Add option for all group admins to impersonate their group memebers

[sharidas]

Add an option for all group admins to impersonate
their group members.

Signed-off-by: Sujith H [email protected]

[codecov]

Codecov Report

Merging #134 into master will increase coverage by 0.59%.
The diff coverage is 83.33%.

@@             Coverage Diff              @@
##             master     #134      +/-   ##
============================================
+ Coverage     63.54%   64.14%   +0.59%     
- Complexity       29       31       +2     
============================================
  Files             7        7              
  Lines           192      198       +6     
============================================
+ Hits            122      127       +5     
- Misses           70       71       +1

Impacted Files	Coverage Δ	Complexity Δ
templates/settings-admin.php	0% <0%> (ø)	0 <0> (ø)	⬇️
controller/settingscontroller.php	100% <100%> (+1.23%)	17 <1> (+2)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 37445b6...3a3e44e. Read the comment docs.

[codecov]

Codecov Report

Merging #134 into master will decrease coverage by 0.91%.
The diff coverage is 76.47%.

@@             Coverage Diff              @@
##             master     #134      +/-   ##
============================================
- Coverage     63.54%   62.62%   -0.92%     
- Complexity       29       31       +2     
============================================
  Files             7        7              
  Lines           192      198       +6     
============================================
+ Hits            122      124       +2     
- Misses           70       74       +4

Impacted Files	Coverage Δ	Complexity Δ
templates/settings-admin.php	0% <0%> (ø)	0 <0> (ø)	⬇️
controller/settingscontroller.php	96.47% <86.66%> (-2.3%)	17 <1> (+2)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d10bdd0...9349e5a. Read the comment docs.

[sharidas]

Current state of the PR:

• Added radio buttons to select either grant impresonate access to all group admins or grant selected group admins.
• Updated the js code accordingly.
• Removed code duplication of impersonation and created a private method.
• Updated the unit test accordingly.

Kindly review this change set @PVince81

[sharidas]

@tomneedham Require your helping hand in reviewing this PR.

[tomneedham]

Clean 10.0.10 install with this PR, and I get an issue with the user list:

Only one local user, who is admin. Am logged in as that user.

Ideas?

[tomneedham]

See above comments

[sharidas]

Clean 10.0.10 install with this PR, and I get an issue with the user list:

Only one local user, who is admin. Am logged in as that user.

Ideas?

On my local machine I executed the commands below for impersonate app:

 sujith@sujith-ownCloud  ~/test/owncloud3/apps/impersonate   allow-allgroupadmins  make clean
rm -fR build
rm -f js/templates/impersonateNotification.handlebars.js js/templates/addImpersonateIcon.handlebars.js js/templates/removeImpersonateIcon.handlebars.js
rm -fr /home/sujith/test/owncloud3/apps/impersonate/node_modules
 sujith@sujith-ownCloud  ~/test/owncloud3/apps/impersonate   allow-allgroupadmins  make dist
/usr/bin/npm install /home/sujith/test/owncloud3/apps/impersonate && touch node_modules
added 9 packages from 43 contributors and audited 10 packages in 1.559s
found 0 vulnerabilities



   ╭───────────────────────────────────────────────────────────────╮
   │                                                               │
   │      New minor version of npm available! 6.4.1 -> 6.5.0       │
   │   Changelog: https://github.com/npm/cli/releases/tag/v6.5.0   │
   │               Run npm install -g npm to update!               │
   │                                                               │
   ╰───────────────────────────────────────────────────────────────╯

/home/sujith/test/owncloud3/apps/impersonate/node_modules/handlebars/bin/handlebars -n "OCA.Impersonate" js/templates/impersonateNotification.handlebars -f js/templates/impersonateNotification.handlebars.js
/home/sujith/test/owncloud3/apps/impersonate/node_modules/handlebars/bin/handlebars -n "OCA.Impersonate" js/templates/addImpersonateIcon.handlebars -f js/templates/addImpersonateIcon.handlebars.js
/home/sujith/test/owncloud3/apps/impersonate/node_modules/handlebars/bin/handlebars -n "OCA.Impersonate" js/templates/removeImpersonateIcon.handlebars -f js/templates/removeImpersonateIcon.handlebars.js
mkdir -p build/impersonate
cp --parents -r \
        appinfo \
        controller \
        css \
        img \
        js \
        l10n \
        lib \
        README.md \
        LICENSE \
        CHANGELOG.md \
        templates \
        build/impersonate
rm -f build/impersonate/js/templates/*.handlebars
Skipping signing, either no key and certificate found in /home/sujith/.owncloud/certificates/impersonate.key and /home/sujith/.owncloud/certificates/impersonate.crt or occ can not be found at /home/sujith/test/owncloud3/apps/impersonate/../../occ
tar -czf build/impersonate.tar.gz -C /home/sujith/test/owncloud3/apps/impersonate/build/impersonate ../impersonate
tar: Removing leading `../' from member names
 sujith@sujith-ownCloud  ~/test/owncloud3/apps/impersonate   allow-allgroupadmins  cd -
~/test/owncloud3
 sujith@sujith-ownCloud  ~/test/owncloud3   fix-preview-image-orientation  ./occ a:e impersonate
Cannot load Xdebug - it was already loaded
impersonate enabled
 sujith@sujith-ownCloud  ~/test/owncloud3   fix-preview-image-orientation  

Navigated to the users page and created a new user user1 and the page looks like this

@tomneedham let me know if this is the same procedure followed? Because in my local instance it's not throwing issues.

[tomneedham]

So you're required to run make dist to build the app. Can you add this to the readme? Or change makefile to build on make like other apps do normally. And package on make dist.

[tomneedham]

Fresh install:

• enable app
• add some users
• add some groups
• user list shows impersoantion icons for all users !self
• click on icon "cannot impersonate"

This is bad UX imo. Either dont show the icon if its not yet configured at all, or make a default mode so this works out of the box. The message also doesnt tell you that its not configured - so will never work. We will just get bug reports about this straight away.

[sharidas]

So you're required to run make dist to build the app. Can you add this to the readme? Or change makefile to build on make like other apps do normally. And package on make dist.

Created #135. IMHO, this does not fit to the PR. So I will raise it separately.

[sharidas]

This is bad UX imo. Either dont show the icon if its not yet configured at all, or make a default mode so this works out of the box. The message also doesnt tell you that its not configured - so will never work. We will just get bug reports about this straight away.

Agreed I have created a ticket #136. Again would be nice to create a separate PR imho.

[sharidas]

@tomneedham I have updated the changes requested at

• Add option for all group admins to impersonate their group memebers #134 (comment)
• Add option for all group admins to impersonate their group memebers #134 (comment)

Let me know if this looks ok.

[tomneedham]

Agreed I have created a ticket #136. Again would be nice to create a separate PR imho.

Ok. But #136 is more severe. The app is broken unusable at initial install as it is not configured. IMO a release blocker.

[PVince81]

How was the UX before this option ? Was impersonate enabled by default for everyone ?

@sharidas I agree with @tomneedham that we need to fix the UX in the context of this PR

[sharidas]

The UX flow before this PR ( obviously enabled impersonate app in the oC instance ):

For admin user:

• When admin user navigates to the users page , except admin all users will show up the impersonate icon
  1. The failure from UI for impersonation happens when:
     1. A user tries to impersonate to the user, who has not logged in yet.
     2. Nested impersonation. That is user1 impersonates user2. And then as user2 no more impersonation to user3 or so.
     3. A normal user cannot impersonate admin user
     4. and so on ( there are more scenarios in https://github.com/owncloud/impersonate/blob/master/controller/settingscontroller.php )

For group admin user:

• Groups when whitelisted in the settings page, all the users under the group show up the impersonate icon, except the group admin.
  1. The failure from UI for impersonation happen when:
     1. A user tries to impersonate to the user, who has not logged in yet.
     2. Nested impersonation. That is user1 impersonates user2. And then as user2 no more impersonation to user3 or so.

Why do we have impersonation not possible if the user is not logged in once?

• ref Impersonate a non logged in user causes exception #17
  I totally agree that its not a good UI or say UX doesn't help user understand looking at the message from the dialog box message ( due to security reasons we cannot show up the exact message ).

I believe I have shared most of the details why the UX behaves the way it is. Let me know if we can take the issues pointed out here to a separate issue ( #135, #136 )

If there is still missing information, please let me know. I can help here.

[sharidas]

@tomneedham Let me know your suggestion/opinion, please.

[tomneedham]

Nested impersonation

We can detect this, and hide the icon. New issue.

[tomneedham]

3\. A normal user cannot impersonate admin user

Not relevant, since only loaded for admins.

[tomneedham]

1. A user tries to impersonate to the user, who has not logged in yet.

Javascript can check last login column, if never, dont show impersoantion. Or show tooltip with greyed out icon.

[tomneedham]

Anyway, conclusion here is this is no worse that current.

[sharidas]

Anyway, conclusion here is this is no worse that current.

Agreed, IMHO we can take the hiding of icons to a separate ticket. Let me know if this sounds reasonable.