Allow not-authenticated access to specific urls
This commit is contained in:
parent
90ab6e4fd9
commit
e7085aab38
|
@ -339,6 +339,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
|
|||
'{' . Plugin::NS_CALDAV . '}schedule-calendar-transp' => new ScheduleCalendarTransp($row['transparent']?'transparent':'opaque'),
|
||||
'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal' => $row['principaluri'],
|
||||
'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only' => (int)$row['access'] === Backend::ACCESS_READ,
|
||||
'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}public' => (int)$row['access'] === self::ACCESS_PUBLIC,
|
||||
];
|
||||
|
||||
foreach($this->propertyMap as $xmlName=>$dbName) {
|
||||
|
|
|
@ -90,7 +90,7 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
|
|||
}
|
||||
|
||||
/**
|
||||
* @return str
|
||||
* @return string
|
||||
*/
|
||||
public function getPrincipalURI() {
|
||||
return $this->calendarInfo['principaluri'];
|
||||
|
@ -124,6 +124,13 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
|
|||
];
|
||||
}
|
||||
}
|
||||
if ($this->isPublic()) {
|
||||
$acl[] = [
|
||||
'privilege' => '{DAV:}read',
|
||||
'principal' => 'principals/system/public',
|
||||
'protected' => true,
|
||||
];
|
||||
}
|
||||
|
||||
/** @var CalDavBackend $calDavBackend */
|
||||
$calDavBackend = $this->caldavBackend;
|
||||
|
@ -264,6 +271,10 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
|
|||
return true;
|
||||
}
|
||||
|
||||
private function isPublic() {
|
||||
return isset($this->calendarInfo['{http://owncloud.org/ns}public']);
|
||||
}
|
||||
|
||||
private function isShared() {
|
||||
return isset($this->calendarInfo['{http://owncloud.org/ns}owner-principal']);
|
||||
}
|
||||
|
|
|
@ -0,0 +1,86 @@
|
|||
<?php
|
||||
/**
|
||||
* @author Thomas Müller <thomas.mueller@tmit.eu>
|
||||
*
|
||||
* @copyright Copyright (c) 2016, ownCloud, Inc.
|
||||
* @license AGPL-3.0
|
||||
*
|
||||
* This code is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License, version 3,
|
||||
* as published by the Free Software Foundation.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License, version 3,
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>
|
||||
*
|
||||
*/
|
||||
namespace OCA\DAV\DAV;
|
||||
|
||||
use Sabre\DAV\Auth\Backend\BackendInterface;
|
||||
use Sabre\HTTP\RequestInterface;
|
||||
use Sabre\HTTP\ResponseInterface;
|
||||
|
||||
class PublicAuth implements BackendInterface {
|
||||
|
||||
/** @var string[] */
|
||||
private $publicURLs;
|
||||
|
||||
/**
|
||||
* @param string[] $publicURLs
|
||||
*/
|
||||
public function __construct() {
|
||||
$this->publicURLs = [
|
||||
'public-calendars/'
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* When this method is called, the backend must check if authentication was
|
||||
* successful.
|
||||
*
|
||||
* The returned value must be one of the following
|
||||
*
|
||||
* [true, "principals/username"]
|
||||
* [false, "reason for failure"]
|
||||
*
|
||||
* If authentication was successful, it's expected that the authentication
|
||||
* backend returns a so-called principal url.
|
||||
*
|
||||
* Examples of a principal url:
|
||||
*
|
||||
* principals/admin
|
||||
* principals/user1
|
||||
* principals/users/joe
|
||||
* principals/uid/123457
|
||||
*
|
||||
* If you don't use WebDAV ACL (RFC3744) we recommend that you simply
|
||||
* return a string such as:
|
||||
*
|
||||
* principals/users/[username]
|
||||
*
|
||||
* @param RequestInterface $request
|
||||
* @param ResponseInterface $response
|
||||
* @return array
|
||||
*/
|
||||
function check(RequestInterface $request, ResponseInterface $response) {
|
||||
$url = $request->getPath();
|
||||
$matchingUrls = array_filter($this->publicURLs, function ($publicUrl) use ($url) {
|
||||
return strpos($url, $publicUrl, 0) === 0;
|
||||
});
|
||||
|
||||
if ($matchingUrls) {
|
||||
return [true, "principals/system/public"];
|
||||
}
|
||||
return [false, "No public access to this resource."];
|
||||
}
|
||||
|
||||
/**
|
||||
* @inheritdoc
|
||||
*/
|
||||
function challenge(RequestInterface $request, ResponseInterface $response) {
|
||||
}
|
||||
}
|
|
@ -51,6 +51,10 @@ class SystemPrincipalBackend extends AbstractBackend {
|
|||
'uri' => 'principals/system/system',
|
||||
'{DAV:}displayname' => 'system',
|
||||
];
|
||||
$principals[] = [
|
||||
'uri' => 'principals/system/public',
|
||||
'{DAV:}displayname' => 'public',
|
||||
];
|
||||
}
|
||||
|
||||
return $principals;
|
||||
|
@ -73,6 +77,13 @@ class SystemPrincipalBackend extends AbstractBackend {
|
|||
];
|
||||
return $principal;
|
||||
}
|
||||
if ($path === 'principals/system/public') {
|
||||
$principal = [
|
||||
'uri' => 'principals/system/public',
|
||||
'{DAV:}displayname' => 'public',
|
||||
];
|
||||
return $principal;
|
||||
}
|
||||
|
||||
return null;
|
||||
}
|
||||
|
|
|
@ -35,6 +35,7 @@ use OCA\DAV\Connector\Sabre\BlockLegacyClientPlugin;
|
|||
use OCA\DAV\Connector\Sabre\DavAclPlugin;
|
||||
use OCA\DAV\Connector\Sabre\DummyGetResponsePlugin;
|
||||
use OCA\DAV\Connector\Sabre\FilesPlugin;
|
||||
use OCA\DAV\DAV\PublicAuth;
|
||||
use OCA\DAV\Files\BrowserErrorPagePlugin;
|
||||
use OCA\DAV\Files\CustomPropertiesBackend;
|
||||
use OCP\IRequest;
|
||||
|
@ -78,6 +79,8 @@ class Server {
|
|||
|
||||
$this->server->addPlugin(new BlockLegacyClientPlugin(\OC::$server->getConfig()));
|
||||
$authPlugin = new Plugin();
|
||||
$authPlugin->addBackend($authBackend);
|
||||
$authPlugin->addBackend(new PublicAuth());
|
||||
$this->server->addPlugin($authPlugin);
|
||||
|
||||
// allow setup of additional auth backends
|
||||
|
|
Loading…
Reference in New Issue