Add ldap:reset-group command to unmap groups from LDAP

Signed-off-by: Côme Chilliet <[email protected]>
nextcloud · blizzz · Apr 5, 2022 · Mar 22, 2022 · Mar 22, 2022 · Mar 30, 2022
commit 77bdad84c21f2d836b778a2741eb8e8512ee19eb
@@ -50,6 +50,7 @@ A user logs into Nextcloud with their LDAP or AD credentials, and is granted acc
 		<command>OCA\User_LDAP\Command\CheckUser</command>
 		<command>OCA\User_LDAP\Command\CreateEmptyConfig</command>
 		<command>OCA\User_LDAP\Command\DeleteConfig</command>
+		<command>OCA\User_LDAP\Command\ResetGroup</command>
 		<command>OCA\User_LDAP\Command\ResetUser</command>
 		<command>OCA\User_LDAP\Command\Search</command>
 		<command>OCA\User_LDAP\Command\SetConfig</command>

@@ -14,6 +14,7 @@
     'OCA\\User_LDAP\\Command\\CheckUser' => $baseDir . '/../lib/Command/CheckUser.php',
     'OCA\\User_LDAP\\Command\\CreateEmptyConfig' => $baseDir . '/../lib/Command/CreateEmptyConfig.php',
     'OCA\\User_LDAP\\Command\\DeleteConfig' => $baseDir . '/../lib/Command/DeleteConfig.php',
+    'OCA\\User_LDAP\\Command\\ResetGroup' => $baseDir . '/../lib/Command/ResetGroup.php',
     'OCA\\User_LDAP\\Command\\ResetUser' => $baseDir . '/../lib/Command/ResetUser.php',
     'OCA\\User_LDAP\\Command\\Search' => $baseDir . '/../lib/Command/Search.php',
     'OCA\\User_LDAP\\Command\\SetConfig' => $baseDir . '/../lib/Command/SetConfig.php',

@@ -29,6 +29,7 @@ class ComposerStaticInitUser_LDAP
         'OCA\\User_LDAP\\Command\\CheckUser' => __DIR__ . '/..' . '/../lib/Command/CheckUser.php',
         'OCA\\User_LDAP\\Command\\CreateEmptyConfig' => __DIR__ . '/..' . '/../lib/Command/CreateEmptyConfig.php',
         'OCA\\User_LDAP\\Command\\DeleteConfig' => __DIR__ . '/..' . '/../lib/Command/DeleteConfig.php',
+        'OCA\\User_LDAP\\Command\\ResetGroup' => __DIR__ . '/..' . '/../lib/Command/ResetGroup.php',
         'OCA\\User_LDAP\\Command\\ResetUser' => __DIR__ . '/..' . '/../lib/Command/ResetUser.php',
         'OCA\\User_LDAP\\Command\\Search' => __DIR__ . '/..' . '/../lib/Command/Search.php',
         'OCA\\User_LDAP\\Command\\SetConfig' => __DIR__ . '/..' . '/../lib/Command/SetConfig.php',

@@ -26,9 +26,9 @@
 use OCP\GroupInterface;
 
 class GroupPluginManager {
-	private $respondToActions = 0;
+	private int $respondToActions = 0;
 
-	private $which = [
+	private array $which = [
 		GroupInterface::CREATE_GROUP => null,
 		GroupInterface::DELETE_GROUP => null,
 		GroupInterface::ADD_TO_GROUP => null,
@@ -37,6 +37,8 @@ class GroupPluginManager {
 		GroupInterface::GROUP_DETAILS => null
 	];
 
+	private bool $suppressDeletion = false;
+
 	/**
 	 * @return int All implemented actions
 	 */
@@ -84,6 +86,19 @@ public function createGroup($gid) {
 		throw new \Exception('No plugin implements createGroup in this LDAP Backend.');
 	}
 
+	public function canDeleteGroup(): bool {
+		return !$this->suppressDeletion && ($this->which[GroupInterface::DELETE_GROUP] !== null);
+	}
+
+	/**
+	 * @return bool – the value before the change
+	 */
+	public function setSuppressDeletion(bool $value): bool {
+		$old = $this->suppressDeletion;
+		$this->suppressDeletion = $value;
+		return $old;
+	}
+
 	/**
 	 * Delete a group
 	 * @param string $gid Group Id of the group to delete
@@ -94,6 +109,9 @@ public function deleteGroup($gid) {
 		$plugin = $this->which[GroupInterface::DELETE_GROUP];
 
 		if ($plugin) {
+			if ($this->suppressDeletion) {
+				return false;
+			}
 			return $plugin->deleteGroup($gid);
 		}
 		throw new \Exception('No plugin implements deleteGroup in this LDAP Backend.');

@@ -48,10 +48,11 @@
 use OC\Cache\CappedMemoryCache;
 use OC\ServerNotAvailableException;
 use OCP\Group\Backend\IGetDisplayNameBackend;
+use OCP\Group\Backend\IDeleteGroupBackend;
 use OCP\GroupInterface;
 use Psr\Log\LoggerInterface;
 
-class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, IGetDisplayNameBackend {
+class Group_LDAP extends BackendUtility implements GroupInterface, IGroupLDAP, IGetDisplayNameBackend, IDeleteGroupBackend {
 	protected $enabled = false;
 
 	/** @var string[][] $cachedGroupMembers array of users with gid as key */
@@ -1204,6 +1205,7 @@ protected function filterValidGroups(array $listOfGroups): array {
 	 */
 	public function implementsActions($actions) {
 		return (bool)((GroupInterface::COUNT_USERS |
+				GroupInterface::DELETE_GROUP |
 				$this->groupPluginManager->getImplementedActions()) & $actions);
 	}
 
@@ -1249,19 +1251,32 @@ public function createGroup($gid) {
 	 * delete a group
 	 *
 	 * @param string $gid gid of the group to delete
-	 * @return bool
 	 * @throws Exception
 	 */
-	public function deleteGroup($gid) {
-		if ($this->groupPluginManager->implementsActions(GroupInterface::DELETE_GROUP)) {
+	public function deleteGroup(string $gid): bool {
+		if ($this->groupPluginManager->canDeleteGroup()) {
 			if ($ret = $this->groupPluginManager->deleteGroup($gid)) {
-				#delete group in nextcloud internal db
+				// Delete group in nextcloud internal db
 				$this->access->getGroupMapper()->unmap($gid);
 				$this->access->connection->writeToCache("groupExists" . $gid, false);
 			}
 			return $ret;
 		}
-		throw new Exception('Could not delete group in LDAP backend.');
+
+		// Getting dn, if false the group is not mapped
+		$dn = $this->access->groupname2dn($gid);
+		if (!$dn) {
+			throw new Exception('Could not delete unknown group '.$gid.' in LDAP backend.');
+		}
+
+		if (!$this->groupExists($gid)) {
+			// The group does not exist in the LDAP, remove the mapping
+			$this->access->getGroupMapper()->unmap($gid);
+			$this->access->connection->writeToCache("groupExists" . $gid, false);
+			return true;
+		}
+
+		throw new Exception('Could not delete existing group '.$gid.' in LDAP backend.');
 	}
 
 	/**

@@ -28,10 +28,11 @@
  */
 namespace OCA\User_LDAP;
 
-use OCP\Group\Backend\INamedBackend;
+use OCP\Group\Backend\IDeleteGroupBackend;
 use OCP\Group\Backend\IGetDisplayNameBackend;
+use OCP\Group\Backend\INamedBackend;
 
-class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend, INamedBackend {
+class Group_Proxy extends Proxy implements \OCP\GroupInterface, IGroupLDAP, IGetDisplayNameBackend, INamedBackend, IDeleteGroupBackend {
 	private $backends = [];
 	private $refBackend = null;
 
@@ -171,11 +172,8 @@ public function createGroup($gid) {
 
 	/**
 	 * delete a group
-	 *
-	 * @param string $gid gid of the group to delete
-	 * @return bool
 	 */
-	public function deleteGroup($gid) {
+	public function deleteGroup(string $gid): bool {
 		return $this->handleRequest(
 			$gid, 'deleteGroup', [$gid]);
 	}

@@ -28,9 +28,9 @@
 use OC\User\Backend;
 
 class UserPluginManager {
-	private $respondToActions = 0;
+	private int $respondToActions = 0;
 
-	private $which = [
+	private array $which = [
 		Backend::CREATE_USER => null,
 		Backend::SET_PASSWORD => null,
 		Backend::GET_HOME => null,
@@ -41,8 +41,7 @@ class UserPluginManager {
 		'deleteUser' => null
 	];
 
-	/** @var bool */
-	private $suppressDeletion = false;
+	private bool $suppressDeletion = false;
 
 	/**
 	 * @return int All implemented actions, except for 'deleteUser'

@@ -61,7 +61,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 			$output->writeln('<error>Group "' . $gid . '" could not be deleted.</error>');
 			return 1;
 		}
-		if (! $this->groupManager->groupExists($gid)) {
+		if (!$this->groupManager->groupExists($gid)) {
 			$output->writeln('<error>Group "' . $gid . '" does not exist.</error>');
 			return 1;
 		}