summaryrefslogtreecommitdiffstats
path: root/apps/dav
diff options
context:
space:
mode:
authorRoeland Jago Douma <rullzer@users.noreply.github.com>2020-08-21 09:23:35 +0200
committerGitHub <noreply@github.com>2020-08-21 09:23:35 +0200
commitcb28b81675897bddf991c930773195504664c05b (patch)
tree5d7567ecca29965856d987387b51b814ecb94eba /apps/dav
parent8b5c9a820d7acf72d48263ded4cb6694bb9e1fff (diff)
parent7f8e43c7a75aa6a48d6b40c8e449b0388fcc7e30 (diff)
downloadnextcloud-server-cb28b81675897bddf991c930773195504664c05b.tar.gz
nextcloud-server-cb28b81675897bddf991c930773195504664c05b.zip
Merge pull request #22333 from nextcloud/backport/22236/stable19
[stable19] CalDAV: Add ability to limit sharing to owner
Diffstat (limited to 'apps/dav')
-rw-r--r--apps/dav/lib/CalDAV/Publishing/PublishPlugin.php21
-rw-r--r--apps/dav/lib/DAV/Sharing/Plugin.php14
-rw-r--r--apps/dav/lib/Server.php4
-rw-r--r--apps/dav/tests/unit/CardDAV/Sharing/PluginTest.php4
-rw-r--r--apps/dav/tests/unit/DAV/Sharing/PluginTest.php4
5 files changed, 41 insertions, 6 deletions
diff --git a/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php b/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php
index eee651647cb..f34baffd784 100644
--- a/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php
+++ b/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php
@@ -133,7 +133,12 @@ class PublishPlugin extends ServerPlugin {
$canShare = (!$node->isSubscription() && $node->canWrite());
$canPublish = (!$node->isSubscription() && $node->canWrite());
- return new AllowedSharingModes($canShare, $canPublish);
+ if ($this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes') {
+ $canShare &= ($node->getOwner() === $node->getPrincipalURI());
+ $canPublish &= ($node->getOwner() === $node->getPrincipalURI());
+ }
+
+ return new AllowedSharingModes((bool)$canShare, (bool)$canPublish);
});
}
}
@@ -190,7 +195,14 @@ class PublishPlugin extends ServerPlugin {
// If there's no ACL support, we allow everything
if ($acl) {
+ /** @var \Sabre\DAVACL\Plugin $acl */
$acl->checkPrivileges($path, '{DAV:}write');
+
+ $limitSharingToOwner = $this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes';
+ $isOwner = $acl->getCurrentUserPrincipal() === $node->getOwner();
+ if ($limitSharingToOwner && !$isOwner) {
+ return;
+ }
}
$node->setPublishStatus(true);
@@ -218,7 +230,14 @@ class PublishPlugin extends ServerPlugin {
// If there's no ACL support, we allow everything
if ($acl) {
+ /** @var \Sabre\DAVACL\Plugin $acl */
$acl->checkPrivileges($path, '{DAV:}write');
+
+ $limitSharingToOwner = $this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes';
+ $isOwner = $acl->getCurrentUserPrincipal() === $node->getOwner();
+ if ($limitSharingToOwner && !$isOwner) {
+ return;
+ }
}
$node->setPublishStatus(false);
diff --git a/apps/dav/lib/DAV/Sharing/Plugin.php b/apps/dav/lib/DAV/Sharing/Plugin.php
index f8967a788b9..06bc5b2157f 100644
--- a/apps/dav/lib/DAV/Sharing/Plugin.php
+++ b/apps/dav/lib/DAV/Sharing/Plugin.php
@@ -27,6 +27,7 @@ namespace OCA\DAV\DAV\Sharing;
use OCA\DAV\Connector\Sabre\Auth;
use OCA\DAV\DAV\Sharing\Xml\Invite;
use OCA\DAV\DAV\Sharing\Xml\ShareRequest;
+use OCP\IConfig;
use OCP\IRequest;
use Sabre\DAV\Exception\NotFound;
use Sabre\DAV\INode;
@@ -46,15 +47,20 @@ class Plugin extends ServerPlugin {
/** @var IRequest */
private $request;
+ /** @var IConfig */
+ private $config;
+
/**
* Plugin constructor.
