Merge pull request #864 from nextcloud/backport/820/stable22

[stable22] filter allowed type of member
nextcloud · Dec 13, 2021 · 74e0b0d · 74e0b0d
2 parents 293095a + 3beb11c
commit 74e0b0d
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 1 deletion.
diff --git a/lib/FederatedItems/SingleMemberAdd.php b/lib/FederatedItems/SingleMemberAdd.php
@@ -351,6 +351,12 @@ protected function generateMember(FederatedEvent $event, Circle $circle, Member
 			throw new FederatedItemBadRequestException(StatusCode::$MEMBER_ADD[120], 120);
 		}
 
+		$allowedTypes = $this->configService->getAppValueInt(ConfigService::ALLOWED_TYPES);
+		if ($federatedUser->getUserType() < Member::TYPE_APP
+			&& ($allowedTypes & $federatedUser->getUserType()) === 0) {
+			throw new FederatedItemBadRequestException(StatusCode::$MEMBER_ADD[132], 132);
+		}
+
 		if ($federatedUser->getBasedOn()->isConfig(Circle::CFG_ROOT)) {
 			throw new FederatedItemBadRequestException(StatusCode::$MEMBER_ADD[125], 125);
 		}

diff --git a/lib/Model/Member.php b/lib/Model/Member.php
@@ -77,6 +77,8 @@ class Member extends ManagedModel implements
 	public const TYPE_CIRCLE = 16;
 	public const TYPE_APP = 10000;
 
+	public const ALLOWING_ALL_TYPES = 31;
+
 	public const APP_CIRCLES = 10001;
 	public const APP_OCC = 10002;
 

diff --git a/lib/Service/ConfigService.php b/lib/Service/ConfigService.php
@@ -103,6 +103,7 @@ class ConfigService {
 	public const SELF_SIGNED_CERT = 'self_signed_cert';
 	public const MEMBERS_LIMIT = 'members_limit';
 	public const ACTIVITY_ON_NEW_CIRCLE = 'creation_activity';
+	public const ALLOWED_TYPES = 'allowed_types';
 
 	public const MIGRATION_BYPASS = 'migration_bypass';
 	public const MIGRATION_22 = 'migration_22';
@@ -176,6 +177,8 @@ class ConfigService {
 		self::SELF_SIGNED_CERT => '0',
 		self::MEMBERS_LIMIT => '-1',
 		self::ACTIVITY_ON_NEW_CIRCLE => '1',
+		self::ALLOWED_TYPES => Member::ALLOWING_ALL_TYPES,
+
 		self::MIGRATION_BYPASS => '0',
 		self::MIGRATION_22 => '0',
 		self::MIGRATION_22_1 => '0',

diff --git a/lib/StatusCode.php b/lib/StatusCode.php
@@ -68,7 +68,8 @@ class StatusCode {
 		128 => 'Cannot add Circle as its own Member',
 		129 => 'Member does not contains a patron',
 		130 => 'Member is invited by an entity that does not belongs to the instance at the origin of the request',
-		131 => 'Member is a non-local Circle'
+		131 => 'Member is a non-local Circle',
+		132 => 'Member type not allowed'
 	];
 
 	public static $MEMBER_LEVEL = [