No DAV user enumeration if disabled
Fixes #9058 If the option to autocomplete users is disabled. We also should not enumerate the users on this endpoint. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
64716dd569
commit
58ca6b1554
|
@ -73,6 +73,7 @@ return array(
|
||||||
'OCA\\DAV\\CardDAV\\PhotoCache' => $baseDir . '/../lib/CardDAV/PhotoCache.php',
|
'OCA\\DAV\\CardDAV\\PhotoCache' => $baseDir . '/../lib/CardDAV/PhotoCache.php',
|
||||||
'OCA\\DAV\\CardDAV\\Plugin' => $baseDir . '/../lib/CardDAV/Plugin.php',
|
'OCA\\DAV\\CardDAV\\Plugin' => $baseDir . '/../lib/CardDAV/Plugin.php',
|
||||||
'OCA\\DAV\\CardDAV\\SyncService' => $baseDir . '/../lib/CardDAV/SyncService.php',
|
'OCA\\DAV\\CardDAV\\SyncService' => $baseDir . '/../lib/CardDAV/SyncService.php',
|
||||||
|
'OCA\\DAV\\CardDAV\\SystemAddressbook' => $baseDir . '/../lib/CardDAV/SystemAddressbook.php',
|
||||||
'OCA\\DAV\\CardDAV\\UserAddressBooks' => $baseDir . '/../lib/CardDAV/UserAddressBooks.php',
|
'OCA\\DAV\\CardDAV\\UserAddressBooks' => $baseDir . '/../lib/CardDAV/UserAddressBooks.php',
|
||||||
'OCA\\DAV\\CardDAV\\Xml\\Groups' => $baseDir . '/../lib/CardDAV/Xml/Groups.php',
|
'OCA\\DAV\\CardDAV\\Xml\\Groups' => $baseDir . '/../lib/CardDAV/Xml/Groups.php',
|
||||||
'OCA\\DAV\\Command\\CreateAddressBook' => $baseDir . '/../lib/Command/CreateAddressBook.php',
|
'OCA\\DAV\\Command\\CreateAddressBook' => $baseDir . '/../lib/Command/CreateAddressBook.php',
|
||||||
|
|
|
@ -88,6 +88,7 @@ class ComposerStaticInitDAV
|
||||||
'OCA\\DAV\\CardDAV\\PhotoCache' => __DIR__ . '/..' . '/../lib/CardDAV/PhotoCache.php',
|
'OCA\\DAV\\CardDAV\\PhotoCache' => __DIR__ . '/..' . '/../lib/CardDAV/PhotoCache.php',
|
||||||
'OCA\\DAV\\CardDAV\\Plugin' => __DIR__ . '/..' . '/../lib/CardDAV/Plugin.php',
|
'OCA\\DAV\\CardDAV\\Plugin' => __DIR__ . '/..' . '/../lib/CardDAV/Plugin.php',
|
||||||
'OCA\\DAV\\CardDAV\\SyncService' => __DIR__ . '/..' . '/../lib/CardDAV/SyncService.php',
|
'OCA\\DAV\\CardDAV\\SyncService' => __DIR__ . '/..' . '/../lib/CardDAV/SyncService.php',
|
||||||
|
'OCA\\DAV\\CardDAV\\SystemAddressbook' => __DIR__ . '/..' . '/../lib/CardDAV/SystemAddressbook.php',
|
||||||
'OCA\\DAV\\CardDAV\\UserAddressBooks' => __DIR__ . '/..' . '/../lib/CardDAV/UserAddressBooks.php',
|
'OCA\\DAV\\CardDAV\\UserAddressBooks' => __DIR__ . '/..' . '/../lib/CardDAV/UserAddressBooks.php',
|
||||||
'OCA\\DAV\\CardDAV\\Xml\\Groups' => __DIR__ . '/..' . '/../lib/CardDAV/Xml/Groups.php',
|
'OCA\\DAV\\CardDAV\\Xml\\Groups' => __DIR__ . '/..' . '/../lib/CardDAV/Xml/Groups.php',
|
||||||
'OCA\\DAV\\Command\\CreateAddressBook' => __DIR__ . '/..' . '/../lib/Command/CreateAddressBook.php',
|
'OCA\\DAV\\Command\\CreateAddressBook' => __DIR__ . '/..' . '/../lib/Command/CreateAddressBook.php',
|
||||||
|
|
|
@ -0,0 +1,47 @@
|
||||||
|
<?php
|
||||||
|
declare(strict_types=1);
|
||||||
|
/**
|
||||||
|
* @copyright Copyright (c) 2018, Roeland Jago Douma <roeland@famdouma.nl>
|
||||||
|
*
|
||||||
|
* @author Roeland Jago Douma <roeland@famdouma.nl>
|
||||||
|
*
|
||||||
|
* @license GNU AGPL version 3 or any later version
