From 66b7f2effd2ff2865f329fa5ce77d7c91dd57793 Mon Sep 17 00:00:00 2001 From: Pawel Boguslawski Date: Sat, 1 Oct 2022 23:43:43 +0200 Subject: [PATCH] Extract cs:allowed-sharing-modes into it's own plugin So that it's still there when we disable the PublishPlugin And disable sharing calendars via link when sharik via link is disabled This mod disallows sharing calendars via link when `shareapi_allow_links` is disabled. Signed-off-by: Thomas Citharel Signed-off-by: Carl Schwan Signed-off-by: Pawel Boguslawski --- .../composer/composer/autoload_classmap.php | 1 + .../dav/composer/composer/autoload_static.php | 1 + .../InvitationResponseServer.php | 6 +- apps/dav/lib/CalDAV/PublicCalendar.php | 12 ++-- apps/dav/lib/CalDAV/PublicCalendarRoot.php | 29 +++------ .../lib/CalDAV/Publishing/PublishPlugin.php | 26 ++------ apps/dav/lib/CalDAV/SharingPlugin.php | 64 +++++++++++++++++++ apps/dav/lib/RootCollection.php | 4 +- apps/dav/lib/Server.php | 16 +++-- build/psalm-baseline.xml | 3 - 10 files changed, 101 insertions(+), 61 deletions(-) create mode 100644 apps/dav/lib/CalDAV/SharingPlugin.php diff --git a/apps/dav/composer/composer/autoload_classmap.php b/apps/dav/composer/composer/autoload_classmap.php index 2ca5cf66f90..96d25c57188 100644 --- a/apps/dav/composer/composer/autoload_classmap.php +++ b/apps/dav/composer/composer/autoload_classmap.php @@ -141,6 +141,7 @@ return array( 'OCA\\DAV\\CalDAV\\TimeZoneFactory' => $baseDir . '/../lib/CalDAV/TimeZoneFactory.php', 'OCA\\DAV\\CalDAV\\TimezoneService' => $baseDir . '/../lib/CalDAV/TimezoneService.php', 'OCA\\DAV\\CalDAV\\TipBroker' => $baseDir . '/../lib/CalDAV/TipBroker.php', + 'OCA\\DAV\\CalDAV\\SharingPlugin' => $baseDir . '/../lib/CalDAV/SharingPlugin.php', 'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObject' => $baseDir . '/../lib/CalDAV/Trashbin/DeletedCalendarObject.php', 'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObjectsCollection' => $baseDir . '/../lib/CalDAV/Trashbin/DeletedCalendarObjectsCollection.php', 'OCA\\DAV\\CalDAV\\Trashbin\\Plugin' => $baseDir . '/../lib/CalDAV/Trashbin/Plugin.php', diff --git a/apps/dav/composer/composer/autoload_static.php b/apps/dav/composer/composer/autoload_static.php index c35dd97c02c..83fb1e11019 100644 --- a/apps/dav/composer/composer/autoload_static.php +++ b/apps/dav/composer/composer/autoload_static.php @@ -156,6 +156,7 @@ class ComposerStaticInitDAV 'OCA\\DAV\\CalDAV\\TimeZoneFactory' => __DIR__ . '/..' . '/../lib/CalDAV/TimeZoneFactory.php', 'OCA\\DAV\\CalDAV\\TimezoneService' => __DIR__ . '/..' . '/../lib/CalDAV/TimezoneService.php', 'OCA\\DAV\\CalDAV\\TipBroker' => __DIR__ . '/..' . '/../lib/CalDAV/TipBroker.php', + 'OCA\\DAV\\CalDAV\\SharingPlugin' => __DIR__ . '/..' . '/../lib/CalDAV/SharingPlugin.php', 'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObject' => __DIR__ . '/..' . '/../lib/CalDAV/Trashbin/DeletedCalendarObject.php', 'OCA\\DAV\\CalDAV\\Trashbin\\DeletedCalendarObjectsCollection' => __DIR__ . '/..' . '/../lib/CalDAV/Trashbin/DeletedCalendarObjectsCollection.php', 'OCA\\DAV\\CalDAV\\Trashbin\\Plugin' => __DIR__ . '/..' . '/../lib/CalDAV/Trashbin/Plugin.php', diff --git a/apps/dav/lib/CalDAV/InvitationResponse/InvitationResponseServer.php b/apps/dav/lib/CalDAV/InvitationResponse/InvitationResponseServer.php index de7815c68f2..47c8bf4d485 100644 --- a/apps/dav/lib/CalDAV/InvitationResponse/InvitationResponseServer.php +++ b/apps/dav/lib/CalDAV/InvitationResponse/InvitationResponseServer.php @@ -12,6 +12,7 @@ use OCA\DAV\CalDAV\Auth\CustomPrincipalPlugin; use OCA\DAV\CalDAV\Auth\PublicPrincipalPlugin; use OCA\DAV\CalDAV\DefaultCalendarValidator; use