aboutsummaryrefslogtreecommitdiffstats
path: root/apps/dav/lib/CalDAV/Calendar.php
diff options
context:
space:
mode:
authorGeorg Ehrke <developer@georgehrke.com>2019-08-14 13:38:11 +0200
committerGeorg Ehrke <developer@georgehrke.com>2019-08-15 15:41:28 +0200
commit63d584afb5727737fe73a0ca2ecf720022b33922 (patch)
treec3fc0a335c2f3766b61257270cdb167b9a7aa788 /apps/dav/lib/CalDAV/Calendar.php
parent3d86537dc922083427a283e84d726d416f9ec95c (diff)
downloadnextcloud-server-63d584afb5727737fe73a0ca2ecf720022b33922.tar.gz
nextcloud-server-63d584afb5727737fe73a0ca2ecf720022b33922.zip
use principaluri instead of userid, allowing to add delegates for rooms and things
Signed-off-by: Georg Ehrke <developer@georgehrke.com> !fixup add owner_id and proxy_id as db index, since we use it for querying Signed-off-by: Georg Ehrke <developer@georgehrke.com> !fixup don't add ACL for each individual proxy, just use calendar-proxy groups Signed-off-by: Georg Ehrke <developer@georgehrke.com> !fixup allow delegation of resources / rooms Signed-off-by: Georg Ehrke <developer@georgehrke.com> !fixup fix addIndex call in migration Signed-off-by: Georg Ehrke <developer@georgehrke.com> !fixup fix remaining constructor calls of Principal Signed-off-by: Georg Ehrke <developer@georgehrke.com> !fixup minor fixes and unit tests Signed-off-by: Georg Ehrke <developer@georgehrke.com>
Diffstat (limited to 'apps/dav/lib/CalDAV/Calendar.php')
-rw-r--r--apps/dav/lib/CalDAV/Calendar.php87
1 files changed, 49 insertions, 38 deletions
diff --git a/apps/dav/lib/CalDAV/Calendar.php b/apps/dav/lib/CalDAV/Calendar.php
index ae5cb226b0e..38def19af1d 100644
--- a/apps/dav/lib/CalDAV/Calendar.php
+++ b/apps/dav/lib/CalDAV/Calendar.php
@@ -47,9 +47,14 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
/** @var IConfig */
private $config;
- /** @var ProxyMapper */
- private $proxyMapper;
-
+ /**
+ * Calendar constructor.
+ *
+ * @param BackendInterface $caldavBackend
+ * @param $calendarInfo
+ * @param IL10N $l10n
+ * @param IConfig $config
+ */
public function __construct(BackendInterface $caldavBackend, $calendarInfo, IL10N $l10n, IConfig $config) {
parent::__construct($caldavBackend, $calendarInfo);
@@ -62,9 +67,6 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
}
$this->config = $config;
-
- // TODO: proper DI
- $this->proxyMapper = \OC::$server->query(ProxyMapper::class);
}
/**
@@ -126,29 +128,60 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
return $this->calendarInfo['principaluri'];
}
+ /**
+ * @return array
+ */
public function getACL() {
$acl = [
[
'privilege' => '{DAV:}read',
'principal' => $this->getOwner(),
'protected' => true,
- ]];
+ ],
+ [
+ 'privilege' => '{DAV:}read',
+ 'principal' => $this->getOwner() . '/calendar-proxy-write',
+ 'protected' => true,
+ ],
+ [
+ 'privilege' => '{DAV:}read',
+ 'principal' => $this->getOwner() . '/calendar-proxy-read',
+ 'protected' => true,
+ ],
+ ];
+
if ($this->getName() !== BirthdayService::BIRTHDAY_CALENDAR_URI) {
$acl[] = [
'privilege' => '{DAV:}write',
'principal' => $this->getOwner(),
'protected' => true,
];
+ $acl[] = [
+ 'privilege' => '{DAV:}write',
+ 'principal' => $this->getOwner() . '/calendar-proxy-write',
+ 'protected' => true,
+ ];
} else {
$acl[] = [
'privilege' => '{DAV:}write-properties',
'principal' => $this->getOwner(),
'protected' => true,
];
+ $acl[] = [
+ 'privilege' => '{DAV:}write-properties',
+ 'principal' => $this->getOwner() . '/calendar-proxy-write',
+ 'protected' => true,
+ ];
}
+ $acl[] = [
+ 'privilege' => '{DAV:}write-properties',
+ 'principal' => $this->getOwner() . '/calendar-proxy-read',
+ 'protected' => true,
+ ];
+
if (!$this->isShared()) {
- return $this->addProxies($acl);
+ return $acl;
}
if ($this->getOwner() !== parent::getOwner()) {
@@ -180,38 +213,16 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
}
$acl = $this->caldavBackend->applyShareAcl($this->getResourceId(), $acl);
- $allowedPrincipals = [$this->getOwner(), parent::getOwner(), 'principals/system/public'];
- $acl = array_filter($acl, function($rule) use ($allowedPrincipals) {
+ $allowedPrincipals = [
+ $this->getOwner(),
+ $this->getOwner(). '/calendar-proxy-read',
+ $this->getOwner(). '/calendar-proxy-write',
+ parent::getOwner(),
+ 'principals/system/public'
+ ];
+ return array_filter($acl, function($rule) use ($allowedPrincipals) {
return \in_array($rule['principal'], $allowedPrincipals, true);
});
-
- $acl = $this->addProxies($acl);
-
- return $acl;
- }
-
- public function addProxies(array $acl): array {
- list($prefix, $name) = \Sabre\Uri\split($this->getOwner());
- $proxies = $this->proxyMapper->getProxiesOf($name);
-
- foreach ($proxies as $proxy) {
- if ($proxy->getPermissions() & ProxyMapper::PERMISSION_READ) {
- $acl[] = [
- 'privilege' => '{DAV:}read',
- 'principal' => 'principals/users/' . $proxy->getProxyId(),
- 'protected' => true,
- ];
- }
- if ($proxy->getPermissions() & ProxyMapper::PERMISSION_WRITE) {
- $acl[] = [
- 'privilege' => '{DAV:}write',
- 'principal' => 'principals/users/' . $proxy->getProxyId(),
- 'protected' => true,
- ];
- }
- }
-
- return $acl;
}
public function getChildACL() {