123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518 |
- <?php
- /**
- * SPDX-FileCopyrightText: 2019 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
- namespace OCA\DAV\CalDAV\ResourceBooking;
- use OCA\DAV\CalDAV\Proxy\ProxyMapper;
- use OCA\DAV\Traits\PrincipalProxyTrait;
- use OCP\Calendar\Resource\IResourceMetadata;
- use OCP\Calendar\Room\IRoomMetadata;
- use OCP\DB\Exception;
- use OCP\DB\QueryBuilder\IQueryBuilder;
- use OCP\IDBConnection;
- use OCP\IGroupManager;
- use OCP\IUserSession;
- use Psr\Log\LoggerInterface;
- use Sabre\DAV\PropPatch;
- use Sabre\DAVACL\PrincipalBackend\BackendInterface;
- use function array_intersect;
- use function array_map;
- use function array_merge;
- use function array_unique;
- use function array_values;
- abstract class AbstractPrincipalBackend implements BackendInterface {
- /** @var IDBConnection */
- private $db;
- /** @var IUserSession */
- private $userSession;
- /** @var IGroupManager */
- private $groupManager;
- private LoggerInterface $logger;
- /** @var ProxyMapper */
- private $proxyMapper;
- /** @var string */
- private $principalPrefix;
- /** @var string */
- private $dbTableName;
- /** @var string */
- private $dbMetaDataTableName;
- /** @var string */
- private $dbForeignKeyName;
- /** @var string */
- private $cuType;
- public function __construct(IDBConnection $dbConnection,
- IUserSession $userSession,
- IGroupManager $groupManager,
- LoggerInterface $logger,
- ProxyMapper $proxyMapper,
- string $principalPrefix,
- string $dbPrefix,
- string $cuType) {
- $this->db = $dbConnection;
- $this->userSession = $userSession;
- $this->groupManager = $groupManager;
- $this->logger = $logger;
- $this->proxyMapper = $proxyMapper;
- $this->principalPrefix = $principalPrefix;
- $this->dbTableName = 'calendar_' . $dbPrefix . 's';
- $this->dbMetaDataTableName = $this->dbTableName . '_md';
- $this->dbForeignKeyName = $dbPrefix . '_id';
- $this->cuType = $cuType;
- }
- use PrincipalProxyTrait;
- /**
- * Returns a list of principals based on a prefix.
- *
- * This prefix will often contain something like 'principals'. You are only
- * expected to return principals that are in this base path.
- *
- * You are expected to return at least a 'uri' for every user, you can
- * return any additional properties if you wish so. Common properties are:
- * {DAV:}displayname
- *
- * @param string $prefixPath
- * @return string[]
- */
- public function getPrincipalsByPrefix($prefixPath): array {
- $principals = [];
- if ($prefixPath === $this->principalPrefix) {
- $query = $this->db->getQueryBuilder();
- $query->select(['id', 'backend_id', 'resource_id', 'email', 'displayname'])
- ->from($this->dbTableName);
- $stmt = $query->execute();
- $metaDataQuery = $this->db->getQueryBuilder();
- $metaDataQuery->select([$this->dbForeignKeyName, 'key', 'value'])
- ->from($this->dbMetaDataTableName);
- $metaDataStmt = $metaDataQuery->execute();
- $metaDataRows = $metaDataStmt->fetchAll(\PDO::FETCH_ASSOC);
- $metaDataById = [];
- foreach ($metaDataRows as $metaDataRow) {
- if (!isset($metaDataById[$metaDataRow[$this->dbForeignKeyName]])) {
- $metaDataById[$metaDataRow[$this->dbForeignKeyName]] = [];
- }
- $metaDataById[$metaDataRow[$this->dbForeignKeyName]][$metaDataRow['key']] =
- $metaDataRow['value'];
- }
- while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- $id = $row['id'];
- if (isset($metaDataById[$id])) {
- $principals[] = $this->rowToPrincipal($row, $metaDataById[$id]);
- } else {
- $principals[] = $this->rowToPrincipal($row);
- }
- }
- $stmt->closeCursor();
- }
- return $principals;
- }
- /**
- * Returns a specific principal, specified by its path.
- * The returned structure should be the exact same as from
- * getPrincipalsByPrefix.