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU Affero General Public License as
|
||||||
|
* published by the Free Software Foundation, either version 3 of the
|
||||||
|
* License, or (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU Affero General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU Affero General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
namespace OCA\DAV\CardDAV;
|
||||||
|
|
||||||
|
use OCP\IConfig;
|
||||||
|
use OCP\IL10N;
|
||||||
|
use Sabre\CardDAV\Backend\BackendInterface;
|
||||||
|
|
||||||
|
class SystemAddressbook extends AddressBook {
|
||||||
|
/** @var IConfig */
|
||||||
|
private $config;
|
||||||
|
|
||||||
|
public function __construct(BackendInterface $carddavBackend, array $addressBookInfo, IL10N $l10n, IConfig $config) {
|
||||||
|
parent::__construct($carddavBackend, $addressBookInfo, $l10n);
|
||||||
|
$this->config = $config;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function getChildren() {
|
||||||
|
if ($this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') !== 'yes') {
|
||||||
|
return [];
|
||||||
|
}
|
||||||
|
|
||||||
|
return parent::getChildren();
|
||||||
|
}
|
||||||
|
}
|
|
@ -22,6 +22,7 @@
|
||||||
*/
|
*/
|
||||||
namespace OCA\DAV\CardDAV;
|
namespace OCA\DAV\CardDAV;
|
||||||
|
|
||||||
|
use OCP\IConfig;
|
||||||
use OCP\IL10N;
|
use OCP\IL10N;
|
||||||
|
|
||||||
class UserAddressBooks extends \Sabre\CardDAV\AddressBookHome {
|
class UserAddressBooks extends \Sabre\CardDAV\AddressBookHome {
|
||||||
|
@ -29,6 +30,9 @@ class UserAddressBooks extends \Sabre\CardDAV\AddressBookHome {
|
||||||
/** @var IL10N */
|
/** @var IL10N */
|
||||||
protected $l10n;
|
protected $l10n;
|
||||||
|
|
||||||
|
/** @var IConfig */
|
||||||
|
protected $config;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Returns a list of addressbooks
|
* Returns a list of addressbooks
|
||||||
*
|
*
|
||||||
|
@ -38,11 +42,18 @@ class UserAddressBooks extends \Sabre\CardDAV\AddressBookHome {
|
||||||
if ($this->l10n === null) {
|
if ($this->l10n === null) {
|
||||||
$this->l10n = \OC::$server->getL10N('dav');
|
$this->l10n = \OC::$server->getL10N('dav');
|
||||||
}
|
}
|
||||||
|
if ($this->config === null) {
|
||||||
|
$this->config = \OC::$server->getConfig();
|
||||||
|
}
|
||||||
|
|
||||||
$addressBooks = $this->carddavBackend->getAddressBooksForUser($this->principalUri);
|
$addressBooks = $this->carddavBackend->getAddressBooksForUser($this->principalUri);
|
||||||
$objects = [];
|
$objects = [];
|
||||||
foreach($addressBooks as $addressBook) {
|
foreach($addressBooks as $addressBook) {
|
||||||
$objects[] = new AddressBook($this->carddavBackend, $addressBook, $this->l10n);
|
if ($addressBook['principaluri'] === 'principals/system/system') {
|
||||||
|
$objects[] = new SystemAddressbook($this->carddavBackend, $addressBook, $this->l10n, $this->config);
|
||||||
|
} else {
|
||||||
|
$objects[] = new AddressBook($this->carddavBackend, $addressBook, $this->l10n);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return $objects;
|
return $objects;
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue