diff --git a/apps/dav/appinfo/v1/caldav.php b/apps/dav/appinfo/v1/caldav.php index f524c47a82..7f2ff2b37d 100644 --- a/apps/dav/appinfo/v1/caldav.php +++ b/apps/dav/appinfo/v1/caldav.php @@ -67,6 +67,7 @@ $nodes = array( // Fire up server $server = new \Sabre\DAV\Server($nodes); +$server::$exposeVersion = false; $server->httpRequest->setUrl(\OC::$server->getRequest()->getRequestUri()); $server->setBaseUri($baseuri); diff --git a/apps/dav/appinfo/v1/carddav.php b/apps/dav/appinfo/v1/carddav.php index b70045d420..04344e83fd 100644 --- a/apps/dav/appinfo/v1/carddav.php +++ b/apps/dav/appinfo/v1/carddav.php @@ -66,6 +66,7 @@ $nodes = array( // Fire up server $server = new \Sabre\DAV\Server($nodes); +$server::$exposeVersion = false; $server->httpRequest->setUrl(\OC::$server->getRequest()->getRequestUri()); $server->setBaseUri($baseuri); // Add plugins diff --git a/apps/dav/lib/Connector/LegacyDAVACL.php b/apps/dav/lib/Connector/LegacyDAVACL.php index d5185ecd03..46cbb504cc 100644 --- a/apps/dav/lib/Connector/LegacyDAVACL.php +++ b/apps/dav/lib/Connector/LegacyDAVACL.php @@ -67,6 +67,7 @@ class LegacyDAVACL extends DavAclPlugin { return new Principal(Principal::UNAUTHENTICATED); } }); - parent::propFind($propFind, $node); + + return parent::propFind($propFind, $node); } } diff --git a/apps/dav/lib/Connector/Sabre/DavAclPlugin.php b/apps/dav/lib/Connector/Sabre/DavAclPlugin.php index 244394ec6f..427a375601 100644 --- a/apps/dav/lib/Connector/Sabre/DavAclPlugin.php +++ b/apps/dav/lib/Connector/Sabre/DavAclPlugin.php @@ -23,6 +23,7 @@ namespace OCA\DAV\Connector\Sabre; +use Sabre\CalDAV\Principal\User; use Sabre\DAV\Exception\NotFound; use Sabre\DAV\IFile; use Sabre\DAV\INode; @@ -72,4 +73,20 @@ class DavAclPlugin extends \Sabre\DAVACL\Plugin { return $access; } + + public function propFind(PropFind $propFind, INode $node) { + // If the node is neither readable nor writable then fail unless its of + // the standard user-principal + if(!($node instanceof User)) { + $path = $propFind->getPath(); + $readPermissions = $this->checkPrivileges($path, '{DAV:}read', self::R_PARENT, false); + $writePermissions = $this->checkPrivileges($path, '{DAV:}write', self::R_PARENT, false); + if ($readPermissions === false && $writePermissions === false) { + $this->checkPrivileges($path, '{DAV:}read', self::R_PARENT, true); + $this->checkPrivileges($path, '{DAV:}write', self::R_PARENT, true); + } + } + + return parent::propFind($propFind, $node); + } } diff --git a/build/integration/features/bootstrap/CalDavContext.php b/build/integration/features/bootstrap/CalDavContext.php index 5db56f0fe7..cae0089875 100644 --- a/build/integration/features/bootstrap/CalDavContext.php +++ b/build/integration/features/bootstrap/CalDavContext.php @@ -72,16 +72,18 @@ class CalDavContext implements \Behat\Behat\Context\Context { } /** - * @When :user requests calendar :calendar + * @When :user requests calendar :calendar on the endpoint :endpoint * @param string $user * @param string $calendar + * @param string $endpoint */ - public function requestsCalendar($user, $calendar) { - $davUrl = $this->baseUrl . '/remote.php/dav/calendars/'.$calendar; + public function requestsCalendar($user, $calendar, $endpoint) { + $davUrl = $this->baseUrl . $endpoint . $calendar; $password = ($user === 'admin') ? 'admin' : '123456'; try { - $this->response = $this->client->get( + $request = $this->client->createRequest( + 'PROPFIND', $davUrl, [ 'auth' => [ @@ -90,6 +92,7 @@ class CalDavContext implements \Behat\Behat\Context\Context { ] ] ); + $this->response = $this->client->send($request); } catch (\GuzzleHttp\Exception\ClientException $e) { $this->response = $e->getResponse(); } diff --git a/build/integration/features/bootstrap/CardDavContext.php b/build/integration/features/bootstrap/CardDavContext.php index 4ee882cc2e..2dce688ab8 100644 --- a/build/integration/features/bootstrap/CardDavContext.php +++ b/build/integration/features/bootstrap/CardDavContext.php @@ -72,20 +72,21 @@ class CardDavContext implements \Behat\Behat\Context\Context { } catch (\GuzzleHttp\Exception\ClientException $e) {} } - /** - * @When :user requests addressbook :addressBook with statuscode :statusCode + * @When :user requests addressbook :addressBook with statuscode :statusCode on the endpoint :endpoint * @param string $user * @param string $addressBook * @param int $statusCode + * @param string $endpoint * @throws \Exception */ - public function requestsAddressbookWithStatuscode($user, $addressBook, $statusCode) { - $davUrl = $this->baseUrl . '/remote.php/dav/addressbooks/users/'.