OCA\DAV\CalDAV\Publishing\PublishPlugin; +use OCA\DAV\CalDAV\SharingPlugin; use OCA\DAV\Connector\Sabre\AnonymousOptionsPlugin; use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin; use OCA\DAV\Connector\Sabre\CachingTree; @@ -24,6 +25,7 @@ use OCA\DAV\RootCollection; use OCA\Theming\ThemingDefaults; use OCP\App\IAppManager; use OCP\EventDispatcher\IEventDispatcher; +use OCP\IAppConfig; use OCP\IConfig; use OCP\IURLGenerator; use OCP\Server; @@ -31,8 +33,7 @@ use Psr\Log\LoggerInterface; use Sabre\VObject\ITip\Message; class InvitationResponseServer { - /** @var \OCA\DAV\Connector\Sabre\Server */ - public $server; + public \OCA\DAV\Connector\Sabre\Server $server; /** * InvitationResponseServer constructor. @@ -87,6 +88,7 @@ class InvitationResponseServer { $this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin()); $this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin()); //$this->server->addPlugin(new \OCA\DAV\DAV\Sharing\Plugin($authBackend, \OC::$server->getRequest())); + $this->server->addPlugin(new SharingPlugin(Server::get(IAppConfig::class))); $this->server->addPlugin(new PublishPlugin( Server::get(IConfig::class), Server::get(IURLGenerator::class) diff --git a/apps/dav/lib/CalDAV/PublicCalendar.php b/apps/dav/lib/CalDAV/PublicCalendar.php index a37b9fa7a8e..6646db3c090 100644 --- a/apps/dav/lib/CalDAV/PublicCalendar.php +++ b/apps/dav/lib/CalDAV/PublicCalendar.php @@ -14,10 +14,9 @@ class PublicCalendar extends Calendar { /** * @param string $name * @throws NotFound - * @return PublicCalendarObject */ #[\Override] - public function getChild($name) { + public function getChild($name): PublicCalendarObject { $obj = $this->caldavBackend->getCalendarObject($this->calendarInfo['id'], $name); if (!$obj) { @@ -35,7 +34,7 @@ class PublicCalendar extends Calendar { * @return PublicCalendarObject[] */ #[\Override] - public function getChildren() { + public function getChildren(): array { $objs = $this->caldavBackend->getCalendarObjects($this->calendarInfo['id']); $children = []; foreach ($objs as $obj) { @@ -53,7 +52,7 @@ class PublicCalendar extends Calendar { * @return PublicCalendarObject[] */ #[\Override] - public function getMultipleChildren(array $paths) { + public function getMultipleChildren(array $paths): array { $objs = $this->caldavBackend->getMultipleCalendarObjects($this->calendarInfo['id'], $paths); $children = []; foreach ($objs as $obj) { @@ -67,11 +66,10 @@ class PublicCalendar extends Calendar { } /** - * public calendars are always shared - * @return bool + * Public calendars are always shared */ #[\Override] - public function isShared() { + public function isShared(): bool { return true; } } diff --git a/apps/dav/lib/CalDAV/PublicCalendarRoot.php b/apps/dav/lib/CalDAV/PublicCalendarRoot.php index aec3f7b6224..aee3dd2935c 100644 --- a/apps/dav/lib/CalDAV/PublicCalendarRoot.php +++ b/apps/dav/lib/CalDAV/PublicCalendarRoot.php @@ -8,50 +8,39 @@ namespace OCA\DAV\CalDAV; +use OCP\IAppConfig; use OCP\IConfig; use OCP\IL10N; use Psr\Log\LoggerInterface; use Sabre\DAV\Collection; class PublicCalendarRoot extends Collection { - - /** - * PublicCalendarRoot constructor. - * - * @param CalDavBackend $caldavBackend - * @param IL10N $l10n - * @param IConfig $config - */ public function __construct( protected CalDavBackend $caldavBackend, protected IL10N $l10n, + protected IAppConfig $appConfig, protected IConfig $config, private LoggerInterface $logger, ) { } - /** - * @inheritdoc - */ #[\Override] - public function getName() { + public function getName(): string { return 'public-calendars'; } - /** - * @inheritdoc - */ #[\Override] - public function getChild($name) { + public function getChild($name): PublicCalendar { + // Sharing via link is allowed by default, but if the option is set it should be checked. + if (!