Skip to content

Commit 5b5550d

Browse files
nickvergessennickvergessen
authored
Merge pull request #20677 from nextcloud/followup/17718/scaling-user-provisioning
Scaling user provisioning for subadmins with many groups
2 parents 2139b29 + e24e9ec commit 5b5550d

2 files changed

Lines changed: 27 additions & 13 deletions

File tree

apps/provisioning_api/lib/Controller/UsersController.php

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -504,8 +504,8 @@ public function editUser(string $userId, string $key, string $value): DataRespon
504504
} else {
505505
// Check if admin / subadmin
506506
$subAdminManager = $this->groupManager->getSubAdmin();
507-
if ($subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)
508-
|| $this->groupManager->isAdmin($currentLoggedInUser->getUID())) {
507+
if ($this->groupManager->isAdmin($currentLoggedInUser->getUID())
508+
|| $subAdminManager->isUserAccessible($currentLoggedInUser, $targetUser)) {
509509
// They have permissions over the user
510510
$permittedFields[] = 'display';
511511
$permittedFields[] = AccountManager::PROPERTY_DISPLAYNAME;

lib/private/SubAdmin.php

Lines changed: 25 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -110,6 +110,25 @@ public function deleteSubAdmin(IUser $user, IGroup $group): void {
110110
* @return IGroup[]
111111
*/
112112
public function getSubAdminsGroups(IUser $user): array {
113+
$groupIds = $this->getSubAdminsGroupIds($user);
114+
115+
$groups = [];
116+
foreach ($groupIds as $groupId) {
117+
$group = $this->groupManager->get($groupId);
118+
if ($group !== null) {
119+
$groups[$group->getGID()] = $group;
120+
}
121+
}
122+
123+
return $groups;
124+
}
125+
126+
/**
127+
* Get group ids of a SubAdmin
128+
* @param IUser $user the SubAdmin
129+
* @return string[]
130+
*/
131+
public function getSubAdminsGroupIds(IUser $user): array {
113132
$qb = $this->dbConn->getQueryBuilder();
114133

115134
$result = $qb->select('gid')
@@ -119,10 +138,7 @@ public function getSubAdminsGroups(IUser $user): array {
119138

120139
$groups = [];
121140
while ($row = $result->fetch()) {
122-
$group = $this->groupManager->get($row['gid']);
123-
if (!is_null($group)) {
124-
$groups[$group->getGID()] = $group;
125-
}
141+
$groups[] = $row['gid'];
126142
}
127143
$result->closeCursor();
128144

@@ -255,13 +271,11 @@ public function isUserAccessible(IUser $subadmin, IUser $user): bool {
255271
if ($this->groupManager->isAdmin($user->getUID())) {
256272
return false;
257273
}
258-
$accessibleGroups = $this->getSubAdminsGroups($subadmin);
259-
foreach ($accessibleGroups as $accessibleGroup) {
260-
if ($accessibleGroup->inGroup($user)) {
261-
return true;
262-
}
263-
}
264-
return false;
274+
275+
$accessibleGroups = $this->getSubAdminsGroupIds($subadmin);
276+
$userGroups = $this->groupManager->getUserGroupIds($user);
277+
278+
return !empty(array_intersect($accessibleGroups, $userGroups));
265279
}
266280

267281
/**

0 commit comments

Comments
 (0)