Respect user enumeration settings on profile

Signed-off-by: Christopher Ng <chrng8@gmail.com>

core/Controller/ProfilePageController.php

@@ -26,14 +26,17 @@
 
 namespace OC\Core\Controller;
 
+use OC\KnownUser\KnownUserService;
+use OC\Profile\ProfileManager;
 use OCP\Accounts\IAccountManager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Services\IInitialState;
+use OCP\IGroupManager;
 use OCP\IRequest;
 use OCP\IUserManager;
 use OCP\IUserSession;
-use OC\Profile\ProfileManager;
+use OCP\Share\IManager as IShareManager;
 use OCP\UserStatus\IManager as IUserStatusManager;
 
 class ProfilePageController extends Controller {
@@ -48,6 +51,15 @@ class ProfilePageController extends Controller {
 	/** @var ProfileManager */
 	private $profileManager;
 
+	/** @var IShareManager */
+	private $shareManager;
+
+	/** @var IGroupManager */
+	private $groupManager;
+
+	/** @var KnownUserService */
+	private $knownUserService;
+
 	/** @var IUserManager */
 	private $userManager;
 
@@ -63,6 +75,9 @@ public function __construct(
 		IInitialState $initialStateService,
 		IAccountManager $accountManager,
 		ProfileManager $profileManager,
+		IShareManager $shareManager,
+		IGroupManager $groupManager,
+		KnownUserService $knownUserService,
 		IUserManager $userManager,
 		IUserSession $userSession,
 		IUserStatusManager $userStatusManager
@@ -71,6 +86,9 @@ public function __construct(
 		$this->initialStateService = $initialStateService;
 		$this->accountManager = $accountManager;
 		$this->profileManager = $profileManager;
+		$this->shareManager = $shareManager;
+		$this->groupManager = $groupManager;
+		$this->knownUserService = $knownUserService;
 		$this->userManager = $userManager;
 		$this->userSession = $userSession;
 		$this->userStatusManager = $userStatusManager;
@@ -83,26 +101,51 @@ public function __construct(
 	 * @NoSubAdminRequired
 	 */
 	public function index(string $targetUserId): TemplateResponse {
+		$profileNotFoundTemplate = new TemplateResponse(
+			'core',
+			'404-profile',
+			[],
+			TemplateResponse::RENDER_AS_GUEST,
+		);
+
 		if (!$this->userManager->userExists($targetUserId)) {
-			return new TemplateResponse(
-				'core',
-				'404-profile',
-				[],
-				TemplateResponse::RENDER_AS_GUEST,
-			);
+			return $profileNotFoundTemplate;
 		}
 
 		$visitingUser = $this->userSession->getUser();
 		$targetUser = $this->userManager->get($targetUserId);
 		$targetAccount = $this->accountManager->getAccount($targetUser);
 
 		if (!$this->isProfileEnabled($targetAccount)) {
-			return new TemplateResponse(
-				'core',
-				'404-profile',
-				[],
-				TemplateResponse::RENDER_AS_GUEST,
-			);
+			return $profileNotFoundTemplate;
+		}
+
+		// Run user enumeration checks only if viewing another user's profile
+		if ($targetUser !== $visitingUser) {
+			if (!$this->shareManager->allowEnumeration()) {
+				return $profileNotFoundTemplate;
+			} else {
+				if ($this->shareManager->limitEnumerationToGroups() || $this->shareManager->limitEnumerationToPhone()) {
+					$targerUserGroupIds = $this->groupManager->getUserGroupIds($targetUser);
+					$visitingUserGroupIds = $this->groupManager->getUserGroupIds($visitingUser);
+					if ($this->shareManager->limitEnumerationToGroups() && $this->shareManager->limitEnumerationToPhone()) {
+						if (
+							empty(array_intersect($targerUserGroupIds, $visitingUserGroupIds))
+							&& !$this->knownUserService->isKnownToUser($targetUser->getUID(), $visitingUser->getUID())
+						) {
+							return $profileNotFoundTemplate;
+						}
+					} elseif ($this->shareManager->limitEnumerationToGroups()) {
+						if (empty(array_intersect($targerUserGroupIds, $visitingUserGroupIds))) {
+							return $profileNotFoundTemplate;
+						}
+					} elseif ($this->shareManager->limitEnumerationToPhone()) {
+						if (!$this->knownUserService->isKnownToUser($targetUser->getUID(), $visitingUser->getUID())) {
+							return $profileNotFoundTemplate;
+						};
+					}
+				}
+			}
 		}
 
 		$userStatuses = $this->userStatusManager->getUserStatuses([$targetUserId]);