aboutsummaryrefslogtreecommitdiffstats
path: root/apps/dav
diff options
context:
space:
mode:
authorRichard Steinmetz <richard@steinmetz.cloud>2024-02-19 09:39:26 +0100
committerRichard Steinmetz <richard@steinmetz.cloud>2024-02-19 20:44:17 +0100
commit8cce736dcb30d0bd2887672f26e4a2466c4cd92b (patch)
treea726262b74b2b82eff6508cb4b5034b3a6bff8c6 /apps/dav
parent82af5cc5922a215d17ad87883a7662dc310976fa (diff)
downloadnextcloud-server-8cce736dcb30d0bd2887672f26e4a2466c4cd92b.tar.gz
nextcloud-server-8cce736dcb30d0bd2887672f26e4a2466c4cd92b.zip
perf: skip request without read permission
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
Diffstat (limited to 'apps/dav')
-rw-r--r--apps/dav/lib/Connector/Sabre/DavAclPlugin.php13
1 files changed, 9 insertions, 4 deletions
diff --git a/apps/dav/lib/Connector/Sabre/DavAclPlugin.php b/apps/dav/lib/Connector/Sabre/DavAclPlugin.php
index e643304ecec..61fac7250bc 100644
--- a/apps/dav/lib/Connector/Sabre/DavAclPlugin.php
+++ b/apps/dav/lib/Connector/Sabre/DavAclPlugin.php
@@ -8,6 +8,7 @@
* @author Robin Appelman <robin@icewind.nl>
* @author Roeland Jago Douma <roeland@famdouma.nl>
* @author Thomas Müller <thomas.mueller@tmit.eu>
+ * @author Richard Steinmetz <richard@steinmetz.cloud>
*
* @license AGPL-3.0
*
@@ -109,11 +110,15 @@ class DavAclPlugin extends \Sabre\DAVACL\Plugin {
parent::beforeMethod($request, $response);
- $createAddressbookOrCalendarRequest = ($request->getMethod() === 'MKCALENDAR' || $request->getMethod() === 'MKCOL')
- && (str_starts_with($path, 'addressbooks/') || str_starts_with($path, 'calendars/'));
+ if (!str_starts_with($path, 'addressbooks/') && !str_starts_with($path, 'calendars/')) {
+ return;
+ }
- if ($createAddressbookOrCalendarRequest) {
- [$parentName] = \Sabre\Uri\split($path);
+ [$parentName] = \Sabre\Uri\split($path);
+ if ($request->getMethod() === 'REPORT') {
+ // is calendars/users/bob or addressbooks/users/bob readable?
+ $this->checkPrivileges($parentName, '{DAV:}read');
+ } elseif ($request->getMethod() === 'MKCALENDAR' || $request->getMethod() === 'MKCOL') {
// is calendars/users/bob or addressbooks/users/bob writeable?
$this->checkPrivileges($parentName, '{DAV:}write');
}