Merge pull request #9707 from nextcloud/bugfix-stable13/noid/override_freebusy_sharing_rules

[stable13] allow admins to override FreeBusy capabilities without modifying ShareAPI capabilities
author: Morris Jobke <hey@morrisjobke.de> 2018-06-01 12:01:43 +0200
committer: GitHub <noreply@github.com> 2018-06-01 12:01:43 +0200
commit: 5c92da22694805cf36842f5dbfebbaf09308354d (patch)
tree: dff183e7fe371b46fdfec33b668d5542f66f8711 /apps/dav
parent: 3595aa68b93150d9aac4a450c4fd0635c1db66dd (diff)
parent: 08ad45e40b597ce82309b32e608817441dd5ff39 (diff)
download: nextcloud-server-5c92da22694805cf36842f5dbfebbaf09308354d.tar.gz
nextcloud-server-5c92da22694805cf36842f5dbfebbaf09308354d.zip
6 files changed, 168 insertions, 87 deletions
diff --git a/apps/dav/appinfo/v1/caldav.php b/apps/dav/appinfo/v1/caldav.php
index b4907ce94cb..ecc4fbb8b60 100644
--- a/apps/dav/appinfo/v1/caldav.php
+++ b/apps/dav/appinfo/v1/caldav.php
@@ -46,6 +46,7 @@ $principalBackend = new Principal(
 	\OC::$server->getGroupManager(),
 	\OC::$server->getShareManager(),
 	\OC::$server->getUserSession(),
+	\OC::$server->getConfig(),
 	'principals/'
 );
 $db = \OC::$server->getDatabaseConnection();
diff --git a/apps/dav/appinfo/v1/carddav.php b/apps/dav/appinfo/v1/carddav.php
index eddc7a794ac..e55eee610ef 100644
--- a/apps/dav/appinfo/v1/carddav.php
+++ b/apps/dav/appinfo/v1/carddav.php
@@ -47,6 +47,7 @@ $principalBackend = new Principal(
 	\OC::$server->getGroupManager(),
 	\OC::$server->getShareManager(),
 	\OC::$server->getUserSession(),
+	\OC::$server->getConfig(),
 	'principals/'
 );
 $db = \OC::$server->getDatabaseConnection();
diff --git a/apps/dav/lib/Command/CreateCalendar.php b/apps/dav/lib/Command/CreateCalendar.php
index 1cbd7b60944..45dd9ba941a 100644
--- a/apps/dav/lib/Command/CreateCalendar.php
+++ b/apps/dav/lib/Command/CreateCalendar.php
@@ -77,7 +77,8 @@ class CreateCalendar extends Command {
 			$this->userManager,
 			$this->groupManager,
 			\OC::$server->getShareManager(),
-			\OC::$server->getUserSession()
+			\OC::$server->getUserSession(),
+			\OC::$server->getConfig()
 		);
 		$random = \OC::$server->getSecureRandom();
 		$logger = \OC::$server->getLogger();
diff --git a/apps/dav/lib/Connector/Sabre/Principal.php b/apps/dav/lib/Connector/Sabre/Principal.php
index 250d67aafd1..18893c9cbe5 100644
--- a/apps/dav/lib/Connector/Sabre/Principal.php
+++ b/apps/dav/lib/Connector/Sabre/Principal.php
@@ -30,6 +30,7 @@
 
 namespace OCA\DAV\Connector\Sabre;
 
+use OCP\IConfig;
 use OCP\IGroup;
 use OCP\IGroupManager;
 use OCP\IUser;
@@ -55,6 +56,9 @@ class Principal implements BackendInterface {
 	/** @var IUserSession */
 	private $userSession;
 
+	/** @var IConfig */
+	private $config;
+
 	/** @var string */
 	private $principalPrefix;
 
