mirror of
https://github.com/nextcloud/server.git
synced 2025-03-13 07:53:51 +00:00
f03781b509
To improve code readability. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
183 lines
6 KiB
PHP
183 lines
6 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/**
|
|
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
|
*
|
|
* @author Arthur Schiwon <blizzz@arthur-schiwon.de>
|
|
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
* @author Côme Chilliet <come.chilliet@nextcloud.com>
|
|
* @author Joas Schilling <coding@schilljs.com>
|
|
* @author Morris Jobke <hey@morrisjobke.de>
|
|
* @author Roeland Jago Douma <roeland@famdouma.nl>
|
|
*
|
|
* @license AGPL-3.0
|
|
*
|
|
* This code is free software: you can redistribute it and/or modify
|
|
* it under the terms of the GNU Affero General Public License, version 3,
|
|
* as published by the Free Software Foundation.
|
|
*
|
|
* This program is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
* GNU Affero General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Affero General Public License, version 3,
|
|
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
|
*
|
|
*/
|
|
|
|
namespace OCA\User_LDAP\Command;
|
|
|
|
use OCA\User_LDAP\Group_Proxy;
|
|
use OCA\User_LDAP\Helper;
|
|
use OCA\User_LDAP\Mapping\GroupMapping;
|
|
use OCA\User_LDAP\Service\UpdateGroupsService;
|
|
use OCP\EventDispatcher\IEventDispatcher;
|
|
use OCP\Group\Events\GroupCreatedEvent;
|
|
use OCP\Group\Events\UserAddedEvent;
|
|
use OCP\Group\Events\UserRemovedEvent;
|
|
use Symfony\Component\Console\Command\Command;
|
|
use Symfony\Component\Console\Input\InputArgument;
|
|
use Symfony\Component\Console\Input\InputInterface;
|
|
use Symfony\Component\Console\Input\InputOption;
|
|
use Symfony\Component\Console\Output\OutputInterface;
|
|
|
|
class CheckGroup extends Command {
|
|
public function __construct(
|
|
private UpdateGroupsService $service,
|
|
protected Group_Proxy $backend,
|
|
protected Helper $helper,
|
|
protected GroupMapping $mapping,
|
|
protected IEventDispatcher $dispatcher,
|
|
) {
|
|
parent::__construct();
|
|
}
|
|
|
|
protected function configure(): void {
|
|
$this
|
|
->setName('ldap:check-group')
|
|
->setDescription('checks whether a group exists on LDAP.')
|
|
->addArgument(
|
|
'ocName',
|
|
InputArgument::REQUIRED,
|
|
'the group name as used in Nextcloud, or the LDAP DN'
|
|
)
|
|
->addOption(
|
|
'force',
|
|
null,
|
|
InputOption::VALUE_NONE,
|
|
'ignores disabled LDAP configuration'
|
|
)
|
|
->addOption(
|
|
'update',
|
|
null,
|
|
InputOption::VALUE_NONE,
|
|
'syncs values from LDAP'
|
|
)
|
|
;
|
|
}
|
|
|
|
protected function execute(InputInterface $input, OutputInterface $output): int {
|
|
$this->dispatcher->addListener(GroupCreatedEvent::class, fn ($event) => $this->onGroupCreatedEvent($event, $output));
|
|
$this->dispatcher->addListener(UserAddedEvent::class, fn ($event) => $this->onUserAddedEvent($event, $output));
|
|
$this->dispatcher->addListener(UserRemovedEvent::class, fn ($event) => $this->onUserRemovedEvent($event, $output));
|
|
try {
|
|
$this->assertAllowed($input->getOption('force'));
|
|
$gid = $input->getArgument('ocName');
|
|
$wasMapped = $this->groupWasMapped($gid);
|
|
if ($this->backend->getLDAPAccess($gid)->stringResemblesDN($gid)) {
|
|
$groupname = $this->backend->dn2GroupName($gid);
|
|
if ($groupname !== false) {
|
|
$gid = $groupname;
|
|
}
|
|
}
|
|
/* Search to trigger mapping for new groups */
|
|
$this->backend->getGroups($gid);
|
|
$exists = $this->backend->groupExistsOnLDAP($gid, true);
|
|
if ($exists === true) {
|
|
$output->writeln('The group is still available on LDAP.');
|
|
if ($input->getOption('update')) {
|
|
$this->backend->getLDAPAccess($gid)->connection->clearCache();
|
|
if ($wasMapped) {
|
|
$this->service->handleKnownGroups([$gid]);
|
|
} else {
|
|
$this->service->handleCreatedGroups([$gid]);
|
|
}
|
|
}
|
|
return self::SUCCESS;
|
|
}
|
|
|
|
if ($wasMapped) {
|
|
$output->writeln('The group does not exist on LDAP anymore.');
|
|
if ($input->getOption('update')) {
|
|
$this->backend->getLDAPAccess($gid)->connection->clearCache();
|
|
$this->service->handleRemovedGroups([$gid]);
|
|
}
|
|
return self::SUCCESS;
|
|
}
|
|
|
|
throw new \Exception('The given group is not a recognized LDAP group.');
|
|
} catch (\Exception $e) {
|
|
$output->writeln('<error>' . $e->getMessage(). '</error>');
|
|
return self::FAILURE;
|
|
}
|
|
}
|
|
|
|
public function onGroupCreatedEvent(GroupCreatedEvent $event, OutputInterface $output): void {
|
|
$output->writeln('<info>The group '.$event->getGroup()->getGID().' was added to Nextcloud with '.$event->getGroup()->count().' users</info>');
|
|
}
|
|
|
|
public function onUserAddedEvent(UserAddedEvent $event, OutputInterface $output): void {
|
|
$user = $event->getUser();
|
|
$group = $event->getGroup();
|
|
$output->writeln('<info>The user '.$user->getUID().' was added to group '.$group->getGID().'</info>');
|
|
}
|
|
|
|
public function onUserRemovedEvent(UserRemovedEvent $event, OutputInterface $output): void {
|
|
$user = $event->getUser();
|
|
$group = $event->getGroup();
|
|
$output->writeln('<info>The user '.$user->getUID().' was removed from group '.$group->getGID().'</info>');
|
|
}
|
|
|
|
/**
|
|
* checks whether a group is actually mapped
|
|
* @param string $gid the groupname as passed to the command
|
|
*/
|
|
protected function groupWasMapped(string $gid): bool {
|
|
$dn = $this->mapping->getDNByName($gid);
|
|
if ($dn !== false) {
|
|
return true;
|
|
}
|
|
$name = $this->mapping->getNameByDN($gid);
|
|
return $name !== false;
|
|
}
|
|
|
|
/**
|
|
* checks whether the setup allows reliable checking of LDAP group existence
|
|
* @throws \Exception
|
|
*/
|
|
protected function assertAllowed(bool $force): void {
|
|
if ($this->helper->haveDisabledConfigurations() && !$force) {
|
|
throw new \Exception('Cannot check group existence, because '
|
|
. 'disabled LDAP configurations are present.');
|
|
}
|
|
|
|
// we don't check ldapUserCleanupInterval from config.php because this
|
|
// action is triggered manually, while the setting only controls the
|
|
// background job.
|
|
}
|
|
|
|
private function updateGroup(string $gid, OutputInterface $output, bool $wasMapped): void {
|
|
try {
|
|
if ($wasMapped) {
|
|
$this->service->handleKnownGroups([$gid]);
|
|
} else {
|
|
$this->service->handleCreatedGroups([$gid]);
|
|
}
|
|
} catch (\Exception $e) {
|
|
$output->writeln('<error>Error while trying to lookup and update attributes from LDAP</error>');
|
|
}
|
|
}
|
|
}
|