diff options
Diffstat (limited to 'vendor/sabre/dav/lib/CalDAV/Schedule')
-rw-r--r-- | vendor/sabre/dav/lib/CalDAV/Schedule/Inbox.php | 64 | ||||
-rw-r--r-- | vendor/sabre/dav/lib/CalDAV/Schedule/Outbox.php | 69 | ||||
-rw-r--r-- | vendor/sabre/dav/lib/CalDAV/Schedule/Plugin.php | 107 | ||||
-rw-r--r-- | vendor/sabre/dav/lib/CalDAV/Schedule/SchedulingObject.php | 16 |
4 files changed, 100 insertions, 156 deletions
diff --git a/vendor/sabre/dav/lib/CalDAV/Schedule/Inbox.php b/vendor/sabre/dav/lib/CalDAV/Schedule/Inbox.php index 13212565e..6b374ea3f 100644 --- a/vendor/sabre/dav/lib/CalDAV/Schedule/Inbox.php +++ b/vendor/sabre/dav/lib/CalDAV/Schedule/Inbox.php @@ -17,6 +17,8 @@ use Sabre\VObject; */ class Inbox extends DAV\Collection implements IInbox { + use DAVACL\ACLTrait; + /** * CalDAV backend * @@ -119,19 +121,6 @@ class Inbox extends DAV\Collection implements IInbox { } /** - * Returns a group principal - * - * This must be a url to a principal, or null if there's no owner - * - * @return string|null - */ - function getGroup() { - - return null; - - } - - /** * Returns a list of ACE's for this node. * * Each ACE has the following properties: @@ -167,58 +156,11 @@ class Inbox extends DAV\Collection implements IInbox { 'protected' => true, ], [ - 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-deliver-invite', + 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-deliver', 'principal' => '{DAV:}authenticated', 'protected' => true, ], - [ - 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-deliver-reply', - 'principal' => '{DAV:}authenticated', - 'protected' => true, - ], - ]; - - } - - /** - * Updates the ACL - * - * This method will receive a list of new ACE's. - * - * @param array $acl - * @return void - */ - function setACL(array $acl) { - - throw new DAV\Exception\MethodNotAllowed('You\'re not allowed to update the ACL'); - - } - - /** - * Returns the list of supported privileges for this node. - * - * The returned data structure is a list of nested privileges. - * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple - * standard structure. - * - * If null is returned from this method, the default privilege set is used, - * which is fine for most common usecases. - * - * @return array|null - */ - function getSupportedPrivilegeSet() { - - $ns = '{' . CalDAV\Plugin::NS_CALDAV . '}'; - - $default = DAVACL\Plugin::getDefaultSupportedPrivilegeSet(); - $default['aggregates'][] = [ - 'privilege' => $ns . 'schedule-deliver', - 'aggregates' => [ - ['privilege' => $ns . 'schedule-deliver-invite'], - ['privilege' => $ns . 'schedule-deliver-reply'], - ], ]; - return $default; } diff --git a/vendor/sabre/dav/lib/CalDAV/Schedule/Outbox.php b/vendor/sabre/dav/lib/CalDAV/Schedule/Outbox.php index dabaee2ca..29eefa744 100644 --- a/vendor/sabre/dav/lib/CalDAV/Schedule/Outbox.php +++ b/vendor/sabre/dav/lib/CalDAV/Schedule/Outbox.php @@ -19,6 +19,8 @@ use Sabre\DAVACL; */ class Outbox extends DAV\Collection implements IOutbox { + use DAVACL\ACLTrait; + /** * The principal Uri * @@ -75,19 +77,6 @@ class Outbox extends DAV\Collection implements IOutbox { } /** - * Returns a group principal - * - * This must be a url to a principal, or null if there's no owner - * - * @return string|null - */ - function getGroup() { - - return null; - - } - - /** * Returns a list of ACE's for this node. * * Each ACE has the following properties: @@ -103,12 +92,7 @@ class Outbox extends DAV\Collection implements IOutbox { return [ [ - 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-query-freebusy', - 'principal' => $this->getOwner(), - 'protected' => true, - ], - [ - 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-post-vevent', + 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-send', 'principal' => $this->getOwner(), 'protected' => true, ], @@ -118,12 +102,7 @@ class Outbox extends DAV\Collection implements IOutbox { 'protected' => true, ], [ - 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-query-freebusy', - 'principal' => $this->getOwner() . '/calendar-proxy-write', - 'protected' => true, - ], - [ - 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-post-vevent', + 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-send', 'principal' => $this->getOwner() . '/calendar-proxy-write', 'protected' => true, ], @@ -141,44 +120,4 @@ class Outbox extends DAV\Collection implements IOutbox { } - /** - * Updates the ACL - * - * This method will receive a list of new ACE's. - * - * @param array $acl - * @return void - */ - function setACL(array $acl) { - - throw new DAV\Exception\MethodNotAllowed('You\'re not allowed to update the ACL'); - - } - - /** - * Returns the list of supported privileges for this node. - * - * The returned data structure is a list of nested privileges. - * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple - * standard structure. - * - * If null is returned from this method, the default privilege set is used, - * which is fine for most common usecases. - * - * @return array|null - */ - function getSupportedPrivilegeSet() { - - $default = DAVACL\Plugin::getDefaultSupportedPrivilegeSet(); - $default['aggregates'][] = [ - 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-query-freebusy', - ]; - $default['aggregates'][] = [ - 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-post-vevent', - ]; - - return $default; - - } - } diff --git a/vendor/sabre/dav/lib/CalDAV/Schedule/Plugin.php b/vendor/sabre/dav/lib/CalDAV/Schedule/Plugin.php index 827d6209b..47511140f 100644 --- a/vendor/sabre/dav/lib/CalDAV/Schedule/Plugin.php +++ b/vendor/sabre/dav/lib/CalDAV/Schedule/Plugin.php @@ -5,10 +5,12 @@ namespace Sabre\CalDAV\Schedule; use DateTimeZone; use Sabre\DAV\Server; use Sabre\DAV\ServerPlugin; +use Sabre\DAV\Sharing; use Sabre\DAV\PropFind; use Sabre\DAV\PropPatch; use Sabre\DAV\INode; use Sabre\DAV\Xml\Property\Href; +use Sabre\DAV\Xml\Property\LocalHref; use Sabre\HTTP\RequestInterface; use Sabre\HTTP\ResponseInterface; use Sabre\VObject; @@ -100,12 +102,13 @@ class Plugin extends ServerPlugin { function initialize(Server $server) { $this->server = $server; - $server->on('method:POST', [$this, 'httpPost']); - $server->on('propFind', [$this, 'propFind']); - $server->on('propPatch', [$this, 'propPatch']); - $server->on('calendarObjectChange', [$this, 'calendarObjectChange']); - $server->on('beforeUnbind', [$this, 'beforeUnbind']); - $server->on('schedule', [$this, 'scheduleLocalDelivery']); + $server->on('method:POST', [$this, 'httpPost']); + $server->on('propFind', [$this, 'propFind']); + $server->on('propPatch', [$this, 'propPatch']); + $server->on('calendarObjectChange', [$this, 'calendarObjectChange']); + $server->on('beforeUnbind', [$this, 'beforeUnbind']); + $server->on('schedule', [$this, 'scheduleLocalDelivery']); + $server->on('getSupportedPrivilegeSet', [$this, 'getSupportedPrivilegeSet']); $ns = '{' . self::NS_CALDAV . '}'; @@ -215,7 +218,7 @@ class Plugin extends ServerPlugin { } $outboxPath = $calendarHomePath . '/outbox/'; - return new Href($outboxPath); + return new LocalHref($outboxPath); }); // schedule-inbox-URL property @@ -227,7 +230,7 @@ class Plugin extends ServerPlugin { } $inboxPath = $calendarHomePath . '/inbox/'; - return new Href($inboxPath); + return new LocalHref($inboxPath); }); @@ -245,18 +248,28 @@ class Plugin extends ServerPlugin { $result = $this->server->getPropertiesForPath($calendarHomePath, [ '{DAV:}resourcetype', + '{DAV:}share-access', $sccs, ], 1); foreach ($result as $child) { - if (!isset($child[200]['{DAV:}resourcetype']) || !$child[200]['{DAV:}resourcetype']->is('{' . self::NS_CALDAV . '}calendar') || $child[200]['{DAV:}resourcetype']->is('{http://calendarserver.org/ns/}shared')) { - // Node is either not a calendar or a shared instance. + if (!isset($child[200]['{DAV:}resourcetype']) || !$child[200]['{DAV:}resourcetype']->is('{' . self::NS_CALDAV . '}calendar')) { + // Node is either not a calendar continue; } + if (isset($child[200]['{DAV:}share-access'])) { + $shareAccess = $child[200]['{DAV:}share-access']->getValue(); + if ($shareAccess !== Sharing\Plugin::ACCESS_NOTSHARED && $shareAccess !== Sharing\Plugin::ACCESS_SHAREDOWNER) { + // Node is a shared node, not owned by the relevant + // user. + continue; + } + + } if (!isset($child[200][$sccs]) || in_array('VEVENT', $child[200][$sccs]->getValue())) { // Either there is no supported-calendar-component-set // (which is fine) or we found one that supports VEVENT. - return new Href($child['href']); + return new LocalHref($child['href']); } } @@ -492,7 +505,7 @@ class Plugin extends ServerPlugin { } if (!