summaryrefslogtreecommitdiffstats
path: root/apps
diff options
context:
space:
mode:
authorGeorg Ehrke <developer@georgehrke.com>2017-10-21 11:19:01 +0200
committerGeorg Ehrke <developer@georgehrke.com>2017-11-11 02:15:56 +0100
commitd59b3392abf021d0289b5b2ea1a67bc99e8d89da (patch)
tree95a408cf05f962399945830a9053de5f58768d42 /apps
parent1c106a66b1b287eec177204b71c40ed00a450268 (diff)
downloadnextcloud-server-d59b3392abf021d0289b5b2ea1a67bc99e8d89da.tar.gz
nextcloud-server-d59b3392abf021d0289b5b2ea1a67bc99e8d89da.zip
disallow users to create calendars with reserved names
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
Diffstat (limited to 'apps')
-rw-r--r--apps/dav/lib/CalDAV/CalendarHome.php15
-rw-r--r--apps/dav/tests/unit/CalDAV/CalendarHomeTest.php81
2 files changed, 96 insertions, 0 deletions
diff --git a/apps/dav/lib/CalDAV/CalendarHome.php b/apps/dav/lib/CalDAV/CalendarHome.php
index c1988c7493e..3e645db459f 100644
--- a/apps/dav/lib/CalDAV/CalendarHome.php
+++ b/apps/dav/lib/CalDAV/CalendarHome.php
@@ -32,6 +32,8 @@ use Sabre\CalDAV\Schedule\Inbox;
use Sabre\CalDAV\Schedule\Outbox;
use Sabre\CalDAV\Subscriptions\Subscription;
use Sabre\DAV\Exception\NotFound;
+use Sabre\DAV\Exception\MethodNotAllowed;
+use Sabre\DAV\MkCol;
class CalendarHome extends \Sabre\CalDAV\CalendarHome {
@@ -57,6 +59,19 @@ class CalendarHome extends \Sabre\CalDAV\CalendarHome {
/**
* @inheritdoc
*/
+ function createExtendedCollection($name, MkCol $mkCol) {
+ $reservedNames = [BirthdayService::BIRTHDAY_CALENDAR_URI];
+
+ if (in_array($name, $reservedNames)) {
+ throw new MethodNotAllowed('The resource you tried to create has a reserved name');
+ }
+
+ parent::createExtendedCollection($name, $mkCol);
+ }
+
+ /**
+ * @inheritdoc
+ */
function getChildren() {
$calendars = $this->caldavBackend->getCalendarsForUser($this->principalInfo['uri']);
$objects = [];
diff --git a/apps/dav/tests/unit/CalDAV/CalendarHomeTest.php b/apps/dav/tests/unit/CalDAV/CalendarHomeTest.php
new file mode 100644
index 00000000000..a7981cfa159
--- /dev/null
+++ b/apps/dav/tests/unit/CalDAV/CalendarHomeTest.php
@@ -0,0 +1,81 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @copyright Copyright (c) 2017, Georg Ehrke
+ *
+ * @author Georg Ehrke <oc.list@georgehrke.com>
+ *
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program. If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OCA\DAV\Tests\unit\CalDAV;
+
+use OCA\DAV\CalDAV\CalDavBackend;
+use OCA\DAV\CalDAV\CalendarHome;
+use Sabre\DAV\MkCol;
+use Test\TestCase;
+
+class CalendarHomeTest extends TestCase {
+
+ /** @var CalDavBackend | \PHPUnit_Framework_MockObject_MockObject */
+ private $backend;
+
+ /** @var array */
+ private $principalInfo = [];
+
+ /** @var CalendarHome */
+ private $calendarHome;
+
+ protected function setUp() {
+ parent::setUp();
+
+ $this->backend = $this->createMock(CalDavBackend::class);
+ $this->principalInfo = [
+ 'uri' => 'user-principal-123',
+ ];
+
+ $this->calendarHome = new CalendarHome($this->backend,
+ $this->principalInfo);
+ }
+
+ public function testCreateCalendarValidName() {
+ /** @var MkCol | \PHPUnit_Framework_MockObject_MockObject $mkCol */
+ $mkCol = $this->createMock(MkCol::class);
+
+ $mkCol->method('getResourceType')
+ ->will($this->returnValue(['{DAV:}collection',
+ '{urn:ietf:params:xml:ns:caldav}calendar']));
+ $mkCol->method('getRemainingValues')
+ ->will($this->returnValue(['... properties ...']));
+
+ $this->backend->expects($this->once())
+ ->method('createCalendar')
+ ->with('user-principal-123', 'name123', ['... properties ...']);
+
+ $this->calendarHome->createExtendedCollection('name123', $mkCol);
+ }
+
+ /**
+ * @expectedException \Sabre\DAV\Exception\MethodNotAllowed
+ * @expectedExceptionMessage The resource you tried to create has a reserved name
+ */
+ public function testCreateCalendarReservedName() {
+ /** @var MkCol | \PHPUnit_Framework_MockObject_MockObject $mkCol */
+ $mkCol = $this->createMock(MkCol::class);
+
+ $this->calendarHome->createExtendedCollection('contact_birthdays', $mkCol);
+ }
+}