From 3d8ddc34d4fc9ed43d835acef297e9dec196f425 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Thu, 19 Sep 2024 12:15:46 +0200 Subject: [PATCH 1/5] fix(Middleware): handle checking plain read/access permissions Signed-off-by: Arthur Schiwon --- lib/Middleware/PermissionMiddleware.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/Middleware/PermissionMiddleware.php b/lib/Middleware/PermissionMiddleware.php index 2848a0f6c..c16d958cc 100644 --- a/lib/Middleware/PermissionMiddleware.php +++ b/lib/Middleware/PermissionMiddleware.php @@ -106,6 +106,7 @@ protected function checkPermission(RequirePermission $attribute): void { } match ($attribute->getPermission()) { + Application::PERMISSION_READ => true, // this is guaranteed in the pre-test ^ Application::PERMISSION_MANAGE => $this->assertManagePermission($isContext, $nodeType, $nodeId), Application::PERMISSION_CREATE => $this->assertCreatePermissions($nodeType, $nodeId), Application::PERMISSION_UPDATE => $this->assertUpdatePermissions($nodeType, $nodeId), From 34ac968e4099116c72ad296963fa796df564660f Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 20 Sep 2024 16:14:35 +0200 Subject: [PATCH 2/5] refactor(Controller): make use of read permission check in middleware Signed-off-by: Arthur Schiwon --- lib/Controller/Api1Controller.php | 11 ++++++++--- lib/Controller/ApiColumnsController.php | 3 +++ lib/Controller/ApiFavoriteController.php | 4 ++++ lib/Controller/ApiTablesController.php | 4 ++++ lib/Controller/ColumnController.php | 2 ++ lib/Controller/ImportController.php | 1 + lib/Controller/RowController.php | 3 +++ lib/Controller/ShareController.php | 2 ++ lib/Controller/TableController.php | 2 ++ lib/Controller/ViewController.php | 3 +++ 10 files changed, 32 insertions(+), 3 deletions(-) diff --git a/lib/Controller/Api1Controller.php b/lib/Controller/Api1Controller.php index 9e1276d06..d93c251ab 100644 --- a/lib/Controller/Api1Controller.php +++ b/lib/Controller/Api1Controller.php @@ -153,6 +153,7 @@ public function createTable(string $title, ?string $emoji, string $template = 'c * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function showScheme(int $tableId): DataResponse { try { $scheme = $this->tableService->getScheme($tableId); @@ -186,6 +187,7 @@ public function showScheme(int $tableId): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function getTable(int $tableId): DataResponse { try { return new DataResponse($this->tableService->find($tableId)->jsonSerialize()); @@ -287,6 +289,7 @@ public function deleteTable(int $tableId): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function indexViews(int $tableId): DataResponse { try { return new DataResponse($this->viewService->formatViews($this->viewService->findAll($this->tableService->find($tableId)))); @@ -350,6 +353,7 @@ public function createView(int $tableId, string $title, ?string $emoji): DataRes * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function getView(int $viewId): DataResponse { try { return new DataResponse($this->viewService->find($viewId)->jsonSerialize()); @@ -729,6 +733,7 @@ public function indexTableColumns(int $tableId, ?int $viewId): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function indexViewColumns(int $viewId): DataResponse { try { return new DataResponse($this->columnService->formatColumns($this->columnService->findAllByView($viewId))); @@ -1045,6 +1050,7 @@ public function deleteColumn(int $columnId): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function indexTableRowsSimple(int $tableId, ?int $limit, ?int $offset): DataResponse { try { return new DataResponse($this->v1Api->getData($tableId, $limit, $offset, $this->userId)); @@ -1075,6 +1081,7 @@ public function indexTableRowsSimple(int $tableId, ?int $limit, ?int $offset): D * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function indexTableRows(int $tableId, ?int $limit, ?int $offset): DataResponse { try { return new DataResponse($this->rowService->formatRows($this->rowService->findAllByTable($tableId, $this->userId, $limit, $offset))); @@ -1105,6 +1112,7 @@ public function indexTableRows(int $tableId, ?int $limit, ?int $offset): DataRes * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function indexViewRows(int $viewId, ?int $limit, ?int $offset): DataResponse { try { return new DataResponse($this->rowService->formatRows($this->rowService->findAllByView($viewId, $this->userId, $limit, $offset))); @@ -1579,8 +1587,5 @@ public function createTableColumn( $message = ['message' => $e->getMessage()]; return new DataResponse($message, Http::STATUS_NOT_FOUND); } - - - } } diff --git a/lib/Controller/ApiColumnsController.php b/lib/Controller/ApiColumnsController.php index d126b833a..318daf5c3 100644 --- a/lib/Controller/ApiColumnsController.php +++ b/lib/Controller/ApiColumnsController.php @@ -6,10 +6,12 @@ */ namespace OCA\Tables\Controller; +use OCA\Tables\AppInfo\Application; use OCA\Tables\Dto\Column as ColumnDto; use OCA\Tables\Errors\InternalError; use OCA\Tables\Errors\NotFoundError; use OCA\Tables\Errors\PermissionError; +use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\ResponseDefinitions; use OCA\Tables\Service\ColumnService; use OCP\AppFramework\Http; @@ -49,6 +51,7 @@ public function __construct( * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ)] public function index(int $nodeId, string $nodeType): DataResponse { try { if($nodeType === 'table') { diff --git a/lib/Controller/ApiFavoriteController.php b/lib/Controller/ApiFavoriteController.php index f7a76973d..63231d1a2 100644 --- a/lib/Controller/ApiFavoriteController.php +++ b/lib/Controller/ApiFavoriteController.php @@ -8,9 +8,11 @@ namespace OCA\Tables\Controller; use Exception; +use OCA\Tables\AppInfo\Application; use OCA\Tables\Errors\InternalError; use OCA\Tables\Errors\NotFoundError; use OCA\Tables\Errors\PermissionError; +use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\ResponseDefinitions; use OCA\Tables\Service\FavoritesService; use OCP\AppFramework\Http; @@ -49,6 +51,7 @@ public function __construct( * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ)] public function create(int $nodeType, int $nodeId): DataResponse { try { $this->service->addFavorite($nodeType, $nodeId); @@ -76,6 +79,7 @@ public function create(int $nodeType, int $nodeId): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ)] public function destroy(int $nodeType, int $nodeId): DataResponse { try { $this->service->removeFavorite($nodeType, $nodeId); diff --git a/lib/Controller/ApiTablesController.php b/lib/Controller/ApiTablesController.php index 6b8b359be..7ed79006e 100644 --- a/lib/Controller/ApiTablesController.php +++ b/lib/Controller/ApiTablesController.php @@ -8,10 +8,12 @@ namespace OCA\Tables\Controller; use Exception; +use OCA\Tables\AppInfo\Application; use OCA\Tables\Dto\Column as ColumnDto; use OCA\Tables\Errors\InternalError; use OCA\Tables\Errors\NotFoundError; use OCA\Tables\Errors\PermissionError; +use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\ResponseDefinitions; use OCA\Tables\Service\ColumnService; use OCA\Tables\Service\TableService; @@ -83,6 +85,7 @@ public function index(): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function show(int $id): DataResponse { try { return new DataResponse($this->service->find($id)->jsonSerialize()); @@ -107,6 +110,7 @@ public function show(int $id): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function showScheme(int $id): DataResponse { try { return new DataResponse($this->service->getScheme($id)->jsonSerialize()); diff --git a/lib/Controller/ColumnController.php b/lib/Controller/ColumnController.php index 42f760cad..d53cc45d5 100644 --- a/lib/Controller/ColumnController.php +++ b/lib/Controller/ColumnController.php @@ -9,6 +9,7 @@ use OCA\Tables\AppInfo\Application; use OCA\Tables\Dto\Column as ColumnDto; +use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\Service\ColumnService; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\DataResponse; @@ -56,6 +57,7 @@ public function indexTableByView(int $tableId, ?int $viewId): DataResponse { /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function indexView(int $viewId): DataResponse { return $this->handleError(function () use ($viewId) { return $this->service->findAllByView($viewId); diff --git a/lib/Controller/ImportController.php b/lib/Controller/ImportController.php index 2fd1ffe21..9ca8d2274 100644 --- a/lib/Controller/ImportController.php +++ b/lib/Controller/ImportController.php @@ -57,6 +57,7 @@ public function __construct( /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function previewImportTable(int $tableId, String $path): DataResponse { return $this->handleError(function () use ($tableId, $path) { return $this->service->previewImport($tableId, null, $path); diff --git a/lib/Controller/RowController.php b/lib/Controller/RowController.php index 64084f8bb..efd550fd4 100644 --- a/lib/Controller/RowController.php +++ b/lib/Controller/RowController.php @@ -8,6 +8,7 @@ namespace OCA\Tables\Controller; use OCA\Tables\AppInfo\Application; +use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\Service\RowService; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\DataResponse; @@ -39,6 +40,7 @@ public function __construct( /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function index(int $tableId): DataResponse { return $this->handleError(function () use ($tableId) { return $this->service->findAllByTable($tableId, $this->userId); @@ -48,6 +50,7 @@ public function index(int $tableId): DataResponse { /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function indexView(int $viewId): DataResponse { return $this->handleError(function () use ($viewId) { return $this->service->findAllByView($viewId, $this->userId); diff --git a/lib/Controller/ShareController.php b/lib/Controller/ShareController.php index 544875a28..7699a254e 100644 --- a/lib/Controller/ShareController.php +++ b/lib/Controller/ShareController.php @@ -40,6 +40,7 @@ public function __construct( /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function index(int $tableId): DataResponse { return $this->handleError(function () use ($tableId) { return $this->service->findAll('table', $tableId); @@ -49,6 +50,7 @@ public function index(int $tableId): DataResponse { /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function indexView(int $viewId): DataResponse { return $this->handleError(function () use ($viewId) { return $this->service->findAll('view', $viewId); diff --git a/lib/Controller/TableController.php b/lib/Controller/TableController.php index e7fe9e1d0..3286dd6aa 100644 --- a/lib/Controller/TableController.php +++ b/lib/Controller/TableController.php @@ -8,6 +8,7 @@ namespace OCA\Tables\Controller; use OCA\Tables\AppInfo\Application; +use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\Service\TableService; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\DataResponse; @@ -48,6 +49,7 @@ public function index(): DataResponse { /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function show(int $id): DataResponse { return $this->handleError(function () use ($id) { return $this->service->find($id); diff --git a/lib/Controller/ViewController.php b/lib/Controller/ViewController.php index 5587297dd..16e083186 100644 --- a/lib/Controller/ViewController.php +++ b/lib/Controller/ViewController.php @@ -13,6 +13,7 @@ use OCA\Tables\Errors\InternalError; use OCA\Tables\Errors\NotFoundError; use OCA\Tables\Errors\PermissionError; +use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\Service\TableService; use OCA\Tables\Service\ViewService; use OCP\AppFramework\Controller; @@ -53,6 +54,7 @@ public function __construct( /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function index(int $tableId): DataResponse { return $this->handleError(function () use ($tableId) { return $this->service->findAll($this->getTable($tableId), $this->userId); @@ -71,6 +73,7 @@ public function indexSharedWithMe(): DataResponse { /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'id')] public function show(int $id): DataResponse { return $this->handleError(function () use ($id) { return $this->service->find($id); From dda8897652c5f6715e2fa983efa15f8927eac54d Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 20 Sep 2024 16:15:44 +0200 Subject: [PATCH 3/5] refactor(Controller): extend usage of PermissionMiddleware Signed-off-by: Arthur Schiwon --- lib/Controller/Api1Controller.php | 6 ++++++ lib/Controller/ApiColumnsController.php | 5 +++++ lib/Controller/ApiTablesController.php | 2 ++ lib/Controller/ImportController.php | 3 +++ lib/Controller/TableController.php | 2 ++ lib/Controller/ViewController.php | 4 +++- 6 files changed, 21 insertions(+), 1 deletion(-) diff --git a/lib/Controller/Api1Controller.php b/lib/Controller/Api1Controller.php index d93c251ab..c5c9a6121 100644 --- a/lib/Controller/Api1Controller.php +++ b/lib/Controller/Api1Controller.php @@ -223,6 +223,7 @@ public function getTable(int $tableId): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function updateTable(int $tableId, ?string $title = null, ?string $emoji = null, ?bool $archived = false): DataResponse { try { return new DataResponse($this->tableService->update($tableId, $title, $emoji, null, $archived, $this->userId)->jsonSerialize()); @@ -255,6 +256,7 @@ public function updateTable(int $tableId, ?string $title = null, ?string $emoji * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function deleteTable(int $tableId): DataResponse { try { return new DataResponse($this->tableService->delete($tableId)->jsonSerialize()); @@ -325,6 +327,7 @@ public function indexViews(int $tableId): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function createView(int $tableId, string $title, ?string $emoji): DataResponse { try { return new DataResponse($this->viewService->create($title, $emoji, $this->tableService->find($tableId))->jsonSerialize()); @@ -388,6 +391,7 @@ public function getView(int $viewId): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function updateView(int $viewId, array $data): DataResponse { try { return new DataResponse($this->viewService->update($viewId, $data)->jsonSerialize()); @@ -420,6 +424,7 @@ public function updateView(int $viewId, array $data): DataResponse { * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function deleteView(int $viewId): DataResponse { try { return new DataResponse($this->viewService->delete($viewId)->jsonSerialize()); @@ -1511,6 +1516,7 @@ public function createTableShare(int $tableId, string $receiver, string $receive * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function createTableColumn( int $tableId, string $title, diff --git a/lib/Controller/ApiColumnsController.php b/lib/Controller/ApiColumnsController.php index 318daf5c3..d9823e821 100644 --- a/lib/Controller/ApiColumnsController.php +++ b/lib/Controller/ApiColumnsController.php @@ -124,6 +124,7 @@ public function show(int $id): DataResponse { * @throws NotFoundError * @throws PermissionError */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')] public function createNumberColumn(int $baseNodeId, string $title, ?float $numberDefault, ?int $numberDecimals, ?string $numberPrefix, ?string $numberSuffix, ?float $numberMin, ?float $numberMax, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse { $tableId = $baseNodeType === 'table' ? $baseNodeId : null; $viewId = $baseNodeType === 'view' ? $baseNodeId : null; @@ -175,6 +176,7 @@ public function createNumberColumn(int $baseNodeId, string $title, ?float $numbe * @throws NotFoundError * @throws PermissionError */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')] public function createTextColumn(int $baseNodeId, string $title, ?string $textDefault, ?string $textAllowedPattern, ?int $textMaxLength, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse { $tableId = $baseNodeType === 'table' ? $baseNodeId : null; $viewId = $baseNodeType === 'view' ? $baseNodeId : null; @@ -222,6 +224,7 @@ public function createTextColumn(int $baseNodeId, string $title, ?string $textDe * @throws NotFoundError * @throws PermissionError */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')] public function createSelectionColumn(int $baseNodeId, string $title, string $selectionOptions, ?string $selectionDefault, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse { $tableId = $baseNodeType === 'table' ? $baseNodeId : null; $viewId = $baseNodeType === 'view' ? $baseNodeId : null; @@ -267,6 +270,7 @@ public function createSelectionColumn(int $baseNodeId, string $title, string $se * @throws NotFoundError * @throws PermissionError */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')] public function createDatetimeColumn(int $baseNodeId, string $title, ?string $datetimeDefault, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse { $tableId = $baseNodeType === 'table' ? $baseNodeId : null; $viewId = $baseNodeType === 'view' ? $baseNodeId : null; @@ -312,6 +316,7 @@ public function createDatetimeColumn(int $baseNodeId, string $title, ?string $da * @throws NotFoundError * @throws PermissionError */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')] public function createUsergroupColumn(int $baseNodeId, string $title, ?string $usergroupDefault, bool $usergroupMultipleItems = null, bool $usergroupSelectUsers = null, bool $usergroupSelectGroups = null, bool $showUserStatus = null, string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse { $tableId = $baseNodeType === 'table' ? $baseNodeId : null; $viewId = $baseNodeType === 'view' ? $baseNodeId : null; diff --git a/lib/Controller/ApiTablesController.php b/lib/Controller/ApiTablesController.php index 7ed79006e..e2e26371f 100644 --- a/lib/Controller/ApiTablesController.php +++ b/lib/Controller/ApiTablesController.php @@ -230,6 +230,7 @@ public function create(string $title, ?string $emoji, ?string $description, stri * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function update(int $id, ?string $title = null, ?string $emoji = null, ?string $description = null, ?bool $archived = null): DataResponse { try { return new DataResponse($this->service->update($id, $title, $emoji, $description, $archived, $this->userId)->jsonSerialize()); @@ -254,6 +255,7 @@ public function update(int $id, ?string $title = null, ?string $emoji = null, ?s * 403: No permissions * 404: Not found */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function destroy(int $id): DataResponse { try { return new DataResponse($this->service->delete($id)->jsonSerialize()); diff --git a/lib/Controller/ImportController.php b/lib/Controller/ImportController.php index 9ca8d2274..5be93383c 100644 --- a/lib/Controller/ImportController.php +++ b/lib/Controller/ImportController.php @@ -78,6 +78,7 @@ public function importInTable(int $tableId, String $path, bool $createMissingCol /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function previewImportView(int $viewId, String $path): DataResponse { return $this->handleError(function () use ($viewId, $path) { return $this->service->previewImport(null, $viewId, $path); @@ -98,6 +99,7 @@ public function importInView(int $viewId, String $path, bool $createMissingColum /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function previewUploadImportTable(int $tableId): DataResponse { try { $file = $this->getUploadedFile('uploadfile'); @@ -131,6 +133,7 @@ public function importUploadInTable(int $tableId, bool $createMissingColumns = t /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function previewUploadImportView(int $viewId): DataResponse { try { $file = $this->getUploadedFile('uploadfile'); diff --git a/lib/Controller/TableController.php b/lib/Controller/TableController.php index 3286dd6aa..50a192dd2 100644 --- a/lib/Controller/TableController.php +++ b/lib/Controller/TableController.php @@ -68,6 +68,7 @@ public function create(string $title, string $template, string $emoji): DataResp /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function destroy(int $id): DataResponse { return $this->handleError(function () use ($id) { return $this->service->delete($id); @@ -77,6 +78,7 @@ public function destroy(int $id): DataResponse { /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function update(int $id, ?string $title = null, ?string $emoji = null, ?bool $archived = null): DataResponse { return $this->handleError(function () use ($id, $title, $emoji, $archived) { return $this->service->update($id, $title, $emoji, null, $archived, $this->userId); diff --git a/lib/Controller/ViewController.php b/lib/Controller/ViewController.php index 16e083186..e36a0b06d 100644 --- a/lib/Controller/ViewController.php +++ b/lib/Controller/ViewController.php @@ -83,6 +83,7 @@ public function show(int $id): DataResponse { /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function create(int $tableId, string $title, ?string $emoji): DataResponse { return $this->handleError(function () use ($tableId, $title, $emoji) { return $this->service->create($title, $emoji, $this->getTable($tableId, true)); @@ -92,6 +93,7 @@ public function create(int $tableId, string $title, ?string $emoji): DataRespons /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_VIEW, idParam: 'id')] public function update(int $id, array $data): DataResponse { return $this->handleError(function () use ($id, $data) { return $this->service->update($id, $data, $this->userId); @@ -101,13 +103,13 @@ public function update(int $id, array $data): DataResponse { /** * @NoAdminRequired */ + #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_VIEW, idParam: 'id')] public function destroy(int $id): DataResponse { return $this->handleError(function () use ($id) { return $this->service->delete($id); }); } - /** * @param int $tableId * @param bool $skipTableEnhancement From e64ceb4d549e426a4b212f28a795b26a9febff92 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Fri, 20 Sep 2024 20:30:21 +0200 Subject: [PATCH 4/5] fix(Controller): replace deprecated annotations with attributes Signed-off-by: Arthur Schiwon --- lib/Controller/Api1Controller.php | 260 +++++++++------------ lib/Controller/ApiColumnsController.php | 22 +- lib/Controller/ApiFavoriteController.php | 7 +- lib/Controller/ApiGeneralController.php | 4 +- lib/Controller/ApiTablesController.php | 25 +- lib/Controller/ColumnController.php | 29 +-- lib/Controller/ContextController.php | 17 +- lib/Controller/ImportController.php | 33 +-- lib/Controller/PageController.php | 17 +- lib/Controller/RowController.php | 29 +-- lib/Controller/SearchController.php | 5 +- lib/Controller/ShareController.php | 27 +-- lib/Controller/TableController.php | 21 +- lib/Controller/TableTemplateController.php | 5 +- lib/Controller/ViewController.php | 25 +- 15 files changed, 203 insertions(+), 323 deletions(-) diff --git a/lib/Controller/Api1Controller.php b/lib/Controller/Api1Controller.php index c5c9a6121..8d86aef18 100644 --- a/lib/Controller/Api1Controller.php +++ b/lib/Controller/Api1Controller.php @@ -30,6 +30,9 @@ use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Db\MultipleObjectsReturnedException; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\CORS; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IL10N; use OCP\IRequest; @@ -96,14 +99,13 @@ public function __construct( /** * Returns all Tables * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @return DataResponse|DataResponse * * 200: Tables returned */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function index(): DataResponse { try { return new DataResponse($this->tableService->formatTables($this->tableService->findAll($this->userId))); @@ -117,10 +119,6 @@ public function index(): DataResponse { /** * Create a new table and return it * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param string $title Title of the table * @param string|null $emoji Emoji for the table * @param string $template Template to use if wanted @@ -129,6 +127,9 @@ public function index(): DataResponse { * * 200: Tables returned */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function createTable(string $title, ?string $emoji, string $template = 'custom'): DataResponse { try { return new DataResponse($this->tableService->create($title, $template, $emoji)->jsonSerialize()); @@ -142,10 +143,6 @@ public function createTable(string $title, ?string $emoji, string $template = 'c /** * returns table scheme * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @return DataResponse|DataResponse * @@ -153,6 +150,9 @@ public function createTable(string $title, ?string $emoji, string $template = 'c * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function showScheme(int $tableId): DataResponse { try { @@ -176,10 +176,6 @@ public function showScheme(int $tableId): DataResponse { /** * Get a table object * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @return DataResponse|DataResponse * @@ -187,6 +183,9 @@ public function showScheme(int $tableId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function getTable(int $tableId): DataResponse { try { @@ -209,10 +208,6 @@ public function getTable(int $tableId): DataResponse { /** * Update tables properties * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @param string|null $title New table title * @param string|null $emoji New table emoji @@ -223,6 +218,9 @@ public function getTable(int $tableId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function updateTable(int $tableId, ?string $title = null, ?string $emoji = null, ?bool $archived = false): DataResponse { try { @@ -245,10 +243,6 @@ public function updateTable(int $tableId, ?string $title = null, ?string $emoji /** * Delete a table * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @return DataResponse|DataResponse * @@ -256,6 +250,9 @@ public function updateTable(int $tableId, ?string $title = null, ?string $emoji * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function deleteTable(int $tableId): DataResponse { try { @@ -280,10 +277,6 @@ public function deleteTable(int $tableId): DataResponse { /** * Get all views for a table * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @return DataResponse|DataResponse * @@ -291,6 +284,9 @@ public function deleteTable(int $tableId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function indexViews(int $tableId): DataResponse { try { @@ -313,10 +309,6 @@ public function indexViews(int $tableId): DataResponse { /** * Create a new view for a table * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID that will hold the view * @param string $title Title for the view * @param string|null $emoji Emoji for the view @@ -327,6 +319,9 @@ public function indexViews(int $tableId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function createView(int $tableId, string $title, ?string $emoji): DataResponse { try { @@ -345,10 +340,6 @@ public function createView(int $tableId, string $title, ?string $emoji): DataRes /** * Get a view object * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $viewId View ID * @return DataResponse|DataResponse * @@ -356,6 +347,9 @@ public function createView(int $tableId, string $title, ?string $emoji): DataRes * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function getView(int $viewId): DataResponse { try { @@ -378,10 +372,6 @@ public function getView(int $viewId): DataResponse { /** * Update a view via key-value sets * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $viewId View ID * @param array{key: 'title'|'emoji'|'description', value: string}|array{key: 'columns', value: int[]}|array{key: 'sort', value: array{columnId: int, mode: 'ASC'|'DESC'}}|array{key: 'filter', value: array{columnId: int, operator: 'begins-with'|'ends-with'|'contains'|'is-equal'|'is-greater-than'|'is-greater-than-or-equal'|'is-lower-than'|'is-lower-than-or-equal'|'is-empty', value: string|int|float}} $data key-value pairs * @return DataResponse|DataResponse @@ -391,6 +381,9 @@ public function getView(int $viewId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function updateView(int $viewId, array $data): DataResponse { try { @@ -413,10 +406,6 @@ public function updateView(int $viewId, array $data): DataResponse { /** * Delete a view * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $viewId View ID * @return DataResponse|DataResponse * @@ -424,6 +413,9 @@ public function updateView(int $viewId, array $data): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function deleteView(int $viewId): DataResponse { try { @@ -448,10 +440,6 @@ public function deleteView(int $viewId): DataResponse { /** * Get a share object * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $shareId Share ID * @return DataResponse|DataResponse * @@ -459,6 +447,9 @@ public function deleteView(int $viewId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function getShare(int $shareId): DataResponse { try { return new DataResponse($this->shareService->find($shareId)->jsonSerialize()); @@ -481,15 +472,14 @@ public function getShare(int $shareId): DataResponse { * Get all shares for a view * Will be empty if view does not exist * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $viewId View ID * @return DataResponse|DataResponse * * 200: Shares returned */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function indexViewShares(int $viewId): DataResponse { try { return new DataResponse($this->shareService->formatShares($this->shareService->findAll('view', $viewId))); @@ -504,15 +494,14 @@ public function indexViewShares(int $viewId): DataResponse { * Get all shares for a table * Will be empty if table does not exist * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @return DataResponse|DataResponse * * 200: Shares returned */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function indexTableShares(int $tableId): DataResponse { try { return new DataResponse($this->shareService->formatShares($this->shareService->findAll('table', $tableId))); @@ -526,10 +515,6 @@ public function indexTableShares(int $tableId): DataResponse { /** * Create a new share * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $nodeId Node ID * @param 'table'|'view'|'context' $nodeType Node type * @param string $receiver Receiver ID @@ -546,6 +531,9 @@ public function indexTableShares(int $tableId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_MANAGE)] public function createShare( int $nodeId, @@ -579,10 +567,6 @@ public function createShare( /** * Delete a share * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $shareId Share ID * @return DataResponse|DataResponse * @@ -590,6 +574,9 @@ public function createShare( * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function deleteShare(int $shareId): DataResponse { try { return new DataResponse($this->shareService->delete($shareId)->jsonSerialize()); @@ -611,10 +598,6 @@ public function deleteShare(int $shareId): DataResponse { /** * Update a share permission * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $shareId Share ID * @param string $permissionType Permission type that should be changed * @param bool $permissionValue New permission value @@ -624,6 +607,9 @@ public function deleteShare(int $shareId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function updateSharePermissions(int $shareId, string $permissionType, bool $permissionValue): DataResponse { try { return new DataResponse($this->shareService->updatePermission($shareId, $permissionType, $permissionValue)->jsonSerialize()); @@ -645,10 +631,6 @@ public function updateSharePermissions(int $shareId, string $permissionType, boo /** * Updates the display mode of a context share * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $shareId Share ID * @param int $displayMode The new value for the display mode of the nav bar icon. 0: hidden, 1: visible for recipients, 2: visible for all * @param string $target "default" to set the default, "self" to set an override for the authenticated user @@ -662,6 +644,9 @@ public function updateSharePermissions(int $shareId, string $permissionType, boo * @psalm-param int<0, 2> $displayMode * @psalm-param ("default"|"self") $target */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function updateShareDisplayMode(int $shareId, int $displayMode, string $target = 'default'): DataResponse { if ($target === 'default') { $userId = ''; @@ -697,10 +682,6 @@ public function updateShareDisplayMode(int $shareId, int $displayMode, string $t * Get all columns for a table or a underlying view * Return an empty array if no columns were found * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @param int|null $viewId View ID * @return DataResponse|DataResponse @@ -709,6 +690,9 @@ public function updateShareDisplayMode(int $shareId, int $displayMode, string $t * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function indexTableColumns(int $tableId, ?int $viewId): DataResponse { try { return new DataResponse($this->columnService->formatColumns($this->columnService->findAllByTable($tableId, $viewId))); @@ -727,10 +711,6 @@ public function indexTableColumns(int $tableId, ?int $viewId): DataResponse { * Get all columns for a view * Return an empty array if no columns were found * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $viewId View ID * @return DataResponse|DataResponse * @@ -738,6 +718,9 @@ public function indexTableColumns(int $tableId, ?int $viewId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function indexViewColumns(int $viewId): DataResponse { try { @@ -760,10 +743,6 @@ public function indexViewColumns(int $viewId): DataResponse { /** * Create a column * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int|null $tableId Table ID * @param int|null $viewId View ID * @param string $title Title @@ -796,6 +775,9 @@ public function indexViewColumns(int $viewId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function createColumn( ?int $tableId, ?int $viewId, @@ -877,10 +859,6 @@ public function createColumn( /** * Update a column * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $columnId Column ID that will be updated * @param string|null $title Title * @param string|null $subtype Column sub type @@ -908,6 +886,9 @@ public function createColumn( * * 200: Updated column */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function updateColumn( int $columnId, ?string $title, @@ -978,10 +959,6 @@ public function updateColumn( /** * Returns a column object * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $columnId Wanted Column ID * @return DataResponse|DataResponse * @@ -989,6 +966,9 @@ public function updateColumn( * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function getColumn(int $columnId): DataResponse { try { return new DataResponse($this->columnService->find($columnId)->jsonSerialize()); @@ -1010,10 +990,6 @@ public function getColumn(int $columnId): DataResponse { /** * Delete a column * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $columnId Wanted Column ID * @return DataResponse|DataResponse * @@ -1021,6 +997,9 @@ public function getColumn(int $columnId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function deleteColumn(int $columnId): DataResponse { try { return new DataResponse($this->columnService->delete($columnId)->jsonSerialize()); @@ -1042,10 +1021,6 @@ public function deleteColumn(int $columnId): DataResponse { /** * List all rows values for a table, first row are the column titles * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @param int|null $limit Limit * @param int|null $offset Offset @@ -1055,6 +1030,9 @@ public function deleteColumn(int $columnId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function indexTableRowsSimple(int $tableId, ?int $limit, ?int $offset): DataResponse { try { @@ -1073,10 +1051,6 @@ public function indexTableRowsSimple(int $tableId, ?int $limit, ?int $offset): D /** * List all rows for a table * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @param int|null $limit Limit * @param int|null $offset Offset @@ -1086,6 +1060,9 @@ public function indexTableRowsSimple(int $tableId, ?int $limit, ?int $offset): D * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function indexTableRows(int $tableId, ?int $limit, ?int $offset): DataResponse { try { @@ -1104,10 +1081,6 @@ public function indexTableRows(int $tableId, ?int $limit, ?int $offset): DataRes /** * List all rows for a view * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $viewId View ID * @param int|null $limit Limit * @param int|null $offset Offset @@ -1117,6 +1090,9 @@ public function indexTableRows(int $tableId, ?int $limit, ?int $offset): DataRes * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function indexViewRows(int $viewId, ?int $limit, ?int $offset): DataResponse { try { @@ -1135,10 +1111,6 @@ public function indexViewRows(int $viewId, ?int $limit, ?int $offset): DataRespo /** * Create a row within a view * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $viewId View ID * @param string|array $data Data as key - value store * @return DataResponse|DataResponse @@ -1146,6 +1118,9 @@ public function indexViewRows(int $viewId, ?int $limit, ?int $offset): DataRespo * 200: Row returned * 403: No permissions */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function createRowInView(int $viewId, $data): DataResponse { if(is_string($data)) { @@ -1181,10 +1156,6 @@ public function createRowInView(int $viewId, $data): DataResponse { /** * Create a row within a table * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @param string|array $data Data as key - value store * @return DataResponse|DataResponse @@ -1193,6 +1164,9 @@ public function createRowInView(int $viewId, $data): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function createRowInTable(int $tableId, $data): DataResponse { if(is_string($data)) { @@ -1228,10 +1202,6 @@ public function createRowInTable(int $tableId, $data): DataResponse { /** * Get a row * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $rowId Row ID * @return DataResponse|DataResponse * @@ -1239,6 +1209,9 @@ public function createRowInTable(int $tableId, $data): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function getRow(int $rowId): DataResponse { try { return new DataResponse($this->rowService->find($rowId)->jsonSerialize()); @@ -1260,10 +1233,6 @@ public function getRow(int $rowId): DataResponse { /** * Update a row * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $rowId Row ID * @param int|null $viewId View ID * @param string|array $data Data as key - value store @@ -1274,6 +1243,9 @@ public function getRow(int $rowId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function updateRow(int $rowId, ?int $viewId, $data): DataResponse { if(is_string($data)) { $data = json_decode($data, true); @@ -1303,10 +1275,6 @@ public function updateRow(int $rowId, ?int $viewId, $data): DataResponse { /** * Delete a row * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $rowId Row ID * * @return DataResponse|DataResponse @@ -1315,6 +1283,9 @@ public function updateRow(int $rowId, ?int $viewId, $data): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function deleteRow(int $rowId): DataResponse { try { return new DataResponse($this->rowService->delete($rowId, null, $this->userId)->jsonSerialize()); @@ -1336,10 +1307,6 @@ public function deleteRow(int $rowId): DataResponse { /** * Delete a row within a view * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $rowId Row ID * @param int $viewId View ID * @return DataResponse|DataResponse @@ -1348,6 +1315,9 @@ public function deleteRow(int $rowId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] public function deleteRowByView(int $rowId, int $viewId): DataResponse { try { return new DataResponse($this->rowService->delete($rowId, $viewId, $this->userId)->jsonSerialize()); @@ -1369,9 +1339,6 @@ public function deleteRowByView(int $rowId, int $viewId): DataResponse { /** * Import from file in to a table * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired * @param int $tableId Table ID * @param string $path Path to file * @param bool $createMissingColumns Create missing columns @@ -1381,6 +1348,9 @@ public function deleteRowByView(int $rowId, int $viewId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function importInTable(int $tableId, string $path, bool $createMissingColumns = true): DataResponse { try { @@ -1404,9 +1374,6 @@ public function importInTable(int $tableId, string $path, bool $createMissingCol /** * Import from file in to a table * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired * @param int $viewId View ID * @param string $path Path to file * @param bool $createMissingColumns Create missing columns @@ -1416,6 +1383,9 @@ public function importInTable(int $tableId, string $path, bool $createMissingCol * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function importInView(int $viewId, string $path, bool $createMissingColumns = true): DataResponse { try { @@ -1441,10 +1411,6 @@ public function importInView(int $viewId, string $path, bool $createMissingColum /** * Create a share for a table * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @param string $receiver Receiver ID * @param 'user'|'group' $receiverType Receiver type @@ -1459,6 +1425,9 @@ public function importInView(int $viewId, string $path, bool $createMissingColum * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function createTableShare(int $tableId, string $receiver, string $receiverType, bool $permissionRead, bool $permissionCreate, bool $permissionUpdate, bool $permissionDelete, bool $permissionManage): DataResponse { try { @@ -1481,10 +1450,6 @@ public function createTableShare(int $tableId, string $receiver, string $receive /** * Create a new column for a table * - * @NoAdminRequired - * @CORS - * @NoCSRFRequired - * * @param int $tableId Table ID * @param string $title Title * @param 'text'|'number'|'datetime'|'select'|'usergroup' $type Column main type @@ -1516,6 +1481,9 @@ public function createTableShare(int $tableId, string $receiver, string $receive * 403: No permissions * 404: Not found */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[CORS] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function createTableColumn( int $tableId, diff --git a/lib/Controller/ApiColumnsController.php b/lib/Controller/ApiColumnsController.php index d9823e821..9560dbd26 100644 --- a/lib/Controller/ApiColumnsController.php +++ b/lib/Controller/ApiColumnsController.php @@ -15,6 +15,7 @@ use OCA\Tables\ResponseDefinitions; use OCA\Tables\Service\ColumnService; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IL10N; use OCP\IRequest; @@ -41,8 +42,6 @@ public function __construct( * * Return an empty array if no columns were found * - * @NoAdminRequired - * * @param int $nodeId Node ID * @param 'table'|'view' $nodeType Node type * @return DataResponse|DataResponse @@ -51,6 +50,7 @@ public function __construct( * 403: No permissions * 404: Not found */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ)] public function index(int $nodeId, string $nodeType): DataResponse { try { @@ -74,8 +74,6 @@ public function index(int $nodeId, string $nodeType): DataResponse { /** * [api v2] Get a column object * - * @NoAdminRequired - * * @param int $id Column ID * @return DataResponse|DataResponse * @@ -83,6 +81,7 @@ public function index(int $nodeId, string $nodeType): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] public function show(int $id): DataResponse { try { return new DataResponse($this->service->find($id)->jsonSerialize()); @@ -100,8 +99,6 @@ public function show(int $id): DataResponse { * * Specify a subtype to use any special numbered column * - * @NoAdminRequired - * * @param int $baseNodeId Context of the column creation * @param string $title Title * @param boolean $mandatory Is mandatory @@ -124,6 +121,7 @@ public function show(int $id): DataResponse { * @throws NotFoundError * @throws PermissionError */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')] public function createNumberColumn(int $baseNodeId, string $title, ?float $numberDefault, ?int $numberDecimals, ?string $numberPrefix, ?string $numberSuffix, ?float $numberMin, ?float $numberMax, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse { $tableId = $baseNodeType === 'table' ? $baseNodeId : null; @@ -155,8 +153,6 @@ public function createNumberColumn(int $baseNodeId, string $title, ?float $numbe * * Specify a subtype to use any special text column * - * @NoAdminRequired - * * @param int $baseNodeId Context of the column creation * @param string $title Title * @param string|null $textDefault Default @@ -176,6 +172,7 @@ public function createNumberColumn(int $baseNodeId, string $title, ?float $numbe * @throws NotFoundError * @throws PermissionError */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')] public function createTextColumn(int $baseNodeId, string $title, ?string $textDefault, ?string $textAllowedPattern, ?int $textMaxLength, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse { $tableId = $baseNodeType === 'table' ? $baseNodeId : null; @@ -204,8 +201,6 @@ public function createTextColumn(int $baseNodeId, string $title, ?string $textDe * * Specify a subtype to use any special selection column * - * @NoAdminRequired - * * @param int $baseNodeId Context of the column creation * @param string $title Title * @param string $selectionOptions Json array{id: int, label: string} with options that can be selected, eg [{"id": 1, "label": "first"},{"id": 2, "label": "second"}] @@ -224,6 +219,7 @@ public function createTextColumn(int $baseNodeId, string $title, ?string $textDe * @throws NotFoundError * @throws PermissionError */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')] public function createSelectionColumn(int $baseNodeId, string $title, string $selectionOptions, ?string $selectionDefault, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse { $tableId = $baseNodeType === 'table' ? $baseNodeId : null; @@ -251,8 +247,6 @@ public function createSelectionColumn(int $baseNodeId, string $title, string $se * * Specify a subtype to use any special datetime column * - * @NoAdminRequired - * * @param int $baseNodeId Context of the column creation * @param string $title Title * @param 'today'|'now'|null $datetimeDefault For a subtype 'date' you can set 'today'. For a main type or subtype 'time' you can set to 'now'. @@ -270,6 +264,7 @@ public function createSelectionColumn(int $baseNodeId, string $title, string $se * @throws NotFoundError * @throws PermissionError */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')] public function createDatetimeColumn(int $baseNodeId, string $title, ?string $datetimeDefault, ?string $subtype = null, ?string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse { $tableId = $baseNodeType === 'table' ? $baseNodeId : null; @@ -294,8 +289,6 @@ public function createDatetimeColumn(int $baseNodeId, string $title, ?string $da /** * [api v2] Create new usergroup column * - * @NoAdminRequired - * * @param int $baseNodeId Context of the column creation * @param string $title Title * @param string|null $usergroupDefault Json array{id: string, type: int}, eg [{"id": "admin", "type": 0}, {"id": "user1", "type": 0}] @@ -316,6 +309,7 @@ public function createDatetimeColumn(int $baseNodeId, string $title, ?string $da * @throws NotFoundError * @throws PermissionError */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, typeParam: 'baseNodeType', idParam: 'baseNodeId')] public function createUsergroupColumn(int $baseNodeId, string $title, ?string $usergroupDefault, bool $usergroupMultipleItems = null, bool $usergroupSelectUsers = null, bool $usergroupSelectGroups = null, bool $showUserStatus = null, string $description = null, ?array $selectedViewIds = [], bool $mandatory = false, string $baseNodeType = 'table'): DataResponse { $tableId = $baseNodeType === 'table' ? $baseNodeId : null; diff --git a/lib/Controller/ApiFavoriteController.php b/lib/Controller/ApiFavoriteController.php index 63231d1a2..05271b4cb 100644 --- a/lib/Controller/ApiFavoriteController.php +++ b/lib/Controller/ApiFavoriteController.php @@ -16,6 +16,7 @@ use OCA\Tables\ResponseDefinitions; use OCA\Tables\Service\FavoritesService; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\DB\Exception as DBException; use OCP\IL10N; @@ -41,8 +42,6 @@ public function __construct( /** * [api v2] Add a node (table or view) to user favorites * - * @NoAdminRequired - * * @param int $nodeType any Application::NODE_TYPE_* constant * @param int $nodeId identifier of the node * @return DataResponse|DataResponse @@ -51,6 +50,7 @@ public function __construct( * 403: No permissions * 404: Not found */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ)] public function create(int $nodeType, int $nodeId): DataResponse { try { @@ -69,8 +69,6 @@ public function create(int $nodeType, int $nodeId): DataResponse { /** * [api v2] Remove a node (table or view) to from favorites * - * @NoAdminRequired - * * @param int $nodeType any Application::NODE_TYPE_* constant * @param int $nodeId identifier of the node * @return DataResponse|DataResponse @@ -79,6 +77,7 @@ public function create(int $nodeType, int $nodeId): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ)] public function destroy(int $nodeType, int $nodeId): DataResponse { try { diff --git a/lib/Controller/ApiGeneralController.php b/lib/Controller/ApiGeneralController.php index ed8f7ec5a..5d387d935 100644 --- a/lib/Controller/ApiGeneralController.php +++ b/lib/Controller/ApiGeneralController.php @@ -15,6 +15,7 @@ use OCA\Tables\Service\TableService; use OCA\Tables\Service\ViewService; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IL10N; use OCP\IRequest; @@ -46,12 +47,11 @@ public function __construct( * * Tables and views incl. shares * - * @NoAdminRequired - * * @return DataResponse|DataResponse * * 200: Index returned */ + #[NoAdminRequired] public function index(): DataResponse { try { $tables = $this->tableService->formatTables($this->tableService->findAll($this->userId)); diff --git a/lib/Controller/ApiTablesController.php b/lib/Controller/ApiTablesController.php index e2e26371f..9c5ed7ed0 100644 --- a/lib/Controller/ApiTablesController.php +++ b/lib/Controller/ApiTablesController.php @@ -20,6 +20,7 @@ use OCA\Tables\Service\ViewService; use OCP\App\IAppManager; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IDBConnection; use OCP\IL10N; @@ -59,12 +60,11 @@ public function __construct( /** * [api v2] Returns all Tables * - * @NoAdminRequired - * * @return DataResponse|DataResponse * * 200: Tables returned */ + #[NoAdminRequired] public function index(): DataResponse { try { return new DataResponse($this->service->formatTables($this->service->findAll($this->userId))); @@ -76,8 +76,6 @@ public function index(): DataResponse { /** * [api v2] Get a table object * - * @NoAdminRequired - * * @param int $id Table ID * @return DataResponse|DataResponse * @@ -85,6 +83,7 @@ public function index(): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function show(int $id): DataResponse { try { @@ -101,8 +100,6 @@ public function show(int $id): DataResponse { /** * [api v2] Get a table Scheme * - * @NoAdminRequired - * * @param int $id Table ID * @return DataResponse|DataResponse * @@ -110,6 +107,7 @@ public function show(int $id): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function showScheme(int $id): DataResponse { try { @@ -124,8 +122,6 @@ public function showScheme(int $id): DataResponse { } /** - * @NoAdminRequired - * * creates table from scheme * * @param string $title title of new table @@ -137,6 +133,7 @@ public function showScheme(int $id): DataResponse { * * 200: Tables returned */ + #[NoAdminRequired] public function createFromScheme(string $title, string $emoji, string $description, array $columns, array $views): DataResponse { try { $this->db->beginTransaction(); @@ -195,8 +192,6 @@ public function createFromScheme(string $title, string $emoji, string $descripti /** * [api v2] Create a new table and return it * - * @NoAdminRequired - * * @param string $title Title of the table * @param string|null $emoji Emoji for the table * @param string|null $description Description for the table @@ -206,6 +201,7 @@ public function createFromScheme(string $title, string $emoji, string $descripti * * 200: Tables returned */ + #[NoAdminRequired] public function create(string $title, ?string $emoji, ?string $description, string $template = 'custom'): DataResponse { try { return new DataResponse($this->service->create($title, $template, $emoji, $description)->jsonSerialize()); @@ -217,8 +213,6 @@ public function create(string $title, ?string $emoji, ?string $description, stri /** * [api v2] Update tables properties * - * @NoAdminRequired - * * @param int $id Table ID * @param string|null $title New table title * @param string|null $emoji New table emoji @@ -230,6 +224,7 @@ public function create(string $title, ?string $emoji, ?string $description, stri * 403: No permissions * 404: Not found */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function update(int $id, ?string $title = null, ?string $emoji = null, ?string $description = null, ?bool $archived = null): DataResponse { try { @@ -246,8 +241,6 @@ public function update(int $id, ?string $title = null, ?string $emoji = null, ?s /** * [api v2] Delete a table * - * @NoAdminRequired - * * @param int $id Table ID * @return DataResponse|DataResponse * @@ -255,6 +248,7 @@ public function update(int $id, ?string $title = null, ?string $emoji = null, ?s * 403: No permissions * 404: Not found */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function destroy(int $id): DataResponse { try { @@ -273,8 +267,6 @@ public function destroy(int $id): DataResponse { * * Transfer table from one user to another * - * @NoAdminRequired - * * @param int $id Table ID * @param string $newOwnerUserId New user ID * @@ -284,6 +276,7 @@ public function destroy(int $id): DataResponse { * 403: No permissions * 404: Not found */ + #[NoAdminRequired] public function transfer(int $id, string $newOwnerUserId): DataResponse { try { return new DataResponse($this->service->setOwner($id, $newOwnerUserId)->jsonSerialize()); diff --git a/lib/Controller/ColumnController.php b/lib/Controller/ColumnController.php index d53cc45d5..df1a9509d 100644 --- a/lib/Controller/ColumnController.php +++ b/lib/Controller/ColumnController.php @@ -12,6 +12,7 @@ use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\Service\ColumnService; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; use Psr\Log\LoggerInterface; @@ -36,27 +37,21 @@ public function __construct( $this->userId = $userId; } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function index(int $tableId, ?int $viewId): DataResponse { return $this->handleError(function () use ($tableId, $viewId) { return $this->service->findAllByTable($tableId, $viewId); }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function indexTableByView(int $tableId, ?int $viewId): DataResponse { return $this->handleError(function () use ($tableId, $viewId) { return $this->service->findAllByTable($tableId, $viewId); }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function indexView(int $viewId): DataResponse { return $this->handleError(function () use ($viewId) { @@ -64,18 +59,14 @@ public function indexView(int $viewId): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function show(int $id): DataResponse { return $this->handleError(function () use ($id) { return $this->service->find($id); }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function create( ?int $tableId, ?int $viewId, @@ -174,9 +165,7 @@ public function create( }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function update( int $id, ?int $tableId, @@ -271,9 +260,7 @@ public function update( }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function destroy(int $id): DataResponse { return $this->handleError(function () use ($id) { return $this->service->delete($id, false, $this->userId); diff --git a/lib/Controller/ContextController.php b/lib/Controller/ContextController.php index ec7742d9a..4a2e60a75 100644 --- a/lib/Controller/ContextController.php +++ b/lib/Controller/ContextController.php @@ -18,6 +18,7 @@ use OCP\AppFramework\Db\DoesNotExistException; use OCP\AppFramework\Db\MultipleObjectsReturnedException; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\DB\Exception; use OCP\IL10N; @@ -51,9 +52,8 @@ public function __construct( * @return DataResponse|DataResponse * * 200: reporting in available contexts - * - * @NoAdminRequired */ + #[NoAdminRequired] public function index(): DataResponse { try { $contexts = $this->contextService->findAll($this->userId); @@ -72,8 +72,8 @@ public function index(): DataResponse { * 200: returning the full context information * 404: context not found or not available anymore * - * @NoAdminRequired */ + #[NoAdminRequired] public function show(int $contextId): DataResponse { try { $context = $this->contextService->findById($contextId, $this->userId); @@ -88,8 +88,6 @@ public function show(int $contextId): DataResponse { /** * [api v2] Create a new context and return it * - * @NoAdminRequired - * * @param string $name Name of the context * @param string $iconName Material design icon name of the context * @param string $description Descriptive text of the context @@ -101,6 +99,7 @@ public function show(int $contextId): DataResponse { * 400: invalid parameters were supplied * 403: lacking permissions on a resource */ + #[NoAdminRequired] public function create(string $name, string $iconName, string $description = '', array $nodes = []): DataResponse { try { return new DataResponse($this->contextService->create( @@ -135,9 +134,9 @@ public function create(string $name, string $iconName, string $description = '', * 403: No permissions * 404: Not found * - * @NoAdminRequired * @CanManageContext */ + #[NoAdminRequired] public function update(int $contextId, ?string $name, ?string $iconName, ?string $description, ?array $nodes): DataResponse { try { $nodes = $nodes !== null ? $this->sanitizeInputNodes($nodes) : null; @@ -195,9 +194,9 @@ protected function sanitizeInputNodes(array $nodes): array { * 403: No permissions * 404: Not found * - * @NoAdminRequired * @CanManageContext */ + #[NoAdminRequired] public function destroy(int $contextId): DataResponse { try { return new DataResponse($this->contextService->delete($contextId, $this->userId)->jsonSerialize()); @@ -222,12 +221,12 @@ public function destroy(int $contextId): DataResponse { * 403: No permissions * 404: Not found * - * @NoAdminRequired * @CanManageContext * * @psalm-param int<0, max> $contextId * @psalm-param int<0, 0> $newOwnerType */ + #[NoAdminRequired] public function transfer(int $contextId, string $newOwnerId, int $newOwnerType = 0): DataResponse { try { return new DataResponse($this->contextService->transfer($contextId, $newOwnerId, $newOwnerType)->jsonSerialize()); @@ -249,7 +248,6 @@ public function transfer(int $contextId, string $newOwnerId, int $newOwnerType = * * @return DataResponse|DataResponse * - * @NoAdminRequired * @CanManageContext * * 200: content updated successfully @@ -257,6 +255,7 @@ public function transfer(int $contextId, string $newOwnerId, int $newOwnerType = * 403: No permissions * 404: Not found */ + #[NoAdminRequired] public function updateContentOrder(int $contextId, int $pageId, array $content): DataResponse { try { $context = $this->contextService->findById($contextId, $this->userId); diff --git a/lib/Controller/ImportController.php b/lib/Controller/ImportController.php index 5be93383c..5cf53a377 100644 --- a/lib/Controller/ImportController.php +++ b/lib/Controller/ImportController.php @@ -13,6 +13,7 @@ use OCA\Tables\UploadException; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\Files\NotPermittedException; use OCP\IL10N; @@ -54,9 +55,7 @@ public function __construct( $this->l10n = $l10n; } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function previewImportTable(int $tableId, String $path): DataResponse { return $this->handleError(function () use ($tableId, $path) { @@ -64,9 +63,7 @@ public function previewImportTable(int $tableId, String $path): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function importInTable(int $tableId, String $path, bool $createMissingColumns = true, array $columnsConfig = []): DataResponse { return $this->handleError(function () use ($tableId, $path, $createMissingColumns, $columnsConfig) { @@ -75,9 +72,7 @@ public function importInTable(int $tableId, String $path, bool $createMissingCol }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function previewImportView(int $viewId, String $path): DataResponse { return $this->handleError(function () use ($viewId, $path) { @@ -85,9 +80,7 @@ public function previewImportView(int $viewId, String $path): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function importInView(int $viewId, String $path, bool $createMissingColumns = true, array $columnsConfig = []): DataResponse { return $this->handleError(function () use ($viewId, $path, $createMissingColumns, $columnsConfig) { @@ -96,9 +89,7 @@ public function importInView(int $viewId, String $path, bool $createMissingColum }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function previewUploadImportTable(int $tableId): DataResponse { try { @@ -112,9 +103,7 @@ public function previewUploadImportTable(int $tableId): DataResponse { } } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function importUploadInTable(int $tableId, bool $createMissingColumns = true, string $columnsConfig = ''): DataResponse { try { @@ -130,9 +119,7 @@ public function importUploadInTable(int $tableId, bool $createMissingColumns = t } } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function previewUploadImportView(int $viewId): DataResponse { try { @@ -146,9 +133,7 @@ public function previewUploadImportView(int $viewId): DataResponse { } } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_CREATE, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function importUploadInView(int $viewId, bool $createMissingColumns = true, string $columnsConfig = ''): DataResponse { try { diff --git a/lib/Controller/PageController.php b/lib/Controller/PageController.php index 72a6d678b..5643d1b26 100644 --- a/lib/Controller/PageController.php +++ b/lib/Controller/PageController.php @@ -10,6 +10,9 @@ use OCA\Tables\AppInfo\Application; use OCA\Text\Event\LoadEditor; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\NoCSRFRequired; +use OCP\AppFramework\Http\Attribute\OpenAPI; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; use OCP\EventDispatcher\IEventDispatcher; @@ -29,12 +32,11 @@ public function __construct( } /** - * @NoAdminRequired - * @NoCSRFRequired - * @IgnoreOpenAPI - * * Render default template */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)] public function index(): TemplateResponse { Util::addScript(Application::APP_ID, 'tables-main'); Util::addStyle(Application::APP_ID, 'grid'); @@ -49,14 +51,13 @@ public function index(): TemplateResponse { } /** - * @NoAdminRequired - * @NoCSRFRequired - * @IgnoreOpenAPI - * * Render default template * * @psalm-param int<0, max> $appId */ + #[NoAdminRequired] + #[NoCSRFRequired] + #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)] public function context(int $contextId): TemplateResponse { $navId = Application::APP_ID . '_application_' . $contextId; $this->navigationManager->setActiveEntry($navId); diff --git a/lib/Controller/RowController.php b/lib/Controller/RowController.php index efd550fd4..27dd9a5cf 100644 --- a/lib/Controller/RowController.php +++ b/lib/Controller/RowController.php @@ -11,6 +11,7 @@ use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\Service\RowService; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; use Psr\Log\LoggerInterface; @@ -37,9 +38,7 @@ public function __construct( $this->userId = $userId; } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function index(int $tableId): DataResponse { return $this->handleError(function () use ($tableId) { @@ -47,9 +46,7 @@ public function index(int $tableId): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function indexView(int $viewId): DataResponse { return $this->handleError(function () use ($viewId) { @@ -57,18 +54,14 @@ public function indexView(int $viewId): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function show(int $id): DataResponse { return $this->handleError(function () use ($id) { return $this->service->find($id); }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function update( int $id, int $columnId, @@ -87,9 +80,7 @@ public function update( }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function updateSet( int $id, ?int $viewId, @@ -109,17 +100,13 @@ public function updateSet( }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function destroy(int $id): DataResponse { return $this->handleError(function () use ($id) { return $this->service->delete($id, null, $this->userId); }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function destroyByView(int $id, int $viewId): DataResponse { return $this->handleError(function () use ($id, $viewId) { return $this->service->delete($id, $viewId, $this->userId); diff --git a/lib/Controller/SearchController.php b/lib/Controller/SearchController.php index c719760ff..297e4d133 100644 --- a/lib/Controller/SearchController.php +++ b/lib/Controller/SearchController.php @@ -10,6 +10,7 @@ use OCA\Tables\AppInfo\Application; use OCA\Tables\Service\SearchService; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; use Psr\Log\LoggerInterface; @@ -34,9 +35,7 @@ public function __construct( } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function all(string $term = ''): DataResponse { return $this->handleError(function () use ($term) { return $this->service->all($term); diff --git a/lib/Controller/ShareController.php b/lib/Controller/ShareController.php index 7699a254e..40475a030 100644 --- a/lib/Controller/ShareController.php +++ b/lib/Controller/ShareController.php @@ -11,6 +11,7 @@ use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\Service\ShareService; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; use Psr\Log\LoggerInterface; @@ -37,9 +38,7 @@ public function __construct( } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function index(int $tableId): DataResponse { return $this->handleError(function () use ($tableId) { @@ -47,9 +46,7 @@ public function index(int $tableId): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'viewId')] public function indexView(int $viewId): DataResponse { return $this->handleError(function () use ($viewId) { @@ -57,18 +54,14 @@ public function indexView(int $viewId): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function show(int $id): DataResponse { return $this->handleError(function () use ($id) { return $this->service->find($id); }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE)] public function create( int $nodeId, @@ -87,9 +80,7 @@ public function create( }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function updatePermission(int $id, string $permission, bool $value): DataResponse { return $this->handleError(function () use ($id, $permission, $value) { return $this->service->updatePermission($id, $permission, $value); @@ -97,10 +88,10 @@ public function updatePermission(int $id, string $permission, bool $value): Data } /** - * @NoAdminRequired * @psalm-param int<0, 2> $displayMode * @psalm-param ("default"|"self") $target */ + #[NoAdminRequired] public function updateDisplayMode(int $id, int $displayMode, string $target = 'default') { return $this->handleError(function () use ($id, $displayMode, $target) { if ($target === 'default') { @@ -115,9 +106,7 @@ public function updateDisplayMode(int $id, int $displayMode, string $target = 'd }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function destroy(int $id): DataResponse { return $this->handleError(function () use ($id) { return $this->service->delete($id); diff --git a/lib/Controller/TableController.php b/lib/Controller/TableController.php index 50a192dd2..e22057d65 100644 --- a/lib/Controller/TableController.php +++ b/lib/Controller/TableController.php @@ -11,6 +11,7 @@ use OCA\Tables\Middleware\Attribute\RequirePermission; use OCA\Tables\Service\TableService; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; use Psr\Log\LoggerInterface; @@ -37,18 +38,14 @@ public function __construct( } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function index(): DataResponse { return $this->handleError(function () { return $this->service->findAll($this->userId); }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function show(int $id): DataResponse { return $this->handleError(function () use ($id) { @@ -56,18 +53,14 @@ public function show(int $id): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function create(string $title, string $template, string $emoji): DataResponse { return $this->handleError(function () use ($title, $template, $emoji) { return $this->service->create($title, $template, $emoji); }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function destroy(int $id): DataResponse { return $this->handleError(function () use ($id) { @@ -75,9 +68,7 @@ public function destroy(int $id): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'id')] public function update(int $id, ?string $title = null, ?string $emoji = null, ?bool $archived = null): DataResponse { return $this->handleError(function () use ($id, $title, $emoji, $archived) { diff --git a/lib/Controller/TableTemplateController.php b/lib/Controller/TableTemplateController.php index 7e37b434d..52bfc295a 100644 --- a/lib/Controller/TableTemplateController.php +++ b/lib/Controller/TableTemplateController.php @@ -10,6 +10,7 @@ use OCA\Tables\AppInfo\Application; use OCA\Tables\Service\TableTemplateService; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; use Psr\Log\LoggerInterface; @@ -30,9 +31,7 @@ public function __construct( $this->service = $service; } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function list(): DataResponse { return $this->handleError(function () { return $this->service->getTemplateList(); diff --git a/lib/Controller/ViewController.php b/lib/Controller/ViewController.php index e36a0b06d..65f460503 100644 --- a/lib/Controller/ViewController.php +++ b/lib/Controller/ViewController.php @@ -17,6 +17,7 @@ use OCA\Tables\Service\TableService; use OCA\Tables\Service\ViewService; use OCP\AppFramework\Controller; +use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\DataResponse; use OCP\IRequest; use Psr\Log\LoggerInterface; @@ -51,9 +52,7 @@ public function __construct( } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function index(int $tableId): DataResponse { return $this->handleError(function () use ($tableId) { @@ -61,18 +60,14 @@ public function index(int $tableId): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] public function indexSharedWithMe(): DataResponse { return $this->handleError(function () { return $this->service->findSharedViewsWithMe($this->userId); }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_READ, type: Application::NODE_TYPE_VIEW, idParam: 'id')] public function show(int $id): DataResponse { return $this->handleError(function () use ($id) { @@ -80,9 +75,7 @@ public function show(int $id): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_TABLE, idParam: 'tableId')] public function create(int $tableId, string $title, ?string $emoji): DataResponse { return $this->handleError(function () use ($tableId, $title, $emoji) { @@ -90,9 +83,7 @@ public function create(int $tableId, string $title, ?string $emoji): DataRespons }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_VIEW, idParam: 'id')] public function update(int $id, array $data): DataResponse { return $this->handleError(function () use ($id, $data) { @@ -100,9 +91,7 @@ public function update(int $id, array $data): DataResponse { }); } - /** - * @NoAdminRequired - */ + #[NoAdminRequired] #[RequirePermission(permission: Application::PERMISSION_MANAGE, type: Application::NODE_TYPE_VIEW, idParam: 'id')] public function destroy(int $id): DataResponse { return $this->handleError(function () use ($id) { From 5367494059c80c24574f30754c3843a9b42c4fc3 Mon Sep 17 00:00:00 2001 From: Arthur Schiwon Date: Mon, 23 Sep 2024 19:47:11 +0200 Subject: [PATCH 5/5] test(integration): inaccessible table shall respond 404 Signed-off-by: Arthur Schiwon --- tests/integration/features/APIv2.feature | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/tests/integration/features/APIv2.feature b/tests/integration/features/APIv2.feature index 62ff7f1ae..bc43fc76b 100644 --- a/tests/integration/features/APIv2.feature +++ b/tests/integration/features/APIv2.feature @@ -45,9 +45,7 @@ Feature: APIv2 And user "participant1-v2" sees the following table attributes on table "t1" | favorite | 0 | When user "participant3-v2" adds the table "t1" to favorites - Then the last response should have a "403" status code - - + Then the last response should have a "404" status code @api2 Scenario: Basic column actions