$aclPlugin->checkPrivileges($inboxPath, $caldavNS . $privilege, DAVACL\Plugin::R_PARENT, false)) { - $iTipMessage->scheduleStatus = '3.8;organizer did not have the ' . $privilege . ' privilege on the attendees inbox'; + $iTipMessage->scheduleStatus = '3.8;insufficient privileges: ' . $privilege . ' is required on the recipient schedule inbox.'; return; } @@ -561,6 +574,65 @@ class Plugin extends ServerPlugin { } /** + * This method is triggered whenever a subsystem requests the privileges + * that are supported on a particular node. + * + * We need to add a number of privileges for scheduling purposes. + * + * @param INode $node + * @param array $supportedPrivilegeSet + */ + function getSupportedPrivilegeSet(INode $node, array &$supportedPrivilegeSet) { + + $ns = '{' . self::NS_CALDAV . '}'; + if ($node instanceof IOutbox) { + $supportedPrivilegeSet[$ns . 'schedule-send'] = [ + 'abstract' => false, + 'aggregates' => [ + $ns . 'schedule-send-invite' => [ + 'abstract' => false, + 'aggregates' => [], + ], + $ns . 'schedule-send-reply' => [ + 'abstract' => false, + 'aggregates' => [], + ], + $ns . 'schedule-send-freebusy' => [ + 'abstract' => false, + 'aggregates' => [], + ], + // Privilege from an earlier scheduling draft, but still + // used by some clients. + $ns . 'schedule-post-vevent' => [ + 'abstract' => false, + 'aggregates' => [], + ], + ] + ]; + } + if ($node instanceof IInbox) { + $supportedPrivilegeSet[$ns . 'schedule-deliver'] = [ + 'abstract' => false, + 'aggregates' => [ + $ns . 'schedule-deliver-invite' => [ + 'abstract' => false, + 'aggregates' => [], + ], + $ns . 'schedule-deliver-reply' => [ + 'abstract' => false, + 'aggregates' => [], + ], + $ns . 'schedule-query-freebusy' => [ + 'abstract' => false, + 'aggregates' => [], + ], + ] + ]; + } + + } + + /** * This method looks at an old iCalendar object, a new iCalendar object and * starts sending scheduling messages based on the changes. * @@ -647,7 +719,7 @@ class Plugin extends ServerPlugin { /** * This method handles POST requests to the schedule-outbox. * - * Currently, two types of requests are support: + * Currently, two types of requests are supported: * * FREEBUSY requests from RFC 6638 * * Simple iTIP messages from draft-desruisseaux-caldav-sched-04 * @@ -699,7 +771,7 @@ class Plugin extends ServerPlugin { if ($componentType === 'VFREEBUSY' && $method === 'REQUEST') { - $acl && $acl->checkPrivileges($outboxPath, '{' . self::NS_CALDAV . '}schedule-query-freebusy'); + $acl && $acl->checkPrivileges($outboxPath, '{' . self::NS_CALDAV . '}schedule-send-freebusy'); $this->handleFreeBusyRequest($outboxNode, $vObject, $request, $response); // Destroy circular references so PHP can GC the object. @@ -727,7 +799,7 @@ class Plugin extends ServerPlugin { protected function handleFreeBusyRequest(IOutbox $outbox, VObject\Component $vObject, RequestInterface $request, ResponseInterface $response) { $vFreeBusy = $vObject->VFREEBUSY; - $organizer = $vFreeBusy->organizer; + $organizer = $vFreeBusy->ORGANIZER; $organizer = (string)$organizer; @@ -863,6 +935,9 @@ class Plugin extends ServerPlugin { $homeSet = $result[0][200][$caldavNS . 'calendar-home-set']->getHref(); $inboxUrl = $result[0][200][$caldavNS . 'schedule-inbox-URL']->getHref(); + // Do we have permission? + $aclPlugin->checkPrivileges($inboxUrl, $caldavNS . 'schedule-query-freebusy'); + // Grabbing the calendar list $objects = []; $calendarTimeZone = new DateTimeZone('UTC'); @@ -882,8 +957,6 @@ class Plugin extends ServerPlugin { continue; } - $aclPlugin->checkPrivileges($homeSet . $node->getName(), $caldavNS . 'read-free-busy'); - if (isset($props[$ctz])) { $vtimezoneObj = VObject\Reader::read($props[$ctz]); $calendarTimeZone = $vtimezoneObj->VTIMEZONE->getTimeZone(); diff --git a/vendor/sabre/dav/lib/CalDAV/Schedule/SchedulingObject.php b/vendor/sabre/dav/lib/CalDAV/Schedule/SchedulingObject.php index a36646e6c..6d9d3d5ec 100644 --- a/vendor/sabre/dav/lib/CalDAV/Schedule/SchedulingObject.php +++ b/vendor/sabre/dav/lib/CalDAV/Schedule/SchedulingObject.php @@ -134,22 +134,12 @@ class SchedulingObject extends \Sabre\CalDAV\CalendarObject implements IScheduli // The default ACL return [ [ - 'privilege' => '{DAV:}read', - 'principal' => $this->objectData['principaluri'], - 'protected' => true, - ], - [ - 'privilege' => '{DAV:}write', - 'principal' => $this->objectData['principaluri'], - 'protected' => true, - ], - [ - 'privilege' => '{DAV:}read', - 'principal' => $this->objectData['principaluri'] . '/calendar-proxy-write', + 'privilege' => '{DAV:}all', + 'principal' => '{DAV:}owner', 'protected' => true, ], [ - 'privilege' => '{DAV:}write', + 'privilege' => '{DAV:}all', 'principal' => $this->objectData['principaluri'] . '/calendar-proxy-write', 'protected' => true, ], |