Add option to allow groups to be determined by registering email address

appinfo/routes.php

@@ -13,6 +13,8 @@
 return [
 	'routes' => [
 		['name' => 'settings#admin', 'url' => '/settings', 'verb' => 'POST'],
+		['name' => 'settings#addGroupMapping', 'url' => '/settings/groupmapping', 'verb' => 'POST'],
+		['name' => 'settings#deleteGroupMapping', 'url' => '/settings/groupmapping/{id}', 'verb' => 'DELETE'],
 		['name' => 'register#showEmailForm', 'url' => '/', 'verb' => 'GET'],
 		['name' => 'register#submitEmailForm', 'url' => '/', 'verb' => 'POST'],
 		['name' => 'register#showVerificationForm', 'url' => '/verify/{secret}', 'verb' => 'GET'],

l10n/en_GB.js

@@ -86,6 +86,11 @@ OC.L10N.register(
     "Verification code" : "Verification code",
     "Verify" : "Verify",
     "Approval required" : "Approval required",
-    "Your account has been successfully created, but it still needs approval from an administrator." : "Your account has been successfully created, but it still needs approval from an administrator."
+    "Your account has been successfully created, but it still needs approval from an administrator." : "Your account has been successfully created, but it still needs approval from an administrator.",
+    "Only send request to group admins" : "Only send approval request to group admins",
+    "Map groups to email" : "Enable assigning default group via email address",
+    "Group mappings" : "Email to Group Mappings",
+    "Delete mapping" : "Delete mapping",
+    "Add mapping" : "Add mapping"
 },
 "nplurals=2; plural=(n != 1);");

l10n/en_GB.json

@@ -84,6 +84,11 @@
     "Verification code" : "Verification code",
     "Verify" : "Verify",
     "Approval required" : "Approval required",
-    "Your account has been successfully created, but it still needs approval from an administrator." : "Your account has been successfully created, but it still needs approval from an administrator."
+    "Your account has been successfully created, but it still needs approval from an administrator." : "Your account has been successfully created, but it still needs approval from an administrator.",
+    "Only send request to group admins" : "Only send approval request to group admins",
+    "Map groups to email" : "Enable assigning default group via email address",
+    "Group mappings" : "Email to Group Mappings",
+    "Delete mapping" : "Delete mapping",
+    "Add mapping" : "Add mapping"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

lib/Controller/SettingsController.php

@@ -13,6 +13,8 @@
 
 namespace OCA\Registration\Controller;
 
+use OCA\Registration\Db\Group;
+use OCA\Registration\Db\GroupMapper;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\DataResponse;
@@ -27,15 +29,17 @@ class SettingsController extends Controller {
 	private IL10N $l10n;
 	private IConfig $config;
 	private IGroupManager $groupmanager;
+	private GroupMapper $groupMapper;
 	/** @var string */
 	protected $appName;
 
-	public function __construct($appName, IRequest $request, IL10N $l10n, IConfig $config, IGroupManager $groupmanager) {
+	public function __construct($appName, IRequest $request, IL10N $l10n, IConfig $config, IGroupManager $groupmanager, GroupMapper $groupmapper) {
 		parent::__construct($appName, $request);
 		$this->l10n = $l10n;
 		$this->config = $config;
 		$this->groupmanager = $groupmanager;
 		$this->appName = $appName;
+		$this->groupMapper = $groupmapper;
 	}
 
 	/**
@@ -47,10 +51,12 @@ public function __construct($appName, IRequest $request, IL10N $l10n, IConfig $c
 	 * @param string $email_verification_hint if filled embed Text in Verification mail send to user
 	 * @param string $username_policy_regex optional regex to check usernames against a pattern
 	 * @param bool|null $admin_approval_required newly registered users have to be validated by an admin
+	 * @param bool|null $admin_approval_to_group_admin_only only send the activation email to the group admins the new user will be a member of
 	 * @param bool|null $email_is_optional email address is not required
 	 * @param bool|null $email_is_login email address is forced as user id
 	 * @param bool|null $domains_is_blocklist is the domain list an allow or block list
 	 * @param bool|null $show_domains should the email list be shown to the user or not
+	 * @param bool|null $per_email_group_mapping should the group to email mapping feature be enabled or not
 	 * @return DataResponse
 	 */
 	public function admin(?string $registered_user_group,
@@ -59,6 +65,7 @@ public function admin(?string $registered_user_group,
 		string $email_verification_hint,
 		string $username_policy_regex,
 		?bool $admin_approval_required,
+		?bool $admin_approval_to_group_admin_only,
 		?bool $email_is_optional,
 		?bool $email_is_login,
 		?bool $show_fullname,
@@ -67,7 +74,8 @@ public function admin(?string $registered_user_group,
 		?bool $enforce_phone,
 		?bool $domains_is_blocklist,
 		?bool $show_domains,
-		?bool $disable_email_verification): DataResponse {
+		?bool $disable_email_verification,
+		?bool $per_email_group_mapping): DataResponse {
 		// handle domains
 		if (($allowed_domains === '') || ($allowed_domains === null)) {
 			$this->config->deleteAppValue($this->appName, 'allowed_domains');
@@ -104,6 +112,7 @@ public function admin(?string $registered_user_group,
 		}
 
 		$this->config->setAppValue($this->appName, 'admin_approval_required', $admin_approval_required ? 'yes' : 'no');
+		$this->config->setAppValue($this->appName, 'admin_approval_to_group_admin_only', $admin_approval_to_group_admin_only ? 'yes' : 'no');
 		$this->config->setAppValue($this->appName, 'email_is_optional', $email_is_optional ? 'yes' : 'no');
 		$this->config->setAppValue($this->appName, 'email_is_login', !$email_is_optional && $email_is_login ? 'yes' : 'no');
 		$this->config->setAppValue($this->appName, 'show_fullname', $show_fullname ? 'yes' : 'no');
@@ -113,6 +122,7 @@ public function admin(?string $registered_user_group,
 		$this->config->setAppValue($this->appName, 'domains_is_blocklist', $domains_is_blocklist ? 'yes' : 'no');
 		$this->config->setAppValue($this->appName, 'show_domains', $show_domains ? 'yes' : 'no');
 		$this->config->setAppValue($this->appName, 'disable_email_verification', $disable_email_verification ? 'yes' : 'no');
+		$this->config->setAppValue($this->appName, 'per_email_group_mapping', $per_email_group_mapping ? 'yes' : 'no');
 
 		if ($registered_user_group === null) {
 			$this->config->deleteAppValue($this->appName, 'registered_user_group');
@@ -142,4 +152,78 @@ public function admin(?string $registered_user_group,
 			'status' => 'error',
 		], Http::STATUS_NOT_FOUND);
 	}
+
+	/**
+	 * @AdminRequired
+	 *
+	 * @param string $email_domains the email domains to match for this rule
+	 * @param string $group_name the group to assign the users that match to
+	 * @return DataResponse
+	 */
+	public function addGroupMapping(string $email_domains,
+		string $group_name): DataResponse {
+		// Check email domains is valid string
+		if (($email_domains === '') || ($email_domains === null)) {
+			return new DataResponse([
+				'data' => [
+					'message' => $this->l10n->t('Invalid email domain list'),
+				],
+				'status' => 'error',
+			], Http::STATUS_BAD_REQUEST);
+		}
+
+		// Check group is valid
+		$group = $this->groupmanager->get($group_name);
+		if (!($group instanceof IGroup)) {
+			return new DataResponse([
+				'data' => [
+					'message' => $this->l10n->t('No such group'),
+				],
+				'status' => 'error',
+			], Http::STATUS_NOT_FOUND);
+		}
+
+		// Add new mapping
+		$groupMapping = new Group();
+		$groupMapping->setEmailDomains($email_domains);
+		$groupMapping->setGroupId($group_name);
+		$newMapping = $this->groupMapper->insert($groupMapping);
+
+		// Return result
+		return new DataResponse([
+			'data' => [
+				'message' => $this->l10n->t('Saved'),
+				'id' => $newMapping->getId()
+			],
+			'status' => 'success',
+		]);
+	}
+
+	/**
+	 * @AdminRequired
+	 *
+	 * @param int $id The ID of the row to delete
+	 * @return DataResponse
+	 */
+	public function deleteGroupMapping(int $id): DataResponse {
+		// Check mapping is valid
+		$groupMapping = $this->groupMapper->getById($id);
+		if (!($groupMapping instanceof Group)) {
+			return new DataResponse([
+				'data' => [
+					'message' => $this->l10n->t('No such group mapping'),
+				],
+				'status' => 'error',
+			], Http::STATUS_NOT_FOUND);
+		}
+
+		// Delete mapping
+		$this->groupMapper->delete($groupMapping);
+		return new DataResponse([
+			'data' => [
+				'message' => $this->l10n->t('Deleted')
+			],
+			'status' => 'success',
+		]);
+	}
 }

