diff options
| author | Joas Schilling <coding@schilljs.com> | 2021-03-10 17:18:44 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2021-03-11 08:40:26 +0100 |
| commit | 77f6d768bc7f6c592ce79ee64155501f010e78eb (patch) | |
| tree | 66713e52b8acc7a7613be9ed192b97367e070252 /apps/dav/lib | |
| parent | 8069c52a85e9b11836225d542b449fff3906e765 (diff) | |
| download | nextcloud-server-77f6d768bc7f6c592ce79ee64155501f010e78eb.tar.gz nextcloud-server-77f6d768bc7f6c592ce79ee64155501f010e78eb.zip | |
Add a setting to restrict returning a full match unless in phonebook or same group
Signed-off-by: Joas Schilling <coding@schilljs.com>
Diffstat (limited to 'apps/dav/lib')
| -rw-r--r-- | apps/dav/lib/Connector/Sabre/Principal.php | 36 |
1 files changed, 23 insertions, 13 deletions
diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php index 94302a12b49..326338310d3 100644 --- a/apps/dav/lib/Connector/Sabre/Principal.php +++ b/apps/dav/lib/Connector/Sabre/Principal.php @@ -263,6 +263,7 @@ class Principal implements BackendInterface { $allowEnumeration = $this->shareManager->allowEnumeration(); $limitEnumerationGroup = $this->shareManager->limitEnumerationToGroups(); $limitEnumerationPhone = $this->shareManager->limitEnumerationToPhone(); + $allowEnumerationFullMatch = $this->shareManager->allowEnumerationFullMatch(); // If sharing is restricted to group members only, // return only members that have groups in common @@ -290,15 +291,19 @@ class Principal implements BackendInterface { foreach ($searchProperties as $prop => $value) { switch ($prop) { case '{http://sabredav.org/ns}email-address': - $users = $this->userManager->getByEmail($value); - if (!$allowEnumeration) { - $users = \array_filter($users, static function (IUser $user) use ($value) { - return $user->getEMailAddress() === $value; - }); + if ($allowEnumerationFullMatch) { + $users = $this->userManager->getByEmail($value); + $users = \array_filter($users, static function (IUser $user) use ($value) { + return $user->getEMailAddress() === $value; + }); + } else { + $users = []; + } } else { - $users = \array_filter($users, function (IUser $user) use ($currentUser, $value, $limitEnumerationPhone, $limitEnumerationGroup, $currentUserGroups) { - if ($user->getEMailAddress() === $value) { + $users = $this->userManager->getByEmail($value); + $users = \array_filter($users, function (IUser $user) use ($currentUser, $value, $limitEnumerationPhone, $limitEnumerationGroup, $allowEnumerationFullMatch, $currentUserGroups) { + if ($allowEnumerationFullMatch && $user->getEMailAddress() === $value) { return true; } @@ -336,15 +341,20 @@ class Principal implements BackendInterface { break; case '{DAV:}displayname': - $users = $this->userManager->searchDisplayName($value, $searchLimit); if (!$allowEnumeration) { - $users = \array_filter($users, static function (IUser $user) use ($value) { - return $user->getDisplayName() === $value; - }); + if ($allowEnumerationFullMatch) { + $users = $this->userManager->searchDisplayName($value, $searchLimit); + $users = \array_filter($users, static function (IUser $user) use ($value) { + return $user->getDisplayName() === $value; + }); + } else { + $users = []; + } } else { - $users = \array_filter($users, function (IUser $user) use ($currentUser, $value, $limitEnumerationPhone, $limitEnumerationGroup, $currentUserGroups) { - if ($user->getDisplayName() === $value) { + $users = $this->userManager->searchDisplayName($value, $searchLimit); + $users = \array_filter($users, function (IUser $user) use ($currentUser, $value, $limitEnumerationPhone, $limitEnumerationGroup, $allowEnumerationFullMatch, $currentUserGroups) { + if ($allowEnumerationFullMatch && $user->getDisplayName() === $value) { return true; } |