1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace OCA\DAV\DAV;
use OCP\Federation\ICloudIdManager;
use OCP\Server;
use Sabre\DAVACL\PrincipalBackend\BackendInterface;
class RemoteUserPrincipalBackend implements BackendInterface {
public const PRINCIPAL_PREFIX = 'principals/remote-users';
private readonly ICloudIdManager $cloudIdManager;
public function __construct() {
// TODO: inject
$this->cloudIdManager = Server::get(ICloudIdManager::class);
}
public function getPrincipalsByPrefix($prefixPath) {
// We don't know about all the remote principals on all remote instances
return [];
}
public function getPrincipalByPath($path) {
if (!str_starts_with($path, self::PRINCIPAL_PREFIX . '/')) {
return null;
}
[,, $encodedPrincipal] = explode('/', $path);
[$encodedCloudId, $scope] = explode('|', base64_decode($encodedPrincipal));
try {
$cloudId = $this->cloudIdManager->resolveCloudId($encodedCloudId);
} catch (\InvalidArgumentException $e) {
return null;
}
return [
'uri' => $path,
'{DAV:}displayname' => $cloudId->getDisplayId(),
'{http://nextcloud.com/ns}scope' => $scope,
//'{http://nextcloud.com/ns}federated-by' => $cloudId->getId(),
];
}
public function updatePrincipal($path, \Sabre\DAV\PropPatch $propPatch) {
throw new \Sabre\DAV\Exception('Updating remote user principal is not supported');
}
public function searchPrincipals($prefixPath, array $searchProperties, $test = 'allof') {
return [];
}
public function findByUri($uri, $principalPrefix) {
if (str_starts_with($uri, 'principal:')) {
$principal = substr($uri, strlen('principal:'));
$principal = $this->getPrincipalByPath($principal);
if ($principal !== null) {
return $principal['uri'];
}
}
return null;
}
public function getGroupMemberSet($principal) {
return [];
}
public function getGroupMembership($principal) {
// TODO: for now the group principal has only one member, the user itself
$principal = $this->getPrincipalByPath($principal);
if (!$principal) {
throw new \Sabre\DAV\Exception('Principal not found');
}
return [$principal['uri']];
}
public function setGroupMemberSet($principal, array $members) {
throw new \Sabre\DAV\Exception('Setting members of the group is not supported yet');
}
}
|
