Add ability to limit sharing to owner

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

1 files changed, 13 insertions, 1 deletions

diff --git a/apps/dav/lib/DAV/Sharing/Plugin.php b/apps/dav/lib/DAV/Sharing/Plugin.php
index f8967a788b9..06bc5b2157f 100644
--- a/apps/dav/lib/DAV/Sharing/Plugin.php
+++ b/apps/dav/lib/DAV/Sharing/Plugin.php
@@ -27,6 +27,7 @@ namespace OCA\DAV\DAV\Sharing;
 use OCA\DAV\Connector\Sabre\Auth;
 use OCA\DAV\DAV\Sharing\Xml\Invite;
 use OCA\DAV\DAV\Sharing\Xml\ShareRequest;
+use OCP\IConfig;
 use OCP\IRequest;
 use Sabre\DAV\Exception\NotFound;
 use Sabre\DAV\INode;
@@ -46,15 +47,20 @@ class Plugin extends ServerPlugin {
 	/** @var IRequest */
 	private $request;
 
+	/** @var IConfig */
+	private $config;
+
 	/**
 	 * Plugin constructor.
 	 *
 	 * @param Auth $authBackEnd
 	 * @param IRequest $request
+	 * @param IConfig $config
 	 */
-	public function __construct(Auth $authBackEnd, IRequest $request) {
+	public function __construct(Auth $authBackEnd, IRequest $request, IConfig $config) {
 		$this->auth = $authBackEnd;
 		$this->request = $request;
+		$this->config = $config;
 	}
 
 	/**
@@ -164,6 +170,12 @@ class Plugin extends ServerPlugin {
 				if ($acl) {
 					/** @var \Sabre\DAVACL\Plugin $acl */
 					$acl->checkPrivileges($path, '{DAV:}write');
+
+					$limitSharingToOwner = $this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes';
+					$isOwner = $acl->getCurrentUserPrincipal() === $node->getOwner();
+					if ($limitSharingToOwner && !$isOwner) {
+						return;
+					}
 				}
 
 				$node->updateShares($message->set, $message->remove);