Only expose storage location to admins

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
nextcloud · Jan 11, 2023 · 0d3945f · 0d3945f
1 parent 8393ae2
commit 0d3945f
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 13 deletions.
diff --git a/apps/provisioning_api/lib/Controller/AUserData.php b/apps/provisioning_api/lib/Controller/AUserData.php
@@ -117,6 +117,15 @@ protected function getUserData(string $userId, bool $includeScopes = false): arr
 		if ($this->groupManager->isAdmin($currentLoggedInUser->getUID())
 			|| $this->groupManager->getSubAdmin()->isUserAccessible($currentLoggedInUser, $targetUserObject)) {
 			$data['enabled'] = $this->config->getUserValue($targetUserObject->getUID(), 'core', 'enabled', 'true') === 'true';
+
+			try {
+				# might be thrown by LDAP due to handling of users disappears
+				# from the external source (reasons unknown to us)
+				# cf. https://github.com/nextcloud/server/issues/12991
+				$data['storageLocation'] = $targetUserObject->getHome();
+			} catch (NoUserException $e) {
+				throw new OCSNotFoundException($e->getMessage(), $e);
+			}
 		} else {
 			// Check they are looking up themselves
 			if ($currentLoggedInUser->getUID() !== $targetUserObject->getUID()) {
@@ -132,15 +141,6 @@ protected function getUserData(string $userId, bool $includeScopes = false): arr
 			$gids[] = $group->getGID();
 		}
 
-		try {
-			# might be thrown by LDAP due to handling of users disappears
-			# from the external source (reasons unknown to us)
-			# cf. https://github.com/nextcloud/server/issues/12991
-			$data['storageLocation'] = $targetUserObject->getHome();
-		} catch (NoUserException $e) {
-			throw new OCSNotFoundException($e->getMessage(), $e);
-		}
-
 		// Find the data
 		$data['id'] = $targetUserObject->getUID();
 		$data['lastLogin'] = $targetUserObject->getLastLogin() * 1000;

diff --git a/apps/provisioning_api/tests/Controller/UsersControllerTest.php b/apps/provisioning_api/tests/Controller/UsersControllerTest.php
@@ -1349,9 +1349,8 @@ public function testGetUserDataAsSubAdminSelfLookup() {
 			->method('getUID')
 			->willReturn('UID');
 		$targetUser
-			->expects($this->once())
-			->method('getHome')
-			->willReturn('/var/www/newtcloud/data/UID');
+			->expects($this->never())
+			->method('getHome');
 		$targetUser
 			->expects($this->once())
 			->method('getLastLogin')
@@ -1385,7 +1384,6 @@ public function testGetUserDataAsSubAdminSelfLookup() {
 
 		$expected = [
 			'id' => 'UID',
-			'storageLocation' => '/var/www/newtcloud/data/UID',
 			'lastLogin' => 1521191471000,
 			'backend' => 'Database',
 			'subadmin' => [],