[Pkg-owncloud-commits] [php-sabredav] 143/220: Added new IACLTrait. SupportedPrivileges can be controlled by plugins.
David Prévot
taffit at moszumanska.debian.org
Thu May 12 01:21:19 UTC 2016
This is an automated email from the git hooks/post-receive script.
taffit pushed a commit to branch master
in repository php-sabredav.
commit 9974490cc9a457df826baff79b7cac95e9be3949
Author: Evert Pot <me at evertpot.com>
Date: Mon Apr 11 01:17:05 2016 -0400
Added new IACLTrait. SupportedPrivileges can be controlled by plugins.
---
lib/CalDAV/Calendar.php | 59 +---------
lib/CalDAV/CalendarHome.php | 59 +---------
lib/CalDAV/CalendarObject.php | 61 +---------
lib/CalDAV/Notifications/Collection.php | 76 +------------
lib/CalDAV/Notifications/Node.php | 76 +------------
lib/CalDAV/Plugin.php | 18 +++
lib/CalDAV/Schedule/Inbox.php | 64 +----------
lib/CalDAV/Schedule/Outbox.php | 55 +--------
lib/CalDAV/Schedule/Plugin.php | 72 +++++++++++-
lib/CalDAV/SharedCalendar.php | 22 ----
lib/CalDAV/Subscriptions/Subscription.php | 59 +---------
lib/CardDAV/AddressBook.php | 82 +-------------
lib/CardDAV/AddressBookHome.php | 76 +------------
lib/CardDAV/Card.php | 53 +--------
lib/DAV/Sharing/Plugin.php | 28 ++++-
lib/DAVACL/{FS/File.php => ACLTrait.php} | 59 +++-------
lib/DAVACL/FS/Collection.php | 47 +-------
lib/DAVACL/FS/File.php | 47 +-------
lib/DAVACL/FS/HomeCollection.php | 68 +-----------
lib/DAVACL/IACL.php | 1 -
lib/DAVACL/Plugin.php | 179 ++++++++++++++++++++----------
lib/DAVACL/Principal.php | 71 +-----------
lib/DAVACL/PrincipalCollection.php | 56 +---------
23 files changed, 286 insertions(+), 1102 deletions(-)
diff --git a/lib/CalDAV/Calendar.php b/lib/CalDAV/Calendar.php
index 0dee02c..90ace0d 100644
--- a/lib/CalDAV/Calendar.php
+++ b/lib/CalDAV/Calendar.php
@@ -18,6 +18,8 @@ use Sabre\DAV\PropPatch;
*/
class Calendar implements ICalendar, DAV\IProperties, DAV\Sync\ISyncCollection, DAV\IMultiGet {
+ use DAVACL\ACLTrait;
+
/**
* This is an array with calendar information
*
@@ -249,19 +251,6 @@ class Calendar implements ICalendar, DAV\IProperties, DAV\Sync\ISyncCollection,
}
/**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -360,50 +349,6 @@ class Calendar implements ICalendar, DAV\IProperties, DAV\Sync\ISyncCollection,
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\MethodNotAllowed('Changing ACL is not yet supported');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See \Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- $default = DAVACL\Plugin::getDefaultSupportedPrivilegeSet();
-
- // We need to inject 'read-free-busy' in the tree, aggregated under
- // {DAV:}read.
- foreach ($default['aggregates'] as &$agg) {
-
- if ($agg['privilege'] !== '{DAV:}read') continue;
-
- $agg['aggregates'][] = [
- 'privilege' => '{' . Plugin::NS_CALDAV . '}read-free-busy',
- ];
-
- }
- return $default;
-
- }
/**
* Performs a calendar-query on the contents of this calendar.
diff --git a/lib/CalDAV/CalendarHome.php b/lib/CalDAV/CalendarHome.php
index 9119734..3d23c3b 100644
--- a/lib/CalDAV/CalendarHome.php
+++ b/lib/CalDAV/CalendarHome.php
@@ -22,6 +22,8 @@ use Sabre\HTTP\URLUtil;
*/
class CalendarHome implements DAV\IExtendedCollection, DAVACL\IACL {
+ use DAVACL\IACLTrait;
+
/**
* CalDAV backend
*
@@ -270,32 +272,6 @@ class CalendarHome implements DAV\IExtendedCollection, DAVACL\IACL {
}
/**
- * Returns the owner principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getOwner() {
-
- return $this->principalInfo['uri'];
-
- }
-
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -340,37 +316,6 @@ class CalendarHome implements DAV\IExtendedCollection, DAVACL\IACL {
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\MethodNotAllowed('Changing ACL is not yet supported');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
/**
* This method is called when a user replied to a request to share.
