aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--apps/dav/appinfo/v1/caldav.php1
-rw-r--r--apps/dav/appinfo/v1/carddav.php1
-rw-r--r--apps/dav/lib/Connector/LegacyDAVACL.php3
-rw-r--r--apps/dav/lib/Connector/Sabre/DavAclPlugin.php17
-rw-r--r--build/integration/features/bootstrap/CalDavContext.php11
-rw-r--r--build/integration/features/bootstrap/CardDavContext.php12
-rw-r--r--build/integration/features/caldav.feature55
-rw-r--r--build/integration/features/carddav.feature21
8 files changed, 90 insertions, 31 deletions
diff --git a/apps/dav/appinfo/v1/caldav.php b/apps/dav/appinfo/v1/caldav.php
index f524c47a821..7f2ff2b37da 100644
--- a/apps/dav/appinfo/v1/caldav.php
+++ b/apps/dav/appinfo/v1/caldav.php
@@ -67,6 +67,7 @@ $nodes = array(
// Fire up server
$server = new \Sabre\DAV\Server($nodes);
+$server::$exposeVersion = false;
$server->httpRequest->setUrl(\OC::$server->getRequest()->getRequestUri());
$server->setBaseUri($baseuri);
diff --git a/apps/dav/appinfo/v1/carddav.php b/apps/dav/appinfo/v1/carddav.php
index b70045d420b..04344e83fde 100644
--- a/apps/dav/appinfo/v1/carddav.php
+++ b/apps/dav/appinfo/v1/carddav.php
@@ -66,6 +66,7 @@ $nodes = array(
// Fire up server
$server = new \Sabre\DAV\Server($nodes);
+$server::$exposeVersion = false;
$server->httpRequest->setUrl(\OC::$server->getRequest()->getRequestUri());
$server->setBaseUri($baseuri);
// Add plugins
diff --git a/apps/dav/lib/Connector/LegacyDAVACL.php b/apps/dav/lib/Connector/LegacyDAVACL.php
index d5185ecd03b..46cbb504cce 100644
--- a/apps/dav/lib/Connector/LegacyDAVACL.php
+++ b/apps/dav/lib/Connector/LegacyDAVACL.php
@@ -67,6 +67,7 @@ class LegacyDAVACL extends DavAclPlugin {
return new Principal(Principal::UNAUTHENTICATED);
}
});
- parent::propFind($propFind, $node);
+
+ return parent::propFind($propFind, $node);
}
}
diff --git a/apps/dav/lib/Connector/Sabre/DavAclPlugin.php b/apps/dav/lib/Connector/Sabre/DavAclPlugin.php
index 244394ec6fc..427a3756019 100644
--- a/apps/dav/lib/Connector/Sabre/DavAclPlugin.php
+++ b/apps/dav/lib/Connector/Sabre/DavAclPlugin.php
@@ -23,6 +23,7 @@
namespace OCA\DAV\Connector\Sabre;
+use Sabre\CalDAV\Principal\User;
use Sabre\DAV\Exception\NotFound;
use Sabre\DAV\IFile;
use Sabre\DAV\INode;
@@ -72,4 +73,20 @@ class DavAclPlugin extends \Sabre\DAVACL\Plugin {
return $access;
}
+
+ public function propFind(PropFind $propFind, INode $node) {
+ // If the node is neither readable nor writable then fail unless its of
+ // the standard user-principal
+ if(!($node instanceof User)) {
+ $path = $propFind->getPath();
+ $readPermissions = $this->checkPrivileges($path, '{DAV:}read', self::R_PARENT, false);
+ $writePermissions = $this->checkPrivileges($path, '{DAV:}write', self::R_PARENT, false);
+ if ($readPermissions === false && $writePermissions === false) {
+ $this->checkPrivileges($path, '{DAV:}read', self::R_PARENT, true);
+ $this->checkPrivileges($path, '{DAV:}write', self::R_PARENT, true);
+ }
+ }
+
+ return parent::propFind($propFind, $node);
+ }
}
diff --git a/build/integration/features/bootstrap/CalDavContext.php b/build/integration/features/bootstrap/CalDavContext.php
index 5db56f0fe7a..cae0089875f 100644
--- a/build/integration/features/bootstrap/CalDavContext.php
+++ b/build/integration/features/bootstrap/CalDavContext.php
@@ -72,16 +72,18 @@ class CalDavContext implements \Behat\Behat\Context\Context {
}
/**
- * @When :user requests calendar :calendar
+ * @When :user requests calendar :calendar on the endpoint :endpoint
* @param string $user
* @param string $calendar
+ * @param string $endpoint
*/
- public function requestsCalendar($user, $calendar) {
- $davUrl = $this->baseUrl . '/remote.php/dav/calendars/'.$calendar;
+ public function requestsCalendar($user, $calendar, $endpoint) {
+ $davUrl = $this->baseUrl . $endpoint . $calendar;
$password = ($user === 'admin') ? 'admin' : '123456';
try {
- $this->response = $this->client->get(
+ $request = $this->client->createRequest(
+ 'PROPFIND',
$davUrl,
[
'auth' => [
@@ -90,6 +92,7 @@ class CalDavContext implements \Behat\Behat\Context\Context {
]
]
);
+ $this->response = $this->client->send($request);
} catch (\GuzzleHttp\Exception\ClientException $e) {
