Merge pull request #748 from owncloud/expose_group_displayname

[full-ci] Expose group's displayname

Author: jnweiger

appinfo/Migrations/Version20220725070804.php

@@ -0,0 +1,37 @@
+<?php
+namespace OCA\User_LDAP\Migrations;
+
+use OCP\Migration\ISimpleMigration;
+use OCP\Migration\IOutput;
+use OCP\IConfig;
+use OCA\User_LDAP\Helper;
+
+class Version20220725070804 implements ISimpleMigration {
+	/** @var IConfig */
+	private $config;
+	/** @var $helper */
+	private $helper;
+
+	/**
+	 * @param IConfig $config
+	 */
+	public function __construct(IConfig $config, Helper $helper) {
+		$this->config = $config;
+		$this->helper = $helper;
+	}
+	/**
+	 * @param IOutput $out
+	 */
+	public function run(IOutput $out) {
+		$prefixes = $this->helper->getServerConfigurationPrefixes();
+		foreach ($prefixes as $prefix) {
+			$groupnameValue = $this->config->getAppValue('user_ldap', "{$prefix}ldap_expert_groupname_attr", null);
+			if ($groupnameValue === null) {
+				$groupDisplaynameValue = $this->config->getAppValue('user_ldap', "{$prefix}ldap_group_display_name", null);
+				if ($groupDisplaynameValue !== null) {
+					$this->config->setAppValue('user_ldap', "{$prefix}ldap_expert_groupname_attr", $groupDisplaynameValue);
+				}
+			}
+		}
+	}
+}

appinfo/info.xml

@@ -14,7 +14,7 @@ More information is available in the [LDAP User and Group Backend documentation]
 	</description>
 	<licence>AGPL</licence>
 	<author>Jörn Friedrich Dreyer, Tom Needham, Juan Pablo Villafañez Ramos, Dominik Schmidt and Arthur Schiwon</author>
-	<version>0.16.1</version>
+	<version>0.17.0</version>
 	<types>
 		<authentication/>
 	</types>
@@ -25,7 +25,7 @@ More information is available in the [LDAP User and Group Backend documentation]
 	<screenshot>https://raw.githubusercontent.com/owncloud/screenshots/master/user_ldap/ownCloud-app-ldap-user-management.jpg</screenshot>
 	<dependencies>
 		<lib>ldap</lib>
-		<owncloud min-version="10.4" max-version="10" />
+		<owncloud min-version="10.11" max-version="10" />
 	</dependencies>
 
 	<namespace>User_LDAP</namespace>

js/wizard/wizardTabExpert.js

@@ -28,6 +28,10 @@ OCA = OCA || {};
 					$element: $('#ldap_expert_username_attr'),
 					setMethod: 'setUsernameAttribute'
 				},
+				ldap_expert_groupname_attr: {
+					$element: $('#ldap_expert_groupname_attr'),
+					setMethod: 'setGroupnameAttribute'
+				},
 				ldap_expert_uuid_user_attr: {
 					$element: $('#ldap_expert_uuid_user_attr'),
 					setMethod: 'setUserUUIDAttribute'
@@ -73,6 +77,15 @@ OCA = OCA || {};
 			this.setElementValue(this.managedItems.ldap_expert_username_attr.$element, attribute);
 		},
 
+		/**
+		 * sets the attribute to be used to create an ownCloud ID (groupname)
+		 *
+		 * @param {string} attribute
+		 */
+		setGroupnameAttribute: function(attribute) {
+			this.setElementValue(this.managedItems.ldap_expert_groupname_attr.$element, attribute);
+		},
+
 		/**
 		 * sets the attribute that provides an unique identifier per LDAP user
 		 * entry

lib/Access.php

@@ -474,19 +474,18 @@ public function username2dn($name) {
 	 * returns the internal ownCloud name for the given LDAP DN of the group, false on DN outside of search DN or failure
 	 *
 	 * @param string $fdn the dn of the group object
-	 * @param string $ldapName optional, the display name of the object
 	 * @return string|false with the name to use in ownCloud, false on DN outside of search DN
 	 * @throws \OC\ServerNotAvailableException
 	 */
-	public function dn2groupname($fdn, $ldapName = null) {
+	public function dn2groupname($fdn) {
 		//To avoid bypassing the base DN settings under certain circumstances
 		//with the group support, check whether the provided DN matches one of
 		//the given Bases
 		if (!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseGroups)) {
 			return false;
 		}
 