diff --git a/lib/CalDAV/CalendarObject.php b/lib/CalDAV/CalendarObject.php
index 393ca4c..8a5af85 100644
--- a/lib/CalDAV/CalendarObject.php
+++ b/lib/CalDAV/CalendarObject.php
@@ -11,6 +11,8 @@ namespace Sabre\CalDAV;
*/
class CalendarObject extends \Sabre\DAV\File implements ICalendarObject, \Sabre\DAVACL\IACL {
+ use \Sabre\DAVACL\IACLTrait;
+
/**
* Sabre\CalDAV\Backend\BackendInterface
*
@@ -192,19 +194,6 @@ class CalendarObject extends \Sabre\DAV\File implements ICalendarObject, \Sabre\
}
/**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -226,22 +215,12 @@ class CalendarObject extends \Sabre\DAV\File implements ICalendarObject, \Sabre\
// The default ACL
return [
[
- 'privilege' => '{DAV:}read',
- 'principal' => $this->calendarInfo['principaluri'],
- 'protected' => true,
- ],
- [
- 'privilege' => '{DAV:}write',
+ 'privilege' => '{DAV:}all',
'principal' => $this->calendarInfo['principaluri'],
'protected' => true,
],
[
- 'privilege' => '{DAV:}read',
- 'principal' => $this->calendarInfo['principaluri'] . '/calendar-proxy-write',
- 'protected' => true,
- ],
- [
- 'privilege' => '{DAV:}write',
+ 'privilege' => '{DAV:}all',
'principal' => $this->calendarInfo['principaluri'] . '/calendar-proxy-write',
'protected' => true,
],
@@ -255,36 +234,4 @@ class CalendarObject extends \Sabre\DAV\File implements ICalendarObject, \Sabre\
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new \Sabre\DAV\Exception\MethodNotAllowed('Changing ACL is not yet supported');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See \Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/lib/CalDAV/Notifications/Collection.php b/lib/CalDAV/Notifications/Collection.php
index 1fcc117..aba7e0d 100644
--- a/lib/CalDAV/Notifications/Collection.php
+++ b/lib/CalDAV/Notifications/Collection.php
@@ -22,6 +22,8 @@ use Sabre\DAVACL;
*/
class Collection extends DAV\Collection implements ICollection, DAVACL\IACL {
+ use DAVACL\IACLTrait;
+
/**
* The notification backend
*
@@ -96,78 +98,4 @@ class Collection extends DAV\Collection implements ICollection, DAVACL\IACL {
}
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
- * Returns a list of ACE's for this node.
- *
- * Each ACE has the following properties:
- * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
- * currently the only supported privileges
- * * 'principal', a url to the principal who owns the node
- * * 'protected' (optional), indicating that this ACE is not allowed to
- * be updated.
- *
- * @return array
- */
- function getACL() {
-
- return [
- [
- 'principal' => $this->getOwner(),
- 'privilege' => '{DAV:}read',
- 'protected' => true,
- ],
- [
- 'principal' => $this->getOwner(),
- 'privilege' => '{DAV:}write',
- 'protected' => true,
- ]
- ];
-
- }
-
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's as an array argument.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\NotImplemented('Updating ACLs is not implemented here');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/lib/CalDAV/Notifications/Node.php b/lib/CalDAV/Notifications/Node.php
index 47e78d5..11df0c9 100644
--- a/lib/CalDAV/Notifications/Node.php
+++ b/lib/CalDAV/Notifications/Node.php
@@ -20,6 +20,8 @@ use Sabre\DAVACL;
*/
class Node extends DAV\File implements INode, DAVACL\IACL {
+ use DAVACL\ACLTrait;
+
/**
* The notification backend
*
@@ -116,78 +118,4 @@ class Node extends DAV\File implements INode, DAVACL\IACL {
}
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
- * Returns a list of ACE's for this node.
- *
- * Each ACE has the following properties:
- * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
- * currently the only supported privileges
- * * 'principal', a url to the principal who owns the node
- * * 'protected' (optional), indicating that this ACE is not allowed to
- * be updated.
- *
- * @return array
- */
- function getACL() {
-
- return [
- [
- 'principal' => $this->getOwner(),
- 'privilege' => '{DAV:}read',
- 'protected' => true,
- ],
- [
- 'principal' => $this->getOwner(),
- 'privilege' => '{DAV:}write',
- 'protected' => true,
- ]
- ];
-
- }
-
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's as an array argument.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\NotImplemented('Updating ACLs is not implemented here');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/lib/CalDAV/Plugin.php b/lib/CalDAV/Plugin.php
index 68dade5..92109ef 100644
--- a/lib/CalDAV/Plugin.php
+++ b/lib/CalDAV/Plugin.php
@@ -186,6 +186,7 @@ class Plugin extends DAV\ServerPlugin {
$server->on('beforeCreateFile', [$this, 'beforeCreateFile']);
$server->on('beforeWriteContent', [$this, 'beforeWriteContent']);
$server->on('afterMethod:GET', [$this, 'httpAfterGET']);
+ $server->on('getSupportedPrivilegeSet', [$this, 'getSupportedPrivilegeSet']);
$server->xml->namespaceMap[self::NS_CALDAV] = 'cal';
$server->xml->namespaceMap[self::NS_CALENDARSERVER] = 'cs';
@@ -959,6 +960,23 @@ class Plugin extends DAV\ServerPlugin {
}
/**
+ * This method is triggered whenever a subsystem reqeuests the privileges
+ * that are supported on a particular node.
+ *
+ * @param INode $node
+ * @param array $supportedPrivilegeSet
+ */
+ function getSupportedPrivilegeSet(INode $node, array &$supportedPrivilegeSet) {
+
+ if ($node instanceof ISharedNode) {
+ $supportedPrivilegeSet['{DAV:}read']['aggregates']['{' . self::NS_CALDAV . '}read-free-busy'] = [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ];
+ }
+ }
+
+ /**
* This method is used to generate HTML output for the
* DAV\Browser\Plugin. This allows us to generate an interface users
* can use to create new calendars.
diff --git a/lib/CalDAV/Schedule/Inbox.php b/lib/CalDAV/Schedule/Inbox.php
index 1321256..6b374ea 100644
--- a/lib/CalDAV/Schedule/Inbox.php
+++ b/lib/CalDAV/Schedule/Inbox.php
@@ -17,6 +17,8 @@ use Sabre\VObject;
*/
class Inbox extends DAV\Collection implements IInbox {
+ use DAVACL\ACLTrait;
+
/**
* CalDAV backend
*
@@ -119,19 +121,6 @@ class Inbox extends DAV\Collection implements IInbox {
}
/**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -167,58 +156,11 @@ class Inbox extends DAV\Collection implements IInbox {
'protected' => true,
],
[
- 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-deliver-invite',
+ 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-deliver',
'principal' => '{DAV:}authenticated',
'protected' => true,
],
- [
- 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-deliver-reply',
- 'principal' => '{DAV:}authenticated',
- 'protected' => true,
- ],
- ];
-
- }
-
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\MethodNotAllowed('You\'re not allowed to update the ACL');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- $ns = '{' . CalDAV\Plugin::NS_CALDAV . '}';
-
- $default = DAVACL\Plugin::getDefaultSupportedPrivilegeSet();
- $default['aggregates'][] = [
- 'privilege' => $ns . 'schedule-deliver',
- 'aggregates' => [
- ['privilege' => $ns . 'schedule-deliver-invite'],
- ['privilege' => $ns . 'schedule-deliver-reply'],
- ],
];
- return $default;
}
diff --git a/lib/CalDAV/Schedule/Outbox.php b/lib/CalDAV/Schedule/Outbox.php
index dabaee2..341fd5b 100644
--- a/lib/CalDAV/Schedule/Outbox.php
+++ b/lib/CalDAV/Schedule/Outbox.php
@@ -19,6 +19,8 @@ use Sabre\DAVACL;
*/
class Outbox extends DAV\Collection implements IOutbox {
+ use DAVACL\ACLTrait;
+
/**
* The principal Uri
*
@@ -75,19 +77,6 @@ class Outbox extends DAV\Collection implements IOutbox {
}
/**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -141,44 +130,4 @@ class Outbox extends DAV\Collection implements IOutbox {
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\MethodNotAllowed('You\'re not allowed to update the ACL');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- $default = DAVACL\Plugin::getDefaultSupportedPrivilegeSet();
- $default['aggregates'][] = [
- 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-query-freebusy',
- ];
- $default['aggregates'][] = [
- 'privilege' => '{' . CalDAV\Plugin::NS_CALDAV . '}schedule-post-vevent',
- ];
-
- return $default;
-
- }
-
}
diff --git a/lib/CalDAV/Schedule/Plugin.php b/lib/CalDAV/Schedule/Plugin.php
index f7d5800..a407980 100644
--- a/lib/CalDAV/Schedule/Plugin.php
+++ b/lib/CalDAV/Schedule/Plugin.php
@@ -102,12 +102,13 @@ class Plugin extends ServerPlugin {
function initialize(Server $server) {
$this->server = $server;
- $server->on('method:POST', [$this, 'httpPost']);
- $server->on('propFind', [$this, 'propFind']);
- $server->on('propPatch', [$this, 'propPatch']);
- $server->on('calendarObjectChange', [$this, 'calendarObjectChange']);
- $server->on('beforeUnbind', [$this, 'beforeUnbind']);
- $server->on('schedule', [$this, 'scheduleLocalDelivery']);
+ $server->on('method:POST', [$this, 'httpPost']);
+ $server->on('propFind', [$this, 'propFind']);
+ $server->on('propPatch', [$this, 'propPatch']);
+ $server->on('calendarObjectChange', [$this, 'calendarObjectChange']);
+ $server->on('beforeUnbind', [$this, 'beforeUnbind']);
+ $server->on('schedule', [$this, 'scheduleLocalDelivery']);
+ $server->on('getSupportedPrivilegeSet', [$this, 'getSupportedPrivilegeSet']);
$ns = '{' . self::NS_CALDAV . '}';
@@ -573,6 +574,65 @@ class Plugin extends ServerPlugin {
}
/**
+ * This method is triggered whenever a subsystem reqeuests the privileges
+ * hat are supported on a particular node.
+ *
+ * We need to add a number of privileges for scheduling purposes.
+ *
+ * @param INode $node
+ * @param array $supportedPrivilegeSet
+ */
+ function getSupportedPrivilegeSet(INode $node, array &$supportedPrivilegeSet) {
+
+ $ns = '{' . self::NS_CALDAV . '}';
+ if ($node instanceof IOutbox) {
+ $supportedPrivilegeSet[$ns . 'schedule-send'][
+ 'abstract' => false,
+ 'aggregates' => [
+ $ns . 'schedule-send-invite' => [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ],
+ $ns . 'schedule-send-reply' => [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ],
+ $ns . 'schedule-send-freebusy' => [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ],
+ // Privilege from an earlier scheduling draft, but still
+ // used by some clients.
+ $ns . 'schedule-post-vevent' => [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ],
+ ]
+ ];
+ }
+ if ($node instanceof IInbox) {
+ $supportedPrivilegeSet[$ns . 'schedule-deliver'][
+ 'abstract' => false,
+ 'aggregates' => [
+ $ns . 'schedule-deliver-invite' => [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ],
+ $ns . 'schedule-deliver-reply' => [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ],
+ $ns . 'schedule-query-freebusy' => [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ],
+ ]
+ ];
+ }
+
+ }
+
+ /**
* This method looks at an old iCalendar object, a new iCalendar object and
* starts sending scheduling messages based on the changes.
*
diff --git a/lib/CalDAV/SharedCalendar.php b/lib/CalDAV/SharedCalendar.php
index 96d630f..7a77616 100644
--- a/lib/CalDAV/SharedCalendar.php
+++ b/lib/CalDAV/SharedCalendar.php
@@ -174,28 +174,6 @@ class SharedCalendar extends Calendar implements ISharedCalendar {
}
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- $default = parent::getSupportedPrivilegeSet();
- $default['aggregates'][] = [
- 'privilege' => '{DAV:}share',
- ];
-
- return $default;
-
- }
/**
* This method returns the ACL's for calendar objects in this calendar.
diff --git a/lib/CalDAV/Subscriptions/Subscription.php b/lib/CalDAV/Subscriptions/Subscription.php
index c4ac310..de74650 100644
--- a/lib/CalDAV/Subscriptions/Subscription.php
+++ b/lib/CalDAV/Subscriptions/Subscription.php
@@ -183,19 +183,6 @@ class Subscription extends Collection implements ISubscription, IACL {
}
/**
- * Returns a group principal.
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -211,22 +198,12 @@ class Subscription extends Collection implements ISubscription, IACL {
return [
[
- 'privilege' => '{DAV:}read',
- 'principal' => $this->getOwner(),
- 'protected' => true,
- ],
- [
- 'privilege' => '{DAV:}write',
+ 'privilege' => '{DAV:}all',
'principal' => $this->getOwner(),
'protected' => true,
],
[
- 'privilege' => '{DAV:}read',
- 'principal' => $this->getOwner() . '/calendar-proxy-write',
- 'protected' => true,
- ],
- [
- 'privilege' => '{DAV:}write',
+ 'privilege' => '{DAV:}all',
'principal' => $this->getOwner() . '/calendar-proxy-write',
'protected' => true,
],
@@ -239,36 +216,4 @@ class Subscription extends Collection implements ISubscription, IACL {
}
- /**
- * Updates the ACL.
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new MethodNotAllowed('Changing ACL is not yet supported');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See \Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/lib/CardDAV/AddressBook.php b/lib/CardDAV/AddressBook.php
index 70bec87..6dd0986 100644
--- a/lib/CardDAV/AddressBook.php
+++ b/lib/CardDAV/AddressBook.php
@@ -16,6 +16,8 @@ use Sabre\DAVACL;
*/
class AddressBook extends DAV\Collection implements IAddressBook, DAV\IProperties, DAVACL\IACL, DAV\Sync\ISyncCollection, DAV\IMultiGet {
+ use DAVACL\ACLTrait;
+
/**
* This is an array with addressbook information
*
@@ -236,48 +238,6 @@ class AddressBook extends DAV\Collection implements IAddressBook, DAV\IPropertie
}
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
- * Returns a list of ACE's for this node.
- *
- * Each ACE has the following properties:
- * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
- * currently the only supported privileges
- * * 'principal', a url to the principal who owns the node
- * * 'protected' (optional), indicating that this ACE is not allowed to
- * be updated.
- *
- * @return array
- */
- function getACL() {
-
- return [
- [
- 'privilege' => '{DAV:}read',
- 'principal' => $this->getOwner(),
- 'protected' => true,
- ],
- [
- 'privilege' => '{DAV:}write',
- 'principal' => $this->getOwner(),
- 'protected' => true,
- ],
-
- ];
-
- }
/**
* This method returns the ACL's for card nodes in this address book.
