mirror of
https://github.com/nextcloud/server.git
synced 2026-05-25 18:52:53 -04:00
Merge pull request #59963 from nextcloud/backport/59962/stable32
[stable32] fix: add ACLs for calender delegation
This commit is contained in:
Stephan Orbaugh
GitHub
commit
784a8f2cd9
7 changed files with 116 additions and 15 deletions
|
|
@ -95,6 +95,8 @@ return array(
|
|||
'OCA\\DAV\\CalDAV\\Outbox' => $baseDir . '/../lib/CalDAV/Outbox.php',
|
||||
'OCA\\DAV\\CalDAV\\Plugin' => $baseDir . '/../lib/CalDAV/Plugin.php',
|
||||
'OCA\\DAV\\CalDAV\\Principal\\Collection' => $baseDir . '/../lib/CalDAV/Principal/Collection.php',
|
||||
'OCA\\DAV\\CalDAV\\Principal\\ProxyRead' => $baseDir . '/../lib/CalDAV/Principal/ProxyRead.php',
|
||||
'OCA\\DAV\\CalDAV\\Principal\\ProxyWrite' => $baseDir . '/../lib/CalDAV/Principal/ProxyWrite.php',
|
||||
'OCA\\DAV\\CalDAV\\Principal\\User' => $baseDir . '/../lib/CalDAV/Principal/User.php',
|
||||
'OCA\\DAV\\CalDAV\\Proxy\\Proxy' => $baseDir . '/../lib/CalDAV/Proxy/Proxy.php',
|
||||
'OCA\\DAV\\CalDAV\\Proxy\\ProxyMapper' => $baseDir . '/../lib/CalDAV/Proxy/ProxyMapper.php',
|
||||
|
|
|
|||
|
|
@ -110,6 +110,8 @@ class ComposerStaticInitDAV
|
|||
'OCA\\DAV\\CalDAV\\Outbox' => __DIR__ . '/..' . '/../lib/CalDAV/Outbox.php',
|
||||
'OCA\\DAV\\CalDAV\\Plugin' => __DIR__ . '/..' . '/../lib/CalDAV/Plugin.php',
|
||||
'OCA\\DAV\\CalDAV\\Principal\\Collection' => __DIR__ . '/..' . '/../lib/CalDAV/Principal/Collection.php',
|
||||
'OCA\\DAV\\CalDAV\\Principal\\ProxyRead' => __DIR__ . '/..' . '/../lib/CalDAV/Principal/ProxyRead.php',
|
||||
'OCA\\DAV\\CalDAV\\Principal\\ProxyWrite' => __DIR__ . '/..' . '/../lib/CalDAV/Principal/ProxyWrite.php',
|
||||
'OCA\\DAV\\CalDAV\\Principal\\User' => __DIR__ . '/..' . '/../lib/CalDAV/Principal/User.php',
|
||||
'OCA\\DAV\\CalDAV\\Proxy\\Proxy' => __DIR__ . '/..' . '/../lib/CalDAV/Proxy/Proxy.php',
|
||||
'OCA\\DAV\\CalDAV\\Proxy\\ProxyMapper' => __DIR__ . '/..' . '/../lib/CalDAV/Proxy/ProxyMapper.php',
|
||||
|
|
|
|||
23
apps/dav/lib/CalDAV/Principal/ProxyRead.php
Normal file
23
apps/dav/lib/CalDAV/Principal/ProxyRead.php
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
|
||||
* SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
*/
|
||||
|
||||
namespace OCA\DAV\CalDAV\Principal;
|
||||
|
||||
use Sabre\DAVACL;
|
||||
|
||||
class ProxyRead extends \Sabre\CalDAV\Principal\ProxyRead implements DAVACL\IACL {
|
||||
use DAVACL\ACLTrait;
|
||||
|
||||
/**
|
||||
* @inheritDoc
|
||||
*/
|
||||
public function getOwner() {
|
||||
return $this->principalInfo['uri'];
|
||||
}
|
||||
}
|
||||
23
apps/dav/lib/CalDAV/Principal/ProxyWrite.php
Normal file
23
apps/dav/lib/CalDAV/Principal/ProxyWrite.php
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
/**
|
||||
* SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors
|
||||
* SPDX-License-Identifier: AGPL-3.0-or-later
|
||||
*/
|
||||
|
||||
namespace OCA\DAV\CalDAV\Principal;
|
||||
|
||||
use Sabre\DAVACL;
|
||||
|
||||
class ProxyWrite extends \Sabre\CalDAV\Principal\ProxyWrite implements DAVACL\IACL {
|
||||
use DAVACL\ACLTrait;
|
||||
|
||||
/**
|
||||
* @inheritDoc
|
||||
*/
|
||||
public function getOwner() {
|
||||
return $this->principalInfo['uri'];
|
||||
}
|
||||
}
|
||||
|
|
@ -34,4 +34,44 @@ class User extends \Sabre\CalDAV\Principal\User {
|
|||
];
|
||||
return $acl;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a specific child node, referenced by its name.
|
||||
*
|
||||
* @param string $name
|
||||
*
|
||||
* @return \Sabre\DAV\INode
|
||||
*/
|
||||
public function getChild($name) {
|
||||
$principal = $this->principalBackend->getPrincipalByPath($this->getPrincipalURL() . '/' . $name);
|
||||
if (!$principal) {
|
||||
throw new \Sabre\DAV\Exception\NotFound("Node with name $name was not found");
|
||||
}
|
||||
if ($name === 'calendar-proxy-read') {
|
||||
return new ProxyRead($this->principalBackend, $this->principalProperties);
|
||||
}
|
||||
|
||||
if ($name === 'calendar-proxy-write') {
|
||||
return new ProxyWrite($this->principalBackend, $this->principalProperties);
|
||||
}
|
||||
|
||||
throw new \Sabre\DAV\Exception\NotFound("Node with name $name was not found");
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns an array with all the child nodes.
|
||||
*
|
||||
* @return \Sabre\DAV\INode[]
|
||||
*/
|
||||
public function getChildren() {
|
||||
$r = [];
|
||||
if ($this->principalBackend->getPrincipalByPath($this->getPrincipalURL() . '/calendar-proxy-read')) {
|
||||
$r[] = new ProxyRead($this->principalBackend, $this->principalProperties);
|
||||
}
|
||||
if ($this->principalBackend->getPrincipalByPath($this->getPrincipalURL() . '/calendar-proxy-write')) {
|
||||
$r[] = new ProxyWrite($this->principalBackend, $this->principalProperties);
|
||||
}
|
||||
|
||||
return $r;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -20,4 +20,11 @@ Feature: calendar delegation
|
|||
When "admin" updates property "{DAV:}group-member-set" to href "/remote.php/dav/principals/users/user0" of principal "users/admin/calendar-proxy-write" on the endpoint "/remote.php/dav/principals/"
|
||||
Then The CalDAV response should be multi status
|
||||
And The CalDAV response should contain an href "/remote.php/dav/principals/users/admin/calendar-proxy-write"
|
||||
And The CalDAV response should contain a property "{DAV:}group-member-set"
|
||||
And The CalDAV response should contain a property "{DAV:}group-member-set"
|
||||
|
||||
Scenario: Admin cannot grant User1 access to User0's calendar account
|
||||
Given user "admin" exists
|
||||
And user "user0" exists
|
||||
And user "user1" exists
|
||||
When "admin" updates property "{DAV:}group-member-set" to href "/remote.php/dav/principals/users/user1" of principal "users/user0/calendar-proxy-write" on the endpoint "/remote.php/dav/principals/"
|
||||
Then The CalDAV HTTP status code should be "404"
|
||||
|
|
@ -410,19 +410,23 @@ class CalDavContext implements \Behat\Behat\Context\Context {
|
|||
$xml = new \Sabre\Xml\Service();
|
||||
$body = $xml->write('{DAV:}propertyupdate', $propPatch, '/');
|
||||
|
||||
$this->response = $this->client->request(
|
||||
'PROPPATCH',
|
||||
$davUrl,
|
||||
[
|
||||
'headers' => [
|
||||
'Content-Type' => 'application/xml; charset=UTF-8',
|
||||
],
|
||||
'body' => $body,
|
||||
'auth' => [
|
||||
$user,
|
||||
$password,
|
||||
],
|
||||
]
|
||||
);
|
||||
try {
|
||||
$this->response = $this->client->request(
|
||||
'PROPPATCH',
|
||||
$davUrl,
|
||||
[
|
||||
'headers' => [
|
||||
'Content-Type' => 'application/xml; charset=UTF-8',
|
||||
],
|
||||
'body' => $body,
|
||||
'auth' => [
|
||||
$user,
|
||||
$password,
|
||||
],
|
||||
]
|
||||
);
|
||||
} catch (\GuzzleHttp\Exception\ClientException $e) {
|
||||
$this->response = $e->getResponse();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue