Settings "delete" action: accept multiple values parameters [] for users, workspaces, groups and roles.

Author: cdujeu

core/src/plugins/access.ajxp_conf/src/RepositoriesManager.php

@@ -718,15 +718,26 @@ public function delete(ServerRequestInterface $requestInterface, ResponseInterfa
         $mess = LocaleService::getMessages();
         $httpVars = $requestInterface->getParsedBody();
 
-        $repId        = InputFilter::sanitize(isSet($httpVars["workspaceId"]) ? $httpVars["workspaceId"] : $httpVars["repository_id"]);
-        $repo         = RepositoryService::findRepositoryByIdOrAlias($repId);
-        if(!is_object($repo)){
-            $res = -1;
-        }else{
-            $res = RepositoryService::deleteRepository($repId);
+        $repositories = "";
+        if(isSet($httpVars["repository_id"])) $repositories = $httpVars["repository_id"];
+        else if(isSet($httpVars["workspaceId"])) $repositories = $httpVars["workspaceId"];
+        if(!is_array($repositories)){
+            $repositories = [$repositories];
         }
-        if ($res == -1) {
-            throw new PydioException($mess[427]);
+        $repositories = array_map(function($r){
+            return InputFilter::sanitize($r, InputFilter::SANITIZE_ALPHANUM);
+        }, $repositories);
+
+        foreach($repositories as $repId){
+            $repo         = RepositoryService::findRepositoryByIdOrAlias($repId);
+            if(!is_object($repo)){
+                $res = -1;
+            }else{
+                $res = RepositoryService::deleteRepository($repId);
+            }
+            if ($res == -1) {
+                throw new PydioException($mess[427]);
+            }
         }
 
         $message = new UserMessage($mess["ajxp_conf.59"]);

core/src/plugins/access.ajxp_conf/src/RolesManager.php

@@ -506,12 +506,20 @@ public function delete(ServerRequestInterface $requestInterface, ResponseInterfa
 
         $mess = LocaleService::getMessages();
         $httpVars = $requestInterface->getParsedBody();
-
-        $roleId = InputFilter::sanitize(isSet($httpVars["roleId"]) ? $httpVars["roleId"] : $httpVars["role_id"], InputFilter::SANITIZE_DIRNAME);
-        if (RolesService::getRole($roleId) === false) {
-            throw new PydioException($mess["ajxp_conf.67"]);
+        $roles = "";
+        if(isSet($httpVars["role_id"])) $roles = $httpVars["role_id"];
+        else if(isSet($httpVars["roleId"])) $roles = $httpVars["roleId"];
+        if(!is_array($roles)){
+            $roles = [$roles];
+        }
+        
+        foreach($roles as $roleId){
+            $roleId = InputFilter::sanitize($roleId);
+            if (RolesService::getRole($roleId) === false) {
+                throw new PydioException($mess["ajxp_conf.67"]);
+            }
+            RolesService::deleteRole($roleId);
         }
-        RolesService::deleteRole($roleId);
 
         $message = new UserMessage($mess["ajxp_conf.68"]);
         $reload = new ReloadMessage();

core/src/plugins/access.ajxp_conf/src/UsersManager.php

@@ -662,29 +662,47 @@ public function usersActions(ServerRequestInterface $requestInterface, ResponseI
      */
     public function delete(ServerRequestInterface $requestInterface, ResponseInterface $responseInterface){
 
-        $mess = LocaleService::getMessages();
-        $httpVars = $requestInterface->getParsedBody();
         /** @var ContextInterface $ctx */
-        $ctx = $requestInterface->getAttribute("ctx");
-
-        if (isSet($httpVars["group"])) {
-
-            $groupPath = $httpVars["group"];
-            $groupPath = preg_replace('/^\/data\/users/', '', $groupPath);
-            $basePath = PathUtils::forwardSlashDirname($groupPath);
-            $basePath = ($ctx->hasUser() ? $ctx->getUser()->getRealGroupPath($basePath) : $basePath);
-            $gName = basename($groupPath);
-            UsersService::deleteGroup($basePath, $gName);
-
-            $resultMessage = $mess["ajxp_conf.128"];
+        $ctx        = $requestInterface->getAttribute("ctx");
+        $mess       = LocaleService::getMessages();
+        $httpVars   = $requestInterface->getParsedBody();
+        $groups     = [];
+        $users      = [];
+        if(isSet($httpVars['group'])) {
+            if(is_array($httpVars['group'])) $groups = $httpVars['group'];
+            else $groups[] = $httpVars['group'];
+            $groups = array_map(function ($g) {
+                return InputFilter::sanitize($g, InputFilter::SANITIZE_DIRNAME);
+            }, $groups);
+        }else if(isSet($httpVars['user_id'])) {
+            if(is_array($httpVars['user_id']))$users = $httpVars['user_id'];
+            else $users[] = $httpVars['user_id'];
+            $users = array_map(function ($u) {
+                return InputFilter::sanitize($u, InputFilter::SANITIZE_EMAILCHARS);
+            }, $users);
+        }
+        $resultMessage ='';
+        if (count($groups)) {
+            foreach($groups as $groupPath){
+                $groupPath = preg_replace('/^\/data\/users/', '', $groupPath);
+                if(empty($groupPath)){
+                    throw new PydioException("Oups trying to delete top-level role, there must be something wrong!");
+                }
+                $basePath = PathUtils::forwardSlashDirname($groupPath);
+                $basePath = ($ctx->hasUser() ? $ctx->getUser()->getRealGroupPath($basePath) : $basePath);
+                $gName = basename($groupPath);
+                UsersService::deleteGroup($basePath, $gName);
+            }
+            $resultMessage = $mess["ajxp_conf.128"] . " (".count($groups).")";
+        } else if(count($users)) {
 
-        } else {
-            if(empty($httpVars["user_id"]) || UsersService::isReservedUserId($httpVars["user_id"])
-                || $ctx->getUser()->getId() === $httpVars["user_id"]) {
-                throw new PydioException($mess["ajxp_conf.61"]);
+            foreach($users as $userId){
+                if(UsersService::isReservedUserId($userId) || $ctx->getUser()->getId() === $userId) {
+                    throw new PydioException($mess["ajxp_conf.61"]);
+                }
+                UsersService::deleteUser($userId);
             }
-            UsersService::deleteUser($httpVars["user_id"]);
-            $resultMessage = $mess["ajxp_conf.60"];
+            $resultMessage = $mess["ajxp_conf.60"] . " (".count($users).")";
         }
 
         $message = new UserMessage($resultMessage);