@@ -290,12 +250,7 @@ class AddressBook extends DAV\Collection implements IAddressBook, DAV\IPropertie
return [
[
- 'privilege' => '{DAV:}read',
- 'principal' => $this->getOwner(),
- 'protected' => true,
- ],
- [
- 'privilege' => '{DAV:}write',
+ 'privilege' => '{DAV:}all',
'principal' => $this->getOwner(),
'protected' => true,
],
@@ -303,37 +258,6 @@ class AddressBook extends DAV\Collection implements IAddressBook, DAV\IPropertie
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\MethodNotAllowed('Changing ACL is not yet supported');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
/**
* This method returns the current sync-token for this collection.
diff --git a/lib/CardDAV/AddressBookHome.php b/lib/CardDAV/AddressBookHome.php
index ebc2518..888a44a 100644
--- a/lib/CardDAV/AddressBookHome.php
+++ b/lib/CardDAV/AddressBookHome.php
@@ -18,6 +18,8 @@ use Sabre\Uri;
*/
class AddressBookHome extends DAV\Collection implements DAV\IExtendedCollection, DAVACL\IACL {
+ use DAVACL\ACLTrait;
+
/**
* Principal uri
*
@@ -186,78 +188,4 @@ class AddressBookHome extends DAV\Collection implements DAV\IExtendedCollection,
}
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
- * Returns a list of ACE's for this node.
- *
- * Each ACE has the following properties:
- * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
- * currently the only supported privileges
- * * 'principal', a url to the principal who owns the node
- * * 'protected' (optional), indicating that this ACE is not allowed to
- * be updated.
- *
- * @return array
- */
- function getACL() {
-
- return [
- [
- 'privilege' => '{DAV:}read',
- 'principal' => $this->principalUri,
- 'protected' => true,
- ],
- [
- 'privilege' => '{DAV:}write',
- 'principal' => $this->principalUri,
- 'protected' => true,
- ],
- ];
-
- }
-
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\MethodNotAllowed('Changing ACL is not yet supported');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/lib/CardDAV/Card.php b/lib/CardDAV/Card.php
index 8da6725..0a040be 100644
--- a/lib/CardDAV/Card.php
+++ b/lib/CardDAV/Card.php
@@ -14,6 +14,8 @@ use Sabre\DAV;
*/
class Card extends DAV\File implements ICard, DAVACL\IACL {
+ use DAVACL\ACLTrait;
+
/**
* CardDAV backend
*
@@ -181,18 +183,6 @@ class Card extends DAV\File implements ICard, DAVACL\IACL {
}
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
/**
* Returns a list of ACE's for this node.
@@ -215,12 +205,7 @@ class Card extends DAV\File implements ICard, DAVACL\IACL {
return [
[
- 'privilege' => '{DAV:}read',
- 'principal' => $this->addressBookInfo['principaluri'],
- 'protected' => true,
- ],
- [
- 'privilege' => '{DAV:}write',
+ 'privilege' => '{DAV:}all',
'principal' => $this->addressBookInfo['principaluri'],
'protected' => true,
],
@@ -228,36 +213,4 @@ class Card extends DAV\File implements ICard, DAVACL\IACL {
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\MethodNotAllowed('Changing ACL is not yet supported');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/lib/DAV/Sharing/Plugin.php b/lib/DAV/Sharing/Plugin.php
index 7774956..c19e0e0 100644
--- a/lib/DAV/Sharing/Plugin.php
+++ b/lib/DAV/Sharing/Plugin.php
@@ -94,10 +94,11 @@ class Plugin extends ServerPlugin {
'{DAV:}share-mode'
);
- $server->on('method:POST', [$this, 'httpPost']);
- $server->on('propFind', [$this, 'propFind']);
- $server->on('onHTMLActionsPanel', [$this, 'htmlActionsPanel']);
- $server->on('onBrowserPostAction', [$this, 'browserPostAction']);
+ $server->on('method:POST', [$this, 'httpPost']);
+ $server->on('propFind', [$this, 'propFind']);
+ $server->on('getSupportedPrivilegeSet', [$this, 'getSupportedPrivilegeSet']);
+ $server->on('onHTMLActionsPanel', [$this, 'htmlActionsPanel']);
+ $server->on('onBrowserPostAction', [$this, 'browserPostAction']);
}
@@ -217,6 +218,25 @@ class Plugin extends ServerPlugin {
}
/**
+ * This method is triggered whenever a subsystem reqeuests the privileges
+ * hat are supported on a particular node.
+ *
+ * We need to add a number of privileges for scheduling purposes.
+ *
+ * @param INode $node
+ * @param array $supportedPrivilegeSet
+ */
+ function getSupportedPrivilegeSet(INode $node, array &$supportedPrivilegeSet) {
+
+ if ($node instanceof ISharedNode) {
+ $supportedPrivilegeSet['{DAV:}share'][
+ 'abstract' => false,
+ 'aggregates' => [],
+ ];
+ }
+ }
+
+ /**
* Returns a bunch of meta-data about the plugin.
