refactor(user_status): Replace security annotations with respective attributes

Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-25 13:14:51 +07:00 · 2024-07-25 13:14:51 +07:00 · 8e655d46e9
parent 212a621697
commit 8e655d46e9
4 changed files with 14 additions and 20 deletions
--- a/apps/user_status/lib/Controller/HeartbeatController.php
+++ b/apps/user_status/lib/Controller/HeartbeatController.php
@ -13,6 +13,7 @@ use OCA\UserStatus\ResponseDefinitions;
 use OCA\UserStatus\Service\StatusService;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\AppFramework\Utility\ITimeFactory;
@ -55,8 +56,6 @@ class HeartbeatController extends OCSController {
 	/**
 	 * Keep the status alive
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string $status Only online, away
 	 *
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>|DataResponse<Http::STATUS_BAD_REQUEST|Http::STATUS_INTERNAL_SERVER_ERROR|Http::STATUS_NO_CONTENT, array<empty>, array{}>
@ -64,6 +63,7 @@ class HeartbeatController extends OCSController {
 	 * 204: User has no status to keep alive
 	 * 400: Invalid status to update
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'PUT', url: '/api/v1/heartbeat')]
 	public function heartbeat(string $status): DataResponse {
 		if (!\in_array($status, [IUserStatus::ONLINE, IUserStatus::AWAY], true)) {
--- a/apps/user_status/lib/Controller/PredefinedStatusController.php
+++ b/apps/user_status/lib/Controller/PredefinedStatusController.php
@ -12,6 +12,7 @@ use OCA\UserStatus\ResponseDefinitions;
 use OCA\UserStatus\Service\PredefinedStatusService;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCSController;
 use OCP\IRequest;
@ -43,12 +44,11 @@ class PredefinedStatusController extends OCSController {
 	/**
 	 * Get all predefined messages
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPredefined[], array{}>
 	 *
 	 * 200: Predefined statuses returned
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v1/predefined_statuses/')]
 	public function findAll():DataResponse {
 		// Filtering out the invisible one, that should only be set by API
--- a/apps/user_status/lib/Controller/StatusesController.php
+++ b/apps/user_status/lib/Controller/StatusesController.php
@ -14,6 +14,7 @@ use OCA\UserStatus\Service\StatusService;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSNotFoundException;
 use OCP\AppFramework\OCSController;
@ -46,14 +47,13 @@ class StatusesController extends OCSController {
 	/**
 	 * Find statuses of users
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param int|null $limit Maximum number of statuses to find
 	 * @param int|null $offset Offset for finding statuses
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPublic[], array{}>
 	 *
 	 * 200: Statuses returned
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v1/statuses')]
 	public function findAll(?int $limit = null, ?int $offset = null): DataResponse {
 		$allStatuses = $this->service->findAll($limit, $offset);
@ -66,14 +66,13 @@ class StatusesController extends OCSController {
 	/**
 	 * Find the status of a user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string $userId ID of the user
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPublic, array{}>
 	 * @throws OCSNotFoundException The user was not found
 	 *
 	 * 200: Status returned
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v1/statuses/{userId}')]
 	public function find(string $userId): DataResponse {
 		try {
--- a/apps/user_status/lib/Controller/UserStatusController.php
+++ b/apps/user_status/lib/Controller/UserStatusController.php
@ -20,6 +20,7 @@ use OCA\UserStatus\Service\StatusService;
 use OCP\AppFramework\Db\DoesNotExistException;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\Attribute\ApiRoute;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSBadRequestException;
 use OCP\AppFramework\OCS\OCSNotFoundException;
@ -46,13 +47,12 @@ class UserStatusController extends OCSController {
 	/**
 	 * Get the status of the current user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
 	 * @throws OCSNotFoundException The user was not found
 	 *
 	 * 200: The status was found successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'GET', url: '/api/v1/user_status')]
 	public function getStatus(): DataResponse {
 		try {
@ -68,14 +68,13 @@ class UserStatusController extends OCSController {
 	/**
 	 * Update the status type of the current user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string $statusType The new status type
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
 	 * @throws OCSBadRequestException The status type is invalid
 	 *
 	 * 200: The status was updated successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/status')]
 	public function setStatus(string $statusType): DataResponse {
 		try {
@ -92,8 +91,6 @@ class UserStatusController extends OCSController {
 	/**
 	 * Set the message to a predefined message for the current user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string $messageId ID of the predefined message
 	 * @param int|null $clearAt When the message should be cleared
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate, array{}>
@ -101,6 +98,7 @@ class UserStatusController extends OCSController {
 	 *
 	 * 200: The message was updated successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/message/predefined')]
 	public function setPredefinedMessage(string $messageId,
 		?int $clearAt): DataResponse {
@ -120,8 +118,6 @@ class UserStatusController extends OCSController {
 	/**
 	 * Set the message to a custom message for the current user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string|null $statusIcon Icon of the status
 	 * @param string|null $message Message of the status
 	 * @param int|null $clearAt When the message should be cleared
@ -130,6 +126,7 @@ class UserStatusController extends OCSController {
 	 *
 	 * 200: The message was updated successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'PUT', url: '/api/v1/user_status/message/custom')]
 	public function setCustomMessage(?string $statusIcon,
 		?string $message,
@ -158,12 +155,11 @@ class UserStatusController extends OCSController {
 	/**
 	 * Clear the message of the current user
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @return DataResponse<Http::STATUS_OK, array<empty>, array{}>
 	 *
 	 * 200: Message cleared successfully
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'DELETE', url: '/api/v1/user_status/message')]
 	public function clearMessage(): DataResponse {
 		$this->service->clearMessage($this->userId);
@ -173,14 +169,13 @@ class UserStatusController extends OCSController {
 	/**
 	 * Revert the status to the previous status
 	 *
-	 * @NoAdminRequired
-	 *
 	 * @param string $messageId ID of the message to delete
 	 *
 	 * @return DataResponse<Http::STATUS_OK, UserStatusPrivate|array<empty>, array{}>
 	 *
 	 * 200: Status reverted
 	 */
+	#[NoAdminRequired]
 	#[ApiRoute(verb: 'DELETE', url: '/api/v1/user_status/revert/{messageId}')]
 	public function revertStatus(string $messageId): DataResponse {
 		$backupStatus = $this->service->revertUserStatus($this->userId, $messageId, true);