Skip to content

Commit b5b1e4e

Browse files
committed
Move admin-only routes to administration scope when default only
Signed-off-by: Joas Schilling <coding@schilljs.com>
1 parent 52198a2 commit b5b1e4e

6 files changed

Lines changed: 145 additions & 23 deletions

File tree

generate-spec

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -346,6 +346,8 @@ foreach ($parsedRoutes as $key => $value) {
346346
if (empty($scopes)) {
347347
if (!empty($controllerScopes)) {
348348
$scopes = $controllerScopes;
349+
} else if ($isAdmin) {
350+
$scopes = ['administration'];
349351
} else {
350352
$scopes = ['default'];
351353
}

tests/appinfo/routes.php

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -29,8 +29,10 @@
2929
['name' => 'Settings#federationByController', 'url' => '/api/{apiVersion}/controller-scope', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
3030
['name' => 'Settings#ignoreByMethod', 'url' => '/api/{apiVersion}/ignore-method', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
3131
['name' => 'Settings#defaultScope', 'url' => '/api/{apiVersion}/settings', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
32-
['name' => 'Settings#defaultAdminScope', 'url' => '/api/{apiVersion}/default-admin', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
3332
['name' => 'Settings#adminScope', 'url' => '/api/{apiVersion}/admin', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
3433
['name' => 'Settings#doubleScope', 'url' => '/api/{apiVersion}/double', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
34+
35+
['name' => 'Settings2#defaultAdminScopeOverwritten', 'url' => '/api/{apiVersion}/default-admin-overwritten', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
36+
['name' => 'Settings2#defaultAdminScope', 'url' => '/api/{apiVersion}/default-admin', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
3537
],
3638
];
Lines changed: 58 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,58 @@
1+
<?php
2+
3+
declare(strict_types=1);
4+
5+
/**
6+
* @copyright Copyright (c) 2021, Julien Barnoin <julien@barnoin.com>
7+
*
8+
* @author Julien Barnoin <julien@barnoin.com>
9+
*
10+
* @license AGPL-3.0-or-later
11+
*
12+
* This program is free software: you can redistribute it and/or modify
13+
* it under the terms of the GNU Affero General Public License as
14+
* published by the Free Software Foundation, either version 3 of the
15+
* License, or (at your option) any later version.
16+
*
17+
* This program is distributed in the hope that it will be useful,
18+
* but WITHOUT ANY WARRANTY; without even the implied warranty of
19+
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20+
* GNU Affero General Public License for more details.
21+
*
22+
* You should have received a copy of the GNU Affero General Public License
23+
* along with this program. If not, see <http://www.gnu.org/licenses/>.
24+
*
25+
*/
26+
27+
namespace OCA\Notifications\Controller;
28+
29+
use OCA\Notifications\ResponseDefinitions;
30+
use OCP\AppFramework\Http;
31+
use OCP\AppFramework\Http\Attribute\OpenAPI;
32+
use OCP\AppFramework\Http\DataResponse;
33+
use OCP\AppFramework\OCSController;
34+
35+
class Settings2Controller extends OCSController {
36+
/**
37+
* Route is only in the admin scope because there is no "NoAdminRequired" annotation or attribute
38+
*
39+
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
40+
*
41+
* 200: Personal settings updated
42+
*/
43+
public function defaultAdminScope(): DataResponse {
44+
return new DataResponse();
45+
}
46+
47+
/**
48+
* Route is only in the admin scope because there is no "NoAdminRequired" annotation or attribute
49+
*
50+
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
51+
*
52+
* 200: Personal settings updated
53+
*/
54+
#[OpenAPI]
55+
public function defaultAdminScopeOverwritten(): DataResponse {
56+
return new DataResponse();
57+
}
58+
}

tests/lib/Controller/SettingsController.php

Lines changed: 0 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -79,18 +79,6 @@ public function defaultScope(): DataResponse {
7979
return new DataResponse();
8080
}
8181