*
* Providing this information is optional, and is mainly displayed by the
diff --git a/lib/DAVACL/FS/File.php b/lib/DAVACL/ACLTrait.php
similarity index 65%
copy from lib/DAVACL/FS/File.php
copy to lib/DAVACL/ACLTrait.php
index 0d54952..602654a 100644
--- a/lib/DAVACL/FS/File.php
+++ b/lib/DAVACL/ACLTrait.php
@@ -1,48 +1,20 @@
<?php
-namespace Sabre\DAVACL\FS;
-
-use Sabre\DAV\FSExt\File as BaseFile;
-use Sabre\DAVACL\IACL;
-use Sabre\DAV\Exception\Forbidden;
+namespace Sabre\DAVACL;
/**
- * This is an ACL-enabled file node.
+ * This trait is a default implementation of the IACL interface.
+ *
+ * In many cases you only want to implement 1 or to of the IACL functions,
+ * this trait allows you to be a bit lazier.
+ *
+ * By default this trait grants all privileges to the owner of the resource.
*
* @copyright Copyright (C) fruux GmbH (https://fruux.com/)
- * @author Evert Pot (http://evertpot.com/)
+ * @author Evert Pot (https://evertpot.com/)
* @license http://sabre.io/license/ Modified BSD License
*/
-class File extends BaseFile implements IACL {
-
- /**
- * A list of ACL rules.
- *
- * @var array
- */
- protected $acl;
-
- /**
- * Owner uri, or null for no owner.
- *
- * @var string|null
- */
- protected $owner;
-
- /**
- * Constructor
- *
- * @param string $path on-disk path.
- * @param array $acl ACL rules.
- * @param string|null $owner principal owner string.
- */
- function __construct($path, array $acl, $owner = null) {
-
- parent::__construct($path);
- $this->acl = $acl;
- $this->owner = $owner;
-
- }
+trait ACLTrait {
/**
* Returns the owner principal
@@ -53,7 +25,7 @@ class File extends BaseFile implements IACL {
*/
function getOwner() {
- return $this->owner;
+ return null;
}
@@ -84,7 +56,13 @@ class File extends BaseFile implements IACL {
*/
function getACL() {
- return $this->acl;
+ return [
+ [
+ 'privilege' => '{DAV:}all',
+ 'principal' => '{DAV:}owner',
+ 'protected' => true,
+ ]
+ ];
}
@@ -98,8 +76,7 @@ class File extends BaseFile implements IACL {
*/
function setACL(array $acl) {
- throw new Forbidden('Setting ACL is not allowed here');
-
+ throw new \Sabre\DAV\Exception\Forbidden('Setting ACL is not supported on this node');
}
/**
diff --git a/lib/DAVACL/FS/Collection.php b/lib/DAVACL/FS/Collection.php
index 7b78aef..f26f0ee 100644
--- a/lib/DAVACL/FS/Collection.php
+++ b/lib/DAVACL/FS/Collection.php
@@ -16,6 +16,8 @@ use Sabre\DAV\Exception\NotFound;
*/
class Collection extends BaseCollection implements IACL {
+ use ACLTrait;
+
/**
* A list of ACL rules.
*
@@ -88,19 +90,6 @@ class Collection extends BaseCollection implements IACL {
}
/**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -118,36 +107,4 @@ class Collection extends BaseCollection implements IACL {
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's as an array argument.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new Forbidden('Setting ACL is not allowed here');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/lib/DAVACL/FS/File.php b/lib/DAVACL/FS/File.php
index 0d54952..88de206 100644
--- a/lib/DAVACL/FS/File.php
+++ b/lib/DAVACL/FS/File.php
@@ -15,6 +15,8 @@ use Sabre\DAV\Exception\Forbidden;
*/
class File extends BaseFile implements IACL {
+ use ACLTrait;
+
/**
* A list of ACL rules.
*
@@ -58,19 +60,6 @@ class File extends BaseFile implements IACL {
}
/**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -88,36 +77,4 @@ class File extends BaseFile implements IACL {
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's as an array argument.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new Forbidden('Setting ACL is not allowed here');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/lib/DAVACL/FS/HomeCollection.php b/lib/DAVACL/FS/HomeCollection.php
index dc56129..4adf085 100644
--- a/lib/DAVACL/FS/HomeCollection.php
+++ b/lib/DAVACL/FS/HomeCollection.php
@@ -21,6 +21,8 @@ use Sabre\Uri;
*/
class HomeCollection extends AbstractPrincipalCollection implements IACL {
+ use ACLTrait;
+
/**
* Name of this collection.
