Merge pull request #9707 from nextcloud/bugfix-stable13/noid/override_freebusy_sharing_rules
[stable13] allow admins to override FreeBusy capabilities without modifying ShareAPI capabilities
This commit is contained in:
Morris Jobke
GitHub
commit
5c92da2269
|
|
@ -46,6 +46,7 @@ $principalBackend = new Principal(
|
|||
\OC::$server->getGroupManager(),
|
||||
\OC::$server->getShareManager(),
|
||||
\OC::$server->getUserSession(),
|
||||
\OC::$server->getConfig(),
|
||||
'principals/'
|
||||
);
|
||||
$db = \OC::$server->getDatabaseConnection();
|
||||
|
|
|
|||
|
|
@ -47,6 +47,7 @@ $principalBackend = new Principal(
|
|||
\OC::$server->getGroupManager(),
|
||||
\OC::$server->getShareManager(),
|
||||
\OC::$server->getUserSession(),
|
||||
\OC::$server->getConfig(),
|
||||
'principals/'
|
||||
);
|
||||
$db = \OC::$server->getDatabaseConnection();
|
||||
|
|
|
|||
|
|
@ -77,7 +77,8 @@ class CreateCalendar extends Command {
|
|||
$this->userManager,
|
||||
$this->groupManager,
|
||||
\OC::$server->getShareManager(),
|
||||
\OC::$server->getUserSession()
|
||||
\OC::$server->getUserSession(),
|
||||
\OC::$server->getConfig()
|
||||
);
|
||||
$random = \OC::$server->getSecureRandom();
|
||||
$logger = \OC::$server->getLogger();
|
||||
|
|
|
|||
|
|
@ -30,6 +30,7 @@
|
|||
|
||||
namespace OCA\DAV\Connector\Sabre;
|
||||
|
||||
use OCP\IConfig;
|
||||
use OCP\IGroup;
|
||||
use OCP\IGroupManager;
|
||||
use OCP\IUser;
|
||||
|
|
@ -55,6 +56,9 @@ class Principal implements BackendInterface {
|
|||
/** @var IUserSession */
|
||||
private $userSession;
|
||||
|
||||
/** @var IConfig */
|
||||
private $config;
|
||||
|
||||
/** @var string */
|
||||
private $principalPrefix;
|
||||
|
||||
|
|
@ -66,17 +70,20 @@ class Principal implements BackendInterface {
|
|||
* @param IGroupManager $groupManager
|
||||
* @param IShareManager $shareManager
|
||||
* @param IUserSession $userSession
|
||||
* @param IConfig $config
|
||||
* @param string $principalPrefix
|
||||
*/
|
||||
public function __construct(IUserManager $userManager,
|
||||
IGroupManager $groupManager,
|
||||
IShareManager $shareManager,
|
||||
IUserSession $userSession,
|
||||
IConfig $config,
|
||||
$principalPrefix = 'principals/users/') {
|
||||
$this->userManager = $userManager;
|
||||
$this->groupManager = $groupManager;
|
||||
$this->shareManager = $shareManager;
|
||||
$this->userSession = $userSession;
|
||||
$this->config = $config;
|
||||
$this->principalPrefix = trim($principalPrefix, '/');
|
||||
$this->hasGroups = ($principalPrefix === 'principals/users/');
|
||||
}
|
||||
|
|
@ -206,8 +213,10 @@ class Principal implements BackendInterface {
|
|||
protected function searchUserPrincipals(array $searchProperties, $test = 'allof') {
|
||||
$results = [];
|
||||
|
||||
// If sharing is disabled, return the empty array
|
||||
if (!$this->shareManager->shareApiEnabled()) {
|
||||
// If sharing is disabled (or FreeBusy was disabled on purpose), return the empty array
|
||||
$shareAPIEnabled = $this->shareManager->shareApiEnabled();
|
||||
$disableFreeBusy = $this->config->getAppValue('dav', 'disableFreeBusy', $shareAPIEnabled ? 'no' : 'yes');
|
||||
if ($disableFreeBusy === 'yes') {
|
||||
return [];
|
||||
}
|
||||
