From c895ade019a4beacc189257f46325b1a76e323c3 Mon Sep 17 00:00:00 2001 From: Thomas Bruederli Date: Wed, 12 Mar 2014 12:57:32 +0100 Subject: Make LDAP directory synchronization for offline use work but restrict to read-only access --- lib/Kolab/CardDAV/LDAPCard.php | 72 ++++++++++++++++++++++++++++++++++ lib/Kolab/CardDAV/LDAPDirectory.php | 19 +++++---- lib/Kolab/CardDAV/Plugin.php | 2 +- lib/Kolab/CardDAV/UserAddressBooks.php | 4 +- 4 files changed, 86 insertions(+), 11 deletions(-) create mode 100644 lib/Kolab/CardDAV/LDAPCard.php diff --git a/lib/Kolab/CardDAV/LDAPCard.php b/lib/Kolab/CardDAV/LDAPCard.php new file mode 100644 index 0000000..c563e37 --- /dev/null +++ b/lib/Kolab/CardDAV/LDAPCard.php @@ -0,0 +1,72 @@ + + * + * Copyright (C) 2014, Kolab Systems AG + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as + * published by the Free Software Foundation, either version 3 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ + +namespace Kolab\CardDAV; + +use Sabr\DAV; + +/** + * Represents a single vCard from an LDAP directory + */ +class LDAPCard extends \Sabre\CardDAV\Card +{ + /** + * Updates the VCard-formatted object + * + * @param string $cardData + * @return string|null + */ + public function put($cardData) + { + throw new DAV\Exception\MethodNotAllowed('Modifying directory entries is not allowed'); + } + + /** + * Deletes the card + * + * @return void + */ + public function delete() + { + throw new DAV\Exception\MethodNotAllowed('Deleting directory entries is not allowed'); + } + + /** + * Returns a list of ACE's for directory entries. + * + * @return array + */ + public function getACL() { + + return array( + array( + 'privilege' => '{DAV:}read', + 'principal' => $this->addressBookInfo['principaluri'], + 'protected' => true, + ), + ); + + } +} + diff --git a/lib/Kolab/CardDAV/LDAPDirectory.php b/lib/Kolab/CardDAV/LDAPDirectory.php index 622ce29..70fae38 100644 --- a/lib/Kolab/CardDAV/LDAPDirectory.php +++ b/lib/Kolab/CardDAV/LDAPDirectory.php @@ -32,7 +32,6 @@ use \rcube_ldap; use \rcube_ldap_generic; use Sabre\DAV; use Sabre\DAVACL; -use Sabre\CardDAV\Card; use Sabre\CardDAV\Property; /** @@ -123,17 +122,17 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory, if ($ldap = $this->connect()) { // used cached uid mapping if ($ID = $this->uid2id[$uid]) { - $record = $ldap->get_record($ID, true); + $contact = $ldap->get_record($ID, true); } else { // query for uid $result = $ldap->search('uid', $uid, 1, true, true); if ($result->count) { - $record = $result[0]; + $contact = $result[0]; } } - if ($record) { - $this->_normalize_contact($record); + if ($contact) { + $this->_normalize_contact($contact); $obj = array( 'id' => $contact['uid'], 'uri' => $contact['uid'] . '.vcf', @@ -142,7 +141,7 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory, 'etag' => self::_get_etag($contact), ); - return new Card($this->carddavBackend, $this->addressBookInfo, $obj); + return new LDAPCard($this->carddavBackend, $this->addressBookInfo, $obj); } } @@ -192,7 +191,7 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory, // TODO: cache result $this->uid2id[$contact['uid']] = $contact['ID']; - $children[] = new Card($this->carddavBackend, $this->addressBookInfo, $obj); + $children[] = new LDAPCard($this->carddavBackend, $this->addressBookInfo, $obj); } } @@ -446,7 +445,11 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory, private function map_property2ldap($propname) { $attribs = array(); - $ldap = $this->connect(); + + // LDAP backend not available, abort + if (!($ldap = $this->connect())) { + return $attribs; + } $vcard_fieldmap = array( 'FN' => array('name'), diff --git a/lib/Kolab/CardDAV/Plugin.php b/lib/Kolab/CardDAV/Plugin.php index 1456e78..adf8151 100644 --- a/lib/Kolab/CardDAV/Plugin.php +++ b/lib/Kolab/CardDAV/Plugin.php @@ -67,7 +67,7 @@ class Plugin extends CardDAV\Plugin public function beforeGetProperties($path, DAV\INode $node, array &$requestedProperties, array &$returnedProperties) { // publish global ldap address book for this principal - if ($node instanceof DAVACL\IPrincipal && empty($this->directories) && \rcube::get_instance()->config->get('global_ldap_directory')) { + if ($node instanceof DAVACL\IPrincipal && empty($this->directories) && \rcube::get_instance()->config->get('kolabdav_ldap_directory')) { $this->directories[] = self::ADDRESSBOOK_ROOT . '/' . $node->getName() . '/' . LDAPDirectory::DIRECTORY_NAME; } diff --git a/lib/Kolab/CardDAV/UserAddressBooks.php b/lib/Kolab/CardDAV/UserAddressBooks.php index db71bbe..4d9063a 100644 --- a/lib/Kolab/CardDAV/UserAddressBooks.php +++ b/lib/Kolab/CardDAV/UserAddressBooks.php @@ -50,7 +50,7 @@ class UserAddressBooks extends \Sabre\CardDAV\UserAddressBooks implements DAV\IE $objs[] = new AddressBook($this->carddavBackend, $addressbook); } - if (rcube::get_instance()->config->get('global_ldap_directory')) { + if (rcube::get_instance()->config->get('kolabdav_ldap_directory')) { $objs[] = $this->getLDAPDirectory(); } @@ -84,7 +84,7 @@ class UserAddressBooks extends \Sabre\CardDAV\UserAddressBooks implements DAV\IE { if (!$this->ldap_directory) { $rcube = rcube::get_instance(); - $config = $rcube->config->get('global_ldap_directory'); + $config = $rcube->config->get('kolabdav_ldap_directory'); $config['debug'] = $rcube->config->get('ldap_debug'); $this->ldap_directory = new LDAPDirectory($config, $this->principalUri, $this->carddavBackend); } -- cgit v0.12