*
@@ -77,13 +79,8 @@ class HomeCollection extends AbstractPrincipalCollection implements IACL {
$owner = $principalInfo['uri'];
$acl = [
[
- 'privilege' => '{DAV:}read',
- 'principal' => $owner,
- 'protected' => true,
- ],
- [
- 'privilege' => '{DAV:}write',
- 'principal' => $owner,
+ 'privilege' => '{DAV:}all',
+ 'principal' => '{DAV:}owner',
'protected' => true,
],
];
@@ -103,31 +100,6 @@ class HomeCollection extends AbstractPrincipalCollection implements IACL {
}
- /**
- * Returns the owner principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getOwner() {
-
- return null;
-
- }
-
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
/**
* Returns a list of ACE's for this node.
@@ -153,36 +125,4 @@ class HomeCollection extends AbstractPrincipalCollection implements IACL {
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's as an array argument.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new Forbidden('Setting ACL is not allowed here');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/lib/DAVACL/IACL.php b/lib/DAVACL/IACL.php
index 81908d0..f7a1386 100644
--- a/lib/DAVACL/IACL.php
+++ b/lib/DAVACL/IACL.php
@@ -71,5 +71,4 @@ interface IACL extends DAV\INode {
*/
function getSupportedPrivilegeSet();
-
}
diff --git a/lib/DAVACL/Plugin.php b/lib/DAVACL/Plugin.php
index e113e9d..1d6830d 100644
--- a/lib/DAVACL/Plugin.php
+++ b/lib/DAVACL/Plugin.php
@@ -333,13 +333,77 @@ class Plugin extends DAV\ServerPlugin {
}
/**
- * Returns the supported privilege structure for this ACL plugin.
+ * Find out of a principal equals another principal.
*
- * See RFC3744 for more details. Currently we default on a simple,
- * standard structure.
+ * This is a quick way to find out wether a principal URI is part of a
+ * group, or any subgroups.
*
- * You can either get the list of privileges by a uri (path) or by
- * specifying a Node.
+ * The first argument is the principal URI you want to check against. For
+ * example the principal group, and the second argument is the principal of
+ * which you want to find out of it is the same as the first principal, or
+ * in a member of the first principal's group or subgroups.
+ *
+ * So the arguments are not interchangable. If principal A is in group B,
+ * passing 'B', 'A' will yield true, but 'A', 'B' is false.
+ *
+ * If the sceond argument is not passed, we will use the current user
+ * principal.
+ *
+ * @param string $checkPrincipal
+ * @param string $currentPrincipal
+ * @return bool
+ */
+ function principalMatchesPrincipal($checkPrincipal, $currentPrincipal = null) {
+
+ if (is_null($currentPrincipal)) {
+ $currentPrincipal = $this->getCurrentUserPrincipal();
+ }
+ if ($currentPrincipal === $checkPrincipal) {
+ return true;
+ }
+ return in_array(
+ $checkPrincipal,
+ $this->getPrincipalMembership($currentPrincipal)
+ );
+
+ }
+
+
+ /**
+ * Returns a tree of supported privileges for a resource.
+ *
+ * The returned array structure should be in this form:
+ *
+ * [
+ * [
+ * 'privilege' => '{DAV:}read',
+ * 'abstract' => false,
+ * 'aggregates' => []
+ * ]
+ * ]
+ *
+ * Privileges can be nested using "aggregrates". Doing so means that
+ * if you assign someone the aggregrating privilege, all the
+ * sub-privileges will automatically be granted.
+ *
+ * Marking a privilege as abstract means that the privilege cannot be
+ * directly assigned, but must be assigned via the parent privilege.
+ *
+ * So a more complex version might look like this:
+ *
+ * [
+ * [
+ * 'privilege' => '{DAV:}read',
+ * 'abstract' => false,
+ * 'aggregates' => [
+ * [
+ * 'privilege' => '{DAV:}read-acl',
+ * 'abstract' => false,
+ * 'aggregates' => [],
+ * ]
+ * ]
+ * ]
+ * ]
*
* @param string|INode $node
* @return array
@@ -350,73 +414,74 @@ class Plugin extends DAV\ServerPlugin {
$node = $this->server->tree->getNodeForPath($node);
}
+ $supportedPrivileges = null;
if ($node instanceof IACL) {
- $result = $node->getSupportedPrivilegeSet();
-
- if ($result)
- return $result;
+ $supportedPrivileges = $node->getSupportedPrivileges();
}
- return self::getDefaultSupportedPrivilegeSet();
-
- }
-
- /**
- * Returns a fairly standard set of privileges, which may be useful for
- * other systems to use as a basis.
- *
- * @return array
- */
- static function getDefaultSupportedPrivilegeSet() {
+ if (is_null($supportedPrivileges)) {
- return [
- 'privilege' => '{DAV:}all',
- 'abstract' => true,
- 'aggregates' => [
- [
- 'privilege' => '{DAV:}read',
+ // Default
+ $supportedPrivileges = [
+ '{DAV:}read' => [
+ 'abstract' => false,
'aggregates' => [
- [
- 'privilege' => '{DAV:}read-acl',
+ '{DAV:}read-acl' => [
'abstract' => false,
+ 'aggregates' => [],
],
- [
- 'privilege' => '{DAV:}read-current-user-privilege-set',
+ '{DAV:}read-current-user-privilege-set' => [
'abstract' => false,
+ 'aggregates' => [],
],
],
- ], // {DAV:}read
+ ],
[
'privilege' => '{DAV:}write',
+ 'abstract' => false,
'aggregates' => [
- [
- 'privilege' => '{DAV:}write-acl',
- 'abstract' => false,
- ],
- [
- 'privilege' => '{DAV:}write-properties',
- 'abstract' => false,
- ],
- [
- 'privilege' => '{DAV:}write-content',
- 'abstract' => false,
- ],
- [
- 'privilege' => '{DAV:}bind',
- 'abstract' => false,
- ],
- [
- 'privilege' => '{DAV:}unbind',
+ '{DAV:}write-properties' => [
'abstract' => false,
+ 'aggregates' => [],
],
- [
- 'privilege' => '{DAV:}unlock',
+ '{DAV:}unlock' => [
'abstract' => false,
+ 'aggregates' => [],
],
],
- ], // {DAV:}write
- ],
- ]; // {DAV:}all
+ ],
+ ];
+ if ($node instanceof \Sabre\DAV\IFile) {
+ $supportedPrivileges['{DAV:}write']['aggregates']['{DAV:}write-content'] = [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ];
+ }
+ if ($node instanceof \Sabre\DAV\ICollection) {
+ $supportedPrivileges['{DAV:}write']['aggregates']['{DAV:}bind'] = [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ];
+ $supportedPrivileges['{DAV:}write']['aggregates']['{DAV:}unbind'] = [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ];
+ }
+ if ($node instanceof \Sabre\DAV\IACL) {
+ $supportedPrivileges['{DAV:}write']['aggregates']['{DAV:}write-acl'] = [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ];
+ }
+
+ }
+
+ $this->server->emit(
+ 'getSupportedPrivilegeSet',
+ [$node, &$supportedPrivileges]
+ );
+
+ return $supportedPrivileges;
}
@@ -528,8 +593,6 @@ class Plugin extends DAV\ServerPlugin {
$acl = $this->getACL($node);
- $principals = $this->getCurrentUserPrincipals();
-
$collected = [];
foreach ($acl as $ace) {
@@ -540,7 +603,7 @@ class Plugin extends DAV\ServerPlugin {
case '{DAV:}owner' :
$owner = $node->getOwner();
- if ($owner && in_array($owner, $principals)) {
+ if ($owner && $this->principalMatchesPrincipal($owner)) {
$collected[] = $ace;
}
break;
@@ -562,7 +625,7 @@ class Plugin extends DAV\ServerPlugin {
break;
default :
- if (in_array($ace['principal'], $principals)) {
+ if ($this->principalMatchesPrincipal($ace['principal'])) {
$collected[] = $ace;
}
break;
diff --git a/lib/DAVACL/Principal.php b/lib/DAVACL/Principal.php
index 16375d3..49ab406 100644
--- a/lib/DAVACL/Principal.php
+++ b/lib/DAVACL/Principal.php
@@ -22,6 +22,8 @@ use Sabre\HTTP\URLUtil;
*/
class Principal extends DAV\Node implements IPrincipal, DAV\IProperties, IACL {
+ use IACLTrait;
+
/**
* Struct with principal information.
*
@@ -216,73 +218,4 @@ class Principal extends DAV\Node implements IPrincipal, DAV\IProperties, IACL {
}
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
- * Returns a list of ACE's for this node.
- *
- * Each ACE has the following properties:
- * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
- * currently the only supported privileges
- * * 'principal', a url to the principal who owns the node
- * * 'protected' (optional), indicating that this ACE is not allowed to
- * be updated.
- *
- * @return array
- */
- function getACL() {
-
- return [
- [
- 'privilege' => '{DAV:}read',
- 'principal' => '{DAV:}authenticated',
- 'protected' => true,
- ],
- ];
-
- }
-
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\MethodNotAllowed('Updating ACLs is not allowed here');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/lib/DAVACL/PrincipalCollection.php b/lib/DAVACL/PrincipalCollection.php
index 54911e7..5c98bc0 100644
--- a/lib/DAVACL/PrincipalCollection.php
+++ b/lib/DAVACL/PrincipalCollection.php
@@ -19,6 +19,8 @@ use Sabre\DAV\MkCol;
*/
class PrincipalCollection extends AbstractPrincipalCollection implements IExtendedCollection, IACL {
+ use IACLTrait;
+
/**
* This method returns a node for a principal.
*
@@ -73,28 +75,6 @@ class PrincipalCollection extends AbstractPrincipalCollection implements IExtend
}
/**
- * Returns the owner principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getOwner() {
- return null;
- }
-
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
- return null;
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -116,36 +96,4 @@ class PrincipalCollection extends AbstractPrincipalCollection implements IExtend
];
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's as an array argument.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new Forbidden('Updating ACLs is not allowed on this node');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-php/php-sabredav.git
More information about the Pkg-owncloud-commits
mailing list