[Pkg-owncloud-commits] [php-sabredav] 140/220: Allowing uses to set default ACL rules for non-IACL nodes.

David Prévot taffit at moszumanska.debian.org
Thu May 12 01:21:18 UTC 2016 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository php-sabredav.

commit bbcf25b6225962a5a010772f2a8b425d11be810c
Author: Evert Pot <me at evertpot.com>
Date:   Sun Apr 10 22:27:47 2016 -0400

    Allowing uses to set default ACL rules for non-IACL nodes.
    
    This functionality will make ACL a bit simpler.
---
 lib/DAVACL/Plugin.php                  | 79 +++++++++++++++++++++-------------
 tests/Sabre/DAVACL/BlockAccessTest.php |  2 +-
 2 files changed, 49 insertions(+), 32 deletions(-)

diff --git a/lib/DAVACL/Plugin.php b/lib/DAVACL/Plugin.php
index 469fbb4..e113e9d 100644
--- a/lib/DAVACL/Plugin.php
+++ b/lib/DAVACL/Plugin.php
@@ -65,18 +65,6 @@ class Plugin extends DAV\ServerPlugin {
     ];
 
     /**
-     * By default ACL is only enforced for nodes that have ACL support (the
-     * ones that implement IACL). For any other node, access is
-     * always granted.
-     *
-     * To override this behaviour you can turn this setting off. This is useful
-     * if you plan to fully support ACL in the entire tree.
-     *
-     * @var bool
-     */
-    public $allowAccessToNodesWithoutACL = true;
-
-    /**
      * By default nodes that are inaccessible by the user, can still be seen
      * in directory listings (PROPFIND on parent with Depth: 1)
      *
@@ -189,18 +177,6 @@ class Plugin extends DAV\ServerPlugin {
 
         $acl = $this->getCurrentUserPrivilegeSet($uri);
 
-        if (is_null($acl)) {
-            if ($this->allowAccessToNodesWithoutACL) {
-                return true;
-            } else {
-                if ($throwExceptions)
-                    throw new Exception\NeedPrivileges($uri, $privileges);
-                else
-                    return false;
-
-            }
-        }
-
         $failed = [];
         foreach ($privileges as $priv) {
 
@@ -259,6 +235,51 @@ class Plugin extends DAV\ServerPlugin {
     }
 
     /**
+     * Sets the default ACL rules.
+     *
+     * These rules are used for all nodes that don't implement the IACL interface.
+     *
+     * @param array $acl
+     * @return void
+     */
+    function setDefaultAcl(array $acl) {
+
+        $this->defaultAcl = $acl;
+
+    }
+
+    /**
+     * Returns the default ACL rules.
+     *
+     * These rules are used for all nodes that don't implement the IACL interface.
+     *
+     * @param array $acl
+     * @return void
+     */
+    function getDefaultAcl() {
+
+        return $this->defaultAcl;
+
+    }
+
+    /**
+     * The default ACL rules.
+     *
+     * These rules are used for nodes that don't implement IACL. These default
+     * set of rules allow anyone to do anything, as long as they are
+     * authenticated.
+     *
+     * var array
+     */
+    protected $defaultAcl = [
+        [
+            'principal' => '{DAV:}authenticated',
+            'protected' => true,
+            'privilege' => '{DAV:}all',
+        ],
+    ];
+
+    /**
      * This array holds a cache for all the principals that are associated with
      * a single principal.
      *
@@ -468,13 +489,13 @@ class Plugin extends DAV\ServerPlugin {
      * @param string|DAV\INode $node
      * @return array
      */
-    function getACL($node) {
+    function getAcl($node) {
 
         if (is_string($node)) {
             $node = $this->server->tree->getNodeForPath($node);
         }
         if (!$node instanceof IACL) {
-            return null;
+            return $this->getDefaultAcl();
         }
         $acl = $node->getACL();
         foreach ($this->adminPrincipals as $adminPrincipal) {
@@ -507,8 +528,6 @@ class Plugin extends DAV\ServerPlugin {
 
         $acl = $this->getACL($node);
 
-        if (is_null($acl)) return null;
-
         $principals = $this->getCurrentUserPrincipals();
 
         $collected = [];
@@ -936,9 +955,7 @@ class Plugin extends DAV\ServerPlugin {
                 $propFind->set('{DAV:}acl', null, 403);
             } else {
                 $acl = $this->getACL($node);
-                if (!is_null($acl)) {
-                    return new Xml\Property\Acl($this->getACL($node));
-                }
+                return new Xml\Property\Acl($this->getACL($node));
             }
         });
         $propFind->handle('{DAV:}acl-restrictions', function() {
diff --git a/tests/Sabre/DAVACL/BlockAccessTest.php b/tests/Sabre/DAVACL/BlockAccessTest.php
index 5a87c82..d3c925d 100644
--- a/tests/Sabre/DAVACL/BlockAccessTest.php
+++ b/tests/Sabre/DAVACL/BlockAccessTest.php
@@ -20,7 +20,7 @@ class BlockAccessTest extends \PHPUnit_Framework_TestCase {
 
         $this->server = new DAV\Server($nodes);
         $this->plugin = new Plugin();
-        $this->plugin->allowAccessToNodesWithoutACL = false;
+        $this->plugin->setDefaultAcl([]);
         $this->server->addPlugin($this->plugin);
 
     }

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-php/php-sabredav.git

More information about the Pkg-owncloud-commits mailing list