Merge pull request #46747 from nextcloud/refactor/dav/security-attributes

apps/dav/lib/Controller/BirthdayCalendarController.php

@@ -7,7 +7,9 @@ namespace OCA\DAV\Controller;
 
 use OCA\DAV\BackgroundJob\GenerateBirthdayCalendarBackgroundJob;
 use OCA\DAV\CalDAV\CalDavBackend;
+use OCA\DAV\Settings\CalDAVSettings;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
 use OCP\AppFramework\Http\JSONResponse;
 use OCP\AppFramework\Http\Response;
 use OCP\BackgroundJob\IJobList;
@@ -70,8 +72,8 @@ class BirthdayCalendarController extends Controller {
 
 	/**
 	 * @return Response
-	 * @AuthorizedAdminSetting(settings=OCA\DAV\Settings\CalDAVSettings)
 	 */
+	#[AuthorizedAdminSetting(settings: CalDAVSettings::class)]
 	public function enable() {
 		$this->config->setAppValue($this->appName, 'generateBirthdayCalendar', 'yes');
 
@@ -87,8 +89,8 @@ class BirthdayCalendarController extends Controller {
 
 	/**
 	 * @return Response
-	 * @AuthorizedAdminSetting(settings=OCA\DAV\Settings\CalDAVSettings)
 	 */
+	#[AuthorizedAdminSetting(settings: CalDAVSettings::class)]
 	public function disable() {
 		$this->config->setAppValue($this->appName, 'generateBirthdayCalendar', 'no');
 

apps/dav/lib/Controller/DirectController.php

@@ -11,6 +11,7 @@ namespace OCA\DAV\Controller;
 use OCA\DAV\Db\Direct;
 use OCA\DAV\Db\DirectMapper;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\NoAdminRequired;
 use OCP\AppFramework\Http\DataResponse;
 use OCP\AppFramework\OCS\OCSBadRequestException;
 use OCP\AppFramework\OCS\OCSForbiddenException;
@@ -69,8 +70,6 @@ class DirectController extends OCSController {
 	}
 
 	/**
-	 * @NoAdminRequired
-	 *
 	 * Get a direct link to a file
 	 *
 	 * @param int $fileId ID of the file
@@ -82,6 +81,7 @@ class DirectController extends OCSController {
 	 *
 	 * 200: Direct link returned
 	 */
+	#[NoAdminRequired]
 	public function getUrl(int $fileId, int $expirationTime = 60 * 60 * 8): DataResponse {
 		$userFolder = $this->rootFolder->getUserFolder($this->userId);
 

apps/dav/lib/Controller/InvitationResponseController.php

@@ -10,7 +10,9 @@ namespace OCA\DAV\Controller;
 
 use OCA\DAV\CalDAV\InvitationResponse\InvitationResponseServer;
 use OCP\AppFramework\Controller;
+use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
 use OCP\AppFramework\Http\Attribute\OpenAPI;
+use OCP\AppFramework\Http\Attribute\PublicPage;
 use OCP\AppFramework\Http\TemplateResponse;
 use OCP\AppFramework\Utility\ITimeFactory;
 use OCP\IDBConnection;
@@ -52,12 +54,11 @@ class InvitationResponseController extends Controller {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
 	 * @param string $token
 	 * @return TemplateResponse
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function accept(string $token):TemplateResponse {
 		$row = $this->getTokenInformation($token);
 		if (!$row) {
@@ -76,12 +77,11 @@ class InvitationResponseController extends Controller {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
 	 * @param string $token
 	 * @return TemplateResponse
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function decline(string $token):TemplateResponse {
 		$row = $this->getTokenInformation($token);
 		if (!$row) {
@@ -101,12 +101,11 @@ class InvitationResponseController extends Controller {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
 	 * @param string $token
 	 * @return TemplateResponse
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function options(string $token):TemplateResponse {
 		return new TemplateResponse($this->appName, 'schedule-response-options', [
 			'token' => $token
@@ -114,13 +113,12 @@ class InvitationResponseController extends Controller {
 	}
 
 	/**
-	 * @PublicPage
-	 * @NoCSRFRequired
-	 *
 	 * @param string $token
 	 *
 	 * @return TemplateResponse
 	 */
+	#[PublicPage]
+	#[NoCSRFRequired]
 	public function processMoreOptionsResult(string $token):TemplateResponse {
 		$partstat = $this->request->getParam('partStat');