diff options
author | Georg Ehrke <developer@georgehrke.com> | 2017-10-21 11:19:01 +0200 |
---|---|---|
committer | Georg Ehrke <developer@georgehrke.com> | 2017-11-11 02:15:56 +0100 |
commit | d59b3392abf021d0289b5b2ea1a67bc99e8d89da (patch) | |
tree | 95a408cf05f962399945830a9053de5f58768d42 | |
parent | 1c106a66b1b287eec177204b71c40ed00a450268 (diff) | |
download | nextcloud-server-d59b3392abf021d0289b5b2ea1a67bc99e8d89da.tar.gz nextcloud-server-d59b3392abf021d0289b5b2ea1a67bc99e8d89da.zip |
disallow users to create calendars with reserved names
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
-rw-r--r-- | apps/dav/lib/CalDAV/CalendarHome.php | 15 | ||||
-rw-r--r-- | apps/dav/tests/unit/CalDAV/CalendarHomeTest.php | 81 |
2 files changed, 96 insertions, 0 deletions
diff --git a/apps/dav/lib/CalDAV/CalendarHome.php b/apps/dav/lib/CalDAV/CalendarHome.php index c1988c7493e..3e645db459f 100644 --- a/apps/dav/lib/CalDAV/CalendarHome.php +++ b/apps/dav/lib/CalDAV/CalendarHome.php @@ -32,6 +32,8 @@ use Sabre\CalDAV\Schedule\Inbox; use Sabre\CalDAV\Schedule\Outbox; use Sabre\CalDAV\Subscriptions\Subscription; use Sabre\DAV\Exception\NotFound; +use Sabre\DAV\Exception\MethodNotAllowed; +use Sabre\DAV\MkCol; class CalendarHome extends \Sabre\CalDAV\CalendarHome { @@ -57,6 +59,19 @@ class CalendarHome extends \Sabre\CalDAV\CalendarHome { /** * @inheritdoc */ + function createExtendedCollection($name, MkCol $mkCol) { + $reservedNames = [BirthdayService::BIRTHDAY_CALENDAR_URI]; + + if (in_array($name, $reservedNames)) { + throw new MethodNotAllowed('The resource you tried to create has a reserved name'); + } + + parent::createExtendedCollection($name, $mkCol); + } + + /** + * @inheritdoc + */ function getChildren() { $calendars = $this->caldavBackend->getCalendarsForUser($this->principalInfo['uri']); $objects = []; diff --git a/apps/dav/tests/unit/CalDAV/CalendarHomeTest.php b/apps/dav/tests/unit/CalDAV/CalendarHomeTest.php new file mode 100644 index 00000000000..a7981cfa159 --- /dev/null +++ b/apps/dav/tests/unit/CalDAV/CalendarHomeTest.php @@ -0,0 +1,81 @@ +<?php +/** + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @copyright Copyright (c) 2017, Georg Ehrke + * + * @author Georg Ehrke <oc.list@georgehrke.com> + * + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + +namespace OCA\DAV\Tests\unit\CalDAV; + +use OCA\DAV\CalDAV\CalDavBackend; +use OCA\DAV\CalDAV\CalendarHome; +use Sabre\DAV\MkCol; +use Test\TestCase; + +class CalendarHomeTest extends TestCase { + + /** @var CalDavBackend | \PHPUnit_Framework_MockObject_MockObject */ + private $backend; + + /** @var array */ + private $principalInfo = []; + + /** @var CalendarHome */ + private $calendarHome; + + protected function setUp() { + parent::setUp(); + + $this->backend = $this->createMock(CalDavBackend::class); + $this->principalInfo = [ + 'uri' => 'user-principal-123', + ]; + + $this->calendarHome = new CalendarHome($this->backend, + $this->principalInfo); + } + + public function testCreateCalendarValidName() { + /** @var MkCol | \PHPUnit_Framework_MockObject_MockObject $mkCol */ + $mkCol = $this->createMock(MkCol::class); + + $mkCol->method('getResourceType') + ->will($this->returnValue(['{DAV:}collection', + '{urn:ietf:params:xml:ns:caldav}calendar'])); + $mkCol->method('getRemainingValues') + ->will($this->returnValue(['... properties ...'])); + + $this->backend->expects($this->once()) + ->method('createCalendar') + ->with('user-principal-123', 'name123', ['... properties ...']); + + $this->calendarHome->createExtendedCollection('name123', $mkCol); + } + + /** + * @expectedException \Sabre\DAV\Exception\MethodNotAllowed + * @expectedExceptionMessage The resource you tried to create has a reserved name + */ + public function testCreateCalendarReservedName() { + /** @var MkCol | \PHPUnit_Framework_MockObject_MockObject $mkCol */ + $mkCol = $this->createMock(MkCol::class); + + $this->calendarHome->createExtendedCollection('contact_birthdays', $mkCol); + } +} |