summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorThomas Müller <thomas.mueller@tmit.eu>2016-01-28 20:30:40 +0100
committerThomas Müller <thomas.mueller@tmit.eu>2016-02-03 17:18:22 +0100
commit4b14ca672ffc4388297a278b87c30ffa2c94561d (patch)
tree4968b737bf4e6e7fd29863e059f93d38df20e75b
parent0753067bcd1b00f38e650c6b0975bdb67d132774 (diff)
downloadnextcloud-server-4b14ca672ffc4388297a278b87c30ffa2c94561d.tar.gz
nextcloud-server-4b14ca672ffc4388297a278b87c30ffa2c94561d.zip
Fix ACLs on shared calendars
-rw-r--r--apps/dav/lib/caldav/caldavbackend.php2
-rw-r--r--apps/dav/lib/caldav/calendar.php17
-rw-r--r--apps/dav/lib/dav/sharing/backend.php2
-rw-r--r--apps/dav/tests/unit/caldav/caldavbackendtest.php107
4 files changed, 98 insertions, 30 deletions
diff --git a/apps/dav/lib/caldav/caldavbackend.php b/apps/dav/lib/caldav/caldavbackend.php
index 1bd1000a731..4820116e9a6 100644
--- a/apps/dav/lib/caldav/caldavbackend.php
+++ b/apps/dav/lib/caldav/caldavbackend.php
@@ -188,7 +188,6 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
$fields[] = 'a.components';
$fields[] = 'a.principaluri';
$fields[] = 'a.transparent';
- $fields[] = 's.access';
$query = $this->db->getQueryBuilder();
$result = $query->select($fields)
->from('dav_shares', 's')
@@ -216,7 +215,6 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
'{' . Plugin::NS_CALDAV . '}supported-calendar-component-set' => new SupportedCalendarComponentSet($components),
'{' . Plugin::NS_CALDAV . '}schedule-calendar-transp' => new ScheduleCalendarTransp($row['transparent']?'transparent':'opaque'),
'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal' => $row['principaluri'],
- '{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only' => $row['access'] === Backend::ACCESS_READ,
];
foreach($this->propertyMap as $xmlName=>$dbName) {
diff --git a/apps/dav/lib/caldav/calendar.php b/apps/dav/lib/caldav/calendar.php
index b4a47418350..7822c703e91 100644
--- a/apps/dav/lib/caldav/calendar.php
+++ b/apps/dav/lib/caldav/calendar.php
@@ -58,23 +58,6 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
function getACL() {
$acl = parent::getACL();
- // add the current user
- if (isset($this->calendarInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal'])) {
- $owner = $this->calendarInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal'];
- $acl[] = [
- 'privilege' => '{DAV:}read',
- 'principal' => $owner,
- 'protected' => true,
- ];
- if ($this->calendarInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only']) {
- $acl[] = [
- 'privilege' => '{DAV:}write',
- 'principal' => $owner,
- 'protected' => true,
- ];
- }
- }
-
/** @var CalDavBackend $caldavBackend */
$caldavBackend = $this->caldavBackend;
return $caldavBackend->applyShareAcl($this->getResourceId(), $acl);
diff --git a/apps/dav/lib/dav/sharing/backend.php b/apps/dav/lib/dav/sharing/backend.php
index fee864ffe6f..2d810a43f9d 100644
--- a/apps/dav/lib/dav/sharing/backend.php
+++ b/apps/dav/lib/dav/sharing/backend.php
@@ -136,7 +136,7 @@ class Backend {
'href' => "principal:${row['principaluri']}",
// 'commonName' => isset($p['{DAV:}displayname']) ? $p['{DAV:}displayname'] : '',
'status' => 1,
- 'readOnly' => ($row['access'] === self::ACCESS_READ),
+ 'readOnly' => ($row['access'] == self::ACCESS_READ),
'{'.\OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD.'}principal' => $row['principaluri']
];
}
diff --git a/apps/dav/tests/unit/caldav/caldavbackendtest.php b/apps/dav/tests/unit/caldav/caldavbackendtest.php
index 30148211a43..aece738166a 100644
--- a/apps/dav/tests/unit/caldav/caldavbackendtest.php
+++ b/apps/dav/tests/unit/caldav/caldavbackendtest.php
@@ -28,6 +28,7 @@ use OCA\DAV\Connector\Sabre\Principal;
use Sabre\CalDAV\Xml\Property\SupportedCalendarComponentSet;
use Sabre\DAV\PropPatch;
use Sabre\DAV\Xml\Property\Href;
+use Sabre\DAVACL\IACL;
use Test\TestCase;
/**
