disallow users to create calendars with reserved names

Signed-off-by: Georg Ehrke <developer@georgehrke.com>
This commit is contained in:
Georg Ehrke 2017-10-21 11:19:01 +02:00
parent 1c106a66b1
commit d59b3392ab
No known key found for this signature in database
GPG Key ID: 9D98FD9380A1CB43
2 changed files with 96 additions and 0 deletions

View File

@ -32,6 +32,8 @@ use Sabre\CalDAV\Schedule\Inbox;
use Sabre\CalDAV\Schedule\Outbox;
use Sabre\CalDAV\Subscriptions\Subscription;
use Sabre\DAV\Exception\NotFound;
use Sabre\DAV\Exception\MethodNotAllowed;
use Sabre\DAV\MkCol;
class CalendarHome extends \Sabre\CalDAV\CalendarHome {
@ -54,6 +56,19 @@ class CalendarHome extends \Sabre\CalDAV\CalendarHome {
return $this->caldavBackend;
}
/**
* @inheritdoc
*/
function createExtendedCollection($name, MkCol $mkCol) {
$reservedNames = [BirthdayService::BIRTHDAY_CALENDAR_URI];
if (in_array($name, $reservedNames)) {
throw new MethodNotAllowed('The resource you tried to create has a reserved name');
}
parent::createExtendedCollection($name, $mkCol);
}
/**
* @inheritdoc
*/

View File

@ -0,0 +1,81 @@
<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
* @copyright Copyright (c) 2017, Georg Ehrke
*
* @author Georg Ehrke <oc.list@georgehrke.com>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OCA\DAV\Tests\unit\CalDAV;
use OCA\DAV\CalDAV\CalDavBackend;
use OCA\DAV\CalDAV\CalendarHome;
use Sabre\DAV\MkCol;
use Test\TestCase;
class CalendarHomeTest extends TestCase {
/** @var CalDavBackend | \PHPUnit_Framework_MockObject_MockObject */
private $backend;
/** @var array */
private $principalInfo = [];
/** @var CalendarHome */
private $calendarHome;
protected function setUp() {
parent::setUp();
$this->backend = $this->createMock(CalDavBackend::class);
$this->principalInfo = [
'uri' => 'user-principal-123',
];
$this->calendarHome = new CalendarHome($this->backend,
$this->principalInfo);
}
public function testCreateCalendarValidName() {
/** @var MkCol | \PHPUnit_Framework_MockObject_MockObject $mkCol */
$mkCol = $this->createMock(MkCol::class);
$mkCol->method('getResourceType')
->will($this->returnValue(['{DAV:}collection',
'{urn:ietf:params:xml:ns:caldav}calendar']));
$mkCol->method('getRemainingValues')
->will($this->returnValue(['... properties ...']));
$this->backend->expects($this->once())
->method('createCalendar')
->with('user-principal-123', 'name123', ['... properties ...']);
$this->calendarHome->createExtendedCollection('name123', $mkCol);
}
/**
* @expectedException \Sabre\DAV\Exception\MethodNotAllowed
* @expectedExceptionMessage The resource you tried to create has a reserved name
*/
public function testCreateCalendarReservedName() {
/** @var MkCol | \PHPUnit_Framework_MockObject_MockObject $mkCol */
$mkCol = $this->createMock(MkCol::class);
$this->calendarHome->createExtendedCollection('contact_birthdays', $mkCol);
}
}