nextcloud / server

apps/dav/lib/Listener/CalendarFederationNotificationListener.php

Indentation +70 added lines, -70 removed lines

@@ -25,81 +25,81 @@
  * @template-implements IEventListener<Event|CalendarObjectCreatedEvent|CalendarObjectUpdatedEvent|CalendarObjectDeletedEvent>
  */
 class CalendarFederationNotificationListener implements IEventListener {
-	public function __construct(
-		private readonly ICloudIdManager $cloudIdManager,
-		private readonly CalendarFederationNotifier $calendarFederationNotifier,
-		private readonly LoggerInterface $logger,
-		private readonly SharingMapper $sharingMapper,
-	) {
-	}
+    public function __construct(
+        private readonly ICloudIdManager $cloudIdManager,
+        private readonly CalendarFederationNotifier $calendarFederationNotifier,
+        private readonly LoggerInterface $logger,
+        private readonly SharingMapper $sharingMapper,
+    ) {
+    }
 
-	public function handle(Event $event): void {
-		if (!($event instanceof CalendarObjectCreatedEvent)
-			&& !($event instanceof CalendarObjectUpdatedEvent)
-			&& !($event instanceof CalendarObjectDeletedEvent)
-		) {
-			return;
-		}
+    public function handle(Event $event): void {
+        if (!($event instanceof CalendarObjectCreatedEvent)
+            && !($event instanceof CalendarObjectUpdatedEvent)
+            && !($event instanceof CalendarObjectDeletedEvent)
+        ) {
+            return;
+        }
 
-		$remoteUserShares = array_filter($event->getShares(), function (array $share): bool {
-			$sharedWithPrincipal = $share['{http://owncloud.org/ns}principal'] ?? '';
-			[$prefix] = \Sabre\Uri\split($sharedWithPrincipal);
-			return $prefix === RemoteUserPrincipalBackend::PRINCIPAL_PREFIX;
-		});
-		if (empty($remoteUserShares)) {
-			// Not shared with any remote user
-			return;
-		}
+        $remoteUserShares = array_filter($event->getShares(), function (array $share): bool {
+            $sharedWithPrincipal = $share['{http://owncloud.org/ns}principal'] ?? '';
+            [$prefix] = \Sabre\Uri\split($sharedWithPrincipal);
+            return $prefix === RemoteUserPrincipalBackend::PRINCIPAL_PREFIX;
+        });
+        if (empty($remoteUserShares)) {
+            // Not shared with any remote user
+            return;
+        }
 
-		$calendarInfo = $event->getCalendarData();
-		$remoteUserPrincipals = array_map(
-			static fn (array $share) => $share['{http://owncloud.org/ns}principal'],
-			$remoteUserShares,
-		);
-		$remoteShares = $this->sharingMapper->getSharesByPrincipalsAndResource(
-			$remoteUserPrincipals,
-			(int)$calendarInfo['id'],
-			'calendar',
-		);
+        $calendarInfo = $event->getCalendarData();
+        $remoteUserPrincipals = array_map(
+            static fn (array $share) => $share['{http://owncloud.org/ns}principal'],
+            $remoteUserShares,
+        );
+        $remoteShares = $this->sharingMapper->getSharesByPrincipalsAndResource(
+            $remoteUserPrincipals,
+            (int)$calendarInfo['id'],
+            'calendar',
+        );
 
-		foreach ($remoteShares as $share) {
-			[, $name] = \Sabre\Uri\split($share['principaluri']);
-			$shareWithRaw = base64_decode($name);
-			try {
-				$shareWith = $this->cloudIdManager->resolveCloudId($shareWithRaw);
-			} catch (\InvalidArgumentException $e) {
-				// Not a valid remote user principal
-				continue;
-			}
+        foreach ($remoteShares as $share) {
+            [, $name] = \Sabre\Uri\split($share['principaluri']);
+            $shareWithRaw = base64_decode($name);
+            try {
+                $shareWith = $this->cloudIdManager->resolveCloudId($shareWithRaw);
+            } catch (\InvalidArgumentException $e) {
+                // Not a valid remote user principal
+                continue;
+            }
 
-			[, $sharedByUid] = \Sabre\Uri\split($calendarInfo['principaluri']);
+            [, $sharedByUid] = \Sabre\Uri\split($calendarInfo['principaluri']);
 
-			$remoteUrl = $shareWith->getRemote();
-			try {
-				$response = $this->calendarFederationNotifier->notifySyncCalendar(
-					$shareWith,
-					$sharedByUid,
-					$calendarInfo['uri'],
-					$share['token'],
-				);
-			} catch (OCMProviderException $e) {
-				$this->logger->error("Failed to send SYNC_CALENDAR notification to remote $remoteUrl", [
-					'exception' => $e,
-					'shareWith' => $shareWith->getId(),
-					'calendarName' => $calendarInfo['uri'],
-					'calendarOwner' => $sharedByUid,
-				]);
-				continue;
-			}
+            $remoteUrl = $shareWith->getRemote();
+            try {
+                $response = $this->calendarFederationNotifier->notifySyncCalendar(
+                    $shareWith,
+                    $sharedByUid,
+                    $calendarInfo['uri'],
+                    $share['token'],
+                );
+            } catch (OCMProviderException $e) {
+                $this->logger->error("Failed to send SYNC_CALENDAR notification to remote $remoteUrl", [
+                    'exception' => $e,
+                    'shareWith' => $shareWith->getId(),
+                    'calendarName' => $calendarInfo['uri'],
+                    'calendarOwner' => $sharedByUid,
+                ]);
+                continue;
+            }
 
-			if ($response->getStatusCode() < 200 || $response->getStatusCode() >= 300) {
-				$this->logger->error("Remote $remoteUrl rejected SYNC_CALENDAR notification", [
-					'statusCode' => $response->getStatusCode(),
-					'shareWith' => $shareWith->getId(),
-					'calendarName' => $calendarInfo['uri'],
-					'calendarOwner' => $sharedByUid,
-				]);
-			}
-		}
-	}
+            if ($response->getStatusCode() < 200 || $response->getStatusCode() >= 300) {
+                $this->logger->error("Remote $remoteUrl rejected SYNC_CALENDAR notification", [
+                    'statusCode' => $response->getStatusCode(),
+                    'shareWith' => $shareWith->getId(),
+                    'calendarName' => $calendarInfo['uri'],
+                    'calendarOwner' => $sharedByUid,
+                ]);
+            }
+        }
+    }
 }

Spacing +2 added lines, -2 removed lines

@@ -41,7 +41,7 @@ 
 			return;
 		}
 
-		$remoteUserShares = array_filter($event->getShares(), function (array $share): bool {
+		$remoteUserShares = array_filter($event->getShares(), function(array $share): bool {
 			$sharedWithPrincipal = $share['{http://owncloud.org/ns}principal'] ?? '';
 			[$prefix] = \Sabre\Uri\split($sharedWithPrincipal);
 			return $prefix === RemoteUserPrincipalBackend::PRINCIPAL_PREFIX;
@@ -58,7 +58,7 @@ 
 		);
 		$remoteShares = $this->sharingMapper->getSharesByPrincipalsAndResource(
 			$remoteUserPrincipals,
-			(int)$calendarInfo['id'],
+			(int) $calendarInfo['id'],
 			'calendar',
 		);
 

apps/dav/lib/Listener/SabrePluginAuthInitListener.php

Indentation +11 added lines, -11 removed lines

@@ -20,16 +20,16 @@
  * @template-implements IEventListener<Event|SabrePluginAuthInitEvent>
  */
 class SabrePluginAuthInitListener implements IEventListener {
-	public function handle(Event $event): void {
-		if (!($event instanceof SabrePluginAuthInitEvent)) {
-			return;
-		}
+    public function handle(Event $event): void {
+        if (!($event instanceof SabrePluginAuthInitEvent)) {
+            return;
+        }
 
-		$server = $event->getServer();
-		$authPlugin = $server->getPlugin('auth');
-		if ($authPlugin instanceof Plugin) {
-			$authBackend = Server::get(FederatedCalendarAuth::class);
-			$authPlugin->addBackend($authBackend);
-		}
-	}
+        $server = $event->getServer();
+        $authPlugin = $server->getPlugin('auth');
+        if ($authPlugin instanceof Plugin) {
+            $authBackend = Server::get(FederatedCalendarAuth::class);
+            $authPlugin->addBackend($authBackend);
+        }
+    }
 }

apps/dav/lib/DAV/RemoteUserPrincipalBackend.php

Indentation +112 added lines, -112 removed lines

@@ -14,116 +14,116 @@
 use Sabre\DAVACL\PrincipalBackend\BackendInterface;
 
