summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Bruederli <bruederli@kolabsys.com>2014-03-12 11:57:32 (GMT)
committerThomas Bruederli <bruederli@kolabsys.com>2014-03-12 11:57:32 (GMT)
commit20757bf1ce1ade5e30de10ec8c4559ba4034fb0d (patch)
tree6966cdab9c19a90a5c86dcb288c18e33ac6ff0b0
parent840e8dabf0149c95891375db0c43a1d78f27f528 (diff)
downloadiRony-20757bf1ce1ade5e30de10ec8c4559ba4034fb0d.tar.gz
Make LDAP directory synchronization for offline use work but restrict to read-only access
-rw-r--r--lib/Kolab/CardDAV/LDAPCard.php72
-rw-r--r--lib/Kolab/CardDAV/LDAPDirectory.php19
-rw-r--r--lib/Kolab/CardDAV/Plugin.php2
-rw-r--r--lib/Kolab/CardDAV/UserAddressBooks.php4
4 files changed, 86 insertions, 11 deletions
diff --git a/lib/Kolab/CardDAV/LDAPCard.php b/lib/Kolab/CardDAV/LDAPCard.php
new file mode 100644
index 0000000..c563e37
--- /dev/null
+++ b/lib/Kolab/CardDAV/LDAPCard.php
@@ -0,0 +1,72 @@
+<?php
+
+/**
+ * Class that represents a single vCard node from an LDAP directory
+ * with limited permissions (read-only).
+ *
+ * @author Thomas Bruederli <bruederli@kolabsys.com>
+ *
+ * Copyright (C) 2014, Kolab Systems AG <contact@kolabsys.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace Kolab\CardDAV;
+
+use Sabr\DAV;
+
+/**
+ * Represents a single vCard from an LDAP directory
+ */
+class LDAPCard extends \Sabre\CardDAV\Card
+{
+ /**
+ * Updates the VCard-formatted object
+ *
+ * @param string $cardData
+ * @return string|null
+ */
+ public function put($cardData)
+ {
+ throw new DAV\Exception\MethodNotAllowed('Modifying directory entries is not allowed');
+ }
+
+ /**
+ * Deletes the card
+ *
+ * @return void
+ */
+ public function delete()
+ {
+ throw new DAV\Exception\MethodNotAllowed('Deleting directory entries is not allowed');
+ }
+
+ /**
+ * Returns a list of ACE's for directory entries.
+ *
+ * @return array
+ */
+ public function getACL() {
+
+ return array(
+ array(
+ 'privilege' => '{DAV:}read',
+ 'principal' => $this->addressBookInfo['principaluri'],
+ 'protected' => true,
+ ),
+ );
+
+ }
+}
+
diff --git a/lib/Kolab/CardDAV/LDAPDirectory.php b/lib/Kolab/CardDAV/LDAPDirectory.php
index 622ce29..70fae38 100644
--- a/lib/Kolab/CardDAV/LDAPDirectory.php
+++ b/lib/Kolab/CardDAV/LDAPDirectory.php
@@ -32,7 +32,6 @@ use \rcube_ldap;
use \rcube_ldap_generic;
use Sabre\DAV;
use Sabre\DAVACL;
-use Sabre\CardDAV\Card;
use Sabre\CardDAV\Property;
/**
@@ -123,17 +122,17 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory,
if ($ldap = $this->connect()) {
// used cached uid mapping
if ($ID = $this->uid2id[$uid]) {
- $record = $ldap->get_record($ID, true);
+ $contact = $ldap->get_record($ID, true);
}
else { // query for uid
$result = $ldap->search('uid', $uid, 1, true, true);
if ($result->count) {
- $record = $result[0];
+ $contact = $result[0];
}
}
- if ($record) {
- $this->_normalize_contact($record);
+ if ($contact) {
+ $this->_normalize_contact($contact);
$obj = array(
'id' => $contact['uid'],
'uri' => $contact['uid'] . '.vcf',
@@ -142,7 +141,7 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory,
'etag' => self::_get_etag($contact),
);
- return new Card($this->carddavBackend, $this->addressBookInfo, $obj);
+ return new LDAPCard($this->carddavBackend, $this->addressBookInfo, $obj);
}
}
@@ -192,7 +191,7 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory,
// TODO: cache result
$this->uid2id[$contact['uid']] = $contact['ID'];
- $children[] = new Card($this->carddavBackend, $this->addressBookInfo, $obj);
+ $children[] = new LDAPCard($this->carddavBackend, $this->addressBookInfo, $obj);
}
}
@@ -446,7 +445,11 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory,
private function map_property2ldap($propname)
{
$attribs = array();
- $ldap = $this->connect();
+
+ // LDAP backend not available, abort
+ if (!($ldap = $this->connect())) {
+ return $attribs;
+ }
$vcard_fieldmap = array(
'FN' => array('name'),
diff --git a/lib/Kolab/CardDAV/Plugin.php b/lib/Kolab/CardDAV/Plugin.php
index 1456e78..adf8151 100644
--- a/lib/Kolab/CardDAV/Plugin.php
+++ b/lib/Kolab/CardDAV/Plugin.php
@@ -67,7 +67,7 @@ class Plugin extends CardDAV\Plugin
public function beforeGetProperties($path, DAV\INode $node, array &$requestedProperties, array &$returnedProperties)
{
// publish global ldap address book for this principal
- if ($node instanceof DAVACL\IPrincipal && empty($this->directories) && \rcube::get_instance()->config->get('global_ldap_directory')) {
+ if ($node instanceof DAVACL\IPrincipal && empty($this->directories) && \rcube::get_instance()->config->get('kolabdav_ldap_directory')) {
$this->directories[] = self::ADDRESSBOOK_ROOT . '/' . $node->getName() . '/' . LDAPDirectory::DIRECTORY_NAME;
}
diff --git a/lib/Kolab/CardDAV/UserAddressBooks.php b/lib/Kolab/CardDAV/UserAddressBooks.php
index db71bbe..4d9063a 100644
--- a/lib/Kolab/CardDAV/UserAddressBooks.php
+++ b/lib/Kolab/CardDAV/UserAddressBooks.php
@@ -50,7 +50,7 @@ class UserAddressBooks extends \Sabre\CardDAV\UserAddressBooks implements DAV\IE
$objs[] = new AddressBook($this->carddavBackend, $addressbook);
}
- if (rcube::get_instance()->config->get('global_ldap_directory')) {
+ if (rcube::get_instance()->config->get('kolabdav_ldap_directory')) {
$objs[] = $this->getLDAPDirectory();
}
@@ -84,7 +84,7 @@ class UserAddressBooks extends \Sabre\CardDAV\UserAddressBooks implements DAV\IE
{
if (!$this->ldap_directory) {
$rcube = rcube::get_instance();
- $config = $rcube->config->get('global_ldap_directory');
+ $config = $rcube->config->get('kolabdav_ldap_directory');
$config['debug'] = $rcube->config->get('ldap_debug');
$this->ldap_directory = new LDAPDirectory($config, $this->principalUri, $this->carddavBackend);
}