@@ -66,17 +70,20 @@ class Principal implements BackendInterface {
 	 * @param IGroupManager $groupManager
 	 * @param IShareManager $shareManager
 	 * @param IUserSession $userSession
+	 * @param IConfig $config
 	 * @param string $principalPrefix
 	 */
 	public function __construct(IUserManager $userManager,
 								IGroupManager $groupManager,
 								IShareManager $shareManager,
 								IUserSession $userSession,
+								IConfig $config,
 								$principalPrefix = 'principals/users/') {
 		$this->userManager = $userManager;
 		$this->groupManager = $groupManager;
 		$this->shareManager = $shareManager;
 		$this->userSession = $userSession;
+		$this->config = $config;
 		$this->principalPrefix = trim($principalPrefix, '/');
 		$this->hasGroups = ($principalPrefix === 'principals/users/');
 	}
@@ -206,8 +213,10 @@ class Principal implements BackendInterface {
 	protected function searchUserPrincipals(array $searchProperties, $test = 'allof') {
 		$results = [];
 
-		// If sharing is disabled, return the empty array
-		if (!$this->shareManager->shareApiEnabled()) {
+		// If sharing is disabled (or FreeBusy was disabled on purpose), return the empty array
+		$shareAPIEnabled = $this->shareManager->shareApiEnabled();
+		$disableFreeBusy = $this->config->getAppValue('dav', 'disableFreeBusy', $shareAPIEnabled ? 'no' : 'yes');
+		if ($disableFreeBusy === 'yes') {
 			return [];
 		}
 
@@ -290,8 +299,10 @@ class Principal implements BackendInterface {
 	 * @return string
 	 */
 	function findByUri($uri, $principalPrefix) {
-		// If sharing is disabled, return null as in user not found
-		if (!$this->shareManager->shareApiEnabled()) {
+		// If sharing is disabled (or FreeBusy was disabled on purpose), return the empty array
+		$shareAPIEnabled = $this->shareManager->shareApiEnabled();
+		$disableFreeBusy = $this->config->getAppValue('dav', 'disableFreeBusy', $shareAPIEnabled ? 'no' : 'yes');
+		if ($disableFreeBusy === 'yes') {
 			return null;
 		}
 
diff --git a/apps/dav/lib/RootCollection.php b/apps/dav/lib/RootCollection.php
index a39b8716110..b9f381b4b92 100644
--- a/apps/dav/lib/RootCollection.php
+++ b/apps/dav/lib/RootCollection.php
@@ -51,7 +51,8 @@ class RootCollection extends SimpleCollection {
 			$userManager,
 			$groupManager,
 			$shareManager,
-			\OC::$server->getUserSession()
+			\OC::$server->getUserSession(),
+			$config
 		);
 		$groupPrincipalBackend = new GroupPrincipalBackend($groupManager);
 		// as soon as debug mode is enabled we allow listing of principals
diff --git a/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php b/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php
index 7b9929bc4f3..7e82c446760 100644
--- a/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php
+++ b/apps/dav/tests/unit/Connector/Sabre/PrincipalTest.php
@@ -27,6 +27,7 @@
 namespace OCA\DAV\Tests\unit\Connector\Sabre;
 
 use OC\User\User;
+use OCP\IConfig;
 use OCP\IGroup;
 use OCP\IGroupManager;
 use OCP\IUser;
@@ -47,18 +48,22 @@ class PrincipalTest extends TestCase {
 	private $shareManager;
 	/** @var IUserSession | \PHPUnit_Framework_MockObject_MockObject */
 	private $userSession;
+	/** @var IConfig | \PHPUnit_Framework_MockObject_MockObject  */
+	private $config;
 
 	public function setUp() {
 		$this->userManager = $this->createMock(IUserManager::class);
 		$this->groupManager = $this->createMock(IGroupManager::class);
 		$this->shareManager = $this->createMock(IManager::class);
 		$this->userSession = $this->createMock(IUserSession::class);
+		$this->config = $this->createMock(IConfig::class);
 
 		$this->connector = new \OCA\DAV\Connector\Sabre\Principal(
 			$this->userManager,
 			$this->groupManager,
 			$this->shareManager,
-			$this->userSession);
+			$this->userSession,
+			$this->config);
 		parent::setUp();
 	}
 
