From c5352a40ae9cc5c76417173a7e5315e6534d39ca Mon Sep 17 00:00:00 2001 From: Jonas Rittershofer Date: Fri, 15 May 2020 14:30:55 +0200 Subject: [PATCH] Replace userId with userSession->UID Signed-off-by: Jonas Rittershofer --- lib/Controller/ApiController.php | 43 +++++++++++++++----------------- lib/Service/FormsService.php | 19 +++++++------- 2 files changed, 29 insertions(+), 33 deletions(-) diff --git a/lib/Controller/ApiController.php b/lib/Controller/ApiController.php index 55fd566..8475ec2 100644 --- a/lib/Controller/ApiController.php +++ b/lib/Controller/ApiController.php @@ -74,8 +74,8 @@ class ApiController extends Controller { /** @var IL10N */ private $l10n; - /** @var IUserSession */ - private $userSession; + /** @var IUser */ + private $currentUser; /** @var IUserManager */ private $userManager; @@ -85,7 +85,6 @@ class ApiController extends Controller { public function __construct(string $appName, IRequest $request, - $userId, // TODO remove & replace with userSession below. IUserSession $userSession, IUserManager $userManager, FormMapper $formMapper, @@ -98,8 +97,6 @@ class ApiController extends Controller { FormsService $formsService) { parent::__construct($appName, $request); $this->appName = $appName; - $this->userId = $userId; - $this->userSession = $userSession; $this->userManager = $userManager; $this->formMapper = $formMapper; $this->questionMapper = $questionMapper; @@ -111,6 +108,8 @@ class ApiController extends Controller { $this->logger = $logger; $this->l10n = $l10n; $this->formsService = $formsService; + + $this->currentUser = $userSession->getUser(); } /** @@ -119,7 +118,7 @@ class ApiController extends Controller { * Read Form-List only with necessary information for Listing. */ public function getForms(): Http\JSONResponse { - $forms = $this->formMapper->findAllByOwnerId($this->userId); + $forms = $this->formMapper->findAllByOwnerId($this->currentUser->getUID()); $result = []; foreach ($forms as $form) { @@ -164,8 +163,7 @@ class ApiController extends Controller { public function newForm(): Http\JSONResponse { $form = new Form(); - $currentUser = \OC::$server->getUserSession()->getUser()->getUID(); - $form->setOwnerId($currentUser); + $form->setOwnerId($this->currentUser->getUID()); $form->setCreated(time()); $form->setHash(\OC::$server->getSecureRandom()->generate( 16, @@ -207,7 +205,7 @@ class ApiController extends Controller { return new Http\JSONResponse([], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -252,7 +250,7 @@ class ApiController extends Controller { return new Http\JSONResponse([], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -287,7 +285,7 @@ class ApiController extends Controller { return new Http\JSONResponse(['message' => 'Could not find form'], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -336,7 +334,7 @@ class ApiController extends Controller { return new Http\JSONResponse(['message' => 'Could not find form'], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -425,7 +423,7 @@ class ApiController extends Controller { return new Http\JSONResponse(['message' => 'Could not find form or question'], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -461,7 +459,7 @@ class ApiController extends Controller { return new Http\JSONResponse(['message' => 'Could not find form or question'], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -503,7 +501,7 @@ class ApiController extends Controller { return new Http\JSONResponse(['message' => 'Could not find form or question'], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -542,7 +540,7 @@ class ApiController extends Controller { return new Http\JSONResponse(['message' => 'Could not find option, question or form'], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -574,7 +572,7 @@ class ApiController extends Controller { return new Http\JSONResponse(['message' => 'Could not find form or option'], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -614,7 +612,7 @@ class ApiController extends Controller { return new Http\JSONResponse(['message' => 'Could not find form'], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -710,14 +708,13 @@ class ApiController extends Controller { $submission = new Submission(); $submission->setFormId($formId); $submission->setTimestamp(time()); - $user = $this->userSession->getUser(); // If not logged in or anonymous use anonID - if (!$user || $form->getIsAnonymous()) { + if (!$this->currentUser || $form->getIsAnonymous()) { $anonID = "anon-user-". hash('md5', (time() + rand())); $submission->setUserId($anonID); } else { - $submission->setUserId($user->getUID()); + $submission->setUserId($this->currentUser->getUID()); } // Insert new submission @@ -777,7 +774,7 @@ class ApiController extends Controller { return new Http\JSONResponse([], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } @@ -803,7 +800,7 @@ class ApiController extends Controller { return new Http\JSONResponse([], Http::STATUS_BAD_REQUEST); } - if ($form->getOwnerId() !== $this->userId) { + if ($form->getOwnerId() !== $this->currentUser->getUID()) { $this->logger->debug('This form is not owned by the current user'); return new Http\JSONResponse([], Http::STATUS_FORBIDDEN); } diff --git a/lib/Service/FormsService.php b/lib/Service/FormsService.php index 202e192..ad41f1d 100644 --- a/lib/Service/FormsService.php +++ b/lib/Service/FormsService.php @@ -60,8 +60,8 @@ class FormsService { /** @var IUserManager */ private $userManager; - /** @var IUserSession */ - private $userSession; + /** @var IUser */ + private $currentUser; /** @var ILogger */ private $logger; @@ -80,8 +80,9 @@ class FormsService { $this->submissionMapper = $submissionMapper; $this->groupManager = $groupManager; $this->userManager = $userManager; - $this->userSession = $userSession; $this->logger = $logger; + + $this->currentUser = $userSession->getUser(); } @@ -162,7 +163,6 @@ class FormsService { public function canSubmit($formId) { $form = $this->formMapper->findById($formId); $access = $form->getAccess(); - $user = $this->userSession->getUser(); // We cannot control how many time users can submit in public mode if ($access['type'] === 'public') { @@ -173,7 +173,7 @@ class FormsService { if ($form->getSubmitOnce()) { $participants = $this->submissionMapper->findParticipantsByForm($form->getId()); foreach ($participants as $participant) { - if ($participant === $user->getUID()) { + if ($participant === $this->currentUser->getUID()) { return false; } } @@ -192,19 +192,18 @@ class FormsService { $form = $this->formMapper->findById($formId); $access = $form->getAccess(); $ownerId = $form->getOwnerId(); - $user = $this->userSession->getUser(); if ($access['type'] === 'public') { return true; } // Refuse access, if not public and no user logged in. - if (!$user) { + if (!$this->currentUser) { return false; } // Always grant access to owner. - if ($ownerId === $user->getUID()) { + if ($ownerId === $this->currentUser->getUID()) { return true; } @@ -215,13 +214,13 @@ class FormsService { // Selected Access remains. // Grant Access, if user is in users-Array. - if (in_array($user->getUID(), $access['users'])) { + if (in_array($this->currentUser->getUID(), $access['users'])) { return true; } // Check if access granted by group. foreach ($access['groups'] as $group) { - if ($this->groupManager->isInGroup($user->getUID(), $group)) { + if ($this->groupManager->isInGroup($this->currentUser->getUID(), $group)) { return true; } }