diff --git a/apps/dav/lib/caldav/calendar.php b/apps/dav/lib/caldav/calendar.php index 16acbbf53a..55f1acec39 100644 --- a/apps/dav/lib/caldav/calendar.php +++ b/apps/dav/lib/caldav/calendar.php @@ -23,6 +23,7 @@ namespace OCA\DAV\CalDAV; use OCA\DAV\DAV\Sharing\IShareable; use Sabre\DAV\Exception\Forbidden; +use Sabre\DAV\PropPatch; class Calendar extends \Sabre\CalDAV\Calendar implements IShareable { @@ -122,4 +123,13 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable { } parent::delete(); } + + function propPatch(PropPatch $propPatch) { + $mutations = $propPatch->getMutations(); + // If this is a shared calendar, the user can only change the enabled property, to hide it. + if (isset($this->calendarInfo['{http://owncloud.org/ns}owner-principal']) && (sizeof($mutations) !== 1 || !isset($mutations['{http://owncloud.org/ns}calendar-enabled']))) { + throw new Forbidden(); + } + parent::propPatch($propPatch); + } } diff --git a/apps/dav/lib/carddav/addressbook.php b/apps/dav/lib/carddav/addressbook.php index be57a2d90a..6ae938b8e2 100644 --- a/apps/dav/lib/carddav/addressbook.php +++ b/apps/dav/lib/carddav/addressbook.php @@ -23,6 +23,7 @@ namespace OCA\DAV\CardDAV; use OCA\DAV\DAV\Sharing\IShareable; use Sabre\DAV\Exception\Forbidden; use Sabre\DAV\Exception\NotFound; +use Sabre\DAV\PropPatch; class AddressBook extends \Sabre\CardDAV\AddressBook implements IShareable { @@ -83,14 +84,14 @@ class AddressBook extends \Sabre\CardDAV\AddressBook implements IShareable { } // add the current user - if (isset($this->addressBookInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal'])) { - $owner = $this->addressBookInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal']; + if (isset($this->addressBookInfo['{http://owncloud.org/ns}owner-principal'])) { + $owner = $this->addressBookInfo['{http://owncloud.org/ns}owner-principal']; $acl[] = [ 'privilege' => '{DAV:}read', 'principal' => $owner, 'protected' => true, ]; - if ($this->addressBookInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only']) { + if ($this->addressBookInfo['{http://owncloud.org/ns}read-only']) { $acl[] = [ 'privilege' => '{DAV:}write', 'principal' => $owner, @@ -162,6 +163,13 @@ class AddressBook extends \Sabre\CardDAV\AddressBook implements IShareable { parent::delete(); } + function propPatch(PropPatch $propPatch) { + if (isset($this->addressBookInfo['{http://owncloud.org/ns}owner-principal'])) { + throw new Forbidden(); + } + parent::propPatch($propPatch); + } + public function getContactsGroups() { /** @var CardDavBackend $cardDavBackend */ $cardDavBackend = $this->carddavBackend; diff --git a/apps/dav/lib/dav/sharing/backend.php b/apps/dav/lib/dav/sharing/backend.php index 8e2a9307b7..ffc4193e34 100644 --- a/apps/dav/lib/dav/sharing/backend.php +++ b/apps/dav/lib/dav/sharing/backend.php @@ -190,6 +190,14 @@ class Backend { 'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'], 'protected' => true, ]; + } else if ($this->resourceType === 'calendar') { + // Allow changing the properties of read only calendars, + // so users can change the visibility. + $acl[] = [ + 'privilege' => '{DAV:}write-properties', + 'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'], + 'protected' => true, + ]; } } return $acl; diff --git a/apps/dav/tests/unit/caldav/calendartest.php b/apps/dav/tests/unit/caldav/calendartest.php index 4a3c94e8ab..c41070ea43 100644 --- a/apps/dav/tests/unit/caldav/calendartest.php +++ b/apps/dav/tests/unit/caldav/calendartest.php @@ -23,6 +23,7 @@ namespace OCA\DAV\Tests\Unit\CalDAV; use OCA\DAV\CalDAV\CalDavBackend; use OCA\DAV\CalDAV\Calendar; +use Sabre\DAV\PropPatch; use Test\TestCase; class CalendarTest extends TestCase { @@ -63,4 +64,42 @@ class CalendarTest extends TestCase { $c = new Calendar($backend, $calendarInfo); $c->delete(); } + + public function dataPropPatch() { + return [ + [[], true], + [[ + '{http://owncloud.org/ns}calendar-enabled' => true, + ], false], + [[ + '{DAV:}displayname' => true, + ], true], + [[ + '{DAV:}displayname' => true, + '{http://owncloud.org/ns}calendar-enabled' => true, + ], true], + ]; + } + + /** + * @dataProvider dataPropPatch + */ + public function testPropPatch($mutations, $throws) { + /** @var \PHPUnit_Framework_MockObject_MockObject | CalDavBackend $backend */ + $backend = $this->getMockBuilder('OCA\DAV\CalDAV\CalDavBackend')->disableOriginalConstructor()->getMock(); + $calendarInfo = [ + '{http://owncloud.org/ns}owner-principal' => 'user1', + 'principaluri' => 'user2', + 'id' => 666 + ]; + $c = new Calendar($backend, $calendarInfo); + + if ($throws) { + $this->setExpectedException('\Sabre\DAV\Exception\Forbidden'); + } + $c->propPatch(new PropPatch($mutations)); + if (!$throws) { + $this->assertTrue(true); + } + } } diff --git a/apps/dav/tests/unit/carddav/addressbooktest.php b/apps/dav/tests/unit/carddav/addressbooktest.php index d714fc7167..854c121a95 100644 --- a/apps/dav/tests/unit/carddav/addressbooktest.php +++ b/apps/dav/tests/unit/carddav/addressbooktest.php @@ -23,6 +23,7 @@ namespace OCA\DAV\Tests\Unit\CardDAV; use OCA\DAV\CardDAV\AddressBook; use OCA\DAV\CardDAV\CardDavBackend; +use Sabre\DAV\PropPatch; use Test\TestCase; class AddressBookTest extends TestCase { @@ -61,4 +62,19 @@ class AddressBookTest extends TestCase { $c = new AddressBook($backend, $calendarInfo); $c->delete(); } + + /** + * @expectedException \Sabre\DAV\Exception\Forbidden + */ + public function testPropPatch() { + /** @var \PHPUnit_Framework_MockObject_MockObject | CardDavBackend $backend */ + $backend = $this->getMockBuilder('OCA\DAV\CardDAV\CardDavBackend')->disableOriginalConstructor()->getMock(); + $calendarInfo = [ + '{http://owncloud.org/ns}owner-principal' => 'user1', + 'principaluri' => 'user2', + 'id' => 666 + ]; + $c = new AddressBook($backend, $calendarInfo); + $c->propPatch(new PropPatch([])); + } }