New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow subadmins to read app config values #40961
Merged
Merged
Changes from 4 commits
Commits
Show all changes
5 commits
Select commit
Hold shift + click to select a range
81e1044
Allow subadmins to read app config values
jvillafanez 9d9654f
Adjust test for Users page settings for subadmin
phil-davis 9f5ceda
Adjust test step grammar
phil-davis 4f181ac
Add changelog entry
jvillafanez 940c0dc
Add unit tests
jvillafanez File filter
Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,8 @@ | ||
Bugfix: Allow subadmins to read app config values | ||
|
||
Previously, subadmins couldn't read app config values. This caused problems | ||
in the users page for subadmins because some of the functionalities of the | ||
page were depending on the config values that the subadmins couldn't read. | ||
Those problems are now solved. | ||
|
||
https://github.com/owncloud/core/pull/40961 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,129 @@ | ||
<?php | ||
/** | ||
* @copyright Copyright (c) 2023, ownCloud GmbH | ||
* @license AGPL-3.0 | ||
* | ||
* This code is free software: you can redistribute it and/or modify | ||
* it under the terms of the GNU Affero General Public License, version 3, | ||
* as published by the Free Software Foundation. | ||
* | ||
* This program is distributed in the hope that it will be useful, | ||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
* GNU Affero General Public License for more details. | ||
* | ||
* You should have received a copy of the GNU Affero General Public License, version 3, | ||
* along with this program. If not, see <http://www.gnu.org/licenses/> | ||
* | ||
*/ | ||
|
||
namespace OC\Settings\Controller; | ||
|
||
use OCP\IAppConfig; | ||
use OCP\IRequest; | ||
use OCP\AppFramework\Controller; | ||
use OCP\AppFramework\Http; | ||
use OCP\AppFramework\Http\DataResponse; | ||
use OCP\AppFramework\Http\JSONResponse; | ||
|
||
/** | ||
* The code is mostly copied from core/ajax/appconfig.php | ||
* Read methods (getApps, getKeys and getValue) are available to subadmins, | ||
* which wasn't possible with the core/ajax/appconfig.php file. The rest of | ||
* the methods require admin privileges. | ||
* Note that the "hasKey" method is missing. You can do the same in a lot of | ||
* cases by trying to get the value of the key. | ||
* | ||
* @package OC\Settings\Controller | ||
*/ | ||
class AppConfigController extends Controller { | ||
/** @var IAppConfig */ | ||
private $appConfig; | ||
|
||
/** | ||
* @param string $appName | ||
* @param IRequest $request | ||
* @param IAppConfig $appConfig | ||
*/ | ||
public function __construct( | ||
$appName, | ||
IRequest $request, | ||
IAppConfig $appConfig | ||
) { | ||
parent::__construct($appName, $request); | ||
$this->appConfig = $appConfig; | ||
} | ||
|
||
/** | ||
* @NoAdminRequired | ||
* | ||
* Get the list of apps | ||
*/ | ||
public function getApps() { | ||
return new JSONResponse($this->appConfig->getApps()); | ||
} | ||
|
||
/** | ||
* @NoAdminRequired | ||
* | ||
* Get the list of keys for that particular app | ||
* @param string $app | ||
*/ | ||
public function getKeys($app) { | ||
return new JSONResponse($this->appConfig->getKeys($app)); | ||
} | ||
|
||
/** | ||
* @NoAdminRequired | ||
* | ||
* Get the value of the key for that app, or the default value provided | ||
* if it's missing. | ||
* @param string $app | ||
* @param string $key | ||
* @param string $default | ||
*/ | ||
public function getValue($app, $key, $default = null) { | ||
return new JSONResponse($this->appConfig->getValue($app, $key, $default)); | ||
} | ||
|
||
/** | ||
* Set the value for the target key in the app. If no value is provided, | ||
* the request will fail. | ||
* @param string $app | ||
* @param string $key | ||
* @param string $value | ||
*/ | ||
public function setValue($app, $key, $value) { | ||
if (!isset($app, $key, $value)) { | ||
return new JSONResponse([], Http::STATUS_BAD_REQUEST); | ||
} else { | ||
return new JSONResponse($this->appConfig->setValue($app, $key, $value)); | ||
} | ||
} | ||
|
||
/** | ||
* Delete the key from the app | ||
* @param string $app | ||
* @param string $key | ||
*/ | ||
public function deleteKey($app, $key) { | ||
if (!isset($app, $key)) { | ||
return new JSONResponse([], Http::STATUS_BAD_REQUEST); | ||
} else { | ||
return new JSONResponse($this->appConfig->deleteKey($app, $key)); | ||
} | ||
} | ||
|
||
/** | ||
* Delete the app from the appconfig. Note that this just deletes the stored | ||
* keys in the appconfig. It won't touch the app in any other way | ||
* @param string $app | ||
*/ | ||
public function deleteApp($app) { | ||
if (!isset($app)) { | ||
return new JSONResponse([], Http::STATUS_BAD_REQUEST); | ||
} else { | ||
return new JSONResponse($this->appConfig->deleteApp($app)); | ||
} | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Note: there is also a
NoSubadminRequired
annotation which allows a method to be used even if the user is not a subadmin.So with just the
NoAdminRequired
annotation, this method can be used by admins and subadmins, which is what we want. Ordinary users, and "the public" won't be able to use the method.