|
||||
|
|
@ -290,8 +299,10 @@ class Principal implements BackendInterface {
|
|||
* @return string
|
||||
*/
|
||||
function findByUri($uri, $principalPrefix) {
|
||||
// If sharing is disabled, return null as in user not found
|
||||
if (!$this->shareManager->shareApiEnabled()) {
|
||||
// If sharing is disabled (or FreeBusy was disabled on purpose), return the empty array
|
||||
$shareAPIEnabled = $this->shareManager->shareApiEnabled();
|
||||
$disableFreeBusy = $this->config->getAppValue('dav', 'disableFreeBusy', $shareAPIEnabled ? 'no' : 'yes');
|
||||
if ($disableFreeBusy === 'yes') {
|
||||
return null;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -51,7 +51,8 @@ class RootCollection extends SimpleCollection {
|
|||
$userManager,
|
||||
$groupManager,
|
||||
$shareManager,
|
||||
\OC::$server->getUserSession()
|
||||
\OC::$server->getUserSession(),
|
||||
$config
|
||||
);
|
||||
$groupPrincipalBackend = new GroupPrincipalBackend($groupManager);
|
||||
// as soon as debug mode is enabled we allow listing of principals
|
||||
|
|
|
|||
|
|
@ -27,6 +27,7 @@
|
|||
namespace OCA\DAV\Tests\unit\Connector\Sabre;
|
||||
|
||||
use OC\User\User;
|
||||
use OCP\IConfig;
|
||||
use OCP\IGroup;
|
||||
use OCP\IGroupManager;
|
||||
use OCP\IUser;
|
||||
|
|
@ -47,18 +48,22 @@ class PrincipalTest extends TestCase {
|
|||
private $shareManager;
|
||||
/** @var IUserSession | \PHPUnit_Framework_MockObject_MockObject */
|
||||
private $userSession;
|
||||
/** @var IConfig | \PHPUnit_Framework_MockObject_MockObject */
|
||||
private $config;
|
||||
|
||||
public function setUp() {
|
||||
$this->userManager = $this->createMock(IUserManager::class);
|
||||
$this->groupManager = $this->createMock(IGroupManager::class);
|
||||
$this->shareManager = $this->createMock(IManager::class);
|
||||
$this->userSession = $this->createMock(IUserSession::class);
|
||||
$this->config = $this->createMock(IConfig::class);
|
||||
|
||||
$this->connector = new \OCA\DAV\Connector\Sabre\Principal(
|
||||
$this->userManager,
|
||||
$this->groupManager,
|
||||
$this->shareManager,
|
||||
$this->userSession);
|
||||
$this->userSession,
|
||||
$this->config);
|
||||
parent::setUp();
|
||||
}
|
||||
|
||||
|
|
@ -278,11 +283,16 @@ class PrincipalTest extends TestCase {
|
|||
/**
|
||||
* @dataProvider searchPrincipalsDataProvider
|
||||
*/
|
||||
public function testSearchPrincipals($sharingEnabled, $groupsOnly, $result) {
|
||||
public function testSearchPrincipals($disableFreeBusy, $sharingEnabled, $disableFBSharingCombination, $groupsOnly, $result) {
|
||||
$this->shareManager->expects($this->once())
|
||||
->method('shareAPIEnabled')
|
||||
->will($this->returnValue($sharingEnabled));
|
||||
$this->config->expects($this->once())
|
||||
->method('getAppValue')
|
||||
->with('dav', 'disableFreeBusy', $sharingEnabled ? 'no' : 'yes')
|
||||
->will($this->returnValue($disableFBSharingCombination));
|
||||
|
||||
if ($disableFreeBusy === 'no') {
|
||||
if ($sharingEnabled) {
|
||||
$this->shareManager->expects($this->once())
|
||||
->method('shareWithGroupMembersOnly')
|
||||
|
|
@ -305,19 +315,35 @@ class PrincipalTest extends TestCase {
|
|||
$this->groupManager->expects($this->never())
|
||||
->method($this->anything());
|
||||
}
|
||||
} else {
|
||||
$this->shareManager->expects($this->never())
|
||||
->method('shareWithGroupMembersOnly');
|
||||
$this->groupManager->expects($this->never())
|
||||
->method($this->anything());
|
||||
}
|
||||
|
||||
|
||||
$user2 = $this->createMock(IUser::class);
|
||||
$user2->method('getUID')->will($this->returnValue('user2'));
|
||||
$user3 = $this->createMock(IUser::class);
|
||||
$user3->method('getUID')->will($this->returnValue('user3'));
|
||||
|
||||
if ($disableFreeBusy === 'no') {
|
||||
if ($sharingEnabled) {
|
||||
$this->userManager->expects($this->at(0))
|
||||
->method('getByEmail')
|
||||
->with('user')
|
||||
->will($this->returnValue([$user2, $user3]));
|
||||
} else {
|
||||
$this->userManager->expects($this->never())
|
||||
->method('getByEmail');
|
||||
}
|
||||
} else {
|
||||
$this->userManager->expects($this->never())
|
||||
->method('getByEmail');
|
||||
}
|
||||
|
||||
if ($disableFreeBusy === 'no') {
|
||||
if ($sharingEnabled && $groupsOnly) {
|
||||
$this->groupManager->expects($this->at(1))
|
||||
->method('getUserGroupIds')
|
||||
|
|
@ -328,6 +354,12 @@ class PrincipalTest extends TestCase {
|
|||
->with($user3)
|
||||
->will($this->returnValue(['group3', 'group4']));
|
||||
}
|
||||
} else {
|
||||
$this->groupManager->expects($this->never())
|
||||
->method('getUserGroupIds');
|
||||
$this->groupManager->expects($this->never())
|
||||
->method('getUserGroupIds');
|
||||
}
|
||||
|
||||
$this->assertEquals($result, $this->connector->searchPrincipals('principals/users',
|
||||
['{http://sabredav.org/ns}email-address' => 'user']));
|
||||
|
|
@ -335,9 +367,12 @@ class PrincipalTest extends TestCase {
|
|||
|
||||
public function searchPrincipalsDataProvider() {
|
||||
return [
|
||||
[true, false, ['principals/users/user2', 'principals/users/user3']],
|
||||
[true, true, ['principals/users/user2']],
|
||||
[false, false, []],
|
||||
['yes', true, 'yes', false, []],
|
||||
['no', true, 'no', false, ['principals/users/user2', 'principals/users/user3']],
|
||||
['yes', true, 'yes', true, []],
|
||||
['no', true, 'no', true, ['principals/users/user2']],
|
||||
['yes', false, 'yes', false, []],
|
||||
['no', false, 'yes', false, []],
|
||||
];
|
||||
}
|
||||
|
||||
|
|
@ -345,6 +380,10 @@ class PrincipalTest extends TestCase {
|
|||
$this->shareManager->expects($this->once())
|
||||
->method('shareApiEnabled')
|
||||
->will($this->returnValue(false));
|
||||
$this->config->expects($this->once())
|
||||
->method('getAppValue')
|
||||
->with('dav', 'disableFreeBusy', 'yes')
|
||||
->will($this->returnValue('yes'));
|
||||
|
||||
$this->assertEquals(null, $this->connector->findByUri('mailto:user@foo.com', 'principals/users'));
|
||||
}
|
||||
|
|
@ -352,11 +391,21 @@ class PrincipalTest extends TestCase {
|
|||
/**
|
||||
* @dataProvider findByUriWithGroupRestrictionDataProvider
|
||||
*/
|
||||
public function testFindByUriWithGroupRestriction($uri, $email, $expects) {
|
||||
public function testFindByUriWithGroupRestriction($disableFreeBusy, $uri, $email, $expects) {
|
||||
$this->shareManager->expects($this->once())
|
||||
->method('shareApiEnabled')
|
||||
->will($this->returnValue(true));
|
||||
