enh(sharing): enable unsharing for sharees for DAV shares (calendars,…

… address books) Signed-off-by: Anna Larch <anna@nextcloud.com>
nextcloud · Jan 25, 2024 · 3131714 · 3131714
1 parent cb43fca
commit 3131714
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 21 deletions.
diff --git a/apps/dav/lib/CalDAV/Calendar.php b/apps/dav/lib/CalDAV/Calendar.php
@@ -236,14 +236,6 @@ public function delete() {
 		if (isset($this->calendarInfo['{http://owncloud.org/ns}owner-principal']) &&
 			$this->calendarInfo['{http://owncloud.org/ns}owner-principal'] !== $this->calendarInfo['principaluri']) {
 			$principal = 'principal:' . parent::getOwner();
-			$shares = $this->caldavBackend->getShares($this->getResourceId());
-			$shares = array_filter($shares, function ($share) use ($principal) {
-				return $share['href'] === $principal;
-			});
-			if (empty($shares)) {
-				throw new Forbidden();
-			}
-
 			$this->caldavBackend->updateShares($this, [], [
 				$principal
 			]);

diff --git a/apps/dav/lib/Connector/Sabre/DavAclPlugin.php b/apps/dav/lib/Connector/Sabre/DavAclPlugin.php
@@ -26,6 +26,7 @@
  */
 namespace OCA\DAV\Connector\Sabre;
 
+use OCA\DAV\CalDAV\Calendar;
 use OCA\DAV\CardDAV\AddressBook;
 use Sabre\CalDAV\Principal\User;
 use Sabre\DAV\Exception\NotFound;
@@ -58,6 +59,9 @@ public function checkPrivileges($uri, $privileges, $recursion = self::R_PARENT,
 				case AddressBook::class:
 					$type = 'Addressbook';
 					break;
+				case Calendar::class:
+					$type = 'Calendar';
+					break;
 				default:
 					$type = 'Node';
 					break;

diff --git a/apps/dav/lib/DAV/Sharing/Backend.php b/apps/dav/lib/DAV/Sharing/Backend.php
@@ -48,6 +48,8 @@ class Backend {
 	public const ACCESS_OWNER = 1;
 	public const ACCESS_READ_WRITE = 2;
 	public const ACCESS_READ = 3;
+	// 4 is already in use for public calendars
+	public const UNSHARE_USER = 5;
 
 	private CappedMemoryCache $shareCache;
 
@@ -160,11 +162,13 @@ private function unshare(IShareable $shareable, string $element): void {
 		}
 
 		$query = $this->db->getQueryBuilder();
-		$query->delete('dav_shares')
-			->where($query->expr()->eq('resourceid', $query->createNamedParameter($shareable->getResourceId())))
-			->andWhere($query->expr()->eq('type', $query->createNamedParameter($this->resourceType)))
-			->andWhere($query->expr()->eq('principaluri', $query->createNamedParameter($parts[1])))
-		;
+		$query->insert('dav_shares')
+			->values([
+				'principaluri' => $query->createNamedParameter($parts[1]),
+				'type' => $query->createNamedParameter($this->resourceType),
+				'access' => $query->createNamedParameter(self::UNSHARE_USER),
+				'resourceid' => $query->createNamedParameter($shareable->getResourceId())
+			]);
 		$query->executeStatement();
 	}
 
@@ -181,26 +185,29 @@ private function unshare(IShareable $shareable, string $element): void {
 	 * @return list<array{href: string, commonName: string, status: int, readOnly: bool, '{http://owncloud.org/ns}principal': string, '{http://owncloud.org/ns}group-share': bool}>
 	 */
 	public function getShares(int $resourceId): array {
-		$cached = $this->shareCache->get($resourceId);
-		if ($cached) {
-			return $cached;
-		}
+		//		$cached = $this->shareCache->get($resourceId);
+		//		if ($cached) {
+		//			return $cached;
+		//		}
 		$query = $this->db->getQueryBuilder();
-		$result = $query->select(['principaluri', 'access'])
+		$result = $query->select(['principaluri', 'access', 'resourceid'])
 			->from('dav_shares')
 			->where($query->expr()->eq('resourceid', $query->createNamedParameter($resourceId, IQueryBuilder::PARAM_INT)))
 			->andWhere($query->expr()->eq('type', $query->createNamedParameter($this->resourceType)))
-			->groupBy(['principaluri', 'access'])
+			->groupBy(['principaluri', 'access', 'resourceid'])
 			->executeQuery();
 
 		$shares = [];
-		while ($row = $result->fetch()) {
+		$rows = $result->fetchAll();
+		foreach($rows as $row) {
 			$p = $this->principalBackend->getPrincipalByPath($row['principaluri']);
 			$shares[] = [
+				'resourceid' => $row['resourceid'],
 				'href' => "principal:{$row['principaluri']}",
 				'commonName' => isset($p['{DAV:}displayname']) ? (string)$p['{DAV:}displayname'] : '',
 				'status' => 1,
 				'readOnly' => (int) $row['access'] === self::ACCESS_READ,
+				'access' => (int) $row['access'],
 				'{http://owncloud.org/ns}principal' => (string)$row['principaluri'],
 				'{http://owncloud.org/ns}group-share' => isset($p['uri']) ? str_starts_with($p['uri'], 'principals/groups') : false
 			];
@@ -254,6 +261,9 @@ public function preloadShares(array $resourceIds): void {
 	public function applyShareAcl(int $resourceId, array $acl): array {
 		$shares = $this->getShares($resourceId);
 		foreach ($shares as $share) {
+			if($share['access'] === self::UNSHARE_USER) {
+				continue;
+			}
 			$acl[] = [
 				'privilege' => '{DAV:}read',
 				'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
@@ -275,6 +285,19 @@ public function applyShareAcl(int $resourceId, array $acl): array {
 				];
 			}
 		}
-		return $acl;
+
+		$principalsToRemove = array_map(function (array $unshare) {
+			return $unshare['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'];
+		}, array_filter($shares, function (array $share) {
+			return $share['access'] === self::UNSHARE_USER;
+		}));
+
+		$toRemove = array_filter(array_map(function ($entry) use ($principalsToRemove) {
+			if(in_array($entry['principal'], $principalsToRemove)) {
+				return $entry;
+			}
+		}, $acl));
+
+		return array_diff_key($acl, $toRemove);
 	}
 }