return new NotFoundResponse();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
catch (DoesNotExistException $ex){
|
|
|
|
|
return new NotFoundResponse();
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-09-23 18:02:41 +08:00
|
|
|
}
|
