Remove deleted groups from app restrictions fixes #15823

Signed-off-by: Greta Doci <[email protected]>

Author: GretaD

lib/base.php

@@ -717,6 +717,7 @@ public static function init() {
 		self::registerEncryptionHooks();
 		self::registerAccountHooks();
 		self::registerResourceCollectionHooks();
+		self::registerAppRestrictionsHooks();
 
 		// Make sure that the application class is not loaded before the database is setup
 		if ($systemConfig->getValue("installed", false)) {
@@ -848,6 +849,30 @@ private static function registerAccountHooks() {
 		\OCP\Util::connectHook('OC_User', 'changeUser', $hookHandler, 'changeUserHook');
 	}
 
+	private static function registerAppRestrictionsHooks() {
+		$groupManager = self::$server->query(\OCP\IGroupManager::class);
+		$groupManager->listen ('\OC\Group', 'postDelete', function (\OCP\IGroup $group) {
+			$appManager = self::$server->getAppManager();
+			$apps = $appManager->getEnabledAppsForGroups($group);
+			foreach ($apps as $appId) {
+				$restrictions = $appManager->getAppRestriction($appId);
+				if ($restrictions === null) {
+					continue;
+				}
+				$key = array_search($group->getGID(), $restrictions);
+				unset($restrictions[$key]);
+				$restrictions = array_values($restrictions);
+				if (empty($restrictions)) {
+					$appManager->disableApp($appId);
+				}
+				else{
+					$appManager->enableAppForGroups($appId, $restrictions);
+				}
+
+			}
+		});
+	}
+
 	private static function registerResourceCollectionHooks() {
 		\OC\Collaboration\Resources\Listener::register(\OC::$server->getEventDispatcher());
 	}

lib/private/App/AppManager.php

@@ -37,6 +37,7 @@
 use OCP\App\IAppManager;
 use OCP\App\ManagerEvent;
 use OCP\ICacheFactory;
+use OCP\IGroup;
 use OCP\IGroupManager;
 use OCP\IUser;
 use OCP\IUserSession;
@@ -148,6 +149,27 @@ public function getEnabledAppsForUser(IUser $user) {
 		return array_keys($appsForUser);
 	}
 
+	/**
+	 * @param \OCP\IGroup $group
+	 * @return array
+	 */
+	public function getEnabledAppsForGroups(IGroup $group): array {
+		$apps = $this->getInstalledAppsValues();
+		$appsForGroups = array_filter($apps, function ($enabled) use ($group) {
+			return $this->checkAppForGroups($enabled, $group);
+		});
+		return array_keys($appsForGroups);
+	}
+	public function getAppRestriction(string $appId): array {
+		$values = $this->getInstalledAppsValues();
+
+		if ($values[$appname] === 'yes' || $values[$appname] === 'no') {
+			return [];
+		}
+	return json_decode($values[$appname]);
+	}
+
+
 	/**
 	 * Check if an app is enabled for user
 	 *
@@ -203,6 +225,33 @@ private function checkAppForUser($enabled, $user) {
 		}
 	}
 
+	/**
+	 * @param string $enabled
+	 * @param IGroup $group
+	 * @return bool
+	 */
+	private function checkAppForGroups(string $enabled, IGroup $group): bool {
+		if ($enabled === 'yes') {
+			return true;
+		} elseif ($group === null) {
+			return false;
+		} else {
+			if (empty($enabled)) {
+				return false;
+			}
+
+			$groupIds = json_decode($enabled);
+
+			if (!is_array($groupIds)) {
+				$jsonError = json_last_error();
+				\OC::$server->getLogger()->warning('AppManger::checkAppForUser - can\'t decode group IDs: ' . print_r($enabled, true) . ' - json error code: ' . $jsonError, ['app' => 'lib']);
+				return false;
+			}
+
+			return in_array($group->getGID(), $groupIds);
+		}
+	}
+
 	/**
 	 * Check if an app is enabled in the instance
 	 *
@@ -268,16 +317,22 @@ public function enableAppForGroups($appId, $groups) {
 
 		$groupIds = array_map(function ($group) {
 			/** @var \OCP\IGroup $group */
-			return $group->getGID();
+			return ($group instanceof IGroup)
+				? $group->getGID()
+				: $group;
 		}, $groups);
+
 		$this->installedAppsCache[$appId] = json_encode($groupIds);
 		$this->appConfig->setValue($appId, 'enabled', json_encode($groupIds));
 		$this->dispatcher->dispatch(ManagerEvent::EVENT_APP_ENABLE_FOR_GROUPS, new ManagerEvent(
 			ManagerEvent::EVENT_APP_ENABLE_FOR_GROUPS, $appId, $groups
 		));
 		$this->clearAppsCache();
+
+
 	}
 
+
 	/**
 	 * Disable an app for every user
 	 *

lib/public/App/IAppManager.php

@@ -158,4 +158,18 @@ public function isShipped($appId);
 	 * @since 9.0.0
 	 */
 	public function getAlwaysEnabledApps();
+
+	/**
+	 * @param \OCP\IGroup $group
+	 * @return String[]
+	 * @since 17.0.0
+	 */
+	public function getEnabledAppsForGroups(IGroup $group): string;
+
+	/**
+	 * @param String $appId
+	 * @return string[]
+	 * @since 17.0.0
+	 */
+	public function getAppRestriction(string $appId): array;
 }