From abd0650390e97e38c2e8ec6fada2a2ab083aebee Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Szymon=20K=C5=82os?= <szymon.klos@collabora.com>
Date: Mon, 10 Jun 2024 18:58:47 +0200
Subject: [PATCH] ServerAudit: use IsAdminUser property
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

and set old is_admin inside UserExtraInfo as deprecated

Signed-off-by: Szymon Kłos <szymon.klos@collabora.com>
Change-Id: I93e6eb72a7062932e129e2f3973215cf10d83702
---
 browser/src/control/Control.ServerAuditDialog.ts | 15 +++++++++++----
 wsd/DocumentBroker.cpp                           |  4 ++--
 wsd/wopi/WopiStorage.cpp                         | 10 ++++++++++
 wsd/wopi/WopiStorage.hpp                         |  8 ++++++++
 4 files changed, 31 insertions(+), 6 deletions(-)

diff --git a/browser/src/control/Control.ServerAuditDialog.ts b/browser/src/control/Control.ServerAuditDialog.ts
index f6692ae1afbcf..50b680321d062 100644
--- a/browser/src/control/Control.ServerAuditDialog.ts
+++ b/browser/src/control/Control.ServerAuditDialog.ts
@@ -25,11 +25,18 @@ class ServerAuditDialog {
 		this.errorCodes = {
 			is_admin: {
 				missing: [
-					_('The is_admin user property is not set'),
-					'SDK: userextrainfo',
-					'https://sdk.collaboraonline.com/docs/advanced_integration.html?highlight=userprivateinfo#userextrainfo',
+					_('The IsAdminUser property is not set'),
+					'SDK: IsAdminUser',
+					'https://sdk.collaboraonline.com/docs/advanced_integration.html?highlight=IsAdminUser#isadminuser',
 				],
-				ok: [_('The is_admin user property is set'), '', ''],
+				deprecated: [
+					_(
+						'Used deprecated id_admin field, please use IsAdminUser property instead',
+					),
+					'SDK: IsAdminUser',
+					'https://sdk.collaboraonline.com/docs/advanced_integration.html?highlight=IsAdminUser#isadminuser',
+				],
+				ok: [_('The IsAdminUser user property is set'), '', ''],
 			},
 		};
 	}
diff --git a/wsd/DocumentBroker.cpp b/wsd/DocumentBroker.cpp
index d309adf1a7673..56e67be7aef6b 100644
--- a/wsd/DocumentBroker.cpp
+++ b/wsd/DocumentBroker.cpp
@@ -1176,8 +1176,8 @@ DocumentBroker::updateSessionWithWopiInfo(const std::shared_ptr<ClientSession>&
         : wopiFileInfo->getWatermarkText();
     const std::string templateSource = wopiFileInfo->getTemplateSource();
 
-    if (userExtraInfo.find("is_admin") == std::string::npos)
-        _serverAudit.set("is_admin", "missing");
+    if (!wopiFileInfo->getIsAdminUserError().empty())
+        _serverAudit.set("is_admin", wopiFileInfo->getIsAdminUserError());
 
     _isViewFileExtension = COOLWSD::IsViewFileExtension(wopiStorage->getFileExtension());
     if (!wopiFileInfo->getUserCanWrite() ||
diff --git a/wsd/wopi/WopiStorage.cpp b/wsd/wopi/WopiStorage.cpp
index 66492697f1859..7da36ef9c5ae6 100644
--- a/wsd/wopi/WopiStorage.cpp
+++ b/wsd/wopi/WopiStorage.cpp
@@ -234,6 +234,16 @@ WopiStorage::WOPIFileInfo::WOPIFileInfo(const FileInfo& fileInfo, Poco::JSON::Ob
     JsonUtil::findJSONValue(object, "BreadcrumbDocName", _breadcrumbDocName);
     JsonUtil::findJSONValue(object, "FileUrl", _fileUrl);
 
+    // check if user is admin on the integrator side
+    if (!JsonUtil::findJSONValue(object, "IsAdminUser", _isAdminUser))
+    {
+        _isAdminUserError = "missing";
+
+        // check deprecated is_admin inside UserExtraInfo
+        if (_userExtraInfo.find("is_admin") != std::string::npos)
+            _isAdminUserError = "deprecated";
+    }
+
     // Update the scheme to https if ssl or ssl termination is on
     if (_postMessageOrigin.starts_with("http://") &&
         (COOLWSD::isSSLEnabled() || COOLWSD::isSSLTermination()))
diff --git a/wsd/wopi/WopiStorage.hpp b/wsd/wopi/WopiStorage.hpp
index 5b5f52edaa025..e113b9db9de86 100644
--- a/wsd/wopi/WopiStorage.hpp
+++ b/wsd/wopi/WopiStorage.hpp
@@ -81,6 +81,9 @@ class WopiStorage : public StorageBase
         bool getSupportsLocks() const { return _supportsLocks; }
         bool getUserCanRename() const { return _userCanRename; }
 
+        bool getIsAdminUser() const { return _isAdminUser; }
+        const std::string& getIsAdminUserError() const { return _isAdminUserError; }
+
         TriState getDisableChangeTrackingShow() const { return _disableChangeTrackingShow; }
         TriState getDisableChangeTrackingRecord() const { return _disableChangeTrackingRecord; }
         TriState getHideChangeTrackingControls() const { return _hideChangeTrackingControls; }
@@ -158,6 +161,11 @@ class WopiStorage : public StorageBase
         bool _supportsRename = false;
         /// If user is allowed to rename the document
         bool _userCanRename = false;
+        /// If user is considered as admin on the integrator side
+        bool _isAdminUser = false;
+
+        /// error code if integration does not use isAdminUser field properly
+        std::string _isAdminUserError = "";
     };
 
     WopiStorage(const Poco::URI& uri, const std::string& localStorePath,