Skip to content

Commit

Permalink
proppatch_todb(): do not mask the annotations for admins user
Browse files Browse the repository at this point in the history 
Rationale: when an admin user sends PROPPATCH, then the annotations
set by the mailbox owner shall be updated.  This permits the admin
user to modify WebDAV properties without fighting with the
annotations database directly or asking for the user’s password.

Admitted, not all cases for PROPPATCH are handled here.

cyrusimap#3403
  • Loading branch information
@dilyanpalauzov
dilyanpalauzov committed Sep 24, 2024
1 parent 07706f9 commit 251bd5c
Show file tree
Hide file tree
Showing 3 changed files with 7 additions and 7 deletions.
4 changes: 2 additions & 2 deletions imap/http_caldav.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6239,7 +6239,7 @@ static int proppatch_timezone(xmlNodePtr prop, unsigned set,
int r = mailbox_get_annotate_state(pctx->mailbox, 0, &astate);
if (!r) r = annotate_state_writemask(astate,
DAV_ANNOT_NS "<" XML_NS_CALDAV ">calendar-timezone-id",
httpd_userid, &pctx->buf);
httpd_userisadmin ? "" : httpd_userid, &pctx->buf);
if (!r) {
/* Set CALDAV:calendar-timezone */
proppatch_todb(prop, set, pctx, propstat, (void *) tz);
Expand Down Expand Up @@ -6540,7 +6540,7 @@ static int proppatch_tzid(xmlNodePtr prop, unsigned set,
r = mailbox_get_annotate_state(pctx->mailbox, 0, &astate);
if (!r) r = annotate_state_writemask(astate,
DAV_ANNOT_NS "<" XML_NS_CALDAV ">calendar-timezone",
httpd_userid, &pctx->buf);
httpd_userisadmin ? "": httpd_userid, &pctx->buf);

if (r) {
xml_add_prop(HTTP_SERVER_ERROR, pctx->ns[NS_DAV],
Expand Down
6 changes: 3 additions & 3 deletions imap/http_dav.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3141,7 +3141,7 @@ static int proppatch_toresource(xmlNodePtr prop, unsigned set,

r = mailbox_get_annotate_state(pctx->mailbox, pctx->record->uid, &astate);
if (!r) r = annotate_state_writemask(astate, buf_cstring(&pctx->buf),
httpd_userid, &value);
httpd_userisadmin ? "" : httpd_userid, &value);
/* we need to rewrite the record to update the modseq because the layering
* of annotations and mailboxes is broken */
if (!r) r = mailbox_rewrite_index_record(pctx->mailbox, pctx->record);
Expand Down Expand Up @@ -3294,7 +3294,7 @@ int proppatch_todb(xmlNodePtr prop, unsigned set,

r = mailbox_get_annotate_state(pctx->mailbox, 0, &astate);
if (!r) r = annotate_state_writemask(astate, buf_cstring(&pctx->buf),
httpd_userid, &value);
httpd_userisadmin ? "" : httpd_userid, &value);

if (!r) {
xml_add_prop(HTTP_OK, pctx->ns[NS_DAV], &propstat[PROPSTAT_OK],
Expand Down Expand Up @@ -3607,7 +3607,7 @@ static int do_proppatch(struct proppatch_ctx *pctx, xmlNodePtr instr)
DAV_PROT_PROP);
*pctx->ret = HTTP_FORBIDDEN;
}
else if ((pctx->txn->meth == METH_PROPPATCH) &&
else if ((pctx->txn->meth == METH_PROPPATCH) && !httpd_userisadmin &&
!(rights & ((entry->flags & PROP_PERUSER) ?
DACL_READ : DACL_PROPCOL))) {
/* DAV:need-privileges */
Expand Down
4 changes: 2 additions & 2 deletions imap/http_dav_sharing.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1097,14 +1097,14 @@ HIDDEN int notify_post(struct transaction_t *txn)

buf_init_ro_cstr(&value, (char *) resp->name);
r = annotate_state_writemask(astate, DAV_ANNOT_NS "<" XML_NS_DAV ">invite-status",
txn->req_tgt.userid, &value);
httpd_userisadmin ? "" : txn->req_tgt.userid, &value);

if (mbtype_isa(mailbox_mbtype(shared)) == MBTYPE_CALENDAR) {
/* Sharee's copy of calendar SHOULD default to transparent */

buf_init_ro_cstr(&value, "transparent");
r = annotate_state_writemask(astate, DAV_ANNOT_NS "<" XML_NS_CALDAV ">schedule-calendar-transp",
txn->req_tgt.userid, &value);
httpd_userisadmin ? "" : txn->req_tgt.userid, &value);
}
}

Expand Down

0 comments on commit 251bd5c

Please sign in to comment.