Restrict autocompletion also based on the phonebook known users

Signed-off-by: Joas Schilling <coding@schilljs.com>

4 files changed, 62 insertions, 35 deletions

diff --git a/apps/dav/lib/CardDAV/SystemAddressbook.php b/apps/dav/lib/CardDAV/SystemAddressbook.php
index c7190c81319..5b952152711 100644
--- a/apps/dav/lib/CardDAV/SystemAddressbook.php
+++ b/apps/dav/lib/CardDAV/SystemAddressbook.php
@@ -43,8 +43,9 @@ class SystemAddressbook extends AddressBook {
 
 	public function getChildren() {
 		$shareEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes';
-		$restrictShareEnumeration = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
-		if (!$shareEnumeration || ($shareEnumeration && $restrictShareEnumeration)) {
+		$shareEnumerationGroup = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_group', 'no') === 'yes';
+		$shareEnumerationPhone = $this->config->getAppValue('core', 'shareapi_restrict_user_enumeration_to_phone', 'no') === 'yes';
+		if (!$shareEnumeration || $shareEnumerationGroup || $shareEnumerationPhone) {
 			return [];
 		}
 
diff --git a/apps/dav/lib/Command/CreateCalendar.php b/apps/dav/lib/Command/CreateCalendar.php
index 58c6a8c63fb..1d543c71bc2 100644
--- a/apps/dav/lib/Command/CreateCalendar.php
+++ b/apps/dav/lib/Command/CreateCalendar.php
@@ -27,6 +27,7 @@
 
 namespace OCA\DAV\Command;
 
+use OC\KnownUser\KnownUserService;
 use OCA\DAV\CalDAV\CalDavBackend;
 use OCA\DAV\CalDAV\Proxy\ProxyMapper;
 use OCA\DAV\Connector\Sabre\Principal;
@@ -86,6 +87,7 @@ class CreateCalendar extends Command {
 			\OC::$server->getUserSession(),
 			\OC::$server->getAppManager(),
 			\OC::$server->query(ProxyMapper::class),
+			\OC::$server->get(KnownUserService::class),
 			\OC::$server->getConfig()
 		);
 		$random = \OC::$server->getSecureRandom();
diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php
index c1b1dc1b2d1..94302a12b49 100644
--- a/apps/dav/lib/Connector/Sabre/Principal.php
+++ b/apps/dav/lib/Connector/Sabre/Principal.php
@@ -36,6 +36,7 @@
 
 namespace OCA\DAV\Connector\Sabre;
 
+use OC\KnownUser\KnownUserService;
 use OCA\Circles\Exceptions\CircleDoesNotExistException;
 use OCA\DAV\CalDAV\Proxy\ProxyMapper;
 use OCA\DAV\Traits\PrincipalProxyTrait;
@@ -82,27 +83,19 @@ class Principal implements BackendInterface {
 	/** @var ProxyMapper */
 	private $proxyMapper;
 
+	/** @var KnownUserService */
+	private $knownUserService;
+
 	/** @var IConfig */
 	private $config;
 
-	/**
-	 * Principal constructor.
-	 *
-	 * @param IUserManager $userManager
-	 * @param IGroupManager $groupManager
-	 * @param IShareManager $shareManager
-	 * @param IUserSession $userSession
-	 * @param IAppManager $appManager
-	 * @param ProxyMapper $proxyMapper
-	 * @param IConfig $config
-	 * @param string $principalPrefix
-	 */
 	public function __construct(IUserManager $userManager,
 								IGroupManager $groupManager,
 								IShareManager $shareManager,
 								IUserSession $userSession,
 								IAppManager $appManager,
 								ProxyMapper $proxyMapper,
+								KnownUserService $knownUserService,
 								IConfig $config,
 								string $principalPrefix = 'principals/users/') {
 		$this->userManager = $userManager;
@@ -113,6 +106,7 @@ class Principal implements BackendInterface {
 		$this->principalPrefix = trim($principalPrefix, '/');
 		$this->hasGroups = $this->hasCircles = ($principalPrefix === 'principals/users/');
 		$this->proxyMapper = $proxyMapper;
+		$this->knownUserService = $knownUserService;
 		$this->config = $config;
 	}
 
@@ -267,24 +261,24 @@ class Principal implements BackendInterface {
 		}
 
 		$allowEnumeration = $this->shareManager->allowEnumeration();
-		$limitEnumeration = $this->shareManager->limitEnumerationToGroups();
+		$limitEnumerationGroup = $this->shareManager->limitEnumerationToGroups();
+		$limitEnumerationPhone = $this->shareManager->limitEnumerationToPhone();
 
