nextcloud · juliusknorr · Aug 3, 2021 · Jul 12, 2021
diff --git a/lib/Service/CirclesService.php b/lib/Service/CirclesService.php
@@ -26,6 +26,8 @@
 
 namespace OCA\Deck\Service;
 
+use OCA\Circles\CirclesManager;
+use OCA\Circles\Model\Member;
 use OCP\App\IAppManager;
 
 /**
@@ -39,6 +41,10 @@ public function __construct(IAppManager $appManager) {
 		$this->circlesEnabled = $appManager->isEnabledForUser('circles');
 	}
 
+	public function isCirclesEnabled(): bool {
+		return $this->circlesEnabled;
+	}
+
 	public function getCircle($circleId) {
 		if (!$this->circlesEnabled) {
 			return null;
@@ -53,8 +59,13 @@ public function isUserInCircle($circleId, $userId): bool {
 		}
 
 		try {
-			\OCA\Circles\Api\v1\Circles::getMember($circleId, $userId, 1, true);
-			return true;
+			/** @var CirclesManager $circlesManager */
+			$circlesManager = \OC::$server->get(CirclesManager::class);
+			$federatedUser = $circlesManager->getFederatedUser($userId, Member::TYPE_USER);
+			$circlesManager->startSession($federatedUser);
+			$circle = $circlesManager->getCircle($circleId);
+			$member = $circle->getInitiator();
+			return $member !== null && $member->getLevel() >= Member::LEVEL_MEMBER;
 		} catch (\Exception $e) {
 		}
 		return false;

diff --git a/lib/Service/PermissionService.php b/lib/Service/PermissionService.php
@@ -24,6 +24,7 @@
 namespace OCA\Deck\Service;
 
 use OC\Cache\CappedMemoryCache;
+use OCA\Circles\Model\Member;
 use OCA\Deck\Db\Acl;
 use OCA\Deck\Db\AclMapper;
 use OCA\Deck\Db\Board;
@@ -42,6 +43,8 @@
 
 class PermissionService {
 
+	/** @var CirclesService */
+	private $circlesService;
 	/** @var BoardMapper */
 	private $boardMapper;
 	/** @var AclMapper */
@@ -61,11 +64,11 @@ class PermissionService {
 	/** @var array */
 	private $users = [];
 
-	private $circlesEnabled = false;
 	private $boardCache;
 
 	public function __construct(
 		ILogger $logger,
+		CirclesService $circlesService,
 		AclMapper $aclMapper,
 		BoardMapper $boardMapper,
 		IUserManager $userManager,
@@ -74,6 +77,7 @@ public function __construct(
 		IConfig $config,
 		$userId
 	) {
+		$this->circlesService = $circlesService;
 		$this->aclMapper = $aclMapper;
 		$this->boardMapper = $boardMapper;
 		$this->logger = $logger;
@@ -84,9 +88,6 @@ public function __construct(
 		$this->userId = $userId;
 
 		$this->boardCache = new CappedMemoryCache();
-
-		$this->circlesEnabled = \OC::$server->getAppManager()->isEnabledForUser('circles') &&
-			(version_compare(\OC::$server->getAppManager()->getAppVersion('circles'), '0.17.1') >= 0);
 	}
 
 	/**
@@ -210,10 +211,9 @@ public function userCan(array $acls, $permission, $userId = null) {
 				return $acl->getPermission($permission);
 			}
 
-			if ($this->circlesEnabled && $acl->getType() === Acl::PERMISSION_TYPE_CIRCLE) {
+			if ($this->circlesService->isCirclesEnabled() && $acl->getType() === Acl::PERMISSION_TYPE_CIRCLE) {
 				try {
-					\OCA\Circles\Api\v1\Circles::getMember($acl->getParticipant(), $this->userId, 1, true);
-					return $acl->getPermission($permission);
+					return $this->circlesService->isUserInCircle($acl->getParticipant(), $userId) && $acl->getPermission($permission);
 				} catch (\Exception $e) {
 					$this->logger->info('Member not found in circle that was accessed. This should not happen.');
 				}
@@ -278,7 +278,7 @@ public function findUsers($boardId, $refresh = false) {
 				}
 			}
 
