Allow not-authenticated access to specific urls

apps/dav/lib/CalDAV/CalDavBackend.php

@@ -339,6 +339,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
 				'{' . Plugin::NS_CALDAV . '}schedule-calendar-transp' => new ScheduleCalendarTransp($row['transparent']?'transparent':'opaque'),
 				'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal' => $row['principaluri'],
 				'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only' => (int)$row['access'] === Backend::ACCESS_READ,
+				'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}public' => (int)$row['access'] === self::ACCESS_PUBLIC,
 			];
 
 			foreach($this->propertyMap as $xmlName=>$dbName) {

apps/dav/lib/CalDAV/Calendar.php

@@ -90,7 +90,7 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 	}
 
 	/**
-	 * @return str
+	 * @return string
 	 */
 	public function getPrincipalURI() {
 		return $this->calendarInfo['principaluri'];
@@ -124,6 +124,13 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 				];
 			}
 		}
+		if ($this->isPublic()) {
+			$acl[] = [
+				'privilege' => '{DAV:}read',
+				'principal' => 'principals/system/public',
+				'protected' => true,
+			];
+		}
 
 		/** @var CalDavBackend $calDavBackend */
 		$calDavBackend = $this->caldavBackend;
@@ -264,6 +271,10 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 		return true;
 	}
 
+	private function isPublic() {
+		return isset($this->calendarInfo['{http://owncloud.org/ns}public']);
+	}
+
 	private function isShared() {
 		return isset($this->calendarInfo['{http://owncloud.org/ns}owner-principal']);
 	}

apps/dav/lib/DAV/PublicAuth.php

@@ -0,0 +1,86 @@
+<?php
+/**
+ * @author Thomas Müller <thomas.mueller@tmit.eu>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+namespace OCA\DAV\DAV;
+
+use Sabre\DAV\Auth\Backend\BackendInterface;
+use Sabre\HTTP\RequestInterface;
+use Sabre\HTTP\ResponseInterface;
+
+class PublicAuth implements BackendInterface {
+
+	/** @var string[] */
+	private $publicURLs;
+
+	/**
+	 * @param string[] $publicURLs
+	 */
+	public function __construct() {
+		$this->publicURLs = [
+			'public-calendars/'
+		];
+	}
+
+	/**
+	 * When this method is called, the backend must check if authentication was
+	 * successful.
+	 *
+	 * The returned value must be one of the following
+	 *
+	 * [true, "principals/username"]
+	 * [false, "reason for failure"]
+	 *
+	 * If authentication was successful, it's expected that the authentication
+	 * backend returns a so-called principal url.
+	 *
+	 * Examples of a principal url:
+	 *
+	 * principals/admin
+	 * principals/user1
+	 * principals/users/joe
+	 * principals/uid/123457
+	 *
+	 * If you don't use WebDAV ACL (RFC3744) we recommend that you simply
+	 * return a string such as:
+	 *
+	 * principals/users/[username]
+	 *
+	 * @param RequestInterface $request
+	 * @param ResponseInterface $response
+	 * @return array
+	 */
+	function check(RequestInterface $request, ResponseInterface $response) {
+		$url = $request->getPath();
+		$matchingUrls = array_filter($this->publicURLs, function ($publicUrl) use ($url) {
+			return strpos($url, $publicUrl, 0) === 0;
+		});
+
+		if ($matchingUrls) {
+			return [true, "principals/system/public"];
+		}
+		return [false, "No public access to this resource."];
+	}
+
+	/**
+	 * @inheritdoc
+	 */
+	function challenge(RequestInterface $request, ResponseInterface $response) {
+	}
+}

apps/dav/lib/DAV/SystemPrincipalBackend.php

@@ -51,6 +51,10 @@ class SystemPrincipalBackend extends AbstractBackend {
 				'uri' => 'principals/system/system',
 				'{DAV:}displayname' => 'system',
 			];
+			$principals[] = [
+				'uri' => 'principals/system/public',
+				'{DAV:}displayname' => 'public',
+			];
 		}
 
 		return $principals;
@@ -73,6 +77,13 @@ class SystemPrincipalBackend extends AbstractBackend {
 			];
 			return $principal;
 		}
+		if ($path === 'principals/system/public') {
+			$principal = [
+				'uri' => 'principals/system/public',
+				'{DAV:}displayname' => 'public',
+			];
+			return $principal;
+		}
 
 		return null;
 	}

apps/dav/lib/Server.php

@@ -35,6 +35,7 @@ use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin;
 use OCA\DAV\Connector\Sabre\DavAclPlugin;
 use OCA\DAV\Connector\Sabre\DummyGetResponsePlugin;
 use OCA\DAV\Connector\Sabre\FilesPlugin;
+use OCA\DAV\DAV\PublicAuth;
 use OCA\DAV\Files\BrowserErrorPagePlugin;
 use OCA\DAV\Files\CustomPropertiesBackend;
 use OCP\IRequest;
@@ -78,6 +79,8 @@ class Server {
 
 		$this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
 		$authPlugin = new Plugin();
+		$authPlugin->addBackend($authBackend);
+		$authPlugin->addBackend(new PublicAuth());
 		$this->server->addPlugin($authPlugin);
 
 		// allow setup of additional auth backends