 		// If sharing is restricted to group members only,
 		// return only members that have groups in common
 		$restrictGroups = false;
+		$currentUser = $this->userSession->getUser();
 		if ($this->shareManager->shareWithGroupMembersOnly()) {
-			$user = $this->userSession->getUser();
-			if (!$user) {
+			if (!$currentUser instanceof IUser) {
 				return [];
 			}
 
-			$restrictGroups = $this->groupManager->getUserGroupIds($user);
+			$restrictGroups = $this->groupManager->getUserGroupIds($currentUser);
 		}
 
 		$currentUserGroups = [];
-		if ($limitEnumeration) {
-			$currentUser = $this->userSession->getUser();
-			if ($currentUser) {
+		if ($limitEnumerationGroup) {
+			if ($currentUser instanceof IUser) {
 				$currentUserGroups = $this->groupManager->getUserGroupIds($currentUser);
 			}
 		}
@@ -302,14 +296,28 @@ class Principal implements BackendInterface {
 						$users = \array_filter($users, static function (IUser $user) use ($value) {
 							return $user->getEMailAddress() === $value;
 						});
-					}
+					} else {
+						$users = \array_filter($users, function (IUser $user) use ($currentUser, $value, $limitEnumerationPhone, $limitEnumerationGroup, $currentUserGroups) {
+							if ($user->getEMailAddress() === $value) {
+								return true;
+							}
 
-					if ($limitEnumeration) {
-						$users = \array_filter($users, function (IUser $user) use ($currentUserGroups, $value) {
-							return !empty(array_intersect(
-									$this->groupManager->getUserGroupIds($user),
-									$currentUserGroups
-								)) || $user->getEMailAddress() === $value;
+							if ($limitEnumerationPhone
+								&& $currentUser instanceof IUser
+								&& $this->knownUserService->isKnownToUser($currentUser->getUID(), $user->getUID())) {
+								// Synced phonebook match
+								return true;
+							}
+
+							if (!$limitEnumerationGroup) {
+								// No limitation on enumeration, all allowed
+								return true;
+							}
+
+							return !empty($currentUserGroups) && !empty(array_intersect(
+								$this->groupManager->getUserGroupIds($user),
+								$currentUserGroups
+							));
 						});
 					}
 
@@ -334,14 +342,28 @@ class Principal implements BackendInterface {
 						$users = \array_filter($users, static function (IUser $user) use ($value) {
 							return $user->getDisplayName() === $value;
 						});
-					}
+					} else {
+						$users = \array_filter($users, function (IUser $user) use ($currentUser, $value, $limitEnumerationPhone, $limitEnumerationGroup, $currentUserGroups) {
+							if ($user->getDisplayName() === $value) {
+								return true;
+							}
+
+							if ($limitEnumerationPhone
+								&& $currentUser instanceof IUser
+								&& $this->knownUserService->isKnownToUser($currentUser->getUID(), $user->getUID())) {
+								// Synced phonebook match
+								return true;
+							}
+
+							if (!$limitEnumerationGroup) {
+								// No limitation on enumeration, all allowed
+								return true;
+							}
 
-					if ($limitEnumeration) {
-						$users = \array_filter($users, function (IUser $user) use ($currentUserGroups, $value) {
-							return !empty(array_intersect(
-									$this->groupManager->getUserGroupIds($user),
-									$currentUserGroups
-								)) || $user->getDisplayName() === $value;
+							return !empty($currentUserGroups) && !empty(array_intersect(
+								$this->groupManager->getUserGroupIds($user),
+								$currentUserGroups
+							));
 						});
 					}
 
diff --git a/apps/dav/lib/RootCollection.php b/apps/dav/lib/RootCollection.php
index 18874ecf748..16a209a98f0 100644
--- a/apps/dav/lib/RootCollection.php
+++ b/apps/dav/lib/RootCollection.php
@@ -28,6 +28,7 @@
 
 namespace OCA\DAV;
 
+use OC\KnownUser\KnownUserService;
 use OCA\DAV\AppInfo\PluginManager;
 use OCA\DAV\CalDAV\CalDavBackend;
 use OCA\DAV\CalDAV\CalendarRoot;
@@ -70,6 +71,7 @@ class RootCollection extends SimpleCollection {
 			\OC::$server->getUserSession(),
 			\OC::$server->getAppManager(),
 			$proxyMapper,
+			\OC::$server->get(KnownUserService::class),
 			\OC::$server->getConfig()
 		);
 		$groupPrincipalBackend = new GroupPrincipalBackend($groupManager, $userSession, $shareManager, $config);