 class RemoteUserPrincipalBackend implements BackendInterface {
-	public const PRINCIPAL_PREFIX = 'principals/remote-users';
-
-	private bool $hasCachedAllChildren = false;
-
-	/** @var array<string, mixed>[] */
-	private array $principals = [];
-
-	/** @var array<string, array<string, mixed>|null> */
-	private array $principalsByPath = [];
-
-	public function __construct(
-		private readonly ICloudIdManager $cloudIdManager,
-		private readonly SharingMapper $sharingMapper,
-	) {
-	}
-
-	public function getPrincipalsByPrefix($prefixPath) {
-		if ($prefixPath !== self::PRINCIPAL_PREFIX) {
-			return [];
-		}
-
-		if (!$this->hasCachedAllChildren) {
-			$this->loadChildren();
-			$this->hasCachedAllChildren = true;
-		}
-
-		return $this->principals;
-	}
-
-	public function getPrincipalByPath($path) {
-		[$prefix] = \Sabre\Uri\split($path);
-		if ($prefix !== self::PRINCIPAL_PREFIX) {
-			return null;
-		}
-
-		if (isset($this->principalsByPath[$path])) {
-			return $this->principalsByPath[$path];
-		}
-
-		try {
-			$principal = $this->principalUriToPrincipal($path);
-		} catch (\Exception $e) {
-			$principal = null;
-		}
-		$this->principalsByPath[$path] = $principal;
-		return $principal;
-	}
-
-	public function updatePrincipal($path, \Sabre\DAV\PropPatch $propPatch) {
-		throw new \Sabre\DAV\Exception('Updating remote user principal is not supported');
-	}
-
-	public function searchPrincipals($prefixPath, array $searchProperties, $test = 'allof') {
-		// Searching is not supported
-		return [];
-	}
-
-	public function findByUri($uri, $principalPrefix) {
-		if (str_starts_with($uri, 'principal:')) {
-			$principal = substr($uri, strlen('principal:'));
-			$principal = $this->getPrincipalByPath($principal);
-			if ($principal !== null) {
-				return $principal['uri'];
-			}
-		}
-
-		return null;
-	}
-
-	public function getGroupMemberSet($principal) {
-		return [];
-	}
-
-	public function getGroupMembership($principal) {
-		// TODO: for now the group principal has only one member, the user itself
-		$principal = $this->getPrincipalByPath($principal);
-		if (!$principal) {
-			throw new \Sabre\DAV\Exception('Principal not found');
-		}
-
-		return [$principal['uri']];
-	}
-
-	public function setGroupMemberSet($principal, array $members) {
-		throw new \Sabre\DAV\Exception('Adding members to remote user is not supported');
-	}
-
-	/**
-	 * @return array{'{DAV:}displayname': string, '{http://nextcloud.com/ns}cloud-id': \OCP\Federation\ICloudId, uri: string}
-	 */
-	private function principalUriToPrincipal(string $principalUri): array {
-		[, $name] = \Sabre\Uri\split($principalUri);
-		$cloudId = $this->cloudIdManager->resolveCloudId(base64_decode($name));
-		return [
-			'uri' => $principalUri,
-			'{DAV:}displayname' => $cloudId->getDisplayId(),
-			'{http://nextcloud.com/ns}cloud-id' => $cloudId,
-		];
-	}
-
-	private function loadChildren(): void {
-		$rows = $this->sharingMapper->getPrincipalUrisByPrefix('calendar', self::PRINCIPAL_PREFIX);
-		$this->principals = array_map(
-			fn (array $row) => $this->principalUriToPrincipal($row['principaluri']),
-			$rows,
-		);
-
-		$this->principalsByPath = [];
-		foreach ($this->principals as $child) {
-			$this->principalsByPath[$child['uri']] = $child;
-		}
-	}
+    public const PRINCIPAL_PREFIX = 'principals/remote-users';
+
+    private bool $hasCachedAllChildren = false;
+
+    /** @var array<string, mixed>[] */
+    private array $principals = [];
+
+    /** @var array<string, array<string, mixed>|null> */
+    private array $principalsByPath = [];
+
+    public function __construct(
+        private readonly ICloudIdManager $cloudIdManager,
+        private readonly SharingMapper $sharingMapper,
+    ) {
+    }
+
+    public function getPrincipalsByPrefix($prefixPath) {
+        if ($prefixPath !== self::PRINCIPAL_PREFIX) {
+            return [];
+        }
+
+        if (!$this->hasCachedAllChildren) {
+            $this->loadChildren();
+            $this->hasCachedAllChildren = true;
+        }
+
+        return $this->principals;
+    }
+
+    public function getPrincipalByPath($path) {
+        [$prefix] = \Sabre\Uri\split($path);
+        if ($prefix !== self::PRINCIPAL_PREFIX) {
+            return null;
+        }
+
+        if (isset($this->principalsByPath[$path])) {
+            return $this->principalsByPath[$path];
+        }
+
+        try {
+            $principal = $this->principalUriToPrincipal($path);
+        } catch (\Exception $e) {
+            $principal = null;
+        }
+        $this->principalsByPath[$path] = $principal;
+        return $principal;
+    }
+
+    public function updatePrincipal($path, \Sabre\DAV\PropPatch $propPatch) {
+        throw new \Sabre\DAV\Exception('Updating remote user principal is not supported');
+    }
+
+    public function searchPrincipals($prefixPath, array $searchProperties, $test = 'allof') {
+        // Searching is not supported
+        return [];
+    }
+
+    public function findByUri($uri, $principalPrefix) {
+        if (str_starts_with($uri, 'principal:')) {
+            $principal = substr($uri, strlen('principal:'));
+            $principal = $this->getPrincipalByPath($principal);
+            if ($principal !== null) {
+                return $principal['uri'];
+            }
+        }
+
+        return null;
+    }
+
+    public function getGroupMemberSet($principal) {
+        return [];
+    }
+
+    public function getGroupMembership($principal) {
+        // TODO: for now the group principal has only one member, the user itself
+        $principal = $this->getPrincipalByPath($principal);
+        if (!$principal) {
+            throw new \Sabre\DAV\Exception('Principal not found');
+        }
+
+        return [$principal['uri']];
+    }
+
+    public function setGroupMemberSet($principal, array $members) {
+        throw new \Sabre\DAV\Exception('Adding members to remote user is not supported');
+    }
+
+    /**
+     * @return array{'{DAV:}displayname': string, '{http://nextcloud.com/ns}cloud-id': \OCP\Federation\ICloudId, uri: string}
+     */
+    private function principalUriToPrincipal(string $principalUri): array {
+        [, $name] = \Sabre\Uri\split($principalUri);
+        $cloudId = $this->cloudIdManager->resolveCloudId(base64_decode($name));
+        return [
+            'uri' => $principalUri,
+            '{DAV:}displayname' => $cloudId->getDisplayId(),
+            '{http://nextcloud.com/ns}cloud-id' => $cloudId,
+        ];
+    }
+
+    private function loadChildren(): void {
+        $rows = $this->sharingMapper->getPrincipalUrisByPrefix('calendar', self::PRINCIPAL_PREFIX);
+        $this->principals = array_map(
+            fn (array $row) => $this->principalUriToPrincipal($row['principaluri']),
+            $rows,
+        );
+
+        $this->principalsByPath = [];
+        foreach ($this->principals as $child) {
+            $this->principalsByPath[$child['uri']] = $child;
+        }
+    }
 }

apps/dav/lib/DAV/Sharing/SharingMapper.php

Indentation +235 added lines, -235 removed lines

@@ -11,239 +11,239 @@
 use OCP\IDBConnection;
 
