diff options
-rw-r--r-- | apps/dav/lib/caldav/calendar.php | 4 | ||||
-rw-r--r-- | apps/dav/tests/unit/caldav/calendartest.php | 29 |
2 files changed, 29 insertions, 4 deletions
diff --git a/apps/dav/lib/caldav/calendar.php b/apps/dav/lib/caldav/calendar.php index 738b366b08d..f35b7175b97 100644 --- a/apps/dav/lib/caldav/calendar.php +++ b/apps/dav/lib/caldav/calendar.php @@ -106,7 +106,9 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable { } function propPatch(PropPatch $propPatch) { - if (isset($this->calendarInfo['{http://owncloud.org/ns}owner-principal'])) { + $mutations = $propPatch->getMutations(); + // If this is a shared calendar, the user can only change the enabled property, to hide it. + if (isset($this->calendarInfo['{http://owncloud.org/ns}owner-principal']) && (sizeof($mutations) !== 1 || !isset($mutations['{http://owncloud.org/ns}calendar-enabled']))) { throw new Forbidden(); } parent::propPatch($propPatch); diff --git a/apps/dav/tests/unit/caldav/calendartest.php b/apps/dav/tests/unit/caldav/calendartest.php index 4a4de51e60a..c41070ea435 100644 --- a/apps/dav/tests/unit/caldav/calendartest.php +++ b/apps/dav/tests/unit/caldav/calendartest.php @@ -65,10 +65,26 @@ class CalendarTest extends TestCase { $c->delete(); } + public function dataPropPatch() { + return [ + [[], true], + [[ + '{http://owncloud.org/ns}calendar-enabled' => true, + ], false], + [[ + '{DAV:}displayname' => true, + ], true], + [[ + '{DAV:}displayname' => true, + '{http://owncloud.org/ns}calendar-enabled' => true, + ], true], + ]; + } + /** - * @expectedException \Sabre\DAV\Exception\Forbidden + * @dataProvider dataPropPatch */ - public function testPropPatch() { + public function testPropPatch($mutations, $throws) { /** @var \PHPUnit_Framework_MockObject_MockObject | CalDavBackend $backend */ $backend = $this->getMockBuilder('OCA\DAV\CalDAV\CalDavBackend')->disableOriginalConstructor()->getMock(); $calendarInfo = [ @@ -77,6 +93,13 @@ class CalendarTest extends TestCase { 'id' => 666 ]; $c = new Calendar($backend, $calendarInfo); - $c->propPatch(new PropPatch([])); + + if ($throws) { + $this->setExpectedException('\Sabre\DAV\Exception\Forbidden'); + } + $c->propPatch(new PropPatch($mutations)); + if (!$throws) { + $this->assertTrue(true); + } } } |