Merge pull request #3308 from nextcloud/fix/aftermath

Fixing some aftermaths

Author: dartcafe

lib/Controller/BasePublicController.php

@@ -92,8 +92,6 @@ protected function responseCreate(Closure $callback, string $token): JSONRespons
 	}
 
 	private function updateSessionToken(string $token): void {
-		if ($token !== $this->session->get(AppConstants::SESSION_KEY_SHARE_TOKEN)) {
-			$this->session->set(AppConstants::SESSION_KEY_SHARE_TOKEN, $token);
-		}
+		$this->session->set(AppConstants::SESSION_KEY_SHARE_TOKEN, $token);
 	}
 }

lib/Controller/ShareController.php

@@ -59,14 +59,6 @@ public function add(int $pollId, string $type, string $userId = '', string $disp
 		return $this->responseCreate(fn () => ['share' => $this->shareService->add($pollId, $type, $userId, $displayName, $emailAddress)]);
 	}
 
-	/**
-	 * Convert user to poll admin
-	 */
-	#[NoAdminRequired]
-	public function userToAdmin(string $token): JSONResponse {
-		return $this->responseCreate(fn () => ['share' => $this->shareService->setType($token, Share::TYPE_ADMIN)]);
-	}
-
 	/**
 	 * Change the contraints for email addresses in public polls
 	 */
@@ -93,6 +85,14 @@ public function adminToUser(string $token): JSONResponse {
 		return $this->responseCreate(fn () => ['share' => $this->shareService->setType($token, Share::TYPE_USER)]);
 	}
 
+	/**
+	 * Convert user to poll admin
+	 */
+	#[NoAdminRequired]
+	public function userToAdmin(string $token): JSONResponse {
+		return $this->responseCreate(fn () => ['share' => $this->shareService->setType($token, Share::TYPE_ADMIN)]);
+	}
+
 	/**
 	 * Set email address
 	 */

lib/Db/PollMapper.php

@@ -170,8 +170,9 @@ protected function buildQuery(): IQueryBuilder {
 		$qb = $this->db->getQueryBuilder();
 
 		$qb->select(self::TABLE . '.*')
+			// TODO: check if this is necessary, in case of empty table to avoid possibly nulled columns
+			// ->groupBy(self::TABLE . '.id')
 			->from($this->getTableName(), self::TABLE);
-
 		return $qb;
 	}
 

lib/Db/ShareMapper.php

@@ -26,6 +26,7 @@
 
 namespace OCA\Polls\Db;
 
+use Exception;
 use OCA\Polls\Exceptions\ShareNotFoundException;
 use OCA\Polls\Model\UserBase;
 use OCP\AppFramework\Db\DoesNotExistException;
@@ -56,28 +57,19 @@ public function __construct(
 	 * @psalm-return array<array-key, Share>
 	 */
 	public function findByPoll(int $pollId, bool $getDeleted = false): array {
-
 		$qb = $this->db->getQueryBuilder();
 
-		$qb->select('shares.*')
-			->from($this->getTableName(), 'shares')
-			->groupBy('shares.id')
-			->where($qb->expr()->eq('shares.poll_id', $qb->createNamedParameter($pollId, IQueryBuilder::PARAM_INT)))
-			->leftJoin(
-				'shares',
-				Vote::TABLE,
-				'votes',
-				$qb->expr()->andX(
-					$qb->expr()->eq('shares.poll_id', 'votes.poll_id'),
-					$qb->expr()->eq('shares.user_id', 'votes.user_id'),
-				)
-			)
-			->addSelect($qb->func()->count('votes.id', 'voted'));
+		$qb->select(self::TABLE . '.*')
+		->from($this->getTableName(), self::TABLE)
+			->groupBy(self::TABLE . '.id')
+			->where($qb->expr()->eq(self::TABLE . '.poll_id', $qb->createNamedParameter($pollId, IQueryBuilder::PARAM_INT)));
 
 		if (!$getDeleted) {
-			$qb->andWhere($qb->expr()->eq('shares' . '.deleted', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT)));
+			$qb->andWhere($qb->expr()->eq(self::TABLE . '.deleted', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT)));
 		}
 
+		$this->joinUserVoteCount($qb, self::TABLE);
+
 		return $this->findEntities($qb);
 	}
 
@@ -127,18 +119,20 @@ public function findByPollUnreminded(int $pollId, bool $getDeleted = false): arr
 	public function findByPollAndUser(int $pollId, string $userId, bool $findDeleted = false): Share {
 		$qb = $this->db->getQueryBuilder();
 