$this->config->expects($this->once())
|
||||
->method('getAppValue')
|
||||
->with('dav', 'disableFreeBusy', 'no')
|
||||
->will($this->returnValue($disableFreeBusy));
|
||||
|
||||
if ($disableFreeBusy === 'yes') {
|
||||
$this->shareManager->expects($this->never())
|
||||
->method('shareWithGroupMembersOnly');
|
||||
$this->userSession->expects($this->never())
|
||||
->method('getUser');
|
||||
} else {
|
||||
$this->shareManager->expects($this->once())
|
||||
->method('shareWithGroupMembersOnly')
|
||||
->will($this->returnValue(true));
|
||||
|
|
@ -392,25 +441,39 @@ class PrincipalTest extends TestCase {
|
|||
->with($user3)
|
||||
->will($this->returnValue(['group3', 'group3']));
|
||||
}
|
||||
}
|
||||
|
||||
$this->assertEquals($expects, $this->connector->findByUri($uri, 'principals/users'));
|
||||
}
|
||||
|
||||
public function findByUriWithGroupRestrictionDataProvider() {
|
||||
return [
|
||||
['mailto:user2@foo.bar', 'user2@foo.bar', 'principals/users/user2'],
|
||||
['mailto:user3@foo.bar', 'user3@foo.bar', null],
|
||||
['yes', 'mailto:user2@foo.bar', 'user2@foo.bar', null],
|
||||
['no', 'mailto:user2@foo.bar', 'user2@foo.bar', 'principals/users/user2'],
|
||||
['yes', 'mailto:user3@foo.bar', 'user3@foo.bar', null],
|
||||
['no', 'mailto:user3@foo.bar', 'user3@foo.bar', null],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider findByUriWithoutGroupRestrictionDataProvider
|
||||
*/
|
||||
public function testFindByUriWithoutGroupRestriction($uri, $email, $expects) {
|
||||
public function testFindByUriWithoutGroupRestriction($disableFreeBusy, $uri, $email, $expects) {
|
||||
$this->shareManager->expects($this->once())
|
||||
->method('shareApiEnabled')
|
||||
->will($this->returnValue(true));
|
||||
$this->config->expects($this->once())
|
||||
->method('getAppValue')
|
||||
->with('dav', 'disableFreeBusy', 'no')
|
||||
->will($this->returnValue($disableFreeBusy));
|
||||
|
||||
if ($disableFreeBusy === 'yes') {
|
||||
$this->shareManager->expects($this->never())
|
||||
->method('shareWithGroupMembersOnly');
|
||||
|
||||
$this->userManager->expects($this->never())
|
||||
->method('getByEmail');
|
||||
} else {
|
||||
$this->shareManager->expects($this->once())
|
||||
->method('shareWithGroupMembersOnly')
|
||||
->will($this->returnValue(false));
|
||||
|
|
@ -424,14 +487,17 @@ class PrincipalTest extends TestCase {
|
|||
->method('getByEmail')
|
||||
->with($email)
|
||||
->will($this->returnValue([$email === 'user2@foo.bar' ? $user2 : $user3]));
|
||||
}
|
||||
|
||||
$this->assertEquals($expects, $this->connector->findByUri($uri, 'principals/users'));
|
||||
}
|
||||
|
||||
public function findByUriWithoutGroupRestrictionDataProvider() {
|
||||
return [
|
||||
['mailto:user2@foo.bar', 'user2@foo.bar', 'principals/users/user2'],
|
||||
['mailto:user3@foo.bar', 'user3@foo.bar', 'principals/users/user3'],
|
||||
['yes', 'mailto:user2@foo.bar', 'user2@foo.bar', null],
|
||||
['yes', 'mailto:user3@foo.bar', 'user3@foo.bar', null],
|
||||
['no', 'mailto:user2@foo.bar', 'user2@foo.bar', 'principals/users/user2'],
|
||||
['no', 'mailto:user3@foo.bar', 'user3@foo.bar', 'principals/users/user3'],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue