diff --git a/appinfo/routes.php b/appinfo/routes.php index 105ec422..193de7a1 100644 --- a/appinfo/routes.php +++ b/appinfo/routes.php @@ -52,6 +52,7 @@ return [ ['name' => 'share#getVaultsByUser', 'url' => '/api/v2/sharing/vaults/{user_id}', 'verb' => 'GET'], ['name' => 'share#applyIntermediateShare', 'url' => '/api/v2/sharing/share', 'verb' => 'POST'], ['name' => 'share#savePendingRequest', 'url' => '/api/v2/sharing/save', 'verb' => 'POST'], + ['name' => 'share#unshareCredential', 'url' => '/api/v2/sharing/unshare/{item_guid}', 'verb' => 'DELETE'], ['name' => 'share#getPendingRequests', 'url' => '/api/v2/sharing/pending', 'verb' => 'GET'], ['name' => 'share#deleteShareRequest', 'url' => '/api/v2/sharing/decline/{share_request_id}', 'verb' => 'DELETE'], ['name' => 'share#getVaultItems', 'url' => '/api/v2/sharing/vault/{vault_guid}/get', 'verb' => 'GET'], diff --git a/controller/sharecontroller.php b/controller/sharecontroller.php index b0ec1387..4a3d82f9 100644 --- a/controller/sharecontroller.php +++ b/controller/sharecontroller.php @@ -123,6 +123,21 @@ class ShareController extends ApiController { } + /** + * @NoAdminRequired + */ + public function unshareCredential($item_guid){ + $acl_list = $this->shareService->getCredentialAclList($item_guid); + $request_list = $this->shareService->getShareRequestsByGuid($item_guid); + foreach ($acl_list as $ACL){ + $this->shareService->deleteShareACL($ACL); + } + foreach($request_list as $request){ + $this->shareService->deleteShareRequest($request); + } + return new JSONResponse(array('result' => true)); + } + /** * @NoAdminRequired */ diff --git a/lib/Db/ShareRequestMapper.php b/lib/Db/ShareRequestMapper.php index ec971987..dc5aa135 100644 --- a/lib/Db/ShareRequestMapper.php +++ b/lib/Db/ShareRequestMapper.php @@ -61,4 +61,9 @@ class ShareRequestMapper extends Mapper { $q = "SELECT * FROM *PREFIX*" . self::TABLE_NAME . " WHERE id = ?"; return $this->findEntity($q, [$id]); } + + public function getShareRequestsByGuid($item_guid){ + $q = "SELECT * FROM *PREFIX*" . self::TABLE_NAME . " WHERE item_guid = ?"; + return $this->findEntities($q, [$item_guid]); + } } \ No newline at end of file diff --git a/lib/Db/SharingACLMapper.php b/lib/Db/SharingACLMapper.php index def4ad5b..1d4e67d9 100644 --- a/lib/Db/SharingACLMapper.php +++ b/lib/Db/SharingACLMapper.php @@ -48,4 +48,19 @@ class SharingACLMapper extends Mapper { $q = "SELECT * FROM ". self::TABLE_NAME ." WHERE user_id = ? AND vault_guid = ?"; return $this->findEntities($q, [$user_id, $vault_id]); } + + /** + * Gets the currently accepted share requests from the given user for the given vault guid + * @param $user_id + * @param $vault_id + * @return SharingACL[] + */ + public function getCredentialAclList($item_guid) { + $q = "SELECT * FROM ". self::TABLE_NAME ." WHERE item_guid = ?"; + return $this->findEntities($q, [$item_guid]); + } + + public function deleteShareACL(SharingACL $ACL){ + return $this->delete($ACL); + } } \ No newline at end of file diff --git a/lib/Service/ShareService.php b/lib/Service/ShareService.php index 44dd3ed2..bc55e5bf 100644 --- a/lib/Service/ShareService.php +++ b/lib/Service/ShareService.php @@ -17,112 +17,116 @@ use OCA\Passman\Db\SharingACL; use OCA\Passman\Db\SharingACLMapper; class ShareService { - private $sharingACL; - private $shareRequest; - private $credential; + private $sharingACL; + private $shareRequest; + private $credential; - public function __construct(SharingACLMapper $sharingACL, ShareRequestMapper $shareRequest, CredentialMapper $credentials) { - $this->sharingACL = $sharingACL; - $this->shareRequest = $shareRequest; - $this->credential = $credentials; - } + public function __construct(SharingACLMapper $sharingACL, ShareRequestMapper $shareRequest, CredentialMapper $credentials) { + $this->sharingACL = $sharingACL; + $this->shareRequest = $shareRequest; + $this->credential = $credentials; + } - /** - * Creates requests for all the items on the request array of objects. - * This array must follow this spec: - * user_id: The target user id - * vault_id: The id of the target vault - * guid: The guid of the target vault - * key: The shared key cyphered with the target vault RSA public key - * @param $target_item_id string The shared item ID - * @param $target_item_guid string The shared item GUID - * @param $request_array array - * @param $permissions integer Must be created with a bitmask from options on the ShareRequest class - * @return array Array of sharing requests - */ - public function createBulkRequests($target_item_id, $target_item_guid, $request_array, $permissions, $credential_owner) { - $created = (new \DateTime())->getTimestamp(); + /** + * Creates requests for all the items on the request array of objects. + * This array must follow this spec: + * user_id: The target user id + * vault_id: The id of the target vault + * guid: The guid of the target vault + * key: The shared key cyphered with the target vault RSA public key + * + * @param $target_item_id string The shared item ID + * @param $target_item_guid string The shared item GUID + * @param $request_array array + * @param $permissions integer Must be created with a bitmask from options on the ShareRequest class + * @return array Array of sharing requests + */ + public function createBulkRequests($target_item_id, $target_item_guid, $request_array, $permissions, $credential_owner) { + $created = (new \DateTime())->getTimestamp(); $requests = array(); - foreach ($request_array as $req){ - $t = new ShareRequest(); - $t->setItemId($target_item_id); - $t->setItemGuid($target_item_guid); - $t->setTargetUserId($req['user_id']); - $t->setTargetVaultId($req['vault_id']); - $t->setTargetVaultGuid($req['guid']); - $t->setSharedKey($req['key']); - $t->setPermissions($permissions); - $t->setCreated($created); + foreach ($request_array as $req) { + $t = new ShareRequest(); + $t->setItemId($target_item_id); + $t->setItemGuid($target_item_guid); + $t->setTargetUserId($req['user_id']); + $t->setTargetVaultId($req['vault_id']); + $t->setTargetVaultGuid($req['guid']); + $t->setSharedKey($req['key']); + $t->setPermissions($permissions); + $t->setCreated($created); $t->setFromUserId($credential_owner); array_push($requests, $this->shareRequest->createRequest($t)); - } - return $requests; - } + } + return $requests; + } - /** - * Applies the given share, defaults to no expire - * @param $item_guid - * @param $target_vault_guid - * @param $final_shared_key - */ - public function applyShare($item_guid, $target_vault_guid, $final_shared_key){ - $request = $this->shareRequest->getRequestByGuid($item_guid, $target_vault_guid); - $permissions = $request->getPermissions(); + /** + * Applies the given share, defaults to no expire + * + * @param $item_guid + * @param $target_vault_guid + * @param $final_shared_key + */ + public function applyShare($item_guid, $target_vault_guid, $final_shared_key) { + $request = $this->shareRequest->getRequestByGuid($item_guid, $target_vault_guid); + $permissions = $request->getPermissions(); - $acl = new SharingACL(); - $acl->setItemId($request->getItemId()); - $acl->setItemGuid($request->getItemGuid()); - $acl->setUserId($request->getTargetUserId()); - $acl->setCreated($request->getCreated()); - $acl->setExpire(0); - $acl->setPermissions($permissions); - $acl->setVaultId($request->getTargetVaultId()); - $acl->setVaultGuid($request->getTargetVaultGuid()); - $acl->setSharedKey($final_shared_key); + $acl = new SharingACL(); + $acl->setItemId($request->getItemId()); + $acl->setItemGuid($request->getItemGuid()); + $acl->setUserId($request->getTargetUserId()); + $acl->setCreated($request->getCreated()); + $acl->setExpire(0); + $acl->setPermissions($permissions); + $acl->setVaultId($request->getTargetVaultId()); + $acl->setVaultGuid($request->getTargetVaultGuid()); + $acl->setSharedKey($final_shared_key); - $this->sharingACL->createACLEntry($acl); - $this->shareRequest->cleanItemRequestsForUser($request->getItemId(), $request->getTargetUserId()); - } + $this->sharingACL->createACLEntry($acl); + $this->shareRequest->cleanItemRequestsForUser($request->getItemId(), $request->getTargetUserId()); + } - /** - * Obtains pending requests for the given user ID - * @param $user_id - * @return \OCA\Passman\Db\ShareRequest[] - */ - public function getUserPendingRequests($user_id){ - return $this->shareRequest->getUserPendingRequests($user_id); - } + /** + * Obtains pending requests for the given user ID + * + * @param $user_id + * @return \OCA\Passman\Db\ShareRequest[] + */ + public function getUserPendingRequests($user_id) { + return $this->shareRequest->getUserPendingRequests($user_id); + } - public function getSharedItems($user_id, $vault_guid){ - $entries = $this->sharingACL->getVaultEntries($user_id, $vault_guid); + public function getSharedItems($user_id, $vault_guid) { + $entries = $this->sharingACL->getVaultEntries($user_id, $vault_guid); - $return = []; - foreach ($entries as $entry){ - // Check if the user can read the credential, probably unnecesary, but just to be sure - if (!$entry->hasPermission(SharingACL::READ)) continue; + $return = []; + foreach ($entries as $entry) { + // Check if the user can read the credential, probably unnecesary, but just to be sure + if (!$entry->hasPermission(SharingACL::READ)) continue; - $tmp = $entry->jsonSerialize(); - $tmp['credential_data'] = $this->credential->getCredentialById($entry->getItemId())->jsonSerialize(); - unset($tmp['credential_data']['shared_key']); - $return[] = $tmp; - } - return $return; - } + $tmp = $entry->jsonSerialize(); + $tmp['credential_data'] = $this->credential->getCredentialById($entry->getItemId())->jsonSerialize(); + unset($tmp['credential_data']['shared_key']); + $return[] = $tmp; + } + return $return; + } /** * Deletes an share reuqest by id + * * @param ShareRequest $request * @return \OCA\Passman\Db\ShareRequest[] */ - public function cleanItemRequestsForUser(ShareRequest $request){ + public function cleanItemRequestsForUser(ShareRequest $request) { return $this->shareRequest->cleanItemRequestsForUser($request->getItemId(), $request->getTargetUserId()); } /** * Get an share request by id */ - public function getShareRequestById($id){ + public function getShareRequestById($id) { return $this->shareRequest->getShareRequestById($id); } @@ -130,8 +134,47 @@ class ShareService { * Get an share request by $item_guid and $target_vault_guid * */ - public function getRequestByGuid($item_guid, $target_vault_guid){ + public function getRequestByGuid($item_guid, $target_vault_guid) { return $this->shareRequest->getRequestByGuid($item_guid, $target_vault_guid); } + /** + * Get the access control list by item guid + * + * @param string $item_guid + * @return \OCA\Passman\Db\SharingACL[] + */ + public function getCredentialAclList($item_guid) { + return $this->sharingACL->getCredentialAclList($item_guid); + } + + /** + * Get pending share requests by guid + * + * @param string $item_guid + * @return \OCA\Passman\Db\ShareRequest[] + */ + public function getShareRequestsByGuid($item_guid) { + return $this->shareRequest->getShareRequestsByGuid($item_guid); + } + + /** + * Get pending share requests by guid + * + * @param ShareRequest $request + * @return \OCA\Passman\Db\ShareRequest[] + */ + public function deleteShareRequest(ShareRequest $request) { + return $this->shareRequest->deleteShareRequest($request); + } + + /** + * Get pending share requests by guid + * + * @param ShareRequest $request + * @return \OCA\Passman\Db\ShareRequest[] + */ + public function deleteShareACL(SharingACL $ACL) { + return $this->sharingACL->deleteShareACL($ACL); + } } \ No newline at end of file