$addressBook; + public function requestsAddressbookWithStatuscodeOnTheEndpoint($user, $addressBook, $statusCode, $endpoint) { + $davUrl = $this->baseUrl . $endpoint . $addressBook; $password = ($user === 'admin') ? 'admin' : '123456'; try { - $this->response = $this->client->get( + $request = $this->client->createRequest( + 'PROPFIND', $davUrl, [ 'auth' => [ @@ -94,6 +95,7 @@ class CardDavContext implements \Behat\Behat\Context\Context { ], ] ); + $this->response = $this->client->send($request); } catch (\GuzzleHttp\Exception\ClientException $e) { $this->response = $e->getResponse(); } diff --git a/build/integration/features/caldav.feature b/build/integration/features/caldav.feature index 948151485d..5c3983fc40 100644 --- a/build/integration/features/caldav.feature +++ b/build/integration/features/caldav.feature @@ -1,31 +1,52 @@ Feature: caldav Scenario: Accessing a not existing calendar of another user Given user "user0" exists - When "admin" requests calendar "user0/MyCalendar" + When "admin" requests calendar "user0/MyCalendar" on the endpoint "/remote.php/dav/calendars/" Then The CalDAV HTTP status code should be "404" And The exception is "Sabre\DAV\Exception\NotFound" And The error message is "Node with name 'MyCalendar' could not be found" - # Blocked by https://github.com/php/php-src/pull/1417 - #Scenario: Accessing a not shared calendar of another user - # Given user "user0" exists - # Given "admin" creates a calendar named "MyCalendar" - # Given The CalDAV HTTP status code should be "201" - # When "user0" requests calendar "admin/MyCalendar" - # Then The CalDAV HTTP status code should be "404" - # And The exception is "Sabre\DAV\Exception\NotFound" - # And The error message is "Node with name 'MyCalendar' could not be found" + Scenario: Accessing a not shared calendar of another user + Given user "user0" exists + Given "admin" creates a calendar named "MyCalendar" + Given The CalDAV HTTP status code should be "201" + When "user0" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/dav/calendars/" + Then The CalDAV HTTP status code should be "404" + And The exception is "Sabre\DAV\Exception\NotFound" + And The error message is "Node with name 'MyCalendar' could not be found" + + Scenario: Accessing a not shared calendar of another user via the legacy endpoint + Given user "user0" exists + Given "admin" creates a calendar named "MyCalendar" + Given The CalDAV HTTP status code should be "201" + When "user0" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/caldav/calendars/" + Then The CalDAV HTTP status code should be "404" + And The exception is "Sabre\DAV\Exception\NotFound" + And The error message is "Node with name 'MyCalendar' could not be found" + + Scenario: Accessing a not existing calendar of another user + Given user "user0" exists + When "user0" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/dav/calendars/" + Then The CalDAV HTTP status code should be "404" + And The exception is "Sabre\DAV\Exception\NotFound" + And The error message is "Node with name 'MyCalendar' could not be found" + + Scenario: Accessing a not existing calendar of another user via the legacy endpoint + Given user "user0" exists + When "user0" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/caldav/calendars/" + Then The CalDAV HTTP status code should be "404" + And The exception is "Sabre\DAV\Exception\NotFound" + And The error message is "Node with name 'MyCalendar' could not be found" Scenario: Accessing a not existing calendar of myself Given user "user0" exists - When "user0" requests calendar "admin/MyCalendar" + When "user0" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/dav/calendars/" Then The CalDAV HTTP status code should be "404" And The exception is "Sabre\DAV\Exception\NotFound" And The error message is "Node with name 'MyCalendar' could not be found" - # Blocked by https://github.com/php/php-src/pull/1417 - #Scenario: Creating a new calendar - # When "admin" creates a calendar named "MyCalendar" - # Then The CalDAV HTTP status code should be "201" - # And "admin" requests calendar "admin/MyCalendar" - # Then The CalDAV HTTP status code should be "200" + Scenario: Creating a new calendar + When "admin" creates a calendar named "MyCalendar" + Then The CalDAV HTTP status code should be "201" + And "admin" requests calendar "admin/MyCalendar" on the endpoint "/remote.php/dav/calendars/" + Then The CalDAV HTTP status code should be "207" diff --git a/build/integration/features/carddav.feature b/build/integration/features/carddav.feature index 4fbe403c7d..9432130066 100644 --- a/build/integration/features/carddav.feature +++ b/build/integration/features/carddav.feature @@ -1,26 +1,39 @@ Feature: carddav Scenario: Accessing a not existing addressbook of another user Given user "user0" exists - When "admin" requests addressbook "user0/MyAddressbook" with statuscode "404" + When "admin" requests addressbook "user0/MyAddressbook" with statuscode "404" on the endpoint "/remote.php/dav/addressbooks/users/" And The CardDAV exception is "Sabre\DAV\Exception\NotFound" And The CardDAV error message is "Addressbook with name 'MyAddressbook' could not be found" Scenario: Accessing a not shared addressbook of another user Given user "user0" exists Given "admin" creates an addressbook named "MyAddressbook" with statuscode "201" - When "user0" requests addressbook "admin/MyAddressbook" with statuscode "404" + When "user0" requests addressbook "admin/MyAddressbook" with statuscode "404" on the endpoint "/remote.php/dav/addressbooks/users/" + And The CardDAV exception is "Sabre\DAV\Exception\NotFound" + And The CardDAV error message is "Addressbook with name 'MyAddressbook' could not be found" + + Scenario: Accessing a not existing addressbook of another user via legacy endpoint + Given user "user0" exists + When "admin" requests addressbook "user0/MyAddressbook" with statuscode "404" on the endpoint "/remote.php/carddav/addressbooks/" + And The CardDAV exception is "Sabre\DAV\Exception\NotFound" + And The CardDAV error message is "Addressbook with name 'MyAddressbook' could not be found" + + Scenario: Accessing a not shared addressbook of another user via legacy endpoint + Given user "user0" exists + Given "admin" creates an addressbook named "MyAddressbook" with statuscode "201" + When "user0" requests addressbook "admin/MyAddressbook" with statuscode "404" on the endpoint "/remote.php/carddav/addressbooks/" And The CardDAV exception is "Sabre\DAV\Exception\NotFound" And The CardDAV error message is "Addressbook with name 'MyAddressbook' could not be found" Scenario: Accessing a not existing addressbook of myself Given user "user0" exists - When "user0" requests addressbook "admin/MyAddressbook" with statuscode "404" + When "user0" requests addressbook "admin/MyAddressbook" with statuscode "404" on the endpoint "/remote.php/dav/addressbooks/users/" And The CardDAV exception is "Sabre\DAV\Exception\NotFound" And The CardDAV error message is "Addressbook with name 'MyAddressbook' could not be found" Scenario: Creating a new addressbook When "admin" creates an addressbook named "MyAddressbook" with statuscode "201" - Then "admin" requests addressbook "admin/MyAddressbook" with statuscode "200" + Then "admin" requests addressbook "admin/MyAddressbook" with statuscode "207" on the endpoint "/remote.php/dav/addressbooks/users/" Scenario: Accessing ones own contact Given "admin" creates an addressbook named "MyAddressbook" with statuscode "201"