From 66b7f2effd2ff2865f329fa5ce77d7c91dd57793 Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Sat, 1 Oct 2022 23:43:43 +0200 Subject: [PATCH] Extract cs:allowed-sharing-modes into it's own plugin So that it's still there when we disable the PublishPlugin And disable sharing calendars via link when sharik via link is disabled This mod disallows sharing calendars via link when `shareapi_allow_links` is disabled. Signed-off-by: Thomas Citharel Signed-off-by: Carl Schwan Signed-off-by: Pawel Boguslawski --- .../composer/composer/autoload_classmap.php | 1 + .../dav/composer/composer/autoload_static.php | 1 + .../InvitationResponseServer.php | 6 +- apps/dav/lib/CalDAV/PublicCalendar.php | 12 ++-- apps/dav/lib/CalDAV/PublicCalendarRoot.php | 29 +++------ .../lib/CalDAV/Publishing/PublishPlugin.php | 26 ++------ apps/dav/lib/CalDAV/SharingPlugin.php | 64 +++++++++++++++++++ apps/dav/lib/RootCollection.php | 4 +- apps/dav/lib/Server.php | 16 +++-- build/psalm-baseline.xml | 3 - 10 files changed, 101 insertions(+), 61 deletions(-) create mode 100644 apps/dav/lib/CalDAV/SharingPlugin.php diff --git a/apps/dav/composer/composer/autoload_classmap.php b/apps/dav/composer/composer/autoload_classmap.php index 2ca5cf66f901f..96d25c5718880 100644 --- a/apps/dav/composer/composer/autoload_classmap.php +++ b/apps/dav/composer/composer/autoload_classmap.php @@ -141,6 +141,7 @@ 'OCA\\DAV\\CalDAV\\TimeZoneFactory' => $baseDir . '/../lib/CalDAV/TimeZoneFactory.php', 'OCA\\DAV\\CalDAV\\TimezoneService' => $baseDir . '/../lib/CalDAV/TimezoneService.php', 'OCA\\DAV\\CalDAV\\TipBroker' => $baseDir . '/../lib/CalDAV/TipBroker.php', + 'OCA\\DAV\\CalDAV\\SharingPlugin' => $baseDir . '/../lib/CalDAV/SharingPlugin.php', 'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObject' => $baseDir . '/../lib/CalDAV/Trashbin/DeletedCalendarObject.php', 'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObjectsCollection' => $baseDir . '/../lib/CalDAV/Trashbin/DeletedCalendarObjectsCollection.php', 'OCA\\DAV\\CalDAV\\Trashbin\\Plugin' => $baseDir . '/../lib/CalDAV/Trashbin/Plugin.php', diff --git a/apps/dav/composer/composer/autoload_static.php b/apps/dav/composer/composer/autoload_static.php index c35dd97c02c0e..83fb1e11019db 100644 --- a/apps/dav/composer/composer/autoload_static.php +++ b/apps/dav/composer/composer/autoload_static.php @@ -156,6 +156,7 @@ class ComposerStaticInitDAV 'OCA\\DAV\\CalDAV\\TimeZoneFactory' => __DIR__ . '/..' . '/../lib/CalDAV/TimeZoneFactory.php', 'OCA\\DAV\\CalDAV\\TimezoneService' => __DIR__ . '/..' . '/../lib/CalDAV/TimezoneService.php', 'OCA\\DAV\\CalDAV\\TipBroker' => __DIR__ . '/..' . '/../lib/CalDAV/TipBroker.php', + 'OCA\\DAV\\CalDAV\\SharingPlugin' => __DIR__ . '/..' . '/../lib/CalDAV/SharingPlugin.php', 'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObject' => __DIR__ . '/..' . '/../lib/CalDAV/Trashbin/DeletedCalendarObject.php', 'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObjectsCollection' => __DIR__ . '/..' . '/../lib/CalDAV/Trashbin/DeletedCalendarObjectsCollection.php', 'OCA\\DAV\\CalDAV\\Trashbin\\Plugin' => __DIR__ . '/..' . '/../lib/CalDAV/Trashbin/Plugin.php', diff --git a/apps/dav/lib/CalDAV/InvitationResponse/InvitationResponseServer.php b/apps/dav/lib/CalDAV/InvitationResponse/InvitationResponseServer.php index de7815c68f2d7..47c8bf4d48570 100644 --- a/apps/dav/lib/CalDAV/InvitationResponse/InvitationResponseServer.php +++ b/apps/dav/lib/CalDAV/InvitationResponse/InvitationResponseServer.php @@ -12,6 +12,7 @@ use OCA\DAV\CalDAV\Auth\PublicPrincipalPlugin; use OCA\DAV\CalDAV\DefaultCalendarValidator; use OCA\DAV\CalDAV\Publishing\PublishPlugin; +use OCA\DAV\CalDAV\SharingPlugin; use OCA\DAV\Connector\Sabre\AnonymousOptionsPlugin; use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin; use OCA\DAV\Connector\Sabre\CachingTree; @@ -24,6 +25,7 @@ use OCA\Theming\ThemingDefaults; use OCP\App\IAppManager; use OCP\EventDispatcher\IEventDispatcher; +use OCP\IAppConfig; use OCP\IConfig; use OCP\IURLGenerator; use OCP\Server; @@ -31,8 +33,7 @@ use Sabre\VObject\ITip\Message; class InvitationResponseServer { - /** @var \OCA\DAV\Connector\Sabre\Server */ - public $server; + public \OCA\DAV\Connector\Sabre\Server $server; /** * InvitationResponseServer constructor. @@ -87,6 +88,7 @@ public function __construct(bool $public = true) { $this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin()); $this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin()); //$this->server->addPlugin(new \OCA\DAV\DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest())); + $this->server->addPlugin(new SharingPlugin(Server::get(IAppConfig::class))); $this->server->addPlugin(new PublishPlugin( Server::get(IConfig::class), Server::get(IURLGenerator::class) diff --git a/apps/dav/lib/CalDAV/PublicCalendar.php b/apps/dav/lib/CalDAV/PublicCalendar.php index a37b9fa7a8ecb..6646db3c090e7 100644 --- a/apps/dav/lib/CalDAV/PublicCalendar.php +++ b/apps/dav/lib/CalDAV/PublicCalendar.php @@ -14,10 +14,9 @@ class PublicCalendar extends Calendar { /** * @param string $name * @throws NotFound - * @return PublicCalendarObject */ #[\Override] - public function getChild($name) { + public function getChild($name): PublicCalendarObject { $obj = $this->caldavBackend->getCalendarObject($this->calendarInfo['id'], $name); if (!$obj) { @@ -35,7 +34,7 @@ public function getChild($name) { * @return PublicCalendarObject[] */ #[\Override] - public function getChildren() { + public function getChildren(): array { $objs = $this->caldavBackend->getCalendarObjects($this->calendarInfo['id']); $children = []; foreach ($objs as $obj) { @@ -53,7 +52,7 @@ public function getChildren() { * @return PublicCalendarObject[] */ #[\Override] - public function getMultipleChildren(array $paths) { + public function getMultipleChildren(array $paths): array { $objs = $this->caldavBackend->getMultipleCalendarObjects($this->calendarInfo['id'], $paths); $children = []; foreach ($objs as $obj) { @@ -67,11 +66,10 @@ public function getMultipleChildren(array $paths) { } /** - * public calendars are always shared - * @return bool + * Public calendars are always shared */ #[\Override] - public function isShared() { + public function isShared(): bool { return true; } } diff --git a/apps/dav/lib/CalDAV/PublicCalendarRoot.php b/apps/dav/lib/CalDAV/PublicCalendarRoot.php index aec3f7b622486..aee3dd2935cbc 100644 --- a/apps/dav/lib/CalDAV/PublicCalendarRoot.php +++ b/apps/dav/lib/CalDAV/PublicCalendarRoot.php @@ -8,50 +8,39 @@ namespace OCA\DAV\CalDAV; +use OCP\IAppConfig; use OCP\IConfig; use OCP\IL10N; use Psr\Log\LoggerInterface; use Sabre\DAV\Collection; class PublicCalendarRoot extends Collection { - - /** - * PublicCalendarRoot constructor. - * - * @param CalDavBackend $caldavBackend - * @param IL10N $l10n - * @param IConfig $config - */ public function __construct( protected CalDavBackend $caldavBackend, protected IL10N $l10n, + protected IAppConfig $appConfig, protected IConfig $config, private LoggerInterface $logger, ) { } - /** - * @inheritdoc - */ #[\Override] - public function getName() { + public function getName(): string { return 'public-calendars'; } - /** - * @inheritdoc - */ #[\Override] - public function getChild($name) { + public function getChild($name): PublicCalendar { + // Sharing via link is allowed by default, but if the option is set it should be checked. + if (!$this->appConfig->getValueBool('core', 'shareapi_allow_links', true)) { + throw new \Sabre\DAV\Exception\Forbidden(); + } $calendar = $this->caldavBackend->getPublicCalendar($name); return new PublicCalendar($this->caldavBackend, $calendar, $this->l10n, $this->config, $this->logger); } - /** - * @inheritdoc - */ #[\Override] - public function getChildren() { + public function getChildren(): array { return []; } } diff --git a/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php b/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php index 619d0fc29310d..5b2a68b945629 100644 --- a/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php +++ b/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php @@ -14,7 +14,6 @@ use OCP\AppFramework\Http; use OCP\IConfig; use OCP\IURLGenerator; -use Sabre\CalDAV\Xml\Property\AllowedSharingModes; use Sabre\DAV\Exception\NotFound; use Sabre\DAV\INode; use Sabre\DAV\PropFind; @@ -26,12 +25,7 @@ class PublishPlugin extends ServerPlugin { public const NS_CALENDARSERVER = 'http://calendarserver.org/ns/'; - /** - * Reference to SabreDAV server object. - * - * @var \Sabre\DAV\Server - */ - protected $server; + protected Server $server; /** * PublishPlugin constructor. @@ -60,9 +54,9 @@ public function __construct( * @return string[] */ #[\Override] - public function getFeatures() { + public function getFeatures(): array { // May have to be changed to be detected - return ['oc-calendar-publishing', 'calendarserver-sharing']; + return ['oc-calendar-publishing']; } /** @@ -74,7 +68,7 @@ public function getFeatures() { * @return string */ #[\Override] - public function getPluginName() { + public function getPluginName(): string { return 'oc-calendar-publishing'; } @@ -121,18 +115,6 @@ public function propFind(PropFind $propFind, INode $node) { return new Publisher($publishUrl, true); } }); - - $propFind->handle('{' . self::NS_CALENDARSERVER . '}allowed-sharing-modes', function () use ($node) { - $canShare = (!$node->isSubscription() && $node->canWrite()); - $canPublish = (!$node->isSubscription() && $node->canWrite()); - - if ($this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes') { - $canShare = $canShare && ($node->getOwner() === $node->getPrincipalURI()); - $canPublish = $canPublish && ($node->getOwner() === $node->getPrincipalURI()); - } - - return new AllowedSharingModes($canShare, $canPublish); - }); } } diff --git a/apps/dav/lib/CalDAV/SharingPlugin.php b/apps/dav/lib/CalDAV/SharingPlugin.php new file mode 100644 index 0000000000000..091fae24051b8 --- /dev/null +++ b/apps/dav/lib/CalDAV/SharingPlugin.php @@ -0,0 +1,64 @@ +server = $server; + + $this->server->on('propFind', $this->propFind(...)); + } + + public function propFind(PropFind $propFind, INode $node): void { + if ($node instanceof Calendar) { + $propFind->handle('{' . self::NS_CALENDARSERVER . '}allowed-sharing-modes', function () use ($node) { + $canShare = (!$node->isSubscription() && $node->canWrite()); + $canPublish = (!$node->isSubscription() && $node->canWrite()); + + if ($this->config->getValueBool('dav', 'limitAddressBookAndCalendarSharingToOwner')) { + $canShare = $canShare && ($node->getOwner() === $node->getPrincipalURI()); + $canPublish = $canPublish && ($node->getOwner() === $node->getPrincipalURI()); + } + + if (!$this->config->getValueBool('core', 'shareapi_allow_links', true)) { + $canPublish = false; + } + + return new AllowedSharingModes($canShare, $canPublish); + }); + } + } +} diff --git a/apps/dav/lib/RootCollection.php b/apps/dav/lib/RootCollection.php index ce9ad59e81950..95d8d5c8562ed 100644 --- a/apps/dav/lib/RootCollection.php +++ b/apps/dav/lib/RootCollection.php @@ -37,6 +37,7 @@ use OCP\Comments\ICommentsManager; use OCP\EventDispatcher\IEventDispatcher; use OCP\Files\IRootFolder; +use OCP\IAppConfig; use OCP\ICacheFactory; use OCP\IConfig; use OCP\IDBConnection; @@ -63,6 +64,7 @@ public function __construct() { $db = Server::get(IDBConnection::class); $dispatcher = Server::get(IEventDispatcher::class); $config = Server::get(IConfig::class); + $appConfig = Server::get(IAppConfig::class); $proxyMapper = Server::get(ProxyMapper::class); $rootFolder = Server::get(IRootFolder::class); $federatedCalendarFactory = Server::get(FederatedCalendarFactory::class); @@ -125,7 +127,7 @@ public function __construct() { $roomCalendarRoot = new CalendarRoot($calendarRoomPrincipalBackend, $caldavBackend, 'principals/calendar-rooms', $logger, $l10n, $config, $federatedCalendarFactory); $roomCalendarRoot->disableListing = $disableListing; - $publicCalendarRoot = new PublicCalendarRoot($caldavBackend, $l10n, $config, $logger); + $publicCalendarRoot = new PublicCalendarRoot($caldavBackend, $l10n, $appConfig, $config, $logger); $systemTagCollection = Server::get(SystemTagsByIdCollection::class); $systemTagRelationsCollection = new SystemTagsRelationsCollection( diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php index ea4350bc1529d..da305d98e1f45 100644 --- a/apps/dav/lib/Server.php +++ b/apps/dav/lib/Server.php @@ -87,6 +87,7 @@ use OCP\IAppConfig; use OCP\ICacheFactory; use OCP\IConfig; +use OCP\IConfig; use OCP\IDateTimeZone; use OCP\IDBConnection; use OCP\IGroupManager; @@ -209,15 +210,18 @@ public function __construct( $this->server->addPlugin(\OCP\Server::get(\OCA\DAV\CalDAV\Trashbin\Plugin::class)); $this->server->addPlugin(new \OCA\DAV\CalDAV\WebcalCaching\Plugin($this->request)); - if (\OCP\Server::get(IConfig::class)->getAppValue('dav', 'allow_calendar_link_subscriptions', 'yes') === 'yes') { + if (\OCP\Server::get(IAppConfig::class)->getValueBool('dav', 'allow_calendar_link_subscriptions', true)) { $this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin()); } $this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin()); - $this->server->addPlugin(new PublishPlugin( - \OCP\Server::get(IConfig::class), - \OCP\Server::get(IURLGenerator::class) - )); + $this->server->addPlugin(new \OCA\DAV\CalDAV\SharingPlugin(\OCP\Server::get(IAppConfig::class))); + if (\OCP\Server::get(IAppConfig::class)->getValueBool('core', 'shareapi_allow_links', true)) { + $this->server->addPlugin(new PublishPlugin( + \OCP\Server::get(IConfig::class), + \OCP\Server::get(IURLGenerator::class) + )); + } $this->server->addPlugin(\OCP\Server::get(RateLimitingPlugin::class)); $this->server->addPlugin(\OCP\Server::get(CalDavValidatePlugin::class)); @@ -345,7 +349,7 @@ public function __construct( \OCP\Server::get(ICommentsManager::class), $userSession )); - if (\OCP\Server::get(IConfig::class)->getAppValue('dav', 'sendInvitations', 'yes') === 'yes') { + if (\OCP\Server::get(IAppConfig::class)->getValueBool('dav', 'sendInvitations', true)) { $this->server->addPlugin(new IMipPlugin( \OCP\Server::get(IAppConfig::class), \OCP\Server::get(IMailer::class), diff --git a/build/psalm-baseline.xml b/build/psalm-baseline.xml index fe478aab69d41..ff052b27dfe5b 100644 --- a/build/psalm-baseline.xml +++ b/build/psalm-baseline.xml @@ -313,7 +313,6 @@ - @@ -1042,8 +1041,6 @@ - -