Skip to content

Commit

Permalink
Fix ACLs on shared calendars
Browse files Browse the repository at this point in the history
  • Loading branch information
@DeepDiver1975
DeepDiver1975 committed Jan 28, 2016
1 parent 0b265e5 commit 16b682a
Show file tree
Hide file tree
Showing 4 changed files with 60 additions and 19 deletions.
3 changes: 2 additions & 1 deletion apps/dav/lib/caldav/caldavbackend.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -203,6 +203,7 @@ function getCalendarsForUser($principalUri) {
list(, $name) = URLUtil::splitPath($row['principaluri']);
$uri = $row['uri'] . '_shared_by_' . $name;
$row['displayname'] = $row['displayname'] . "($name)";
$readOnly = ($row['access'] == Backend::ACCESS_READ);
$components = [];
if ($row['components']) {
$components = explode(',',$row['components']);
Expand All @@ -216,7 +217,7 @@ function getCalendarsForUser($principalUri) {
'{' . Plugin::NS_CALDAV . '}supported-calendar-component-set' => new SupportedCalendarComponentSet($components),
'{' . Plugin::NS_CALDAV . '}schedule-calendar-transp' => new ScheduleCalendarTransp($row['transparent']?'transparent':'opaque'),
'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal' => $row['principaluri'],
'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only' => $row['access'] === Backend::ACCESS_READ,
'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only' => $readOnly,
];

foreach($this->propertyMap as $xmlName=>$dbName) {
Expand Down
17 changes: 0 additions & 17 deletions apps/dav/lib/caldav/calendar.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,23 +58,6 @@ public function getResourceId() {
function getACL() {
$acl = parent::getACL();

// add the current user
if (isset($this->calendarInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal'])) {
$owner = $this->calendarInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal'];
$acl[] = [
'privilege' => '{DAV:}read',
'principal' => $owner,
'protected' => true,
];
if ($this->calendarInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only']) {
$acl[] = [
'privilege' => '{DAV:}write',
'principal' => $owner,
'protected' => true,
];
}
}

/** @var CalDavBackend $caldavBackend */
$caldavBackend = $this->caldavBackend;
return $caldavBackend->applyShareAcl($this->getResourceId(), $acl);
Expand Down
2 changes: 1 addition & 1 deletion apps/dav/lib/dav/sharing/backend.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,7 +136,7 @@ public function getShares($resourceId) {
'href' => "principal:${row['principaluri']}",
// 'commonName' => isset($p['{DAV:}displayname']) ? $p['{DAV:}displayname'] : '',
'status' => 1,
'readOnly' => ($row['access'] === self::ACCESS_READ),
'readOnly' => ($row['access'] == self::ACCESS_READ),
'{'.\OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD.'}principal' => $row['principaluri']
];
}
Expand Down
57 changes: 57 additions & 0 deletions apps/dav/tests/unit/caldav/caldavbackendtest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,13 +117,50 @@ public function testCalendarSharing() {
$this->backend->updateShares($calendar, [
[
'href' => 'principal:' . self::UNIT_TEST_USER1,
'readOnly' => false
],
[
'href' => 'principal:' . self::UNIT_TEST_GROUP,
'readOnly' => false
]
], []);
$books = $this->backend->getCalendarsForUser(self::UNIT_TEST_USER1);
$this->assertEquals(1, count($books));
$calendar = new Calendar($this->backend, $books[0]);
$acl = $calendar->getACL();
$this->assertAcl(self::UNIT_TEST_USER, '{DAV:}read', $acl);
$this->assertAcl(self::UNIT_TEST_USER, '{DAV:}write', $acl);
$this->assertAcl(self::UNIT_TEST_USER1, '{DAV:}read', $acl);
$this->assertAcl(self::UNIT_TEST_USER1, '{DAV:}write', $acl);
$this->assertAcl(self::UNIT_TEST_GROUP, '{DAV:}read', $acl);
$this->assertAcl(self::UNIT_TEST_GROUP, '{DAV:}write', $acl);

// delete the address book
$this->backend->deleteCalendar($books[0]['id']);
$books = $this->backend->getCalendarsForUser(self::UNIT_TEST_USER);
$this->assertEquals(0, count($books));
}

public function testCalendarReadOnlySharing() {

$this->createTestCalendar();
$books = $this->backend->getCalendarsForUser(self::UNIT_TEST_USER);
$this->assertEquals(1, count($books));
$calendar = new Calendar($this->backend, $books[0]);
$this->backend->updateShares($calendar, [
[
'href' => 'principal:' . self::UNIT_TEST_USER1,
'readOnly' => true
]
], []);
$books = $this->backend->getCalendarsForUser(self::UNIT_TEST_USER1);
$this->assertEquals(1, count($books));
$calendar = new Calendar($this->backend, $books[0]);
$acl = $calendar->getACL();
$this->assertAcl(self::UNIT_TEST_USER, '{DAV:}read', $acl);
$this->assertAcl(self::UNIT_TEST_USER, '{DAV:}write', $acl);
$this->assertAcl(self::UNIT_TEST_USER1, '{DAV:}read', $acl);
$this->assertNotAcl(self::UNIT_TEST_USER1, '{DAV:}write', $acl);

// delete the address book
$this->backend->deleteCalendar($books[0]['id']);
Expand Down Expand Up @@ -386,4 +423,24 @@ public function testScheduling() {
$sos = $this->backend->getSchedulingObjects(self::UNIT_TEST_USER);
$this->assertEquals(0, count($sos));
}

private function assertAcl($principal, $privilege, $acl) {
foreach($acl as $a) {
if ($a['principal'] === $principal && $a['privilege'] === $privilege) {
$this->assertTrue(true);
return;
}
}
$this->fail("ACL does not contain $principal / $privilege");
}

private function assertNotAcl($principal, $privilege, $acl) {
foreach($acl as $a) {
if ($a['principal'] === $principal && $a['privilege'] === $privilege) {
$this->fail("ACL contains $principal / $privilege");
return;
}
}
$this->assertTrue(true);
}
}

0 comments on commit 16b682a

Please sign in to comment.