lib/Db/Group.php

@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2017 Julius Härtl <jus@bitgrid.net>
+ *
+ * @author Julius Härtl <jus@bitgrid.net>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as
+ *  published by the Free Software Foundation, either version 3 of the
+ *  License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Registration\Db;
+
+use OCP\AppFramework\Db\Entity;
+
+/**
+ * @method string getEmailDomains()
+ * @method void setEmailDomains(string $email)
+ * @method string getGroupId()
+ * @method void setGroupId(string $groupid)
+ */
+class Group extends Entity {
+	public $id;
+	protected $emailDomains;
+	protected $groupId;
+
+	public function __construct() {
+		$this->addType('emailDomains', 'string');
+		$this->addType('groupId', 'string');
+	}
+}

lib/Db/GroupMapper.php

@@ -0,0 +1,80 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * @copyright Copyright (c) 2017 Julius Härtl <jus@bitgrid.net>
+ *
+ * @author Julius Härtl <jus@bitgrid.net>
+ * @author Thomas Citharel <nextcloud@tcit.fr>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as
+ *  published by the Free Software Foundation, either version 3 of the
+ *  License, or (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\Registration\Db;
+
+use OCP\AppFramework\Db\QBMapper;
+use OCP\DB\QueryBuilder\IQueryBuilder;
+use OCP\IDBConnection;
+use OCP\Security\ISecureRandom;
+
+class GroupMapper extends QBMapper {
+	public function __construct(IDBConnection $db, protected ISecureRandom $random) {
+		parent::__construct($db, 'registration_group', Group::class);
+	}
+
+	/**
+	 * @return Group[]
+	 */
+	public function getGroupMappings(): array {
+		$qb = $this->db->getQueryBuilder();
+		$qb
+			->select('*')
+			->from($this->tableName);
+
+		return $this->findEntities($qb);
+	}
+
+	/**
+	 * @return Group|null
+	 */
+	public function getGroupMappingByEmailDomain($emailDomain): ?Group {
+		try {
+			$qb = $this->db->getQueryBuilder();
+			$qb
+				->select('*')
+				->from($this->tableName)
+				->where($qb->expr()->like('email_domains', $qb->createNamedParameter("%".$emailDomain."%", IQueryBuilder::PARAM_STR)));
+
+			return $this->findEntity($qb);
+		} catch(\Exception) {
+			return null;
+		}
+	}
+
+	/**
+	 * @return Group
+	 */
+	public function getById($id): Group {
+		$qb = $this->db->getQueryBuilder();
+		$qb
+			->select('*')
+			->from($this->tableName)
+			->where($qb->expr()->eq('id', $qb->createNamedParameter($id, IQueryBuilder::PARAM_INT)));
+
+		return $this->findEntity($qb);
+	}
+}

lib/Service/MailService.php

@@ -128,7 +128,8 @@ public function sendTokenByMail(Registration $registration): void {
 
 	public function notifyAdmins(string $userId, ?string $userEMailAddress, bool $userIsEnabled, string $userGroupId): void {
 		// Notify admin
-		$adminUsers = $this->groupManager->get('admin')->getUsers();
+		$notifyOnlySubadmins = $this->config->getAppValue('registration', 'admin_approval_to_group_admin_only', 'no');
+		$adminUsers = ($notifyOnlySubadmins === 'yes') ? [] : $this->groupManager->get('admin')->getUsers();
 
 		// if the user is disabled and belongs to a group
 		// add subadmins of this group to notification list