diff options
author | Richard Steinmetz <richard@steinmetz.cloud> | 2024-02-19 09:39:26 +0100 |
---|---|---|
committer | Richard Steinmetz <richard@steinmetz.cloud> | 2024-02-19 20:44:17 +0100 |
commit | 8cce736dcb30d0bd2887672f26e4a2466c4cd92b (patch) | |
tree | a726262b74b2b82eff6508cb4b5034b3a6bff8c6 /apps/dav | |
parent | 82af5cc5922a215d17ad87883a7662dc310976fa (diff) | |
download | nextcloud-server-8cce736dcb30d0bd2887672f26e4a2466c4cd92b.tar.gz nextcloud-server-8cce736dcb30d0bd2887672f26e4a2466c4cd92b.zip |
perf: skip request without read permission
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Diffstat (limited to 'apps/dav')
-rw-r--r-- | apps/dav/lib/Connector/Sabre/DavAclPlugin.php | 13 |
1 files changed, 9 insertions, 4 deletions
diff --git a/apps/dav/lib/Connector/Sabre/DavAclPlugin.php b/apps/dav/lib/Connector/Sabre/DavAclPlugin.php index e643304ecec..61fac7250bc 100644 --- a/apps/dav/lib/Connector/Sabre/DavAclPlugin.php +++ b/apps/dav/lib/Connector/Sabre/DavAclPlugin.php @@ -8,6 +8,7 @@ * @author Robin Appelman <robin@icewind.nl> * @author Roeland Jago Douma <roeland@famdouma.nl> * @author Thomas Müller <thomas.mueller@tmit.eu> + * @author Richard Steinmetz <richard@steinmetz.cloud> * * @license AGPL-3.0 * @@ -109,11 +110,15 @@ class DavAclPlugin extends \Sabre\DAVACL\Plugin { parent::beforeMethod($request, $response); - $createAddressbookOrCalendarRequest = ($request->getMethod() === 'MKCALENDAR' || $request->getMethod() === 'MKCOL') - && (str_starts_with($path, 'addressbooks/') || str_starts_with($path, 'calendars/')); + if (!str_starts_with($path, 'addressbooks/') && !str_starts_with($path, 'calendars/')) { + return; + } - if ($createAddressbookOrCalendarRequest) { - [$parentName] = \Sabre\Uri\split($path); + [$parentName] = \Sabre\Uri\split($path); + if ($request->getMethod() === 'REPORT') { + // is calendars/users/bob or addressbooks/users/bob readable? + $this->checkPrivileges($parentName, '{DAV:}read'); + } elseif ($request->getMethod() === 'MKCALENDAR' || $request->getMethod() === 'MKCOL') { // is calendars/users/bob or addressbooks/users/bob writeable? $this->checkPrivileges($parentName, '{DAV:}write'); } |