6 files changed, 107 insertions, 21 deletions
diff --git a/apps/dav/lib/CalDAV/BirthdayCalendar/EnablePlugin.php b/apps/dav/lib/CalDAV/BirthdayCalendar/EnablePlugin.php
index b736d9432bd..f7d68e4ec1d 100644
--- a/apps/dav/lib/CalDAV/BirthdayCalendar/EnablePlugin.php
+++ b/apps/dav/lib/CalDAV/BirthdayCalendar/EnablePlugin.php
@@ -27,6 +27,7 @@ namespace OCA\DAV\CalDAV\BirthdayCalendar;
 use OCA\DAV\CalDAV\BirthdayService;
 use OCA\DAV\CalDAV\CalendarHome;
 use OCP\IConfig;
+use OCP\IUser;
 use Sabre\DAV\Server;
 use Sabre\DAV\ServerPlugin;
 use Sabre\HTTP\RequestInterface;
@@ -56,15 +57,20 @@ class EnablePlugin extends ServerPlugin {
 	 */
 	protected $server;
 
+	/** @var IUser */
+	private $user;
+
 	/**
 	 * PublishPlugin constructor.
 	 *
 	 * @param IConfig $config
 	 * @param BirthdayService $birthdayService
+	 * @param IUser $user
 	 */
-	public function __construct(IConfig $config, BirthdayService $birthdayService) {
+	public function __construct(IConfig $config, BirthdayService $birthdayService, IUser $user) {
 		$this->config = $config;
 		$this->birthdayService = $birthdayService;
+		$this->user = $user;
 	}
 
 	/**
@@ -127,11 +133,14 @@ class EnablePlugin extends ServerPlugin {
 			return;
 		}
 
-		$principalUri = $node->getOwner();
-		$userId = substr($principalUri, 17);
+		$owner = substr($node->getOwner(), 17);
+		if($owner !== $this->user->getUID()) {
+			$this->server->httpResponse->setStatus(403);
+			return false;
+		}
 
-		$this->config->setUserValue($userId, 'dav', 'generateBirthdayCalendar', 'yes');
-		$this->birthdayService->syncUser($userId);
+		$this->config->setUserValue($this->user->getUID(), 'dav', 'generateBirthdayCalendar', 'yes');
+		$this->birthdayService->syncUser($this->user->getUID());
 
 		$this->server->httpResponse->setStatus(204);
 
diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php
index 47cb9e3ec36..ba67088aa70 100644
--- a/apps/dav/lib/Server.php
+++ b/apps/dav/lib/Server.php
@@ -327,7 +327,8 @@ class Server {
 				}
 				$this->server->addPlugin(new \OCA\DAV\CalDAV\BirthdayCalendar\EnablePlugin(
 					\OC::$server->getConfig(),
-					\OC::$server->query(BirthdayService::class)
+					\OC::$server->query(BirthdayService::class),
+					$user
 				));
 				$this->server->addPlugin(new AppleProvisioningPlugin(
 					\OC::$server->getUserSession(),
diff --git a/apps/dav/tests/unit/CalDAV/BirthdayCalendar/EnablePluginTest.php b/apps/dav/tests/unit/CalDAV/BirthdayCalendar/EnablePluginTest.php
index ec27dc89aa1..cb89f1bf88c 100644
--- a/apps/dav/tests/unit/CalDAV/BirthdayCalendar/EnablePluginTest.php
+++ b/apps/dav/tests/unit/CalDAV/BirthdayCalendar/EnablePluginTest.php
@@ -31,6 +31,7 @@ use OCA\DAV\CalDAV\BirthdayService;
 use OCA\DAV\CalDAV\Calendar;
 use OCA\DAV\CalDAV\CalendarHome;
 use OCP\IConfig;
+use OCP\IUser;
 use Test\TestCase;
 
 class EnablePluginTest extends TestCase {
@@ -44,6 +45,9 @@ class EnablePluginTest extends TestCase {
 	/** @var BirthdayService |\PHPUnit\Framework\MockObject\MockObject */
 	protected $birthdayService;
 
+	/** @var IUser|\PHPUnit\Framework\MockObject\MockObject  */
+	protected $user;
+
 	/** @var \OCA\DAV\CalDAV\BirthdayCalendar\EnablePlugin $plugin */
 	protected $plugin;
 
@@ -61,8 +65,9 @@ class EnablePluginTest extends TestCase {
 
 		$this->config = $this->createMock(IConfig::class);
 		$this->birthdayService = $this->createMock(BirthdayService::class);
+		$this->user = $this->createMock(IUser::class);
 
-		$this->plugin = new EnablePlugin($this->config, $this->birthdayService);
+		$this->plugin = new EnablePlugin($this->config, $this->birthdayService, $this->user);
 		$this->plugin->initialize($this->server);
 
 		$this->request = $this->createMock(\Sabre\HTTP\RequestInterface::class);
@@ -80,7 +85,7 @@ class EnablePluginTest extends TestCase {
 	public function testInitialize(): void {
 		$server = $this->createMock(\Sabre\DAV\Server::class);
 
-		$plugin = new EnablePlugin($this->config, $this->birthdayService);
+		$plugin = new EnablePlugin($this->config, $this->birthdayService, $this->user);
 
 		$server->expects($this->once())
 			->method('on')
@@ -143,6 +148,55 @@ class EnablePluginTest extends TestCase {
 		$this->plugin->httpPost($this->request, $this->response);
 	}
 
+	public function testHttpPostNotAuthorized(): void {
+		$calendarHome = $this->createMock(CalendarHome::class);
+
+		$this->server->expects($this->once())
+			->method('getRequestUri')
+			->willReturn('/bar/foo');
+		$this->server->tree->expects($this->once())
+			->method('getNodeForPath')
+			->with('/bar/foo')
+			->willReturn($calendarHome);
+
+		$calendarHome->expects($this->once())
+			->method('getOwner')
+			->willReturn('principals/users/BlaBlub');
+
+		$this->request->expects($this->once())
+			->method('getBodyAsString')
+			->willReturn('<nc:enable-birthday-calendar xmlns:nc="http://nextcloud.com/ns"/>');
+
+		$this->request->expects($this->once())
+			->method('getUrl')
+			->willReturn('url_abc');
+
+		$this->server->xml->expects($this->once())
+			->method('parse')
+			->willReturnCallback(function ($requestBody, $url, &$documentType): void {
+				$documentType = '{http://nextcloud.com/ns}enable-birthday-calendar';
+			});
+
+		$this->user->expects(self::once())
+			->method('getUID')
+			->willReturn('admin');
+
+		$this->server->httpResponse->expects($this->once())
+			->method('setStatus')
+			->with(403);
+
+		$this->config->expects($this->never())
+			->method('setUserValue');
+
+		$this->birthdayService->expects($this->never())
+			->method('syncUser');
+
+
+		$result = $this->plugin->httpPost($this->request, $this->response);
+
+		$this->assertEquals(false, $result);
+	}
+
 	public function testHttpPost(): void {
 		$calendarHome = $this->createMock(CalendarHome::class);
 
@@ -172,6 +226,10 @@ class EnablePluginTest extends TestCase {
 				$documentType = '{http://nextcloud.com/ns}enable-birthday-calendar';
 			});
 
+		$this->user->expects(self::exactly(3))
+			->method('getUID')
+			->willReturn('BlaBlub');
+
 		$this->config->expects($this->once())
 			->method('setUserValue')
 			->with('BlaBlub', 'dav', 'generateBirthdayCalendar', 'yes');
diff --git a/apps/files_versions/src/views/VersionTab.vue b/apps/files_versions/src/views/VersionTab.vue
index 4857b8e0ded..178cc3e931a 100644
--- a/apps/files_versions/src/views/VersionTab.vue
+++ b/apps/files_versions/src/views/VersionTab.vue
@@ -39,6 +39,7 @@ import { showError, showSuccess } from '@nextcloud/dialogs'
 import isMobile from '@nextcloud/vue/dist/Mixins/isMobile.js'
 import { fetchVersions, deleteVersion, restoreVersion, setVersionLabel } from '../utils/versions.js'
 import Version from '../components/Version.vue'
+import { emit, subscribe, unsubscribe } from '@nextcloud/event-bus'
 
 export default {
 	name: 'VersionTab',
@@ -57,6 +58,12 @@ export default {
 			loading: false,
 		}
 	},
+	mounted() {
+		subscribe('files_versions:restore:restored', this.fetchVersions)
+	},
+	beforeUnmount() {
+		unsubscribe('files_versions:restore:restored', this.fetchVersions)
+	},
 	computed: {
 		/**
 		 * Order versions by mtime.
@@ -163,6 +170,16 @@ export default {
 				mtime: version.mtime,
 			}
 