$this->response = $e->getResponse();
}
diff --git a/build/integration/features/bootstrap/CardDavContext.php b/build/integration/features/bootstrap/CardDavContext.php
index 4ee882cc2e6..2dce688ab85 100644
--- a/build/integration/features/bootstrap/CardDavContext.php
+++ b/build/integration/features/bootstrap/CardDavContext.php
@@ -72,20 +72,21 @@ class CardDavContext implements \Behat\Behat\Context\Context {
} catch (\GuzzleHttp\Exception\ClientException $e) {}
}
-
/**
- * @When :user requests addressbook :addressBook with statuscode :statusCode
+ * @When :user requests addressbook :addressBook with statuscode :statusCode on the endpoint :endpoint
* @param string $user
* @param string $addressBook
* @param int $statusCode
+ * @param string $endpoint
* @throws \Exception
*/
- public function requestsAddressbookWithStatuscode($user, $addressBook, $statusCode) {
- $davUrl = $this->baseUrl . '/remote.php/dav/addressbooks/users/'.$addressBook;
+ public function requestsAddressbookWithStatuscodeOnTheEndpoint($user, $addressBook, $statusCode, $endpoint) {
+ $davUrl = $this->baseUrl . $endpoint . $addressBook;
$password = ($user === 'admin') ? 'admin' : '123456';
try {
- $this->response = $this->client->get(
+ $request = $this->client->createRequest(
+ 'PROPFIND',
$davUrl,
[
'auth' => [
@@ -94,6 +95,7 @@ class CardDavContext implements \Behat\Behat\Context\Context {
],
]
);
+ $this->response = $this->client->send($request);
} catch (\GuzzleHttp\Exception\ClientException $e) {
$this->response = $e->getResponse();
}
diff --git a/build/integration/features/caldav.feature b/build/integration/features/caldav.feature
index 948151485db..5c3983fc40b 100644
--- a/build/integration/features/caldav.feature
+++ b/build/integration/features/caldav.feature
@@ -1,31 +1,52 @@
Feature: caldav
Scenario: Accessing a not existing calendar of another user
Given user "user0" exists
- When "admin" requests calendar "user0/MyCalendar"
+ When "admin" requests calendar "user0/MyCalendar" on the endpoint "/remote.php/dav/calendars/"
Then The CalDAV HTTP status code should be "404"
And The exception is "Sabre\DAV\Exception\NotFound"
And The error message is "Node with name 'MyCalendar' could not be found"
- # Blocked by https://github.com/php/php-src/pull/1417
- #Scenario: Accessing a not shared calendar of another user
- # Given user "user0" exists
- # Given "admin" creates a calendar named "MyCalendar"
- # Given The CalDAV HTTP status code should be "201"
- # When "user0" requests calendar "admin/MyCalendar"
- # Then The CalDAV HTTP status code should be "404"
- # And The exception is "Sabre\DAV\Exception\NotFound"
- # And The error message is "Node with name 'MyCalendar' could not be found"
+ Scenario: Accessing a not shared calendar of another user
+ Given user "user0" exists
+ Given "admin" creates a calendar named "MyCalendar"
+ Given The CalDAV HTTP status code should be "201"
+ When "user0" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/dav/calendars/"
+ Then The CalDAV HTTP status code should be "404"
+ And The exception is "Sabre\DAV\Exception\NotFound"
+ And The error message is "Node with name 'MyCalendar' could not be found"
+
+ Scenario: Accessing a not shared calendar of another user via the legacy endpoint
+ Given user "user0" exists
+ Given "admin" creates a calendar named "MyCalendar"
+ Given The CalDAV HTTP status code should be "201"
+ When "user0" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/caldav/calendars/"
+ Then The CalDAV HTTP status code should be "404"
+ And The exception is "Sabre\DAV\Exception\NotFound"
+ And The error message is "Node with name 'MyCalendar' could not be found"
+
+ Scenario: Accessing a not existing calendar of another user
+ Given user "user0" exists
+ When "user0" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/dav/calendars/"
+ Then The CalDAV HTTP status code should be "404"
+ And The exception is "Sabre\DAV\Exception\NotFound"
+ And The error message is "Node with name 'MyCalendar' could not be found"
+
+ Scenario: Accessing a not existing calendar of another user via the legacy endpoint
+ Given user "user0" exists
+ When "user0" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/caldav/calendars/"
+ Then The CalDAV HTTP status code should be "404"
+ And The exception is "Sabre\DAV\Exception\NotFound"
+ And The error message is "Node with name 'MyCalendar' could not be found"
Scenario: Accessing a not existing calendar of myself
Given user "user0" exists
- When "user0" requests calendar "admin/MyCalendar"
+ When "user0" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/dav/calendars/"
Then The CalDAV HTTP status code should be "404"
And The exception is "Sabre\DAV\Exception\NotFound"
And The error message is "Node with name 'MyCalendar' could not be found"
- # Blocked by https://github.com/php/php-src/pull/1417
- #Scenario: Creating a new calendar
- # When "admin" creates a calendar named "MyCalendar"
- # Then The CalDAV HTTP status code should be "201"
- # And "admin" requests calendar "admin/MyCalendar"
- # Then The CalDAV HTTP status code should be "200"
+ Scenario: Creating a new calendar
+ When "admin" creates a calendar named "MyCalendar"
+ Then The CalDAV HTTP status code should be "201"
+ And "admin" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/dav/calendars/"
+ Then The CalDAV HTTP status code should be "207"
diff --git a/build/integration/features/carddav.feature b/build/integration/features/carddav.feature
index 4fbe403c7db..9432130066e 100644
--- a/build/integration/features/carddav.feature
+++ b/build/integration/features/carddav.feature
@@ -1,26 +1,39 @@
Feature: carddav
Scenario: Accessing a not existing addressbook of another user
Given user "user0" exists
- When "admin" requests addressbook "user0/MyAddressbook" with statuscode "404"
+ When "admin" requests addressbook "user0/MyAddressbook" with statuscode "404" on the endpoint "/remote.php/dav/addressbooks/users/"
And The CardDAV exception is "Sabre\DAV\Exception\NotFound"
And The CardDAV error message is "Addressbook with name 'MyAddressbook' could not be found"
Scenario: Accessing a not shared addressbook of another user
Given user "user0" exists
Given "admin" creates an addressbook named "MyAddressbook" with statuscode "201"
- When "user0" requests addressbook "admin/MyAddressbook" with statuscode "404"
+ When "user0" requests addressbook "admin/MyAddressbook" with statuscode "404" on the endpoint "/remote.php/dav/addressbooks/users/"
+ And The CardDAV exception is "Sabre\DAV\Exception\NotFound"
+ And The CardDAV error message is "Addressbook with name 'MyAddressbook' could not be found"
+
+ Scenario: Accessing a not existing addressbook of another user via legacy endpoint
+ Given user "user0" exists
+ When "admin" requests addressbook "user0/MyAddressbook" with statuscode "404" on the endpoint "/remote.php/carddav/addressbooks/"
+ And The CardDAV exception is "Sabre\DAV\Exception\NotFound"
+ And The CardDAV error message is "Addressbook with name 'MyAddressbook' could not be found"
+
+ Scenario: Accessing a not shared addressbook of another user via legacy endpoint
+ Given user "user0" exists
+ Given "admin" creates an addressbook named "MyAddressbook" with statuscode "201"
+ When "user0" requests addressbook "admin/MyAddressbook" with statuscode "404" on the endpoint "/remote.php/carddav/addressbooks/"
And The CardDAV exception is "Sabre\DAV\Exception\NotFound"
And The CardDAV error message is "Addressbook with name 'MyAddressbook' could not be found"
Scenario: Accessing a not existing addressbook of myself
Given user "user0" exists
- When "user0" requests addressbook "admin/MyAddressbook" with statuscode "404"
+ When "user0" requests addressbook "admin/MyAddressbook" with statuscode "404" on the endpoint "/remote.php/dav/addressbooks/users/"
And The CardDAV exception is "Sabre\DAV\Exception\NotFound"
And The CardDAV error message is "Addressbook with name 'MyAddressbook' could not be found"
Scenario: Creating a new addressbook
When "admin" creates an addressbook named "MyAddressbook" with statuscode "201"
- Then "admin" requests addressbook "admin/MyAddressbook" with statuscode "200"
+ Then "admin" requests addressbook "admin/MyAddressbook" with statuscode "207" on the endpoint "/remote.php/dav/addressbooks/users/"
Scenario: Accessing ones own contact
Given "admin" creates an addressbook named "MyAddressbook" with statuscode "201"