Skip to content

Commit

Permalink
Move admin-only routes to administration scope when default only
Browse files Browse the repository at this point in the history
Signed-off-by: Joas Schilling <[email protected]>
  • Loading branch information
nickvergessen committed Nov 8, 2023
1 parent 52198a2 commit b5b1e4e
Show file tree
Hide file tree
Showing 6 changed files with 145 additions and 23 deletions.
2 changes: 2 additions & 0 deletions generate-spec
Original file line number Diff line number Diff line change
Expand Up @@ -346,6 +346,8 @@ foreach ($parsedRoutes as $key => $value) {
if (empty($scopes)) {
if (!empty($controllerScopes)) {
$scopes = $controllerScopes;
} else if ($isAdmin) {
$scopes = ['administration'];
} else {
$scopes = ['default'];
}
Expand Down
4 changes: 3 additions & 1 deletion tests/appinfo/routes.php
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,10 @@
['name' => 'Settings#federationByController', 'url' => '/api/{apiVersion}/controller-scope', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
['name' => 'Settings#ignoreByMethod', 'url' => '/api/{apiVersion}/ignore-method', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
['name' => 'Settings#defaultScope', 'url' => '/api/{apiVersion}/settings', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
['name' => 'Settings#defaultAdminScope', 'url' => '/api/{apiVersion}/default-admin', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
['name' => 'Settings#adminScope', 'url' => '/api/{apiVersion}/admin', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
['name' => 'Settings#doubleScope', 'url' => '/api/{apiVersion}/double', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],

['name' => 'Settings2#defaultAdminScopeOverwritten', 'url' => '/api/{apiVersion}/default-admin-overwritten', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
['name' => 'Settings2#defaultAdminScope', 'url' => '/api/{apiVersion}/default-admin', 'verb' => 'POST', 'requirements' => ['apiVersion' => '(v2)']],
],
];
58 changes: 58 additions & 0 deletions tests/lib/Controller/Settings2Controller.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
<?php

declare(strict_types=1);

/**
* @copyright Copyright (c) 2021, Julien Barnoin <[email protected]>
*
* @author Julien Barnoin <[email protected]>
*
* @license AGPL-3.0-or-later
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/

namespace OCA\Notifications\Controller;

use OCA\Notifications\ResponseDefinitions;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCSController;

class Settings2Controller extends OCSController {
/**
* Route is only in the admin scope because there is no "NoAdminRequired" annotation or attribute
*
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
*
* 200: Personal settings updated
*/
public function defaultAdminScope(): DataResponse {
return new DataResponse();
}

/**
* Route is only in the admin scope because there is no "NoAdminRequired" annotation or attribute
*
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
*
* 200: Personal settings updated
*/
#[OpenAPI]
public function defaultAdminScopeOverwritten(): DataResponse {
return new DataResponse();
}
}
12 changes: 0 additions & 12 deletions tests/lib/Controller/SettingsController.php
Original file line number Diff line number Diff line change
Expand Up @@ -79,18 +79,6 @@ public function defaultScope(): DataResponse {
return new DataResponse();
}

/**
* Route is only in the admin scope because there is no "NoAdminRequired" annotation or attribute
*
* @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
*
* 200: Personal settings updated
*/
#[OpenAPI]
public function defaultAdminScope(): DataResponse {
return new DataResponse();
}

/**
* @NoAdminRequired
*
Expand Down
72 changes: 72 additions & 0 deletions tests/openapi-administration.json
Original file line number Diff line number Diff line change
Expand Up @@ -209,6 +209,78 @@
}
}
}
},
"/ocs/v2.php/apps/notifications/api/{apiVersion}/default-admin": {
"post": {
"operationId": "settings2-default-admin-scope",
"summary": "Route is only in the admin scope because there is no \"NoAdminRequired\" annotation or attribute",
"description": "This endpoint requires admin access",
"tags": [
"settings2"
],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "apiVersion",
"in": "path",
"required": true,
"schema": {
"type": "string",
"enum": [
"v2"
],
"default": "v2"
}
},
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Personal settings updated",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
}
},
"tags": []
Expand Down
20 changes: 10 additions & 10 deletions tests/openapi.json
Original file line number Diff line number Diff line change
Expand Up @@ -118,11 +118,10 @@
}
}
},
"/ocs/v2.php/apps/notifications/api/{apiVersion}/default-admin": {
"/ocs/v2.php/apps/notifications/api/{apiVersion}/double": {
"post": {
"operationId": "settings-default-admin-scope",
"summary": "Route is only in the admin scope because there is no \"NoAdminRequired\" annotation or attribute",
"description": "This endpoint requires admin access",
"operationId": "settings-double-scope",
"summary": "Route is in admin and default scope",
"tags": [
"settings"
],
Expand Down Expand Up @@ -160,7 +159,7 @@
],
"responses": {
"200": {
"description": "Personal settings updated",
"description": "Admin settings updated",
"content": {
"application/json": {
"schema": {
Expand Down Expand Up @@ -190,12 +189,13 @@
}
}
},
"/ocs/v2.php/apps/notifications/api/{apiVersion}/double": {
"/ocs/v2.php/apps/notifications/api/{apiVersion}/default-admin-overwritten": {
"post": {
"operationId": "settings-double-scope",
"summary": "Route is in admin and default scope",
"operationId": "settings2-default-admin-scope-overwritten",
"summary": "Route is only in the admin scope because there is no \"NoAdminRequired\" annotation or attribute",
"description": "This endpoint requires admin access",
"tags": [
"settings"
"settings2"
],
"security": [
{
Expand Down Expand Up @@ -231,7 +231,7 @@
],
"responses": {
"200": {
"description": "Admin settings updated",
"description": "Personal settings updated",
"content": {
"application/json": {
"schema": {
Expand Down

0 comments on commit b5b1e4e

Please sign in to comment.