diff --git a/apps/dav/composer/composer/autoload_classmap.php b/apps/dav/composer/composer/autoload_classmap.php index 845f7cdc0d827..d4eb7e8d011b1 100644 --- a/apps/dav/composer/composer/autoload_classmap.php +++ b/apps/dav/composer/composer/autoload_classmap.php @@ -68,6 +68,8 @@ 'OCA\\DAV\\CalDAV\\Outbox' => $baseDir . '/../lib/CalDAV/Outbox.php', 'OCA\\DAV\\CalDAV\\Plugin' => $baseDir . '/../lib/CalDAV/Plugin.php', 'OCA\\DAV\\CalDAV\\Principal\\Collection' => $baseDir . '/../lib/CalDAV/Principal/Collection.php', + 'OCA\\DAV\\CalDAV\\Principal\\ProxyRead' => $baseDir . '/../lib/CalDAV/Principal/ProxyRead.php', + 'OCA\\DAV\\CalDAV\\Principal\\ProxyWrite' => $baseDir . '/../lib/CalDAV/Principal/ProxyWrite.php', 'OCA\\DAV\\CalDAV\\Principal\\User' => $baseDir . '/../lib/CalDAV/Principal/User.php', 'OCA\\DAV\\CalDAV\\Proxy\\Proxy' => $baseDir . '/../lib/CalDAV/Proxy/Proxy.php', 'OCA\\DAV\\CalDAV\\Proxy\\ProxyMapper' => $baseDir . '/../lib/CalDAV/Proxy/ProxyMapper.php', diff --git a/apps/dav/composer/composer/autoload_static.php b/apps/dav/composer/composer/autoload_static.php index 723dd3692c32a..dc7b81160bf4e 100644 --- a/apps/dav/composer/composer/autoload_static.php +++ b/apps/dav/composer/composer/autoload_static.php @@ -83,6 +83,8 @@ class ComposerStaticInitDAV 'OCA\\DAV\\CalDAV\\Outbox' => __DIR__ . '/..' . '/../lib/CalDAV/Outbox.php', 'OCA\\DAV\\CalDAV\\Plugin' => __DIR__ . '/..' . '/../lib/CalDAV/Plugin.php', 'OCA\\DAV\\CalDAV\\Principal\\Collection' => __DIR__ . '/..' . '/../lib/CalDAV/Principal/Collection.php', + 'OCA\\DAV\\CalDAV\\Principal\\ProxyRead' => __DIR__ . '/..' . '/../lib/CalDAV/Principal/ProxyRead.php', + 'OCA\\DAV\\CalDAV\\Principal\\ProxyWrite' => __DIR__ . '/..' . '/../lib/CalDAV/Principal/ProxyWrite.php', 'OCA\\DAV\\CalDAV\\Principal\\User' => __DIR__ . '/..' . '/../lib/CalDAV/Principal/User.php', 'OCA\\DAV\\CalDAV\\Proxy\\Proxy' => __DIR__ . '/..' . '/../lib/CalDAV/Proxy/Proxy.php', 'OCA\\DAV\\CalDAV\\Proxy\\ProxyMapper' => __DIR__ . '/..' . '/../lib/CalDAV/Proxy/ProxyMapper.php', diff --git a/apps/dav/lib/CalDAV/Principal/ProxyRead.php b/apps/dav/lib/CalDAV/Principal/ProxyRead.php new file mode 100644 index 0000000000000..80349464a22a3 --- /dev/null +++ b/apps/dav/lib/CalDAV/Principal/ProxyRead.php @@ -0,0 +1,23 @@ +principalInfo['uri']; + } +} diff --git a/apps/dav/lib/CalDAV/Principal/ProxyWrite.php b/apps/dav/lib/CalDAV/Principal/ProxyWrite.php new file mode 100644 index 0000000000000..0d9d2dd9947f2 --- /dev/null +++ b/apps/dav/lib/CalDAV/Principal/ProxyWrite.php @@ -0,0 +1,23 @@ +principalInfo['uri']; + } +} diff --git a/apps/dav/lib/CalDAV/Principal/User.php b/apps/dav/lib/CalDAV/Principal/User.php index 904ecc32e893c..e2bf3d7193e92 100644 --- a/apps/dav/lib/CalDAV/Principal/User.php +++ b/apps/dav/lib/CalDAV/Principal/User.php @@ -51,4 +51,44 @@ public function getACL() { ]; return $acl; } + + /** + * Returns a specific child node, referenced by its name. + * + * @param string $name + * + * @return \Sabre\DAV\INode + */ + public function getChild($name) { + $principal = $this->principalBackend->getPrincipalByPath($this->getPrincipalURL() . '/' . $name); + if (!$principal) { + throw new \Sabre\DAV\Exception\NotFound("Node with name $name was not found"); + } + if ($name === 'calendar-proxy-read') { + return new ProxyRead($this->principalBackend, $this->principalProperties); + } + + if ($name === 'calendar-proxy-write') { + return new ProxyWrite($this->principalBackend, $this->principalProperties); + } + + throw new \Sabre\DAV\Exception\NotFound("Node with name $name was not found"); + } + + /** + * Returns an array with all the child nodes. + * + * @return \Sabre\DAV\INode[] + */ + public function getChildren() { + $r = []; + if ($this->principalBackend->getPrincipalByPath($this->getPrincipalURL() . '/calendar-proxy-read')) { + $r[] = new ProxyRead($this->principalBackend, $this->principalProperties); + } + if ($this->principalBackend->getPrincipalByPath($this->getPrincipalURL() . '/calendar-proxy-write')) { + $r[] = new ProxyWrite($this->principalBackend, $this->principalProperties); + } + + return $r; + } } diff --git a/build/integration/features/bootstrap/CalDavContext.php b/build/integration/features/bootstrap/CalDavContext.php index 936463b579ef4..50709ed35b71e 100644 --- a/build/integration/features/bootstrap/CalDavContext.php +++ b/build/integration/features/bootstrap/CalDavContext.php @@ -61,21 +61,39 @@ public function setUpScenario() { /** @AfterScenario */ public function afterScenario() { - $davUrl = $this->baseUrl. '/remote.php/dav/calendars/admin/MyCalendar'; - try { - $this->client->delete( - $davUrl, - [ - 'auth' => [ - 'admin', - 'admin', - ], - 'headers' => [ - 'X-NC-CalDAV-No-Trashbin' => '1', + foreach (['MyCalendar', 'MyCalendar2'] as $calendarName) { + try { + $this->client->delete( + $this->baseUrl . '/remote.php/dav/calendars/admin/' . $calendarName, + [ + 'auth' => ['admin', 'admin'], + 'headers' => ['X-NC-CalDAV-No-Trashbin' => '1'], ] - ] - ); - } catch (\GuzzleHttp\Exception\ClientException $e) { + ); + } catch (\GuzzleHttp\Exception\ClientException $e) { + } + } + } + + /** @AfterScenario @caldav-delegation */ + public function afterDelegationScenario() { + foreach (['calendar-proxy-read', 'calendar-proxy-write'] as $proxyType) { + try { + $propPatch = new \Sabre\DAV\Xml\Request\PropPatch(); + $propPatch->properties = ['{DAV:}group-member-set' => new \Sabre\DAV\Xml\Property\Href([])]; + $xml = new \Sabre\Xml\Service(); + $body = $xml->write('{DAV:}propertyupdate', $propPatch, '/'); + $this->client->request( + 'PROPPATCH', + $this->baseUrl . '/remote.php/dav/principals/users/admin/' . $proxyType, + [ + 'headers' => ['Content-Type' => 'application/xml; charset=UTF-8'], + 'body' => $body, + 'auth' => ['admin', 'admin'], + ] + ); + } catch (\GuzzleHttp\Exception\ClientException $e) { + } } } @@ -105,6 +123,80 @@ public function requestsCalendar($user, $calendar, $endpoint) { } } + /** + * @Then The CalDAV response should contain a property :key + * @throws \Exception + */ + public function theCaldavResponseShouldContainAProperty(string $key): void { + /** @var \Sabre\DAV\Xml\Response\MultiStatus $multiStatus */ + $multiStatus = $this->responseXml['value']; + $responses = $multiStatus->getResponses()[0]->getResponseProperties(); + if (!isset($responses[200])) { + throw new \Exception( + sprintf( + 'Expected code 200 got [%s]', + implode(',', array_keys($responses)), + ) + ); + } + + $props = $responses[200]; + if (!array_key_exists($key, $props)) { + throw new \Exception( + sprintf( + 'Expected property %s in %s', + $key, + json_encode($props, JSON_PRETTY_PRINT), + ) + ); + } + } + + /** + * @Then The CalDAV response should contain an href :href + * @throws \Exception + */ + public function theCaldavResponseShouldContainAnHref(string $href): void { + /** @var \Sabre\DAV\Xml\Response\MultiStatus $multiStatus */ + $multiStatus = $this->responseXml['value']; + foreach ($multiStatus->getResponses() as $response) { + if ($response->getHref() === $href) { + return; + } + } + throw new \Exception( + sprintf( + 'Expected href %s not found in response', + $href, + ) + ); + } + + /** + * @Then The CalDAV response should be multi status + * @throws \Exception + */ + public function theCaldavResponseShouldBeMultiStatus(): void { + if ($this->response->getStatusCode() !