nextcloud / server

apps/dav/lib/CardDAV/Plugin.php

Indentation +40 added lines, -40 removed lines

@@ -30,51 +30,51 @@
 
 class Plugin extends \Sabre\CardDAV\Plugin {
 
-	function initialize(Server $server) {
-		$server->on('propFind', [$this, 'propFind']);
-		parent::initialize($server);
-	}
+    function initialize(Server $server) {
+        $server->on('propFind', [$this, 'propFind']);
+        parent::initialize($server);
+    }
 
-	/**
-	 * Returns the addressbook home for a given principal
-	 *
-	 * @param string $principal
-	 * @return string
-	 */
-	protected function getAddressbookHomeForPrincipal($principal) {
+    /**
+     * Returns the addressbook home for a given principal
+     *
+     * @param string $principal
+     * @return string
+     */
+    protected function getAddressbookHomeForPrincipal($principal) {
 
-		if (strrpos($principal, 'principals/users', -strlen($principal)) !== false) {
-			list(, $principalId) = URLUtil::splitPath($principal);
-			return self::ADDRESSBOOK_ROOT . '/users/' . $principalId;
-		}
-		if (strrpos($principal, 'principals/groups', -strlen($principal)) !== false) {
-			list(, $principalId) = URLUtil::splitPath($principal);
-			return self::ADDRESSBOOK_ROOT . '/groups/' . $principalId;
-		}
-		if (strrpos($principal, 'principals/system', -strlen($principal)) !== false) {
-			list(, $principalId) = URLUtil::splitPath($principal);
-			return self::ADDRESSBOOK_ROOT . '/system/' . $principalId;
-		}
+        if (strrpos($principal, 'principals/users', -strlen($principal)) !== false) {
+            list(, $principalId) = URLUtil::splitPath($principal);
+            return self::ADDRESSBOOK_ROOT . '/users/' . $principalId;
+        }
+        if (strrpos($principal, 'principals/groups', -strlen($principal)) !== false) {
+            list(, $principalId) = URLUtil::splitPath($principal);
+            return self::ADDRESSBOOK_ROOT . '/groups/' . $principalId;
+        }
+        if (strrpos($principal, 'principals/system', -strlen($principal)) !== false) {
+            list(, $principalId) = URLUtil::splitPath($principal);
+            return self::ADDRESSBOOK_ROOT . '/system/' . $principalId;
+        }
 
-		throw new \LogicException('This is not supposed to happen');
-	}
+        throw new \LogicException('This is not supposed to happen');
+    }
 
-	/**
-	 * Adds all CardDAV-specific properties
-	 *
-	 * @param PropFind $propFind
-	 * @param INode $node
-	 * @return void
-	 */
-	function propFind(PropFind $propFind, INode $node) {
+    /**
+     * Adds all CardDAV-specific properties
+     *
+     * @param PropFind $propFind
+     * @param INode $node
+     * @return void
+     */
+    function propFind(PropFind $propFind, INode $node) {
 
-		$ns = '{http://owncloud.org/ns}';
+        $ns = '{http://owncloud.org/ns}';
 
-		if ($node instanceof AddressBook) {
+        if ($node instanceof AddressBook) {
 
-			$propFind->handle($ns . 'groups', function () use ($node) {
-				return new Groups($node->getContactsGroups());
-			});
-		}
-	}
+            $propFind->handle($ns . 'groups', function () use ($node) {
+                return new Groups($node->getContactsGroups());
+            });
+        }
+    }
 }

apps/dav/lib/CardDAV/UserAddressBooks.php

Indentation +41 added lines, -41 removed lines

@@ -25,52 +25,52 @@
 
 class UserAddressBooks extends \Sabre\CardDAV\AddressBookHome {
 
-	/** @var IL10N */
-	protected $l10n;
+    /** @var IL10N */
+    protected $l10n;
 
-	/**
-	 * Returns a list of addressbooks
-	 *
-	 * @return array
-	 */
-	function getChildren() {
-		if ($this->l10n === null) {
-			$this->l10n = \OC::$server->getL10N('dav');
-		}
+    /**
+     * Returns a list of addressbooks
+     *
+     * @return array
+     */
+    function getChildren() {
+        if ($this->l10n === null) {
+            $this->l10n = \OC::$server->getL10N('dav');
+        }
 
-		$addressBooks = $this->carddavBackend->getAddressBooksForUser($this->principalUri);
-		$objects = [];
-		foreach($addressBooks as $addressBook) {
-			$objects[] = new AddressBook($this->carddavBackend, $addressBook, $this->l10n);
-		}
-		return $objects;
+        $addressBooks = $this->carddavBackend->getAddressBooksForUser($this->principalUri);
+        $objects = [];
+        foreach($addressBooks as $addressBook) {
+            $objects[] = new AddressBook($this->carddavBackend, $addressBook, $this->l10n);
+        }
+        return $objects;
 
-	}
+    }
 
-	/**
-	 * Returns a list of ACE's for this node.
-	 *
-	 * Each ACE has the following properties:
-	 *   * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
-	 *     currently the only supported privileges
-	 *   * 'principal', a url to the principal who owns the node
-	 *   * 'protected' (optional), indicating that this ACE is not allowed to
-	 *      be updated.
-	 *
-	 * @return array
-	 */
-	function getACL() {
+    /**
+     * Returns a list of ACE's for this node.
+     *
+     * Each ACE has the following properties:
+     *   * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
+     *     currently the only supported privileges
+     *   * 'principal', a url to the principal who owns the node
+     *   * 'protected' (optional), indicating that this ACE is not allowed to
+     *      be updated.
+     *
+     * @return array
+     */
+    function getACL() {
 
-		$acl = parent::getACL();
-		if ($this->principalUri === 'principals/system/system') {
-			$acl[] = [
-					'privilege' => '{DAV:}read',
-					'principal' => '{DAV:}authenticated',
-					'protected' => true,
-			];
-		}
+        $acl = parent::getACL();
+        if ($this->principalUri === 'principals/system/system') {
+            $acl[] = [
+                    'privilege' => '{DAV:}read',
+                    'principal' => '{DAV:}authenticated',
+                    'protected' => true,
+            ];
+        }
 
-		return $acl;
-	}
+        return $acl;
+    }
 
 }

apps/dav/lib/CardDAV/ImageExportPlugin.php

Indentation +132 added lines, -132 removed lines

@@ -34,136 +34,136 @@
 
 class ImageExportPlugin extends ServerPlugin {
 
-	/** @var Server */
-	protected $server;
-	/** @var ILogger */
-	private $logger;
-
-	public function __construct(ILogger $logger) {
-		$this->logger = $logger;
-	}
-
-	/**
-	 * Initializes the plugin and registers event handlers
-	 *
-	 * @param Server $server
-	 * @return void
-	 */
-	function initialize(Server $server) {
-
-		$this->server = $server;
-		$this->server->on('method:GET', [$this, 'httpGet'], 90);
-	}
-
-	/**
-	 * Intercepts GET requests on addressbook urls ending with ?photo.
-	 *
-	 * @param RequestInterface $request
-	 * @param ResponseInterface $response
-	 * @return bool|void
-	 */
-	function httpGet(RequestInterface $request, ResponseInterface $response) {
-
-		$queryParams = $request->getQueryParameters();
-		// TODO: in addition to photo we should also add logo some point in time
-		if (!array_key_exists('photo', $queryParams)) {
-			return true;
-		}
-
-		$path = $request->getPath();
-		$node = $this->server->tree->getNodeForPath($path);
-
-		if (!($node instanceof Card)) {
-			return true;
-		}
-
-		$this->server->transactionType = 'carddav-image-export';
-
-		// Checking ACL, if available.
-		if ($aclPlugin = $this->server->getPlugin('acl')) {
-			/** @var \Sabre\DAVACL\Plugin $aclPlugin */
-			$aclPlugin->checkPrivileges($path, '{DAV:}read');
-		}
-
-		if ($result = $this->getPhoto($node)) {
-			$response->setHeader('Content-Type', $result['Content-Type']);
-			$response->setHeader('Content-Disposition', 'attachment');
-			$response->setStatus(200);
-
-			$response->setBody($result['body']);
-
-			// Returning false to break the event chain
-			return false;
-		}
-		return true;
-	}
-
-	function getPhoto(Card $node) {
-		// TODO: this is kind of expensive - load carddav data from database and parse it
-		//       we might want to build up a cache one day
-		try {
-			$vObject = $this->readCard($node->get());
-			if (!$vObject->PHOTO) {
-				return false;
-			}
-
-			$photo = $vObject->PHOTO;
-			$type = $this->getType($photo);
-
-			$val = $photo->getValue();
-			if ($photo->getValueType() === 'URI') {
-				$parsed = \Sabre\URI\parse($val);
-				//only allow data://
-				if ($parsed['scheme'] !== 'data') {
-					return false;
-				}
-				if (substr_count($parsed['path'], ';') === 1) {
-					list($type,) = explode(';', $parsed['path']);
-				}
-				$val = file_get_contents($val);
-			}
-
-			$allowedContentTypes = [
-				'image/png',
-				'image/jpeg',
-				'image/gif',
-			];
-
-			if(!in_array($type, $allowedContentTypes, true)) {
-				$type = 'application/octet-stream';
-			}
-
-			return [
-				'Content-Type' => $type,
-				'body' => $val
-			];
-		} catch(\Exception $ex) {
-			$this->logger->logException($ex);
-		}
-		return false;
-	}
-
-	private function readCard($cardData) {
-		return Reader::read($cardData);
-	}
-
-	/**
-	 * @param Binary $photo
-	 * @return Parameter
-	 */
-	private function getType($photo) {
-		$params = $photo->parameters();
-		if (isset($params['TYPE']) || isset($params['MEDIATYPE'])) {
-			/** @var Parameter $typeParam */
-			$typeParam = isset($params['TYPE']) ? $params['TYPE'] : $params['MEDIATYPE'];
-			$type = $typeParam->getValue();
-
-			if (strpos($type, 'image/') === 0) {
-				return $type;
-			} else {
-				return 'image/' . strtolower($type);
-			}
-		}
-		return '';
-	}
+    /** @var Server */
+    protected $server;
+    /** @var ILogger */
+    private $logger;
+
+    public function __construct(ILogger $logger) {
+        $this->logger = $logger;
+    }
+
+    /**
+     * Initializes the plugin and registers event handlers
+     *
+     * @param Server $server
+     * @return void
+     */
+    function initialize(Server $server) {
+
+        $this->server = $server;
+        $this->server->on('method:GET', [$this, 'httpGet'], 90);
+    }
+
+    /**
+     * Intercepts GET requests on addressbook urls ending with ?photo.
+     *
+     * @param RequestInterface $request
+     * @param ResponseInterface $response
+     * @return bool|void
+     */
+    function httpGet(RequestInterface $request, ResponseInterface $response) {
+
+        $queryParams = $request->getQueryParameters();
+        // TODO: in addition to photo we should also add logo some point in time
+        if (!array_key_exists('photo', $queryParams)) {
+            return true;
+        }
+
+        $path = $request->getPath();
+        $node = $this->server->tree->getNodeForPath($path);
+
+        if (!($node instanceof Card)) {
+            return true;
+        }
+
+        $this->server->transactionType = 'carddav-image-export';
+
+        // Checking ACL, if available.
+        if ($aclPlugin = $this->server->getPlugin('acl')) {
+            /** @var \Sabre\DAVACL\Plugin $aclPlugin */
+            $aclPlugin->checkPrivileges($path, '{DAV:}read');
+        }
+
+        if ($result = $this->getPhoto($node)) {
+            $response->setHeader('Content-Type', $result['Content-Type']);
+            $response->setHeader('Content-Disposition', 'attachment');
+            $response->setStatus(200);
+
+            $response->setBody($result['body']);
+
+            // Returning false to break the event chain
+            return false;
+        }
+        return true;
+    }
+
+    function getPhoto(Card $node) {
+        // TODO: this is kind of expensive - load carddav data from database and parse it
+        //       we might want to build up a cache one day
+        try {
+            $vObject = $this->readCard($node->get());
+            if (!$vObject->PHOTO) {
+                return false;
+            }
+
+            $photo = $vObject->PHOTO;
+            $type = $this->getType($photo);
+
+            $val = $photo->getValue();
+            if ($photo->getValueType() === 'URI') {
+                $parsed = \Sabre\URI\parse($val);
+                //only allow data://
+                if ($parsed['scheme'] !== 'data') {
+                    return false;
+                }
+                if (substr_count($parsed['path'], ';') === 1) {
+                    list($type,) = explode(';', $parsed['path']);
+                }
+                $val = file_get_contents($val);
+            }
+
+            $allowedContentTypes = [
+                'image/png',
+                'image/jpeg',
+                'image/gif',
+            ];
+
+            if(!in_array($type, $allowedContentTypes, true)) {
+                $type = 'application/octet-stream';
+            }
+
+            return [
+                'Content-Type' => $type,
+                'body' => $val
+            ];
+        } catch(\Exception $ex) {
+            $this->logger->logException($ex);
+        }
+        return false;
+    }
+
+    private function readCard($cardData) {
+        return Reader::read($cardData);
+    }
+
+    /**
+     * @param Binary $photo
+     * @return Parameter
+     */
+    private function getType($photo) {
+        $params = $photo->parameters();
+        if (isset($params['TYPE']) || isset($params['MEDIATYPE'])) {
+            /** @var Parameter $typeParam */
+            $typeParam = isset($params['TYPE']) ? $params['TYPE'] : $params['MEDIATYPE'];
+            $type = $typeParam->getValue();
+
+            if (strpos($type, 'image/') === 0) {
+                return $type;
+            } else {
+                return 'image/' . strtolower($type);
+            }
+        }
+        return '';
+    }
 }

