From 1b520caeec87d6fe202d96e0513f6c23dd39f316 Mon Sep 17 00:00:00 2001 From: zak39 Date: Fri, 19 Dec 2025 16:45:14 +0100 Subject: [PATCH] fix(ocs): Return 403 status when adding user to subgroup outside target workspace via OCS API OP#4421 RM#3477 --- lib/Controller/WorkspaceApiOcsController.php | 6 ++- openapi.json | 40 ++++++++++++++++++-- 2 files changed, 40 insertions(+), 6 deletions(-) diff --git a/lib/Controller/WorkspaceApiOcsController.php b/lib/Controller/WorkspaceApiOcsController.php index 813d758f..7ce872f8 100644 --- a/lib/Controller/WorkspaceApiOcsController.php +++ b/lib/Controller/WorkspaceApiOcsController.php @@ -46,6 +46,7 @@ use OCP\AppFramework\Http\Response; use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\AppFramework\OCS\OCSException; +use OCP\AppFramework\OCS\OCSForbiddenException; use OCP\AppFramework\OCS\OCSNotFoundException; use OCP\AppFramework\OCSController; use OCP\IGroupManager; @@ -567,10 +568,11 @@ public function removeUsersFromGroup(int $id, string $gid, array $uids): DataRes * @param int $id Represents the ID of the workspace * @param string $gid The subgroup id * @param list $uids Represents the user uids to add to the subgroup - * @return DataResponse|DataResponse + * @return DataResponse|DataResponse|DataResponse * @throws OCSException for all unknown errors * * 200: Users added in subgroup successfully + * 403: Target group does not belong to the workspace * 404: Subgroup with this id does not exist */ #[OpenAPI(tags: ['workspace-users'])] @@ -597,7 +599,7 @@ public function addUsersToGroup(int $id, string $gid, array $uids): Response { $spacename = $workspace['name']; if (!in_array($gid, $gids)) { - throw new OCSException("Group {$gid} does not belongs to the {$spacename} workspace."); + throw new OCSForbiddenException("Group {$gid} does not belongs to the {$spacename} workspace."); } $group = $this->groupManager->get($gid); if ($group === null) { diff --git a/openapi.json b/openapi.json index 6770a6e8..1087e8e4 100644 --- a/openapi.json +++ b/openapi.json @@ -234,7 +234,7 @@ "/ocs/v2.php/apps/workspace/api/v1/spaces": { "get": { "operationId": "workspace_api_ocs-find-all", - "summary": "Return the first 30 workspaces (optional filtering by name)", + "summary": "Return the first 25 workspaces (optional filtering by name)", "tags": [ "workspace" ], @@ -257,13 +257,14 @@ } }, { - "name": "page", + "name": "offset", "in": "query", "description": "Optional page number for pagination", "schema": { "type": "integer", "format": "int64", - "nullable": true + "nullable": true, + "default": null } }, { @@ -273,7 +274,8 @@ "schema": { "type": "integer", "format": "int64", - "nullable": true + "nullable": true, + "default": null } }, { @@ -2011,6 +2013,36 @@ } } }, + "403": { + "description": "Target group does not belong to the workspace", + "content": { + "application/json": { + "schema": { + "type": "object", + "required": [ + "ocs" + ], + "properties": { + "ocs": { + "type": "object", + "required": [ + "meta", + "data" + ], + "properties": { + "meta": { + "$ref": "#/components/schemas/OCSMeta" + }, + "data": { + "nullable": true + } + } + } + } + } + } + } + }, "401": { "description": "Current user is not logged in", "content": {