nextcloud /
server
| Total Complexity | 71 |
| Total Lines | 323 |
| Duplicated Lines | 0 % |
| Changes | 2 | ||
| Bugs | 2 | Features | 0 |
Complex classes like SystemAddressbook often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.
Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.
While breaking up the class, it is a good idea to analyze how other classes use SystemAddressbook, and based on these observations, apply Extract Interface, too.
| 1 | <?php |
||
| 51 | class SystemAddressbook extends AddressBook { |
||
| 52 | public const URI_SHARED = 'z-server-generated--system'; |
||
| 53 | /** @var IConfig */ |
||
| 54 | private $config; |
||
| 55 | private IUserSession $userSession; |
||
| 56 | private ?TrustedServers $trustedServers; |
||
| 57 | private ?IRequest $request; |
||
| 58 | private ?IGroupManager $groupManager; |
||
| 59 | |||
| 60 | public function __construct(BackendInterface $carddavBackend, |
||
| 61 | array $addressBookInfo, |
||
| 62 | IL10N $l10n, |
||
| 63 | IConfig $config, |
||
| 64 | IUserSession $userSession, |
||
| 65 | ?IRequest $request = null, |
||
| 66 | ?TrustedServers $trustedServers = null, |
||
| 67 | ?IGroupManager $groupManager) { |
||
| 68 | parent::__construct($carddavBackend, $addressBookInfo, $l10n); |
||
| 69 | $this->config = $config; |
||
| 70 | $this->userSession = $userSession; |
||
| 71 | $this->request = $request; |
||
| 72 | $this->trustedServers = $trustedServers; |
||
| 73 | $this->groupManager = $groupManager; |
||
| 74 | |||
| 75 | $this->addressBookInfo['{DAV:}displayname'] = $l10n->t('Accounts'); |
||
| 76 | $this->addressBookInfo['{' . Plugin::NS_CARDDAV . '}addressbook-description'] = $l10n->t('System address book which holds all accounts'); |
||
| 77 | } |
||
| 78 | |||
| 79 | /** |
||
| 80 | * No checkbox checked -> Show only the same user |
||
| 81 | * 'Allow username autocompletion in share dialog' -> show everyone |
||
| 82 | * 'Allow username autocompletion in share dialog' + 'Allow username autocompletion to users within the same groups' -> show only users in intersecting groups |
||
| 83 | * 'Allow username autocompletion in share dialog' + 'Allow username autocompletion to users based on phone number integration' -> show only the same user |
||
| 84 | * 'Allow username autocompletion in share dialog' + 'Allow username autocompletion to users within the same groups' + 'Allow username autocompletion to users based on phone number integration' -> show only users in intersecting groups |
||
| 85 | */ |
||
| 86 | public function getChildren() { |
||
| 126 | }); |
||
| 127 | } |
||
| 128 | |||
| 129 | /** |
||
| 130 | * @param array $paths |
||
| 131 | * @return Card[] |
||
| 132 | * @throws NotFound |
||
| 133 | */ |
||
| 134 | public function getMultipleChildren($paths): array { |
||
| 135 | $shareEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; |
||
| 136 | $shareEnumerationGroup = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; |
||
| 137 | $shareEnumerationPhone = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; |
||
| 138 | if (!$shareEnumeration || (!$shareEnumerationGroup && $shareEnumerationPhone)) { |
||
| 139 | $user = $this->userSession->getUser(); |
||
| 140 | // No user or cards with no access |
||
| 141 | if ($user === null || !in_array(SyncService::getCardUri($user), $paths, true)) { |
||
| 142 | return []; |
||
| 143 | } |
||
| 144 | // Only return the own card |
||
| 145 | try { |
||
| 146 | return [parent::getChild(SyncService::getCardUri($user))]; |
||
| 147 | } catch (NotFound $e) { |
||
| 148 | return []; |
||
| 149 | } |
||
| 150 | } |
||
| 151 | if ($shareEnumerationGroup) { |
||
| 152 | $user = $this->userSession->getUser(); |
||
| 153 | if ($this->groupManager === null || $user === null) { |
||
| 154 | // Group manager or user is not available, so we can't determine which data is safe |
||
| 155 | return []; |
||
| 156 | } |
||
| 157 | $groups = $this->groupManager->getUserGroups($user); |
||
| 158 | $allowedNames = []; |
||
| 159 | foreach ($groups as $group) { |
||
| 160 | $users = $group->getUsers(); |
||
| 161 | foreach ($users as $groupUser) { |
||
| 162 | if ($groupUser->getBackendClassName() === 'Guests') { |
||
| 163 | continue; |
||
| 164 | } |
||
| 165 | $allowedNames[] = SyncService::getCardUri($groupUser); |
||
| 166 | } |
||
| 167 | } |
||
| 168 | return parent::getMultipleChildren(array_intersect($paths, $allowedNames)); |
||
| 169 | } |
||
| 170 | if (!$this->isFederation()) { |
||
| 171 | return parent::getMultipleChildren($paths); |
||
| 172 | } |
||
| 173 | |||
| 174 | $objs = $this->carddavBackend->getMultipleCards($this->addressBookInfo['id'], $paths); |
||
| 175 | $children = []; |
||
| 176 | /** @var array $obj */ |
||
| 177 | foreach ($objs as $obj) { |
||
| 178 | if (empty($obj)) { |
||
| 179 | continue; |
||
| 180 | } |
||
| 181 | $carddata = $this->extractCarddata($obj); |
||
| 182 | if (empty($carddata)) { |
||
| 183 | continue; |
||
| 184 | } else { |
||
| 185 | $obj['carddata'] = $carddata; |
||
| 186 | } |
||
| 187 | $children[] = new Card($this->carddavBackend, $this->addressBookInfo, $obj); |
||
| 188 | } |
||
| 189 | return $children; |
||
| 190 | } |
||
| 191 | |||
| 192 | /** |
||
| 193 | * @param string $name |
||
| 194 | * @return Card |
||
| 195 | * @throws NotFound |
||
| 196 | * @throws Forbidden |
||
| 197 | */ |
||
| 198 | public function getChild($name): Card { |
||
| 199 | $shareEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; |
||
| 200 | $shareEnumerationGroup = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes'; |
||
| 201 | $shareEnumerationPhone = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes'; |
||
| 202 | if (!$shareEnumeration || (!$shareEnumerationGroup && $shareEnumerationPhone)) { |
||
| 203 | $currentUser = $this->userSession->getUser(); |
||
| 204 | $ownName = $currentUser !== null ? SyncService::getCardUri($currentUser) : null; |
||
| 205 | if ($ownName === $name) { |
||
| 206 | return parent::getChild($name); |
||
| 207 | } |
||
| 208 | throw new Forbidden(); |
||
| 209 | } |
||
| 210 | if ($shareEnumerationGroup) { |
||
| 211 | $user = $this->userSession->getUser(); |
||
| 212 | if ($user === null || $this->groupManager === null) { |
||
| 213 | // Group manager is not available, so we can't determine which data is safe |
||
| 214 | throw new Forbidden(); |
||
| 215 | } |
||
| 216 | $groups = $this->groupManager->getUserGroups($user); |
||
| 217 | foreach ($groups as $group) { |
||
| 218 | foreach ($group->getUsers() as $groupUser) { |
||
| 219 | if ($groupUser->getBackendClassName() === 'Guests') { |
||
| 220 | continue; |
||
| 221 | } |
||
| 222 | $otherName = SyncService::getCardUri($groupUser); |
||
| 223 | if ($otherName === $name) { |
||
| 224 | return parent::getChild($name); |
||
| 225 | } |
||
| 226 | } |
||
| 227 | } |
||
| 228 | throw new Forbidden(); |
||
| 229 | } |
||
| 230 | if (!$this->isFederation()) { |
||
| 231 | return parent::getChild($name); |
||
| 232 | } |
||
| 233 | |||
| 234 | $obj = $this->carddavBackend->getCard($this->addressBookInfo['id'], $name); |
||
| 235 | if (!$obj) { |
||
| 236 | throw new NotFound('Card not found'); |
||
| 237 | } |
||
| 238 | $carddata = $this->extractCarddata($obj); |
||
