[Pkg-owncloud-commits] [php-sabredav] 207/220: Now checking schedule-query-freebusy instead of read-free-busy.

David Prévot taffit at moszumanska.debian.org
Thu May 12 01:21:29 UTC 2016 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository php-sabredav.

commit a54d8ecc375bbc1f79cd56e913f6e281d6b8b581
Author: Evert Pot <me at evertpot.com>
Date:   Fri Apr 29 17:23:19 2016 +0700

    Now checking schedule-query-freebusy instead of read-free-busy.
    
    As we should have.
---
 CHANGELOG.md                   | 4 ++++
 lib/CalDAV/Schedule/Plugin.php | 5 +++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ac38b2f..2db7586 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -53,6 +53,10 @@ ChangeLog
 * #798: Added an index on `firstoccurence` field in MySQL CalDAV backend. This
   should speed up common calendar-query requests.
 * #759: DAV\Client is now able to actually correctly resolve relative urls.
+* #671: We are no longer checking the `read-free-busy` privilege on individual
+  calendars during freebusy operations in the scheduling plugin. Instead, we
+  check the `schedule-query-freebusy` privilege on the target users' inbox,
+  which validates access for the entire account, per the spec.
 
 
 3.1.3 (2016-04-06)
diff --git a/lib/CalDAV/Schedule/Plugin.php b/lib/CalDAV/Schedule/Plugin.php
index d2c88e7..94d950e 100644
--- a/lib/CalDAV/Schedule/Plugin.php
+++ b/lib/CalDAV/Schedule/Plugin.php
@@ -935,6 +935,9 @@ class Plugin extends ServerPlugin {
         $homeSet = $result[0][200][$caldavNS . 'calendar-home-set']->getHref();
         $inboxUrl = $result[0][200][$caldavNS . 'schedule-inbox-URL']->getHref();
 
+        // Do we have permission?
+        $aclPlugin->checkPrivileges($inboxUrl, $caldavNS . 'schedule-query-freebusy');
+
         // Grabbing the calendar list
         $objects = [];
         $calendarTimeZone = new DateTimeZone('UTC');
@@ -954,8 +957,6 @@ class Plugin extends ServerPlugin {
                 continue;
             }
 
-            $aclPlugin->checkPrivileges($homeSet . $node->getName(), $caldavNS . 'read-free-busy');
-
             if (isset($props[$ctz])) {
                 $vtimezoneObj = VObject\Reader::read($props[$ctz]);
                 $calendarTimeZone = $vtimezoneObj->VTIMEZONE->getTimeZone();

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-php/php-sabredav.git

More information about the Pkg-owncloud-commits mailing list