server/apps/dav/lib/Traits/PrincipalProxyTrait.php
Georg Ehrke 63d584afb5
use principaluri instead of userid, allowing to add delegates for rooms and things
Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup add owner_id and proxy_id as db index, since we use it for querying

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup don't add ACL for each individual proxy, just use calendar-proxy groups

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup allow delegation of resources / rooms

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup fix addIndex call in migration

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup fix remaining constructor calls of Principal

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

!fixup minor fixes and unit tests

Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-08-15 15:41:28 +02:00

223 lines
6.1 KiB
PHP

<?php
/**
* @copyright 2019, Georg Ehrke <oc.list@georgehrke.com>
*
* @author Georg Ehrke <oc.list@georgehrke.com>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\DAV\Traits;
use OCA\DAV\CalDAV\Proxy\Proxy;
use OCA\DAV\CalDAV\Proxy\ProxyMapper;
use Sabre\DAV\Exception;
/**
* Trait PrincipalTrait
*
* @package OCA\DAV\Traits
*/
trait PrincipalProxyTrait {
/**
* Returns the list of members for a group-principal
*
* @param string $principal
* @return string[]
* @throws Exception
*/
public function getGroupMemberSet($principal) {
$members = [];
if ($this->isProxyPrincipal($principal)) {
$realPrincipal = $this->getPrincipalUriFromProxyPrincipal($principal);
$principalArray = $this->getPrincipalByPath($realPrincipal);
if (!$principalArray) {
throw new Exception('Principal not found');
}
$proxies = $this->proxyMapper->getProxiesOf($principalArray['uri']);
foreach ($proxies as $proxy) {
if ($this->isReadProxyPrincipal($principal) && $proxy->getPermissions() === ProxyMapper::PERMISSION_READ) {
$members[] = $proxy->getProxyId();
}
if ($this->isWriteProxyPrincipal($principal) && $proxy->getPermissions() === (ProxyMapper::PERMISSION_READ | ProxyMapper::PERMISSION_WRITE)) {
$members[] = $proxy->getProxyId();
}
}
}
return $members;
}
/**
* Returns the list of groups a principal is a member of
*
* @param string $principal
* @param bool $needGroups
* @return array
* @throws Exception
*/
public function getGroupMembership($principal, $needGroups = false) {
list($prefix, $name) = \Sabre\Uri\split($principal);
if ($prefix !== $this->principalPrefix) {
return [];
}
$principalArray = $this->getPrincipalByPath($principal);
if (!$principalArray) {
throw new Exception('Principal not found');
}
$groups = [];
$proxies = $this->proxyMapper->getProxiesFor($principal);
foreach ($proxies as $proxy) {
if ($proxy->getPermissions() === ProxyMapper::PERMISSION_READ) {
$groups[] = $proxy->getOwnerId() . '/calendar-proxy-read';
}
if ($proxy->getPermissions() === (ProxyMapper::PERMISSION_READ | ProxyMapper::PERMISSION_WRITE)) {
$groups[] = $proxy->getOwnerId() . '/calendar-proxy-write';
}
}
return $groups;
}
/**
* Updates the list of group members for a group principal.
*
* The principals should be passed as a list of uri's.
*
* @param string $principal
* @param string[] $members
* @throws Exception
*/
public function setGroupMemberSet($principal, array $members) {
list($principalUri, $target) = \Sabre\Uri\split($principal);
if ($target !== 'calendar-proxy-write' && $target !== 'calendar-proxy-read') {
throw new Exception('Setting members of the group is not supported yet');
}
$masterPrincipalArray = $this->getPrincipalByPath($principalUri);
if (!$masterPrincipalArray) {
throw new Exception('Principal not found');
}
$permission = ProxyMapper::PERMISSION_READ;
if ($target === 'calendar-proxy-write') {
$permission |= ProxyMapper::PERMISSION_WRITE;
}
list($prefix, $owner) = \Sabre\Uri\split($principalUri);
$proxies = $this->proxyMapper->getProxiesOf($principalUri);
foreach ($members as $member) {
list($prefix, $name) = \Sabre\Uri\split($member);
if ($prefix !== $this->principalPrefix) {
throw new Exception('Invalid member group prefix: ' . $prefix);
}
$principalArray = $this->getPrincipalByPath($member);
if (!$principalArray) {
throw new Exception('Principal not found');
}
$found = false;
foreach ($proxies as $proxy) {
if ($proxy->getProxyId() === $member) {
$found = true;
$proxy->setPermissions($proxy->getPermissions() | $permission);
$this->proxyMapper->update($proxy);
$proxies = array_filter($proxies, function(Proxy $p) use ($proxy) {
return $p->getId() !== $proxy->getId();
});
break;
}
}
if ($found === false) {
$proxy = new Proxy();
$proxy->setOwnerId($principalUri);
$proxy->setProxyId($member);
$proxy->setPermissions($permission);
$this->proxyMapper->insert($proxy);
}
}
// Delete all remaining proxies
foreach ($proxies as $proxy) {
// Write and Read Proxies have individual requests,
// so only delete proxies of this permission
if ($proxy->getPermissions() === $permission) {
$this->proxyMapper->delete($proxy);
}
}
}
/**
* @param string $principalUri
* @return bool
*/
private function isProxyPrincipal(string $principalUri):bool {
list($realPrincipalUri, $proxy) = \Sabre\Uri\split($principalUri);
list($prefix, $userId) = \Sabre\Uri\split($realPrincipalUri);
if (!isset($prefix) || !isset($userId)) {
return false;
}
if ($prefix !== $this->principalPrefix) {
return false;
}
return $proxy === 'calendar-proxy-read'
|| $proxy === 'calendar-proxy-write';
}
/**
* @param string $principalUri
* @return bool
*/
private function isReadProxyPrincipal(string $principalUri):bool {
list(, $proxy) = \Sabre\Uri\split($principalUri);
return $proxy === 'calendar-proxy-read';
}
/**
* @param string $principalUri
* @return bool
*/
private function isWriteProxyPrincipal(string $principalUri):bool {
list(, $proxy) = \Sabre\Uri\split($principalUri);
return $proxy === 'calendar-proxy-write';
}
/**
* @param string $principalUri
* @return string
*/
private function getPrincipalUriFromProxyPrincipal(string $principalUri):string {
list($realPrincipalUri, ) = \Sabre\Uri\split($principalUri);
return $realPrincipalUri;
}
}