| 239 | if (empty($carddata)) { |
||
| 240 | throw new Forbidden(); |
||
| 241 | } else { |
||
| 242 | $obj['carddata'] = $carddata; |
||
| 243 | } |
||
| 244 | return new Card($this->carddavBackend, $this->addressBookInfo, $obj); |
||
| 245 | } |
||
| 246 | |||
| 247 | /** |
||
| 248 | * @throws UnsupportedLimitOnInitialSyncException |
||
| 249 | */ |
||
| 250 | public function getChanges($syncToken, $syncLevel, $limit = null) { |
||
| 295 | } |
||
| 296 | |||
| 297 | private function isFederation(): bool { |
||
| 298 | if ($this->trustedServers === null || $this->request === null) { |
||
| 299 | return false; |
||
| 300 | } |
||
| 301 | |||
| 302 | /** @psalm-suppress NoInterfaceProperties */ |
||
| 303 | $server = $this->request->server; |
||
| 304 | if (!isset($server['PHP_AUTH_USER']) || $server['PHP_AUTH_USER'] !== 'system') { |
||
| 305 | return false; |
||
| 306 | } |
||
| 307 | |||
| 308 | /** @psalm-suppress NoInterfaceProperties */ |
||
| 309 | $sharedSecret = $server['PHP_AUTH_PW'] ?? null; |
||
| 310 | if ($sharedSecret === null) { |
||
| 311 | return false; |
||
| 312 | } |
||
| 313 | |||
| 314 | $servers = $this->trustedServers->getServers(); |
||
| 315 | $trusted = array_filter($servers, function ($trustedServer) use ($sharedSecret) { |
||
| 316 | return $trustedServer['shared_secret'] === $sharedSecret; |
||
| 317 | }); |
||
| 318 | // Authentication is fine, but it's not for a federated share |
||
| 319 | if (empty($trusted)) { |
||
| 320 | return false; |
||
| 321 | } |
||
| 322 | |||
| 323 | return true; |
||
| 324 | } |
||
| 325 | |||
| 326 | /** |
||
| 327 | * If the validation doesn't work the card is "not found" so we |
||
| 328 | * return empty carddata even if the carddata might exist in the local backend. |
||
| 329 | * This can happen when a user sets the required properties |
||
| 330 | * FN, N to a local scope only but the request is from |
||
| 331 | * a federated share. |
||
| 332 | * |
||
| 333 | * @see https://github.com/nextcloud/server/issues/38042 |
||
| 334 | * |
||
| 335 | * @param array $obj |
||
| 336 | * @return string|null |
||
| 337 | */ |
||
| 338 | private function extractCarddata(array $obj): ?string { |
||
| 339 | $obj['acl'] = $this->getChildACL(); |
||
| 340 | $cardData = $obj['carddata']; |
||
| 341 | /** @var VCard $vCard */ |
||
| 342 | $vCard = Reader::read($cardData); |
||
| 343 | foreach ($vCard->children() as $child) { |
||
| 344 | $scope = $child->offsetGet('X-NC-SCOPE'); |
||
| 345 | if ($scope !== null && $scope->getValue() === IAccountManager::SCOPE_LOCAL) { |
||
| 346 | $vCard->remove($child); |
||
| 347 | } |
||
| 348 | } |
||
| 349 | $messages = $vCard->validate(); |
||
| 350 | if (!empty($messages)) { |
||
| 351 | return null; |
||
| 352 | } |
||
| 353 | |||
| 354 | return $vCard->serialize(); |
||
| 355 | } |
||
| 356 | |||
| 357 | /** |
||
| 358 | * @return mixed |
||
| 359 | * @throws Forbidden |
||
| 360 | */ |
||
| 361 | public function delete() { |
||
| 366 | } |
||
| 367 | |||
| 368 | public function getACL() { |
||
| 374 | }); |
||
| 375 | } |
||
| 377 |
Loading history...
Let?s assume that you have a directory layout like this:
. |-- OtherDir | |-- Bar.php | `-- Foo.php `-- SomeDir `-- Foo.phpand let?s assume the following content of
Bar.php:If both files
OtherDir/Foo.phpandSomeDir/Foo.phpare loaded in the same runtime, you will see a PHP error such as the following:PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.phpHowever, as
OtherDir/Foo.phpdoes not necessarily have to be loaded and the error is only triggered if it is loaded beforeOtherDir/Bar.php, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: