Merge pull request #31623 from nextcloud/tweak-default-scopes-accounts

Allow to tweak default scopes for accounts
nextcloud · May 17, 2022 · 4c61db4 · 4c61db4
2 parents 67472b7 + 4d26a9a
commit 4c61db4
Show file tree

Hide file tree

Showing 4 changed files with 158 additions and 58 deletions.
diff --git a/config/config.sample.php b/config/config.sample.php
@@ -2168,4 +2168,18 @@
  * the database storage.
  */
 'enable_file_metadata' => true,
+
+/**
+ * Allows to override the default scopes for Account data.
+ * The list of overridable properties and valid values for scopes are in
+ * OCP\Accounts\IAccountManager. Values added here are merged with
+ * default values, which are in OC\Accounts\AccountManager
+ *
+ * For instance, if the phone property should default to the private scope
+ * instead of the local one:
+ * [
+ *   \OCP\Accounts\IAccountManager::PROPERTY_PHONE => \OCP\Accounts\IAccountManager::SCOPE_PRIVATE
+ * ]
+ */
+'account_manager.default_property_scope' => []
 ];
diff --git a/lib/private/Accounts/AccountManager.php b/lib/private/Accounts/AccountManager.php
@@ -14,6 +14,7 @@
  * @author Lukas Reschke <lukas@statuscode.ch>
  * @author Morris Jobke <hey@morrisjobke.de>
  * @author Roeland Jago Douma <roeland@famdouma.nl>
+ * @author Thomas Citharel <nextcloud@tcit.fr>
  * @author Vincent Petry <vincent@nextcloud.com>
  *
  * @license AGPL-3.0
@@ -119,6 +120,23 @@ class AccountManager implements IAccountManager {
 	private $l10nfactory;
 	private CappedMemoryCache $internalCache;
 
+	/**
+	 * The list of default scopes for each property.
+	 */
+	public const DEFAULT_SCOPES = [
+		self::PROPERTY_DISPLAYNAME => self::SCOPE_FEDERATED,
+		self::PROPERTY_ADDRESS => self::SCOPE_LOCAL,
+		self::PROPERTY_WEBSITE => self::SCOPE_LOCAL,
+		self::PROPERTY_EMAIL => self::SCOPE_FEDERATED,
+		self::PROPERTY_AVATAR => self::SCOPE_FEDERATED,
+		self::PROPERTY_PHONE => self::SCOPE_LOCAL,
+		self::PROPERTY_TWITTER => self::SCOPE_LOCAL,
+		self::PROPERTY_ORGANISATION => self::SCOPE_LOCAL,
+		self::PROPERTY_ROLE => self::SCOPE_LOCAL,
+		self::PROPERTY_HEADLINE => self::SCOPE_LOCAL,
+		self::PROPERTY_BIOGRAPHY => self::SCOPE_LOCAL,
+	];
+
 	public function __construct(
 		IDBConnection            $connection,
 		IConfig                  $config,
@@ -649,81 +667,84 @@ protected function writeUserDataProperties(IQueryBuilder $query, array $data): v
 
 	/**
 	 * build default user record in case not data set exists yet
-	 *
-	 * @param IUser $user
-	 * @return array
 	 */
-	protected function buildDefaultUserRecord(IUser $user) {
+	protected function buildDefaultUserRecord(IUser $user): array {
+		$scopes = array_merge(self::DEFAULT_SCOPES, array_filter($this->config->getSystemValue('account_manager.default_property_scope', []), static function (string $scope, string $property) {
+			return in_array($property, self::ALLOWED_PROPERTIES, true) && in_array($scope, self::ALLOWED_SCOPES, true);
+		}, ARRAY_FILTER_USE_BOTH));
+
 		return [
 			[
 				'name' => self::PROPERTY_DISPLAYNAME,
 				'value' => $user->getDisplayName(),
-				'scope' => self::SCOPE_FEDERATED,
+				// Display name must be at least SCOPE_LOCAL
+				'scope' => $scopes[self::PROPERTY_DISPLAYNAME] === self::SCOPE_PRIVATE ? self::SCOPE_LOCAL : $scopes[self::PROPERTY_DISPLAYNAME],
 				'verified' => self::NOT_VERIFIED,
 			],
 
 			[
 				'name' => self::PROPERTY_ADDRESS,
 				'value' => '',
-				'scope' => self::SCOPE_LOCAL,
+				'scope' => $scopes[self::PROPERTY_ADDRESS],
 				'verified' => self::NOT_VERIFIED,
 			],
 
 			[
 				'name' => self::PROPERTY_WEBSITE,
 				'value' => '',
-				'scope' => self::SCOPE_LOCAL,
+				'scope' => $scopes[self::PROPERTY_WEBSITE],
 				'verified' => self::NOT_VERIFIED,
 			],
 
 			[
 				'name' => self::PROPERTY_EMAIL,
 				'value' => $user->getEMailAddress(),
-				'scope' => self::SCOPE_FEDERATED,
+				// Email must be at least SCOPE_LOCAL
+				'scope' => $scopes[self::PROPERTY_EMAIL] === self::SCOPE_PRIVATE ? self::SCOPE_LOCAL : $scopes[self::PROPERTY_EMAIL],
 				'verified' => self::NOT_VERIFIED,
 			],
 