== 207) { + throw new \Exception( + sprintf( + 'Expected code 207 got %s', + $this->response->getStatusCode() + ) + ); + } + + $body = $this->response->getBody()->getContents(); + if ($body && substr($body, 0, 1) === '<') { + $reader = new Sabre\Xml\Reader(); + $reader->xml($body); + $reader->elementMap['{DAV:}multistatus'] = \Sabre\DAV\Xml\Response\MultiStatus::class; + $reader->elementMap['{DAV:}response'] = \Sabre\DAV\Xml\Element\Response::class; + $reader->elementMap['{urn:ietf:params:xml:ns:caldav}schedule-default-calendar-URL'] = \Sabre\DAV\Xml\Property\Href::class; + $this->responseXml = $reader->parse(); + } + } + /** * @Then The CalDAV HTTP status code should be :code * @param int $code @@ -258,4 +350,43 @@ public function sendsCreateCalendarRequest(string $user, string $calendar, strin $this->response = $e->getResponse(); } } + + /** + * @Given :user updates property :key to href :value of principal :principal on the endpoint :endpoint + */ + public function updatesHrefPropertyOfPrincipal( + string $user, + string $key, + string $value, + string $principal, + string $endpoint, + ): void { + $davUrl = $this->baseUrl . $endpoint . $principal; + $password = ($user === 'admin') ? 'admin' : '123456'; + + $propPatch = new \Sabre\DAV\Xml\Request\PropPatch(); + $propPatch->properties = [$key => new \Sabre\DAV\Xml\Property\Href($value)]; + + $xml = new \Sabre\Xml\Service(); + $body = $xml->write('{DAV:}propertyupdate', $propPatch, '/'); + + try { + $this->response = $this->client->request( + 'PROPPATCH', + $davUrl, + [ + 'headers' => [ + 'Content-Type' => 'application/xml; charset=UTF-8', + ], + 'body' => $body, + 'auth' => [ + $user, + $password, + ], + ] + ); + } catch (\GuzzleHttp\Exception\ClientException $e) { + $this->response = $e->getResponse(); + } + } } diff --git a/build/integration/features/caldav-delegation.feature b/build/integration/features/caldav-delegation.feature new file mode 100644 index 0000000000000..33cd928db7f98 --- /dev/null +++ b/build/integration/features/caldav-delegation.feature @@ -0,0 +1,30 @@ +# SPDX-FileCopyrightText: 2026 Nextcloud GmbH and Nextcloud contributors +# SPDX-License-Identifier: AGPL-3.0-or-later +Feature: calendar delegation + Calendar delegation grants another user/principal control of a calendar account, + including all calendars the delegator can access. + + @caldav-delegation + Scenario: admin grants user0 read access to her calendar account + Given user "admin" exists + And user "user0" exists + When "admin" updates property "{DAV:}group-member-set" to href "/remote.php/dav/principals/users/user0" of principal "users/admin/calendar-proxy-read" on the endpoint "/remote.php/dav/principals/" + Then The CalDAV response should be multi status + And The CalDAV response should contain an href "/remote.php/dav/principals/users/admin/calendar-proxy-read" + And The CalDAV response should contain a property "{DAV:}group-member-set" + + @caldav-delegation + Scenario: admin grants write access to her calendar account + Given user "admin" exists + And user "user0" exists + When "admin" updates property "{DAV:}group-member-set" to href "/remote.php/dav/principals/users/user0" of principal "users/admin/calendar-proxy-write" on the endpoint "/remote.php/dav/principals/" + Then The CalDAV response should be multi status + And The CalDAV response should contain an href "/remote.php/dav/principals/users/admin/calendar-proxy-write" + And The CalDAV response should contain a property "{DAV:}group-member-set" + + Scenario: Admin cannot grant User1 access to User0's calendar account + Given user "admin" exists + And user "user0" exists + And user "user1" exists + When "admin" updates property "{DAV:}group-member-set" to href "/remote.php/dav/principals/users/user1" of principal "users/user0/calendar-proxy-write" on the endpoint "/remote.php/dav/principals/" + Then The CalDAV HTTP status code should be "404" \ No newline at end of file