@@ -278,26 +283,37 @@ class PrincipalTest extends TestCase {
 	/**
 	 * @dataProvider searchPrincipalsDataProvider
 	 */
-	public function testSearchPrincipals($sharingEnabled, $groupsOnly, $result) {
+	public function testSearchPrincipals($disableFreeBusy, $sharingEnabled, $disableFBSharingCombination, $groupsOnly, $result) {
 		$this->shareManager->expects($this->once())
 			->method('shareAPIEnabled')
 			->will($this->returnValue($sharingEnabled));
-
-		if ($sharingEnabled) {
-			$this->shareManager->expects($this->once())
-				->method('shareWithGroupMembersOnly')
-				->will($this->returnValue($groupsOnly));
-
-			if ($groupsOnly) {
-				$user = $this->createMock(IUser::class);
-				$this->userSession->expects($this->once())
-					->method('getUser')
-					->will($this->returnValue($user));
-
-				$this->groupManager->expects($this->at(0))
-					->method('getUserGroupIds')
-					->with($user)
-					->will($this->returnValue(['group1', 'group2']));
+		$this->config->expects($this->once())
+			->method('getAppValue')
+			->with('dav', 'disableFreeBusy', $sharingEnabled ? 'no' : 'yes')
+			->will($this->returnValue($disableFBSharingCombination));
+
+		if ($disableFreeBusy === 'no') {
+			if ($sharingEnabled) {
+				$this->shareManager->expects($this->once())
+					->method('shareWithGroupMembersOnly')
+					->will($this->returnValue($groupsOnly));
+
+				if ($groupsOnly) {
+					$user = $this->createMock(IUser::class);
+					$this->userSession->expects($this->once())
+						->method('getUser')
+						->will($this->returnValue($user));
+
+					$this->groupManager->expects($this->at(0))
+						->method('getUserGroupIds')
+						->with($user)
+						->will($this->returnValue(['group1', 'group2']));
+				}
+			} else {
+				$this->shareManager->expects($this->never())
+					->method('shareWithGroupMembersOnly');
+				$this->groupManager->expects($this->never())
+					->method($this->anything());
 			}
 		} else {
 			$this->shareManager->expects($this->never())
@@ -306,27 +322,43 @@ class PrincipalTest extends TestCase {
 				->method($this->anything());
 		}
 
+
 		$user2 = $this->createMock(IUser::class);
 		$user2->method('getUID')->will($this->returnValue('user2'));
 		$user3 = $this->createMock(IUser::class);
 		$user3->method('getUID')->will($this->returnValue('user3'));
 
-		if ($sharingEnabled) {
-			$this->userManager->expects($this->at(0))
-				->method('getByEmail')
-				->with('user')
-				->will($this->returnValue([$user2, $user3]));
+		if ($disableFreeBusy === 'no') {
+			if ($sharingEnabled) {
+				$this->userManager->expects($this->at(0))
+					->method('getByEmail')
+					->with('user')
+					->will($this->returnValue([$user2, $user3]));
+			} else {
+				$this->userManager->expects($this->never())
+					->method('getByEmail');
+			}
+		} else {
+			$this->userManager->expects($this->never())
+				->method('getByEmail');
 		}
 
-		if ($sharingEnabled && $groupsOnly) {
-			$this->groupManager->expects($this->at(1))
-				->method('getUserGroupIds')
-				->with($user2)
-				->will($this->returnValue(['group1', 'group3']));
-			$this->groupManager->expects($this->at(2))
-				->method('getUserGroupIds')
-				->with($user3)
-				->will($this->returnValue(['group3', 'group4']));
+		if ($disableFreeBusy === 'no') {
+			if ($sharingEnabled && $groupsOnly) {
+				$this->groupManager->expects($this->at(1))
+					->method('getUserGroupIds')
+					->with($user2)
+					->will($this->returnValue(['group1', 'group3']));
+				$this->groupManager->expects($this->at(2))
+					->method('getUserGroupIds')
+					->with($user3)
+					->will($this->returnValue(['group3', 'group4']));
+			}
+		} else {
+			$this->groupManager->expects($this->never())
+				->method('getUserGroupIds');
+			$this->groupManager->expects($this->never())
+				->method('getUserGroupIds');
 		}
 
 		$this->assertEquals($result, $this->connector->searchPrincipals('principals/users',
@@ -335,9 +367,12 @@ class PrincipalTest extends TestCase {
 
 	public function searchPrincipalsDataProvider() {
 		return [
-			[true, false, ['principals/users/user2', 'principals/users/user3']],
-			[true, true, ['principals/users/user2']],
-			[false, false, []],
+			['yes', true, 'yes', false, []],
+			['no', true, 'no', false, ['principals/users/user2', 'principals/users/user3']],
+			['yes', true, 'yes', true, []],
+			['no', true, 'no', true, ['principals/users/user2']],
+			['yes', false, 'yes', false, []],
+			['no', false, 'yes', false, []],
 		];
 	}
 