 			[
 				'name' => self::PROPERTY_AVATAR,
-				'scope' => self::SCOPE_FEDERATED
+				'scope' => $scopes[self::PROPERTY_AVATAR],
 			],
 
 			[
 				'name' => self::PROPERTY_PHONE,
 				'value' => '',
-				'scope' => self::SCOPE_LOCAL,
+				'scope' => $scopes[self::PROPERTY_PHONE],
 				'verified' => self::NOT_VERIFIED,
 			],
 
 			[
 				'name' => self::PROPERTY_TWITTER,
 				'value' => '',
-				'scope' => self::SCOPE_LOCAL,
+				'scope' => $scopes[self::PROPERTY_TWITTER],
 				'verified' => self::NOT_VERIFIED,
 			],
 
 			[
 				'name' => self::PROPERTY_ORGANISATION,
 				'value' => '',
-				'scope' => self::SCOPE_LOCAL,
+				'scope' => $scopes[self::PROPERTY_ORGANISATION],
 			],
 
 			[
 				'name' => self::PROPERTY_ROLE,
 				'value' => '',
-				'scope' => self::SCOPE_LOCAL,
+				'scope' => $scopes[self::PROPERTY_ROLE],
 			],
 
 			[
 				'name' => self::PROPERTY_HEADLINE,
 				'value' => '',
-				'scope' => self::SCOPE_LOCAL,
+				'scope' => $scopes[self::PROPERTY_HEADLINE],
 			],
 
 			[
 				'name' => self::PROPERTY_BIOGRAPHY,
 				'value' => '',
-				'scope' => self::SCOPE_LOCAL,
+				'scope' => $scopes[self::PROPERTY_BIOGRAPHY],
 			],
 
 			[
@@ -790,17 +811,8 @@ public function updateAccount(IAccount $account): void {
 			//  valid case, nothing to do
 		}
 
-		static $allowedScopes = [
-			self::SCOPE_PRIVATE,
-			self::SCOPE_LOCAL,
-			self::SCOPE_FEDERATED,
-			self::SCOPE_PUBLISHED,
-			self::VISIBILITY_PRIVATE,
-			self::VISIBILITY_CONTACTS_ONLY,
-			self::VISIBILITY_PUBLIC,
-		];
 		foreach ($account->getAllProperties() as $property) {
-			$this->testPropertyScope($property, $allowedScopes, true);
+			$this->testPropertyScope($property, self::ALLOWED_SCOPES, true);
 		}
 
 		$oldData = $this->getUser($account->getUser(), false);

diff --git a/lib/public/Accounts/IAccountManager.php b/lib/public/Accounts/IAccountManager.php
@@ -8,6 +8,7 @@
  * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  * @author Joas Schilling <coding@schilljs.com>
  * @author Julius Härtl <jus@bitgrid.net>
+ * @author Thomas Citharel <nextcloud@tcit.fr>
  * @author Vincent Petry <vincent@nextcloud.com>
  *
  * @license GNU AGPL version 3 or any later version
@@ -89,6 +90,21 @@ interface IAccountManager {
 	 */
 	public const VISIBILITY_PUBLIC = 'public';
 
+	/**
+	 * The list of allowed scopes
+	 *
+	 * @since 25.0.0
+	 */
+	public const ALLOWED_SCOPES = [
+		self::SCOPE_PRIVATE,
+		self::SCOPE_LOCAL,
+		self::SCOPE_FEDERATED,
+		self::SCOPE_PUBLISHED,
+		self::VISIBILITY_PRIVATE,
+		self::VISIBILITY_CONTACTS_ONLY,
+		self::VISIBILITY_PUBLIC,
+	];
+
 	public const PROPERTY_AVATAR = 'avatar';
 	public const PROPERTY_DISPLAYNAME = 'displayname';
 	public const PROPERTY_PHONE = 'phone';
@@ -122,6 +138,26 @@ interface IAccountManager {
 	 */
 	public const PROPERTY_PROFILE_ENABLED = 'profile_enabled';
 
+	/**
+	 * The list of allowed properties
+	 *
+	 * @since 25.0.0
+	 */
+	public const ALLOWED_PROPERTIES = [
+		self::PROPERTY_AVATAR,
+		self::PROPERTY_DISPLAYNAME,
+		self::PROPERTY_PHONE,
+		self::PROPERTY_EMAIL,
+		self::PROPERTY_WEBSITE,
+		self::PROPERTY_ADDRESS,
+		self::PROPERTY_TWITTER,
+		self::PROPERTY_ORGANISATION,
+		self::PROPERTY_ROLE,
+		self::PROPERTY_HEADLINE,
+		self::PROPERTY_BIOGRAPHY,
+		self::PROPERTY_PROFILE_ENABLED,
+	];
+
 	public const COLLECTION_EMAIL = 'additional_mail';
 
 	public const NOT_VERIFIED = '0';