use principaluri instead of userid, allowing to add delegates for rooms and things

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup add owner_id and proxy_id as db index, since we use it for querying

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup don't add ACL for each individual proxy, just use calendar-proxy groups

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup allow delegation of resources / rooms

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup fix addIndex call in migration

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup fix remaining constructor calls of Principal

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup minor fixes and unit tests

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

5 files changed, 94 insertions, 77 deletions

diff --git a/apps/dav/lib/CalDAV/Calendar.php b/apps/dav/lib/CalDAV/Calendar.php
index ae5cb226b0e..38def19af1d 100644
--- a/apps/dav/lib/CalDAV/Calendar.php
+++ b/apps/dav/lib/CalDAV/Calendar.php
@@ -47,9 +47,14 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 	/** @var IConfig */
 	private $config;
 
-	/** @var ProxyMapper */
-	private $proxyMapper;
-
+	/**
+	 * Calendar constructor.
+	 *
+	 * @param BackendInterface $caldavBackend
+	 * @param $calendarInfo
+	 * @param IL10N $l10n
+	 * @param IConfig $config
+	 */
 	public function __construct(BackendInterface $caldavBackend, $calendarInfo, IL10N $l10n, IConfig $config) {
 		parent::__construct($caldavBackend, $calendarInfo);
 
@@ -62,9 +67,6 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 		}
 
 		$this->config = $config;
-
-		// TODO: proper DI
-		$this->proxyMapper = \OC::$server->query(ProxyMapper::class);
 	}
 
 	/**
@@ -126,29 +128,60 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 		return $this->calendarInfo['principaluri'];
 	}
 
+	/**
+	 * @return array
+	 */
 	public function getACL() {
 		$acl =  [
 			[
 				'privilege' => '{DAV:}read',
 				'principal' => $this->getOwner(),
 				'protected' => true,
-			]];
+			],
+			[
+				'privilege' => '{DAV:}read',
+				'principal' => $this->getOwner() . '/calendar-proxy-write',
+				'protected' => true,
+			],
+			[
+				'privilege' => '{DAV:}read',
+				'principal' => $this->getOwner() . '/calendar-proxy-read',
+				'protected' => true,
+			],
+		];
+
 		if ($this->getName() !== BirthdayService::BIRTHDAY_CALENDAR_URI) {
 			$acl[] = [
 				'privilege' => '{DAV:}write',
 				'principal' => $this->getOwner(),
 				'protected' => true,
 			];
+			$acl[] = [
+				'privilege' => '{DAV:}write',
+				'principal' => $this->getOwner() . '/calendar-proxy-write',
+				'protected' => true,
+			];
 		} else {
 			$acl[] = [
 				'privilege' => '{DAV:}write-properties',
 				'principal' => $this->getOwner(),
 				'protected' => true,
 			];
+			$acl[] = [
+				'privilege' => '{DAV:}write-properties',
+				'principal' => $this->getOwner() . '/calendar-proxy-write',
+				'protected' => true,
+			];
 		}
 
+		$acl[] = [
+			'privilege' => '{DAV:}write-properties',
+			'principal' => $this->getOwner() . '/calendar-proxy-read',
+			'protected' => true,
+		];
+
 		if (!$this->isShared()) {
-			return $this->addProxies($acl);
+			return $acl;
 		}
 
 		if ($this->getOwner() !== parent::getOwner()) {
@@ -180,38 +213,16 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 		}
 
 		$acl = $this->caldavBackend->applyShareAcl($this->getResourceId(), $acl);
-		$allowedPrincipals = [$this->getOwner(), parent::getOwner(), 'principals/system/public'];
-		$acl = array_filter($acl, function($rule) use ($allowedPrincipals) {
+		$allowedPrincipals = [
+			$this->getOwner(),
+			$this->getOwner(). '/calendar-proxy-read',
+			$this->getOwner(). '/calendar-proxy-write',
+			parent::getOwner(),
+			'principals/system/public'
+		];
+		return array_filter($acl, function($rule) use ($allowedPrincipals) {
 			return \in_array($rule['principal'], $allowedPrincipals, true);
 		});
-
-		$acl = $this->addProxies($acl);
-
-		return $acl;
-	}
-
-	public function addProxies(array $acl): array {
-		list($prefix, $name) = \Sabre\Uri\split($this->getOwner());
-		$proxies = $this->proxyMapper->getProxiesOf($name);
-
-		foreach ($proxies as $proxy) {
-			if ($proxy->getPermissions() & ProxyMapper::PERMISSION_READ) {
-				$acl[] =  [
-					'privilege' => '{DAV:}read',
-					'principal' => 'principals/users/' . $proxy->getProxyId(),
-					'protected' => true,
-				];
-			}
-			if ($proxy->getPermissions() & ProxyMapper::PERMISSION_WRITE) {
-				$acl[] =  [
-					'privilege' => '{DAV:}write',
-					'principal' => 'principals/users/' . $proxy->getProxyId(),
-					'protected' => true,
-				];
-			}
-		}
-
-		return $acl;
 	}
 
