diff --git a/apps/dav/lib/CalDAV/CalDavBackend.php b/apps/dav/lib/CalDAV/CalDavBackend.php index 303e97fd30..a134cba348 100644 --- a/apps/dav/lib/CalDAV/CalDavBackend.php +++ b/apps/dav/lib/CalDAV/CalDavBackend.php @@ -339,6 +339,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription '{' . Plugin::NS_CALDAV . '}schedule-calendar-transp' => new ScheduleCalendarTransp($row['transparent']?'transparent':'opaque'), '{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal' => $row['principaluri'], '{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only' => (int)$row['access'] === Backend::ACCESS_READ, + '{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}public' => (int)$row['access'] === self::ACCESS_PUBLIC, ]; foreach($this->propertyMap as $xmlName=>$dbName) { diff --git a/apps/dav/lib/CalDAV/Calendar.php b/apps/dav/lib/CalDAV/Calendar.php index 6a811149e2..bda671dfa4 100644 --- a/apps/dav/lib/CalDAV/Calendar.php +++ b/apps/dav/lib/CalDAV/Calendar.php @@ -90,7 +90,7 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable { } /** - * @return str + * @return string */ public function getPrincipalURI() { return $this->calendarInfo['principaluri']; @@ -124,6 +124,13 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable { ]; } } + if ($this->isPublic()) { + $acl[] = [ + 'privilege' => '{DAV:}read', + 'principal' => 'principals/system/public', + 'protected' => true, + ]; + } /** @var CalDavBackend $calDavBackend */ $calDavBackend = $this->caldavBackend; @@ -264,6 +271,10 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable { return true; } + private function isPublic() { + return isset($this->calendarInfo['{http://owncloud.org/ns}public']); + } + private function isShared() { return isset($this->calendarInfo['{http://owncloud.org/ns}owner-principal']); } diff --git a/apps/dav/lib/DAV/PublicAuth.php b/apps/dav/lib/DAV/PublicAuth.php new file mode 100644 index 0000000000..65defe5883 --- /dev/null +++ b/apps/dav/lib/DAV/PublicAuth.php @@ -0,0 +1,86 @@ + + * + * @copyright Copyright (c) 2016, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see + * + */ +namespace OCA\DAV\DAV; + +use Sabre\DAV\Auth\Backend\BackendInterface; +use Sabre\HTTP\RequestInterface; +use Sabre\HTTP\ResponseInterface; + +class PublicAuth implements BackendInterface { + + /** @var string[] */ + private $publicURLs; + + /** + * @param string[] $publicURLs + */ + public function __construct() { + $this->publicURLs = [ + 'public-calendars/' + ]; + } + + /** + * When this method is called, the backend must check if authentication was + * successful. + * + * The returned value must be one of the following + * + * [true, "principals/username"] + * [false, "reason for failure"] + * + * If authentication was successful, it's expected that the authentication + * backend returns a so-called principal url. + * + * Examples of a principal url: + * + * principals/admin + * principals/user1 + * principals/users/joe + * principals/uid/123457 + * + * If you don't use WebDAV ACL (RFC3744) we recommend that you simply + * return a string such as: + * + * principals/users/[username] + * + * @param RequestInterface $request + * @param ResponseInterface $response + * @return array + */ + function check(RequestInterface $request, ResponseInterface $response) { + $url = $request->getPath(); + $matchingUrls = array_filter($this->publicURLs, function ($publicUrl) use ($url) { + return strpos($url, $publicUrl, 0) === 0; + }); + + if ($matchingUrls) { + return [true, "principals/system/public"]; + } + return [false, "No public access to this resource."]; + } + + /** + * @inheritdoc + */ + function challenge(RequestInterface $request, ResponseInterface $response) { + } +} diff --git a/apps/dav/lib/DAV/SystemPrincipalBackend.php b/apps/dav/lib/DAV/SystemPrincipalBackend.php index ba7e73f165..6a71909c6f 100644 --- a/apps/dav/lib/DAV/SystemPrincipalBackend.php +++ b/apps/dav/lib/DAV/SystemPrincipalBackend.php @@ -51,6 +51,10 @@ class SystemPrincipalBackend extends AbstractBackend { 'uri' => 'principals/system/system', '{DAV:}displayname' => 'system', ]; + $principals[] = [ + 'uri' => 'principals/system/public', + '{DAV:}displayname' => 'public', + ]; } return $principals; @@ -73,6 +77,13 @@ class SystemPrincipalBackend extends AbstractBackend { ]; return $principal; } + if ($path === 'principals/system/public') { + $principal = [ + 'uri' => 'principals/system/public', + '{DAV:}displayname' => 'public', + ]; + return $principal; + } return null; } diff --git a/apps/dav/lib/Server.php b/apps/dav/lib/Server.php index a344885fd2..d67417a10d 100644 --- a/apps/dav/lib/Server.php +++ b/apps/dav/lib/Server.php @@ -35,6 +35,7 @@ use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin; use OCA\DAV\Connector\Sabre\DavAclPlugin; use OCA\DAV\Connector\Sabre\DummyGetResponsePlugin; use OCA\DAV\Connector\Sabre\FilesPlugin; +use OCA\DAV\DAV\PublicAuth; use OCA\DAV\Files\BrowserErrorPagePlugin; use OCA\DAV\Files\CustomPropertiesBackend; use OCP\IRequest; @@ -78,6 +79,8 @@ class Server { $this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig())); $authPlugin = new Plugin(); + $authPlugin->addBackend($authBackend); + $authPlugin->addBackend(new PublicAuth()); $this->server->addPlugin($authPlugin); // allow setup of additional auth backends