show encryption status, fixes #68

appinfo/routes.php

@@ -27,5 +27,6 @@
     	['name' => 'personal#getAdmins', 'url' => '/api/admins', 'verb' => 'GET'],
 		['name' => 'admin#addAdditionalAdmin', 'url' => 'api/admins', 'verb' => 'POST'],
 		['name' => 'admin#deleteAdditionalAdmin', 'url' => 'api/admins/{id}', 'verb' => 'DELETE'],
+		['name' => 'admin#setFullDiskEncryption', 'url' => 'api/fullDiskEncryption', 'verb' => 'POST'],
     ]
 ];

css/style.scss

@@ -58,6 +58,18 @@
   }
 }
 
+.who-has-access,
+.where-is-my-data {
+  span.icon.icon-rename {
+   display: inline-block;
+   opacity: 0.5;
+
+   &:hover {
+    opacity: 0.8;
+   }
+  }
+}
+
 .where-is-my-data {
   max-width: 500px;
 
@@ -75,18 +87,6 @@
     }
   }
 
-  > p {
-
-    > span.icon.icon-rename {
-      display: inline-block;
-      opacity: 0.5;
-
-      &:hover {
-        opacity: 0.8;
-      }
-    }
-  }
-
   > div.multiselect-container {
     position: relative;
 

lib/Controller/AdminController.php

@@ -98,4 +98,17 @@ public function deleteAdditionalAdmin(int $id):JSONResponse {
 		return new JSONResponse([], Http::STATUS_OK);
 	}
 
+	/**
+	 * @param string $enabled
+	 * @return JSONResponse
+	 */
+	public function setFullDiskEncryption(string $enabled):JSONResponse {
+		$allowedValues = ['0', '1'];
+		if (!\in_array($enabled, $allowedValues, true)) {
+			return new JSONResponse([], HTTP::STATUS_NOT_ACCEPTABLE);
+		}
+
+		$this->config->setAppValue('privacy', 'fullDiskEncryptionEnabled', $enabled);
+		return new JSONResponse([], HTTP::STATUS_OK);
+	}
 }

lib/Settings/WhoHasAccessSettings.php

@@ -24,6 +24,8 @@
 use OC;
 use OCA\Theming\ThemingDefaults;
 use OCP\AppFramework\Http\TemplateResponse;
+use OCP\IConfig;
+use OCP\Encryption\IManager as IEncryptionManager;
 use OCP\Settings\ISettings;
 
 /**
@@ -33,6 +35,24 @@
  */
 class WhoHasAccessSettings implements ISettings {
 
+	/** @var IConfig */
+	private $config;
+
+	/** @var IEncryptionManager */
+	private $encryptionManager;
+
+	/**
+	 * WhoHasAccessSettings constructor.
+	 *
+	 * @param IConfig $config
+	 * @param IEncryptionManager $manager
+	 */
+	public function __construct(IConfig $config, IEncryptionManager $manager) {
+		$this->config = $config;
+		$this->encryptionManager = $manager;
+
+	}
+
 	/**
 	 * @return TemplateResponse
 	 */
@@ -44,8 +64,13 @@ public function getForm():TemplateResponse {
 			$privacyPolicyUrl = null;
 		}
 
+		$fullDiskEncryption = $this->config->getAppValue('privacy', 'fullDiskEncryptionEnabled', '0');
+		$serverSideEncryption = $this->encryptionManager->isEnabled();
+
 		return new TemplateResponse('privacy', 'who-has-access', [
 			'privacyPolicyUrl' => $privacyPolicyUrl,
+			'fullDiskEncryptionEnabled' => $fullDiskEncryption,
+			'serverSideEncryptionEnabled' => $serverSideEncryption ? '1' : '0',
 		]);
 	}
 

src/Encryption.vue

@@ -0,0 +1,82 @@
+<template>
+	<div class="who-has-access">
+		<!-- eslint-disable-next-line vue/no-v-html -->
+		<p v-show="!isEditing" v-html="label" />
+		<span v-show="isAdmin && !isEditing" class="icon icon-rename" @click="openEditFullDiskEncryptionForm" />
+		<div v-if="isEditing" v-click-outside="cancelEditFullDiskEncryptionForm">
+			<form>
+				<input id="fullDiskEncryptionEnabledCheckbox" v-model="fullDiskEncryptionEnabled"
+					:disabled="isSavingChanges" type="checkbox" name="fullDiskEncryptionEnabledCheckbox"
+					class="checkbox" @change="saveFullDiskEncryptionForm"
+				>
+				<label for="fullDiskEncryptionEnabledCheckbox">
+					{{ checkboxLabel }}
+				</label>
+			</form>
+		</div>
+	</div>
+</template>
+
+<script>
+import { generateUrl } from 'nextcloud-server/dist/router'
+import HttpClient from 'nextcloud-axios'
+import ClickOutside from 'vue-click-outside'
+
+export default {
+	name: 'Encryption',
+	directives: {
+		ClickOutside
+	},
+	data: () => ({
+		fullDiskEncryptionEnabled: false,
+		serverSideEncryptionEnabled: false,
+		isAdmin: true,
+		isEditing: false,
+		isSavingChanges: false
+	}),
+	computed: {
+		label() {
+			if (!this.serverSideEncryptionEnabled && !this.fullDiskEncryptionEnabled) {
+				return t('privacy', 'Your files are not protected by encryption.')
+			} else if (this.serverSideEncryptionEnabled && !this.fullDiskEncryptionEnabled) {
+				return t('privacy', 'Your files are encrypted with {linkopen}server-side-encryption ↗{linkclose}.')
+					.replace('{linkopen}', '<a href="https://nextcloud.com/blog/encryption-in-nextcloud/" target="_blank" title="" rel="noreferrer noopener">')
+					.replace('{linkclose}', '</a>')
+			} else if (!this.serverSideEncryptionEnabled && this.fullDiskEncryptionEnabled) {
+				return t('privacy', 'This server is protected with full-disk-encryption.')
+			} else {
+				return t('privacy', 'Your files are encrypted with {linkopen}server-side-encryption ↗{linkclose}. Additionally, this server is protected with full-disk-encryption.')
+					.replace('{linkopen}', '<a href="https://nextcloud.com/blog/encryption-in-nextcloud/" target="_blank" title="" rel="noreferrer noopener">')
+					.replace('{linkclose}', '</a>')
+			}
+		},
+		checkboxLabel() {
+			return t('privacy', 'This server is using full-disk-encryption.')
+		}
+	},
+	created() {
+		this.fullDiskEncryptionEnabled = (this.$parent.$el.getAttribute('data-full-disk-encryption') === '1')
+		this.serverSideEncryptionEnabled = (this.$parent.$el.getAttribute('data-server-side-encryption') === '1')
+		this.isAdmin = OC.isUserAdmin()
+	},
+	methods: {
+		openEditFullDiskEncryptionForm() {
+			setTimeout(() => {
+				this.isEditing = true
+			}, 0)
+		},
+		cancelEditFullDiskEncryptionForm() {
+			this.isEditing = false
+		},
+		saveFullDiskEncryptionForm() {
+			const url = generateUrl('/apps/privacy/api/fullDiskEncryption')
+			this.isSavingChanges = true
+
+			HttpClient.post(url, { enabled: this.fullDiskEncryptionEnabled ? '1' : '0' }).then(resp => {
+				this.isSavingChanges = false
+				this.isEditing = false
+			})
+		}
+	}
+}
+</script>

src/main.js

@@ -23,6 +23,7 @@ import Vue from 'vue'
 import { Avatar } from 'nextcloud-vue'
 import Admins from './Admins.vue'
 import Location from './Location.vue'
+import Encryption from './Encryption.vue'
 import Shares from './Shares.vue'
 
 Vue.component('Avatar', Avatar)
@@ -56,5 +57,9 @@ const shares = new Vue({
 	el: '#privacy_access_shares',
 	render: h => h(Shares)
 })
+const encryption = new Vue({
+	el: '#privacy_access_encryption',
+	render: h => h(Encryption)
+})
 
-export default { location, admins, shares }
+export default { location, admins, shares, encryption }

templates/who-has-access.php

@@ -12,4 +12,9 @@
 		<a href="<?php print_unescaped($_['privacyPolicyUrl']) ?>"><?php p($l->t('Read the privacy policy.')) ?></a>
 	</p>
 	<?php endif; ?>
+
+	<h4><?php p($l->t('Encryption')) ?></h4>
+	<div id="privacy_access_encryption"
+		 data-full-disk-encryption="<?php print_unescaped($_['fullDiskEncryptionEnabled']) ?>"
+		 data-server-side-encryption="<?php print_unescaped($_['serverSideEncryptionEnabled']) ?>"></div>
 </div>