*
* @param Auth $authBackEnd
* @param IRequest $request
+ * @param IConfig $config
*/
- public function __construct(Auth $authBackEnd, IRequest $request) {
+ public function __construct(Auth $authBackEnd, IRequest $request, IConfig $config) {
$this->auth = $authBackEnd;
$this->request = $request;
+ $this->config = $config;
}
/**
@@ -164,6 +170,12 @@ class Plugin extends ServerPlugin {
if ($acl) {
/** @var \Sabre\DAVACL\Plugin $acl */
$acl->checkPrivileges($path, '{DAV:}write');
+
+ $limitSharingToOwner = $this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes';
+ $isOwner = $acl->getCurrentUserPrincipal() === $node->getOwner();
+ if ($limitSharingToOwner && !$isOwner) {
+ return;
+ }
}
$node->updateShares($message->set, $message->remove);
diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php
index e93df5c26df..0484748fc3b 100644
--- a/apps/dav/lib/Server.php
+++ b/apps/dav/lib/Server.php
@@ -161,7 +161,7 @@ class Server {
$this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin());
$this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin());
- $this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest()));
+ $this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest(), \OC::$server->getConfig()));
$this->server->addPlugin(new \OCA\DAV\CalDAV\Publishing\PublishPlugin(
\OC::$server->getConfig(),
\OC::$server->getURLGenerator()
@@ -170,7 +170,7 @@ class Server {
// addressbook plugins
if ($this->requestIsForSubtree(['addressbooks', 'principals'])) {
- $this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest()));
+ $this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest(), \OC::$server->getConfig()));
$this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin());
$this->server->addPlugin(new VCFExportPlugin());
$this->server->addPlugin(new MultiGetExportPlugin());
diff --git a/apps/dav/tests/unit/CardDAV/Sharing/PluginTest.php b/apps/dav/tests/unit/CardDAV/Sharing/PluginTest.php
index 48d9479c999..a7c2eeeadd6 100644
--- a/apps/dav/tests/unit/CardDAV/Sharing/PluginTest.php
+++ b/apps/dav/tests/unit/CardDAV/Sharing/PluginTest.php
@@ -30,6 +30,7 @@ namespace OCA\DAV\Tests\unit\CardDAV\Sharing;
use OCA\DAV\Connector\Sabre\Auth;
use OCA\DAV\DAV\Sharing\IShareable;
use OCA\DAV\DAV\Sharing\Plugin;
+use OCP\IConfig;
use OCP\IRequest;
use Sabre\DAV\Server;
use Sabre\DAV\SimpleCollection;
@@ -55,7 +56,8 @@ class PluginTest extends TestCase {
/** @var IRequest $request */
$request = $this->getMockBuilder(IRequest::class)->disableOriginalConstructor()->getMock();
- $this->plugin = new Plugin($authBackend, $request);
+ $config = $this->createMock(IConfig::class);
+ $this->plugin = new Plugin($authBackend, $request, $config);
$root = new SimpleCollection('root');
$this->server = new \Sabre\DAV\Server($root);
diff --git a/apps/dav/tests/unit/DAV/Sharing/PluginTest.php b/apps/dav/tests/unit/DAV/Sharing/PluginTest.php
index 22fbf737793..79f28483e32 100644
--- a/apps/dav/tests/unit/DAV/Sharing/PluginTest.php
+++ b/apps/dav/tests/unit/DAV/Sharing/PluginTest.php
@@ -30,6 +30,7 @@ namespace OCA\DAV\Tests\unit\DAV\Sharing;
use OCA\DAV\Connector\Sabre\Auth;
use OCA\DAV\DAV\Sharing\IShareable;
use OCA\DAV\DAV\Sharing\Plugin;
+use OCP\IConfig;
use OCP\IRequest;
use Sabre\DAV\Server;
use Sabre\DAV\SimpleCollection;
@@ -55,7 +56,8 @@ class PluginTest extends TestCase {
/** @var IRequest $request */
$request = $this->getMockBuilder(IRequest::class)->disableOriginalConstructor()->getMock();
- $this->plugin = new Plugin($authBackend, $request);
+ $config = $this->createMock(IConfig::class);
+ $this->plugin = new Plugin($authBackend, $request, $config);
$root = new SimpleCollection('root');
$this->server = new \Sabre\DAV\Server($root);