 	public function getChildACL() {
diff --git a/apps/dav/lib/CalDAV/Proxy/ProxyMapper.php b/apps/dav/lib/CalDAV/Proxy/ProxyMapper.php
index 6a569394c4b..8d8adb811b6 100644
--- a/apps/dav/lib/CalDAV/Proxy/ProxyMapper.php
+++ b/apps/dav/lib/CalDAV/Proxy/ProxyMapper.php
@@ -27,17 +27,27 @@ namespace OCA\DAV\CalDAV\Proxy;
 use OCP\AppFramework\Db\QBMapper;
 use OCP\IDBConnection;
 
+/**
+ * Class ProxyMapper
+ *
+ * @package OCA\DAV\CalDAV\Proxy
+ */
 class ProxyMapper extends QBMapper {
 
 	const PERMISSION_READ  = 1;
 	const PERMISSION_WRITE = 2;
 
+	/**
+	 * ProxyMapper constructor.
+	 *
+	 * @param IDBConnection $db
+	 */
 	public function __construct(IDBConnection $db) {
 		parent::__construct($db, 'dav_cal_proxy', Proxy::class);
 	}
 
 	/**
-	 * @param string $proxyId The userId that can act as a proxy for the resulting calendars
+	 * @param string $proxyId The principal uri that can act as a proxy for the resulting calendars
 	 *
 	 * @return Proxy[]
 	 */
@@ -52,7 +62,7 @@ class ProxyMapper extends QBMapper {
 	}
 
 	/**
-	 * @param string $ownerId The userId that has the resulting proxies for their calendars
+	 * @param string $ownerId The principal uri that has the resulting proxies for their calendars
 	 *
 	 * @return Proxy[]
 	 */
diff --git a/apps/dav/lib/CalDAV/ResourceBooking/AbstractPrincipalBackend.php b/apps/dav/lib/CalDAV/ResourceBooking/AbstractPrincipalBackend.php
index aab5fcab8ad..63ed3381d14 100644
--- a/apps/dav/lib/CalDAV/ResourceBooking/AbstractPrincipalBackend.php
+++ b/apps/dav/lib/CalDAV/ResourceBooking/AbstractPrincipalBackend.php
@@ -22,6 +22,8 @@
  */
 namespace OCA\DAV\CalDAV\ResourceBooking;
 
+use OCA\DAV\CalDAV\Proxy\ProxyMapper;
+use OCA\DAV\Traits\PrincipalProxyTrait;
 use OCP\IDBConnection;
 use OCP\IGroupManager;
 use OCP\ILogger;
@@ -44,6 +46,9 @@ abstract class AbstractPrincipalBackend implements BackendInterface {
 	/** @var ILogger */
 	private $logger;
 
+	/** @var ProxyMapper */
+	private $proxyMapper;
+
 	/** @var string */
 	private $principalPrefix;
 
@@ -72,6 +77,7 @@ abstract class AbstractPrincipalBackend implements BackendInterface {
 								IUserSession $userSession,
 								IGroupManager $groupManager,
 								ILogger $logger,
+								ProxyMapper $proxyMapper,
 								string $principalPrefix,
 								string $dbPrefix,
 								string $cuType) {
@@ -79,6 +85,7 @@ abstract class AbstractPrincipalBackend implements BackendInterface {
 		$this->userSession = $userSession;
 		$this->groupManager = $groupManager;
 		$this->logger = $logger;
+		$this->proxyMapper = $proxyMapper;
 		$this->principalPrefix = $principalPrefix;
 		$this->dbTableName = 'calendar_' . $dbPrefix . 's';
 		$this->dbMetaDataTableName = $this->dbTableName . '_md';
@@ -86,6 +93,8 @@ abstract class AbstractPrincipalBackend implements BackendInterface {
 		$this->cuType = $cuType;
 	}
 
+	use PrincipalProxyTrait;
+
 	/**
 	 * Returns a list of principals based on a prefix.
 	 *
@@ -216,39 +225,6 @@ abstract class AbstractPrincipalBackend implements BackendInterface {
 	}
 