@@ -345,6 +380,10 @@ class PrincipalTest extends TestCase {
 		$this->shareManager->expects($this->once())
 			->method('shareApiEnabled')
 			->will($this->returnValue(false));
+		$this->config->expects($this->once())
+			->method('getAppValue')
+			->with('dav', 'disableFreeBusy', 'yes')
+			->will($this->returnValue('yes'));
 
 		$this->assertEquals(null, $this->connector->findByUri('mailto:user@foo.com', 'principals/users'));
 	}
@@ -352,45 +391,56 @@ class PrincipalTest extends TestCase {
 	/**
 	 * @dataProvider findByUriWithGroupRestrictionDataProvider
 	 */
-	public function testFindByUriWithGroupRestriction($uri, $email, $expects) {
+	public function testFindByUriWithGroupRestriction($disableFreeBusy, $uri, $email, $expects) {
 		$this->shareManager->expects($this->once())
 			->method('shareApiEnabled')
 			->will($this->returnValue(true));
+		$this->config->expects($this->once())
+			->method('getAppValue')
+			->with('dav', 'disableFreeBusy', 'no')
+			->will($this->returnValue($disableFreeBusy));
 
-		$this->shareManager->expects($this->once())
-			->method('shareWithGroupMembersOnly')
-			->will($this->returnValue(true));
+		if ($disableFreeBusy === 'yes') {
+			$this->shareManager->expects($this->never())
+				->method('shareWithGroupMembersOnly');
+			$this->userSession->expects($this->never())
+				->method('getUser');
+		} else {
+			$this->shareManager->expects($this->once())
+				->method('shareWithGroupMembersOnly')
+				->will($this->returnValue(true));
 
-		$user = $this->createMock(IUser::class);
-		$this->userSession->expects($this->once())
-			->method('getUser')
-			->will($this->returnValue($user));
+			$user = $this->createMock(IUser::class);
+			$this->userSession->expects($this->once())
+				->method('getUser')
+				->will($this->returnValue($user));
 
-		$this->groupManager->expects($this->at(0))
-			->method('getUserGroupIds')
-			->with($user)
-			->will($this->returnValue(['group1', 'group2']));
+			$this->groupManager->expects($this->at(0))
+				->method('getUserGroupIds')
+				->with($user)
+				->will($this->returnValue(['group1', 'group2']));
 
-		$user2 = $this->createMock(IUser::class);
-		$user2->method('getUID')->will($this->returnValue('user2'));
-		$user3 = $this->createMock(IUser::class);
-		$user3->method('getUID')->will($this->returnValue('user3'));
+			$user2 = $this->createMock(IUser::class);
+			$user2->method('getUID')->will($this->returnValue('user2'));
+			$user3 = $this->createMock(IUser::class);
+			$user3->method('getUID')->will($this->returnValue('user3'));
 
-		$this->userManager->expects($this->once())
-			->method('getByEmail')
-			->with($email)
-			->will($this->returnValue([$email === 'user2@foo.bar' ? $user2 : $user3]));
+			$this->userManager->expects($this->once())
+				->method('getByEmail')
+				->with($email)
+				->will($this->returnValue([$email === 'user2@foo.bar' ? $user2 : $user3]));
 
-		if ($email === 'user2@foo.bar') {
-			$this->groupManager->expects($this->at(1))
-				->method('getUserGroupIds')
-				->with($user2)
-				->will($this->returnValue(['group1', 'group3']));
-		} else {
-			$this->groupManager->expects($this->at(1))
-				->method('getUserGroupIds')
-				->with($user3)
-				->will($this->returnValue(['group3', 'group3']));
+			if ($email === 'user2@foo.bar') {
+				$this->groupManager->expects($this->at(1))
+					->method('getUserGroupIds')
+					->with($user2)
+					->will($this->returnValue(['group1', 'group3']));
+			} else {
+				$this->groupManager->expects($this->at(1))
+					->method('getUserGroupIds')
+					->with($user3)
+					->will($this->returnValue(['group3', 'group3']));
+			}
 		}
 