-		$qb->select('*')
-			->from($this->getTableName())
-			->where($qb->expr()->eq('poll_id', $qb->createNamedParameter($pollId, IQueryBuilder::PARAM_INT)))
-			->andWhere($qb->expr()->eq('user_id', $qb->createNamedParameter($userId, IQueryBuilder::PARAM_STR)));
+		$qb->select(self::TABLE . '.*')
+		->from($this->getTableName(), self::TABLE)
+			->where($qb->expr()->eq(self::TABLE . '.poll_id', $qb->createNamedParameter($pollId, IQueryBuilder::PARAM_INT)))
+			->andWhere($qb->expr()->eq(self::TABLE . '.user_id', $qb->createNamedParameter($userId, IQueryBuilder::PARAM_STR)))
+			->andWhere($qb->expr()->isNotNull(self::TABLE . '.id'));
 
 		if (!$findDeleted) {
-			$qb->andWhere($qb->expr()->eq('deleted', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT)));
+			$qb->andWhere($qb->expr()->eq(self::TABLE . '.deleted', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT)));
 		}
+		$this->joinUserVoteCount($qb, self::TABLE);
 
 		try {
 			return $this->findEntity($qb);
-		} catch (DoesNotExistException $e) {
+		} catch (Exception $e) {
 			throw new ShareNotFoundException("Share not found by userId and pollId");
 		}
 	}
@@ -165,13 +159,15 @@ public function getReplacement(int $pollId, string $userId): Share {
 	public function findByToken(string $token, bool $getDeleted = false): Share {
 		$qb = $this->db->getQueryBuilder();
 
-		$qb->select('*')
-			->from($this->getTableName())
-			->where($qb->expr()->eq('token', $qb->createNamedParameter($token, IQueryBuilder::PARAM_STR)));
+		$qb->select(self::TABLE . '.*')
+		->from($this->getTableName(), self::TABLE)
+			->where($qb->expr()->eq(self::TABLE . '.token', $qb->createNamedParameter($token, IQueryBuilder::PARAM_STR)));
 
-		// if (!$getDeleted) {
-		// 	$qb->andWhere($qb->expr()->eq('deleted', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT)));
-		// }
+		if (!$getDeleted) {
+			$qb->andWhere($qb->expr()->eq(self::TABLE . '.deleted', $qb->createNamedParameter(0, IQueryBuilder::PARAM_INT)));
+		}
+
+		$this->joinUserVoteCount($qb, self::TABLE);
 
 		try {
 			return $this->findEntity($qb);
@@ -205,4 +201,25 @@ public function purgeDeletedShares(int $offset): void {
 		$query->executeStatement();
 	}
 
+	/**
+	 * Joins votes count of the share user in the given poll
+	 */
+	protected function joinUserVoteCount(IQueryBuilder &$qb, string $fromAlias): void {
+		$joinAlias = 'votes';
+
+		$qb->addSelect($qb->func()->count($joinAlias . '.id', 'voted'));
+
+		$qb->leftJoin(
+			$fromAlias,
+			Vote::TABLE,
+			$joinAlias,
+			$qb->expr()->andX(
+				$qb->expr()->eq($fromAlias . '.poll_id', $joinAlias . '.poll_id'),
+				$qb->expr()->eq($fromAlias . '.user_id', $joinAlias . '.user_id'),
+			)
+		);
+		// avoid result with nulled columns
+		$qb->groupBy($fromAlias . '.id');
+	}
+
 }

lib/Db/UserMapper.php

@@ -25,6 +25,7 @@
 
 namespace OCA\Polls\Db;
 
+use Exception;
 use OCA\Polls\AppConstants;
 use OCA\Polls\Exceptions\InvalidShareTypeException;
 use OCA\Polls\Exceptions\ShareNotFoundException;
@@ -121,7 +122,7 @@ public function getParticipant(string $userId, ?int $pollId = null): UserBase {
 		}
 
 		try {
-			return $this->getUserFromUserBase($userId);
+			return $this->getUserFromUserBase($userId, $pollId);
 		} catch (UserNotFoundException $e) {
 			// just catch and continue if not found and try to find user by share;
 		}
@@ -169,9 +170,17 @@ public function getUserFromShare(Share $share): GenericUser|Email|User|ContactGr
 		);
 	}
 
-	public function getUserFromUserBase(string $userId): User {
+	public function getUserFromUserBase(string $userId, ?int $pollId = null): User {
 		$user = $this->userManager->get($userId);
 		if ($user instanceof IUser) {
+			try {
+				// check if we find a share, where the user got admin rights for the particular poll
+				if ($this->getShareByPollAndUser($userId, $pollId)->getType() === Share::TYPE_ADMIN) {
+					return new Admin($userId);
+				}
+			} catch (Exception $e) {
+				// silent catch
+			}
 			return new User($userId);
 		}
 		throw new UserNotFoundException();

lib/Model/Acl.php

@@ -173,14 +173,6 @@ public function getShare(): ?Share {
 
 		return $this->share;
 	}
-
-	private function verifyConstraints(): void {
-		if ($this->getToken()) {
-			$this->loadShare();
-		}
-		$this->getCurrentUser();
-		$this->loadPoll();
-	}
 
 	/**
 	 * load poll
@@ -201,34 +193,37 @@ private function loadPoll(): void {
 	}
 
 	/**
-	 * load share from db by session token or rely on cahced share
+	 * load share from db by session token or rely on cached share
 	 * If the share token has changed, the share gets loaded from the db,
 	 * the poll will get invalidated (set to null)
 	 * and the pollId will get set to the share's pollId
 	 */
 	private function loadShare(): void {
-		// if share is already cached, verify against session token
+		// no token in session, try to find a user, who matches
 		if (!$this->getToken()) {
 			if ($this->getCurrentUser()->getIsLoggedIn()) {
 				// search for logged in user's share, load it and return
 				$this->share = $this->shareMapper->findByPollAndUser($this->getPollId(), $this->getUserId());
 				// store share in session for further validations
-				$this->session->set(AppConstants::SESSION_KEY_SHARE_TOKEN, $this->share->getToken());
+				// $this->session->set(AppConstants::SESSION_KEY_SHARE_TOKEN, $this->share->getToken());
 				return;
 			} else {
+				$this->share = new Share();
 				// must fail, if no token is present and not logged in
 				throw new ShareNotFoundException('No token was set for ACL');
 			}
 		}
-
+		
+		// if share is already cached, verify against session token
 		if ($this->share?->getToken() === $this->getToken()) {
 			return;
 		}
 
 		$this->share = $this->shareMapper->findByToken((string) $this->getToken());
 
-		// ensure, the poll is reset
+		// ensure, poll and currentUser get reset
 		$this->poll = null;
+		$this->currentUser = null;
 
 		// set the poll id based on the share
 		$this->pollId = $this->share->getPollId();
@@ -278,7 +273,7 @@ public function getIsOwner(): bool {
 	}
 
 	public function getIsAllowed(string $permission, ?string $userId = null, ?int $pollId = null): bool|null {
-		$this->verifyConstraints();
+		// $this->verifyConstraints();
 		return match ($permission) {
 			self::PERMISSION_OVERRIDE => true,
 			self::PERMISSION_POLL_CREATE => $this->appSettings->getPollCreationAllowed(),

lib/Service/SubscriptionService.php

@@ -27,6 +27,7 @@
 
 use OCA\Polls\Db\Subscription;
 use OCA\Polls\Db\SubscriptionMapper;
+use OCA\Polls\Exceptions\ForbiddenException;
 use OCA\Polls\Model\Acl;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\DB\Exception;
@@ -42,37 +43,44 @@ public function __construct(
 	}
 
 	public function get(?int $pollId = null): bool {
-		$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_SUBSCRIBE);
 		try {
+			$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_SUBSCRIBE);
 			$this->subscriptionMapper->findByPollAndUser($this->acl->getPollId(), $this->acl->getUserId());
 			// Subscription exists
 			return true;
 		} catch (DoesNotExistException $e) {
 			return false;
+		} catch (ForbiddenException $e) {
+			return false;
 		}
 	}
 
-	public function set(bool $subscribed, ?int $pollId = null): bool {
-		$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_SUBSCRIBE);
-		if (!$subscribed) {
+	public function set(bool $setToSubscribed, ?int $pollId = null): bool {
+		if (!$setToSubscribed) {
+			// user wants to unsubscribe
 			try {
 				$subscription = $this->subscriptionMapper->findByPollAndUser($this->acl->getPollId(), $this->acl->getUserId());
 				$this->subscriptionMapper->delete($subscription);
 			} catch (DoesNotExistException $e) {
-				// catch silently (assume already unsubscribed)
+				// Not found, assume already unsubscribed
+				return false;
 			}
 		} else {
 			try {
+				$this->acl->setPollId($pollId, Acl::PERMISSION_POLL_SUBSCRIBE);
 				$this->add($this->acl->getPollId(), $this->acl->getUserId());
+			} catch (ForbiddenException $e) {
+				return false;
 			} catch (Exception $e) {
 				if ($e->getReason() === Exception::REASON_UNIQUE_CONSTRAINT_VIOLATION) {
-					// catch silently (assume already subscribed)
+					// Already subscribed
+					return true;
 				} else {
 					throw $e;
 				}
 			}
 		}
-		return $subscribed;
+		return $setToSubscribed;
 	}
 
 	private function add(int $pollId, string $userId): void {

psalm-baseline.xml

@@ -189,9 +189,6 @@
     <PossiblyUnusedMethod>
       <code>getReplacement</code>
     </PossiblyUnusedMethod>
-    <PossiblyUnusedParam>
-      <code>$getDeleted</code>
-    </PossiblyUnusedParam>
     <UnusedProperty>
       <code>$config</code>
     </UnusedProperty>

src/js/components/Configuration/ConfigAutoReminder.vue

@@ -28,11 +28,10 @@
 		<NcPopover :focus-trap="false">
 			<template #trigger>
 				<NcActions>
-					<NcActionButton>
+					<NcActionButton :name="t('polls', 'Autoreminder informations')">
 						<template #icon>
 							<InformationIcon />
 						</template>
-						{{ t('polls', 'Autoreminder informations') }}
 					</NcActionButton>
 				</NcActions>
 			</template>