Extract cs:allowed-sharing-modes into it's own plugin

So that it's still there when we disable the PublishPlugin

And disable sharing calendars via link when sharik via link is disabled

This mod disallows sharing calendars via link when `shareapi_allow_links`
is disabled.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
Signed-off-by: Carl Schwan <carlschwan@kde.org>
Signed-off-by: Pawel Boguslawski <pawel.boguslawski@ib.pl>

Author: pboguslawski

apps/dav/composer/composer/autoload_classmap.php

@@ -141,6 +141,7 @@
     'OCA\\DAV\\CalDAV\\TimeZoneFactory' => $baseDir . '/../lib/CalDAV/TimeZoneFactory.php',
     'OCA\\DAV\\CalDAV\\TimezoneService' => $baseDir . '/../lib/CalDAV/TimezoneService.php',
     'OCA\\DAV\\CalDAV\\TipBroker' => $baseDir . '/../lib/CalDAV/TipBroker.php',
+    'OCA\\DAV\\CalDAV\\SharingPlugin' => $baseDir . '/../lib/CalDAV/SharingPlugin.php',
     'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObject' => $baseDir . '/../lib/CalDAV/Trashbin/DeletedCalendarObject.php',
     'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObjectsCollection' => $baseDir . '/../lib/CalDAV/Trashbin/DeletedCalendarObjectsCollection.php',
     'OCA\\DAV\\CalDAV\\Trashbin\\Plugin' => $baseDir . '/../lib/CalDAV/Trashbin/Plugin.php',

apps/dav/composer/composer/autoload_static.php

@@ -156,6 +156,7 @@ class ComposerStaticInitDAV
         'OCA\\DAV\\CalDAV\\TimeZoneFactory' => __DIR__ . '/..' . '/../lib/CalDAV/TimeZoneFactory.php',
         'OCA\\DAV\\CalDAV\\TimezoneService' => __DIR__ . '/..' . '/../lib/CalDAV/TimezoneService.php',
         'OCA\\DAV\\CalDAV\\TipBroker' => __DIR__ . '/..' . '/../lib/CalDAV/TipBroker.php',
+        'OCA\\DAV\\CalDAV\\SharingPlugin' => __DIR__ . '/..' . '/../lib/CalDAV/SharingPlugin.php',
         'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObject' => __DIR__ . '/..' . '/../lib/CalDAV/Trashbin/DeletedCalendarObject.php',
         'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObjectsCollection' => __DIR__ . '/..' . '/../lib/CalDAV/Trashbin/DeletedCalendarObjectsCollection.php',
         'OCA\\DAV\\CalDAV\\Trashbin\\Plugin' => __DIR__ . '/..' . '/../lib/CalDAV/Trashbin/Plugin.php',

apps/dav/lib/CalDAV/InvitationResponse/InvitationResponseServer.php

@@ -12,6 +12,7 @@
 use OCA\DAV\CalDAV\Auth\PublicPrincipalPlugin;
 use OCA\DAV\CalDAV\DefaultCalendarValidator;
 use OCA\DAV\CalDAV\Publishing\PublishPlugin;
+use OCA\DAV\CalDAV\SharingPlugin;
 use OCA\DAV\Connector\Sabre\AnonymousOptionsPlugin;
 use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin;
 use OCA\DAV\Connector\Sabre\CachingTree;
@@ -24,15 +25,15 @@
 use OCA\Theming\ThemingDefaults;
 use OCP\App\IAppManager;
 use OCP\EventDispatcher\IEventDispatcher;
+use OCP\IAppConfig;
 use OCP\IConfig;
 use OCP\IURLGenerator;
 use OCP\Server;
 use Psr\Log\LoggerInterface;
 use Sabre\VObject\ITip\Message;
 
 class InvitationResponseServer {
-	/** @var \OCA\DAV\Connector\Sabre\Server */
-	public $server;
+	public \OCA\DAV\Connector\Sabre\Server $server;
 
 	/**
 	 * InvitationResponseServer constructor.
@@ -87,6 +88,7 @@ public function __construct(bool $public = true) {
 		$this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin());
 		$this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin());
 		//$this->server->addPlugin(new \OCA\DAV\DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest()));
+		$this->server->addPlugin(new SharingPlugin(Server::get(IAppConfig::class)));
 		$this->server->addPlugin(new PublishPlugin(
 			Server::get(IConfig::class),
 			Server::get(IURLGenerator::class)

apps/dav/lib/CalDAV/PublicCalendar.php

@@ -14,10 +14,9 @@ class PublicCalendar extends Calendar {
 	/**
 	 * @param string $name
 	 * @throws NotFound
-	 * @return PublicCalendarObject
 	 */
 	#[\Override]
-	public function getChild($name) {
+	public function getChild($name): PublicCalendarObject {
 		$obj = $this->caldavBackend->getCalendarObject($this->calendarInfo['id'], $name);
 
 		if (!$obj) {
@@ -35,7 +34,7 @@ public function getChild($name) {
 	 * @return PublicCalendarObject[]
 	 */
 	#[\Override]
-	public function getChildren() {
+	public function getChildren(): array {
 		$objs = $this->caldavBackend->getCalendarObjects($this->calendarInfo['id']);
 		$children = [];
 		foreach ($objs as $obj) {
@@ -53,7 +52,7 @@ public function getChildren() {
 	 * @return PublicCalendarObject[]
 	 */
 	#[\Override]
-	public function getMultipleChildren(array $paths) {
+	public function getMultipleChildren(array $paths): array {
 		$objs = $this->caldavBackend->getMultipleCalendarObjects($this->calendarInfo['id'], $paths);
 		$children = [];
 		foreach ($objs as $obj) {
@@ -67,11 +66,10 @@ public function getMultipleChildren(array $paths) {
 	}
 
 	/**
-	 * public calendars are always shared
-	 * @return bool
+	 * Public calendars are always shared
 	 */
 	#[\Override]
-	public function isShared() {
+	public function isShared(): bool {
 		return true;
 	}
 }

apps/dav/lib/CalDAV/PublicCalendarRoot.php

@@ -8,50 +8,39 @@
 
 namespace OCA\DAV\CalDAV;
 
+use OCP\IAppConfig;
 use OCP\IConfig;
 use OCP\IL10N;
 use Psr\Log\LoggerInterface;
 use Sabre\DAV\Collection;
 
 class PublicCalendarRoot extends Collection {
-
-	/**
-	 * PublicCalendarRoot constructor.
-	 *
-	 * @param CalDavBackend $caldavBackend
-	 * @param IL10N $l10n
-	 * @param IConfig $config
-	 */
 	public function __construct(
 		protected CalDavBackend $caldavBackend,
 		protected IL10N $l10n,
+		protected IAppConfig $appConfig,
 		protected IConfig $config,
 		private LoggerInterface $logger,
 	) {
 	}
 
-	/**
-	 * @inheritdoc
-	 */
 	#[\Override]
-	public function getName() {
+	public function getName(): string {
 		return 'public-calendars';
 	}
 
-	/**
-	 * @inheritdoc
-	 */
 	#[\Override]
-	public function getChild($name) {
+	public function getChild($name): PublicCalendar {
+		// Sharing via link is allowed by default, but if the option is set it should be checked.
+		if (!$this->appConfig->getValueBool('core', 'shareapi_allow_links', true)) {
+			throw new \Sabre\DAV\Exception\Forbidden();
+		}
 		$calendar = $this->caldavBackend->getPublicCalendar($name);
 		return new PublicCalendar($this->caldavBackend, $calendar, $this->l10n, $this->config, $this->logger);
 	}
 
-	/**
-	 * @inheritdoc
-	 */
 	#[\Override]
-	public function getChildren() {
+	public function getChildren(): array {
 		return [];
 	}
 }

apps/dav/lib/CalDAV/Publishing/PublishPlugin.php

@@ -14,7 +14,6 @@
 use OCP\AppFramework\Http;
 use OCP\IConfig;
 use OCP\IURLGenerator;
-use Sabre\CalDAV\Xml\Property\AllowedSharingModes;
 use Sabre\DAV\Exception\NotFound;
 use Sabre\DAV\INode;
 use Sabre\DAV\PropFind;
@@ -26,12 +25,7 @@
 class PublishPlugin extends ServerPlugin {
 	public const NS_CALENDARSERVER = 'http://calendarserver.org/ns/';
 
-	/**
-	 * Reference to SabreDAV server object.
-	 *
-	 * @var \Sabre\DAV\Server
-	 */
-	protected $server;
+	protected Server $server;
 
 	/**
 	 * PublishPlugin constructor.
@@ -60,9 +54,9 @@ public function __construct(
 	 * @return string[]
 	 */
 	#[\Override]
-	public function getFeatures() {
+	public function getFeatures(): array {
 		// May have to be changed to be detected
-		return ['oc-calendar-publishing', 'calendarserver-sharing'];
+		return ['oc-calendar-publishing'];
 	}
 
 	/**
@@ -74,7 +68,7 @@ public function getFeatures() {
 	 * @return string
 	 */
 	#[\Override]
-	public function getPluginName() {
+	public function getPluginName(): string {
 		return 'oc-calendar-publishing';
 	}
 
@@ -121,18 +115,6 @@ public function propFind(PropFind $propFind, INode $node) {
 					return new Publisher($publishUrl, true);
 				}
 			});
-
-			$propFind->handle('{' . self::NS_CALENDARSERVER . '}allowed-sharing-modes', function () use ($node) {
-				$canShare = (!$node->isSubscription() && $node->canWrite());
-				$canPublish = (!$node->isSubscription() && $node->canWrite());
-
-				if ($this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes') {
-					$canShare = $canShare && ($node->getOwner() === $node->getPrincipalURI());
-					$canPublish = $canPublish && ($node->getOwner() === $node->getPrincipalURI());
-				}
-
-				return new AllowedSharingModes($canShare, $canPublish);
-			});
 		}
 	}
 

apps/dav/lib/CalDAV/SharingPlugin.php

@@ -0,0 +1,64 @@
+<?php
+
+// SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
+// SPDX-License-Identifier: AGPL-3.0-or-later
+
+namespace OCA\DAV\CalDAV;
+
+use OCP\IAppConfig;
+use OCP\IConfig;
+use Override;
+use Sabre\CalDAV\Xml\Property\AllowedSharingModes;
+use Sabre\DAV\INode;
+use Sabre\DAV\PropFind;
+use Sabre\DAV\Server;
+use Sabre\DAV\ServerPlugin;
+
+class SharingPlugin extends ServerPlugin {
+	public const NS_CALENDARSERVER = 'http://calendarserver.org/ns/';
+
+	protected Server $server;
+
+	public function __construct(
+		private readonly IAppConfig $config,
+	) {
+	}
+
+	#[Override]
+	public function getFeatures(): array {
+		// May have to be changed to be detected
+		return ['calendarserver-sharing'];
+	}
+
+	#[Override]
+	public function getPluginName(): string {
+		return 'oc-calendar-sharing';
+	}
+
+	#[Override]
+	public function initialize(Server $server): void {
+		$this->server = $server;
+
+		$this->server->on('propFind', $this->propFind(...));
+	}
+
+	public function propFind(PropFind $propFind, INode $node): void {
+		if ($node instanceof Calendar) {
+			$propFind->handle('{' . self::NS_CALENDARSERVER . '}allowed-sharing-modes', function () use ($node) {
+				$canShare = (!$node->isSubscription() && $node->canWrite());
+				$canPublish = (!$node->isSubscription() && $node->canWrite());
+
+				if ($this->config->getValueBool('dav', 'limitAddressBookAndCalendarSharingToOwner')) {
+					$canShare = $canShare && ($node->getOwner() === $node->getPrincipalURI());
+					$canPublish = $canPublish && ($node->getOwner() === $node->getPrincipalURI());
+				}
+
+				if (!$this->config->getValueBool('core', 'shareapi_allow_links', true)) {
+					$canPublish = false;
+				}
+
+				return new AllowedSharingModes($canShare, $canPublish);
+			});
+		}
+	}
+}

apps/dav/lib/RootCollection.php

@@ -37,6 +37,7 @@
 use OCP\Comments\ICommentsManager;
 use OCP\EventDispatcher\IEventDispatcher;
 use OCP\Files\IRootFolder;
+use OCP\IAppConfig;
 use OCP\ICacheFactory;
 use OCP\IConfig;
 use OCP\IDBConnection;
@@ -63,6 +64,7 @@ public function __construct() {
 		$db = Server::get(IDBConnection::class);
 		$dispatcher = Server::get(IEventDispatcher::class);
 		$config = Server::get(IConfig::class);
+		$appConfig = Server::get(IAppConfig::class);
 		$proxyMapper = Server::get(ProxyMapper::class);
 		$rootFolder = Server::get(IRootFolder::class);
 		$federatedCalendarFactory = Server::get(FederatedCalendarFactory::class);
@@ -125,7 +127,7 @@ public function __construct() {
 		$roomCalendarRoot = new CalendarRoot($calendarRoomPrincipalBackend, $caldavBackend, 'principals/calendar-rooms', $logger, $l10n, $config, $federatedCalendarFactory);
 		$roomCalendarRoot->disableListing = $disableListing;
 
-		$publicCalendarRoot = new PublicCalendarRoot($caldavBackend, $l10n, $config, $logger);
+		$publicCalendarRoot = new PublicCalendarRoot($caldavBackend, $l10n, $appConfig, $config, $logger);
 
 		$systemTagCollection = Server::get(SystemTagsByIdCollection::class);
 		$systemTagRelationsCollection = new SystemTagsRelationsCollection(

apps/dav/lib/Server.php

@@ -87,6 +87,7 @@
 use OCP\IAppConfig;
 use OCP\ICacheFactory;
 use OCP\IConfig;
+use OCP\IConfig;
 use OCP\IDateTimeZone;
 use OCP\IDBConnection;
 use OCP\IGroupManager;
@@ -209,15 +210,18 @@ public function __construct(
 
 			$this->server->addPlugin(\OCP\Server::get(\OCA\DAV\CalDAV\Trashbin\Plugin::class));
 			$this->server->addPlugin(new \OCA\DAV\CalDAV\WebcalCaching\Plugin($this->request));
-			if (\OCP\Server::get(IConfig::class)->getAppValue('dav', 'allow_calendar_link_subscriptions', 'yes') === 'yes') {
+			if (\OCP\Server::get(IAppConfig::class)->getValueBool('dav', 'allow_calendar_link_subscriptions', true)) {
 				$this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin());
 			}
 
 			$this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin());
-			$this->server->addPlugin(new PublishPlugin(
-				\OCP\Server::get(IConfig::class),
-				\OCP\Server::get(IURLGenerator::class)
-			));
+			$this->server->addPlugin(new \OCA\DAV\CalDAV\SharingPlugin(\OCP\Server::get(IAppConfig::class)));
+			if (\OCP\Server::get(IAppConfig::class)->getValueBool('core', 'shareapi_allow_links', true)) {
+				$this->server->addPlugin(new PublishPlugin(
+					\OCP\Server::get(IConfig::class),
+					\OCP\Server::get(IURLGenerator::class)
+				));
+			}
 
 			$this->server->addPlugin(\OCP\Server::get(RateLimitingPlugin::class));
 			$this->server->addPlugin(\OCP\Server::get(CalDavValidatePlugin::class));
@@ -345,7 +349,7 @@ public function __construct(
 					\OCP\Server::get(ICommentsManager::class),
 					$userSession
 				));
-				if (\OCP\Server::get(IConfig::class)->getAppValue('dav', 'sendInvitations', 'yes') === 'yes') {
+				if (\OCP\Server::get(IAppConfig::class)->getValueBool('dav', 'sendInvitations', true)) {
 					$this->server->addPlugin(new IMipPlugin(
 						\OCP\Server::get(IAppConfig::class),
 						\OCP\Server::get(IMailer::class),

build/psalm-baseline.xml

@@ -313,7 +313,6 @@
     <DeprecatedMethod>
       <code><![CDATA[getAppValue]]></code>
       <code><![CDATA[getAppValue]]></code>
-      <code><![CDATA[getAppValue]]></code>
     </DeprecatedMethod>
   </file>
   <file src="apps/dav/lib/CalDAV/Reminder/NotificationProvider/AbstractProvider.php">
@@ -1042,8 +1041,6 @@
     <DeprecatedMethod>
       <code><![CDATA[dispatch]]></code>
       <code><![CDATA[dispatch]]></code>
-      <code><![CDATA[getAppValue]]></code>
-      <code><![CDATA[getAppValue]]></code>
       <code><![CDATA[getL10N]]></code>
       <code><![CDATA[getL10N]]></code>
       <code><![CDATA[getUserFolder]]></code>