Move all check related stuff into RegisterChecksListener

This gets rid of the "check id not valid" when enabling with occ
SUNET · Aug 26, 2024 · 4230b0e · 4230b0e
1 parent f323a7b
commit 4230b0e
Show file tree

Hide file tree

Showing 6 changed files with 60 additions and 109 deletions.
diff --git a/Makefile b/Makefile
@@ -73,11 +73,13 @@ docker: selfsignedcert docker_kill package
 	docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ app:install files_accesscontrol"
 	docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ app:install files_automatedtagging"
 	docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ app:install	twofactor_webauthn"
+	docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ app:enable mfazones"
 	docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ group:add mfa"
 	docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ twofactorauth:enforce --on --group mfa"
 	docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ group:adduser mfa admin"
 	docker exec -u www-data nextcloud /bin/bash -c "env OC_PASS=mfauserpassword /var/www/html/occ user:add --password-from-env --display-name='MFA User' --group='mfa' mfauser"
 	docker exec -u www-data nextcloud /bin/bash -c "env OC_PASS=nomfauserpassword /var/www/html/occ user:add --password-from-env --display-name='Ordinary User' nomfauser"
+	docker exec -u www-data nextcloud /bin/bash -c "/var/www/html/occ app:disable firstrunwizard"
 	firefox -new-tab https://localhost:8443/
 
 sign: package docker_kill

diff --git a/mfazones/lib/AppInfo/Application.php b/mfazones/lib/AppInfo/Application.php
@@ -9,7 +9,6 @@
 
 use OCA\Files\Event\LoadAdditionalScriptsEvent;
 use OCA\mfazones\Listeners\AppDisableEventListener;
-use OCA\mfazones\Listeners\AppEnableEventListener;
 use OCA\mfazones\Listeners\LoadAdditionalScriptsListener;
 use OCA\mfazones\Listeners\RegisterChecksListener;
 use OCA\mfazones\Listeners\RegisterOperationsListener;
@@ -20,7 +19,6 @@
 use OCP\AppFramework\Bootstrap\IBootstrap;
 use OCP\AppFramework\Bootstrap\IRegistrationContext;
 use OCP\App\Events\AppDisableEvent;
-use OCP\App\Events\AppEnableEvent;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
 use OCP\SystemTag\ISystemTagManager;
 use OCP\SystemTag\ISystemTagObjectMapper;
@@ -47,10 +45,9 @@ public function __construct()
    */
   public function register(IRegistrationContext $context): void
   {
-    $context->registerEventListener(AppEnableEvent::class, AppEnableEventListener::class);
+    $context->registerEventListener(RegisterChecksEvent::class, RegisterChecksListener::class);
     $context->registerEventListener(TwoFactorProviderChallengePassed::class, TwoFactorProviderChallengePassedListener::class);
     $context->registerEventListener(LoadAdditionalScriptsEvent::class, LoadAdditionalScriptsListener::class);
-    $context->registerEventListener(RegisterChecksEvent::class, RegisterChecksListener::class);
     $context->registerEventListener(RegisterOperationsEvent::class, RegisterOperationsListener::class);
     $context->registerEventListener(AppDisableEvent::class, AppDisableEventListener::class);
     $context->registerService(

diff --git a/mfazones/lib/Controller/MfazonesController.php b/mfazones/lib/Controller/MfazonesController.php
@@ -16,23 +16,37 @@
 use OCP\Files\IRootFolder;
 use OCP\IGroupManager;
 use OCP\IRequest;
-use OCP\ISession;
 use OCP\SystemTag\ISystemTagObjectMapper;
 use Psr\Log\LoggerInterface;
 
 class MfazonesController extends Controller
 {
+  private IGroupManager $groupManager;
+  private IRootFolder $rootFolder;
+  private ISystemTagObjectMapper $tagMapper;
+  private LoggerInterface $logger;
+  private MfaVerified $mfaVerified;
+  private Utils $utils;
+  private string $userId;
   public function __construct(
-    private IRequest $request,
-    private IRootFolder $rootFolder,
-    private IGroupManager $groupManager,
-    private string $userId,
-    private ISession $session,
-    private Utils $utils,
-    private ISystemTagObjectMapper $tagMapper,
-    private MfaVerified $mfaVerified,
-    private LoggerInterface $logger
+    IRequest $request,
+    IRootFolder $rootFolder,
+    IGroupManager $groupManager,
+    string $userId,
+    Utils $utils,
+    ISystemTagObjectMapper $tagMapper,
+    MfaVerified $mfaVerified,
+    LoggerInterface $logger
   ) {
+    // NOTE: The request is only passed to the parent class
+    // and is not instantiated by us here.
+    $this->groupManager = $groupManager;
+    $this->logger = $logger;
+    $this->mfaVerified = $mfaVerified;
+    $this->rootFolder = $rootFolder;
+    $this->tagMapper = $tagMapper;
+    $this->userId = $userId;
+    $this->utils = $utils;
     parent::__construct(Application::APP_ID, $request);
   }
 

diff --git a/mfazones/lib/Listeners/AppEnableEventListener.php b/mfazones/lib/Listeners/AppEnableEventListener.php
diff --git a/mfazones/lib/Listeners/RegisterChecksListener.php b/mfazones/lib/Listeners/RegisterChecksListener.php
@@ -26,34 +26,64 @@
 
 namespace OCA\mfazones\Listeners;
 
+use OCA\WorkflowEngine\Helper\ScopeContext;
+use OCA\WorkflowEngine\Manager;
 use OCA\mfazones\AppInfo\Application;
 use OCA\mfazones\Check\MfaVerified;
+use OCA\mfazones\Utils;
 use OCP\EventDispatcher\Event;
 use OCP\EventDispatcher\IEventListener;
 use OCP\IL10N;
 use OCP\ISession;
 use OCP\Util;
 use OCP\WorkflowEngine\Events\RegisterChecksEvent;
+use OCP\WorkflowEngine\IManager;
 use Psr\Log\LoggerInterface;
 
 class RegisterChecksListener implements IEventListener
 {
   private MfaVerified $mfaVerifiedCheck;
   private ISession $session;
   private LoggerInterface $logger;
+  private string $tagId;
+  private Manager $manager;
   private IL10N $l;
 
-  public function __construct()
+  public function __construct(Utils $utils, IL10N $l, ISession $session, LoggerInterface $logger, Manager $manager)
   {
+    $this->l = $l;
+    $this->session = $session;
+    $this->logger = $logger;
+    $this->manager = $manager;
     $this->mfaVerifiedCheck = new MfaVerified($this->l, $this->session, $this->logger);
+    $this->tagId = $utils->getTagId(); // will create the tag if necessary
   }
 
   public function handle(Event $event): void
   {
     if (!$event instanceof RegisterChecksEvent) {
       return;
     }
-    $event->registerCheck($this->mfaVerifiedCheck);
     Util::addScript(Application::APP_ID, 'mfazones-main');
+    $event->registerCheck($this->mfaVerifiedCheck);
+    $context = new ScopeContext(IManager::SCOPE_ADMIN);
+    $class = "OCA\\FilesAccessControl\\Operation";
+    $name = "";
+    $checks =  [
+      [
+        "class" => "OCA\mfazones\Check\MfaVerified",
+        "operator" => "!is",
+        "value" => ""
+      ],
+      [
+        "class" => "OCA\WorkflowEngine\Check\FileSystemTags",
+        "operator" => "is",
+        "value" => $this->tagId
+      ]
+    ];
+    $operation = "deny";
+    $entity = "OCA\\WorkflowEngine\\Entity\\File";
+    $events = [];
+    $this->manager->addOperation($class, $name, $checks, $operation, $context, $entity, $events);
   }
 }
diff --git a/mfazones/lib/Utils.php b/mfazones/lib/Utils.php
@@ -21,7 +21,7 @@ public function __construct(
   public function getTagId()
   {
     try {
-      $tags = $$this->systemTagManager->getAllTags();
+      $tags = $this->systemTagManager->getAllTags();
       foreach ($tags as $tag) {
         if ($tag->getName() === self::TAG_NAME) {
           return (string) $tag->getId();