- *
- * @param string $prefixPath
- *
- * @return array
- */
- public function getPrincipalByPath($path) {
- if (!str_starts_with($path, $this->principalPrefix)) {
- return null;
- }
- [, $name] = \Sabre\Uri\split($path);
- [$backendId, $resourceId] = explode('-', $name, 2);
- $query = $this->db->getQueryBuilder();
- $query->select(['id', 'backend_id', 'resource_id', 'email', 'displayname'])
- ->from($this->dbTableName)
- ->where($query->expr()->eq('backend_id', $query->createNamedParameter($backendId)))
- ->andWhere($query->expr()->eq('resource_id', $query->createNamedParameter($resourceId)));
- $stmt = $query->execute();
- $row = $stmt->fetch(\PDO::FETCH_ASSOC);
- if (!$row) {
- return null;
- }
- $metaDataQuery = $this->db->getQueryBuilder();
- $metaDataQuery->select(['key', 'value'])
- ->from($this->dbMetaDataTableName)
- ->where($metaDataQuery->expr()->eq($this->dbForeignKeyName, $metaDataQuery->createNamedParameter($row['id'])));
- $metaDataStmt = $metaDataQuery->execute();
- $metaDataRows = $metaDataStmt->fetchAll(\PDO::FETCH_ASSOC);
- $metadata = [];
- foreach ($metaDataRows as $metaDataRow) {
- $metadata[$metaDataRow['key']] = $metaDataRow['value'];
- }
- return $this->rowToPrincipal($row, $metadata);
- }
- /**
- * @param int $id
- * @return string[]|null
- */
- public function getPrincipalById($id): ?array {
- $query = $this->db->getQueryBuilder();
- $query->select(['id', 'backend_id', 'resource_id', 'email', 'displayname'])
- ->from($this->dbTableName)
- ->where($query->expr()->eq('id', $query->createNamedParameter($id)));
- $stmt = $query->execute();
- $row = $stmt->fetch(\PDO::FETCH_ASSOC);
- if (!$row) {
- return null;
- }
- $metaDataQuery = $this->db->getQueryBuilder();
- $metaDataQuery->select(['key', 'value'])
- ->from($this->dbMetaDataTableName)
- ->where($metaDataQuery->expr()->eq($this->dbForeignKeyName, $metaDataQuery->createNamedParameter($row['id'])));
- $metaDataStmt = $metaDataQuery->execute();
- $metaDataRows = $metaDataStmt->fetchAll(\PDO::FETCH_ASSOC);
- $metadata = [];
- foreach ($metaDataRows as $metaDataRow) {
- $metadata[$metaDataRow['key']] = $metaDataRow['value'];
- }
- return $this->rowToPrincipal($row, $metadata);
- }
- /**
- * @param string $path
- * @param PropPatch $propPatch
- * @return int
- */
- public function updatePrincipal($path, PropPatch $propPatch): int {
- return 0;
- }
- /**
- * @param string $prefixPath
- * @param string $test
- *
- * @return array
- */
- public function searchPrincipals($prefixPath, array $searchProperties, $test = 'allof') {
- $results = [];
- if (\count($searchProperties) === 0) {
- return [];
- }
- if ($prefixPath !== $this->principalPrefix) {
- return [];
- }
- $user = $this->userSession->getUser();
- if (!$user) {
- return [];
- }
- $usersGroups = $this->groupManager->getUserGroupIds($user);
- foreach ($searchProperties as $prop => $value) {
- switch ($prop) {
- case '{http://sabredav.org/ns}email-address':
- $query = $this->db->getQueryBuilder();
- $query->select(['id', 'backend_id', 'resource_id', 'email', 'displayname', 'group_restrictions'])
- ->from($this->dbTableName)
- ->where($query->expr()->iLike('email', $query->createNamedParameter('%' . $this->db->escapeLikeParameter($value) . '%')));
- $stmt = $query->execute();
- $principals = [];
- while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- if (!$this->isAllowedToAccessResource($row, $usersGroups)) {
- continue;
- }
- $principals[] = $this->rowToPrincipal($row)['uri'];
- }
- $results[] = $principals;
- $stmt->closeCursor();
- break;
- case '{DAV:}displayname':
- $query = $this->db->getQueryBuilder();
- $query->select(['id', 'backend_id', 'resource_id', 'email', 'displayname', 'group_restrictions'])
- ->from($this->dbTableName)
- ->where($query->expr()->iLike('displayname', $query->createNamedParameter('%' . $this->db->escapeLikeParameter($value) . '%')));
- $stmt = $query->execute();
- $principals = [];
- while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- if (!$this->isAllowedToAccessResource($row, $usersGroups)) {
- continue;
- }
- $principals[] = $this->rowToPrincipal($row)['uri'];
- }
- $results[] = $principals;
- $stmt->closeCursor();
- break;
- case '{urn:ietf:params:xml:ns:caldav}calendar-user-address-set':
- // If you add support for more search properties that qualify as a user-address,
- // please also add them to the array below
- $results[] = $this->searchPrincipals($this->principalPrefix, [
- '{http://sabredav.org/ns}email-address' => $value,
- ], 'anyof');
- break;
- case IRoomMetadata::FEATURES:
- $results[] = $this->searchPrincipalsByRoomFeature($prop, $value);
- break;
- case IRoomMetadata::CAPACITY:
- case IResourceMetadata::VEHICLE_SEATING_CAPACITY:
- $results[] = $this->searchPrincipalsByCapacity($prop, $value);
- break;
- default:
- $results[] = $this->searchPrincipalsByMetadataKey($prop, $value, $usersGroups);
- break;
- }
- }
- // results is an array of arrays, so this is not the first search result
- // but the results of the first searchProperty
- if (count($results) === 1) {
- return $results[0];
- }
- switch ($test) {
- case 'anyof':
- return array_values(array_unique(array_merge(...$results)));
- case 'allof':
- default:
- return array_values(array_intersect(...$results));
- }
- }
- /**
- * @param string $key
- * @return IQueryBuilder
- */
- private function getMetadataQuery(string $key): IQueryBuilder {
- $query = $this->db->getQueryBuilder();
- $query->select([$this->dbForeignKeyName])
- ->from($this->dbMetaDataTableName)
- ->where($query->expr()->eq('key', $query->createNamedParameter($key)));
- return $query;
- }
- /**
- * Searches principals based on their metadata keys.
- * This allows to search for all principals with a specific key.
- * e.g.:
- * '{http://nextcloud.com/ns}room-building-address' => 'ABC Street 123, ...'
- *
- * @param string $key
- * @param string $value
- * @param string[] $usersGroups
- * @return string[]
- */
- private function searchPrincipalsByMetadataKey(string $key, string $value, array $usersGroups = []): array {
- $query = $this->getMetadataQuery($key);
- $query->andWhere($query->expr()->iLike('value', $query->createNamedParameter('%' . $this->db->escapeLikeParameter($value) . '%')));
- return $this->getRows($query, $usersGroups);
- }
- /**
- * Searches principals based on room features
- * e.g.:
- * '{http://nextcloud.com/ns}room-features' => 'TV,PROJECTOR'
- *
- * @param string $key
- * @param string $value
- * @param string[] $usersGroups
- * @return string[]
- */
- private function searchPrincipalsByRoomFeature(string $key, string $value, array $usersGroups = []): array {
- $query = $this->getMetadataQuery($key);
- foreach (explode(',', $value) as $v) {
- $query->andWhere($query->expr()->iLike('value', $query->createNamedParameter('%' . $this->db->escapeLikeParameter($v) . '%')));
- }
- return $this->getRows($query, $usersGroups);
- }
- /**
- * Searches principals based on room seating capacity or vehicle capacity
- * e.g.:
- * '{http://nextcloud.com/ns}room-seating-capacity' => '100'
- *
- * @param string $key
- * @param string $value
- * @param string[] $usersGroups
- * @return string[]
- */
- private function searchPrincipalsByCapacity(string $key, string $value, array $usersGroups = []): array {
- $query = $this->getMetadataQuery($key);
- $query->andWhere($query->expr()->gte('value', $query->createNamedParameter($value)));
- return $this->getRows($query, $usersGroups);
- }
- /**
- * @param IQueryBuilder $query
- * @param string[] $usersGroups
- * @return string[]
- */