 	/**
-	 * Returns the list of members for a group-principal
-	 *
-	 * @param string $principal
-	 * @return string[]
-	 */
-	public function getGroupMemberSet($principal) {
-		return [];
-	}
-
-	/**
-	 * Returns the list of groups a principal is a member of
-	 *
-	 * @param string $principal
-	 * @return array
-	 */
-	public function getGroupMembership($principal) {
-		return [];
-	}
-
-	/**
-	 * Updates the list of group members for a group principal.
-	 *
-	 * The principals should be passed as a list of uri's.
-	 *
-	 * @param string $principal
-	 * @param string[] $members
-	 * @throws Exception
-	 */
-	public function setGroupMemberSet($principal, array $members) {
-		throw new Exception('Setting members of the group is not supported yet');
-	}
-
-	/**
 	 * @param string $path
 	 * @param PropPatch $propPatch
 	 * @return int
diff --git a/apps/dav/lib/CalDAV/ResourceBooking/ResourcePrincipalBackend.php b/apps/dav/lib/CalDAV/ResourceBooking/ResourcePrincipalBackend.php
index 0f6e6e7b4fd..128e6c21fad 100644
--- a/apps/dav/lib/CalDAV/ResourceBooking/ResourcePrincipalBackend.php
+++ b/apps/dav/lib/CalDAV/ResourceBooking/ResourcePrincipalBackend.php
@@ -22,24 +22,34 @@
  */
 namespace OCA\DAV\CalDAV\ResourceBooking;
 
+use OCA\DAV\CalDAV\Proxy\ProxyMapper;
 use OCP\IDBConnection;
 use OCP\IGroupManager;
 use OCP\ILogger;
 use OCP\IUserSession;
 
+/**
+ * Class ResourcePrincipalBackend
+ *
+ * @package OCA\DAV\CalDAV\ResourceBooking
+ */
 class ResourcePrincipalBackend extends AbstractPrincipalBackend {
 
 	/**
+	 * ResourcePrincipalBackend constructor.
+	 *
 	 * @param IDBConnection $dbConnection
 	 * @param IUserSession $userSession
 	 * @param IGroupManager $groupManager
 	 * @param ILogger $logger
+	 * @param ProxyMapper $proxyMapper
 	 */
 	public function __construct(IDBConnection $dbConnection,
 								IUserSession $userSession,
 								IGroupManager $groupManager,
-								ILogger $logger) {
+								ILogger $logger,
+								ProxyMapper $proxyMapper) {
 		parent::__construct($dbConnection, $userSession, $groupManager, $logger,
-			'principals/calendar-resources', 'resource', 'RESOURCE');
+			$proxyMapper, 'principals/calendar-resources', 'resource', 'RESOURCE');
 	}
 }
diff --git a/apps/dav/lib/CalDAV/ResourceBooking/RoomPrincipalBackend.php b/apps/dav/lib/CalDAV/ResourceBooking/RoomPrincipalBackend.php
index 68a344aa0ca..3e9e8f68852 100644
--- a/apps/dav/lib/CalDAV/ResourceBooking/RoomPrincipalBackend.php
+++ b/apps/dav/lib/CalDAV/ResourceBooking/RoomPrincipalBackend.php
@@ -22,24 +22,34 @@
  */
 namespace OCA\DAV\CalDAV\ResourceBooking;
 
+use OCA\DAV\CalDAV\Proxy\ProxyMapper;
 use OCP\IDBConnection;
 use OCP\IGroupManager;
 use OCP\ILogger;
 use OCP\IUserSession;
 
+/**
+ * Class RoomPrincipalBackend
+ *
+ * @package OCA\DAV\CalDAV\ResourceBooking
+ */
 class RoomPrincipalBackend extends AbstractPrincipalBackend {
 
 	/**
+	 * RoomPrincipalBackend constructor.
+	 *
 	 * @param IDBConnection $dbConnection
 	 * @param IUserSession $userSession
 	 * @param IGroupManager $groupManager
 	 * @param ILogger $logger
+	 * @param ProxyMapper $proxyMapper
 	 */
 	public function __construct(IDBConnection $dbConnection,
 								IUserSession $userSession,
 								IGroupManager $groupManager,
-								ILogger $logger) {
+								ILogger $logger,
+								ProxyMapper $proxyMapper) {
 		parent::__construct($dbConnection, $userSession, $groupManager, $logger,
-			'principals/calendar-rooms', 'room', 'ROOM');
+			$proxyMapper, 'principals/calendar-rooms', 'room', 'ROOM');
 	}
 }