From 19c3f50492ef366704a4202e93bb58300600fbea Mon Sep 17 00:00:00 2001
From: ksainc <krupinski01@gmail.com>
Date: Sun, 15 Oct 2023 14:55:21 -0400
Subject: [PATCH] Added Administrator Premissions Check

---
 lib/Controller/SettingsController.php | 58 ++++++++++++++++++---------
 1 file changed, 38 insertions(+), 20 deletions(-)

diff --git a/lib/Controller/SettingsController.php b/lib/Controller/SettingsController.php
index b53e05b..842c8ca 100644
--- a/lib/Controller/SettingsController.php
+++ b/lib/Controller/SettingsController.php
@@ -28,6 +28,7 @@
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\IRequest;
+use OCP\IGroupManager;
 
 use OCA\Data\AppInfo\Application;
 use OCA\Data\Service\ConfigurationService;
@@ -36,16 +37,19 @@
 
 class SettingsController extends Controller {
 
+	private IUserSession $UserSession;
 	private CoreService $CoreService;
 	private DataService $DataService;
 	private ConfigurationService $ConfigurationService;
 
 	public function __construct(IRequest $request,
+								IGroupManager $GroupManager,
 								ConfigurationService $ConfigurationService,
 								CoreService $CoreService,
 								DataService $DataService,
 								string $userId) {
 		parent::__construct(Application::APP_ID, $request);
+		$this->GroupManager = $GroupManager;
 		$this->ConfigurationService = $ConfigurationService;
 		$this->CoreService = $CoreService;
 		$this->DataService = $DataService;
@@ -64,7 +68,11 @@ public function listUsers(): DataResponse {
 			return new DataResponse([], Http::STATUS_BAD_REQUEST);
 		}
 		// retrieve formats
-		$rs = $this->CoreService->listUsers();
+		// evaluate, if session user is admin
+		if ($this->GroupManager->isAdmin($this->userId)) {
+			$rs = $this->CoreService->listUsers();
+		}
+		
 		// return response
 		if (isset($rs)) {
 			return new DataResponse($rs);
@@ -88,12 +96,13 @@ public function listTypes(string $user = null): DataResponse {
 			return new DataResponse([], Http::STATUS_BAD_REQUEST);
 		}
 		// retrieve types
-		// evaluate, if user id is present
-		// TODO: check for admin privileges
-		if (!empty($user)) {
+		// evaluate, if specific user is present and session user is admin
+		if (!empty($user) && $this->GroupManager->isAdmin($this->userId)) {
+			// list types for specific user
 			$rs = $this->CoreService->listTypes($user);
 		}
 		else {
+			// list types for session user
 			$rs = $this->CoreService->listTypes($this->userId);
 		}
 		// return response
@@ -118,13 +127,14 @@ public function listCollections(string $type, string $user = null): DataResponse
 		if ($this->userId === null) {
 			return new DataResponse([], Http::STATUS_BAD_REQUEST);
 		}
-		// retrieve colletions
-		// evaluate, if user id is present
-		// TODO: check for admin privileges
-		if (!empty($user)) {
+		// retrieve collections
+		// evaluate, if specific user is present and session user is admin
+		if (!empty($user) && $this->GroupManager->isAdmin($this->userId)) {
+			// list collections for specific user
 			$rs = $this->DataService->listCollections($user, $type);
 		}
 		else {
+			// list colletions for session user
 			$rs = $this->DataService->listCollections($this->userId, $type);
 		}
 		
@@ -175,12 +185,13 @@ public function listServices(bool $flagAdmin = false): DataResponse {
 			return new DataResponse([], Http::STATUS_BAD_REQUEST);
 		}
 		// retrieve services
-		// evaluate, if admin flag is present
-		// TODO: check for admin privileges
-		if ($flagAdmin) {
+		// evaluate, if all flag is set and session user is admin
+		if ($flagAdmin && $this->GroupManager->isAdmin($this->userId)) {
+			// list services for all users
 			$rs = $this->CoreService->listServices('');
 		}
 		else {
+			// list services for session user
 			$rs = $this->CoreService->listServices($this->userId);
 		}
 		// return response
@@ -208,13 +219,12 @@ public function createService(array $data): DataResponse {
 		// evaluate, if required data is present
 		if (!empty($data['service_id']) && !empty($data['service_token']) &&
 			!empty($data['data_type']) && !empty($data['data_collection']) && !empty($data['format'])) {
-			// evaluate, if user id is present
-			// TODO: check for admin privileges
-			if (!empty($data['uid'])) {
-				
+			// evaluate, if specific user is set and session user is an admin
+			if (!empty($data['uid']) && $this->GroupManager->isAdmin($this->userId)) {
+				// do nothing
 			}
 			else {
-				// assign user id
+				// force user to session user
 				$data['uid'] = $this->userId;
 			}
 			// create service
@@ -245,10 +255,18 @@ public function modifyService(array $data): DataResponse {
 		// evaluate, if required data is present
 		if (!empty($data['id']) && !empty($data['uid']) && !empty($data['service_id']) && !empty($data['service_token']) &&
 			!empty($data['data_type']) && !empty($data['data_collection']) && !empty($data['format'])) {
-			// force read only permissions until write is implemented
-			$data['permissions'] = 'R';
-			// modify service
-			$rs = $this->CoreService->modifyService($this->userId,(string) $data['id'], $data);
+			
+			// evaluate,
+			// if user equals session user
+			// or if user does not equals session user and session user is admin
+			if (($data['uid'] === $this->userId) ||
+				($data['uid'] !== $this->userId && $this->GroupManager->isAdmin($this->userId))) {
+				// force read only permissions until write is implemented
+				$data['permissions'] = 'R';
+				// modify service
+				$rs = $this->CoreService->modifyService($this->userId,(string) $data['id'], $data);
+			}
+			
 		}
 		// return response
 		if (isset($rs)) {