Skip to content

Commit

Permalink
Merge pull request #1407 from nextcloud/backport/1406/stable0.8
Browse files Browse the repository at this point in the history
[stable0.8] refactor: Extend Permission Middleware usage and replace deprecated annotations with attributes
  • Loading branch information
blizzz authored Oct 8, 2024
2 parents eb4ff79 + fc5e463 commit df84233
Show file tree
Hide file tree
Showing 17 changed files with 258 additions and 330 deletions.
277 changes: 128 additions & 149 deletions lib/Controller/Api1Controller.php

Large diffs are not rendered by default.

30 changes: 16 additions & 14 deletions lib/Controller/ApiColumnsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,13 +6,16 @@
*/
namespace OCA\Tables\Controller;

use OCA\Tables\AppInfo\Application;
use OCA\Tables\Dto\Column as ColumnDto;
use OCA\Tables\Errors\InternalError;
use OCA\Tables\Errors\NotFoundError;
use OCA\Tables\Errors\PermissionError;
use OCA\Tables\Middleware\Attribute\RequirePermission;
use OCA\Tables\ResponseDefinitions;
use OCA\Tables\Service\ColumnService;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\IL10N;
use OCP\IRequest;
Expand All @@ -39,8 +42,6 @@ public function __construct(
*
* Return an empty array if no columns were found
*
* @NoAdminRequired
*
* @param int $nodeId Node ID
* @param 'table'|'view' $nodeType Node type
* @return DataResponse<Http::STATUS_OK, TablesColumn[], array{}>|DataResponse<Http::STATUS_FORBIDDEN|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}>
Expand All @@ -49,6 +50,8 @@ public function __construct(
* 403: No permissions
* 404: Not found
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_READ)]
public function index(int $nodeId, string $nodeType): DataResponse {
try {
if($nodeType === 'table') {
Expand All @@ -71,15 +74,14 @@ public function index(int $nodeId, string $nodeType): DataResponse {
/**
* [api v2] Get a column object
*
* @NoAdminRequired
*
* @param int $id Column ID
* @return DataResponse<Http::STATUS_OK, TablesColumn, array{}>|DataResponse<Http::STATUS_FORBIDDEN|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}>
*
* 200: Column returned
* 403: No permissions
* 404: Not found
*/
#[NoAdminRequired]
public function show(int $id): DataResponse {
try {
return new DataResponse($this->service->find($id)->jsonSerialize());
Expand All @@ -97,8 +99,6 @@ public function show(int $id): DataResponse {
*
* Specify a subtype to use any special numbered column
*
* @NoAdminRequired
*
* @param int $baseNodeId Context of the column creation
* @param string $title Title
* @param boolean $mandatory Is mandatory
Expand All @@ -121,6 +121,8 @@ public function show(int $id): DataResponse {
* @throws NotFoundError
* @throws PermissionError
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')]
public function createNumberColumn(int $baseNodeId, string $title, ?float $numberDefault, ?int $numberDecimals, ?string $numberPrefix, ?string $numberSuffix, ?float $numberMin, ?float $numberMax, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse {
$tableId = $baseNodeType === 'table' ? $baseNodeId : null;
$viewId = $baseNodeType === 'view' ? $baseNodeId : null;
Expand Down Expand Up @@ -151,8 +153,6 @@ public function createNumberColumn(int $baseNodeId, string $title, ?float $numbe
*
* Specify a subtype to use any special text column
*
* @NoAdminRequired
*
* @param int $baseNodeId Context of the column creation
* @param string $title Title
* @param string|null $textDefault Default
Expand All @@ -172,6 +172,8 @@ public function createNumberColumn(int $baseNodeId, string $title, ?float $numbe
* @throws NotFoundError
* @throws PermissionError
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')]
public function createTextColumn(int $baseNodeId, string $title, ?string $textDefault, ?string $textAllowedPattern, ?int $textMaxLength, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse {
$tableId = $baseNodeType === 'table' ? $baseNodeId : null;
$viewId = $baseNodeType === 'view' ? $baseNodeId : null;
Expand Down Expand Up @@ -199,8 +201,6 @@ public function createTextColumn(int $baseNodeId, string $title, ?string $textDe
*
* Specify a subtype to use any special selection column
*
* @NoAdminRequired
*
* @param int $baseNodeId Context of the column creation
* @param string $title Title
* @param string $selectionOptions Json array{id: int, label: string} with options that can be selected, eg [{"id": 1, "label": "first"},{"id": 2, "label": "second"}]
Expand All @@ -219,6 +219,8 @@ public function createTextColumn(int $baseNodeId, string $title, ?string $textDe
* @throws NotFoundError
* @throws PermissionError
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')]
public function createSelectionColumn(int $baseNodeId, string $title, string $selectionOptions, ?string $selectionDefault, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse {
$tableId = $baseNodeType === 'table' ? $baseNodeId : null;
$viewId = $baseNodeType === 'view' ? $baseNodeId : null;
Expand All @@ -245,8 +247,6 @@ public function createSelectionColumn(int $baseNodeId, string $title, string $se
*
* Specify a subtype to use any special datetime column
*
* @NoAdminRequired
*
* @param int $baseNodeId Context of the column creation
* @param string $title Title
* @param 'today'|'now'|null $datetimeDefault For a subtype 'date' you can set 'today'. For a main type or subtype 'time' you can set to 'now'.
Expand All @@ -264,6 +264,8 @@ public function createSelectionColumn(int $baseNodeId, string $title, string $se
* @throws NotFoundError
* @throws PermissionError
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')]
public function createDatetimeColumn(int $baseNodeId, string $title, ?string $datetimeDefault, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse {
$tableId = $baseNodeType === 'table' ? $baseNodeId : null;
$viewId = $baseNodeType === 'view' ? $baseNodeId : null;
Expand All @@ -287,8 +289,6 @@ public function createDatetimeColumn(int $baseNodeId, string $title, ?string $da
/**
* [api v2] Create new usergroup column
*
* @NoAdminRequired
*
* @param int $baseNodeId Context of the column creation
* @param string $title Title
* @param string|null $usergroupDefault Json array{id: string, type: int}, eg [{"id": "admin", "type": 0}, {"id": "user1", "type": 0}]
Expand All @@ -309,6 +309,8 @@ public function createDatetimeColumn(int $baseNodeId, string $title, ?string $da
* @throws NotFoundError
* @throws PermissionError
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')]
public function createUsergroupColumn(int $baseNodeId, string $title, ?string $usergroupDefault, bool $usergroupMultipleItems = null, bool $usergroupSelectUsers = null, bool $usergroupSelectGroups = null, bool $showUserStatus = null, string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse {
$tableId = $baseNodeType === 'table' ? $baseNodeId : null;
$viewId = $baseNodeType === 'view' ? $baseNodeId : null;
Expand Down
11 changes: 7 additions & 4 deletions lib/Controller/ApiFavoriteController.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,12 +8,15 @@
namespace OCA\Tables\Controller;

use Exception;
use OCA\Tables\AppInfo\Application;
use OCA\Tables\Errors\InternalError;
use OCA\Tables\Errors\NotFoundError;
use OCA\Tables\Errors\PermissionError;
use OCA\Tables\Middleware\Attribute\RequirePermission;
use OCA\Tables\ResponseDefinitions;
use OCA\Tables\Service\FavoritesService;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\DB\Exception as DBException;
use OCP\IL10N;
Expand All @@ -39,8 +42,6 @@ public function __construct(
/**
* [api v2] Add a node (table or view) to user favorites
*
* @NoAdminRequired
*
* @param int $nodeType any Application::NODE_TYPE_* constant
* @param int $nodeId identifier of the node
* @return DataResponse<Http::STATUS_OK, array{}, array{}>|DataResponse<Http::STATUS_FORBIDDEN|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}>
Expand All @@ -49,6 +50,8 @@ public function __construct(
* 403: No permissions
* 404: Not found
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_READ)]
public function create(int $nodeType, int $nodeId): DataResponse {
try {
$this->service->addFavorite($nodeType, $nodeId);
Expand All @@ -66,8 +69,6 @@ public function create(int $nodeType, int $nodeId): DataResponse {
/**
* [api v2] Remove a node (table or view) to from favorites
*
* @NoAdminRequired
*
* @param int $nodeType any Application::NODE_TYPE_* constant
* @param int $nodeId identifier of the node
* @return DataResponse<Http::STATUS_OK, array{}, array{}>|DataResponse<Http::STATUS_FORBIDDEN|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}>
Expand All @@ -76,6 +77,8 @@ public function create(int $nodeType, int $nodeId): DataResponse {
* 403: No permissions
* 404: Not found
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_READ)]
public function destroy(int $nodeType, int $nodeId): DataResponse {
try {
$this->service->removeFavorite($nodeType, $nodeId);
Expand Down
4 changes: 2 additions & 2 deletions lib/Controller/ApiGeneralController.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,7 @@
use OCA\Tables\Service\TableService;
use OCA\Tables\Service\ViewService;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\IL10N;
use OCP\IRequest;
Expand Down Expand Up @@ -46,12 +47,11 @@ public function __construct(
*
* Tables and views incl. shares
*
* @NoAdminRequired
*
* @return DataResponse<Http::STATUS_OK, TablesIndex, array{}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR, array{message: string}, array{}>
*
* 200: Index returned
*/
#[NoAdminRequired]
public function index(): DataResponse {
try {
$tables = $this->tableService->formatTables($this->tableService->findAll($this->userId));
Expand Down
31 changes: 15 additions & 16 deletions lib/Controller/ApiTablesController.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,16 +8,19 @@
namespace OCA\Tables\Controller;

use Exception;
use OCA\Tables\AppInfo\Application;
use OCA\Tables\Dto\Column as ColumnDto;
use OCA\Tables\Errors\InternalError;
use OCA\Tables\Errors\NotFoundError;
use OCA\Tables\Errors\PermissionError;
use OCA\Tables\Middleware\Attribute\RequirePermission;
use OCA\Tables\ResponseDefinitions;
use OCA\Tables\Service\ColumnService;
use OCA\Tables\Service\TableService;
use OCA\Tables\Service\ViewService;
use OCP\App\IAppManager;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\IDBConnection;
use OCP\IL10N;
Expand Down Expand Up @@ -57,12 +60,11 @@ public function __construct(
/**
* [api v2] Returns all Tables
*
* @NoAdminRequired
*
* @return DataResponse<Http::STATUS_OK, TablesTable[], array{}>|DataResponse<Http::STATUS_INTERNAL_SERVER_ERROR, array{message: string}, array{}>
*
* 200: Tables returned
*/
#[NoAdminRequired]
public function index(): DataResponse {
try {
return new DataResponse($this->service->formatTables($this->service->findAll($this->userId)));
Expand All @@ -74,15 +76,15 @@ public function index(): DataResponse {
/**
* [api v2] Get a table object
*
* @NoAdminRequired
*
* @param int $id Table ID
* @return DataResponse<Http::STATUS_OK, TablesTable, array{}>|DataResponse<Http::STATUS_FORBIDDEN|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}>
*
* 200: Table returned
* 403: No permissions
* 404: Not found
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'id')]
public function show(int $id): DataResponse {
try {
return new DataResponse($this->service->find($id)->jsonSerialize());
Expand All @@ -98,15 +100,15 @@ public function show(int $id): DataResponse {
/**
* [api v2] Get a table Scheme
*
* @NoAdminRequired
*
* @param int $id Table ID
* @return DataResponse<Http::STATUS_OK, TablesTable, array{}>|DataResponse<Http::STATUS_FORBIDDEN|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}>
*
* 200: Scheme returned
* 403: No permissions
* 404: Not found
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'id')]
public function showScheme(int $id): DataResponse {
try {
return new DataResponse($this->service->getScheme($id)->jsonSerialize());
Expand All @@ -120,8 +122,6 @@ public function showScheme(int $id): DataResponse {
}

/**
* @NoAdminRequired
*
* creates table from scheme
*
* @param string $title title of new table
Expand All @@ -133,6 +133,7 @@ public function showScheme(int $id): DataResponse {
*
* 200: Tables returned
*/
#[NoAdminRequired]
public function createFromScheme(string $title, string $emoji, string $description, array $columns, array $views): DataResponse {
try {
$this->db->beginTransaction();
Expand Down Expand Up @@ -191,8 +192,6 @@ public function createFromScheme(string $title, string $emoji, string $descripti
/**
* [api v2] Create a new table and return it
*
* @NoAdminRequired
*
* @param string $title Title of the table
* @param string|null $emoji Emoji for the table
* @param string|null $description Description for the table
Expand All @@ -202,6 +201,7 @@ public function createFromScheme(string $title, string $emoji, string $descripti
*
* 200: Tables returned
*/
#[NoAdminRequired]
public function create(string $title, ?string $emoji, ?string $description, string $template = 'custom'): DataResponse {
try {
return new DataResponse($this->service->create($title, $template, $emoji, $description)->jsonSerialize());
Expand All @@ -213,8 +213,6 @@ public function create(string $title, ?string $emoji, ?string $description, stri
/**
* [api v2] Update tables properties
*
* @NoAdminRequired
*
* @param int $id Table ID
* @param string|null $title New table title
* @param string|null $emoji New table emoji
Expand All @@ -226,6 +224,8 @@ public function create(string $title, ?string $emoji, ?string $description, stri
* 403: No permissions
* 404: Not found
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'id')]
public function update(int $id, ?string $title = null, ?string $emoji = null, ?string $description = null, ?bool $archived = null): DataResponse {
try {
return new DataResponse($this->service->update($id, $title, $emoji, $description, $archived, $this->userId)->jsonSerialize());
Expand All @@ -241,15 +241,15 @@ public function update(int $id, ?string $title = null, ?string $emoji = null, ?s
/**
* [api v2] Delete a table
*
* @NoAdminRequired
*
* @param int $id Table ID
* @return DataResponse<Http::STATUS_OK, TablesTable, array{}>|DataResponse<Http::STATUS_FORBIDDEN|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NOT_FOUND, array{message: string}, array{}>
*
* 200: Deleted table returned
* 403: No permissions
* 404: Not found
*/
#[NoAdminRequired]
#[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'id')]
public function destroy(int $id): DataResponse {
try {
return new DataResponse($this->service->delete($id)->jsonSerialize());
Expand All @@ -267,8 +267,6 @@ public function destroy(int $id): DataResponse {
*
* Transfer table from one user to another
*
* @NoAdminRequired
*
* @param int $id Table ID
* @param string $newOwnerUserId New user ID
*
Expand All @@ -278,6 +276,7 @@ public function destroy(int $id): DataResponse {
* 403: No permissions
* 404: Not found
*/
#[NoAdminRequired]
public function transfer(int $id, string $newOwnerUserId): DataResponse {
try {
return new DataResponse($this->service->setOwner($id, $newOwnerUserId)->jsonSerialize());
Expand Down
Loading

0 comments on commit df84233

Please sign in to comment.