apps/dav/lib/CardDAV/SyncJob.php

Indentation +10 added lines, -10 removed lines

@@ -28,15 +28,15 @@
 
 class SyncJob extends TimedJob {
 
-	public function __construct() {
-		// Run once a day
-		$this->setInterval(24 * 60 * 60);
-	}
+    public function __construct() {
+        // Run once a day
+        $this->setInterval(24 * 60 * 60);
+    }
 
-	protected function run($argument) {
-		$app = new Application();
-		/** @var SyncService $ss */
-		$ss = $app->getSyncService();
-		$ss->syncInstance();
-	}
+    protected function run($argument) {
+        $app = new Application();
+        /** @var SyncService $ss */
+        $ss = $app->getSyncService();
+        $ss->syncInstance();
+    }
 }

apps/dav/lib/HookManager.php

Indentation +111 added lines, -111 removed lines

@@ -32,115 +32,115 @@
 
 class HookManager {
 
-	/** @var IUserManager */
-	private $userManager;
-
-	/** @var SyncService */
-	private $syncService;
-
-	/** @var IUser[] */
-	private $usersToDelete;
-
-	/** @var CalDavBackend */
-	private $calDav;
-
-	/** @var CardDavBackend */
-	private $cardDav;
-
-	/** @var array */
-	private $calendarsToDelete;
-
-	/** @var array */
-	private $addressBooksToDelete;
-
-	/** @var EventDispatcher */
-	private $eventDispatcher;
-
-	public function __construct(IUserManager $userManager,
-								SyncService $syncService,
-								CalDavBackend $calDav,
-								CardDavBackend $cardDav,
-								EventDispatcher $eventDispatcher) {
-		$this->userManager = $userManager;
-		$this->syncService = $syncService;
-		$this->calDav = $calDav;
-		$this->cardDav = $cardDav;
-		$this->eventDispatcher = $eventDispatcher;
-	}
-
-	public function setup() {
-		Util::connectHook('OC_User',
-			'post_createUser',
-			$this,
-			'postCreateUser');
-		Util::connectHook('OC_User',
-			'pre_deleteUser',
-			$this,
-			'preDeleteUser');
-		Util::connectHook('OC_User',
-			'post_deleteUser',
-			$this,
-			'postDeleteUser');
-		Util::connectHook('OC_User',
-			'changeUser',
-			$this,
-			'changeUser');
-	}
-
-	public function postCreateUser($params) {
-		$user = $this->userManager->get($params['uid']);
-		$this->syncService->updateUser($user);
-	}
-
-	public function preDeleteUser($params) {
-		$uid = $params['uid'];
-		$this->usersToDelete[$uid] = $this->userManager->get($uid);
-		$this->calendarsToDelete = $this->calDav->getUsersOwnCalendars('principals/users/' . $uid);
-		$this->addressBooksToDelete = $this->cardDav->getUsersOwnAddressBooks('principals/users/' . $uid);
-	}
-
-	public function postDeleteUser($params) {
-		$uid = $params['uid'];
-		if (isset($this->usersToDelete[$uid])){
-			$this->syncService->deleteUser($this->usersToDelete[$uid]);
-		}
-
-		foreach ($this->calendarsToDelete as $calendar) {
-			$this->calDav->deleteCalendar($calendar['id']);
-		}
-		$this->calDav->deleteAllSharesByUser('principals/users/' . $uid);
-
-		foreach ($this->addressBooksToDelete as $addressBook) {
-			$this->cardDav->deleteAddressBook($addressBook['id']);
-		}
-	}
-
-	public function changeUser($params) {
-		$user = $params['user'];
-		$this->syncService->updateUser($user);
-	}
-
-	public function firstLogin(IUser $user = null) {
-		if (!is_null($user)) {
-			$principal = 'principals/users/' . $user->getUID();
-			if ($this->calDav->getCalendarsForUserCount($principal) === 0) {
-				try {
-					$this->calDav->createCalendar($principal, CalDavBackend::PERSONAL_CALENDAR_URI, [
-						'{DAV:}displayname' => CalDavBackend::PERSONAL_CALENDAR_NAME,
-					]);
-				} catch (\Exception $ex) {
-					\OC::$server->getLogger()->logException($ex);
-				}
-			}
-			if ($this->cardDav->getAddressBooksForUserCount($principal) === 0) {
-				try {
-					$this->cardDav->createAddressBook($principal, CardDavBackend::PERSONAL_ADDRESSBOOK_URI, [
-						'{DAV:}displayname' => CardDavBackend::PERSONAL_ADDRESSBOOK_NAME,
-					]);
-				} catch (\Exception $ex) {
-					\OC::$server->getLogger()->logException($ex);
-				}
-			}
-		}
-	}
+    /** @var IUserManager */
+    private $userManager;
+
+    /** @var SyncService */
+    private $syncService;
+
+    /** @var IUser[] */
+    private $usersToDelete;
+
+    /** @var CalDavBackend */
+    private $calDav;
+
+    /** @var CardDavBackend */
+    private $cardDav;
+
+    /** @var array */
+    private $calendarsToDelete;
+
+    /** @var array */
+    private $addressBooksToDelete;
+
+    /** @var EventDispatcher */
+    private $eventDispatcher;
+
+    public function __construct(IUserManager $userManager,
+                                SyncService $syncService,
+                                CalDavBackend $calDav,
+                                CardDavBackend $cardDav,
+                                EventDispatcher $eventDispatcher) {
+        $this->userManager = $userManager;
+        $this->syncService = $syncService;
+        $this->calDav = $calDav;
+        $this->cardDav = $cardDav;
+        $this->eventDispatcher = $eventDispatcher;
+    }
+
+    public function setup() {
+        Util::connectHook('OC_User',
+            'post_createUser',
+            $this,
+            'postCreateUser');
+        Util::connectHook('OC_User',
+            'pre_deleteUser',
+            $this,
+            'preDeleteUser');
+        Util::connectHook('OC_User',
+            'post_deleteUser',
+            $this,
+            'postDeleteUser');
+        Util::connectHook('OC_User',
+            'changeUser',
+            $this,
+            'changeUser');
+    }
+
+    public function postCreateUser($params) {
+        $user = $this->userManager->get($params['uid']);
+        $this->syncService->updateUser($user);
+    }
+
+    public function preDeleteUser($params) {
+        $uid = $params['uid'];
+        $this->usersToDelete[$uid] = $this->userManager->get($uid);
+        $this->calendarsToDelete = $this->calDav->getUsersOwnCalendars('principals/users/' . $uid);
+        $this->addressBooksToDelete = $this->cardDav->getUsersOwnAddressBooks('principals/users/' . $uid);
+    }
+
+    public function postDeleteUser($params) {
+        $uid = $params['uid'];
+        if (isset($this->usersToDelete[$uid])){
+            $this->syncService->deleteUser($this->usersToDelete[$uid]);
+        }
+
+        foreach ($this->calendarsToDelete as $calendar) {
+            $this->calDav->deleteCalendar($calendar['id']);
+        }
+        $this->calDav->deleteAllSharesByUser('principals/users/' . $uid);
+
+        foreach ($this->addressBooksToDelete as $addressBook) {
+            $this->cardDav->deleteAddressBook($addressBook['id']);
+        }
+    }
+
+    public function changeUser($params) {
+        $user = $params['user'];
+        $this->syncService->updateUser($user);
+    }
+
+    public function firstLogin(IUser $user = null) {
+        if (!is_null($user)) {
+            $principal = 'principals/users/' . $user->getUID();
+            if ($this->calDav->getCalendarsForUserCount($principal) === 0) {
+                try {
+                    $this->calDav->createCalendar($principal, CalDavBackend::PERSONAL_CALENDAR_URI, [
+                        '{DAV:}displayname' => CalDavBackend::PERSONAL_CALENDAR_NAME,
+                    ]);
+                } catch (\Exception $ex) {
+                    \OC::$server->getLogger()->logException($ex);
+                }
+            }
+            if ($this->cardDav->getAddressBooksForUserCount($principal) === 0) {
+                try {
+                    $this->cardDav->createAddressBook($principal, CardDavBackend::PERSONAL_ADDRESSBOOK_URI, [
+                        '{DAV:}displayname' => CardDavBackend::PERSONAL_ADDRESSBOOK_NAME,
+                    ]);
+                } catch (\Exception $ex) {
+                    \OC::$server->getLogger()->logException($ex);
+                }
+            }
+        }
+    }
 }

apps/dav/lib/SystemTag/SystemTagNode.php

Indentation +132 added lines, -132 removed lines

@@ -39,136 +39,136 @@
  */
 class SystemTagNode implements \Sabre\DAV\INode {
 
-	/**
-	 * @var ISystemTag
-	 */
-	protected $tag;
-
-	/**
-	 * @var ISystemTagManager
-	 */
-	protected $tagManager;
-
-	/**
-	 * User
-	 *
-	 * @var IUser
-	 */
-	protected $user;
-
-	/**
-	 * Whether to allow permissions for admins
-	 *
-	 * @var bool
-	 */
-	protected $isAdmin;
-
-	/**
-	 * Sets up the node, expects a full path name
-	 *
-	 * @param ISystemTag $tag system tag
-	 * @param IUser $user user
-	 * @param bool $isAdmin whether to allow operations for admins
-	 * @param ISystemTagManager $tagManager tag manager
-	 */
-	public function __construct(ISystemTag $tag, IUser $user, $isAdmin, ISystemTagManager $tagManager) {
-		$this->tag = $tag;
-		$this->user = $user;
-		$this->isAdmin = $isAdmin;
-		$this->tagManager = $tagManager;
-	}
-
-	/**
-	 *  Returns the id of the tag
-	 *
-	 * @return string
-	 */
-	public function getName() {
-		return $this->tag->getId();
-	}
-
-	/**
-	 * Returns the system tag represented by this node
-	 *
-	 * @return ISystemTag system tag
-	 */
-	public function getSystemTag() {
-		return $this->tag;
-	}
-
-	/**
-	 * Renames the node
-	 *
-	 * @param string $name The new name
-	 *
-	 * @throws MethodNotAllowed not allowed to rename node
-	 */
-	public function setName($name) {
-		throw new MethodNotAllowed();
-	}
-
-	/**
-	 * Update tag
-	 *
-	 * @param string $name new tag name
-	 * @param bool $userVisible user visible
-	 * @param bool $userAssignable user assignable
-	 * @throws NotFound whenever the given tag id does not exist
-	 * @throws Forbidden whenever there is no permission to update said tag
-	 * @throws Conflict whenever a tag already exists with the given attributes
-	 */
-	public function update($name, $userVisible, $userAssignable) {
-		try {
-			if (!$this->tagManager->canUserSeeTag($this->tag, $this->user)) {
-				throw new NotFound('Tag with id ' . $this->tag->getId() . ' does not exist');
-			}
-			if (!$this->tagManager->canUserAssignTag($this->tag, $this->user)) {
-				throw new Forbidden('No permission to update tag ' . $this->tag->getId());
-			}
-
-			// only admin is able to change permissions, regular users can only rename
-			if (!$this->isAdmin) {
-				// only renaming is allowed for regular users
-				if ($userVisible !== $this->tag->isUserVisible()
-					|| $userAssignable !== $this->tag->isUserAssignable()
-				) {
-					throw new Forbidden('No permission to update permissions for tag ' . $this->tag->getId());
-				}
-			}
-
-			$this->tagManager->updateTag($this->tag->getId(), $name, $userVisible, $userAssignable);
-		} catch (TagNotFoundException $e) {
-			throw new NotFound('Tag with id ' . $this->tag->getId() . ' does not exist');
-		} catch (TagAlreadyExistsException $e) {
-			throw new Conflict(
-				'Tag with the properties "' . $name . '", ' .
-				$userVisible . ', ' . $userAssignable . ' already exists'
-			);
-		}
-	}
-
-	/**
-	 * Returns null, not supported
-	 *
-	 */
-	public function getLastModified() {
-		return null;
-	}
-
-	public function delete() {
-		try {
-			if (!$this->isAdmin) {
-				throw new Forbidden('No permission to delete tag ' . $this->tag->getId());
-			}
-
-			if (!$this->tagManager->canUserSeeTag($this->tag, $this->user)) {
-				throw new NotFound('Tag with id ' . $this->tag->getId() . ' not found');
-			}
-
-			$this->tagManager->deleteTags($this->tag->getId());
-		} catch (TagNotFoundException $e) {
-			// can happen if concurrent deletion occurred
-			throw new NotFound('Tag with id ' . $this->tag->getId() . ' not found', 0, $e);
-		}
-	}
+    /**
+     * @var ISystemTag
+     */
+    protected $tag;
+
+    /**
+     * @var ISystemTagManager
+     */
+    protected $tagManager;
+
+    /**
+     * User
+     *
+     * @var IUser
+     */
+    protected $user;
+
+    /**
+     * Whether to allow permissions for admins
+     *
+     * @var bool
+     */
+    protected $isAdmin;
+
+    /**
+     * Sets up the node, expects a full path name
+     *
+     * @param ISystemTag $tag system tag
+     * @param IUser $user user
+     * @param bool $isAdmin whether to allow operations for admins
+     * @param ISystemTagManager $tagManager tag manager
+     */
+    public function __construct(ISystemTag $tag, IUser $user, $isAdmin, ISystemTagManager $tagManager) {
+        $this->tag = $tag;
+        $this->user = $user;
+        $this->isAdmin = $isAdmin;
+        $this->tagManager = $tagManager;
+    }
+
+    /**
+     *  Returns the id of the tag
+     *
+     * @return string
+     */
+    public function getName() {
+        return $this->tag->getId();
+    }
+
+    /**
+     * Returns the system tag represented by this node
+     *
+     * @return ISystemTag system tag
+     */
+    public function getSystemTag() {
+        return $this->tag;
+    }
+
+    /**
+     * Renames the node
+     *
+     * @param string $name The new name
+     *
+     * @throws MethodNotAllowed not allowed to rename node
+     */
+    public function setName($name) {
+        throw new MethodNotAllowed();
+    }
+
+    /**
+     * Update tag
+     *
+     * @param string $name new tag name
+     * @param bool $userVisible user visible
+     * @param bool $userAssignable user assignable
+     * @throws NotFound whenever the given tag id does not exist
+     * @throws Forbidden whenever there is no permission to update said tag
+     * @throws Conflict whenever a tag already exists with the given attributes
+     */
+    public function update($name, $userVisible, $userAssignable) {
+        try {
+            if (!$this->tagManager->canUserSeeTag($this->tag, $this->user)) {
+                throw new NotFound('Tag with id ' . $this->tag->getId() . ' does not exist');
+            }
+            if (!$this->tagManager->canUserAssignTag($this->tag, $this->user)) {
+                throw new Forbidden('No permission to update tag ' . $this->tag->getId());
+            }
+
+            // only admin is able to change permissions, regular users can only rename
+            if (!$this->isAdmin) {
+                // only renaming is allowed for regular users
+                if ($userVisible !== $this->tag->isUserVisible()
+                    || $userAssignable !== $this->tag->isUserAssignable()
+                ) {
+                    throw new Forbidden('No permission to update permissions for tag ' . $this->tag->getId());
+                }
+            }
+
+            $this->tagManager->updateTag($this->tag->getId(), $name, $userVisible, $userAssignable);
+        } catch (TagNotFoundException $e) {
+            throw new NotFound('Tag with id ' . $this->tag->getId() . ' does not exist');
+        } catch (TagAlreadyExistsException $e) {
+            throw new Conflict(
+                'Tag with the properties "' . $name . '", ' .
+                $userVisible . ', ' . $userAssignable . ' already exists'
+            );
+        }
+    }
+
+    /**
+     * Returns null, not supported
+     *
+     */
+    public function getLastModified() {
+        return null;
+    }
+
+    public function delete() {
+        try {
+            if (!$this->isAdmin) {
+                throw new Forbidden('No permission to delete tag ' . $this->tag->getId());
+            }
+
+            if (!$this->tagManager->canUserSeeTag($this->tag, $this->user)) {
+                throw new NotFound('Tag with id ' . $this->tag->getId() . ' not found');
+            }
+
+            $this->tagManager->deleteTags($this->tag->getId());
+        } catch (TagNotFoundException $e) {
+            // can happen if concurrent deletion occurred
+            throw new NotFound('Tag with id ' . $this->tag->getId() . ' not found', 0, $e);
+        }
+    }
 }

apps/dav/lib/SystemTag/SystemTagsByIdCollection.php

Indentation +140 added lines, -140 removed lines

@@ -37,144 +37,144 @@
 
 class SystemTagsByIdCollection implements ICollection {
 
-	/**
-	 * @var ISystemTagManager
-	 */
-	private $tagManager;
-
-	/**
-	 * @var IGroupManager
-	 */
-	private $groupManager;
-
-	/**
-	 * @var IUserSession
-	 */
-	private $userSession;
-
-	/**
-	 * SystemTagsByIdCollection constructor.
-	 *
-	 * @param ISystemTagManager $tagManager
-	 * @param IUserSession $userSession
-	 * @param IGroupManager $groupManager
-	 */
-	public function __construct(
-		ISystemTagManager $tagManager,
-		IUserSession $userSession,
-		IGroupManager $groupManager
-	) {
-		$this->tagManager = $tagManager;
-		$this->userSession = $userSession;
-		$this->groupManager = $groupManager;
-	}
-
-	/**
-	 * Returns whether the currently logged in user is an administrator
-	 *
-	 * @return bool true if the user is an admin
-	 */
-	private function isAdmin() {
-		$user = $this->userSession->getUser();
-		if ($user !== null) {
-			return $this->groupManager->isAdmin($user->getUID());
-		}
-		return false;
-	}
-
-	/**
-	 * @param string $name
-	 * @param resource|string $data Initial payload
-	 * @throws Forbidden
-	 */
-	function createFile($name, $data = null) {
-		throw new Forbidden('Cannot create tags by id');
-	}
-
-	/**
-	 * @param string $name
-	 */
-	function createDirectory($name) {
-		throw new Forbidden('Permission denied to create collections');
-	}
-
-	/**
-	 * @param string $name
-	 */
-	function getChild($name) {
-		try {
-			$tag = $this->tagManager->getTagsByIds([$name]);
-			$tag = current($tag);
-			if (!$this->tagManager->canUserSeeTag($tag, $this->userSession->getUser())) {
-				throw new NotFound('Tag with id ' . $name . ' not found');
-			}
-			return $this->makeNode($tag);
-		} catch (\InvalidArgumentException $e) {
-			throw new BadRequest('Invalid tag id', 0, $e);
-		} catch (TagNotFoundException $e) {
-			throw new NotFound('Tag with id ' . $name . ' not found', 0, $e);
-		}
-	}
-
-	function getChildren() {
-		$visibilityFilter = true;
-		if ($this->isAdmin()) {
-			$visibilityFilter = null;
-		}
-
-		$tags = $this->tagManager->getAllTags($visibilityFilter);
-		return array_map(function($tag) {
-			return $this->makeNode($tag);
-		}, $tags);
-	}
-
-	/**
-	 * @param string $name
-	 */
-	function childExists($name) {
-		try {
-			$tag = $this->tagManager->getTagsByIds([$name]);
-			$tag = current($tag);
-			if (!$this->tagManager->canUserSeeTag($tag, $this->userSession->getUser())) {
-				return false;
-			}
-			return true;
-		} catch (\InvalidArgumentException $e) {
-			throw new BadRequest('Invalid tag id', 0, $e);
-		} catch (TagNotFoundException $e) {
-			return false;
-		}
-	}
-
-	function delete() {
-		throw new Forbidden('Permission denied to delete this collection');
-	}
-
-	function getName() {
-		return 'systemtags';
-	}
-
-	function setName($name) {
-		throw new Forbidden('Permission denied to rename this collection');
-	}
-
-	/**
-	 * Returns the last modification time, as a unix timestamp
-	 *
-	 * @return int
-	 */
-	function getLastModified() {
-		return null;
-	}
-
-	/**
-	 * Create a sabre node for the given system tag
-	 *
-	 * @param ISystemTag $tag
-	 *
-	 * @return SystemTagNode
-	 */
-	private function makeNode(ISystemTag $tag) {
-		return new SystemTagNode($tag, $this->userSession->getUser(), $this->isAdmin(), $this->tagManager);
-	}
+    /**
+     * @var ISystemTagManager
+     */
+    private $tagManager;
+
+    /**
+     * @var IGroupManager
+     */
+    private $groupManager;
+
+    /**
+     * @var IUserSession
+     */
+    private $userSession;
+
+    /**
+     * SystemTagsByIdCollection constructor.
+     *
+     * @param ISystemTagManager $tagManager
+     * @param IUserSession $userSession
+     * @param IGroupManager $groupManager
+     */
+    public function __construct(
+        ISystemTagManager $tagManager,
+        IUserSession $userSession,
+        IGroupManager $groupManager
+    ) {
+        $this->tagManager = $tagManager;
+        $this->userSession = $userSession;
+        $this->groupManager = $groupManager;
+    }
+
+    /**
+     * Returns whether the currently logged in user is an administrator
+     *
+     * @return bool true if the user is an admin
+     */
+    private function isAdmin() {
+        $user = $this->userSession->getUser();
+        if ($user !== null) {
+            return $this->groupManager->isAdmin($user->getUID());
+        }
+        return false;
+    }
+
+    /**
+     * @param string $name
+     * @param resource|string $data Initial payload
+     * @throws Forbidden
+     */
+    function createFile($name, $data = null) {
+        throw new Forbidden('Cannot create tags by id');
+    }
+
+    /**
+     * @param string $name
+     */
+    function createDirectory($name) {
+        throw new Forbidden('Permission denied to create collections');
+    }
+
+    /**
+     * @param string $name
+     */
+    function getChild($name) {
+        try {
+            $tag = $this->tagManager->getTagsByIds([$name]);
+            $tag = current($tag);
+            if (!$this->tagManager->canUserSeeTag($tag, $this->userSession->getUser())) {
+                throw new NotFound('Tag with id ' . $name . ' not found');
+            }
+            return $this->makeNode($tag);
+        } catch (\InvalidArgumentException $e) {
+            throw new BadRequest('Invalid tag id', 0, $e);
+        } catch (TagNotFoundException $e) {
+            throw new NotFound('Tag with id ' . $name . ' not found', 0, $e);
+        }
+    }
+
+    function getChildren() {
+        $visibilityFilter = true;
+        if ($this->isAdmin()) {
+            $visibilityFilter = null;
+        }
+
+        $tags = $this->tagManager->getAllTags($visibilityFilter);
+        return array_map(function($tag) {
+            return $this->makeNode($tag);
+        }, $tags);
+    }
+
+    /**
+     * @param string $name
+     */
+    function childExists($name) {
+        try {
+            $tag = $this->tagManager->getTagsByIds([$name]);
+            $tag = current($tag);
+            if (!$this->tagManager->canUserSeeTag($tag, $this->userSession->getUser())) {
+                return false;
+            }
+            return true;
+        } catch (\InvalidArgumentException $e) {
+            throw new BadRequest('Invalid tag id', 0, $e);
+        } catch (TagNotFoundException $e) {
+            return false;
+        }
+    }
+
+    function delete() {
+        throw new Forbidden('Permission denied to delete this collection');
+    }
+
+    function getName() {
+        return 'systemtags';
+    }
+
+    function setName($name) {
+        throw new Forbidden('Permission denied to rename this collection');
+    }
+
+    /**
+     * Returns the last modification time, as a unix timestamp
+     *
+     * @return int
+     */
+    function getLastModified() {
+        return null;
+    }
+
+    /**
+     * Create a sabre node for the given system tag
+     *
+     * @param ISystemTag $tag
+     *
+     * @return SystemTagNode
+     */
+    private function makeNode(ISystemTag $tag) {
+        return new SystemTagNode($tag, $this->userSession->getUser(), $this->isAdmin(), $this->tagManager);
+    }
 }

apps/dav/lib/SystemTag/SystemTagsObjectTypeCollection.php

Indentation +132 added lines, -132 removed lines

@@ -39,136 +39,136 @@
  */
 class SystemTagsObjectTypeCollection implements ICollection {
 
-	/**
-	 * @var string
-	 */
-	private $objectType;
-
-	/**
-	 * @var ISystemTagManager
-	 */
-	private $tagManager;
-
-	/**
-	 * @var ISystemTagObjectMapper
-	 */
-	private $tagMapper;
-
-	/**
-	 * @var IGroupManager
-	 */
-	private $groupManager;
-
-	/**
-	 * @var IUserSession
-	 */
-	private $userSession;
-
-	/**
-	 * @var \Closure
-	 **/
-	protected $childExistsFunction;
-
-	/**
-	 * Constructor
-	 *
-	 * @param string $objectType object type
-	 * @param ISystemTagManager $tagManager
-	 * @param ISystemTagObjectMapper $tagMapper
-	 * @param IUserSession $userSession
-	 * @param IGroupManager $groupManager
-	 * @param \Closure $childExistsFunction
-	 */
-	public function __construct(
-		$objectType, 
-		ISystemTagManager $tagManager,
-		ISystemTagObjectMapper $tagMapper,
-		IUserSession $userSession,
-		IGroupManager $groupManager,
-		\Closure $childExistsFunction
-	) {
-		$this->tagManager = $tagManager;
-		$this->tagMapper = $tagMapper;
-		$this->objectType = $objectType;
-		$this->userSession = $userSession;
-		$this->groupManager = $groupManager;
-		$this->childExistsFunction = $childExistsFunction;
-	}
-
-	/**
-	 * @param string $name
-	 * @param resource|string $data Initial payload
-	 * @return null|string
-	 * @throws Forbidden
-	 */
-	function createFile($name, $data = null) {
-		throw new Forbidden('Permission denied to create nodes');
-	}
-
-	/**
-	 * @param string $name
-	 * @throws Forbidden
-	 */
-	function createDirectory($name) {
-		throw new Forbidden('Permission denied to create collections');
-	}
-
-	/**
-	 * @param string $objectId
-	 * @return SystemTagsObjectMappingCollection
-	 * @throws NotFound
-	 */
-	function getChild($objectId) {
-		// make sure the object exists and is reachable
-		if(!$this->childExists($objectId)) {
-			throw new NotFound('Entity does not exist or is not available');
-		}
-		return new SystemTagsObjectMappingCollection(
-			$objectId,
-			$this->objectType,
-			$this->userSession->getUser(),
-			$this->tagManager,
-			$this->tagMapper
-		);
-	}
-
-	function getChildren() {
-		// do not list object ids
-		throw new MethodNotAllowed();
-	}
-
-	/**
-	 * Checks if a child-node with the specified name exists
-	 *
-	 * @param string $name
-	 * @return bool
-	 */
-	function childExists($name) {
-		return call_user_func($this->childExistsFunction, $name);
-	}
-
-	function delete() {
-		throw new Forbidden('Permission denied to delete this collection');
-	}
-
-	function getName() {
-		return $this->objectType;
-	}
-
-	/**
-	 * @param string $name
-	 * @throws Forbidden
-	 */
-	function setName($name) {
-		throw new Forbidden('Permission denied to rename this collection');
-	}
-
-	/**
-	 * Returns the last modification time, as a unix timestamp
-	 *
-	 * @return int
-	 */
-	function getLastModified() {
-		return null;
-	}
+    /**
+     * @var string
+     */
+    private $objectType;
+
+    /**
+     * @var ISystemTagManager
+     */
+    private $tagManager;
+
+    /**
+     * @var ISystemTagObjectMapper
+     */
+    private $tagMapper;
+
+    /**
+     * @var IGroupManager
+     */
+    private $groupManager;
+
+    /**
+     * @var IUserSession
+     */
+    private $userSession;
+
+    /**
+     * @var \Closure
+     **/
+    protected $childExistsFunction;
+
+    /**
+     * Constructor
+     *
+     * @param string $objectType object type
+     * @param ISystemTagManager $tagManager
+     * @param ISystemTagObjectMapper $tagMapper
+     * @param IUserSession $userSession
+     * @param IGroupManager $groupManager
+     * @param \Closure $childExistsFunction
+     */
+    public function __construct(
+        $objectType, 
+        ISystemTagManager $tagManager,
+        ISystemTagObjectMapper $tagMapper,
+        IUserSession $userSession,
+        IGroupManager $groupManager,
+        \Closure $childExistsFunction
+    ) {
+        $this->tagManager = $tagManager;
+        $this->tagMapper = $tagMapper;
+        $this->objectType = $objectType;
+        $this->userSession = $userSession;
+        $this->groupManager = $groupManager;
+        $this->childExistsFunction = $childExistsFunction;
+    }
+
+    /**
+     * @param string $name
+     * @param resource|string $data Initial payload
+     * @return null|string
+     * @throws Forbidden
+     */
+    function createFile($name, $data = null) {
+        throw new Forbidden('Permission denied to create nodes');
+    }
+
+    /**
+     * @param string $name
+     * @throws Forbidden
+     */
+    function createDirectory($name) {
+        throw new Forbidden('Permission denied to create collections');
+    }
+
+    /**
+     * @param string $objectId
+     * @return SystemTagsObjectMappingCollection
+     * @throws NotFound
+     */
+    function getChild($objectId) {
+        // make sure the object exists and is reachable
+        if(!$this->childExists($objectId)) {
+            throw new NotFound('Entity does not exist or is not available');
+        }
+        return new SystemTagsObjectMappingCollection(
+            $objectId,
+            $this->objectType,
+            $this->userSession->getUser(),
+            $this->tagManager,
+            $this->tagMapper
+        );
+    }
+
+    function getChildren() {
+        // do not list object ids
+        throw new MethodNotAllowed();
+    }
+
+    /**
+     * Checks if a child-node with the specified name exists
+     *
+     * @param string $name
+     * @return bool
+     */
+    function childExists($name) {
+        return call_user_func($this->childExistsFunction, $name);
+    }
+
+    function delete() {
+        throw new Forbidden('Permission denied to delete this collection');
+    }
+
+    function getName() {
+        return $this->objectType;
+    }
+
+    /**
+     * @param string $name
+     * @throws Forbidden
+     */
+    function setName($name) {
+        throw new Forbidden('Permission denied to rename this collection');
+    }
+
+    /**
+     * Returns the last modification time, as a unix timestamp
+     *
+     * @return int
+     */
+    function getLastModified() {
+        return null;
+    }
 }