82-
/**
83-
* Route is only in the admin scope because there is no "NoAdminRequired" annotation or attribute
84-
*
85-
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
86-
*
87-
* 200: Personal settings updated
88-
*/
89-
#[OpenAPI]
90-
public function defaultAdminScope(): DataResponse {
91-
return new DataResponse();
92-
}
93-
9482
/**
9583
* @NoAdminRequired
9684
*

tests/openapi-administration.json

Lines changed: 72 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -209,6 +209,78 @@
209209
}
210210
}
211211
}
212+
},
213+
"/ocs/v2.php/apps/notifications/api/{apiVersion}/default-admin": {
214+
"post": {
215+
"operationId": "settings2-default-admin-scope",
216+
"summary": "Route is only in the admin scope because there is no \"NoAdminRequired\" annotation or attribute",
217+
"description": "This endpoint requires admin access",
218+
"tags": [
219+
"settings2"
220+
],
221+
"security": [
222+
{
223+
"bearer_auth": []
224+
},
225+
{
226+
"basic_auth": []
227+
}
228+
],
229+
"parameters": [
230+
{
231+
"name": "apiVersion",
232+
"in": "path",
233+
"required": true,
234+
"schema": {
235+
"type": "string",
236+
"enum": [
237+
"v2"
238+
],
239+
"default": "v2"
240+
}
241+
},
242+
{
243+
"name": "OCS-APIRequest",
244+
"in": "header",
245+
"description": "Required to be true for the API request to pass",
246+
"required": true,
247+
"schema": {
248+
"type": "boolean",
249+
"default": true
250+
}
251+
}
252+
],
253+
"responses": {
254+
"200": {
255+
"description": "Personal settings updated",
256+
"content": {
257+
"application/json": {
258+
"schema": {
259+
"type": "object",
260+
"required": [
261+
"ocs"
262+
],
263+
"properties": {
264+
"ocs": {
265+
"type": "object",
266+
"required": [
267+
"meta",
268+
"data"
269+
],
270+
"properties": {
271+
"meta": {
272+
"$ref": "#/components/schemas/OCSMeta"
273+
},
274+
"data": {}
275+
}
276+
}
277+
}
278+
}
279+
}
280+
}
281+
}
282+
}
283+
}
212284
}
213285
},
214286
"tags": []

tests/openapi.json

Lines changed: 10 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -118,11 +118,10 @@
118118
}
119119
}
120120
},
121-
"/ocs/v2.php/apps/notifications/api/{apiVersion}/default-admin": {
121+
"/ocs/v2.php/apps/notifications/api/{apiVersion}/double": {
122122
"post": {
123-
"operationId": "settings-default-admin-scope",
124-
"summary": "Route is only in the admin scope because there is no \"NoAdminRequired\" annotation or attribute",
125-
"description": "This endpoint requires admin access",
123+
"operationId": "settings-double-scope",
124+
"summary": "Route is in admin and default scope",
126125
"tags": [
127126
"settings"
128127
],
@@ -160,7 +159,7 @@
160159
],
161160
"responses": {
162161
"200": {
163-
"description": "Personal settings updated",
162+
"description": "Admin settings updated",
164163
"content": {
165164
"application/json": {
166165
"schema": {
@@ -190,12 +189,13 @@
190189
}
191190
}
192191
},
193-
"/ocs/v2.php/apps/notifications/api/{apiVersion}/double": {
192+
"/ocs/v2.php/apps/notifications/api/{apiVersion}/default-admin-overwritten": {
194193
"post": {
195-
"operationId": "settings-double-scope",
196-
"summary": "Route is in admin and default scope",
194+
"operationId": "settings2-default-admin-scope-overwritten",
195+
"summary": "Route is only in the admin scope because there is no \"NoAdminRequired\" annotation or attribute",
196+
"description": "This endpoint requires admin access",
197197
"tags": [
198-
"settings"
198+
"settings2"
199199
],
200200
"security": [
201201
{
@@ -231,7 +231,7 @@
231231
],
232232
"responses": {
233233
"200": {
234-
"description": "Admin settings updated",
234+
"description": "Personal settings updated",
235235
"content": {
236236
"application/json": {
237237
"schema": {

0 commit comments

Comments
 (0)