240 lines
7.3 KiB
Bash
240 lines
7.3 KiB
Bash
#!/bin/sh -e
|
|
# __nextcloud_user/gencode-remote
|
|
|
|
|
|
# Call the nextcloud occ script as the designed user. Maybe this can be a bit
|
|
# more effictive with user switching, but currently the easiest way of doing
|
|
# it.
|
|
#
|
|
# All arguments are directly passed to occ (injection alarm ;-) )
|
|
occ() {
|
|
# su creates a new shell, so it does not affect the current session
|
|
# will not use -q as it supresses errors, too
|
|
cat << SHELL
|
|
su -s /bin/sh -l "$www_user" -- -e <<'SU'
|
|
cd '$cloud' && php occ --no-interaction --no-ansi $@
|
|
SU
|
|
SHELL
|
|
}
|
|
|
|
# Creates the output for the nextcloud command to create a user. Takes all
|
|
# required parameters from existing variables.
|
|
occ_create() {
|
|
cat <<SHELL
|
|
su -s /bin/sh -l "$www_user" -- -e <<SU
|
|
cd '$cloud'
|
|
SHELL
|
|
create_args=""
|
|
|
|
if [ -f "$__object/parameter/password" ]; then
|
|
printf "export OC_PASS='%s'\n" "$(cat "$__object/parameter/password")"
|
|
create_args="$create_args --password-from-env"
|
|
fi
|
|
if [ -f "$__object/parameter/displayname" ]; then
|
|
create_args="$create_args --display-name '$(cat "$__object/parameter/displayname")'"
|
|
fi
|
|
|
|
# groups
|
|
if [ -f "$__object/parameter/group" ]; then
|
|
while read -r GROUP; do
|
|
create_args="$create_args --group '$GROUP'"
|
|
done < "$__object/parameter/group"
|
|
fi
|
|
|
|
cat <<SHELL
|
|
php occ --no-interaction --no-ansi user:add $create_args -- '$user'
|
|
SU
|
|
SHELL
|
|
|
|
# add email if set - not doable via the create command
|
|
if [ -f "$__object/parameter/email" ]; then
|
|
occ user:setting -- "'$user'" settings email "'$(cat "$__object/parameter/email")'"
|
|
fi
|
|
|
|
# save that use user will be created and no further steps are required
|
|
occ_created="yes"
|
|
}
|
|
|
|
# Checks if the key-value exists on the remote side. Only matches first-level
|
|
# parameters; not checking deeper levers.
|
|
#
|
|
# Arguments:
|
|
# 1: the key
|
|
# 2: the value
|
|
#
|
|
# Return-Code:
|
|
# 0: matched the key-value
|
|
# 1: not matched
|
|
match_param() {
|
|
# first level intend two spaces
|
|
if grep -q -Fx " - $1: $2" "$__object/explorer/user"; then
|
|
return 0
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
|
|
# Get parameters
|
|
user="$__object/parameter/user"
|
|
if [ -f "$user" ]; then
|
|
user="$(cat "$user")"
|
|
else
|
|
user="$__object_id"
|
|
fi
|
|
if [ -s "$__object/explorer/user" ]; then
|
|
if match_param enabled true; then
|
|
state_is="enabled"
|
|
else
|
|
state_is="disabled"
|
|
fi
|
|
else
|
|
state_is="absent"
|
|
fi
|
|
|
|
state_should="$(cat "$__object/parameter/state")"
|
|
cloud="$(cat "$__object/parameter/cloud")"
|
|
www_user="$(cat "$__object/parameter/www-user")"
|
|
|
|
|
|
# Check if the state changes
|
|
if [ "$state_is" != "$state_should" ]; then
|
|
# check what to do
|
|
case "$state_should" in
|
|
enabled)
|
|
if [ "$state_is" = "disabled" ]; then
|
|
occ user:enable "'$user'"
|
|
echo enabled >> "$__messages_out"
|
|
else
|
|
occ_create
|
|
echo created >> "$__messages_out"
|
|
fi
|
|
;;
|
|
|
|
disabled)
|
|
if [ "$state_is" = "absent" ]; then
|
|
occ_create
|
|
echo created >> "$__messages_out"
|
|
fi
|
|
|
|
occ user:disable "'$user'"
|
|
echo disabled >> "$__messages_out"
|
|
;;
|
|
|
|
present)
|
|
if [ "$state_is" = "absent" ]; then
|
|
occ_create
|
|
echo created >> "$__messages_out"
|
|
fi
|
|
# else, everything is ok
|
|
;;
|
|
|
|
absent)
|
|
occ user:delete "'$user'"
|
|
echo removed >> "$__messages_out"
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
|
|
# Check if some user configuration should be changed
|
|
# do not run this code if the user will be created in the previous code
|
|
if [ "$state_should" != "absent" ] && [ "$occ_created" != "yes" ]; then
|
|
# Check if the display name is correct if someone is set
|
|
if [ -f "$__object/parameter/displayname" ]; then
|
|
displayname="$(cat "$__object/parameter/displayname")"
|
|
if ! match_param display_name "$displayname"; then
|
|
cat <<SHELL
|
|
su -s /bin/sh -l "$www_user" -- -e <<'SU'
|
|
cd '$cloud'
|
|
php -r 'define("OC_CONSOLE",1); require_once(__DIR__."/lib/base.php");
|
|
\\OC::\$server->getUserSession()->getManager()->get("$user")->setDisplayName("$displayname")
|
|
or die("Couldn'\''t modify $user display name! Maybe unsupported or already set ..".PHP_EOL);'
|
|
SU
|
|
SHELL
|
|
fi
|
|
fi
|
|
|
|
# Check if the email address is correct
|
|
if [ -f "$__object/parameter/email" ]; then
|
|
email="$(cat "$__object/parameter/email")"
|
|
if ! match_param email "$email"; then
|
|
occ user:setting -- "'$user'" settings email "'$email'"
|
|
fi
|
|
else
|
|
# remove if it doesn't exist
|
|
if ! match_param email ""; then
|
|
occ user:setting --delete -- "'$user'" settings email
|
|
fi
|
|
fi
|
|
|
|
# Check state of the password
|
|
# explorer handles missing passwords already
|
|
if [ "$(cat "$__object/explorer/password")" = "mismatched" ]; then
|
|
cat <<SHELL
|
|
su -s /bin/sh -l "$www_user" -- -e <<'SU'
|
|
cd '$cloud'
|
|
export OC_PASS='$(cat "$__object/parameter/password")'
|
|
php occ --no-interaction --no-ansi user:resetpassword --password-from-env -- '$user'
|
|
SU
|
|
SHELL
|
|
fi
|
|
|
|
|
|
# Handle the user groups
|
|
# extract all groups set by remote
|
|
mkdir -p "$__object/files"
|
|
# check the spaces before the value to match all sub-categories
|
|
awk '/^ -/{start=0} start{print $2} $0 == " - groups:"{start=1}' \
|
|
"$__object/explorer/user" > "$__object/files/explorer_groups"
|
|
|
|
# Add/Remove groups not set via the parameter
|
|
if [ -s "$__object/parameter/group" ]; then
|
|
# Get all groups to remove
|
|
grep -Fxv -f "$__object/parameter/group" \
|
|
"$__object/files/explorer_groups" > "$__object/files/group.del" || true
|
|
# Get all groups to add
|
|
grep -Fxv -f "$__object/files/explorer_groups" \
|
|
"$__object/parameter/group" > "$__object/files/group.add" || true
|
|
|
|
# No user groups at all if nothing wanted by the user
|
|
else
|
|
# remove all groups to stay inline with the user parameter
|
|
cp "$__object/files/explorer_groups" "$__object/files/group.del"
|
|
fi
|
|
|
|
# Remove all groups not exist anymore
|
|
if [ -s "$__object/files/group.del" ]; then
|
|
while read -r GROUP; do
|
|
cat <<SHELL
|
|
su -s /bin/sh -l "$www_user" -- -e <<'SU'
|
|
cd '$cloud'
|
|
php -r 'define("OC_CONSOLE",1); require_once(__DIR__."/lib/base.php");
|
|
\$group = \\OC::\$server->getGroupManager()->get("$GROUP");
|
|
\$user = \\OC::\$server->getUserSession()->getManager()->get("$user");
|
|
if (\$group === NULL || \$user === NULL)
|
|
die("Can'\''t delete $user from group $GROUP! User or group doesn'\''t exist in nextcloud!".PHP_EOL);
|
|
\$group->removeUser(\$user);'
|
|
SU
|
|
SHELL
|
|
done < "$__object/files/group.del"
|
|
fi
|
|
|
|
# Add all existing groups
|
|
if [ -s "$__object/files/group.add" ]; then
|
|
while read -r GROUP; do
|
|
cat <<SHELL
|
|
su -s /bin/sh -l "$www_user" -- -e <<'SU'
|
|
cd '$cloud'
|
|
php -r 'define("OC_CONSOLE",1); require_once(__DIR__."/lib/base.php");
|
|
\$group = \\OC::\$server->getGroupManager()->get("$GROUP");
|
|
\$user = \\OC::\$server->getUserSession()->getManager()->get("$user");
|
|
if (\$group === NULL || \$user === NULL)
|
|
die("Can'\''t delete $user from group $GROUP! User or group doesn'\''t exist in nextcloud!".PHP_EOL);
|
|
\$group->addUser(\$user);'
|
|
SU
|
|
SHELL
|
|
done < "$__object/files/group.add"
|
|
fi
|
|
fi
|