casraf/nextcloud-forum
1
0
Fork 0
mirror of https://github.com/chenasraf/nextcloud-forum.git synced 2026-05-17 17:28:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: don't require forum admin permissions for global admin endpoints

Browse Source
This commit is contained in:
Chen Asraf
2026-01-26 12:11:13 +02:00
parent c8d39a4c71
commit 66e03c3a5d
4 changed files with 9877 additions and 340 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
lib/Controller/AdminController.php
View File

@@ -242,8 +242,6 @@ class AdminController extends OCSController {
*
* 200: Seeds repaired successfully
*/
#[NoAdminRequired]
#[RequirePermission('canAccessAdminTools')]
#[ApiRoute(verb: 'POST', url: '/api/admin/repair-seeds')]
public function repairSeeds(): DataResponse {
try {
@@ -301,8 +299,6 @@ class AdminController extends OCSController {
*
* 200: Roles list returned
*/
#[NoAdminRequired]
#[RequirePermission('canAccessAdminTools')]
#[ApiRoute(verb: 'GET', url: '/api/admin/roles')]
public function getRoles(): DataResponse {
try {
@@ -328,8 +324,6 @@ class AdminController extends OCSController {
*
* 200: Role assigned successfully
*/
#[NoAdminRequired]
#[RequirePermission('canAccessAdminTools')]
#[ApiRoute(verb: 'POST', url: '/api/admin/users/{userId}/roles')]
public function assignRole(string $userId, int $roleId): DataResponse {
try {

414
openapi-administration.json Normal file
View File

@@ -0,0 +1,414 @@
{
"openapi": "3.0.3",
"info": {
"title": "forum-administration",
"version": "0.0.1",
"description": "A community-driven forum built right into your Nextcloud instance",
"license": {
"name": "agpl"
}
},
"components": {
"securitySchemes": {
"basic_auth": {
"type": "http",
"scheme": "basic"
},
"bearer_auth": {
"type": "http",
"scheme": "bearer"
}
},
"schemas": {
"OCSMeta": {
"type": "object",
"required": ["status", "statuscode"],
"properties": {
"status": {
"type": "string"
},
"statuscode": {
"type": "integer"
},
"message": {
"type": "string"
},
"totalitems": {
"type": "string"
},
"itemsperpage": {
"type": "string"
}
}
}
}
},
"paths": {
"/ocs/v2.php/apps/forum/api/admin/repair-seeds": {
"post": {
"operationId": "admin-repair-seeds",
"summary": "Run the repair seeds command to restore default forum data",
"description": "This endpoint requires admin access",
"tags": ["admin"],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Seeds repaired successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": ["ocs"],
"properties": {
"ocs": {
"type": "object",
"required": ["meta", "data"],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {
"type": "object",
"required": ["success", "message"],
"properties": {
"success": {
"type": "boolean"
},
"message": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"401": {
"description": "Current user is not logged in",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": ["ocs"],
"properties": {
"ocs": {
"type": "object",
"required": ["meta", "data"],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
},
"403": {
"description": "Logged in account must be an admin",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": ["ocs"],
"properties": {
"ocs": {
"type": "object",
"required": ["meta", "data"],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/apps/forum/api/admin/roles": {
"get": {
"operationId": "admin-get-roles",
"summary": "Get all available roles",
"description": "This endpoint requires admin access",
"tags": ["admin"],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Roles list returned",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": ["ocs"],
"properties": {
"ocs": {
"type": "object",
"required": ["meta", "data"],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {
"type": "object",
"required": ["roles"],
"properties": {
"roles": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": {
"type": "object"
}
}
}
}
}
}
}
}
}
}
}
},
"401": {
"description": "Current user is not logged in",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": ["ocs"],
"properties": {
"ocs": {
"type": "object",
"required": ["meta", "data"],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
},
"403": {
"description": "Logged in account must be an admin",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": ["ocs"],
"properties": {
"ocs": {
"type": "object",
"required": ["meta", "data"],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/apps/forum/api/admin/users/{userId}/roles": {
"post": {
"operationId": "admin-assign-role",
"summary": "Assign a role to a user",
"description": "This endpoint requires admin access",
"tags": ["admin"],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": ["roleId"],
"properties": {
"roleId": {
"type": "integer",
"format": "int64",
"description": "The role ID to assign"
}
}
}
}
}
},
"parameters": [
{
"name": "userId",
"in": "path",
"description": "The user ID",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Role assigned successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": ["ocs"],
"properties": {
"ocs": {
"type": "object",
"required": ["meta", "data"],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {
"type": "object",
"required": ["success", "message"],
"properties": {
"success": {
"type": "boolean"
},
"message": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"401": {
"description": "Current user is not logged in",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": ["ocs"],
"properties": {
"ocs": {
"type": "object",
"required": ["meta", "data"],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
},
"403": {
"description": "Logged in account must be an admin",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": ["ocs"],
"properties": {
"ocs": {
"type": "object",
"required": ["meta", "data"],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
}
},
"tags": [
{
"name": "forum_user",
"description": "Controller for forum users Note: Forum users are automatically created on first post/thread"
}
]
}

9463
openapi-full.json Normal file
View File

File diff suppressed because it is too large Load Diff

334
openapi.json
View File

@@ -454,340 +454,6 @@
}
}
},
"/ocs/v2.php/apps/forum/api/admin/repair-seeds": {
"post": {
"operationId": "admin-repair-seeds",
"summary": "Run the repair seeds command to restore default forum data",
"tags": [
"admin"
],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Seeds repaired successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {
"type": "object",
"required": [
"success",
"message"
],
"properties": {
"success": {
"type": "boolean"
},
"message": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"401": {
"description": "Current user is not logged in",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/apps/forum/api/admin/roles": {
"get": {
"operationId": "admin-get-roles",
"summary": "Get all available roles",
"tags": [
"admin"
],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"parameters": [
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Roles list returned",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {
"type": "object",
"required": [
"roles"
],
"properties": {
"roles": {
"type": "array",
"items": {
"type": "object",
"additionalProperties": {
"type": "object"
}
}
}
}
}
}
}
}
}
}
}
},
"401": {
"description": "Current user is not logged in",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/apps/forum/api/admin/users/{userId}/roles": {
"post": {
"operationId": "admin-assign-role",
"summary": "Assign a role to a user",
"tags": [
"admin"
],
"security": [
{
"bearer_auth": []
},
{
"basic_auth": []
}
],
"requestBody": {
"required": true,
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"roleId"
],
"properties": {
"roleId": {
"type": "integer",
"format": "int64",
"description": "The role ID to assign"
}
}
}
}
}
},
"parameters": [
{
"name": "userId",
"in": "path",
"description": "The user ID",
"required": true,
"schema": {
"type": "string"
}
},
{
"name": "OCS-APIRequest",
"in": "header",
"description": "Required to be true for the API request to pass",
"required": true,
"schema": {
"type": "boolean",
"default": true
}
}
],
"responses": {
"200": {
"description": "Role assigned successfully",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {
"type": "object",
"required": [
"success",
"message"
],
"properties": {
"success": {
"type": "boolean"
},
"message": {
"type": "string"
}
}
}
}
}
}
}
}
}
},
"401": {
"description": "Current user is not logged in",
"content": {
"application/json": {
"schema": {
"type": "object",
"required": [
"ocs"
],
"properties": {
"ocs": {
"type": "object",
"required": [
"meta",
"data"
],
"properties": {
"meta": {
"$ref": "#/components/schemas/OCSMeta"
},
"data": {}
}
}
}
}
}
}
}
}
}
},
"/ocs/v2.php/apps/forum/api/admin/users/{userId}/roles/{roleId}": {
"delete": {
"operationId": "admin-remove-role",