-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix the FreeBusy request handling for proper scheduling support #6715
Conversation
I think this would be the way to go. |
Did you check if there is a bug report about this upstream in Sabre/Dav? |
Yes I did. There is no Issue in that direction. I'am not sure how they handle it there. I will have a look and try to create a solution with subclassing. Stay tuned. :-) |
@georgehrke Done. Now authenticated users are allowed to execute a PROPFIND on user principles through nextcloud. Is that enough? Or should we restrict it to some thing like the same group eg? |
Yes, I think we should connect this to the settings of the Share API. Do you mind looking into the failing unit tests and adding a unit test for your changes? :) cc @LukasReschke about the ACL changes |
I'll fix and add some tests, no problem One more thing. I just patched our server and a found out, that shared calendars also being taken into account... :( They should be excluded otherwise the FreeBusy status is not usable. Edit: This is a real big problem... Due to the way shared calenders are handle in NC, I think there is no easy way to fix this... |
I will try to look into this soon. Maybe we should distinguish between read only and read write shared calendars. This could be tricky. We should research how other CalDAV servers handle this. |
@go2sh The shared calendar issue should be fixable by making all shared calendars (https://tools.ietf.org/html/rfc6638#section-9.1) Can you confirm this? |
Codecov Report
@@ Coverage Diff @@
## master #6715 +/- ##
============================================
+ Coverage 51.07% 51.07% +<.01%
- Complexity 24830 24852 +22
============================================
Files 1594 1596 +2
Lines 94485 94554 +69
Branches 1365 1365
============================================
+ Hits 48256 48298 +42
- Misses 46229 46256 +27
|
6244fc5
to
b25eaaa
Compare
Todo:
|
63a3e72
to
8a074a2
Compare
$acl = parent::getACL(); | ||
$acl[] = [ | ||
'privilege' => '{DAV:}read', | ||
'principal' => '{DAV:}authenticated', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@LukasReschke @rullzer Is it safe to do this? Does this result in any kind of authentication bypass?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this is save to do. It just requests if the currently authenticated user has read access.
If you could somehow change the current authenticated user then we'd have bigger problems :P
Is this still the case? :) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wasn't aware of using ...
for unpacking on arrays but neat :)
@georgehrke Can you fix the tests? :) |
Yes, will fix the tomorrow. Just wanted to get feedback on the ACL changes for the user principal :)
Me neither, it's PHP 5.6+, so it's fine for 13 |
No |
@georgehrke What about the unit tests? I would like to get this in or move it to 14. |
e032776
to
f87d1dc
Compare
There are ocs-api related integration tests failing. Can someone with more knowledge into our integration test suite look into them? |
Those are the 4 failing assertions:
|
@MorrisJobke The failing integration tests are not related to this pull request; they fail in current master too (see, for example, https://drone.nextcloud.com/nextcloud/server/3305/219). The first offending commit seems to be ba648ee @rullzer |
Test will be fixed once #7342 is in |
Really awesome stuff here @go2sh !! So just as a note this will allow on a 'standard' configured cloud to have all users see the free/busy schedule of all the others. I'm fine with that. But it might be something we need to communicate on release. (cc @MorrisJobke) @georgehrke @go2sh would (for a followup PR). it be a lot of work to be able to set a calendar property to now have this exposed? As I can imagine use cases where users don't want this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Awesome stuff!
Add a "searchPrincipals" function to the NC principal backend. Fix the "findByUri" function to respect the prefixPath. Signed-off-by: Christoph Seitz <christoph.seitz@posteo.de>
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
e3d26db
to
728248b
Compare
Rebased to get a green CI |
cc @jospoortvliet @karlitschek For this |
In the standard configuration, yes. But if the ShareAPI is disabled, FreeBusy will also stop working and if the ShareAPI is restricted to group sharing only, you will only be able to query freeBusy reports for people from the same groups. So that’s the expected behavior imho:) |
@georgehrke yep I agree |
Currently the FreeBusy Request are answered with a 404 Status. and it is not possible to receive a proper FreeBusy status with e.g. Thunderbird. This is due to a function missing in the NC Principal Backend. Further the ACL for User Principals need to be adjusted to allow propFinds to find the scheduling boxes for principles others than the owner.
I know that especially the ACL fix is not perfect at all and it is just a test get the FreeBusy stuff working. I just saw, that NC subclasses the Calendar to generate a proper ACL based on the sharing options. Maybe subclassing the User class would be a better way. But I'am not sure about the right solution. So this is open for discussion. :)
See: https://help.nextcloud.com/t/future-of-sabre-dav/21739
Requires: nextcloud/3rdparty#68PS.: My first NC PR. 🙈
cc @georgehrke