From 0f2c1fd85c5053ac97dea57ac1ba9aa458bd9373 Mon Sep 17 00:00:00 2001 From: Michiel de Jong Date: Wed, 20 Dec 2023 15:27:11 +0100 Subject: [PATCH] Small refactor and first attempt to implement DAV plugin, ref https://github.com/pondersource/nextcloud-mfa-awareness/issues/90 --- lib/AppInfo/Application.php | 26 +++++++++++++++++--------- lib/Controller/MfazonesController.php | 6 +----- lib/MFAPlugin.php | 21 ++++++++++++++------- 3 files changed, 32 insertions(+), 21 deletions(-) diff --git a/lib/AppInfo/Application.php b/lib/AppInfo/Application.php index c4ea394..ae587ab 100755 --- a/lib/AppInfo/Application.php +++ b/lib/AppInfo/Application.php @@ -80,12 +80,11 @@ public function __construct() { $user = $userSession->getUser(); // The first time an admin logs in to the server, this will create the tag and flow if ($user !== null && $groupManager->isAdmin($user->getUID())) { - $this->addTag(); $this->addFlows(); } } - private function addTag(){ + private static function getOurTagId(){ try{ $tags = $this->systemTagManager->getAllTags( null, @@ -93,13 +92,27 @@ private function addTag(){ ); if(count($tags) < 1){ - $this->systemTagManager->createTag(self::TAG_NAME, false, false); + $tag = $this->systemTagManager->createTag(self::TAG_NAME, false, false); + } else { + $tag = current($tags); } + return $tag->getId(); }catch (Exception $e) { $this->logger->error('Error when inserting tag on enabling mfazones app', ['exception' => $e]); + return false; } } + public function nodeHasTag($node, $tagId){ + $tags = $this->systemTagManager->getTagsForObjects([$node->getId()]); + foreach ($tags as $tag) { + if ($tag->getId() === $tagId) { + return true; + } + } + return false; + } + private function addFlows(){ try { $hash = md5('OCA\WorkflowEngine\Check\MfaVerified::!is::'); @@ -115,12 +128,7 @@ private function addFlows(){ return; } - $tags = $this->systemTagManager->getAllTags( - null, - self::TAG_NAME - ); - $tag = current($tags); - $tagId = $tag->getId(); + $tagId = self::getOurTagId(); // will create the tag if necessary $scope = new ScopeContext(IManager::SCOPE_ADMIN); $class = "OCA\\FilesAccessControl\\Operation"; diff --git a/lib/Controller/MfazonesController.php b/lib/Controller/MfazonesController.php index 7ece5cb..4dd21d3 100755 --- a/lib/Controller/MfazonesController.php +++ b/lib/Controller/MfazonesController.php @@ -116,11 +116,7 @@ public function get($source) try { $userRoot = $this->rootFolder->getUserFolder($this->userId); $node = $userRoot->get($source); - $tags = $this->systemTagManager->getAllTags( - null, - Application::TAG_NAME - ); - $tag = current($tags); + $tag = Application::getOurTagId(); if ($tag === false) { error_log('A server admin should log in so the MFA Zone tag and flow can be created.'); return new JSONResponse( diff --git a/lib/MFAPlugin.php b/lib/MFAPlugin.php index 1ada5ee..cdeca13 100644 --- a/lib/MFAPlugin.php +++ b/lib/MFAPlugin.php @@ -17,15 +17,15 @@ use Sabre\HTTP\ResponseInterface; class MFAPlugin extends ServerPlugin { - private Server $server; + /** @var ISystemTagObjectMapper */ + private $tagMapper; - public const VERSION_LABEL = '{http://nextcloud.org/ns}requires-mfa'; + public const ATTR_NAME = '{http://nextcloud.org/ns}requires-mfa'; public function __construct( - private IRequest $request, - private IPreview $previewManager, + ISystemTagObjectMapper $tagMapper ) { - $this->request = $request; + $this->tagMapper = $tagMapper; } public function initialize(Server $server) { @@ -34,7 +34,14 @@ public function initialize(Server $server) { } public function propFind(PropFind $propFind, INode $node): void { - $propFind->handle(self::VERSION_LABEL, fn() => 'ponder3source'); - // $propFind->handle(FilesPlugin::HAS_PREVIEW_PROPERTYNAME, fn () => 'ponder2source'); + $propFind->handle(self::ATTR_NAME, function() { + $tagId = Application::getOurTagId(); + if ($tagId === false) { + return false; + } + $type = Application::castObjectType($node->getType()); + // FIXME: check parents too + return $this->tagMapper->haveTag($node->getId(), $type, $tagId); + }); } }