+			const restoreStartedEventState = {
+				preventDefault: false,
+				fileInfo: this.fileInfo,
+				version,
+			}
+			emit('files_versions:restore:requested', restoreStartedEventState)
+			if (restoreStartedEventState.preventDefault) {
+				return
+			}
+
 			try {
 				await restoreVersion(version)
 				if (version.label !== '') {
@@ -172,10 +189,11 @@ export default {
 				} else {
 					showSuccess(t('files_versions', 'Version restored'))
 				}
-				await this.fetchVersions()
+				emit('files_versions:restore:restored', version)
 			} catch (exception) {
 				this.fileInfo = oldFileInfo
 				showError(t('files_versions', 'Could not restore version'))
+				emit('files_versions:restore:failed', version)
 			}
 		},
 
diff --git a/apps/theming/src/UserThemes.vue b/apps/theming/src/UserThemes.vue
index 2bc8b5bf0b2..eb2c4d19547 100644
--- a/apps/theming/src/UserThemes.vue
+++ b/apps/theming/src/UserThemes.vue
@@ -51,17 +51,6 @@
 			</div>
 		</NcSettingsSection>
 
-		<NcSettingsSection :name="t('theming', 'Keyboard shortcuts')">
-			<p>{{ t('theming', 'In some cases keyboard shortcuts can interfere with accessibility tools. In order to allow focusing on your tool correctly you can disable all keyboard shortcuts here. This will also disable all available shortcuts in apps.') }}</p>
-			<NcCheckboxRadioSwitch class="theming__preview-toggle"
-				:checked.sync="shortcutsDisabled"
-				name="shortcuts_disabled"
-				type="switch"
-				@change="changeShortcutsDisabled">
-				{{ t('theming', 'Disable all keyboard shortcuts') }}
-			</NcCheckboxRadioSwitch>
-		</NcSettingsSection>
-
 		<NcSettingsSection :name="t('theming', 'Background')"
 			class="background"
 			data-user-theming-background-disabled>
@@ -73,6 +62,17 @@
 				<BackgroundSettings class="background__grid" @update:background="refreshGlobalStyles" />
 			</template>
 		</NcSettingsSection>
+
+		<NcSettingsSection :name="t('theming', 'Keyboard shortcuts')">
+			<p>{{ t('theming', 'In some cases keyboard shortcuts can interfere with accessibility tools. In order to allow focusing on your tool correctly you can disable all keyboard shortcuts here. This will also disable all available shortcuts in apps.') }}</p>
+			<NcCheckboxRadioSwitch class="theming__preview-toggle"
+				:checked.sync="shortcutsDisabled"
+				name="shortcuts_disabled"
+				type="switch"
+				@change="changeShortcutsDisabled">
+				{{ t('theming', 'Disable all keyboard shortcuts') }}
+			</NcCheckboxRadioSwitch>
+		</NcSettingsSection>
 	</section>
 </template>
 
diff --git a/apps/theming/src/components/BackgroundSettings.vue b/apps/theming/src/components/BackgroundSettings.vue
index 68e94b34848..bd7e694cee0 100644
--- a/apps/theming/src/components/BackgroundSettings.vue
+++ b/apps/theming/src/components/BackgroundSettings.vue
@@ -271,7 +271,7 @@ export default {
 		async applyFile(path) {
 			if (!path || typeof path !== 'string' || path.trim().length === 0 || path === '/') {
 				console.error('No valid background have been selected', { path })
-				showError(t('theming', 'No background have been selected'))
+				showError(t('theming', 'No background has been selected'))
 				return
 			}