$this->appConfig->getValueBool('core', 'shareapi_allow_links', true)) { + throw new \Sabre\DAV\Exception\Forbidden(); + } $calendar = $this->caldavBackend->getPublicCalendar($name); return new PublicCalendar($this->caldavBackend, $calendar, $this->l10n, $this->config, $this->logger); } - /** - * @inheritdoc - */ #[\Override] - public function getChildren() { + public function getChildren(): array { return []; } } diff --git a/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php b/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php index 619d0fc2931..5b2a68b9456 100644 --- a/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php +++ b/apps/dav/lib/CalDAV/Publishing/PublishPlugin.php @@ -14,7 +14,6 @@ use OCA\DAV\CalDAV\Publishing\Xml\Publisher; use OCP\AppFramework\Http; use OCP\IConfig; use OCP\IURLGenerator; -use Sabre\CalDAV\Xml\Property\AllowedSharingModes; use Sabre\DAV\Exception\NotFound; use Sabre\DAV\INode; use Sabre\DAV\PropFind; @@ -26,12 +25,7 @@ use Sabre\HTTP\ResponseInterface; class PublishPlugin extends ServerPlugin { public const NS_CALENDARSERVER = 'http://calendarserver.org/ns/'; - /** - * Reference to SabreDAV server object. - * - * @var \Sabre\DAV\Server - */ - protected $server; + protected Server $server; /** * PublishPlugin constructor. @@ -60,9 +54,9 @@ class PublishPlugin extends ServerPlugin { * @return string[] */ #[\Override] - public function getFeatures() { + public function getFeatures(): array { // May have to be changed to be detected - return ['oc-calendar-publishing', 'calendarserver-sharing']; + return ['oc-calendar-publishing']; } /** @@ -74,7 +68,7 @@ class PublishPlugin extends ServerPlugin { * @return string */ #[\Override] - public function getPluginName() { + public function getPluginName(): string { return 'oc-calendar-publishing'; } @@ -121,18 +115,6 @@ class PublishPlugin extends ServerPlugin { return new Publisher($publishUrl, true); } }); - - $propFind->handle('{' . self::NS_CALENDARSERVER . '}allowed-sharing-modes', function () use ($node) { - $canShare = (!$node->isSubscription() && $node->canWrite()); - $canPublish = (!$node->isSubscription() && $node->canWrite()); - - if ($this->config->getAppValue('dav', 'limitAddressBookAndCalendarSharingToOwner', 'no') === 'yes') { - $canShare = $canShare && ($node->getOwner() === $node->getPrincipalURI()); - $canPublish = $canPublish && ($node->getOwner() === $node->getPrincipalURI()); - } - - return new AllowedSharingModes($canShare, $canPublish); - }); } } diff --git a/apps/dav/lib/CalDAV/SharingPlugin.php b/apps/dav/lib/CalDAV/SharingPlugin.php new file mode 100644 index 00000000000..091fae24051 --- /dev/null +++ b/apps/dav/lib/CalDAV/SharingPlugin.php @@ -0,0 +1,64 @@ +server = $server; + + $this->server->on('propFind', $this->propFind(...)); + } + + public function propFind(PropFind $propFind, INode $node): void { + if ($node instanceof Calendar) { + $propFind->handle('{' . self::NS_CALENDARSERVER . '}allowed-sharing-modes', function () use ($node) { + $canShare = (!$node->isSubscription() && $node->canWrite()); + $canPublish = (!$node->isSubscription() && $node->canWrite()); + + if ($this->config->getValueBool('dav', 'limitAddressBookAndCalendarSharingToOwner')) { + $canShare = $canShare && ($node->getOwner() === $node->getPrincipalURI()); + $canPublish = $canPublish && ($node->getOwner() === $node->getPrincipalURI()); + } + + if (!$this->config->getValueBool('core', 'shareapi_allow_links', true)) { + $canPublish = false; + } + + return new AllowedSharingModes($canShare, $canPublish); + }); + } + } +} diff --git a/apps/dav/lib/RootCollection.php b/apps/dav/lib/RootCollection.php index ce9ad59e819..95d8d5c8562 100644 --- a/apps/dav/lib/RootCollection.php +++ b/apps/dav/lib/RootCollection.php @@ -37,6 +37,7 @@ use OCP\AppFramework\Utility\ITimeFactory; use OCP\Comments\ICommentsManager; use OCP\EventDispatcher\IEventDispatcher; use OCP\Files\IRootFolder; +use OCP\IAppConfig; use OCP\ICacheFactory; use OCP\IConfig; use OCP\IDBConnection; @@ -63,6 +64,7 @@ class RootCollection extends SimpleCollection { $db = Server::get(IDBConnection::class); $dispatcher = Server::get(IEventDispatcher::class); $config = Server::get(IConfig::class); + $appConfig = Server::get(IAppConfig::class); $proxyMapper = Server::get(ProxyMapper::class); $rootFolder = Server::get(IRootFolder::class); $federatedCalendarFactory = Server::get(FederatedCalendarFactory::class); @@ -125,7 +127,7 @@ class RootCollection extends SimpleCollection { $roomCalendarRoot = new CalendarRoot($calendarRoomPrincipalBackend, $caldavBackend, 'principals/calendar-rooms', $logger, $l10n, $config, $federatedCalendarFactory); $roomCalendarRoot->disableListing = $disableListing; - $publicCalendarRoot = new PublicCalendarRoot($caldavBackend, $l10n, $config, $logger); + $publicCalendarRoot = new PublicCalendarRoot($caldavBackend, $l10n, $appConfig, $config, $logger); $systemTagCollection = Server::get(SystemTagsByIdCollection::class); $systemTagRelationsCollection = new SystemTagsRelationsCollection( diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php index ea4350bc152..da305d98e1f 100644 --- a/apps/dav/lib/Server.php +++ b/apps/dav/lib/Server.php @@ -87,6 +87,7 @@ use OCP\FilesMetadata\IFilesMetadataManager; use OCP\IAppConfig; use OCP\ICacheFactory; use OCP\IConfig; +use OCP\IConfig; use OCP\IDateTimeZone; use OCP\IDBConnection; use OCP\IGroupManager; @@ -209,15 +210,18 @@ class Server { $this->server->addPlugin(\OCP\Server::get(\OCA\DAV\CalDAV\Trashbin\Plugin::class)); $this->server->addPlugin(new \OCA\DAV\CalDAV\WebcalCaching\Plugin($this->request)); - if (\OCP\Server::get(IConfig::class)->getAppValue('dav', 'allow_calendar_link_subscriptions', 'yes') === 'yes') { + if (\OCP\Server::get(IAppConfig::class)->getValueBool('dav', 'allow_calendar_link_subscriptions', true)) { $this->server->addPlugin(new \Sabre\CalDAV\Subscriptions\Plugin()); } $this->server->addPlugin(new \Sabre\CalDAV\Notifications\Plugin()); - $this->server->addPlugin(new PublishPlugin( - \OCP\Server::get(IConfig::class), - \OCP\Server::get(IURLGenerator::class) - )); + $this->server->addPlugin(new \OCA\DAV\CalDAV\SharingPlugin(\OCP\Server::get(IAppConfig::class))); + if (\OCP\Server::get(IAppConfig::class)->getValueBool('core', 'shareapi_allow_links', true)) { + $this->server->addPlugin(new PublishPlugin( + \OCP\Server::get(IConfig::class), + \OCP\Server::get(IURLGenerator::class) + )); + } $this->server->addPlugin(\OCP\Server::get(RateLimitingPlugin::class)); $this->server->addPlugin(\OCP\Server::get(CalDavValidatePlugin::class)); @@ -345,7 +349,7 @@ class Server { \OCP\Server::get(ICommentsManager::class), $userSession )); - if (\OCP\Server::get(IConfig::class)->getAppValue('dav', 'sendInvitations', 'yes') === 'yes') { + if (\OCP\Server::get(IAppConfig::class)->getValueBool('dav', 'sendInvitations', true)) { $this->server->addPlugin(new IMipPlugin( \OCP\Server::get(IAppConfig::class), \OCP\Server::get(IMailer::class), diff --git a/build/psalm-baseline.xml b/build/psalm-baseline.xml index fe478aab69d..ff052b27dfe 100644 --- a/build/psalm-baseline.xml +++ b/build/psalm-baseline.xml @@ -313,7 +313,6 @@ - @@ -1042,8 +1041,6 @@ - -