diff options
author | Roeland Jago Douma <rullzer@users.noreply.github.com> | 2020-08-21 09:23:35 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-08-21 09:23:35 +0200 |
commit | cb28b81675897bddf991c930773195504664c05b (patch) | |
tree | 5d7567ecca29965856d987387b51b814ecb94eba /apps/dav | |
parent | 8b5c9a820d7acf72d48263ded4cb6694bb9e1fff (diff) | |
parent | 7f8e43c7a75aa6a48d6b40c8e449b0388fcc7e30 (diff) | |
download | nextcloud-server-cb28b81675897bddf991c930773195504664c05b.tar.gz nextcloud-server-cb28b81675897bddf991c930773195504664c05b.zip |
Merge pull request #22333 from nextcloud/backport/22236/stable19
[stable19] CalDAV: Add ability to limit sharing to owner
Diffstat (limited to 'apps/dav')
-rw-r--r-- | apps/dav/lib/CalDAV/Publishing/PublishPlugin.php | 21 | ||||
-rw-r--r-- | apps/dav/lib/DAV/Sharing/Plugin.php | 14 | ||||
-rw-r--r-- | apps/dav/lib/Server.php | 4 | ||||
-rw-r--r-- | apps/dav/tests/unit/CardDAV/Sharing/PluginTest.php | 4 | ||||
-rw-r--r-- | apps/dav/tests/unit/DAV/Sharing/PluginTest.php | 4 |
5 files changed, 41 insertions, 6 deletions
diff --git a/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php b/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php index eee651647cb..f34baffd784 100644 --- a/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php +++ b/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php @@ -133,7 +133,12 @@ class PublishPlugin extends ServerPlugin { $canShare = (!$node->isSubscription() && $node->canWrite()); $canPublish = (!$node->isSubscription() && $node->canWrite()); - return new AllowedSharingModes($canShare, $canPublish); + if ($this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes') { + $canShare &= ($node->getOwner() === $node->getPrincipalURI()); + $canPublish &= ($node->getOwner() === $node->getPrincipalURI()); + } + + return new AllowedSharingModes((bool)$canShare, (bool)$canPublish); }); } } @@ -190,7 +195,14 @@ class PublishPlugin extends ServerPlugin { // If there's no ACL support, we allow everything if ($acl) { + /** @var \Sabre\DAVACL\Plugin $acl */ $acl->checkPrivileges($path, '{DAV:}write'); + + $limitSharingToOwner = $this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes'; + $isOwner = $acl->getCurrentUserPrincipal() === $node->getOwner(); + if ($limitSharingToOwner && !$isOwner) { + return; + } } $node->setPublishStatus(true); @@ -218,7 +230,14 @@ class PublishPlugin extends ServerPlugin { // If there's no ACL support, we allow everything if ($acl) { + /** @var \Sabre\DAVACL\Plugin $acl */ $acl->checkPrivileges($path, '{DAV:}write'); + + $limitSharingToOwner = $this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes'; + $isOwner = $acl->getCurrentUserPrincipal() === $node->getOwner(); + if ($limitSharingToOwner && !$isOwner) { + return; + } } $node->setPublishStatus(false); diff --git a/apps/dav/lib/DAV/Sharing/Plugin.php b/apps/dav/lib/DAV/Sharing/Plugin.php index f8967a788b9..06bc5b2157f 100644 --- a/apps/dav/lib/DAV/Sharing/Plugin.php +++ b/apps/dav/lib/DAV/Sharing/Plugin.php @@ -27,6 +27,7 @@ namespace OCA\DAV\DAV\Sharing; use OCA\DAV\Connector\Sabre\Auth; use OCA\DAV\DAV\Sharing\Xml\Invite; use OCA\DAV\DAV\Sharing\Xml\ShareRequest; +use OCP\IConfig; use OCP\IRequest; use Sabre\DAV\Exception\NotFound; use Sabre\DAV\INode; @@ -46,15 +47,20 @@ class Plugin extends ServerPlugin { /** @var IRequest */ private $request; + /** @var IConfig */ + private $config; + /** * Plugin constructor. * * @param Auth $authBackEnd * @param IRequest $request + * @param IConfig $config */ - public function __construct(Auth $authBackEnd, IRequest $request) { + public function __construct(Auth $authBackEnd, IRequest $request, IConfig $config) { $this->auth = $authBackEnd; $this->request = $request; + $this->config = $config; } /** @@ -164,6 +170,12 @@ class Plugin extends ServerPlugin { if ($acl) { /** @var \Sabre\DAVACL\Plugin $acl */ $acl->checkPrivileges($path, '{DAV:}write'); + + $limitSharingToOwner = $this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes'; + $isOwner = $acl->getCurrentUserPrincipal() === $node->getOwner(); + if ($limitSharingToOwner && !$isOwner) { + return; + } } $node->updateShares($message->set, $message->remove); diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php index e93df5c26df..0484748fc3b 100644 --- a/apps/dav/lib/Server.php +++ b/apps/dav/lib/Server.php @@ -161,7 +161,7 @@ class Server { $this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin()); $this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin()); - $this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest())); + $this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest(), \OC::$server->getConfig())); $this->server->addPlugin(new \OCA\DAV\CalDAV\Publishing\PublishPlugin( \OC::$server->getConfig(), \OC::$server->getURLGenerator() @@ -170,7 +170,7 @@ class Server { // addressbook plugins if ($this->requestIsForSubtree(['addressbooks', 'principals'])) { - $this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest())); + $this->server->addPlugin(new DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest(), \OC::$server->getConfig())); $this->server->addPlugin(new \OCA\DAV\CardDAV\Plugin()); $this->server->addPlugin(new VCFExportPlugin()); $this->server->addPlugin(new MultiGetExportPlugin()); diff --git a/apps/dav/tests/unit/CardDAV/Sharing/PluginTest.php b/apps/dav/tests/unit/CardDAV/Sharing/PluginTest.php index 48d9479c999..a7c2eeeadd6 100644 --- a/apps/dav/tests/unit/CardDAV/Sharing/PluginTest.php +++ b/apps/dav/tests/unit/CardDAV/Sharing/PluginTest.php @@ -30,6 +30,7 @@ namespace OCA\DAV\Tests\unit\CardDAV\Sharing; use OCA\DAV\Connector\Sabre\Auth; use OCA\DAV\DAV\Sharing\IShareable; use OCA\DAV\DAV\Sharing\Plugin; +use OCP\IConfig; use OCP\IRequest; use Sabre\DAV\Server; use Sabre\DAV\SimpleCollection; @@ -55,7 +56,8 @@ class PluginTest extends TestCase { /** @var IRequest $request */ $request = $this->getMockBuilder(IRequest::class)->disableOriginalConstructor()->getMock(); - $this->plugin = new Plugin($authBackend, $request); + $config = $this->createMock(IConfig::class); + $this->plugin = new Plugin($authBackend, $request, $config); $root = new SimpleCollection('root'); $this->server = new \Sabre\DAV\Server($root); diff --git a/apps/dav/tests/unit/DAV/Sharing/PluginTest.php b/apps/dav/tests/unit/DAV/Sharing/PluginTest.php index 22fbf737793..79f28483e32 100644 --- a/apps/dav/tests/unit/DAV/Sharing/PluginTest.php +++ b/apps/dav/tests/unit/DAV/Sharing/PluginTest.php @@ -30,6 +30,7 @@ namespace OCA\DAV\Tests\unit\DAV\Sharing; use OCA\DAV\Connector\Sabre\Auth; use OCA\DAV\DAV\Sharing\IShareable; use OCA\DAV\DAV\Sharing\Plugin; +use OCP\IConfig; use OCP\IRequest; use Sabre\DAV\Server; use Sabre\DAV\SimpleCollection; @@ -55,7 +56,8 @@ class PluginTest extends TestCase { /** @var IRequest $request */ $request = $this->getMockBuilder(IRequest::class)->disableOriginalConstructor()->getMock(); - $this->plugin = new Plugin($authBackend, $request); + $config = $this->createMock(IConfig::class); + $this->plugin = new Plugin($authBackend, $request, $config); $root = new SimpleCollection('root'); $this->server = new \Sabre\DAV\Server($root); |