 		$this->assertEquals($expects, $this->connector->findByUri($uri, 'principals/users'));
@@ -398,40 +448,56 @@ class PrincipalTest extends TestCase {
 
 	public function findByUriWithGroupRestrictionDataProvider() {
 		return [
-			['mailto:user2@foo.bar', 'user2@foo.bar', 'principals/users/user2'],
-			['mailto:user3@foo.bar', 'user3@foo.bar', null],
+			['yes', 'mailto:user2@foo.bar', 'user2@foo.bar', null],
+			['no', 'mailto:user2@foo.bar', 'user2@foo.bar', 'principals/users/user2'],
+			['yes', 'mailto:user3@foo.bar', 'user3@foo.bar', null],
+			['no', 'mailto:user3@foo.bar', 'user3@foo.bar', null],
 		];
 	}
 
 	/**
 	 * @dataProvider findByUriWithoutGroupRestrictionDataProvider
 	 */
-	public function testFindByUriWithoutGroupRestriction($uri, $email, $expects) {
+	public function testFindByUriWithoutGroupRestriction($disableFreeBusy, $uri, $email, $expects) {
 		$this->shareManager->expects($this->once())
 			->method('shareApiEnabled')
 			->will($this->returnValue(true));
+		$this->config->expects($this->once())
+			->method('getAppValue')
+			->with('dav', 'disableFreeBusy', 'no')
+			->will($this->returnValue($disableFreeBusy));
 
-		$this->shareManager->expects($this->once())
-			->method('shareWithGroupMembersOnly')
-			->will($this->returnValue(false));
+		if ($disableFreeBusy === 'yes') {
+			$this->shareManager->expects($this->never())
+				->method('shareWithGroupMembersOnly');
 
-		$user2 = $this->createMock(IUser::class);
-		$user2->method('getUID')->will($this->returnValue('user2'));
-		$user3 = $this->createMock(IUser::class);
-		$user3->method('getUID')->will($this->returnValue('user3'));
+			$this->userManager->expects($this->never())
+				->method('getByEmail');
+		} else {
+			$this->shareManager->expects($this->once())
+				->method('shareWithGroupMembersOnly')
+				->will($this->returnValue(false));
 
-		$this->userManager->expects($this->once())
-			->method('getByEmail')
-			->with($email)
-			->will($this->returnValue([$email === 'user2@foo.bar' ? $user2 : $user3]));
+			$user2 = $this->createMock(IUser::class);
+			$user2->method('getUID')->will($this->returnValue('user2'));
+			$user3 = $this->createMock(IUser::class);
+			$user3->method('getUID')->will($this->returnValue('user3'));
+
+			$this->userManager->expects($this->once())
+				->method('getByEmail')
+				->with($email)
+				->will($this->returnValue([$email === 'user2@foo.bar' ? $user2 : $user3]));
+		}
 
 		$this->assertEquals($expects, $this->connector->findByUri($uri, 'principals/users'));
 	}
 
 	public function findByUriWithoutGroupRestrictionDataProvider() {
 		return [
-			['mailto:user2@foo.bar', 'user2@foo.bar', 'principals/users/user2'],
-			['mailto:user3@foo.bar', 'user3@foo.bar', 'principals/users/user3'],
+			['yes', 'mailto:user2@foo.bar', 'user2@foo.bar', null],
+			['yes', 'mailto:user3@foo.bar', 'user3@foo.bar', null],
+			['no', 'mailto:user2@foo.bar', 'user2@foo.bar', 'principals/users/user2'],
+			['no', 'mailto:user3@foo.bar', 'user3@foo.bar', 'principals/users/user3'],
 		];
 	}
 }
author	Morris Jobke <hey@morrisjobke.de>	2018-06-01 12:01:43 +0200
committer	GitHub <noreply@github.com>	2018-06-01 12:01:43 +0200
commit	5c92da22694805cf36842f5dbfebbaf09308354d (patch)
tree	dff183e7fe371b46fdfec33b668d5542f66f8711 /apps/dav
parent	3595aa68b93150d9aac4a450c4fd0635c1db66dd (diff)
parent	08ad45e40b597ce82309b32e608817441dd5ff39 (diff)
download	nextcloud-server-5c92da22694805cf36842f5dbfebbaf09308354d.tar.gz nextcloud-server-5c92da22694805cf36842f5dbfebbaf09308354d.zip