@@ -108,22 +109,80 @@ class CalDavBackendTest extends TestCase {
$this->assertEquals(0, count($books));
}
- public function testCalendarSharing() {
+ public function providesSharingData() {
+ return [
+ [true, true, true, false, [
+ [
+ 'href' => 'principal:' . self::UNIT_TEST_USER1,
+ 'readOnly' => false
+ ],
+ [
+ 'href' => 'principal:' . self::UNIT_TEST_GROUP,
+ 'readOnly' => true
+ ]
+ ]],
+ [true, false, false, false, [
+ [
+ 'href' => 'principal:' . self::UNIT_TEST_USER1,
+ 'readOnly' => true
+ ],
+ ]],
+
+ ];
+ }
+
+ /**
+ * @dataProvider providesSharingData
+ */
+ public function testCalendarSharing($userCanRead, $userCanWrite, $groupCanRead, $groupCanWrite, $add) {
- $this->createTestCalendar();
+ $calendarId = $this->createTestCalendar();
$books = $this->backend->getCalendarsForUser(self::UNIT_TEST_USER);
$this->assertEquals(1, count($books));
$calendar = new Calendar($this->backend, $books[0]);
- $this->backend->updateShares($calendar, [
- [
- 'href' => 'principal:' . self::UNIT_TEST_USER1,
- ],
- [
- 'href' => 'principal:' . self::UNIT_TEST_GROUP,
- ]
- ], []);
+ $this->backend->updateShares($calendar, $add, []);
$books = $this->backend->getCalendarsForUser(self::UNIT_TEST_USER1);
$this->assertEquals(1, count($books));
+ $calendar = new Calendar($this->backend, $books[0]);
+ $acl = $calendar->getACL();
+ $this->assertAcl(self::UNIT_TEST_USER, '{DAV:}read', $acl);
+ $this->assertAcl(self::UNIT_TEST_USER, '{DAV:}write', $acl);
+ $this->assertAccess($userCanRead, self::UNIT_TEST_USER1, '{DAV:}read', $acl);
+ $this->assertAccess($userCanWrite, self::UNIT_TEST_USER1, '{DAV:}write', $acl);
+ $this->assertAccess($groupCanRead, self::UNIT_TEST_GROUP, '{DAV:}read', $acl);
+ $this->assertAccess($groupCanWrite, self::UNIT_TEST_GROUP, '{DAV:}write', $acl);
+ $this->assertEquals(self::UNIT_TEST_USER, $calendar->getOwner());
+
+ // test acls on the child
+ $uri = $this->getUniqueID('calobj');
+ $calData = <<<'EOD'
+BEGIN:VCALENDAR
+VERSION:2.0
+PRODID:ownCloud Calendar
+BEGIN:VEVENT
+CREATED;VALUE=DATE-TIME:20130910T125139Z
+UID:47d15e3ec8
+LAST-MODIFIED;VALUE=DATE-TIME:20130910T125139Z
+DTSTAMP;VALUE=DATE-TIME:20130910T125139Z
+SUMMARY:Test Event
+DTSTART;VALUE=DATE-TIME:20130912T130000Z
+DTEND;VALUE=DATE-TIME:20130912T140000Z
+CLASS:PUBLIC
+END:VEVENT
+END:VCALENDAR
+EOD;
+
+ $this->backend->createCalendarObject($calendarId, $uri, $calData);
+
+ /** @var IACL $child */
+ $child = $calendar->getChild($uri);
+ $acl = $child->getACL();
+ $this->assertAcl(self::UNIT_TEST_USER, '{DAV:}read', $acl);
+ $this->assertAcl(self::UNIT_TEST_USER, '{DAV:}write', $acl);
+ $this->assertAccess($userCanRead, self::UNIT_TEST_USER1, '{DAV:}read', $acl);
+ $this->assertAccess($userCanWrite, self::UNIT_TEST_USER1, '{DAV:}write', $acl);
+ $this->assertAccess($groupCanRead, self::UNIT_TEST_GROUP, '{DAV:}read', $acl);
+ $this->assertAccess($groupCanWrite, self::UNIT_TEST_GROUP, '{DAV:}write', $acl);
// delete the address book
$this->backend->deleteCalendar($books[0]['id']);
@@ -386,4 +445,32 @@ EOD;
$sos = $this->backend->getSchedulingObjects(self::UNIT_TEST_USER);
$this->assertEquals(0, count($sos));
}
+
+ private function assertAcl($principal, $privilege, $acl) {
+ foreach($acl as $a) {
+ if ($a['principal'] === $principal && $a['privilege'] === $privilege) {
+ $this->assertTrue(true);
+ return;
+ }
+ }
+ $this->fail("ACL does not contain $principal / $privilege");
+ }
+
+ private function assertNotAcl($principal, $privilege, $acl) {
+ foreach($acl as $a) {
+ if ($a['principal'] === $principal && $a['privilege'] === $privilege) {
+ $this->fail("ACL contains $principal / $privilege");
+ return;
+ }
+ }
+ $this->assertTrue(true);
+ }
+
+ private function assertAccess($shouldHaveAcl, $principal, $privilege, $acl) {
+ if ($shouldHaveAcl) {
+ $this->assertAcl($principal, $privilege, $acl);
+ } else {
+ $this->assertNotAcl($principal, $privilege, $acl);
+ }
+ }
}