Skip to content

Commit

Permalink
!fixup don't add ACL for each individual proxy, just use calendar-pro…
Browse files Browse the repository at this point in the history
…xy groups

Signed-off-by: Georg Ehrke <developer@georgehrke.com>
  • Loading branch information
georgehrke committed Aug 14, 2019
1 parent 22ceb71 commit 39bdeb4
Showing 1 changed file with 42 additions and 37 deletions.
79 changes: 42 additions & 37 deletions apps/dav/lib/CalDAV/Calendar.php
Original file line number Diff line number Diff line change
Expand Up @@ -47,9 +47,14 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
/** @var IConfig */
private $config;

/** @var ProxyMapper */
private $proxyMapper;

/**
* Calendar constructor.
*
* @param BackendInterface $caldavBackend
* @param $calendarInfo
* @param IL10N $l10n
* @param IConfig $config
*/
public function __construct(BackendInterface $caldavBackend, $calendarInfo, IL10N $l10n, IConfig $config) {
parent::__construct($caldavBackend, $calendarInfo);

Expand All @@ -62,9 +67,6 @@ public function __construct(BackendInterface $caldavBackend, $calendarInfo, IL10
}

$this->config = $config;

// TODO: proper DI
$this->proxyMapper = \OC::$server->query(ProxyMapper::class);
}

/**
Expand Down Expand Up @@ -126,29 +128,60 @@ public function getPrincipalURI() {
return $this->calendarInfo['principaluri'];
}

/**
* @return array
*/
public function getACL() {
$acl = [
[
'privilege' => '{DAV:}read',
'principal' => $this->getOwner(),
'protected' => true,
]];
],
[
'privilege' => '{DAV:}read',
'principal' => $this->getOwner() . '/calendar-proxy-write',
'protected' => true,
],
[
'privilege' => '{DAV:}read',
'principal' => $this->getOwner() . '/calendar-proxy-read',
'protected' => true,
],
];

if ($this->getName() !== BirthdayService::BIRTHDAY_CALENDAR_URI) {
$acl[] = [
'privilege' => '{DAV:}write',
'principal' => $this->getOwner(),
'protected' => true,
];
$acl[] = [
'privilege' => '{DAV:}write',
'principal' => $this->getOwner() . '/calendar-proxy-write',
'protected' => true,
];
} else {
$acl[] = [
'privilege' => '{DAV:}write-properties',
'principal' => $this->getOwner(),
'protected' => true,
];
$acl[] = [
'privilege' => '{DAV:}write-properties',
'principal' => $this->getOwner() . '/calendar-proxy-read',
'protected' => true,
];
}

$acl[] = [
'privilege' => '{DAV:}write-properties',
'principal' => $this->getOwner() . '/calendar-proxy-read',
'protected' => true,
];

if (!$this->isShared()) {
return $this->addProxies($acl);
return $acl;
}

if ($this->getOwner() !== parent::getOwner()) {
Expand Down Expand Up @@ -181,37 +214,9 @@ public function getACL() {

$acl = $this->caldavBackend->applyShareAcl($this->getResourceId(), $acl);
$allowedPrincipals = [$this->getOwner(), parent::getOwner(), 'principals/system/public'];
$acl = array_filter($acl, function($rule) use ($allowedPrincipals) {
return array_filter($acl, function($rule) use ($allowedPrincipals) {
return \in_array($rule['principal'], $allowedPrincipals, true);
});

$acl = $this->addProxies($acl);

return $acl;
}

public function addProxies(array $acl): array {
list($prefix, $name) = \Sabre\Uri\split($this->getOwner());
$proxies = $this->proxyMapper->getProxiesOf($name);

foreach ($proxies as $proxy) {
if ($proxy->getPermissions() & ProxyMapper::PERMISSION_READ) {
$acl[] = [
'privilege' => '{DAV:}read',
'principal' => 'principals/users/' . $proxy->getProxyId(),
'protected' => true,
];
}
if ($proxy->getPermissions() & ProxyMapper::PERMISSION_WRITE) {
$acl[] = [
'privilege' => '{DAV:}write',
'principal' => 'principals/users/' . $proxy->getProxyId(),
'protected' => true,
];
}
}

return $acl;
}

public function getChildACL() {
Expand Down

0 comments on commit 39bdeb4

Please sign in to comment.