diff --git a/apps/dav/lib/CardDAV/AddressBook.php b/apps/dav/lib/CardDAV/AddressBook.php index e9eec4161cb81..b0fb8c8ee5c4b 100644 --- a/apps/dav/lib/CardDAV/AddressBook.php +++ b/apps/dav/lib/CardDAV/AddressBook.php @@ -46,7 +46,6 @@ * @property CardDavBackend $carddavBackend */ class AddressBook extends \Sabre\CardDAV\AddressBook implements IShareable, IMoveTarget { - /** * AddressBook constructor. * @@ -116,7 +115,12 @@ public function getACL() { 'privilege' => '{DAV:}write', 'principal' => $this->getOwner(), 'protected' => true, - ] + ], + [ + 'privilege' => '{DAV:}write-properties', + 'principal' => '{DAV:}authenticated', + 'protected' => true, + ], ]; if ($this->getOwner() === 'principals/system/system') { @@ -147,7 +151,7 @@ public function getACL() { } $acl = $this->carddavBackend->applyShareAcl($this->getResourceId(), $acl); - $allowedPrincipals = [$this->getOwner(), parent::getOwner(), 'principals/system/system']; + $allowedPrincipals = [$this->getOwner(), parent::getOwner(), 'principals/system/system', '{DAV:}authenticated']; return array_filter($acl, function ($rule) use ($allowedPrincipals) { return \in_array($rule['principal'], $allowedPrincipals, true); }); @@ -166,8 +170,7 @@ public function getChild($name) { return new Card($this->carddavBackend, $this->addressBookInfo, $obj); } - public function getChildren() - { + public function getChildren() { $objs = $this->carddavBackend->getCards($this->addressBookInfo['id']); $children = []; foreach ($objs as $obj) { @@ -178,8 +181,7 @@ public function getChildren() return $children; } - public function getMultipleChildren(array $paths) - { + public function getMultipleChildren(array $paths) { $objs = $this->carddavBackend->getMultipleCards($this->addressBookInfo['id'], $paths); $children = []; foreach ($objs as $obj) { @@ -221,10 +223,12 @@ public function delete() { } public function propPatch(PropPatch $propPatch) { - if (isset($this->addressBookInfo['{http://owncloud.org/ns}owner-principal'])) { - throw new Forbidden(); + // shared address books will be handled by + // \OCA\DAV\DAV\CustomPropertiesBackend::propPatch + // to save values in db table instead of dav object + if (!$this->isShared()) { + parent::propPatch($propPatch); } - parent::propPatch($propPatch); } public function getContactsGroups() { diff --git a/apps/dav/lib/DAV/CustomPropertiesBackend.php b/apps/dav/lib/DAV/CustomPropertiesBackend.php index bc822aee974dc..989d049fbd1f9 100644 --- a/apps/dav/lib/DAV/CustomPropertiesBackend.php +++ b/apps/dav/lib/DAV/CustomPropertiesBackend.php @@ -179,6 +179,21 @@ public function propFind($path, PropFind $propFind) { } } + // substr of addressbooks/ => path is inside the CardDAV component + // three '/' => this a addressbook (no addressbook-home nor contact object) + if (str_starts_with($path, 'addressbooks/') && substr_count($path, '/') === 3) { + $allRequestedProps = $propFind->getRequestedProperties(); + $customPropertiesForShares = [ + '{DAV:}displayname', + ]; + + foreach ($customPropertiesForShares as $customPropertyForShares) { + if (in_array($customPropertyForShares, $allRequestedProps, true)) { + $requestedProps[] = $customPropertyForShares; + } + } + } + if (empty($requestedProps)) { return; } diff --git a/apps/dav/tests/unit/CardDAV/AddressBookTest.php b/apps/dav/tests/unit/CardDAV/AddressBookTest.php index 81361d02068ee..9aa7eb14fff13 100644 --- a/apps/dav/tests/unit/CardDAV/AddressBookTest.php +++ b/apps/dav/tests/unit/CardDAV/AddressBookTest.php @@ -29,6 +29,7 @@ use OCA\DAV\CardDAV\AddressBook; use OCA\DAV\CardDAV\Card; use OCA\DAV\CardDAV\CardDavBackend; +use OCA\DAV\DAV\CustomPropertiesBackend; use OCP\IL10N; use PHPUnit\Framework\MockObject\MockObject; use Psr\Log\LoggerInterface; @@ -101,11 +102,10 @@ public function testDeleteFromGroup(): void { } - public function testPropPatch(): void { - $this->expectException(Forbidden::class); - + public function testPropPatchShared(): void { /** @var MockObject | CardDavBackend $backend */ $backend = $this->getMockBuilder(CardDavBackend::class)->disableOriginalConstructor()->getMock(); + $backend->expects($this->never())->method('updateAddressBook'); $addressBookInfo = [ '{http://owncloud.org/ns}owner-principal' => 'user1', '{DAV:}displayname' => 'Test address book', @@ -116,7 +116,24 @@ public function testPropPatch(): void { $l10n = $this->createMock(IL10N::class); $logger = $this->createMock(LoggerInterface::class); $addressBook = new AddressBook($backend, $addressBookInfo, $l10n, $logger); - $addressBook->propPatch(new PropPatch([])); + $addressBook->propPatch(new PropPatch(['{DAV:}displayname' => 'Test address book'])); + } + + public function testPropPatchNotShared(): void { + /** @var MockObject | CardDavBackend $backend */ + $backend = $this->getMockBuilder(CardDavBackend::class)->disableOriginalConstructor()->getMock(); + $backend->expects($this->atLeast(1))->method('updateAddressBook'); + $addressBookInfo = [ + '{http://owncloud.org/ns}owner-principal' => 'user1', + '{DAV:}displayname' => 'Test address book', + 'principaluri' => 'user1', + 'id' => 666, + 'uri' => 'default', + ]; + $l10n = $this->createMock(IL10N::class); + $logger = $this->createMock(LoggerInterface::class); + $addressBook = new AddressBook($backend, $addressBookInfo, $l10n, $logger); + $addressBook->propPatch(new PropPatch(['{DAV:}displayname' => 'Test address book'])); } /** @@ -152,6 +169,10 @@ public function testAcl($expectsWrite, $readOnlyValue, $hasOwnerSet): void { 'privilege' => '{DAV:}write', 'principal' => $hasOwnerSet ? 'user1' : 'user2', 'protected' => true + ], [ + 'privilege' => '{DAV:}write-properties', + 'principal' => '{DAV:}authenticated', + 'protected' => true ]]; if ($hasOwnerSet) { $expectedAcl[] = [