EntitiesManager

[ArtificialOwl]

#13478: EntitiesManager
Fix #10292

You need to run git submodule update !

⚠️ Note about Visibility ⚠️

Currently, the visibility of all groups is a checkbox to allow sharing from people outside a group to the people within a group. This will be changed in EntitiesManager:

• on migration, the settings will be used when create new Entities, based on the existing groups
• then, default visibility on group creation will be based on a setting.
• visibility of a group can be switched per group, not a global value anymore.

[ArtificialOwl]

Status update about EntitiesManager. Please note that this is a WIP and the main purpose of the command lines is to test and see how everything handling together.

Missing features:

• Comments
• Viewer and Visibility.
• Access, Request and Invites
• Limit to the number of member in an entity.
• Entity as Member of an entity.
• Migrate Circles.
• check old settings about visibility when migrating groups.

./occ entities:install

will reset all data from the entities_* tables and create the basic implementation of the interfaces used to manage entities and accounts:

A quick overview on the basic implementations:

• implementations of IEntities:

  • 'User' represents a single local user with access to the Nextcloud, it is using the 'LocalUser' implementation of IEntitiesAccounts for the identification of the Nextcloud account (set as the 'Owner' of the 'User'). The display name is saved here during the migration so it is available in the search process.
  • 'Account' represents an account with no access to Nextcloud and limited to the visibility of the 'Owner' only.
  • 'Group' manage a list of accounts.
  • 'AdminGroup' manage a list of accounts with Nextcloud admin rights.

• implementations of IEntitiesAccounts:

• 'LocalUser': used by 'User' entities to identify local accounts,
• 'MailAddress': any email address. If multiple users adds the same mail address as contact, we will have one unique entry as entities_accounts and as many entries as needed as entities.

Visibility, membership and ownership will be used when searching for a contact/account/group when sharing an object (file ?).
Of course, any 'out-of-the-box user management' app will be able to add their own implementation.

./occ entities:migration

will migrate current users and groups into the Entities Manager.

This example shows all type of Ids used in the Entities Manager:

• EntityIds are used to identify any entity, could be a single local user and its account, a 'non-local' account, or a group/cluster/list of any type of accounts.
  The EntityId will helps to identify a list of users from any upper layer; it will be used for shares, chatroom members, access rights, resharing rights but also Nextcloud Admin rights. (Please note that the list is not comprehensive)
  A Visibility and a Access flag are assigned to EntityIds.

• AccountIds are used to identify accounts in the Entities Manager.
  Please remember that an account in the entity manager is NOT an account on the Nextcloud. However, the list of 'local users' in the entities manager can be used by lower layer to allow/provide access to the Nextcloud. This would require some small edits but in the long term a migration to use the entity manager in the auth/login process could be imaginated.

• MemberIds will mostly be used within the Entities Manager, it is the link between EntityId and AccountId.
  A Level and a Status is assigned to MemberIds.

./occ entities:manage:create

a command line to create entity, account or member. The basic syntax is:

./occ entities:manage:create item type

item can be entity, account or member
type will depend on the item itself, and available type will be displayed:

Based on the chosen item, some Options are available (and some are mandatory):

• entity will accept --name, --access, --visibility, --owner
• account will require --account
• member will accept --account, --slave, --entity, --level

As an example, we will add a Mail account in the database.

As a side note, the duplicity is managed by the implementation of the IEntitiesAccountsSearchDuplicate interface. Our class MailAddress check if type and account does not exists already:

Once the Mail account is added to the database, we will create an entity that will allow the 'cult' user to search for this mail address when sharing a file:

    ./occ entities:manage:create entity account --owner ACCOUNT_ID \
      --name "Maxence Lange <[email protected]>" \
      --access limited --visibility none

Then, we add the account of the mail address as a normal member of the generated entity.

  ./occ entities:manage:create member member --level member \
     --entity ENTITY_ID --account ACCOUNT_ID

./occ entities:search

Used to search an entity. This is the typical result to be expected when sharing a file:

It can also be used to search for an account:

./occ entities:details

returns details about an entity or an account:

[MorrisJobke]

Need to add "daita/nc-small-php-tools": "v1.0.4" to composer in 3rdparty.

Then do this - add a PR to the 3rdparty repo, check out the branch in the server repo's 3rdparty folder and add this updated submodule to this PR here. Then for testing only "git submodule update" is needed 😉

[ArtificialOwl]

@MorrisJobke will do. I just wanted a quick review/first tests before adding 3rd party to the core !

[ArtificialOwl]

Viewers and Visibility is a thing when using the ./occ entities:search command:

using an admin account:

using a non-admin temporary random account:

[MorrisJobke]

Let's move this to 18.

[rullzer]

I'm going to close this due to lack of activity.
Feel free to reopen if anybody wants to continue.