Allow subadmins to read app config values

core/js/config.js

@@ -8,51 +8,62 @@
  * @namespace
  */
 OC.AppConfig={
-	url:OC.filePath('core','ajax','appconfig.php'),
-	getCall:function(action,data,callback){
-		data.action=action;
-		$.getJSON(OC.AppConfig.url,data,function(result){
-			if(result.status==='success'){
-				if(callback){
-					callback(result.data);
-				}
-			}
-		});
-	},
-	postCall:function(action,data,callback){
-		data.action=action;
-		return $.post(OC.AppConfig.url,data,function(result){
-			if(result.status==='success'){
-				if(callback){
-					callback(result.data);
-				}
-			}
-		},'json');
-	},
+	url:OC.generateUrl('/settings/appconfig'),
 	getValue:function(app,key,defaultValue,callback){
-		if(typeof defaultValue=='function'){
-			callback=defaultValue;
-			defaultValue=null;
+		if (defaultValue === undefined || defaultValue === null) {
+			$.ajax({
+				url: `${OC.AppConfig.url}/${app}/${key}`,
+				success: callback
+			});
+		} else {
+			$.ajax({
+				url: `${OC.AppConfig.url}/${app}/${key}?default=${defaultValue}`,
+				success: callback
+			});
 		}
-		OC.AppConfig.getCall('getValue',{app:app,key:key,defaultValue:defaultValue},callback);
 	},
 	setValue:function(app,key,value){
-		return OC.AppConfig.postCall('setValue',{app:app,key:key,value:value});
+		return $.ajax({
+			url: OC.AppConfig.url,
+			type: 'PUT',
+			data: {
+				app: app,
+				key: key,
+				value: value
+			}
+		});
 	},
 	getApps:function(callback){
-		OC.AppConfig.getCall('getApps',{},callback);
+		$.ajax({
+			url: OC.AppConfig.url,
+			success: callback
+		});
 	},
 	getKeys:function(app,callback){
-		OC.AppConfig.getCall('getKeys',{app:app},callback);
+		$.ajax({
+			url: `${OC.AppConfig.url}/${app}`,
+			success: callback
+		});
 	},
 	hasKey:function(app,key,callback){
-		OC.AppConfig.getCall('hasKey',{app:app,key:key},callback);
+		$.ajax({
+			url: `${OC.AppConfig.url}/${app}/${key}`,
+			success: function(data) {
+				callback(data !== null);
+			}
+		});
 	},
 	deleteKey:function(app,key){
-		OC.AppConfig.postCall('deleteKey',{app:app,key:key});
+		$.ajax({
+			url: `${OC.AppConfig.url}/${app}/${key}`,
+			type: 'DELETE'
+		});
 	},
 	deleteApp:function(app){
-		OC.AppConfig.postCall('deleteApp',{app:app});
+		$.ajax({
+			url: `${OC.AppConfig.url}/${app}`,
+			type: 'DELETE'
+		});
 	}
 };
 //TODO OC.Preferences

settings/Application.php

@@ -35,6 +35,7 @@
 use OC\AppFramework\Utility\TimeFactory;
 use OC\Settings\Controller\CorsController;
 use OC\Settings\Controller\SettingsPageController;
+use OC\Settings\Controller\AppConfigController;
 use OC\Settings\Controller\AppSettingsController;
 use OC\Settings\Controller\AuthSettingsController;
 use OC\Settings\Controller\CertificateController;
@@ -187,6 +188,13 @@ public function __construct(array $urlParams=[]) {
 				$c->query('L10N')
 			);
 		});
+		$container->registerService('AppConfigController', function(IContainer $c) {
+			return new AppConfigController(
+				$c->query('AppName'),
+				$c->query('Request'),
+				$c->query('ServerContainer')->getAppConfig()
+			);
+		});
 
 		/**
 		 * Middleware

settings/Controller/AppConfigController.php

@@ -0,0 +1,129 @@
+<?php
+/**
+ * @copyright Copyright (c) 2023, ownCloud GmbH
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Settings\Controller;
+
+use OCP\IAppConfig;
+use OCP\IRequest;
+use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\DataResponse;
+use OCP\AppFramework\Http\JSONResponse;
+
+/**
+ * The code is mostly copied from core/ajax/appconfig.php
+ * Read methods (getApps, getKeys and getValue) are available to subadmins,
+ * which wasn't possible with the core/ajax/appconfig.php file. The rest of
+ * the methods require admin privileges.
+ * Note that the "hasKey" method is missing. You can do the same in a lot of
+ * cases by trying to get the value of the key.
+ *
+ * @package OC\Settings\Controller
+ */
+class AppConfigController extends Controller {
+	/** @var IAppConfig */
+	private $appConfig;
+
+	/**
+	 * @param string $appName
+	 * @param IRequest $request
+	 * @param IAppConfig $appConfig
+	 */
+	public function __construct(
+		$appName,
+		IRequest $request,
+		IAppConfig $appConfig
+	) {
+		parent::__construct($appName, $request);
+		$this->appConfig = $appConfig;
+	}
+
+	/**
+	 * @NoAdminRequired
+	 *
+	 * Get the list of apps
+	 */
+	public function getApps() {
+		return new JSONResponse($this->appConfig->getApps());
+	}
+
+	/**
+	 * @NoAdminRequired
+	 *
+	 * Get the list of keys for that particular app
+	 * @param string $app
+	 */
+	public function getKeys($app) {
+		return new JSONResponse($this->appConfig->getKeys($app));
+	}
+
+	/**
+	 * @NoAdminRequired
+	 *
+	 * Get the value of the key for that app, or the default value provided
+	 * if it's missing.
+	 * @param string $app
+	 * @param string $key
+	 * @param string $default
+	 */
+	public function getValue($app, $key, $default = null) {
+		return new JSONResponse($this->appConfig->getValue($app, $key, $default));
+	}
+
+	/**
+	 * Set the value for the target key in the app. If no value is provided,
+	 * the request will fail.
+	 * @param string $app
+	 * @param string $key
+	 * @param string $value
+	 */
+	public function setValue($app, $key, $value) {
+		if (!isset($app, $key, $value)) {
+			return new JSONResponse([], Http::STATUS_BAD_REQUEST);
+		} else {
+			return new JSONResponse($this->appConfig->setValue($app, $key, $value));
+		}
+	}
+
+	/**
+	 * Delete the key from the app
+	 * @param string $app
+	 * @param string $key
+	 */
+	public function deleteKey($app, $key) {
+		if (!isset($app, $key)) {
+			return new JSONResponse([], Http::STATUS_BAD_REQUEST);
+		} else {
+			return new JSONResponse($this->appConfig->deleteKey($app, $key));
+		}
+	}
+
+	/**
+	 * Delete the app from the appconfig. Note that this just deletes the stored
+	 * keys in the appconfig. It won't touch the app in any other way
+	 * @param string $app
+	 */
+	public function deleteApp($app) {
+		if (!isset($app)) {
+			return new JSONResponse([], Http::STATUS_BAD_REQUEST);
+		} else {
+			return new JSONResponse($this->appConfig->deleteApp($app));
+		}
+	}
+}

settings/routes.php

@@ -73,6 +73,12 @@
 		['name' => 'Users#resendInvitation', 'url' => '/resend/invitation/{userId}', 'verb' => 'POST'],
 		['name' => 'Users#setPassword', 'url' => '/setpassword/{token}/{userId}', 'verb' => 'POST'],
 		['name' => 'Groups#getAssignableAndRemovableGroups', 'url' => '/settings/groups/available', 'verb' => 'GET'],
+		['name' => 'AppConfig#getApps', 'url' => '/settings/appconfig', 'verb' => 'GET'],
+		['name' => 'AppConfig#getKeys', 'url' => '/settings/appconfig/{app}', 'verb' => 'GET'],
+		['name' => 'AppConfig#getValue', 'url' => '/settings/appconfig/{app}/{key}', 'verb' => 'GET'],
+		['name' => 'AppConfig#setValue', 'url' => '/settings/appconfig/{app?}/{key?}', 'verb' => 'PUT'], // optional params can be sent in the request body
+		['name' => 'AppConfig#deleteKey', 'url' => '/settings/appconfig/{app?}/{key?}', 'verb' => 'DELETE'], // optional params can be sent in the request body
+		['name' => 'AppConfig#deleteApp', 'url' => '/settings/appconfig/{app?}', 'verb' => 'DELETE'], // optional params can be sent in the request body
 	]
 ]);