apps/dav/lib/SystemTag/SystemTagMappingNode.php

Indentation +130 added lines, -130 removed lines

@@ -37,134 +37,134 @@
  * Mapping node for system tag to object id
  */
 class SystemTagMappingNode implements \Sabre\DAV\INode {
-	/**
-	 * @var ISystemTag
-	 */
-	protected $tag;
-
-	/**
-	 * @var string
-	 */
-	private $objectId;
-
-	/**
-	 * @var string
-	 */
-	private $objectType;
-
-	/**
-	 * User
-	 *
-	 * @var IUser
-	 */
-	protected $user;
-
-	/**
-	 * @var ISystemTagManager
-	 */
-	protected $tagManager;
-
-	/**
-	 * @var ISystemTagObjectMapper
-	 */
-	private $tagMapper;
-
-	/**
-	 * Sets up the node, expects a full path name
-	 *
-	 * @param ISystemTag $tag system tag
-	 * @param string $objectId
-	 * @param string $objectType
-	 * @param IUser $user user
-	 * @param ISystemTagManager $tagManager
-	 * @param ISystemTagObjectMapper $tagMapper
-	 */
-	public function __construct(
-		ISystemTag $tag,
-		$objectId,
-		$objectType,
-		IUser $user,
-		ISystemTagManager $tagManager,
-		ISystemTagObjectMapper $tagMapper
-	) {
-		$this->tag = $tag;
-		$this->objectId = $objectId;
-		$this->objectType = $objectType;
-		$this->user = $user;
-		$this->tagManager = $tagManager;
-		$this->tagMapper = $tagMapper;
-	}
-
-	/**
-	 * Returns the object id of the relationship
-	 *
-	 * @return string object id
-	 */
-	public function getObjectId() {
-		return $this->objectId;
-	}
-
-	/**
-	 * Returns the object type of the relationship
-	 *
-	 * @return string object type
-	 */
-	public function getObjectType() {
-		return $this->objectType;
-	}
-
-	/**
-	 * Returns the system tag represented by this node
-	 *
-	 * @return ISystemTag system tag
-	 */
-	public function getSystemTag() {
-		return $this->tag;
-	}
-
-	/**
-	 *  Returns the id of the tag
-	 *
-	 * @return string
-	 */
-	public function getName() {
-		return $this->tag->getId();
-	}
-
-	/**
-	 * Renames the node
-	 *
-	 * @param string $name The new name
-	 *
-	 * @throws MethodNotAllowed not allowed to rename node
-	 */
-	public function setName($name) {
-		throw new MethodNotAllowed();
-	}
-
-	/**
-	 * Returns null, not supported
-	 *
-	 */
-	public function getLastModified() {
-		return null;
-	}
-
-	/**
-	 * Delete tag to object association
-	 */
-	public function delete() {
-		try {
-			if (!$this->tagManager->canUserSeeTag($this->tag, $this->user)) {
-				throw new NotFound('Tag with id ' . $this->tag->getId() . ' not found');
-			}
-			if (!$this->tagManager->canUserAssignTag($this->tag, $this->user)) {
-				throw new Forbidden('No permission to unassign tag ' . $this->tag->getId());
-			}
-			$this->tagMapper->unassignTags($this->objectId, $this->objectType, $this->tag->getId());
-		} catch (TagNotFoundException $e) {
-			// can happen if concurrent deletion occurred
-			throw new NotFound('Tag with id ' . $this->tag->getId() . ' not found', 0, $e);
-		}
-	}
+    /**
+     * @var ISystemTag
+     */
+    protected $tag;
+
+    /**
+     * @var string
+     */
+    private $objectId;
+
+    /**
+     * @var string
+     */
+    private $objectType;
+
+    /**
+     * User
+     *
+     * @var IUser
+     */
+    protected $user;
+
+    /**
+     * @var ISystemTagManager
+     */
+    protected $tagManager;
+
+    /**
+     * @var ISystemTagObjectMapper
+     */
+    private $tagMapper;
+
+    /**
+     * Sets up the node, expects a full path name
+     *
+     * @param ISystemTag $tag system tag
+     * @param string $objectId
+     * @param string $objectType
+     * @param IUser $user user
+     * @param ISystemTagManager $tagManager
+     * @param ISystemTagObjectMapper $tagMapper
+     */
+    public function __construct(
+        ISystemTag $tag,
+        $objectId,
+        $objectType,
+        IUser $user,
+        ISystemTagManager $tagManager,
+        ISystemTagObjectMapper $tagMapper
+    ) {
+        $this->tag = $tag;
+        $this->objectId = $objectId;
+        $this->objectType = $objectType;
+        $this->user = $user;
+        $this->tagManager = $tagManager;
+        $this->tagMapper = $tagMapper;
+    }
+
+    /**
+     * Returns the object id of the relationship
+     *
+     * @return string object id
+     */
+    public function getObjectId() {
+        return $this->objectId;
+    }
+
+    /**
+     * Returns the object type of the relationship
+     *
+     * @return string object type
+     */
+    public function getObjectType() {
+        return $this->objectType;
+    }
+
+    /**
+     * Returns the system tag represented by this node
+     *
+     * @return ISystemTag system tag
+     */
+    public function getSystemTag() {
+        return $this->tag;
+    }
+
+    /**
+     *  Returns the id of the tag
+     *
+     * @return string
+     */
+    public function getName() {
+        return $this->tag->getId();
+    }
+
+    /**
+     * Renames the node
+     *
+     * @param string $name The new name
+     *
+     * @throws MethodNotAllowed not allowed to rename node
+     */
+    public function setName($name) {
+        throw new MethodNotAllowed();
+    }
+
+    /**
+     * Returns null, not supported
+     *
+     */
+    public function getLastModified() {
+        return null;
+    }
+
+    /**
+     * Delete tag to object association
+     */
+    public function delete() {
+        try {
+            if (!$this->tagManager->canUserSeeTag($this->tag, $this->user)) {
+                throw new NotFound('Tag with id ' . $this->tag->getId() . ' not found');
+            }
+            if (!$this->tagManager->canUserAssignTag($this->tag, $this->user)) {
+                throw new Forbidden('No permission to unassign tag ' . $this->tag->getId());
+            }
+            $this->tagMapper->unassignTags($this->objectId, $this->objectType, $this->tag->getId());
+        } catch (TagNotFoundException $e) {
+            // can happen if concurrent deletion occurred
+            throw new NotFound('Tag with id ' . $this->tag->getId() . ' not found', 0, $e);
+        }
+    }
 }