 class SharingMapper {
-	public function __construct(
-		private IDBConnection $db,
-	) {
-	}
-
-	protected function getSharesForIdByAccess(int $resourceId, string $resourceType, bool $sharesWithAccess): array {
-		$query = $this->db->getQueryBuilder();
-		$query->select(['principaluri', 'access'])
-			->from('dav_shares')
-			->where($query->expr()->eq('resourceid', $query->createNamedParameter($resourceId, IQueryBuilder::PARAM_INT)))
-			->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType, IQueryBuilder::PARAM_STR)))
-			->groupBy(['principaluri', 'access']);
-
-		if ($sharesWithAccess) {
-			$query->andWhere($query->expr()->neq('access', $query->createNamedParameter(Backend::ACCESS_UNSHARED, IQueryBuilder::PARAM_INT)));
-		} else {
-			$query->andWhere($query->expr()->eq('access', $query->createNamedParameter(Backend::ACCESS_UNSHARED, IQueryBuilder::PARAM_INT)));
-		}
-
-		$result = $query->executeQuery();
-		$rows = $result->fetchAll();
-		$result->closeCursor();
-		return $rows;
-	}
-
-	public function getSharesForId(int $resourceId, string $resourceType): array {
-		return $this->getSharesForIdByAccess($resourceId, $resourceType, true);
-	}
-
-	public function getUnsharesForId(int $resourceId, string $resourceType): array {
-		return $this->getSharesForIdByAccess($resourceId, $resourceType, false);
-	}
-
-	public function getSharesForIds(array $resourceIds, string $resourceType): array {
-		$query = $this->db->getQueryBuilder();
-		$result = $query->select(['resourceid', 'principaluri', 'access'])
-			->from('dav_shares')
-			->where($query->expr()->in('resourceid', $query->createNamedParameter($resourceIds, IQueryBuilder::PARAM_INT_ARRAY)))
-			->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType)))
-			->andWhere($query->expr()->neq('access', $query->createNamedParameter(Backend::ACCESS_UNSHARED, IQueryBuilder::PARAM_INT)))
-			->groupBy(['principaluri', 'access', 'resourceid'])
-			->executeQuery();
-
-		$rows = $result->fetchAll();
-		$result->closeCursor();
-		return $rows;
-	}
-
-	public function unshare(int $resourceId, string $resourceType, string $principal): void {
-		$query = $this->db->getQueryBuilder();
-		$query->insert('dav_shares')
-			->values([
-				'principaluri' => $query->createNamedParameter($principal),
-				'type' => $query->createNamedParameter($resourceType),
-				'access' => $query->createNamedParameter(Backend::ACCESS_UNSHARED),
-				'resourceid' => $query->createNamedParameter($resourceId)
-			]);
-		$query->executeStatement();
-	}
-
-	public function share(int $resourceId, string $resourceType, int $access, string $principal): void {
-		$query = $this->db->getQueryBuilder();
-		$query->insert('dav_shares')
-			->values([
-				'principaluri' => $query->createNamedParameter($principal),
-				'type' => $query->createNamedParameter($resourceType),
-				'access' => $query->createNamedParameter($access),
-				'resourceid' => $query->createNamedParameter($resourceId)
-			]);
-		$query->executeStatement();
-	}
-
-	public function shareWithToken(int $resourceId, string $resourceType, int $access, string $principal, string $token): void {
-		$query = $this->db->getQueryBuilder();
-		$query->insert('dav_shares')
-			->values([
-				'principaluri' => $query->createNamedParameter($principal),
-				'type' => $query->createNamedParameter($resourceType),
-				'access' => $query->createNamedParameter($access),
-				'resourceid' => $query->createNamedParameter($resourceId),
-				'token' => $query->createNamedParameter($token),
-			]);
-		$query->executeStatement();
-	}
-
-	public function deleteShare(int $resourceId, string $resourceType, string $principal): void {
-		$query = $this->db->getQueryBuilder();
-		$query->delete('dav_shares');
-		$query->where(
-			$query->expr()->eq('resourceid', $query->createNamedParameter($resourceId, IQueryBuilder::PARAM_INT)),
-			$query->expr()->eq('type', $query->createNamedParameter($resourceType)),
-			$query->expr()->eq('principaluri', $query->createNamedParameter($principal))
-		);
-		$query->executeStatement();
-
-	}
-
-	public function deleteAllShares(int $resourceId, string $resourceType): void {
-		$query = $this->db->getQueryBuilder();
-		$query->delete('dav_shares')
-			->where($query->expr()->eq('resourceid', $query->createNamedParameter($resourceId)))
-			->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType)))
-			->executeStatement();
-	}
-
-	public function deleteAllSharesByUser(string $principaluri, string $resourceType): void {
-		$query = $this->db->getQueryBuilder();
-		$query->delete('dav_shares')
-			->where($query->expr()->eq('principaluri', $query->createNamedParameter($principaluri)))
-			->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType)))
-			->executeStatement();
-	}
-
-	public function getSharesByPrincipals(array $principals, string $resourceType): array {
-		$query = $this->db->getQueryBuilder();
-		$result = $query->select(['id', 'principaluri', 'type', 'access', 'resourceid'])
-			->from('dav_shares')
-			->where($query->expr()->in('principaluri', $query->createNamedParameter($principals, IQueryBuilder::PARAM_STR_ARRAY), IQueryBuilder::PARAM_STR_ARRAY))
-			->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType)))
-			->orderBy('id')
-			->executeQuery();
-
-		$rows = $result->fetchAll();
-		$result->closeCursor();
-
-		return $rows;
-	}
-
-	public function deleteUnsharesByPrincipal(string $principal, string $resourceType): void {
-		$query = $this->db->getQueryBuilder();
-		$query->delete('dav_shares')
-			->where($query->expr()->eq('principaluri', $query->createNamedParameter($principal)))
-			->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType)))
-			->andWhere($query->expr()->eq('access', $query->createNamedParameter(Backend::ACCESS_UNSHARED, IQueryBuilder::PARAM_INT)))
-			->executeStatement();
-	}
-
-	/**
-	 * @return array{principaluri: string}[]
-	 * @throws \OCP\DB\Exception
-	 */
-	public function getPrincipalUrisByPrefix(string $resourceType, string $prefix): array {
-		$query = $this->db->getQueryBuilder();
-		$result = $query->selectDistinct('principaluri')
-			->from('dav_shares')
-			->where($query->expr()->like(
-				'principaluri',
-				$query->createNamedParameter("$prefix/%", IQueryBuilder::PARAM_STR),
-				IQueryBuilder::PARAM_STR,
-			))
-			->andWhere($query->expr()->eq(
-				'type',
-				$query->createNamedParameter($resourceType, IQueryBuilder::PARAM_STR)),
-				IQueryBuilder::PARAM_STR,
-			)
-			->executeQuery();
-
-		$rows = $result->fetchAll();
-		$result->closeCursor();
-
-		return $rows;
-	}
-
-	/**
-	 * @psalm-return array{uri: string, principaluri: string}[]
-	 * @throws \OCP\DB\Exception
-	 */
-	public function getSharedCalendarsForRemoteUser(
-		string $remoteUserPrincipalUri,
-		string $token,
-	): array {
-		$qb = $this->db->getQueryBuilder();
-		$qb->select('c.uri', 'c.principaluri')
-			->from('dav_shares', 'ds')
-			->join('ds', 'calendars', 'c', $qb->expr()->eq(
-				'ds.resourceid',
-				'c.id',
-				IQueryBuilder::PARAM_INT,
-			))
-			->where($qb->expr()->eq(
-				'ds.type',
-				$qb->createNamedParameter('calendar', IQueryBuilder::PARAM_STR),
-				IQueryBuilder::PARAM_STR,
-			))
-			->andWhere($qb->expr()->eq(
-				'ds.principaluri',
-				$qb->createNamedParameter($remoteUserPrincipalUri, IQueryBuilder::PARAM_STR),
-				IQueryBuilder::PARAM_STR,
-			))
-			->andWhere($qb->expr()->eq(
-				'ds.token',
-				$qb->createNamedParameter($token, IQueryBuilder::PARAM_STR),
-				IQueryBuilder::PARAM_STR,
-			));
-		$result = $qb->executeQuery();
-		$rows = $result->fetchAll();
-		$result->closeCursor();
-
-		return $rows;
-	}
-
-	/**
-	 * @param string[] $principalUris
-	 *
-	 * @throws \OCP\DB\Exception
-	 */
-	public function getSharesByPrincipalsAndResource(
-		array $principalUris,
-		int $resourceId,
-		string $resourceType,
-	): array {
-		$qb = $this->db->getQueryBuilder();
-		$qb->select('*')
-			->from('dav_shares')
-			->where($qb->expr()->in(
-				'principaluri',
-				$qb->createNamedParameter($principalUris, IQueryBuilder::PARAM_STR_ARRAY),
-				IQueryBuilder::PARAM_STR_ARRAY,
-			))
-			->andWhere($qb->expr()->eq(
-				'resourceid',
-				$qb->createNamedParameter($resourceId, IQueryBuilder::PARAM_INT),
-				IQueryBuilder::PARAM_INT,
-			))
-			->andWhere($qb->expr()->eq(
-				'type',
-				$qb->createNamedParameter($resourceType, IQueryBuilder::PARAM_STR),
-				IQueryBuilder::PARAM_STR,
-			));
-		$result = $qb->executeQuery();
-		$rows = $result->fetchAll();
-		$result->closeCursor();
-
-		return $rows;
-	}
+    public function __construct(
+        private IDBConnection $db,
+    ) {
+    }
+
+    protected function getSharesForIdByAccess(int $resourceId, string $resourceType, bool $sharesWithAccess): array {
+        $query = $this->db->getQueryBuilder();
+        $query->select(['principaluri', 'access'])
+            ->from('dav_shares')
+            ->where($query->expr()->eq('resourceid', $query->createNamedParameter($resourceId, IQueryBuilder::PARAM_INT)))
+            ->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType, IQueryBuilder::PARAM_STR)))
+            ->groupBy(['principaluri', 'access']);
+
+        if ($sharesWithAccess) {
+            $query->andWhere($query->expr()->neq('access', $query->createNamedParameter(Backend::ACCESS_UNSHARED, IQueryBuilder::PARAM_INT)));
+        } else {
+            $query->andWhere($query->expr()->eq('access', $query->createNamedParameter(Backend::ACCESS_UNSHARED, IQueryBuilder::PARAM_INT)));
+        }
+
+        $result = $query->executeQuery();
+        $rows = $result->fetchAll();
+        $result->closeCursor();
+        return $rows;
+    }
+
+    public function getSharesForId(int $resourceId, string $resourceType): array {
+        return $this->getSharesForIdByAccess($resourceId, $resourceType, true);
+    }
+
+    public function getUnsharesForId(int $resourceId, string $resourceType): array {
+        return $this->getSharesForIdByAccess($resourceId, $resourceType, false);
+    }
+
+    public function getSharesForIds(array $resourceIds, string $resourceType): array {
+        $query = $this->db->getQueryBuilder();
+        $result = $query->select(['resourceid', 'principaluri', 'access'])
+            ->from('dav_shares')
+            ->where($query->expr()->in('resourceid', $query->createNamedParameter($resourceIds, IQueryBuilder::PARAM_INT_ARRAY)))
+            ->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType)))
+            ->andWhere($query->expr()->neq('access', $query->createNamedParameter(Backend::ACCESS_UNSHARED, IQueryBuilder::PARAM_INT)))
+            ->groupBy(['principaluri', 'access', 'resourceid'])
+            ->executeQuery();
+
+        $rows = $result->fetchAll();
+        $result->closeCursor();
+        return $rows;
+    }
+
+    public function unshare(int $resourceId, string $resourceType, string $principal): void {
+        $query = $this->db->getQueryBuilder();
+        $query->insert('dav_shares')
+            ->values([
+                'principaluri' => $query->createNamedParameter($principal),
+                'type' => $query->createNamedParameter($resourceType),
+                'access' => $query->createNamedParameter(Backend::ACCESS_UNSHARED),
+                'resourceid' => $query->createNamedParameter($resourceId)
+            ]);
+        $query->executeStatement();
+    }
+
+    public function share(int $resourceId, string $resourceType, int $access, string $principal): void {
+        $query = $this->db->getQueryBuilder();
+        $query->insert('dav_shares')
+            ->values([
+                'principaluri' => $query->createNamedParameter($principal),
+                'type' => $query->createNamedParameter($resourceType),
+                'access' => $query->createNamedParameter($access),
+                'resourceid' => $query->createNamedParameter($resourceId)
+            ]);
+        $query->executeStatement();
+    }
+
+    public function shareWithToken(int $resourceId, string $resourceType, int $access, string $principal, string $token): void {
+        $query = $this->db->getQueryBuilder();
+        $query->insert('dav_shares')
+            ->values([
+                'principaluri' => $query->createNamedParameter($principal),
+                'type' => $query->createNamedParameter($resourceType),
+                'access' => $query->createNamedParameter($access),
+                'resourceid' => $query->createNamedParameter($resourceId),
+                'token' => $query->createNamedParameter($token),
+            ]);
+        $query->executeStatement();
+    }
+
+    public function deleteShare(int $resourceId, string $resourceType, string $principal): void {
+        $query = $this->db->getQueryBuilder();
+        $query->delete('dav_shares');
+        $query->where(
+            $query->expr()->eq('resourceid', $query->createNamedParameter($resourceId, IQueryBuilder::PARAM_INT)),
+            $query->expr()->eq('type', $query->createNamedParameter($resourceType)),
+            $query->expr()->eq('principaluri', $query->createNamedParameter($principal))
+        );
+        $query->executeStatement();
+
+    }
+
+    public function deleteAllShares(int $resourceId, string $resourceType): void {
+        $query = $this->db->getQueryBuilder();
+        $query->delete('dav_shares')
+            ->where($query->expr()->eq('resourceid', $query->createNamedParameter($resourceId)))
+            ->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType)))
+            ->executeStatement();
+    }
+
+    public function deleteAllSharesByUser(string $principaluri, string $resourceType): void {
+        $query = $this->db->getQueryBuilder();
+        $query->delete('dav_shares')
+            ->where($query->expr()->eq('principaluri', $query->createNamedParameter($principaluri)))
+            ->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType)))
+            ->executeStatement();
+    }
+
+    public function getSharesByPrincipals(array $principals, string $resourceType): array {
+        $query = $this->db->getQueryBuilder();
+        $result = $query->select(['id', 'principaluri', 'type', 'access', 'resourceid'])
+            ->from('dav_shares')
+            ->where($query->expr()->in('principaluri', $query->createNamedParameter($principals, IQueryBuilder::PARAM_STR_ARRAY), IQueryBuilder::PARAM_STR_ARRAY))
+            ->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType)))
+            ->orderBy('id')
+            ->executeQuery();
+
+        $rows = $result->fetchAll();
+        $result->closeCursor();
+
+        return $rows;
+    }
+
+    public function deleteUnsharesByPrincipal(string $principal, string $resourceType): void {
+        $query = $this->db->getQueryBuilder();
+        $query->delete('dav_shares')
+            ->where($query->expr()->eq('principaluri', $query->createNamedParameter($principal)))
+            ->andWhere($query->expr()->eq('type', $query->createNamedParameter($resourceType)))
+            ->andWhere($query->expr()->eq('access', $query->createNamedParameter(Backend::ACCESS_UNSHARED, IQueryBuilder::PARAM_INT)))
+            ->executeStatement();
+    }
+
+    /**
+     * @return array{principaluri: string}[]
+     * @throws \OCP\DB\Exception
+     */
+    public function getPrincipalUrisByPrefix(string $resourceType, string $prefix): array {
+        $query = $this->db->getQueryBuilder();
+        $result = $query->selectDistinct('principaluri')
+            ->from('dav_shares')
+            ->where($query->expr()->like(
+                'principaluri',
+                $query->createNamedParameter("$prefix/%", IQueryBuilder::PARAM_STR),
+                IQueryBuilder::PARAM_STR,
+            ))
+            ->andWhere($query->expr()->eq(
+                'type',
+                $query->createNamedParameter($resourceType, IQueryBuilder::PARAM_STR)),
+                IQueryBuilder::PARAM_STR,
+            )
+            ->executeQuery();
+
+        $rows = $result->fetchAll();
+        $result->closeCursor();
+
+        return $rows;
+    }
+
+    /**
+     * @psalm-return array{uri: string, principaluri: string}[]
+     * @throws \OCP\DB\Exception
+     */
+    public function getSharedCalendarsForRemoteUser(
+        string $remoteUserPrincipalUri,
+        string $token,
+    ): array {
+        $qb = $this->db->getQueryBuilder();
+        $qb->select('c.uri', 'c.principaluri')
+            ->from('dav_shares', 'ds')
+            ->join('ds', 'calendars', 'c', $qb->expr()->eq(
+                'ds.resourceid',
+                'c.id',
+                IQueryBuilder::PARAM_INT,
+            ))
+            ->where($qb->expr()->eq(
+                'ds.type',
+                $qb->createNamedParameter('calendar', IQueryBuilder::PARAM_STR),
+                IQueryBuilder::PARAM_STR,
+            ))
+            ->andWhere($qb->expr()->eq(
+                'ds.principaluri',
+                $qb->createNamedParameter($remoteUserPrincipalUri, IQueryBuilder::PARAM_STR),
+                IQueryBuilder::PARAM_STR,
+            ))
+            ->andWhere($qb->expr()->eq(
+                'ds.token',
+                $qb->createNamedParameter($token, IQueryBuilder::PARAM_STR),
+                IQueryBuilder::PARAM_STR,
+            ));
+        $result = $qb->executeQuery();
+        $rows = $result->fetchAll();
+        $result->closeCursor();
+
+        return $rows;
+    }
+
+    /**
+     * @param string[] $principalUris
+     *
+     * @throws \OCP\DB\Exception
+     */
+    public function getSharesByPrincipalsAndResource(
+        array $principalUris,
+        int $resourceId,
+        string $resourceType,
+    ): array {
+        $qb = $this->db->getQueryBuilder();
+        $qb->select('*')
+            ->from('dav_shares')
+            ->where($qb->expr()->in(
+                'principaluri',
+                $qb->createNamedParameter($principalUris, IQueryBuilder::PARAM_STR_ARRAY),
+                IQueryBuilder::PARAM_STR_ARRAY,
+            ))
+            ->andWhere($qb->expr()->eq(
+                'resourceid',
+                $qb->createNamedParameter($resourceId, IQueryBuilder::PARAM_INT),
+                IQueryBuilder::PARAM_INT,
+            ))
+            ->andWhere($qb->expr()->eq(
+                'type',
+                $qb->createNamedParameter($resourceType, IQueryBuilder::PARAM_STR),
+                IQueryBuilder::PARAM_STR,
+            ));
+        $result = $qb->executeQuery();
+        $rows = $result->fetchAll();
+        $result->closeCursor();
+
+        return $rows;
+    }
 }

apps/dav/lib/DAV/Sharing/SharingService.php

Indentation +49 added lines, -49 removed lines

@@ -8,53 +8,53 @@
 namespace OCA\DAV\DAV\Sharing;
 
 abstract class SharingService {
-	protected string $resourceType = '';
-	public function __construct(
-		protected SharingMapper $mapper,
-	) {
-	}
-
-	public function getResourceType(): string {
-		return $this->resourceType;
-	}
-	public function shareWith(int $resourceId, string $principal, int $access): void {
-		// remove the share if it already exists
-		$this->mapper->deleteShare($resourceId, $this->getResourceType(), $principal);
-		$this->mapper->share($resourceId, $this->getResourceType(), $access, $principal);
-	}
-
-	public function unshare(int $resourceId, string $principal): void {
-		$this->mapper->unshare($resourceId, $this->getResourceType(), $principal);
-	}
-
-	public function deleteShare(int $resourceId, string $principal): void {
-		$this->mapper->deleteShare($resourceId, $this->getResourceType(), $principal);
-	}
-
-	public function deleteAllShares(int $resourceId): void {
-		$this->mapper->deleteAllShares($resourceId, $this->getResourceType());
-	}
-
-	public function deleteAllSharesByUser(string $principaluri): void {
-		$this->mapper->deleteAllSharesByUser($principaluri, $this->getResourceType());
-	}
-
-	public function getShares(int $resourceId): array {
-		return $this->mapper->getSharesForId($resourceId, $this->getResourceType());
-	}
-
-	public function getUnshares(int $resourceId): array {
-		return $this->mapper->getUnsharesForId($resourceId, $this->getResourceType());
-	}
-
-	public function getSharesForIds(array $resourceIds): array {
-		return $this->mapper->getSharesForIds($resourceIds, $this->getResourceType());
-	}
-
-	/**
-	 * @param string[] $principals
-	 */
-	public function getSharesByPrincipals(array $principals): array {
-		return $this->mapper->getSharesByPrincipals($principals, $this->getResourceType());
-	}
+    protected string $resourceType = '';
+    public function __construct(
+        protected SharingMapper $mapper,
+    ) {
+    }
+
+    public function getResourceType(): string {
+        return $this->resourceType;
+    }
+    public function shareWith(int $resourceId, string $principal, int $access): void {
+        // remove the share if it already exists
+        $this->mapper->deleteShare($resourceId, $this->getResourceType(), $principal);
+        $this->mapper->share($resourceId, $this->getResourceType(), $access, $principal);
+    }
+
+    public function unshare(int $resourceId, string $principal): void {
+        $this->mapper->unshare($resourceId, $this->getResourceType(), $principal);
+    }
+
+    public function deleteShare(int $resourceId, string $principal): void {
+        $this->mapper->deleteShare($resourceId, $this->getResourceType(), $principal);
+    }
+
+    public function deleteAllShares(int $resourceId): void {
+        $this->mapper->deleteAllShares($resourceId, $this->getResourceType());
+    }
+
+    public function deleteAllSharesByUser(string $principaluri): void {
+        $this->mapper->deleteAllSharesByUser($principaluri, $this->getResourceType());
+    }
+
+    public function getShares(int $resourceId): array {
+        return $this->mapper->getSharesForId($resourceId, $this->getResourceType());
+    }
+
+    public function getUnshares(int $resourceId): array {
+        return $this->mapper->getUnsharesForId($resourceId, $this->getResourceType());
+    }
+
+    public function getSharesForIds(array $resourceIds): array {
+        return $this->mapper->getSharesForIds($resourceIds, $this->getResourceType());
+    }
+
+    /**
+     * @param string[] $principals
+     */
+    public function getSharesByPrincipals(array $principals): array {
+        return $this->mapper->getSharesByPrincipals($principals, $this->getResourceType());
+    }
 }

apps/dav/lib/DAV/Sharing/Backend.php

Indentation +246 added lines, -246 removed lines

@@ -19,250 +19,250 @@
 use Psr\Log\LoggerInterface;
 
 abstract class Backend {
-	use TTransactional;
-	public const ACCESS_OWNER = 1;
-
-	public const ACCESS_READ_WRITE = 2;
-	public const ACCESS_READ = 3;
-	// 4 is already in use for public calendars
-	public const ACCESS_UNSHARED = 5;
-
-	private ICache $shareCache;
-
-	public function __construct(
-		private IUserManager $userManager,
-		private IGroupManager $groupManager,
-		private Principal $principalBackend,
-		private RemoteUserPrincipalBackend $remoteUserPrincipalBackend,
-		private ICacheFactory $cacheFactory,
-		private SharingService $service,
-		// TODO: Make `FederationSharingService` abstract once we support federated address book
-		//       sharing. The abstract sharing backend should not take a service scoped to calendars
-		//       by default.
-		private FederationSharingService $federationSharingService,
-		private LoggerInterface $logger,
-	) {
-		$this->shareCache = $this->cacheFactory->createInMemory();
-	}
-
-	/**
-	 * @param list<array{href: string, commonName: string, readOnly: bool}> $add
-	 * @param list<string> $remove
-	 */
-	public function updateShares(IShareable $shareable, array $add, array $remove, array $oldShares = []): void {
-		$this->shareCache->clear();
-		foreach ($add as $element) {
-			// Hacky code below ... shouldn't we check the whole (principal) root collection instead?
-			$principal = $this->principalBackend->findByUri($element['href'], '')
-				?? $this->remoteUserPrincipalBackend->findByUri($element['href'], '');
-			if (empty($principal)) {
-				continue;
-			}
-
-			// We need to validate manually because some principals are only virtual
-			// i.e. Group principals
-			$principalparts = explode('/', $principal, 3);
-			if (count($principalparts) !== 3 || $principalparts[0] !== 'principals' || !in_array($principalparts[1], ['users', 'groups', 'circles', 'remote-users'], true)) {
-				// Invalid principal
-				continue;
-			}
-
-			// Don't add share for owner
-			if ($shareable->getOwner() !== null && strcasecmp($shareable->getOwner(), $principal) === 0) {
-				continue;
-			}
-
-			$principalparts[2] = urldecode($principalparts[2]);
-			if (($principalparts[1] === 'users' && !$this->userManager->userExists($principalparts[2]))
-				|| ($principalparts[1] === 'groups' && !$this->groupManager->groupExists($principalparts[2]))) {
-				// User or group does not exist
-				continue;
-			}
-
-			$access = Backend::ACCESS_READ;
-			if (isset($element['readOnly'])) {
-				$access = $element['readOnly'] ? Backend::ACCESS_READ : Backend::ACCESS_READ_WRITE;
-			}
-
-			if ($principalparts[1] === 'remote-users') {
-				$this->federationSharingService->shareWith($shareable, $principal, $access);
-			} else {
-				$this->service->shareWith($shareable->getResourceId(), $principal, $access);
-			}
-		}
-		foreach ($remove as $element) {
-			// Hacky code below ... shouldn't we check the whole (principal) root collection instead?
-			$principal = $this->principalBackend->findByUri($element, '')
-				?? $this->remoteUserPrincipalBackend->findByUri($element, '');
-			if (empty($principal)) {
-				continue;
-			}
-
-			// Don't add unshare for owner
-			if ($shareable->getOwner() !== null && strcasecmp($shareable->getOwner(), $principal) === 0) {
-				continue;
-			}
-
-			// Delete any possible direct shares (since the frontend does not separate between them)
-			$this->service->deleteShare($shareable->getResourceId(), $principal);
-		}
-	}
-
-	public function deleteAllShares(int $resourceId): void {
-		$this->shareCache->clear();
-		$this->service->deleteAllShares($resourceId);
-	}
-
-	public function deleteAllSharesByUser(string $principaluri): void {
-		$this->shareCache->clear();
-		$this->service->deleteAllSharesByUser($principaluri);
-	}
-
-	/**
-	 * Returns the list of people whom this resource is shared with.
-	 *
-	 * Every element in this array should have the following properties:
-	 *   * href - Often a mailto: address
-	 *   * commonName - Optional, for example a first + last name
-	 *   * status - See the Sabre\CalDAV\SharingPlugin::STATUS_ constants.
-	 *   * readOnly - boolean
-	 *
-	 * @param int $resourceId
-	 * @return list<array{href: string, commonName: string, status: int, readOnly: bool, '{http://owncloud.org/ns}principal': string, '{http://owncloud.org/ns}group-share': bool}>
-	 */
-	public function getShares(int $resourceId): array {
-		$cached = $this->shareCache->get((string)$resourceId);
-		if ($cached) {
-			return $cached;
-		}
-
-		$rows = $this->service->getShares($resourceId);
-		$shares = [];
-		foreach ($rows as $row) {
-			$p = $this->getPrincipalByPath($row['principaluri']);
-			$shares[] = [
-				'href' => "principal:{$row['principaluri']}",
-				'commonName' => isset($p['{DAV:}displayname']) ? (string)$p['{DAV:}displayname'] : '',
-				'status' => 1,
-				'readOnly' => (int)$row['access'] === Backend::ACCESS_READ,
-				'{http://owncloud.org/ns}principal' => (string)$row['principaluri'],
-				'{http://owncloud.org/ns}group-share' => isset($p['uri']) && (str_starts_with($p['uri'], 'principals/groups') || str_starts_with($p['uri'], 'principals/circles')),
-			];
-		}
-		$this->shareCache->set((string)$resourceId, $shares);
-		return $shares;
-	}
-
-	public function preloadShares(array $resourceIds): void {
-		$resourceIds = array_filter($resourceIds, function (int $resourceId) {
-			return empty($this->shareCache->get((string)$resourceId));
-		});
-		if (empty($resourceIds)) {
-			return;
-		}
-
-		$rows = $this->service->getSharesForIds($resourceIds);
-		$sharesByResource = array_fill_keys($resourceIds, []);
-		foreach ($rows as $row) {
-			$resourceId = (int)$row['resourceid'];
-			$p = $this->getPrincipalByPath($row['principaluri']);
-			$sharesByResource[$resourceId][] = [
-				'href' => "principal:{$row['principaluri']}",
-				'commonName' => isset($p['{DAV:}displayname']) ? (string)$p['{DAV:}displayname'] : '',
-				'status' => 1,
-				'readOnly' => (int)$row['access'] === self::ACCESS_READ,
-				'{http://owncloud.org/ns}principal' => (string)$row['principaluri'],
-				'{http://owncloud.org/ns}group-share' => isset($p['uri']) && str_starts_with($p['uri'], 'principals/groups')
-			];
-			$this->shareCache->set((string)$resourceId, $sharesByResource[$resourceId]);
-		}
-	}
-
-	/**
-	 * For shared resources the sharee is set in the ACL of the resource
-	 *
-	 * @param int $resourceId
-	 * @param list<array{privilege: string, principal: string, protected: bool}> $acl
-	 * @param list<array{href: string, commonName: string, status: int, readOnly: bool, '{http://owncloud.org/ns}principal': string, '{http://owncloud.org/ns}group-share': bool}> $shares
-	 * @return list<array{principal: string, privilege: string, protected: bool}>
-	 */
-	public function applyShareAcl(array $shares, array $acl): array {
-		foreach ($shares as $share) {
-			$acl[] = [
-				'privilege' => '{DAV:}read',
-				'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
-				'protected' => true,
-			];
-			if (!$share['readOnly']) {
-				$acl[] = [
-					'privilege' => '{DAV:}write',
-					'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
-					'protected' => true,
-				];
-			} elseif (in_array($this->service->getResourceType(), ['calendar','addressbook'])) {
-				// Allow changing the properties of read only calendars,
-				// so users can change the visibility.
-				$acl[] = [
-					'privilege' => '{DAV:}write-properties',
-					'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
-					'protected' => true,
-				];
-			}
-		}
-		return $acl;
-	}
-
-	public function unshare(IShareable $shareable, string $principalUri): bool {
-		$this->shareCache->clear();
-
-		$principal = $this->principalBackend->findByUri($principalUri, '');
-		if (empty($principal)) {
-			return false;
-		}
-
-		if ($shareable->getOwner() === $principal) {
-			return false;
-		}
-
-		// Delete any possible direct shares (since the frontend does not separate between them)
-		$this->service->deleteShare($shareable->getResourceId(), $principal);
-
-		$needsUnshare = $this->hasAccessByGroupOrCirclesMembership(
-			$shareable->getResourceId(),
-			$principal
-		);
-
-		if ($needsUnshare) {
-			$this->service->unshare($shareable->getResourceId(), $principal);
-		}
-
-		return true;
-	}
-
-	private function hasAccessByGroupOrCirclesMembership(int $resourceId, string $principal) {
-		$memberships = array_merge(
-			$this->principalBackend->getGroupMembership($principal, true),
-			$this->principalBackend->getCircleMembership($principal)
-		);
-
-		$shares = array_column(
-			$this->service->getShares($resourceId),
-			'principaluri'
-		);
-
-		return count(array_intersect($memberships, $shares)) > 0;
-	}
-
-	public function getSharesByShareePrincipal(string $principal): array {
-		return $this->service->getSharesByPrincipals([$principal]);
-	}
-
-	private function getPrincipalByPath(string $principalUri): ?array {
-		// Hacky code below ... shouldn't we check the whole (principal) root collection instead?
-		if (str_starts_with($principalUri, RemoteUserPrincipalBackend::PRINCIPAL_PREFIX)) {
-			return $this->remoteUserPrincipalBackend->getPrincipalByPath($principalUri);
-		}
-
-		return $this->principalBackend->getPrincipalByPath($principalUri);
-	}
+    use TTransactional;
+    public const ACCESS_OWNER = 1;
+
+    public const ACCESS_READ_WRITE = 2;
+    public const ACCESS_READ = 3;
+    // 4 is already in use for public calendars
+    public const ACCESS_UNSHARED = 5;
+
+    private ICache $shareCache;
+
+    public function __construct(
+        private IUserManager $userManager,
+        private IGroupManager $groupManager,
+        private Principal $principalBackend,
+        private RemoteUserPrincipalBackend $remoteUserPrincipalBackend,
+        private ICacheFactory $cacheFactory,
+        private SharingService $service,
+        // TODO: Make `FederationSharingService` abstract once we support federated address book
+        //       sharing. The abstract sharing backend should not take a service scoped to calendars
+        //       by default.
+        private FederationSharingService $federationSharingService,
+        private LoggerInterface $logger,
+    ) {
+        $this->shareCache = $this->cacheFactory->createInMemory();
+    }
+
+    /**
+     * @param list<array{href: string, commonName: string, readOnly: bool}> $add
+     * @param list<string> $remove
+     */
+    public function updateShares(IShareable $shareable, array $add, array $remove, array $oldShares = []): void {
+        $this->shareCache->clear();
+        foreach ($add as $element) {
+            // Hacky code below ... shouldn't we check the whole (principal) root collection instead?
+            $principal = $this->principalBackend->findByUri($element['href'], '')
+                ?? $this->remoteUserPrincipalBackend->findByUri($element['href'], '');
+            if (empty($principal)) {
+                continue;
+            }
+
+            // We need to validate manually because some principals are only virtual
+            // i.e. Group principals
+            $principalparts = explode('/', $principal, 3);
+            if (count($principalparts) !== 3 || $principalparts[0] !== 'principals' || !in_array($principalparts[1], ['users', 'groups', 'circles', 'remote-users'], true)) {
+                // Invalid principal
+                continue;
+            }
+
+            // Don't add share for owner
+            if ($shareable->getOwner() !== null && strcasecmp($shareable->getOwner(), $principal) === 0) {
+                continue;
+            }
+
+            $principalparts[2] = urldecode($principalparts[2]);
+            if (($principalparts[1] === 'users' && !$this->userManager->userExists($principalparts[2]))
+                || ($principalparts[1] === 'groups' && !$this->groupManager->groupExists($principalparts[2]))) {
+                // User or group does not exist
+                continue;
+            }
+
+            $access = Backend::ACCESS_READ;
+            if (isset($element['readOnly'])) {
+                $access = $element['readOnly'] ? Backend::ACCESS_READ : Backend::ACCESS_READ_WRITE;
+            }
+
+            if ($principalparts[1] === 'remote-users') {
+                $this->federationSharingService->shareWith($shareable, $principal, $access);
+            } else {
+                $this->service->shareWith($shareable->getResourceId(), $principal, $access);
+            }
+        }
+        foreach ($remove as $element) {
+            // Hacky code below ... shouldn't we check the whole (principal) root collection instead?
+            $principal = $this->principalBackend->findByUri($element, '')
+                ?? $this->remoteUserPrincipalBackend->findByUri($element, '');
+            if (empty($principal)) {
+                continue;
+            }
+
+            // Don't add unshare for owner
+            if ($shareable->getOwner() !== null && strcasecmp($shareable->getOwner(), $principal) === 0) {
+                continue;
+            }
+
+            // Delete any possible direct shares (since the frontend does not separate between them)
+            $this->service->deleteShare($shareable->getResourceId(), $principal);
+        }
+    }
+
+    public function deleteAllShares(int $resourceId): void {
+        $this->shareCache->clear();
+        $this->service->deleteAllShares($resourceId);
+    }
+
+    public function deleteAllSharesByUser(string $principaluri): void {
+        $this->shareCache->clear();
+        $this->service->deleteAllSharesByUser($principaluri);
+    }
+
+    /**
+     * Returns the list of people whom this resource is shared with.
+     *
+     * Every element in this array should have the following properties:
+     *   * href - Often a mailto: address
+     *   * commonName - Optional, for example a first + last name
+     *   * status - See the Sabre\CalDAV\SharingPlugin::STATUS_ constants.
+     *   * readOnly - boolean
+     *
+     * @param int $resourceId
+     * @return list<array{href: string, commonName: string, status: int, readOnly: bool, '{http://owncloud.org/ns}principal': string, '{http://owncloud.org/ns}group-share': bool}>
+     */
+    public function getShares(int $resourceId): array {
+        $cached = $this->shareCache->get((string)$resourceId);
+        if ($cached) {
+            return $cached;
+        }
+
+        $rows = $this->service->getShares($resourceId);
+        $shares = [];
+        foreach ($rows as $row) {
+            $p = $this->getPrincipalByPath($row['principaluri']);
+            $shares[] = [
+                'href' => "principal:{$row['principaluri']}",
+                'commonName' => isset($p['{DAV:}displayname']) ? (string)$p['{DAV:}displayname'] : '',
+                'status' => 1,
+                'readOnly' => (int)$row['access'] === Backend::ACCESS_READ,
+                '{http://owncloud.org/ns}principal' => (string)$row['principaluri'],
+                '{http://owncloud.org/ns}group-share' => isset($p['uri']) && (str_starts_with($p['uri'], 'principals/groups') || str_starts_with($p['uri'], 'principals/circles')),
+            ];
+        }
+        $this->shareCache->set((string)$resourceId, $shares);
+        return $shares;
+    }
+
+    public function preloadShares(array $resourceIds): void {
+        $resourceIds = array_filter($resourceIds, function (int $resourceId) {
+            return empty($this->shareCache->get((string)$resourceId));
+        });
+        if (empty($resourceIds)) {
+            return;
+        }
+
+        $rows = $this->service->getSharesForIds($resourceIds);
+        $sharesByResource = array_fill_keys($resourceIds, []);
+        foreach ($rows as $row) {
+            $resourceId = (int)$row['resourceid'];
+            $p = $this->getPrincipalByPath($row['principaluri']);
+            $sharesByResource[$resourceId][] = [
+                'href' => "principal:{$row['principaluri']}",
+                'commonName' => isset($p['{DAV:}displayname']) ? (string)$p['{DAV:}displayname'] : '',
+                'status' => 1,
+                'readOnly' => (int)$row['access'] === self::ACCESS_READ,
+                '{http://owncloud.org/ns}principal' => (string)$row['principaluri'],
+                '{http://owncloud.org/ns}group-share' => isset($p['uri']) && str_starts_with($p['uri'], 'principals/groups')
+            ];
+            $this->shareCache->set((string)$resourceId, $sharesByResource[$resourceId]);
+        }
+    }
+
+    /**
+     * For shared resources the sharee is set in the ACL of the resource
+     *
+     * @param int $resourceId
+     * @param list<array{privilege: string, principal: string, protected: bool}> $acl
+     * @param list<array{href: string, commonName: string, status: int, readOnly: bool, '{http://owncloud.org/ns}principal': string, '{http://owncloud.org/ns}group-share': bool}> $shares
+     * @return list<array{principal: string, privilege: string, protected: bool}>
+     */
+    public function applyShareAcl(array $shares, array $acl): array {
+        foreach ($shares as $share) {
+            $acl[] = [
+                'privilege' => '{DAV:}read',
+                'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
+                'protected' => true,
+            ];
+            if (!$share['readOnly']) {
+                $acl[] = [
+                    'privilege' => '{DAV:}write',
+                    'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
+                    'protected' => true,
+                ];
+            } elseif (in_array($this->service->getResourceType(), ['calendar','addressbook'])) {
+                // Allow changing the properties of read only calendars,
+                // so users can change the visibility.
+                $acl[] = [
+                    'privilege' => '{DAV:}write-properties',
+                    'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
+                    'protected' => true,
+                ];
+            }
+        }
+        return $acl;
+    }
+
+    public function unshare(IShareable $shareable, string $principalUri): bool {
+        $this->shareCache->clear();
+
+        $principal = $this->principalBackend->findByUri($principalUri, '');
+        if (empty($principal)) {
+            return false;
+        }
+
+        if ($shareable->getOwner() === $principal) {
+            return false;
+        }
+
+        // Delete any possible direct shares (since the frontend does not separate between them)
+        $this->service->deleteShare($shareable->getResourceId(), $principal);
+
+        $needsUnshare = $this->hasAccessByGroupOrCirclesMembership(
+            $shareable->getResourceId(),
+            $principal
+        );
+
+        if ($needsUnshare) {
+            $this->service->unshare($shareable->getResourceId(), $principal);
+        }
+
+        return true;
+    }
+
+    private function hasAccessByGroupOrCirclesMembership(int $resourceId, string $principal) {
+        $memberships = array_merge(
+            $this->principalBackend->getGroupMembership($principal, true),
+            $this->principalBackend->getCircleMembership($principal)
+        );
+
+        $shares = array_column(
+            $this->service->getShares($resourceId),
+            'principaluri'
+        );
+
+        return count(array_intersect($memberships, $shares)) > 0;
+    }
+
+    public function getSharesByShareePrincipal(string $principal): array {
+        return $this->service->getSharesByPrincipals([$principal]);
+    }
+
+    private function getPrincipalByPath(string $principalUri): ?array {
+        // Hacky code below ... shouldn't we check the whole (principal) root collection instead?
+        if (str_starts_with($principalUri, RemoteUserPrincipalBackend::PRINCIPAL_PREFIX)) {
+            return $this->remoteUserPrincipalBackend->getPrincipalByPath($principalUri);
+        }
+
+        return $this->principalBackend->getPrincipalByPath($principalUri);
+    }
 }

Spacing +16 added lines, -16 removed lines

@@ -131,7 +131,7 @@ 
 	 * @return list<array{href: string, commonName: string, status: int, readOnly: bool, '{http://owncloud.org/ns}principal': string, '{http://owncloud.org/ns}group-share': bool}>
 	 */
 	public function getShares(int $resourceId): array {
-		$cached = $this->shareCache->get((string)$resourceId);
+		$cached = $this->shareCache->get((string) $resourceId);
 		if ($cached) {
 			return $cached;
 		}
@@ -142,20 +142,20 @@ 
 			$p = $this->getPrincipalByPath($row['principaluri']);
 			$shares[] = [
 				'href' => "principal:{$row['principaluri']}",
-				'commonName' => isset($p['{DAV:}displayname']) ? (string)$p['{DAV:}displayname'] : '',
+				'commonName' => isset($p['{DAV:}displayname']) ? (string) $p['{DAV:}displayname'] : '',
 				'status' => 1,
-				'readOnly' => (int)$row['access'] === Backend::ACCESS_READ,
-				'{http://owncloud.org/ns}principal' => (string)$row['principaluri'],
+				'readOnly' => (int) $row['access'] === Backend::ACCESS_READ,
+				'{http://owncloud.org/ns}principal' => (string) $row['principaluri'],
 				'{http://owncloud.org/ns}group-share' => isset($p['uri']) && (str_starts_with($p['uri'], 'principals/groups') || str_starts_with($p['uri'], 'principals/circles')),
 			];
 		}
-		$this->shareCache->set((string)$resourceId, $shares);
+		$this->shareCache->set((string) $resourceId, $shares);
 		return $shares;
 	}
 
 	public function preloadShares(array $resourceIds): void {
-		$resourceIds = array_filter($resourceIds, function (int $resourceId) {
-			return empty($this->shareCache->get((string)$resourceId));
+		$resourceIds = array_filter($resourceIds, function(int $resourceId) {
+			return empty($this->shareCache->get((string) $resourceId));
 		});
 		if (empty($resourceIds)) {
 			return;
@@ -164,17 +164,17 @@ 
 		$rows = $this->service->getSharesForIds($resourceIds);
 		$sharesByResource = array_fill_keys($resourceIds, []);
 		foreach ($rows as $row) {
-			$resourceId = (int)$row['resourceid'];
+			$resourceId = (int) $row['resourceid'];
 			$p = $this->getPrincipalByPath($row['principaluri']);
 			$sharesByResource[$resourceId][] = [
 				'href' => "principal:{$row['principaluri']}",
-				'commonName' => isset($p['{DAV:}displayname']) ? (string)$p['{DAV:}displayname'] : '',
+				'commonName' => isset($p['{DAV:}displayname']) ? (string) $p['{DAV:}displayname'] : '',
 				'status' => 1,
-				'readOnly' => (int)$row['access'] === self::ACCESS_READ,
-				'{http://owncloud.org/ns}principal' => (string)$row['principaluri'],
+				'readOnly' => (int) $row['access'] === self::ACCESS_READ,
+				'{http://owncloud.org/ns}principal' => (string) $row['principaluri'],
 				'{http://owncloud.org/ns}group-share' => isset($p['uri']) && str_starts_with($p['uri'], 'principals/groups')
 			];
-			$this->shareCache->set((string)$resourceId, $sharesByResource[$resourceId]);
+			$this->shareCache->set((string) $resourceId, $sharesByResource[$resourceId]);
 		}
 	}
 
@@ -190,21 +190,21 @@ 
 		foreach ($shares as $share) {
 			$acl[] = [
 				'privilege' => '{DAV:}read',
-				'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
+				'principal' => $share['{'.\OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD.'}principal'],
 				'protected' => true,
 			];
 			if (!$share['readOnly']) {
 				$acl[] = [
 					'privilege' => '{DAV:}write',
-					'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
+					'principal' => $share['{'.\OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD.'}principal'],
 					'protected' => true,
 				];
-			} elseif (in_array($this->service->getResourceType(), ['calendar','addressbook'])) {
+			} elseif (in_array($this->service->getResourceType(), ['calendar', 'addressbook'])) {
 				// Allow changing the properties of read only calendars,
 				// so users can change the visibility.
 				$acl[] = [
 					'privilege' => '{DAV:}write-properties',
-					'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
+					'principal' => $share['{'.\OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD.'}principal'],
 					'protected' => true,
 				];
 			}

apps/dav/lib/CardDAV/Sharing/Backend.php

Indentation +12 added lines, -12 removed lines

@@ -18,16 +18,16 @@
 use Psr\Log\LoggerInterface;
 
 class Backend extends SharingBackend {
-	public function __construct(
-		private IUserManager $userManager,
-		private IGroupManager $groupManager,
-		private Principal $principalBackend,
-		private RemoteUserPrincipalBackend $remoteUserPrincipalBackend,
-		private ICacheFactory $cacheFactory,
-		private Service $service,
-		private FederationSharingService $federationSharingService,
-		private LoggerInterface $logger,
-	) {
-		parent::__construct($this->userManager, $this->groupManager, $this->principalBackend, $this->remoteUserPrincipalBackend, $this->cacheFactory, $this->service, $this->federationSharingService, $this->logger);
-	}
+    public function __construct(
+        private IUserManager $userManager,
+        private IGroupManager $groupManager,
+        private Principal $principalBackend,
+        private RemoteUserPrincipalBackend $remoteUserPrincipalBackend,
+        private ICacheFactory $cacheFactory,
+        private Service $service,
+        private FederationSharingService $federationSharingService,
+        private LoggerInterface $logger,
+    ) {
+        parent::__construct($this->userManager, $this->groupManager, $this->principalBackend, $this->remoteUserPrincipalBackend, $this->cacheFactory, $this->service, $this->federationSharingService, $this->logger);
+    }
 }

apps/dav/lib/CardDAV/SyncService.php

Indentation +190 added lines, -190 removed lines

@@ -24,194 +24,194 @@
 
 class SyncService extends ASyncService {
 
-	use TTransactional;
-	private ?array $localSystemAddressBook = null;
-	protected string $certPath;
-
-	public function __construct(
-		IClientService $clientService,
-		IConfig $config,
-		private CardDavBackend $backend,
-		private IUserManager $userManager,
-		private IDBConnection $dbConnection,
-		private LoggerInterface $logger,
-		private Converter $converter,
-	) {
-		parent::__construct($clientService, $config);
-
-		$this->certPath = '';
-	}
-
-	/**
-	 * @psalm-return list{0: ?string, 1: boolean}
-	 * @throws \Exception
-	 */
-	public function syncRemoteAddressBook(string $url, string $userName, string $addressBookUrl, string $sharedSecret, ?string $syncToken, string $targetBookHash, string $targetPrincipal, array $targetProperties): array {
-		// 1. create addressbook
-		$book = $this->ensureSystemAddressBookExists($targetPrincipal, $targetBookHash, $targetProperties);
-		$addressBookId = $book['id'];
-
-		// 2. query changes
-		try {
-			$absoluteUri = $this->prepareUri($url, $addressBookUrl);
-			$response = $this->requestSyncReport($absoluteUri, $userName, $sharedSecret, $syncToken);
-		} catch (ClientExceptionInterface $ex) {
-			if ($ex->getCode() === Http::STATUS_UNAUTHORIZED) {
-				// remote server revoked access to the address book, remove it
-				$this->backend->deleteAddressBook($addressBookId);
-				$this->logger->error('Authorization failed, remove address book: ' . $url, ['app' => 'dav']);
-				throw $ex;
-			}
-			$this->logger->error('Client exception:', ['app' => 'dav', 'exception' => $ex]);
-			throw $ex;
-		}
-
-		// 3. apply changes
-		// TODO: use multi-get for download
-		foreach ($response['response'] as $resource => $status) {
-			$cardUri = basename($resource);
-			if (isset($status[200])) {
-				$absoluteUrl = $this->prepareUri($url, $resource);
-				$vCard = $this->download($absoluteUrl, $userName, $sharedSecret);
-				$this->atomic(function () use ($addressBookId, $cardUri, $vCard): void {
-					$existingCard = $this->backend->getCard($addressBookId, $cardUri);
-					if ($existingCard === false) {
-						$this->backend->createCard($addressBookId, $cardUri, $vCard);
-					} else {
-						$this->backend->updateCard($addressBookId, $cardUri, $vCard);
-					}
-				}, $this->dbConnection);
-			} else {
-				$this->backend->deleteCard($addressBookId, $cardUri);
-			}
-		}
-
-		return [
-			$response['token'],
-			$response['truncated'],
-		];
-	}
-
-	/**
-	 * @throws \Sabre\DAV\Exception\BadRequest
-	 */
-	public function ensureSystemAddressBookExists(string $principal, string $uri, array $properties): ?array {
-		try {
-			return $this->atomic(function () use ($principal, $uri, $properties) {
-				$book = $this->backend->getAddressBooksByUri($principal, $uri);
-				if (!is_null($book)) {
-					return $book;
-				}
-				$this->backend->createAddressBook($principal, $uri, $properties);
-
-				return $this->backend->getAddressBooksByUri($principal, $uri);
-			}, $this->dbConnection);
-		} catch (Exception $e) {
-			// READ COMMITTED doesn't prevent a nonrepeatable read above, so
-			// two processes might create an address book here. Ignore our
-			// failure and continue loading the entry written by the other process
-			if ($e->getReason() !== Exception::REASON_UNIQUE_CONSTRAINT_VIOLATION) {
-				throw $e;
-			}
-
-			// If this fails we might have hit a replication node that does not
-			// have the row written in the other process.
-			// TODO: find an elegant way to handle this
-			$ab = $this->backend->getAddressBooksByUri($principal, $uri);
-			if ($ab === null) {
-				throw new Exception('Could not create system address book', $e->getCode(), $e);
-			}
-			return $ab;
-		}
-	}
-
-	public function ensureLocalSystemAddressBookExists(): ?array {
-		return $this->ensureSystemAddressBookExists('principals/system/system', 'system', [
-			'{' . Plugin::NS_CARDDAV . '}addressbook-description' => 'System addressbook which holds all users of this instance'
-		]);
-	}
-
-	/**
-	 * @param IUser $user
-	 */
-	public function updateUser(IUser $user): void {
-		$systemAddressBook = $this->getLocalSystemAddressBook();
-		$addressBookId = $systemAddressBook['id'];
-
-		$cardId = self::getCardUri($user);
-		if ($user->isEnabled()) {
-			$this->atomic(function () use ($addressBookId, $cardId, $user): void {
-				$card = $this->backend->getCard($addressBookId, $cardId);
-				if ($card === false) {
-					$vCard = $this->converter->createCardFromUser($user);
-					if ($vCard !== null) {
-						$this->backend->createCard($addressBookId, $cardId, $vCard->serialize(), false);
-					}
-				} else {
-					$vCard = $this->converter->createCardFromUser($user);
-					if (is_null($vCard)) {
-						$this->backend->deleteCard($addressBookId, $cardId);
-					} else {
-						$this->backend->updateCard($addressBookId, $cardId, $vCard->serialize());
-					}
-				}
-			}, $this->dbConnection);
-		} else {
-			$this->backend->deleteCard($addressBookId, $cardId);
-		}
-	}
-
-	/**
-	 * @param IUser|string $userOrCardId
-	 */
-	public function deleteUser($userOrCardId) {
-		$systemAddressBook = $this->getLocalSystemAddressBook();
-		if ($userOrCardId instanceof IUser) {
-			$userOrCardId = self::getCardUri($userOrCardId);
-		}
-		$this->backend->deleteCard($systemAddressBook['id'], $userOrCardId);
-	}
-
-	/**
-	 * @return array|null
-	 */
-	public function getLocalSystemAddressBook() {
-		if (is_null($this->localSystemAddressBook)) {
-			$this->localSystemAddressBook = $this->ensureLocalSystemAddressBookExists();
-		}
-
-		return $this->localSystemAddressBook;
-	}
-
-	/**
-	 * @return void
-	 */
-	public function syncInstance(?\Closure $progressCallback = null) {
-		$systemAddressBook = $this->getLocalSystemAddressBook();
-		$this->userManager->callForAllUsers(function ($user) use ($systemAddressBook, $progressCallback): void {
-			$this->updateUser($user);
-			if (!is_null($progressCallback)) {
-				$progressCallback();
-			}
-		});
-
-		// remove no longer existing
-		$allCards = $this->backend->getCards($systemAddressBook['id']);
-		foreach ($allCards as $card) {
-			$vCard = Reader::read($card['carddata']);
-			$uid = $vCard->UID->getValue();
-			// load backend and see if user exists
-			if (!$this->userManager->userExists($uid)) {
-				$this->deleteUser($card['uri']);
-			}
-		}
-	}
-
-	/**
-	 * @param IUser $user
-	 * @return string
-	 */
-	public static function getCardUri(IUser $user): string {
-		return $user->getBackendClassName() . ':' . $user->getUID() . '.vcf';
-	}
+    use TTransactional;
+    private ?array $localSystemAddressBook = null;
+    protected string $certPath;
+
+    public function __construct(
+        IClientService $clientService,
+        IConfig $config,
+        private CardDavBackend $backend,
+        private IUserManager $userManager,
+        private IDBConnection $dbConnection,
+        private LoggerInterface $logger,
+        private Converter $converter,
+    ) {
+        parent::__construct($clientService, $config);
+
+        $this->certPath = '';
+    }
+
+    /**
+     * @psalm-return list{0: ?string, 1: boolean}
+     * @throws \Exception
+     */
+    public function syncRemoteAddressBook(string $url, string $userName, string $addressBookUrl, string $sharedSecret, ?string $syncToken, string $targetBookHash, string $targetPrincipal, array $targetProperties): array {
+        // 1. create addressbook
+        $book = $this->ensureSystemAddressBookExists($targetPrincipal, $targetBookHash, $targetProperties);
+        $addressBookId = $book['id'];
+
+        // 2. query changes
+        try {
+            $absoluteUri = $this->prepareUri($url, $addressBookUrl);
+            $response = $this->requestSyncReport($absoluteUri, $userName, $sharedSecret, $syncToken);
+        } catch (ClientExceptionInterface $ex) {
+            if ($ex->getCode() === Http::STATUS_UNAUTHORIZED) {
+                // remote server revoked access to the address book, remove it
+                $this->backend->deleteAddressBook($addressBookId);
+                $this->logger->error('Authorization failed, remove address book: ' . $url, ['app' => 'dav']);
+                throw $ex;
+            }
+            $this->logger->error('Client exception:', ['app' => 'dav', 'exception' => $ex]);
+            throw $ex;
+        }
+
+        // 3. apply changes
+        // TODO: use multi-get for download
+        foreach ($response['response'] as $resource => $status) {
+            $cardUri = basename($resource);
+            if (isset($status[200])) {
+                $absoluteUrl = $this->prepareUri($url, $resource);
+                $vCard = $this->download($absoluteUrl, $userName, $sharedSecret);
+                $this->atomic(function () use ($addressBookId, $cardUri, $vCard): void {
+                    $existingCard = $this->backend->getCard($addressBookId, $cardUri);
+                    if ($existingCard === false) {
+                        $this->backend->createCard($addressBookId, $cardUri, $vCard);
+                    } else {
+                        $this->backend->updateCard($addressBookId, $cardUri, $vCard);
+                    }
+                }, $this->dbConnection);
+            } else {
+                $this->backend->deleteCard($addressBookId, $cardUri);
+            }
+        }
+
+        return [
+            $response['token'],
+            $response['truncated'],
+        ];
+    }
+
+    /**
+     * @throws \Sabre\DAV\Exception\BadRequest
+     */
+    public function ensureSystemAddressBookExists(string $principal, string $uri, array $properties): ?array {
+        try {
+            return $this->atomic(function () use ($principal, $uri, $properties) {
+                $book = $this->backend->getAddressBooksByUri($principal, $uri);
+                if (!is_null($book)) {
+                    return $book;
+                }
+                $this->backend->createAddressBook($principal, $uri, $properties);
+
+                return $this->backend->getAddressBooksByUri($principal, $uri);
+            }, $this->dbConnection);
+        } catch (Exception $e) {
+            // READ COMMITTED doesn't prevent a nonrepeatable read above, so
+            // two processes might create an address book here. Ignore our
+            // failure and continue loading the entry written by the other process
+            if ($e->getReason() !== Exception::REASON_UNIQUE_CONSTRAINT_VIOLATION) {
+                throw $e;
+            }
+
+            // If this fails we might have hit a replication node that does not
+            // have the row written in the other process.
+            // TODO: find an elegant way to handle this
+            $ab = $this->backend->getAddressBooksByUri($principal, $uri);
+            if ($ab === null) {
+                throw new Exception('Could not create system address book', $e->getCode(), $e);
+            }
+            return $ab;
+        }
+    }
+
+    public function ensureLocalSystemAddressBookExists(): ?array {
+        return $this->ensureSystemAddressBookExists('principals/system/system', 'system', [
+            '{' . Plugin::NS_CARDDAV . '}addressbook-description' => 'System addressbook which holds all users of this instance'
+        ]);
+    }
+
+    /**
+     * @param IUser $user
+     */
+    public function updateUser(IUser $user): void {
+        $systemAddressBook = $this->getLocalSystemAddressBook();
+        $addressBookId = $systemAddressBook['id'];
+
+        $cardId = self::getCardUri($user);
+        if ($user->isEnabled()) {
+            $this->atomic(function () use ($addressBookId, $cardId, $user): void {
+                $card = $this->backend->getCard($addressBookId, $cardId);
+                if ($card === false) {
+                    $vCard = $this->converter->createCardFromUser($user);
+                    if ($vCard !== null) {
+                        $this->backend->createCard($addressBookId, $cardId, $vCard->serialize(), false);
+                    }
+                } else {
+                    $vCard = $this->converter->createCardFromUser($user);
+                    if (is_null($vCard)) {
+                        $this->backend->deleteCard($addressBookId, $cardId);
+                    } else {
+                        $this->backend->updateCard($addressBookId, $cardId, $vCard->serialize());
+                    }
+                }
+            }, $this->dbConnection);
+        } else {
+            $this->backend->deleteCard($addressBookId, $cardId);
+        }
+    }
+
+    /**
+     * @param IUser|string $userOrCardId
+     */
+    public function deleteUser($userOrCardId) {
+        $systemAddressBook = $this->getLocalSystemAddressBook();
+        if ($userOrCardId instanceof IUser) {
+            $userOrCardId = self::getCardUri($userOrCardId);
+        }
+        $this->backend->deleteCard($systemAddressBook['id'], $userOrCardId);
+    }
+
+    /**
+     * @return array|null
+     */
+    public function getLocalSystemAddressBook() {
+        if (is_null($this->localSystemAddressBook)) {
+            $this->localSystemAddressBook = $this->ensureLocalSystemAddressBookExists();
+        }
+
+        return $this->localSystemAddressBook;
+    }
+
+    /**
+     * @return void
+     */
+    public function syncInstance(?\Closure $progressCallback = null) {
+        $systemAddressBook = $this->getLocalSystemAddressBook();
+        $this->userManager->callForAllUsers(function ($user) use ($systemAddressBook, $progressCallback): void {
+            $this->updateUser($user);
+            if (!is_null($progressCallback)) {
+                $progressCallback();
+            }
+        });
+
+        // remove no longer existing
+        $allCards = $this->backend->getCards($systemAddressBook['id']);
+        foreach ($allCards as $card) {
+            $vCard = Reader::read($card['carddata']);
+            $uid = $vCard->UID->getValue();
+            // load backend and see if user exists
+            if (!$this->userManager->userExists($uid)) {
+                $this->deleteUser($card['uri']);
+            }
+        }
+    }
+
+    /**
+     * @param IUser $user
+     * @return string
+     */
+    public static function getCardUri(IUser $user): string {
+        return $user->getBackendClassName() . ':' . $user->getUID() . '.vcf';
+    }
 }

Spacing +7 added lines, -7 removed lines

@@ -59,7 +59,7 @@ 
 			if ($ex->getCode() === Http::STATUS_UNAUTHORIZED) {
 				// remote server revoked access to the address book, remove it
 				$this->backend->deleteAddressBook($addressBookId);
-				$this->logger->error('Authorization failed, remove address book: ' . $url, ['app' => 'dav']);
+				$this->logger->error('Authorization failed, remove address book: '.$url, ['app' => 'dav']);
 				throw $ex;
 			}
 			$this->logger->error('Client exception:', ['app' => 'dav', 'exception' => $ex]);
@@ -73,7 +73,7 @@ 
 			if (isset($status[200])) {
 				$absoluteUrl = $this->prepareUri($url, $resource);
 				$vCard = $this->download($absoluteUrl, $userName, $sharedSecret);
-				$this->atomic(function () use ($addressBookId, $cardUri, $vCard): void {
+				$this->atomic(function() use ($addressBookId, $cardUri, $vCard): void {
 					$existingCard = $this->backend->getCard($addressBookId, $cardUri);
 					if ($existingCard === false) {
 						$this->backend->createCard($addressBookId, $cardUri, $vCard);
@@ -97,7 +97,7 @@ 
 	 */
 	public function ensureSystemAddressBookExists(string $principal, string $uri, array $properties): ?array {
 		try {
-			return $this->atomic(function () use ($principal, $uri, $properties) {
+			return $this->atomic(function() use ($principal, $uri, $properties) {
 				$book = $this->backend->getAddressBooksByUri($principal, $uri);
 				if (!is_null($book)) {
 					return $book;
@@ -127,7 +127,7 @@ 
 
 	public function ensureLocalSystemAddressBookExists(): ?array {
 		return $this->ensureSystemAddressBookExists('principals/system/system', 'system', [
-			'{' . Plugin::NS_CARDDAV . '}addressbook-description' => 'System addressbook which holds all users of this instance'
+			'{'.Plugin::NS_CARDDAV.'}addressbook-description' => 'System addressbook which holds all users of this instance'
 		]);
 	}
 
@@ -140,7 +140,7 @@ 
 
 		$cardId = self::getCardUri($user);
 		if ($user->isEnabled()) {
-			$this->atomic(function () use ($addressBookId, $cardId, $user): void {
+			$this->atomic(function() use ($addressBookId, $cardId, $user): void {
 				$card = $this->backend->getCard($addressBookId, $cardId);
 				if ($card === false) {
 					$vCard = $this->converter->createCardFromUser($user);
@@ -188,7 +188,7 @@ 
 	 */
 	public function syncInstance(?\Closure $progressCallback = null) {
 		$systemAddressBook = $this->getLocalSystemAddressBook();
-		$this->userManager->callForAllUsers(function ($user) use ($systemAddressBook, $progressCallback): void {
+		$this->userManager->callForAllUsers(function($user) use ($systemAddressBook, $progressCallback): void {
 			$this->updateUser($user);
 			if (!is_null($progressCallback)) {
 				$progressCallback();
@@ -212,6 +212,6 @@ 
 	 * @return string
 	 */
 	public static function getCardUri(IUser $user): string {
-		return $user->getBackendClassName() . ':' . $user->getUID() . '.vcf';
+		return $user->getBackendClassName().':'.$user->getUID().'.vcf';
 	}
 }

apps/dav/lib/RootCollection.php

Indentation +166 added lines, -166 removed lines

@@ -49,170 +49,170 @@
 use Sabre\DAV\SimpleCollection;
 
 class RootCollection extends SimpleCollection {
-	public function __construct() {
-		$l10n = \OC::$server->getL10N('dav');
-		$random = Server::get(ISecureRandom::class);
-		$logger = Server::get(LoggerInterface::class);
-		$userManager = Server::get(IUserManager::class);
-		$userSession = Server::get(IUserSession::class);
-		$groupManager = Server::get(IGroupManager::class);
-		$shareManager = Server::get(\OCP\Share\IManager::class);
-		$db = Server::get(IDBConnection::class);
-		$dispatcher = Server::get(IEventDispatcher::class);
-		$config = Server::get(IConfig::class);
-		$proxyMapper = Server::get(ProxyMapper::class);
-		$rootFolder = Server::get(IRootFolder::class);
-		$federatedCalendarFactory = Server::get(FederatedCalendarFactory::class);
-
-		$userPrincipalBackend = new Principal(
-			$userManager,
-			$groupManager,
-			Server::get(IAccountManager::class),
-			$shareManager,
-			Server::get(IUserSession::class),
-			Server::get(IAppManager::class),
-			$proxyMapper,
-			Server::get(KnownUserService::class),
-			Server::get(IConfig::class),
-			\OC::$server->getL10NFactory()
-		);
-
-		$groupPrincipalBackend = new GroupPrincipalBackend($groupManager, $userSession, $shareManager, $config);
-		$calendarResourcePrincipalBackend = new ResourcePrincipalBackend($db, $userSession, $groupManager, $logger, $proxyMapper);
-		$calendarRoomPrincipalBackend = new RoomPrincipalBackend($db, $userSession, $groupManager, $logger, $proxyMapper);
-		$remoteUserPrincipalBackend = Server::get(RemoteUserPrincipalBackend::class);
-		// as soon as debug mode is enabled we allow listing of principals
-		$disableListing = !$config->getSystemValue('debug', false);
-
-		// setup the first level of the dav tree
-		$userPrincipals = new Collection($userPrincipalBackend, 'principals/users');
-		$userPrincipals->disableListing = $disableListing;
-		$groupPrincipals = new Collection($groupPrincipalBackend, 'principals/groups');
-		$groupPrincipals->disableListing = $disableListing;
-		$systemPrincipals = new Collection(new SystemPrincipalBackend(), 'principals/system');
-		$systemPrincipals->disableListing = $disableListing;
-		$calendarResourcePrincipals = new Collection($calendarResourcePrincipalBackend, 'principals/calendar-resources');
-		$calendarRoomPrincipals = new Collection($calendarRoomPrincipalBackend, 'principals/calendar-rooms');
-		$remoteUserPrincipals = new Collection($remoteUserPrincipalBackend, RemoteUserPrincipalBackend::PRINCIPAL_PREFIX);
-		$calendarSharingBackend = Server::get(Backend::class);
-
-		$filesCollection = new Files\RootCollection($userPrincipalBackend, 'principals/users');
-		$filesCollection->disableListing = $disableListing;
-		$caldavBackend = new CalDavBackend(
-			$db,
-			$userPrincipalBackend,
-			$userManager,
-			$random,
-			$logger,
-			$dispatcher,
-			$config,
-			$calendarSharingBackend,
-			Server::get(FederatedCalendarMapper::class),
-			false,
-		);
-		$userCalendarRoot = new CalendarRoot($userPrincipalBackend, $caldavBackend, 'principals/users', $logger, $l10n, $config, $federatedCalendarFactory);
-		$userCalendarRoot->disableListing = $disableListing;
-
-		$remoteUserCalendarRoot = new CalendarRoot($remoteUserPrincipalBackend, $caldavBackend, RemoteUserPrincipalBackend::PRINCIPAL_PREFIX, $logger, $l10n, $config, $federatedCalendarFactory);
-		$remoteUserCalendarRoot->disableListing = $disableListing;
-
-		$resourceCalendarRoot = new CalendarRoot($calendarResourcePrincipalBackend, $caldavBackend, 'principals/calendar-resources', $logger, $l10n, $config, $federatedCalendarFactory);
-		$resourceCalendarRoot->disableListing = $disableListing;
-		$roomCalendarRoot = new CalendarRoot($calendarRoomPrincipalBackend, $caldavBackend, 'principals/calendar-rooms', $logger, $l10n, $config, $federatedCalendarFactory);
-		$roomCalendarRoot->disableListing = $disableListing;
-
-		$publicCalendarRoot = new PublicCalendarRoot($caldavBackend, $l10n, $config, $logger);
-
-		$systemTagCollection = Server::get(SystemTagsByIdCollection::class);
-		$systemTagRelationsCollection = new SystemTagsRelationsCollection(
-			Server::get(ISystemTagManager::class),
-			Server::get(ISystemTagObjectMapper::class),
-			Server::get(IUserSession::class),
-			$groupManager,
-			$dispatcher,
-			$rootFolder,
-		);
-		$systemTagInUseCollection = Server::get(SystemTagsInUseCollection::class);
-		$commentsCollection = new Comments\RootCollection(
-			Server::get(ICommentsManager::class),
-			$userManager,
-			Server::get(IUserSession::class),
-			$dispatcher,
-			$logger
-		);
-
-		$contactsSharingBackend = Server::get(\OCA\DAV\CardDAV\Sharing\Backend::class);
-		$config = Server::get(IConfig::class);
-
-		$pluginManager = new PluginManager(\OC::$server, Server::get(IAppManager::class));
-		$usersCardDavBackend = new CardDavBackend(
-			$db,
-			$userPrincipalBackend,
-			$userManager,
-			$dispatcher,
-			$contactsSharingBackend,
-			$config
-		);
-		$usersAddressBookRoot = new AddressBookRoot($userPrincipalBackend, $usersCardDavBackend, $pluginManager, $userSession->getUser(), $groupManager, 'principals/users');
-		$usersAddressBookRoot->disableListing = $disableListing;
-
-		$systemCardDavBackend = new CardDavBackend(
-			$db,
-			$userPrincipalBackend,
-			$userManager,
-			$dispatcher,
-			$contactsSharingBackend,
-			$config
-		);
-		$systemAddressBookRoot = new AddressBookRoot(new SystemPrincipalBackend(), $systemCardDavBackend, $pluginManager, $userSession->getUser(), $groupManager, 'principals/system');
-		$systemAddressBookRoot->disableListing = $disableListing;
-
-		$uploadCollection = new Upload\RootCollection(
-			$userPrincipalBackend,
-			'principals/users',
-			Server::get(CleanupService::class),
-			$rootFolder,
-			$userSession,
-			$shareManager,
-		);
-		$uploadCollection->disableListing = $disableListing;
-
-		$avatarCollection = new Avatars\RootCollection($userPrincipalBackend, 'principals/users');
-		$avatarCollection->disableListing = $disableListing;
-
-		$appleProvisioning = new AppleProvisioningNode(
-			Server::get(ITimeFactory::class));
-
-		$children = [
-			new SimpleCollection('principals', [
-				$userPrincipals,
-				$groupPrincipals,
-				$systemPrincipals,
-				$calendarResourcePrincipals,
-				$calendarRoomPrincipals,
-				$remoteUserPrincipals]),
-			$filesCollection,
-			$userCalendarRoot,
-			$remoteUserCalendarRoot,
-			new SimpleCollection('system-calendars', [
-				$resourceCalendarRoot,
-				$roomCalendarRoot,
-			]),
-			$publicCalendarRoot,
-			new SimpleCollection('addressbooks', [
-				$usersAddressBookRoot,
-				$systemAddressBookRoot]),
-			$systemTagCollection,
-			$systemTagRelationsCollection,
-			$systemTagInUseCollection,
-			$commentsCollection,
-			$uploadCollection,
-			$avatarCollection,
-			new SimpleCollection('provisioning', [
-				$appleProvisioning
-			])
-		];
-
-		parent::__construct('root', $children);
-	}
+    public function __construct() {
+        $l10n = \OC::$server->getL10N('dav');
+        $random = Server::get(ISecureRandom::class);
+        $logger = Server::get(LoggerInterface::class);
+        $userManager = Server::get(IUserManager::class);
+        $userSession = Server::get(IUserSession::class);
+        $groupManager = Server::get(IGroupManager::class);
+        $shareManager = Server::get(\OCP\Share\IManager::class);
+        $db = Server::get(IDBConnection::class);
+        $dispatcher = Server::get(IEventDispatcher::class);
+        $config = Server::get(IConfig::class);
+        $proxyMapper = Server::get(ProxyMapper::class);
+        $rootFolder = Server::get(IRootFolder::class);
+        $federatedCalendarFactory = Server::get(FederatedCalendarFactory::class);
+
+        $userPrincipalBackend = new Principal(
+            $userManager,
+            $groupManager,
+            Server::get(IAccountManager::class),
+            $shareManager,
+            Server::get(IUserSession::class),
+            Server::get(IAppManager::class),
+            $proxyMapper,
+            Server::get(KnownUserService::class),
+            Server::get(IConfig::class),
+            \OC::$server->getL10NFactory()
+        );
+
+        $groupPrincipalBackend = new GroupPrincipalBackend($groupManager, $userSession, $shareManager, $config);
+        $calendarResourcePrincipalBackend = new ResourcePrincipalBackend($db, $userSession, $groupManager, $logger, $proxyMapper);
+        $calendarRoomPrincipalBackend = new RoomPrincipalBackend($db, $userSession, $groupManager, $logger, $proxyMapper);
+        $remoteUserPrincipalBackend = Server::get(RemoteUserPrincipalBackend::class);
+        // as soon as debug mode is enabled we allow listing of principals
+        $disableListing = !$config->getSystemValue('debug', false);
+
+        // setup the first level of the dav tree
+        $userPrincipals = new Collection($userPrincipalBackend, 'principals/users');
+        $userPrincipals->disableListing = $disableListing;
+        $groupPrincipals = new Collection($groupPrincipalBackend, 'principals/groups');
+        $groupPrincipals->disableListing = $disableListing;
+        $systemPrincipals = new Collection(new SystemPrincipalBackend(), 'principals/system');
+        $systemPrincipals->disableListing = $disableListing;
+        $calendarResourcePrincipals = new Collection($calendarResourcePrincipalBackend, 'principals/calendar-resources');
+        $calendarRoomPrincipals = new Collection($calendarRoomPrincipalBackend, 'principals/calendar-rooms');
+        $remoteUserPrincipals = new Collection($remoteUserPrincipalBackend, RemoteUserPrincipalBackend::PRINCIPAL_PREFIX);
+        $calendarSharingBackend = Server::get(Backend::class);
+
+        $filesCollection = new Files\RootCollection($userPrincipalBackend, 'principals/users');
+        $filesCollection->disableListing = $disableListing;
+        $caldavBackend = new CalDavBackend(
+            $db,
+            $userPrincipalBackend,
+            $userManager,
+            $random,
+            $logger,
+            $dispatcher,
+            $config,
+            $calendarSharingBackend,
+            Server::get(FederatedCalendarMapper::class),
+            false,
+        );
+        $userCalendarRoot = new CalendarRoot($userPrincipalBackend, $caldavBackend, 'principals/users', $logger, $l10n, $config, $federatedCalendarFactory);
+        $userCalendarRoot->disableListing = $disableListing;
+
+        $remoteUserCalendarRoot = new CalendarRoot($remoteUserPrincipalBackend, $caldavBackend, RemoteUserPrincipalBackend::PRINCIPAL_PREFIX, $logger, $l10n, $config, $federatedCalendarFactory);
+        $remoteUserCalendarRoot->disableListing = $disableListing;
+
+        $resourceCalendarRoot = new CalendarRoot($calendarResourcePrincipalBackend, $caldavBackend, 'principals/calendar-resources', $logger, $l10n, $config, $federatedCalendarFactory);
+        $resourceCalendarRoot->disableListing = $disableListing;
+        $roomCalendarRoot = new CalendarRoot($calendarRoomPrincipalBackend, $caldavBackend, 'principals/calendar-rooms', $logger, $l10n, $config, $federatedCalendarFactory);
+        $roomCalendarRoot->disableListing = $disableListing;
+
+        $publicCalendarRoot = new PublicCalendarRoot($caldavBackend, $l10n, $config, $logger);
+
+        $systemTagCollection = Server::get(SystemTagsByIdCollection::class);
+        $systemTagRelationsCollection = new SystemTagsRelationsCollection(
+            Server::get(ISystemTagManager::class),
+            Server::get(ISystemTagObjectMapper::class),
+            Server::get(IUserSession::class),
+            $groupManager,
+            $dispatcher,
+            $rootFolder,
+        );
+        $systemTagInUseCollection = Server::get(SystemTagsInUseCollection::class);
+        $commentsCollection = new Comments\RootCollection(
+            Server::get(ICommentsManager::class),
+            $userManager,
+            Server::get(IUserSession::class),
+            $dispatcher,
+            $logger
+        );
+
+        $contactsSharingBackend = Server::get(\OCA\DAV\CardDAV\Sharing\Backend::class);
+        $config = Server::get(IConfig::class);
+
+        $pluginManager = new PluginManager(\OC::$server, Server::get(IAppManager::class));
+        $usersCardDavBackend = new CardDavBackend(
+            $db,
+            $userPrincipalBackend,
+            $userManager,
+            $dispatcher,
+            $contactsSharingBackend,
+            $config
+        );
+        $usersAddressBookRoot = new AddressBookRoot($userPrincipalBackend, $usersCardDavBackend, $pluginManager, $userSession->getUser(), $groupManager, 'principals/users');
+        $usersAddressBookRoot->disableListing = $disableListing;
+
+        $systemCardDavBackend = new CardDavBackend(
+            $db,
+            $userPrincipalBackend,
+            $userManager,
+            $dispatcher,
+            $contactsSharingBackend,
+            $config
+        );
+        $systemAddressBookRoot = new AddressBookRoot(new SystemPrincipalBackend(), $systemCardDavBackend, $pluginManager, $userSession->getUser(), $groupManager, 'principals/system');
+        $systemAddressBookRoot->disableListing = $disableListing;
+
+        $uploadCollection = new Upload\RootCollection(
+            $userPrincipalBackend,
+            'principals/users',
+            Server::get(CleanupService::class),
+            $rootFolder,
+            $userSession,
+            $shareManager,
+        );
+        $uploadCollection->disableListing = $disableListing;
+
+        $avatarCollection = new Avatars\RootCollection($userPrincipalBackend, 'principals/users');
+        $avatarCollection->disableListing = $disableListing;
+
+        $appleProvisioning = new AppleProvisioningNode(
+            Server::get(ITimeFactory::class));
+
+        $children = [
+            new SimpleCollection('principals', [
+                $userPrincipals,
+                $groupPrincipals,
+                $systemPrincipals,
+                $calendarResourcePrincipals,
+                $calendarRoomPrincipals,
+                $remoteUserPrincipals]),
+            $filesCollection,
+            $userCalendarRoot,
+            $remoteUserCalendarRoot,
+            new SimpleCollection('system-calendars', [
+                $resourceCalendarRoot,
+                $roomCalendarRoot,
+            ]),
+            $publicCalendarRoot,
+            new SimpleCollection('addressbooks', [
+                $usersAddressBookRoot,
+                $systemAddressBookRoot]),
+            $systemTagCollection,
+            $systemTagRelationsCollection,
+            $systemTagInUseCollection,
+            $commentsCollection,
+            $uploadCollection,
+            $avatarCollection,
+            new SimpleCollection('provisioning', [
+                $appleProvisioning
+            ])
+        ];
+
+        parent::__construct('root', $children);
+    }
 }