Outbox.php 2.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116
  1. <?php
  2. /**
  3. * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
  4. * SPDX-License-Identifier: AGPL-3.0-or-later
  5. */
  6. namespace OCA\DAV\CalDAV;
  7. use OCP\IConfig;
  8. use Sabre\CalDAV\Plugin as CalDAVPlugin;
  9. /**
  10. * Class Outbox
  11. *
  12. * @package OCA\DAV\CalDAV
  13. */
  14. class Outbox extends \Sabre\CalDAV\Schedule\Outbox {
  15. /** @var IConfig */
  16. private $config;
  17. /** @var null|bool */
  18. private $disableFreeBusy = null;
  19. /**
  20. * Outbox constructor.
  21. *
  22. * @param IConfig $config
  23. * @param string $principalUri
  24. */
  25. public function __construct(IConfig $config, string $principalUri) {
  26. parent::__construct($principalUri);
  27. $this->config = $config;
  28. }
  29. /**
  30. * Returns a list of ACE's for this node.
  31. *
  32. * Each ACE has the following properties:
  33. * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
  34. * currently the only supported privileges
  35. * * 'principal', a url to the principal who owns the node
  36. * * 'protected' (optional), indicating that this ACE is not allowed to
  37. * be updated.
  38. *
  39. * @return array
  40. */
  41. public function getACL() {
  42. // getACL is called so frequently that we cache the config result
  43. if ($this->disableFreeBusy === null) {
  44. $this->disableFreeBusy = ($this->config->getAppValue('dav', 'disableFreeBusy', 'no') === 'yes');
  45. }
  46. $commonAcl = [
  47. [
  48. 'privilege' => '{DAV:}read',
  49. 'principal' => $this->getOwner(),
  50. 'protected' => true,
  51. ],
  52. [
  53. 'privilege' => '{DAV:}read',
  54. 'principal' => $this->getOwner() . '/calendar-proxy-read',
  55. 'protected' => true,
  56. ],
  57. [
  58. 'privilege' => '{DAV:}read',
  59. 'principal' => $this->getOwner() . '/calendar-proxy-write',
  60. 'protected' => true,
  61. ],
  62. ];
  63. // schedule-send is an aggregate privilege for:
  64. // - schedule-send-invite
  65. // - schedule-send-reply
  66. // - schedule-send-freebusy
  67. //
  68. // If FreeBusy is disabled, we have to remove the latter privilege
  69. if ($this->disableFreeBusy) {
  70. return array_merge($commonAcl, [
  71. [
  72. 'privilege' => '{' . CalDAVPlugin::NS_CALDAV . '}schedule-send-invite',
  73. 'principal' => $this->getOwner(),
  74. 'protected' => true,
  75. ],
  76. [
  77. 'privilege' => '{' . CalDAVPlugin::NS_CALDAV . '}schedule-send-invite',
  78. 'principal' => $this->getOwner() . '/calendar-proxy-write',
  79. 'protected' => true,
  80. ],
  81. [
  82. 'privilege' => '{' . CalDAVPlugin::NS_CALDAV . '}schedule-send-reply',
  83. 'principal' => $this->getOwner(),
  84. 'protected' => true,
  85. ],
  86. [
  87. 'privilege' => '{' . CalDAVPlugin::NS_CALDAV . '}schedule-send-reply',
  88. 'principal' => $this->getOwner() . '/calendar-proxy-write',
  89. 'protected' => true,
  90. ],
  91. ]);
  92. }
  93. return array_merge($commonAcl, [
  94. [
  95. 'privilege' => '{' . CalDAVPlugin::NS_CALDAV . '}schedule-send',
  96. 'principal' => $this->getOwner(),
  97. 'protected' => true,
  98. ],
  99. [
  100. 'privilege' => '{' . CalDAVPlugin::NS_CALDAV . '}schedule-send',
  101. 'principal' => $this->getOwner() . '/calendar-proxy-write',
  102. 'protected' => true,
  103. ],
  104. ]);
  105. }
  106. }