-		return $this->dn2ocname($fdn, $ldapName, false);
+		return $this->dn2ocname($fdn, false);
 	}
 
 	/**
@@ -532,38 +531,36 @@ public function groupsMatchFilter($groupDNs) {
 	 * returns the internal ownCloud name for the given LDAP DN of the user, false on DN outside of search DN or failure
 	 *
 	 * @param string $fdn the dn of the user object
-	 * @param string $ldapName optional, the display name of the object
 	 * @return string|false with with the name to use in ownCloud
 	 * @throws \OC\ServerNotAvailableException
 	 */
-	public function dn2username($fdn, $ldapName = null) {
+	public function dn2username($fdn) {
 		//To avoid bypassing the base DN settings under certain circumstances
 		//with the group support, check whether the provided DN matches one of
 		//the given Bases
 		if (!$this->isDNPartOfBase($fdn, $this->connection->ldapBaseUsers)) {
 			return false;
 		}
 
-		return $this->dn2ocname($fdn, $ldapName, true);
+		return $this->dn2ocname($fdn, true);
 	}
 
 	/**
 	 * returns an internal ownCloud name for the given LDAP DN, false on DN outside of search DN
 	 *
 	 * @param string $fdn the dn of the user object
-	 * @param string $ldapDisplayName optional, the display name of the object
 	 * @param bool $isUser optional, whether it is a user object (otherwise group assumed)
 	 * @return string|false with with the name to use in ownCloud
 	 * @throws \BadMethodCallException
 	 * @throws \OC\ServerNotAvailableException
 	 */
-	public function dn2ocname($fdn, $ldapDisplayName = null, $isUser = true) {
+	public function dn2ocname($fdn, $isUser = true) {
 		if ($isUser) {
 			$mapper = $this->getUserMapper();
-			$displayNameAttribute = $this->connection->ldapUserDisplayName;
+			$nameAttribute = (string)$this->connection->ldapExpertUsernameAttr;
 		} else {
 			$mapper = $this->getGroupMapper();
-			$displayNameAttribute = $this->connection->ldapGroupDisplayName;
+			$nameAttribute = (string)$this->connection->ldapExpertGroupnameAttr;
 		}
 
 		//let's try to retrieve the ownCloud name from the mappings table
@@ -589,29 +586,16 @@ public function dn2ocname($fdn, $ldapDisplayName = null, $isUser = true) {
 			return false;
 		}
 
-		if ($ldapDisplayName === null) {
-			$ldapDisplayName = $this->readAttribute($fdn, $displayNameAttribute);
-			if (!isset($ldapDisplayName[0]) && empty($ldapDisplayName[0])) {
-				\OC::$server->getLogger()->error(
-					"No or empty name for $fdn.",
-					['app' => 'user_ldap']
-				);
-				return false;
-			}
-			$ldapDisplayName = $ldapDisplayName[0];
+		if ($nameAttribute !== '') {
+			$name = $this->readAttribute($fdn, $nameAttribute);
+			$name = $name[0];
+		} else {
+			$name = $uuid;
 		}
 
+		$intName = $name;
 		if ($isUser) {
-			$usernameAttribute = (string)$this->connection->ldapExpertUsernameAttr;
-			if ($usernameAttribute !== '') {
-				$username = $this->readAttribute($fdn, $usernameAttribute);
-				$username = $username[0];
-			} else {
-				$username = $uuid;
-			}
-			$intName = $this->sanitizeUsername($username);
-		} else {
-			$intName = $ldapDisplayName;
+			$intName = $this->sanitizeUsername($name);
 		}
 
 		//a new user/group! Add it only if it doesn't conflict with other backend's users or existing groups
@@ -709,22 +693,10 @@ public function ownCloudGroupNames($ldapGroups) {
 	 * @throws \OC\ServerNotAvailableException
 	 */
 	private function ldap2ownCloudNames($ldapObjects, $isUsers) {
-		if ($isUsers) {
-			$nameAttribute = $this->connection->ldapUserDisplayName;
-			$sndAttribute  = $this->connection->ldapUserDisplayName2;
-		} else {
-			$nameAttribute = $this->connection->ldapGroupDisplayName;
-		}
 		$ownCloudNames = [];
 
 		foreach ($ldapObjects as $ldapObject) {
-			$nameByLDAP = null;
-			if (isset($ldapObject[$nameAttribute][0])) {
-				// might be set, but not necessarily. if so, we use it.
-				$nameByLDAP = $ldapObject[$nameAttribute][0];
-			}
-
-			$ocName = $this->dn2ocname($ldapObject['dn'][0], $nameByLDAP, $isUsers);
+			$ocName = $this->dn2ocname($ldapObject['dn'][0], $isUsers);
 			if ($ocName) {
 				$ownCloudNames[$ldapObject['dn'][0]] = $ocName;
 			}

lib/Configuration.php

@@ -80,6 +80,7 @@
  * @property string $hasMemberOfFilterSupport,
  * @property string $useMemberOfToDetectMembership,
  * @property string $ldapExpertUsernameAttr,
+ * @property string $ldapExpertGroupnameAttr,
  * @property string $ldapExpertUUIDUserAttr,
  * @property string $ldapExpertUUIDGroupAttr,
  * @property string $lastJpegPhotoLookup,
@@ -148,6 +149,7 @@ class Configuration {
 		'hasMemberOfFilterSupport' => false,
 		'useMemberOfToDetectMembership' => true,
 		'ldapExpertUsernameAttr' => null,
+		'ldapExpertGroupnameAttr' => null,
 		'ldapExpertUUIDUserAttr' => null,
 		'ldapExpertUUIDGroupAttr' => null,
 		'lastJpegPhotoLookup' => null,
@@ -546,6 +548,7 @@ public function getDefaults() {
 			'ldap_attributes_for_user_search'   => '',
 			'ldap_attributes_for_group_search'  => '',
 			'ldap_expert_username_attr'         => '',
+			'ldap_expert_groupname_attr'        => '',
 			'ldap_expert_uuid_user_attr'        => '',
 			'ldap_expert_uuid_group_attr'       => '',
 			'has_memberof_filter_support'       => 0,
@@ -605,6 +608,7 @@ public function getConfigTranslationArray() {
 			'ldap_attributes_for_user_search'   => 'ldapAttributesForUserSearch',
 			'ldap_attributes_for_group_search'  => 'ldapAttributesForGroupSearch',
 			'ldap_expert_username_attr'         => 'ldapExpertUsernameAttr',
+			'ldap_expert_groupname_attr'        => 'ldapExpertGroupnameAttr',
 			'ldap_expert_uuid_user_attr'        => 'ldapExpertUUIDUserAttr',
 			'ldap_expert_uuid_group_attr'       => 'ldapExpertUUIDGroupAttr',
 			'has_memberof_filter_support'       => 'hasMemberOfFilterSupport',

lib/Connection.php

@@ -61,6 +61,7 @@
  * @property string $ldapQuotaAttribute
  * @property string $ldapEmailAttribute
  * @property string $ldapExpertUsernameAttr
+ * @property string $ldapExpertGroupnameAttr
  * @property string $homeFolderNamingRule
  * @property array $ldapAttributesForUserSearch
  * @property string $ldapUuidUserAttribute