- private function getRows(IQueryBuilder $query, array $usersGroups): array {
- try {
- $stmt = $query->executeQuery();
- } catch (Exception $e) {
- $this->logger->error("Could not search resources: " . $e->getMessage(), ['exception' => $e]);
- }
- $rows = [];
- while ($row = $stmt->fetch(\PDO::FETCH_ASSOC)) {
- $principalRow = $this->getPrincipalById($row[$this->dbForeignKeyName]);
- if (!$principalRow) {
- continue;
- }
- $rows[] = $principalRow;
- }
- $stmt->closeCursor();
- $filteredRows = array_filter($rows, function ($row) use ($usersGroups) {
- return $this->isAllowedToAccessResource($row, $usersGroups);
- });
- return array_map(static function ($row): string {
- return $row['uri'];
- }, $filteredRows);
- }
- /**
- * @param string $uri
- * @param string $principalPrefix
- * @return null|string
- * @throws Exception
- */
- public function findByUri($uri, $principalPrefix): ?string {
- $user = $this->userSession->getUser();
- if (!$user) {
- return null;
- }
- $usersGroups = $this->groupManager->getUserGroupIds($user);
- if (str_starts_with($uri, 'mailto:')) {
- $email = substr($uri, 7);
- $query = $this->db->getQueryBuilder();
- $query->select(['id', 'backend_id', 'resource_id', 'email', 'displayname', 'group_restrictions'])
- ->from($this->dbTableName)
- ->where($query->expr()->eq('email', $query->createNamedParameter($email)));
- $stmt = $query->execute();
- $row = $stmt->fetch(\PDO::FETCH_ASSOC);
- if (!$row) {
- return null;
- }
- if (!$this->isAllowedToAccessResource($row, $usersGroups)) {
- return null;
- }
- return $this->rowToPrincipal($row)['uri'];
- }
- if (str_starts_with($uri, 'principal:')) {
- $path = substr($uri, 10);
- if (!str_starts_with($path, $this->principalPrefix)) {
- return null;
- }
- [, $name] = \Sabre\Uri\split($path);
- [$backendId, $resourceId] = explode('-', $name, 2);
- $query = $this->db->getQueryBuilder();
- $query->select(['id', 'backend_id', 'resource_id', 'email', 'displayname', 'group_restrictions'])
- ->from($this->dbTableName)
- ->where($query->expr()->eq('backend_id', $query->createNamedParameter($backendId)))
- ->andWhere($query->expr()->eq('resource_id', $query->createNamedParameter($resourceId)));
- $stmt = $query->execute();
- $row = $stmt->fetch(\PDO::FETCH_ASSOC);
- if (!$row) {
- return null;
- }
- if (!$this->isAllowedToAccessResource($row, $usersGroups)) {
- return null;
- }
- return $this->rowToPrincipal($row)['uri'];
- }
- return null;
- }
- /**
- * convert database row to principal
- *
- * @param string[] $row
- * @param string[] $metadata
- * @return string[]
- */
- private function rowToPrincipal(array $row, array $metadata = []): array {
- return array_merge([
- 'uri' => $this->principalPrefix . '/' . $row['backend_id'] . '-' . $row['resource_id'],
- '{DAV:}displayname' => $row['displayname'],
- '{http://sabredav.org/ns}email-address' => $row['email'],
- '{urn:ietf:params:xml:ns:caldav}calendar-user-type' => $this->cuType,
- ], $metadata);
- }
- /**
- * @param array $row
- * @param array $userGroups
- * @return bool
- */
- private function isAllowedToAccessResource(array $row, array $userGroups): bool {
- if (!isset($row['group_restrictions']) ||
- $row['group_restrictions'] === null ||
- $row['group_restrictions'] === '') {
- return true;
- }
- // group restrictions contains something, but not parsable, deny access and log warning
- $json = json_decode($row['group_restrictions'], null, 512, JSON_THROW_ON_ERROR);
- if (!\is_array($json)) {
- $this->logger->info('group_restrictions field could not be parsed for ' . $this->dbTableName . '::' . $row['id'] . ', denying access to resource');
- return false;
- }
- // empty array => no group restrictions
- if (empty($json)) {
- return true;
- }
- return !empty(array_intersect($json, $userGroups));
- }
- }
|