summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Bruederli <bruederli@kolabsys.com>2013-02-28 16:10:03 (GMT)
committerThomas Bruederli <bruederli@kolabsys.com>2013-02-28 16:10:03 (GMT)
commit696f145081c4b5a884b98c97f9837076ed195354 (patch)
tree996554026594006889656aae66fd08ca2e03827e
parent38b8c95a29cd058bae006eb4b2168f23287be898 (diff)
downloadiRony-696f145081c4b5a884b98c97f9837076ed195354.tar.gz
Advertise ACLs for calendars according to IMAP rights
-rw-r--r--lib/Kolab/CalDAV/Calendar.php38
-rw-r--r--lib/Kolab/CalDAV/CalendarBackend.php2
-rw-r--r--lib/Kolab/CalDAV/UserCalendars.php12
-rw-r--r--lib/Kolab/DAVACL/PrincipalBackend.php14
4 files changed, 36 insertions, 30 deletions
diff --git a/lib/Kolab/CalDAV/Calendar.php b/lib/Kolab/CalDAV/Calendar.php
index 40a6b35..93ffd23 100644
--- a/lib/Kolab/CalDAV/Calendar.php
+++ b/lib/Kolab/CalDAV/Calendar.php
@@ -80,22 +80,42 @@ class Calendar extends \Sabre\CalDAV\Calendar
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
- * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
- * currently the only supported privileges
- * * 'principal', a url to the principal who owns the node
- * * 'protected' (optional), indicating that this ACE is not allowed to
- * be updated.
+ * - 'privilege', a string such as {DAV:}read or {DAV:}write. These are currently the only supported privileges
+ * - 'principal', a url to the principal who owns the node
+ * - 'protected' (optional), indicating that this ACE is not allowed to be updated.
*
* @return array
*/
public function getACL()
{
- // TODO: return ACL infor based on $this->storage->get_myrights()
- return parent::getACL();
-
+ // return ACL information based on IMAP MYRIGHTS
$rights = $this->storage->get_myrights();
if ($rights && !PEAR::isError($rights)) {
-
+ // user has at least read access to calendar folders listed
+ $acl = array(
+ array(
+ 'privilege' => '{DAV:}read',
+ 'principal' => $this->calendarInfo['principaluri'],
+ 'protected' => true,
+ ),
+ );
+
+ $owner = $this->getOwner();
+ $is_owner = $owner == $this->calendarInfo['principaluri'];
+
+ if ($is_owner || strpos($rights, 'i') !== false) {
+ $acl[] = array(
+ 'privilege' => '{DAV:}write',
+ 'principal' => $this->calendarInfo['principaluri'],
+ 'protected' => true,
+ );
+ }
+
+ return $acl;
+ }
+ else {
+ // fallback to default ACL rules based on ownership
+ return parent::getACL();
}
}
diff --git a/lib/Kolab/CalDAV/CalendarBackend.php b/lib/Kolab/CalDAV/CalendarBackend.php
index 0a979ad..001dc2c 100644
--- a/lib/Kolab/CalDAV/CalendarBackend.php
+++ b/lib/Kolab/CalDAV/CalendarBackend.php
@@ -108,7 +108,7 @@ class CalendarBackend extends CalDAV\Backend\AbstractBackend
// color is defined in folder METADATA
$metadata = $folder->get_metadata(array(kolab_storage::COLOR_KEY_PRIVATE, kolab_storage::COLOR_KEY_SHARED));
if (($color = $metadata[kolab_storage::COLOR_KEY_PRIVATE]) || ($color = $metadata[kolab_storage::COLOR_KEY_SHARED])) {
- return $color;
+ return '#' . $color;
}
return '';
diff --git a/lib/Kolab/CalDAV/UserCalendars.php b/lib/Kolab/CalDAV/UserCalendars.php
index efa00a3..e7ca8d8 100644
--- a/lib/Kolab/CalDAV/UserCalendars.php
+++ b/lib/Kolab/CalDAV/UserCalendars.php
@@ -221,17 +221,15 @@ class UserCalendars extends \Sabre\CalDAV\UserCalendars implements DAV\IExtended
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
- * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
- * currently the only supported privileges
- * * 'principal', a url to the principal who owns the node
- * * 'protected' (optional), indicating that this ACE is not allowed to
- * be updated.
+ * - 'privilege', a string such as {DAV:}read or {DAV:}write. These are currently the only supported privileges
+ * - 'principal', a url to the principal who owns the node
+ * - 'protected' (optional), indicating that this ACE is not allowed to be updated.
*
* @return array
*/
public function getACL()
{
- // TODO: implement this
+ // define rights for the user's calendar root (which is in fact INBOX)
return array(
array(
'privilege' => '{DAV:}read',
@@ -243,6 +241,7 @@ class UserCalendars extends \Sabre\CalDAV\UserCalendars implements DAV\IExtended
'principal' => $this->principalInfo['uri'],
'protected' => true,
),
+/* TODO: implement sharing support
array(
'privilege' => '{DAV:}read',
'principal' => $this->principalInfo['uri'] . '/calendar-proxy-write',
@@ -258,6 +257,7 @@ class UserCalendars extends \Sabre\CalDAV\UserCalendars implements DAV\IExtended
'principal' => $this->principalInfo['uri'] . '/calendar-proxy-read',
'protected' => true,
),
+*/
);
}
diff --git a/lib/Kolab/DAVACL/PrincipalBackend.php b/lib/Kolab/DAVACL/PrincipalBackend.php
index 670eb5f..99812af 100644
--- a/lib/Kolab/DAVACL/PrincipalBackend.php
+++ b/lib/Kolab/DAVACL/PrincipalBackend.php
@@ -33,20 +33,6 @@ use Kolab\DAV\Auth\HTTPBasic;
*/
class PrincipalBackend implements \Sabre\DAVACL\PrincipalBackend\BackendInterface
{
- protected $fieldmap = array(
- // The users' real name.
- '{DAV:}displayname' => 'displayname',
-
- // The users' primary email-address.
- '{http://sabredav.org/ns}email-address' => 'email',
-
- /**
- * This property is actually used by the CardDAV plugin, where it gets
- * mapped to {http://calendarserver.orgi/ns/}me-card.
- */
- '{http://sabredav.org/ns}vcard-url' => 'vcardurl',
- );
-
/**
* Sets up the backend.
*/