fix: Return correct list of managers for a user

Signed-off-by: Christopher Ng <chrng8@gmail.com>
2026-06-06 07:13:23 -04:00 · 2024-10-04 16:28:23 -07:00 · 2024-10-04 16:28:23 -07:00 · 31dbfcbae9
commit 31dbfcbae9
parent 5611268a15
3 changed files with 42 additions and 2 deletions
--- a/apps/provisioning_api/lib/Controller/AUserData.php
+++ b/apps/provisioning_api/lib/Controller/AUserData.php
@ -20,9 +20,11 @@ use OCP\AppFramework\OCS\OCSException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
 use OCP\AppFramework\OCSController;
 use OCP\Files\NotFoundException;
+use OCP\Group\ISubAdmin;
 use OCP\IConfig;
 use OCP\IGroupManager;
 use OCP\IRequest;
+use OCP\IUser;
 use OCP\IUserManager;
 use OCP\IUserSession;
 use OCP\L10N\IFactory;
@ -55,6 +57,8 @@ abstract class AUserData extends OCSController {
 	protected $userSession;
 	/** @var IAccountManager */
 	protected $accountManager;
+	/** @var ISubAdmin */
+	protected $subAdminManager;
 	/** @var IFactory */
 	protected $l10nFactory;

@ -65,6 +69,7 @@ abstract class AUserData extends OCSController {
 		IGroupManager $groupManager,
 		IUserSession $userSession,
 		IAccountManager $accountManager,
+		ISubAdmin $subAdminManager,
 		IFactory $l10nFactory) {
 		parent::__construct($appName, $request);

@ -73,6 +78,7 @@ abstract class AUserData extends OCSController {
 		$this->groupManager = $groupManager;
 		$this->userSession = $userSession;
 		$this->accountManager = $accountManager;
+		$this->subAdminManager = $subAdminManager;
 		$this->l10nFactory = $l10nFactory;
 	}

@ -136,8 +142,8 @@ abstract class AUserData extends OCSController {
 		$data['backend'] = $targetUserObject->getBackendClassName();
 		$data['subadmin'] = $this->getUserSubAdminGroupsData($targetUserObject->getUID());
 		$data[self::USER_FIELD_QUOTA] = $this->fillStorageInfo($targetUserObject->getUID());
-		$managerUids = $targetUserObject->getManagerUids();
-		$data[self::USER_FIELD_MANAGER] = empty($managerUids) ? '' : $managerUids[0];
+		$managers = $this->getManagers($targetUserObject);
+		$data[self::USER_FIELD_MANAGER] = empty($managers) ? '' : $managers[0];

 		try {
 			if ($includeScopes) {
@ -205,6 +211,34 @@ abstract class AUserData extends OCSController {
 		return $data;
 	}

+	/**
+	 * @return string[]
+	 */
+	protected function getManagers(IUser $user): array {
+		$currentLoggedInUser = $this->userSession->getUser();
+
+		$managerUids = $user->getManagerUids();
+		if ($this->groupManager->isAdmin($currentLoggedInUser->getUID()) || $this->groupManager->isDelegatedAdmin($currentLoggedInUser->getUID())) {
+			return $managerUids;
+		}
+
+		if ($this->subAdminManager->isSubAdmin($currentLoggedInUser)) {
+			$accessibleManagerUids = array_values(array_filter(
+				$managerUids,
+				function (string $managerUid) use ($currentLoggedInUser) {
+					$manager = $this->userManager->get($managerUid);
+					if (!($manager instanceof IUser)) {
+						return false;
+					}
+					return $this->subAdminManager->isUserAccessible($currentLoggedInUser, $manager);
+				},
+			));
+			return $accessibleManagerUids;
+		}
+
+		return [];
+	}
+
 	/**
 	 * Get the groups a user is a subadmin of
 	 *
--- a/apps/provisioning_api/lib/Controller/GroupsController.php
+++ b/apps/provisioning_api/lib/Controller/GroupsController.php
@ -21,6 +21,7 @@ use OCP\AppFramework\OCS\OCSException;
 use OCP\AppFramework\OCS\OCSForbiddenException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
 use OCP\AppFramework\OCSController;
+use OCP\Group\ISubAdmin;
 use OCP\IConfig;
 use OCP\IGroup;
 use OCP\IGroupManager;
@ -47,6 +48,7 @@ class GroupsController extends AUserData {
 		IGroupManager $groupManager,
 		IUserSession $userSession,
 		IAccountManager $accountManager,
+		ISubAdmin $subAdminManager,
 		IFactory $l10nFactory,
 		LoggerInterface $logger) {
 		parent::__construct($appName,
@ -56,6 +58,7 @@ class GroupsController extends AUserData {
 			$groupManager,
 			$userSession,
 			$accountManager,
+			$subAdminManager,
 			$l10nFactory
 		);

--- a/apps/provisioning_api/lib/Controller/UsersController.php
+++ b/apps/provisioning_api/lib/Controller/UsersController.php
@ -31,6 +31,7 @@ use OCP\AppFramework\OCS\OCSForbiddenException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
 use OCP\AppFramework\OCSController;
 use OCP\EventDispatcher\IEventDispatcher;
+use OCP\Group\ISubAdmin;
 use OCP\HintException;
 use OCP\IConfig;
 use OCP\IGroup;
@ -63,6 +64,7 @@ class UsersController extends AUserData {
 		IGroupManager $groupManager,
 		IUserSession $userSession,
 		IAccountManager $accountManager,
+		ISubAdmin $subAdminManager,
 		IFactory $l10nFactory,
 		private IURLGenerator $urlGenerator,
 		private LoggerInterface $logger,
@ -81,6 +83,7 @@ class UsersController extends AUserData {
 			$groupManager,
 			$userSession,
 			$accountManager,
+			$subAdminManager,
 			$l10nFactory
 		);