-			if ($this->circlesEnabled && $acl->getType() === Acl::PERMISSION_TYPE_CIRCLE) {
+			if ($this->circlesService->isCirclesEnabled() && $acl->getType() === Acl::PERMISSION_TYPE_CIRCLE) {
 				try {
 					$circle = \OCA\Circles\Api\v1\Circles::detailsCircle($acl->getParticipant(), true);
 					if ($circle === null) {
@@ -287,7 +287,7 @@ public function findUsers($boardId, $refresh = false) {
 					}
 
 					foreach ($circle->getInheritedMembers() as $member) {
-						if ($member->getUserType() !== 1) {
+						if ($member->getUserType() !== 1 || $member->getLevel() >= Member::LEVEL_MEMBER) {
 							// deck currently only supports user members in circles
 							continue;
 						}

diff --git a/tests/psalm-baseline.xml b/tests/psalm-baseline.xml
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8"?>
-<files psalm-version="4.7.3@38c452ae584467e939d55377aaf83b5a26f19dd1">
+<files psalm-version="4.8.1@f73f2299dbc59a3e6c4d66cff4605176e728ee69">
   <file src="lib/Activity/ActivityManager.php">
     <TypeDoesNotContainType occurrences="1">
       <code>$message !== null</code>
@@ -147,8 +147,7 @@
     <UndefinedClass occurrences="1">
       <code>\OCA\Circles\Model\Circle</code>
     </UndefinedClass>
-    <UndefinedDocblockClass occurrences="5">
-      <code>$this-&gt;object</code>
+    <UndefinedDocblockClass occurrences="4">
       <code>$this-&gt;object</code>
       <code>$this-&gt;object</code>
       <code>$this-&gt;object</code>
@@ -202,10 +201,12 @@
     </UndefinedDocblockClass>
   </file>
   <file src="lib/Service/CirclesService.php">
-    <UndefinedClass occurrences="2">
-      <code>\OCA\Circles\Api\v1\Circles</code>
+    <UndefinedClass occurrences="1">
       <code>\OCA\Circles\Api\v1\Circles</code>
     </UndefinedClass>
+    <UndefinedDocblockClass occurrences="1">
+      <code>$circlesManager</code>
+    </UndefinedDocblockClass>
   </file>
   <file src="lib/Service/CommentService.php">
     <UndefinedThisPropertyAssignment occurrences="2">
@@ -258,7 +259,7 @@
   </file>
   <file src="lib/Service/PermissionService.php">
     <UndefinedClass occurrences="2">
-      <code>\OCA\Circles\Api\v1\Circles</code>
+      <code>Member</code>
       <code>\OCA\Circles\Api\v1\Circles</code>
     </UndefinedClass>
   </file>

diff --git a/tests/unit/Service/PermissionServiceTest.php b/tests/unit/Service/PermissionServiceTest.php
@@ -35,6 +35,7 @@
 use OCP\IGroup;
 use OCP\IGroupManager;
 use OCP\ILogger;
+use OCP\IRequest;
 use OCP\IUser;
 use OCP\IUserManager;
 use OCP\Share\IManager;
@@ -62,7 +63,9 @@ class PermissionServiceTest extends \Test\TestCase {
 
 	public function setUp(): void {
 		parent::setUp();
-		$this->logger = $this->request = $this->createMock(ILogger::class);
+		$this->logger = $this->createMock(ILogger::class);
+		$this->request = $this->createMock(IRequest::class);
+		$this->circlesService = $this->createMock(CirclesService::class);
 		$this->aclMapper = $this->createMock(AclMapper::class);
 		$this->boardMapper = $this->createMock(BoardMapper::class);
 		$this->userManager = $this->createMock(IUserManager::class);
@@ -72,6 +75,7 @@ public function setUp(): void {
 
 		$this->service = new PermissionService(
 			$this->logger,
+			$this->circlesService,
 			$this->aclMapper,
 			$this->boardMapper,
 			$this->userManager,