lib/Group_LDAP.php

@@ -1001,6 +1001,43 @@ public function groupExists($gid) {
 		return true;
 	}
 
+	/**
+	 * Get the details of the target group. The details consist (as of now)
+	 * of the gid and the displayname of the group. More data might be added
+	 * accordingly to the interface.
+	 * The method returns null on error (such as missing displayname, or
+	 * missing group)
+	 * @param string $gid the gid of the group we want to get the details of
+	 * @return array|null an array containing the gid and the displayname such as
+	 * ['gid' => 'abcdef', 'displayname' => 'my group']
+	 */
+	public function getGroupDetails($gid) {
+		$cacheKey = "groupDetails-$gid";
+		$details = $this->access->getConnection()->getFromCache($cacheKey);
+		if ($details !== null) {
+			return $details;
+		}
+
+		$dn = $this->access->groupname2dn($gid);
+		if ($dn === false) {
+			return null;
+		}
+
+		$attr = $this->access->getConnection()->ldapGroupDisplayName;
+		$displayname = $this->access->readAttribute($dn, $attr);
+		if (!\is_array($displayname)) {
+			// displayname attr not found
+			return null;
+		}
+
+		$details = [
+			'gid' => $gid,
+			'displayName' => $displayname[0],
+		];
+		$this->access->getConnection()->writeToCache($cacheKey, $details);
+		return $details;
+	}
+
 	/**
 	* Check if backend implements actions
 	* @param int $actions bitwise-or'ed actions
@@ -1010,7 +1047,7 @@ public function groupExists($gid) {
 	* compared with OC_USER_BACKEND_CREATE_USER etc.
 	*/
 	public function implementsActions($actions) {
-		return (bool)(\OC\Group\Backend::COUNT_USERS & $actions);
+		return (bool)((\OC\Group\Backend::COUNT_USERS | \OC\Group\Backend::GROUP_DETAILS) & $actions);
 	}
 
 	/**

lib/Group_Proxy.php

@@ -207,6 +207,9 @@ public function groupExists($gid) {
 		return $this->handleRequest($gid, 'groupExists', [$gid]);
 	}
 
+	public function getGroupDetails($gid) {
+		return $this->handleRequest($gid, 'getGroupDetails', [$gid]);
+	}
 	/**
 	 * Check if backend implements actions
 	 * @param int $actions bitwise-or'ed actions

lib/User/IUserTools.php

@@ -33,7 +33,7 @@ public function getConnection();
 
 	public function readAttribute($dn, $attr, $filter = 'objectClass=*');
 
-	public function dn2username($dn, $ldapname = null);
+	public function dn2username($dn);
 
 	/**
 	 * returns the LDAP DN for the given internal ownCloud name of the user

templates/settings.php

@@ -290,6 +290,14 @@
 					<input type="text" id="ldap_expert_username_attr" name="ldap_expert_username_attr" data-default="<?php p($_['ldap_expert_username_attr_default']); ?>" />
 				</div>
 			</section>
+			<section>
+				<h3><?php p($l->t('Internal Groupname')); ?></h3>
+				<p><?php p($l->t('The internal groupname is used to uniquely identify the group. It has the same restrictions as the internal username, in particular, the group name must be immutable and unique. By default, the UUID will be used. This internal groupname won\'t likely by visible because a displayname attribute is intended to be used to show the group.')); ?></p>
+				<div class="tablerow">
+					<label for="ldap_expert_groupname_attr"><?php p($l->t('Internal Groupname Attribute:')); ?></label>
+					<input type="text" id="ldap_expert_groupname_attr" name="ldap_expert_groupname_attr" data-default="<?php p($_['ldap_expert_groupname_attr_default']); ?>" />
+				</div>
+			</section>
 			<section>
 				<h3><?php p($l->t('Override UUID detection')); ?></h3>
 				<p><?php p($l->t('By default, the UUID attribute is automatically detected. The UUID attribute is used to doubtlessly identify LDAP users and groups. Also, the internal username will be created based on the UUID, if not specified otherwise above. You can override the setting and pass an attribute of your choice. You must make sure that the attribute of your choice can be fetched for both users and groups and it is unique. Leave it empty for default behavior. Changes will have effect only on newly mapped (added) LDAP users and groups.')); ?></p>