nextcloud / server

apps/dav/lib/Connector/Sabre/Principal.php

Indentation +568 added lines, -568 removed lines

@@ -32,572 +32,572 @@
 
 class Principal implements BackendInterface {
 
-	/** @var string */
-	private $principalPrefix;
-
-	/** @var bool */
-	private $hasGroups;
-
-	/** @var bool */
-	private $hasCircles;
-
-	/** @var ProxyMapper */
-	private $proxyMapper;
-
-	/** @var KnownUserService */
-	private $knownUserService;
-
-	public function __construct(
-		private IUserManager $userManager,
-		private IGroupManager $groupManager,
-		private IAccountManager $accountManager,
-		private IShareManager $shareManager,
-		private IUserSession $userSession,
-		private IAppManager $appManager,
-		ProxyMapper $proxyMapper,
-		KnownUserService $knownUserService,
-		private IConfig $config,
-		private IFactory $languageFactory,
-		string $principalPrefix = 'principals/users/',
-	) {
-		$this->principalPrefix = trim($principalPrefix, '/');
-		$this->hasGroups = $this->hasCircles = ($principalPrefix === 'principals/users/');
-		$this->proxyMapper = $proxyMapper;
-		$this->knownUserService = $knownUserService;
-	}
-
-	use PrincipalProxyTrait {
-		getGroupMembership as protected traitGetGroupMembership;
-	}
-
-	/**
-	 * Returns a list of principals based on a prefix.
-	 *
-	 * This prefix will often contain something like 'principals'. You are only
-	 * expected to return principals that are in this base path.
-	 *
-	 * You are expected to return at least a 'uri' for every user, you can
-	 * return any additional properties if you wish so. Common properties are:
-	 *   {DAV:}displayname
-	 *
-	 * @param string $prefixPath
-	 * @return string[]
-	 */
-	public function getPrincipalsByPrefix($prefixPath) {
-		$principals = [];
-
-		if ($prefixPath === $this->principalPrefix) {
-			foreach ($this->userManager->search('') as $user) {
-				$principals[] = $this->userToPrincipal($user);
-			}
-		}
-
-		return $principals;
-	}
-
-	/**
-	 * Returns a specific principal, specified by it's path.
-	 * The returned structure should be the exact same as from
-	 * getPrincipalsByPrefix.
-	 *
-	 * @param string $path
-	 * @return array
-	 */
-	public function getPrincipalByPath($path) {
-		[$prefix, $name] = \Sabre\Uri\split($path);
-		$decodedName = urldecode($name);
-
-		if ($name === 'calendar-proxy-write' || $name === 'calendar-proxy-read') {
-			[$prefix2, $name2] = \Sabre\Uri\split($prefix);
-
-			if ($prefix2 === $this->principalPrefix) {
-				$user = $this->userManager->get($name2);
-
-				if ($user !== null) {
-					return [
-						'uri' => 'principals/users/' . $user->getUID() . '/' . $name,
-					];
-				}
-				return null;
-			}
-		}
-
-		if ($prefix === $this->principalPrefix) {
-			// Depending on where it is called, it may happen that this function
-			// is called either with a urlencoded version of the name or with a non-urlencoded one.
-			// The urldecode function replaces %## and +, both of which are forbidden in usernames.
-			// Hence there can be no ambiguity here and it is safe to call urldecode on all usernames
-			$user = $this->userManager->get($decodedName);
-
-			if ($user !== null) {
-				return $this->userToPrincipal($user);
-			}
-		} elseif ($prefix === 'principals/circles') {
-			if ($this->userSession->getUser() !== null) {
-				// At the time of writing - 2021-01-19 — a mixed state is possible.
-				// The second condition can be removed when this is fixed.
-				return $this->circleToPrincipal($decodedName)
-					?: $this->circleToPrincipal($name);
-			}
-		} elseif ($prefix === 'principals/groups') {
-			// At the time of writing - 2021-01-19 — a mixed state is possible.
-			// The second condition can be removed when this is fixed.
-			$group = $this->groupManager->get($decodedName)
-				?: $this->groupManager->get($name);
-			if ($group instanceof IGroup) {
-				return [
-					'uri' => 'principals/groups/' . $name,
-					'{DAV:}displayname' => $group->getDisplayName(),
-				];
-			}
-		} elseif ($prefix === 'principals/system') {
-			return [
-				'uri' => 'principals/system/' . $name,
-				'{DAV:}displayname' => $this->languageFactory->get('dav')->t('Accounts'),
-			];
-		} elseif ($prefix === 'principals/shares') {
-			return [
-				'uri' => 'principals/shares/' . $name,
-				'{DAV:}displayname' => $name,
-			];
-		}
-		return null;
-	}
-
-	/**
-	 * Returns the list of groups a principal is a member of
-	 *
-	 * @param string $principal
-	 * @param bool $needGroups
-	 * @return array
-	 * @throws Exception
-	 */
-	public function getGroupMembership($principal, $needGroups = false) {
-		[$prefix, $name] = \Sabre\Uri\split($principal);
-
-		if ($prefix !== $this->principalPrefix) {
-			return [];
-		}
-
-		$user = $this->userManager->get($name);
-		if (!$user) {
-			throw new Exception('Principal not found');
-		}
-
-		$groups = [];
-
-		if ($this->hasGroups || $needGroups) {
-			$userGroups = $this->groupManager->getUserGroups($user);
-			foreach ($userGroups as $userGroup) {
-				$groups[] = 'principals/groups/' . urlencode($userGroup->getGID());
-			}
-		}
-
-		$groups = array_unique(array_merge(
-			$groups,
-			$this->traitGetGroupMembership($principal, $needGroups)
-		));
-
-		return $groups;
-	}
-
-	/**
-	 * @param string $path
-	 * @param PropPatch $propPatch
-	 * @return int
-	 */
-	public function updatePrincipal($path, PropPatch $propPatch) {
-		// Updating schedule-default-calendar-URL is handled in CustomPropertiesBackend
-		return 0;
-	}
-
-	/**
-	 * Search user principals
-	 *
-	 * @param array $searchProperties
-	 * @param string $test
-	 * @return array
-	 */
-	protected function searchUserPrincipals(array $searchProperties, $test = 'allof') {
-		$results = [];
-
-		// If sharing is disabled, return the empty array
-		$shareAPIEnabled = $this->shareManager->shareApiEnabled();
-		if (!$shareAPIEnabled) {
-			return [];
-		}
-
-		$allowEnumeration = $this->shareManager->allowEnumeration();
-		$limitEnumerationGroup = $this->shareManager->limitEnumerationToGroups();
-		$limitEnumerationPhone = $this->shareManager->limitEnumerationToPhone();
-		$allowEnumerationFullMatch = $this->shareManager->allowEnumerationFullMatch();
-		$ignoreSecondDisplayName = $this->shareManager->ignoreSecondDisplayName();
-		$matchEmail = $this->shareManager->matchEmail();
-
-		// If sharing is restricted to group members only,
-		// return only members that have groups in common
-		$restrictGroups = false;
-		$currentUser = $this->userSession->getUser();
-		if ($this->shareManager->shareWithGroupMembersOnly()) {
-			if (!$currentUser instanceof IUser) {
-				return [];
-			}
-
-			$restrictGroups = $this->groupManager->getUserGroupIds($currentUser);
-		}
-
-		$currentUserGroups = [];
-		if ($limitEnumerationGroup) {
-			if ($currentUser instanceof IUser) {
-				$currentUserGroups = $this->groupManager->getUserGroupIds($currentUser);
-			}
-		}
-
-		$searchLimit = $this->config->getSystemValueInt('sharing.maxAutocompleteResults', Constants::SHARING_MAX_AUTOCOMPLETE_RESULTS_DEFAULT);
-		if ($searchLimit <= 0) {
-			$searchLimit = null;
-		}
-		foreach ($searchProperties as $prop => $value) {
-			switch ($prop) {
-				case '{http://sabredav.org/ns}email-address':
-					if (!$allowEnumeration) {
-						if ($allowEnumerationFullMatch && $matchEmail) {
-							$users = $this->userManager->getByEmail($value);
-						} else {
-							$users = [];
-						}
-					} else {
-						$users = $this->userManager->getByEmail($value);
-						$users = \array_filter($users, function (IUser $user) use ($currentUser, $value, $limitEnumerationPhone, $limitEnumerationGroup, $allowEnumerationFullMatch, $currentUserGroups) {
-							if ($allowEnumerationFullMatch && $user->getSystemEMailAddress() === $value) {
-								return true;
-							}
-
-							if ($limitEnumerationPhone
-								&& $currentUser instanceof IUser
-								&& $this->knownUserService->isKnownToUser($currentUser->getUID(), $user->getUID())) {
-								// Synced phonebook match
-								return true;
-							}
-
-							if (!$limitEnumerationGroup) {
-								// No limitation on enumeration, all allowed
-								return true;
-							}
-
-							return !empty($currentUserGroups) && !empty(array_intersect(
-								$this->groupManager->getUserGroupIds($user),
-								$currentUserGroups
-							));
-						});
-					}
-
-					$results[] = array_reduce($users, function (array $carry, IUser $user) use ($restrictGroups) {
-						// is sharing restricted to groups only?
-						if ($restrictGroups !== false) {
-							$userGroups = $this->groupManager->getUserGroupIds($user);
-							if (count(array_intersect($userGroups, $restrictGroups)) === 0) {
-								return $carry;
-							}
-						}
-
-						$carry[] = $this->principalPrefix . '/' . $user->getUID();
-						return $carry;
-					}, []);
-					break;
-
-				case '{DAV:}displayname':
-
-					if (!$allowEnumeration) {
-						if ($allowEnumerationFullMatch) {
-							$lowerSearch = strtolower($value);
-							$users = $this->userManager->searchDisplayName($value, $searchLimit);
-							$users = \array_filter($users, static function (IUser $user) use ($lowerSearch, $ignoreSecondDisplayName) {
-								$lowerDisplayName = strtolower($user->getDisplayName());
-								return $lowerDisplayName === $lowerSearch || ($ignoreSecondDisplayName && trim(preg_replace('/ \(.*\)$/', '', $lowerDisplayName)) === $lowerSearch);
-							});
-						} else {
-							$users = [];
-						}
-					} else {
-						$users = $this->userManager->searchDisplayName($value, $searchLimit);
-						$users = \array_filter($users, function (IUser $user) use ($currentUser, $value, $limitEnumerationPhone, $limitEnumerationGroup, $allowEnumerationFullMatch, $currentUserGroups) {
-							if ($allowEnumerationFullMatch && $user->getDisplayName() === $value) {
-								return true;
-							}
-
-							if ($limitEnumerationPhone
-								&& $currentUser instanceof IUser
-								&& $this->knownUserService->isKnownToUser($currentUser->getUID(), $user->getUID())) {
-								// Synced phonebook match
-								return true;
-							}
-
-							if (!$limitEnumerationGroup) {
-								// No limitation on enumeration, all allowed
-								return true;
-							}
-
-							return !empty($currentUserGroups) && !empty(array_intersect(
-								$this->groupManager->getUserGroupIds($user),
-								$currentUserGroups
-							));
-						});
-					}
-
-					$results[] = array_reduce($users, function (array $carry, IUser $user) use ($restrictGroups) {
-						// is sharing restricted to groups only?
-						if ($restrictGroups !== false) {
-							$userGroups = $this->groupManager->getUserGroupIds($user);
-							if (count(array_intersect($userGroups, $restrictGroups)) === 0) {
-								return $carry;
-							}
-						}
-
-						$carry[] = $this->principalPrefix . '/' . $user->getUID();
-						return $carry;
-					}, []);
-					break;
-
-				case '{urn:ietf:params:xml:ns:caldav}calendar-user-address-set':
-					// If you add support for more search properties that qualify as a user-address,
-					// please also add them to the array below
-					$results[] = $this->searchUserPrincipals([
-						// In theory this should also search for principal:principals/users/...
-						// but that's used internally only anyway and i don't know of any client querying that
-						'{http://sabredav.org/ns}email-address' => $value,
-					], 'anyof');
-					break;
-
-				default:
-					$results[] = [];
-					break;
-			}
-		}
-
-		// results is an array of arrays, so this is not the first search result
-		// but the results of the first searchProperty
-		if (count($results) === 1) {
-			return $results[0];
-		}
-
-		switch ($test) {
-			case 'anyof':
-				return array_values(array_unique(array_merge(...$results)));
-
-			case 'allof':
-			default:
-				return array_values(array_intersect(...$results));
-		}
-	}
-
-	/**
-	 * @param string $prefixPath
-	 * @param array $searchProperties
-	 * @param string $test
-	 * @return array
-	 */
-	public function searchPrincipals($prefixPath, array $searchProperties, $test = 'allof') {
-		if (count($searchProperties) === 0) {
-			return [];
-		}
-
-		switch ($prefixPath) {
-			case 'principals/users':
-				return $this->searchUserPrincipals($searchProperties, $test);
-
-			default:
-				return [];
-		}
-	}
-
-	/**
-	 * @param string $uri
-	 * @param string $principalPrefix
-	 * @return string
-	 */
-	public function findByUri($uri, $principalPrefix) {
-		// If sharing is disabled, return the empty array
-		$shareAPIEnabled = $this->shareManager->shareApiEnabled();
-		if (!$shareAPIEnabled) {
-			return null;
-		}
-
-		// If sharing is restricted to group members only,
-		// return only members that have groups in common
-		$restrictGroups = false;
-		if ($this->shareManager->shareWithGroupMembersOnly()) {
-			$user = $this->userSession->getUser();
-			if (!$user) {
-				return null;
-			}
-
-			$restrictGroups = $this->groupManager->getUserGroupIds($user);
-		}
-
-		if (str_starts_with($uri, 'mailto:')) {
-			if ($principalPrefix === 'principals/users') {
-				$users = $this->userManager->getByEmail(substr($uri, 7));
-				if (count($users) !== 1) {
-					return null;
-				}
-				$user = $users[0];
-
-				if ($restrictGroups !== false) {
-					$userGroups = $this->groupManager->getUserGroupIds($user);
-					if (count(array_intersect($userGroups, $restrictGroups)) === 0) {
-						return null;
-					}
-				}
-
-				return $this->principalPrefix . '/' . $user->getUID();
-			}
-		}
-		if (str_starts_with($uri, 'principal:')) {
-			$principal = substr($uri, 10);
-			$principal = $this->getPrincipalByPath($principal);
-			if ($principal !== null) {
-				return $principal['uri'];
-			}
-		}
-
-		return null;
-	}
-
-	/**
-	 * @param IUser $user
-	 * @return array
-	 * @throws PropertyDoesNotExistException
-	 */
-	protected function userToPrincipal($user) {
-		$userId = $user->getUID();
-		$displayName = $user->getDisplayName();
-		$principal = [
-			'uri' => $this->principalPrefix . '/' . $userId,
-			'{DAV:}displayname' => is_null($displayName) ? $userId : $displayName,
-			'{urn:ietf:params:xml:ns:caldav}calendar-user-type' => 'INDIVIDUAL',
-			'{http://nextcloud.com/ns}language' => $this->languageFactory->getUserLanguage($user),
-		];
-
-		$account = $this->accountManager->getAccount($user);
-		$alternativeEmails = array_map(fn (IAccountProperty $property) => 'mailto:' . $property->getValue(), $account->getPropertyCollection(IAccountManager::COLLECTION_EMAIL)->getProperties());
-
-		$email = $user->getSystemEMailAddress();
-		if (!empty($email)) {
-			$principal['{http://sabredav.org/ns}email-address'] = $email;
-		}
-
-		if (!empty($alternativeEmails)) {
-			$principal['{DAV:}alternate-URI-set'] = $alternativeEmails;
-		}
-
-		return $principal;
-	}
-
-	public function getPrincipalPrefix() {
-		return $this->principalPrefix;
-	}
-
-	/**
-	 * @param string $circleUniqueId
-	 * @return array|null
-	 */
-	protected function circleToPrincipal($circleUniqueId) {
-		if (!$this->appManager->isEnabledForUser('circles') || !class_exists('\OCA\Circles\Api\v1\Circles')) {
-			return null;
-		}
-
-		try {
-			$circle = Circles::detailsCircle($circleUniqueId, true);
-		} catch (QueryException $ex) {
-			return null;
-		} catch (CircleNotFoundException $ex) {
-			return null;
-		}
-
-		if (!$circle) {
-			return null;
-		}
-
-		$principal = [
-			'uri' => 'principals/circles/' . $circleUniqueId,
-			'{DAV:}displayname' => $circle->getDisplayName(),
-		];
-
-		return $principal;
-	}
-
-	/**
-	 * Returns the list of circles a principal is a member of
-	 *
-	 * @param string $principal
-	 * @return array
-	 * @throws Exception
-	 * @throws QueryException
-	 * @suppress PhanUndeclaredClassMethod
-	 */
-	public function getCircleMembership($principal):array {
-		if (!$this->appManager->isEnabledForUser('circles') || !class_exists('\OCA\Circles\Api\v1\Circles')) {
-			return [];
-		}
-
-		[$prefix, $name] = \Sabre\Uri\split($principal);
-		if ($this->hasCircles && $prefix === $this->principalPrefix) {
-			$user = $this->userManager->get($name);
-			if (!$user) {
-				throw new Exception('Principal not found');
-			}
-
-			$circles = Circles::joinedCircles($name, true);
-
-			$circles = array_map(function ($circle) {
-				/** @var Circle $circle */
-				return 'principals/circles/' . urlencode($circle->getSingleId());
-			}, $circles);
-
-			return $circles;
-		}
-
-		return [];
-	}
-
-	/**
-	 * Get all email addresses associated to a principal.
-	 *
-	 * @param array $principal Data from getPrincipal*()
-	 * @return string[] All email addresses without the mailto: prefix
-	 */
-	public function getEmailAddressesOfPrincipal(array $principal): array {
-		$emailAddresses = [];
-
-		if (isset($principal['{http://sabredav.org/ns}email-address'])) {
-			$emailAddresses[] = $principal['{http://sabredav.org/ns}email-address'];
-		}
-
-		if (isset($principal['{DAV:}alternate-URI-set'])) {
-			foreach ($principal['{DAV:}alternate-URI-set'] as $address) {
-				if (str_starts_with($address, 'mailto:')) {
-					$emailAddresses[] = substr($address, 7);
-				}
-			}
-		}
-
-		if (isset($principal['{urn:ietf:params:xml:ns:caldav}calendar-user-address-set'])) {
-			foreach ($principal['{urn:ietf:params:xml:ns:caldav}calendar-user-address-set'] as $address) {
-				if (str_starts_with($address, 'mailto:')) {
-					$emailAddresses[] = substr($address, 7);
-				}
-			}
-		}
-
-		if (isset($principal['{http://calendarserver.org/ns/}email-address-set'])) {
-			foreach ($principal['{http://calendarserver.org/ns/}email-address-set'] as $address) {
-				if (str_starts_with($address, 'mailto:')) {
-					$emailAddresses[] = substr($address, 7);
-				}
-			}
-		}
-
-		return array_values(array_unique($emailAddresses));
-	}
+    /** @var string */
+    private $principalPrefix;
+
+    /** @var bool */
+    private $hasGroups;
+
+    /** @var bool */
+    private $hasCircles;
+
+    /** @var ProxyMapper */
+    private $proxyMapper;
+
+    /** @var KnownUserService */
+    private $knownUserService;
+
+    public function __construct(
+        private IUserManager $userManager,
+        private IGroupManager $groupManager,
+        private IAccountManager $accountManager,
+        private IShareManager $shareManager,
+        private IUserSession $userSession,
+        private IAppManager $appManager,
+        ProxyMapper $proxyMapper,
+        KnownUserService $knownUserService,
+        private IConfig $config,
+        private IFactory $languageFactory,
+        string $principalPrefix = 'principals/users/',
+    ) {
+        $this->principalPrefix = trim($principalPrefix, '/');
+        $this->hasGroups = $this->hasCircles = ($principalPrefix === 'principals/users/');
+        $this->proxyMapper = $proxyMapper;
+        $this->knownUserService = $knownUserService;
+    }
+
+    use PrincipalProxyTrait {
+        getGroupMembership as protected traitGetGroupMembership;
+    }
+
+    /**
+     * Returns a list of principals based on a prefix.
+     *
+     * This prefix will often contain something like 'principals'. You are only
+     * expected to return principals that are in this base path.
+     *
+     * You are expected to return at least a 'uri' for every user, you can
+     * return any additional properties if you wish so. Common properties are:
+     *   {DAV:}displayname
+     *
+     * @param string $prefixPath
+     * @return string[]
+     */
+    public function getPrincipalsByPrefix($prefixPath) {
+        $principals = [];
+
+        if ($prefixPath === $this->principalPrefix) {
+            foreach ($this->userManager->search('') as $user) {
+                $principals[] = $this->userToPrincipal($user);
+            }
+        }
+
+        return $principals;
+    }
+
+    /**
+     * Returns a specific principal, specified by it's path.
+     * The returned structure should be the exact same as from
+     * getPrincipalsByPrefix.
+     *
+     * @param string $path
+     * @return array
+     */
+    public function getPrincipalByPath($path) {
+        [$prefix, $name] = \Sabre\Uri\split($path);
+        $decodedName = urldecode($name);
+
+        if ($name === 'calendar-proxy-write' || $name === 'calendar-proxy-read') {
+            [$prefix2, $name2] = \Sabre\Uri\split($prefix);
+
+            if ($prefix2 === $this->principalPrefix) {
+                $user = $this->userManager->get($name2);
+
+                if ($user !== null) {
+                    return [
+                        'uri' => 'principals/users/' . $user->getUID() . '/' . $name,
+                    ];
+                }
+                return null;
+            }
+        }
+
+        if ($prefix === $this->principalPrefix) {
+            // Depending on where it is called, it may happen that this function
+            // is called either with a urlencoded version of the name or with a non-urlencoded one.
+            // The urldecode function replaces %## and +, both of which are forbidden in usernames.
+            // Hence there can be no ambiguity here and it is safe to call urldecode on all usernames
+            $user = $this->userManager->get($decodedName);
+
+            if ($user !== null) {
+                return $this->userToPrincipal($user);
+            }
+        } elseif ($prefix === 'principals/circles') {
+            if ($this->userSession->getUser() !== null) {
+                // At the time of writing - 2021-01-19 — a mixed state is possible.
+                // The second condition can be removed when this is fixed.
+                return $this->circleToPrincipal($decodedName)
+                    ?: $this->circleToPrincipal($name);
+            }
+        } elseif ($prefix === 'principals/groups') {
+            // At the time of writing - 2021-01-19 — a mixed state is possible.
+            // The second condition can be removed when this is fixed.
+            $group = $this->groupManager->get($decodedName)
+                ?: $this->groupManager->get($name);
+            if ($group instanceof IGroup) {
+                return [
+                    'uri' => 'principals/groups/' . $name,
+                    '{DAV:}displayname' => $group->getDisplayName(),
+                ];
+            }
+        } elseif ($prefix === 'principals/system') {
+            return [
+                'uri' => 'principals/system/' . $name,
+                '{DAV:}displayname' => $this->languageFactory->get('dav')->t('Accounts'),
+            ];
+        } elseif ($prefix === 'principals/shares') {
+            return [
+                'uri' => 'principals/shares/' . $name,
+                '{DAV:}displayname' => $name,
+            ];
+        }
+        return null;
+    }
+
+    /**
+     * Returns the list of groups a principal is a member of
+     *
+     * @param string $principal
+     * @param bool $needGroups
+     * @return array
+     * @throws Exception
+     */
+    public function getGroupMembership($principal, $needGroups = false) {
+        [$prefix, $name] = \Sabre\Uri\split($principal);
+
+        if ($prefix !== $this->principalPrefix) {
+            return [];
+        }
+
+        $user = $this->userManager->get($name);
+        if (!$user) {
+            throw new Exception('Principal not found');
+        }
+
+        $groups = [];
+
+        if ($this->hasGroups || $needGroups) {
+            $userGroups = $this->groupManager->getUserGroups($user);
+            foreach ($userGroups as $userGroup) {
+                $groups[] = 'principals/groups/' . urlencode($userGroup->getGID());
+            }
+        }
+
+        $groups = array_unique(array_merge(
+            $groups,
+            $this->traitGetGroupMembership($principal, $needGroups)
+        ));
+
+        return $groups;
+    }
+
+    /**
+     * @param string $path
+     * @param PropPatch $propPatch
+     * @return int
+     */
+    public function updatePrincipal($path, PropPatch $propPatch) {
+        // Updating schedule-default-calendar-URL is handled in CustomPropertiesBackend
+        return 0;
+    }
+
+    /**
+     * Search user principals
+     *
+     * @param array $searchProperties
+     * @param string $test
+     * @return array
+     */
+    protected function searchUserPrincipals(array $searchProperties, $test = 'allof') {
+        $results = [];
+
+        // If sharing is disabled, return the empty array
+        $shareAPIEnabled = $this->shareManager->shareApiEnabled();
+        if (!$shareAPIEnabled) {
+            return [];
+        }
+
+        $allowEnumeration = $this->shareManager->allowEnumeration();
+        $limitEnumerationGroup = $this->shareManager->limitEnumerationToGroups();
+        $limitEnumerationPhone = $this->shareManager->limitEnumerationToPhone();
+        $allowEnumerationFullMatch = $this->shareManager->allowEnumerationFullMatch();
+        $ignoreSecondDisplayName = $this->shareManager->ignoreSecondDisplayName();
+        $matchEmail = $this->shareManager->matchEmail();
+
+        // If sharing is restricted to group members only,
+        // return only members that have groups in common
+        $restrictGroups = false;
+        $currentUser = $this->userSession->getUser();
+        if ($this->shareManager->shareWithGroupMembersOnly()) {
+            if (!$currentUser instanceof IUser) {
+                return [];
+            }
+
+            $restrictGroups = $this->groupManager->getUserGroupIds($currentUser);
+        }
+
+        $currentUserGroups = [];
+        if ($limitEnumerationGroup) {
+            if ($currentUser instanceof IUser) {
+                $currentUserGroups = $this->groupManager->getUserGroupIds($currentUser);
+            }
+        }
+
+        $searchLimit = $this->config->getSystemValueInt('sharing.maxAutocompleteResults', Constants::SHARING_MAX_AUTOCOMPLETE_RESULTS_DEFAULT);
+        if ($searchLimit <= 0) {
+            $searchLimit = null;
+        }
+        foreach ($searchProperties as $prop => $value) {
+            switch ($prop) {
+                case '{http://sabredav.org/ns}email-address':
+                    if (!$allowEnumeration) {
+                        if ($allowEnumerationFullMatch && $matchEmail) {
+                            $users = $this->userManager->getByEmail($value);
+                        } else {
+                            $users = [];
+                        }
+                    } else {
+                        $users = $this->userManager->getByEmail($value);
+                        $users = \array_filter($users, function (IUser $user) use ($currentUser, $value, $limitEnumerationPhone, $limitEnumerationGroup, $allowEnumerationFullMatch, $currentUserGroups) {
+                            if ($allowEnumerationFullMatch && $user->getSystemEMailAddress() === $value) {
+                                return true;
+                            }
+
+                            if ($limitEnumerationPhone
+                                && $currentUser instanceof IUser
+                                && $this->knownUserService->isKnownToUser($currentUser->getUID(), $user->getUID())) {
+                                // Synced phonebook match
+                                return true;
+                            }
+
+                            if (!$limitEnumerationGroup) {
+                                // No limitation on enumeration, all allowed
+                                return true;
+                            }
+
+                            return !empty($currentUserGroups) && !empty(array_intersect(
+                                $this->groupManager->getUserGroupIds($user),
+                                $currentUserGroups
+                            ));
+                        });
+                    }
+
+                    $results[] = array_reduce($users, function (array $carry, IUser $user) use ($restrictGroups) {
+                        // is sharing restricted to groups only?
+                        if ($restrictGroups !== false) {
+                            $userGroups = $this->groupManager->getUserGroupIds($user);
+                            if (count(array_intersect($userGroups, $restrictGroups)) === 0) {
+                                return $carry;
+                            }
+                        }
+
+                        $carry[] = $this->principalPrefix . '/' . $user->getUID();
+                        return $carry;
+                    }, []);
+                    break;
+
+                case '{DAV:}displayname':
+
+                    if (!$allowEnumeration) {
+                        if ($allowEnumerationFullMatch) {
+                            $lowerSearch = strtolower($value);
+                            $users = $this->userManager->searchDisplayName($value, $searchLimit);
+                            $users = \array_filter($users, static function (IUser $user) use ($lowerSearch, $ignoreSecondDisplayName) {
+                                $lowerDisplayName = strtolower($user->getDisplayName());
+                                return $lowerDisplayName === $lowerSearch || ($ignoreSecondDisplayName && trim(preg_replace('/ \(.*\)$/', '', $lowerDisplayName)) === $lowerSearch);
+                            });
+                        } else {
+                            $users = [];
+                        }
+                    } else {
+                        $users = $this->userManager->searchDisplayName($value, $searchLimit);
+                        $users = \array_filter($users, function (IUser $user) use ($currentUser, $value, $limitEnumerationPhone, $limitEnumerationGroup, $allowEnumerationFullMatch, $currentUserGroups) {
+                            if ($allowEnumerationFullMatch && $user->getDisplayName() === $value) {
+                                return true;
+                            }
+
+                            if ($limitEnumerationPhone
+                                && $currentUser instanceof IUser
+                                && $this->knownUserService->isKnownToUser($currentUser->getUID(), $user->getUID())) {
+                                // Synced phonebook match
+                                return true;
+                            }
+
+                            if (!$limitEnumerationGroup) {
+                                // No limitation on enumeration, all allowed
+                                return true;
+                            }
+
+                            return !empty($currentUserGroups) && !empty(array_intersect(
+                                $this->groupManager->getUserGroupIds($user),
+                                $currentUserGroups
+                            ));
+                        });
+                    }
+
+                    $results[] = array_reduce($users, function (array $carry, IUser $user) use ($restrictGroups) {
+                        // is sharing restricted to groups only?
+                        if ($restrictGroups !== false) {
+                            $userGroups = $this->groupManager->getUserGroupIds($user);
+                            if (count(array_intersect($userGroups, $restrictGroups)) === 0) {
+                                return $carry;
+                            }
+                        }
+
+                        $carry[] = $this->principalPrefix . '/' . $user->getUID();
+                        return $carry;
+                    }, []);
+                    break;
+
+                case '{urn:ietf:params:xml:ns:caldav}calendar-user-address-set':
+                    // If you add support for more search properties that qualify as a user-address,
+                    // please also add them to the array below
+                    $results[] = $this->searchUserPrincipals([
+                        // In theory this should also search for principal:principals/users/...
+                        // but that's used internally only anyway and i don't know of any client querying that
+                        '{http://sabredav.org/ns}email-address' => $value,
+                    ], 'anyof');
+                    break;
+
+                default:
+                    $results[] = [];
+                    break;
+            }
+        }
+
+        // results is an array of arrays, so this is not the first search result
+        // but the results of the first searchProperty
+        if (count($results) === 1) {
+            return $results[0];
+        }
+
+        switch ($test) {
+            case 'anyof':
+                return array_values(array_unique(array_merge(...$results)));
+
+            case 'allof':
+            default:
+                return array_values(array_intersect(...$results));
+        }
+    }
+
+    /**
+     * @param string $prefixPath
+     * @param array $searchProperties
+     * @param string $test
+     * @return array
+     */
+    public function searchPrincipals($prefixPath, array $searchProperties, $test = 'allof') {
+        if (count($searchProperties) === 0) {
+            return [];
+        }
+
+        switch ($prefixPath) {
+            case 'principals/users':
+                return $this->searchUserPrincipals($searchProperties, $test);
+
+            default:
+                return [];
+        }
+    }
+
+    /**
+     * @param string $uri
+     * @param string $principalPrefix
+     * @return string
+     */
+    public function findByUri($uri, $principalPrefix) {
+        // If sharing is disabled, return the empty array
+        $shareAPIEnabled = $this->shareManager->shareApiEnabled();
+        if (!$shareAPIEnabled) {
+            return null;
+        }
+
+        // If sharing is restricted to group members only,
+        // return only members that have groups in common
+        $restrictGroups = false;
+        if ($this->shareManager->shareWithGroupMembersOnly()) {
+            $user = $this->userSession->getUser();
+            if (!$user) {
+                return null;
+            }
+
+            $restrictGroups = $this->groupManager->getUserGroupIds($user);
+        }
+
+        if (str_starts_with($uri, 'mailto:')) {
+            if ($principalPrefix === 'principals/users') {
+                $users = $this->userManager->getByEmail(substr($uri, 7));
+                if (count($users) !== 1) {
+                    return null;
+                }
+                $user = $users[0];
+
+                if ($restrictGroups !== false) {
+                    $userGroups = $this->groupManager->getUserGroupIds($user);
+                    if (count(array_intersect($userGroups, $restrictGroups)) === 0) {
+                        return null;
+                    }
+                }
+
+                return $this->principalPrefix . '/' . $user->getUID();
+            }
+        }
+        if (str_starts_with($uri, 'principal:')) {
+            $principal = substr($uri, 10);
+            $principal = $this->getPrincipalByPath($principal);
+            if ($principal !== null) {
+                return $principal['uri'];
+            }
+        }
+
+        return null;
+    }
+
+    /**
+     * @param IUser $user
+     * @return array
+     * @throws PropertyDoesNotExistException
+     */
+    protected function userToPrincipal($user) {
+        $userId = $user->getUID();
+        $displayName = $user->getDisplayName();
+        $principal = [
+            'uri' => $this->principalPrefix . '/' . $userId,
+            '{DAV:}displayname' => is_null($displayName) ? $userId : $displayName,
+            '{urn:ietf:params:xml:ns:caldav}calendar-user-type' => 'INDIVIDUAL',
+            '{http://nextcloud.com/ns}language' => $this->languageFactory->getUserLanguage($user),
+        ];
+
+        $account = $this->accountManager->getAccount($user);
+        $alternativeEmails = array_map(fn (IAccountProperty $property) => 'mailto:' . $property->getValue(), $account->getPropertyCollection(IAccountManager::COLLECTION_EMAIL)->getProperties());
+
+        $email = $user->getSystemEMailAddress();
+        if (!empty($email)) {
+            $principal['{http://sabredav.org/ns}email-address'] = $email;
+        }
+
+        if (!empty($alternativeEmails)) {
+            $principal['{DAV:}alternate-URI-set'] = $alternativeEmails;
+        }
+
+        return $principal;
+    }
+
+    public function getPrincipalPrefix() {
+        return $this->principalPrefix;
+    }
+
+    /**
+     * @param string $circleUniqueId
+     * @return array|null
+     */
+    protected function circleToPrincipal($circleUniqueId) {
+        if (!$this->appManager->isEnabledForUser('circles') || !class_exists('\OCA\Circles\Api\v1\Circles')) {
+            return null;
+        }
+
+        try {
+            $circle = Circles::detailsCircle($circleUniqueId, true);
+        } catch (QueryException $ex) {
+            return null;
+        } catch (CircleNotFoundException $ex) {
+            return null;
+        }
+
+        if (!$circle) {
+            return null;
+        }
+
+        $principal = [
+            'uri' => 'principals/circles/' . $circleUniqueId,
+            '{DAV:}displayname' => $circle->getDisplayName(),
+        ];
+
+        return $principal;
+    }
+
+    /**
+     * Returns the list of circles a principal is a member of
+     *
+     * @param string $principal
+     * @return array
+     * @throws Exception
+     * @throws QueryException
+     * @suppress PhanUndeclaredClassMethod
+     */
+    public function getCircleMembership($principal):array {
+        if (!$this->appManager->isEnabledForUser('circles') || !class_exists('\OCA\Circles\Api\v1\Circles')) {
+            return [];
+        }
+
+        [$prefix, $name] = \Sabre\Uri\split($principal);
+        if ($this->hasCircles && $prefix === $this->principalPrefix) {
+            $user = $this->userManager->get($name);
+            if (!$user) {
+                throw new Exception('Principal not found');
+            }
+
+            $circles = Circles::joinedCircles($name, true);
+
+            $circles = array_map(function ($circle) {
+                /** @var Circle $circle */
+                return 'principals/circles/' . urlencode($circle->getSingleId());
+            }, $circles);
+
+            return $circles;
+        }
+
+        return [];
+    }
+
+    /**
+     * Get all email addresses associated to a principal.
+     *
+     * @param array $principal Data from getPrincipal*()
+     * @return string[] All email addresses without the mailto: prefix
+     */
+    public function getEmailAddressesOfPrincipal(array $principal): array {
+        $emailAddresses = [];
+
+        if (isset($principal['{http://sabredav.org/ns}email-address'])) {
+            $emailAddresses[] = $principal['{http://sabredav.org/ns}email-address'];
+        }
+
+        if (isset($principal['{DAV:}alternate-URI-set'])) {
+            foreach ($principal['{DAV:}alternate-URI-set'] as $address) {
+                if (str_starts_with($address, 'mailto:')) {
+                    $emailAddresses[] = substr($address, 7);
+                }
+            }
+        }
+
+        if (isset($principal['{urn:ietf:params:xml:ns:caldav}calendar-user-address-set'])) {
+            foreach ($principal['{urn:ietf:params:xml:ns:caldav}calendar-user-address-set'] as $address) {
+                if (str_starts_with($address, 'mailto:')) {
+                    $emailAddresses[] = substr($address, 7);
+                }
+            }
+        }
+
+        if (isset($principal['{http://calendarserver.org/ns/}email-address-set'])) {
+            foreach ($principal['{http://calendarserver.org/ns/}email-address-set'] as $address) {
+                if (str_starts_with($address, 'mailto:')) {
+                    $emailAddresses[] = substr($address, 7);
+                }
+            }
+        }
+
+        return array_values(array_unique($emailAddresses));
+    }
 }

apps/dav/lib/Connector/Sabre/Directory.php

Indentation +449 added lines, -449 removed lines

@@ -40,453 +40,453 @@
 use Sabre\DAV\INode;
 
 class Directory extends Node implements \Sabre\DAV\ICollection, \Sabre\DAV\IQuota, \Sabre\DAV\IMoveTarget, \Sabre\DAV\ICopyTarget {
-	/**
-	 * Cached directory content
-	 * @var FileInfo[]
-	 */
-	private ?array $dirContent = null;
-
-	/** Cached quota info */
-	private ?array $quotaInfo = null;
-
-	/**
-	 * Sets up the node, expects a full path name
-	 */
-	public function __construct(
-		View $view,
-		FileInfo $info,
-		private ?CachingTree $tree = null,
-		?IShareManager $shareManager = null,
-	) {
-		parent::__construct($view, $info, $shareManager);
-	}
-
-	/**
-	 * Creates a new file in the directory
-	 *
-	 * Data will either be supplied as a stream resource, or in certain cases
-	 * as a string. Keep in mind that you may have to support either.
-	 *
-	 * After successful creation of the file, you may choose to return the ETag
-	 * of the new file here.
-	 *
-	 * The returned ETag must be surrounded by double-quotes (The quotes should
-	 * be part of the actual string).
-	 *
-	 * If you cannot accurately determine the ETag, you should not return it.
-	 * If you don't store the file exactly as-is (you're transforming it
-	 * somehow) you should also not return an ETag.
-	 *
-	 * This means that if a subsequent GET to this new file does not exactly
-	 * return the same contents of what was submitted here, you are strongly
-	 * recommended to omit the ETag.
-	 *
-	 * @param string $name Name of the file
-	 * @param resource|string $data Initial payload
-	 * @return null|string
-	 * @throws Exception\EntityTooLarge
-	 * @throws Exception\UnsupportedMediaType
-	 * @throws FileLocked
-	 * @throws InvalidPath
-	 * @throws \Sabre\DAV\Exception
-	 * @throws \Sabre\DAV\Exception\BadRequest
-	 * @throws \Sabre\DAV\Exception\Forbidden
-	 * @throws \Sabre\DAV\Exception\ServiceUnavailable
-	 */
-	public function createFile($name, $data = null) {
-		try {
-			if (!$this->fileView->isCreatable($this->path)) {
-				throw new \Sabre\DAV\Exception\Forbidden();
-			}
-
-			$this->fileView->verifyPath($this->path, $name);
-
-			$path = $this->fileView->getAbsolutePath($this->path) . '/' . $name;
-			// in case the file already exists/overwriting
-			$info = $this->fileView->getFileInfo($this->path . '/' . $name);
-			if (!$info) {
-				// use a dummy FileInfo which is acceptable here since it will be refreshed after the put is complete
-				$info = new \OC\Files\FileInfo($path, null, null, [
-					'type' => FileInfo::TYPE_FILE
-				], null);
-			}
-			$node = new File($this->fileView, $info);
-
-			// only allow 1 process to upload a file at once but still allow reading the file while writing the part file
-			$node->acquireLock(ILockingProvider::LOCK_SHARED);
-			$this->fileView->lockFile($this->path . '/' . $name . '.upload.part', ILockingProvider::LOCK_EXCLUSIVE);
-
-			$result = $node->put($data);
-
-			$this->fileView->unlockFile($this->path . '/' . $name . '.upload.part', ILockingProvider::LOCK_EXCLUSIVE);
-			$node->releaseLock(ILockingProvider::LOCK_SHARED);
-			return $result;
-		} catch (StorageNotAvailableException $e) {
-			throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage(), $e->getCode(), $e);
-		} catch (InvalidPathException $ex) {
-			throw new InvalidPath($ex->getMessage(), false, $ex);
-		} catch (ForbiddenException $ex) {
-			throw new Forbidden($ex->getMessage(), $ex->getRetry(), $ex);
-		} catch (LockedException $e) {
-			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
-		}
-	}
-
-	/**
-	 * Creates a new subdirectory
-	 *
-	 * @param string $name
-	 * @throws FileLocked
-	 * @throws InvalidPath
-	 * @throws \Sabre\DAV\Exception\Forbidden
-	 * @throws \Sabre\DAV\Exception\ServiceUnavailable
-	 */
-	public function createDirectory($name) {
-		try {
-			if (!$this->info->isCreatable()) {
-				throw new \Sabre\DAV\Exception\Forbidden();
-			}
-
-			$this->fileView->verifyPath($this->path, $name);
-			$newPath = $this->path . '/' . $name;
-			if (!$this->fileView->mkdir($newPath)) {
-				throw new \Sabre\DAV\Exception\Forbidden('Could not create directory ' . $newPath);
-			}
-		} catch (StorageNotAvailableException $e) {
-			throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage(), 0, $e);
-		} catch (InvalidPathException $ex) {
-			throw new InvalidPath($ex->getMessage(), false, $ex);
-		} catch (ForbiddenException $ex) {
-			throw new Forbidden($ex->getMessage(), $ex->getRetry(), $ex);
-		} catch (LockedException $e) {
-			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
-		}
-	}
-
-	/**
-	 * Returns a specific child node, referenced by its name
-	 *
-	 * @param string $name
-	 * @param FileInfo $info
-	 * @return \Sabre\DAV\INode
-	 * @throws InvalidPath
-	 * @throws \Sabre\DAV\Exception\NotFound
-	 * @throws \Sabre\DAV\Exception\ServiceUnavailable
-	 */
-	public function getChild($name, $info = null, ?IRequest $request = null, ?IL10N $l10n = null) {
-		$storage = $this->info->getStorage();
-		$allowDirectory = false;
-		if ($storage instanceof PublicShareWrapper) {
-			$share = $storage->getShare();
-			$allowDirectory =
-				// Only allow directories for file drops
-				($share->getPermissions() & Constants::PERMISSION_READ) !== Constants::PERMISSION_READ &&
-				// And only allow it for directories which are a direct child of the share root
-				$this->info->getId() === $share->getNodeId();
-		}
-
-		// For file drop we need to be allowed to read the directory with the nickname
-		if (!$allowDirectory && !$this->info->isReadable()) {
-			// avoid detecting files through this way
-			throw new NotFound();
-		}
-
-		$path = $this->path . '/' . $name;
-		if (is_null($info)) {
-			try {
-				$this->fileView->verifyPath($this->path, $name, true);
-				$info = $this->fileView->getFileInfo($path);
-			} catch (StorageNotAvailableException $e) {
-				throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage(), 0, $e);
-			} catch (InvalidPathException $ex) {
-				throw new InvalidPath($ex->getMessage(), false, $ex);
-			} catch (ForbiddenException $e) {
-				throw new \Sabre\DAV\Exception\Forbidden($e->getMessage(), $e->getCode(), $e);
-			}
-		}
-
-		if (!$info) {
-			throw new \Sabre\DAV\Exception\NotFound('File with name ' . $path . ' could not be located');
-		}
-
-		if ($info->getMimeType() === FileInfo::MIMETYPE_FOLDER) {
-			$node = new \OCA\DAV\Connector\Sabre\Directory($this->fileView, $info, $this->tree, $this->shareManager);
-		} else {
-			// In case reading a directory was allowed but it turns out the node was a not a directory, reject it now.
-			if (!$this->info->isReadable()) {
-				throw new NotFound();
-			}
-
-			$node = new File($this->fileView, $info, $this->shareManager, $request, $l10n);
-		}
-		if ($this->tree) {
-			$this->tree->cacheNode($node);
-		}
-		return $node;
-	}
-
-	/**
-	 * Returns an array with all the child nodes
-	 *
-	 * @return \Sabre\DAV\INode[]
-	 * @throws \Sabre\DAV\Exception\Locked
-	 * @throws Forbidden
-	 */
-	public function getChildren() {
-		if (!is_null($this->dirContent)) {
-			return $this->dirContent;
-		}
-		try {
-			if (!$this->info->isReadable()) {
-				// return 403 instead of 404 because a 404 would make
-				// the caller believe that the collection itself does not exist
-				if (Server::get(IAppManager::class)->isEnabledForAnyone('files_accesscontrol')) {
-					throw new Forbidden('No read permissions. This might be caused by files_accesscontrol, check your configured rules');
-				} else {
-					throw new Forbidden('No read permissions');
-				}
-			}
-			$folderContent = $this->getNode()->getDirectoryListing();
-		} catch (LockedException $e) {
-			throw new Locked();
-		}
-
-		$nodes = [];
-		$request = Server::get(IRequest::class);
-		$l10nFactory = Server::get(IFactory::class);
-		$l10n = $l10nFactory->get(Application::APP_ID);
-		foreach ($folderContent as $info) {
-			$node = $this->getChild($info->getName(), $info, $request, $l10n);
-			$nodes[] = $node;
-		}
-		$this->dirContent = $nodes;
-		return $this->dirContent;
-	}
-
-	/**
-	 * Checks if a child exists.
-	 *
-	 * @param string $name
-	 * @return bool
-	 */
-	public function childExists($name) {
-		// note: here we do NOT resolve the chunk file name to the real file name
-		// to make sure we return false when checking for file existence with a chunk
-		// file name.
-		// This is to make sure that "createFile" is still triggered
-		// (required old code) instead of "updateFile".
-		//
-		// TODO: resolve chunk file name here and implement "updateFile"
-		$path = $this->path . '/' . $name;
-		return $this->fileView->file_exists($path);
-	}
-
-	/**
-	 * Deletes all files in this directory, and then itself
-	 *
-	 * @return void
-	 * @throws FileLocked
-	 * @throws \Sabre\DAV\Exception\Forbidden
-	 */
-	public function delete() {
-		if ($this->path === '' || $this->path === '/' || !$this->info->isDeletable()) {
-			throw new \Sabre\DAV\Exception\Forbidden();
-		}
-
-		try {
-			if (!$this->fileView->rmdir($this->path)) {
-				// assume it wasn't possible to remove due to permission issue
-				throw new \Sabre\DAV\Exception\Forbidden();
-			}
-		} catch (ForbiddenException $ex) {
-			throw new Forbidden($ex->getMessage(), $ex->getRetry());
-		} catch (LockedException $e) {
-			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
-		}
-	}
-
-	private function getLogger(): LoggerInterface {
-		return Server::get(LoggerInterface::class);
-	}
-
-	/**
-	 * Returns available diskspace information
-	 *
-	 * @return array
-	 */
-	public function getQuotaInfo() {
-		if ($this->quotaInfo) {
-			return $this->quotaInfo;
-		}
-		$relativePath = $this->fileView->getRelativePath($this->info->getPath());
-		if ($relativePath === null) {
-			$this->getLogger()->warning('error while getting quota as the relative path cannot be found');
-			return [0, 0];
-		}
-
-		try {
-			$storageInfo = \OC_Helper::getStorageInfo($relativePath, $this->info, false);
-			if ($storageInfo['quota'] === FileInfo::SPACE_UNLIMITED) {
-				$free = FileInfo::SPACE_UNLIMITED;
-			} else {
-				$free = $storageInfo['free'];
-			}
-			$this->quotaInfo = [
-				$storageInfo['used'],
-				$free
-			];
-			return $this->quotaInfo;
-		} catch (NotFoundException $e) {
-			$this->getLogger()->warning('error while getting quota into', ['exception' => $e]);
-			return [0, 0];
-		} catch (StorageNotAvailableException $e) {
-			$this->getLogger()->warning('error while getting quota into', ['exception' => $e]);
-			return [0, 0];
-		} catch (NotPermittedException $e) {
-			$this->getLogger()->warning('error while getting quota into', ['exception' => $e]);
-			return [0, 0];
-		}
-	}
-
-	/**
-	 * Moves a node into this collection.
-	 *
-	 * It is up to the implementors to:
-	 *   1. Create the new resource.
-	 *   2. Remove the old resource.
-	 *   3. Transfer any properties or other data.
-	 *
-	 * Generally you should make very sure that your collection can easily move
-	 * the move.
-	 *
-	 * If you don't, just return false, which will trigger sabre/dav to handle
-	 * the move itself. If you return true from this function, the assumption
-	 * is that the move was successful.
-	 *
-	 * @param string $targetName New local file/collection name.
-	 * @param string $fullSourcePath Full path to source node
-	 * @param INode $sourceNode Source node itself
-	 * @return bool
-	 * @throws BadRequest
-	 * @throws ServiceUnavailable
-	 * @throws Forbidden
-	 * @throws FileLocked
-	 * @throws \Sabre\DAV\Exception\Forbidden
-	 */
-	public function moveInto($targetName, $fullSourcePath, INode $sourceNode) {
-		if (!$sourceNode instanceof Node) {
-			// it's a file of another kind, like FutureFile
-			if ($sourceNode instanceof IFile) {
-				// fallback to default copy+delete handling
-				return false;
-			}
-			throw new BadRequest('Incompatible node types');
-		}
-
-		$destinationPath = $this->getPath() . '/' . $targetName;
-
-
-		$targetNodeExists = $this->childExists($targetName);
-
-		// at getNodeForPath we also check the path for isForbiddenFileOrDir
-		// with that we have covered both source and destination
-		if ($sourceNode instanceof Directory && $targetNodeExists) {
-			throw new \Sabre\DAV\Exception\Forbidden('Could not copy directory ' . $sourceNode->getName() . ', target exists');
-		}
-
-		[$sourceDir,] = \Sabre\Uri\split($sourceNode->getPath());
-		$destinationDir = $this->getPath();
-
-		$sourcePath = $sourceNode->getPath();
-
-		$isMovableMount = false;
-		$sourceMount = Server::get(IMountManager::class)->find($this->fileView->getAbsolutePath($sourcePath));
-		$internalPath = $sourceMount->getInternalPath($this->fileView->getAbsolutePath($sourcePath));
-		if ($sourceMount instanceof MoveableMount && $internalPath === '') {
-			$isMovableMount = true;
-		}
-
-		try {
-			$sameFolder = ($sourceDir === $destinationDir);
-			// if we're overwriting or same folder
-			if ($targetNodeExists || $sameFolder) {
-				// note that renaming a share mount point is always allowed
-				if (!$this->fileView->isUpdatable($destinationDir) && !$isMovableMount) {
-					throw new \Sabre\DAV\Exception\Forbidden();
-				}
-			} else {
-				if (!$this->fileView->isCreatable($destinationDir)) {
-					throw new \Sabre\DAV\Exception\Forbidden();
-				}
-			}
-
-			if (!$sameFolder) {
-				// moving to a different folder, source will be gone, like a deletion
-				// note that moving a share mount point is always allowed
-				if (!$this->fileView->isDeletable($sourcePath) && !$isMovableMount) {
-					throw new \Sabre\DAV\Exception\Forbidden();
-				}
-			}
-
-			$fileName = basename($destinationPath);
-			try {
-				$this->fileView->verifyPath($destinationDir, $fileName);
-			} catch (InvalidPathException $ex) {
-				throw new InvalidPath($ex->getMessage());
-			}
-
-			$renameOkay = $this->fileView->rename($sourcePath, $destinationPath);
-			if (!$renameOkay) {
-				throw new \Sabre\DAV\Exception\Forbidden('');
-			}
-		} catch (StorageNotAvailableException $e) {
-			throw new ServiceUnavailable($e->getMessage(), $e->getCode(), $e);
-		} catch (ForbiddenException $ex) {
-			throw new Forbidden($ex->getMessage(), $ex->getRetry(), $ex);
-		} catch (LockedException $e) {
-			throw new FileLocked($e->getMessage(), $e->getCode(), $e);
-		}
-
-		return true;
-	}
-
-
-	public function copyInto($targetName, $sourcePath, INode $sourceNode) {
-		if ($sourceNode instanceof File || $sourceNode instanceof Directory) {
-			try {
-				$destinationPath = $this->getPath() . '/' . $targetName;
-				$sourcePath = $sourceNode->getPath();
-
-				if (!$this->fileView->isCreatable($this->getPath())) {
-					throw new \Sabre\DAV\Exception\Forbidden();
-				}
-
-				try {
-					$this->fileView->verifyPath($this->getPath(), $targetName);
-				} catch (InvalidPathException $ex) {
-					throw new InvalidPath($ex->getMessage());
-				}
-
-				$copyOkay = $this->fileView->copy($sourcePath, $destinationPath);
-
-				if (!$copyOkay) {
-					throw new \Sabre\DAV\Exception\Forbidden('Copy did not proceed');
-				}
-
-				return true;
-			} catch (StorageNotAvailableException $e) {
-				throw new ServiceUnavailable($e->getMessage(), $e->getCode(), $e);
-			} catch (ForbiddenException $ex) {
-				throw new Forbidden($ex->getMessage(), $ex->getRetry(), $ex);
-			} catch (LockedException $e) {
-				throw new FileLocked($e->getMessage(), $e->getCode(), $e);
-			}
-		}
-
-		return false;
-	}
-
-	public function getNode(): Folder {
-		return $this->node;
-	}
+    /**
+     * Cached directory content
+     * @var FileInfo[]
+     */
+    private ?array $dirContent = null;
+
+    /** Cached quota info */
+    private ?array $quotaInfo = null;
+
+    /**
+     * Sets up the node, expects a full path name
+     */
+    public function __construct(
+        View $view,
+        FileInfo $info,
+        private ?CachingTree $tree = null,
+        ?IShareManager $shareManager = null,
+    ) {
+        parent::__construct($view, $info, $shareManager);
+    }
+
+    /**
+     * Creates a new file in the directory
+     *
+     * Data will either be supplied as a stream resource, or in certain cases
+     * as a string. Keep in mind that you may have to support either.
+     *
+     * After successful creation of the file, you may choose to return the ETag
+     * of the new file here.
+     *
+     * The returned ETag must be surrounded by double-quotes (The quotes should
+     * be part of the actual string).
+     *
+     * If you cannot accurately determine the ETag, you should not return it.
+     * If you don't store the file exactly as-is (you're transforming it
+     * somehow) you should also not return an ETag.
+     *
+     * This means that if a subsequent GET to this new file does not exactly
+     * return the same contents of what was submitted here, you are strongly
+     * recommended to omit the ETag.
+     *
+     * @param string $name Name of the file
+     * @param resource|string $data Initial payload
+     * @return null|string
+     * @throws Exception\EntityTooLarge
+     * @throws Exception\UnsupportedMediaType
+     * @throws FileLocked
+     * @throws InvalidPath
+     * @throws \Sabre\DAV\Exception
+     * @throws \Sabre\DAV\Exception\BadRequest
+     * @throws \Sabre\DAV\Exception\Forbidden
+     * @throws \Sabre\DAV\Exception\ServiceUnavailable
+     */
+    public function createFile($name, $data = null) {
+        try {
+            if (!$this->fileView->isCreatable($this->path)) {
+                throw new \Sabre\DAV\Exception\Forbidden();
+            }
+
+            $this->fileView->verifyPath($this->path, $name);
+
+            $path = $this->fileView->getAbsolutePath($this->path) . '/' . $name;
+            // in case the file already exists/overwriting
+            $info = $this->fileView->getFileInfo($this->path . '/' . $name);
+            if (!$info) {
+                // use a dummy FileInfo which is acceptable here since it will be refreshed after the put is complete
+                $info = new \OC\Files\FileInfo($path, null, null, [
+                    'type' => FileInfo::TYPE_FILE
+                ], null);
+            }
+            $node = new File($this->fileView, $info);
+
+            // only allow 1 process to upload a file at once but still allow reading the file while writing the part file
+            $node->acquireLock(ILockingProvider::LOCK_SHARED);
+            $this->fileView->lockFile($this->path . '/' . $name . '.upload.part', ILockingProvider::LOCK_EXCLUSIVE);
+
+            $result = $node->put($data);
+
+            $this->fileView->unlockFile($this->path . '/' . $name . '.upload.part', ILockingProvider::LOCK_EXCLUSIVE);
+            $node->releaseLock(ILockingProvider::LOCK_SHARED);
+            return $result;
+        } catch (StorageNotAvailableException $e) {
+            throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage(), $e->getCode(), $e);
+        } catch (InvalidPathException $ex) {
+            throw new InvalidPath($ex->getMessage(), false, $ex);
+        } catch (ForbiddenException $ex) {
+            throw new Forbidden($ex->getMessage(), $ex->getRetry(), $ex);
+        } catch (LockedException $e) {
+            throw new FileLocked($e->getMessage(), $e->getCode(), $e);
+        }
+    }
+
+    /**
+     * Creates a new subdirectory
+     *
+     * @param string $name
+     * @throws FileLocked
+     * @throws InvalidPath
+     * @throws \Sabre\DAV\Exception\Forbidden
+     * @throws \Sabre\DAV\Exception\ServiceUnavailable
+     */
+    public function createDirectory($name) {
+        try {
+            if (!$this->info->isCreatable()) {
+                throw new \Sabre\DAV\Exception\Forbidden();
+            }
+
+            $this->fileView->verifyPath($this->path, $name);
+            $newPath = $this->path . '/' . $name;
+            if (!$this->fileView->mkdir($newPath)) {
+                throw new \Sabre\DAV\Exception\Forbidden('Could not create directory ' . $newPath);
+            }
+        } catch (StorageNotAvailableException $e) {
+            throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage(), 0, $e);
+        } catch (InvalidPathException $ex) {
+            throw new InvalidPath($ex->getMessage(), false, $ex);
+        } catch (ForbiddenException $ex) {
+            throw new Forbidden($ex->getMessage(), $ex->getRetry(), $ex);
+        } catch (LockedException $e) {
+            throw new FileLocked($e->getMessage(), $e->getCode(), $e);
+        }
+    }
+
+    /**
+     * Returns a specific child node, referenced by its name
+     *
+     * @param string $name
+     * @param FileInfo $info
+     * @return \Sabre\DAV\INode
+     * @throws InvalidPath
+     * @throws \Sabre\DAV\Exception\NotFound
+     * @throws \Sabre\DAV\Exception\ServiceUnavailable
+     */
+    public function getChild($name, $info = null, ?IRequest $request = null, ?IL10N $l10n = null) {
+        $storage = $this->info->getStorage();
+        $allowDirectory = false;
+        if ($storage instanceof PublicShareWrapper) {
+            $share = $storage->getShare();
+            $allowDirectory =
+                // Only allow directories for file drops
+                ($share->getPermissions() & Constants::PERMISSION_READ) !== Constants::PERMISSION_READ &&
+                // And only allow it for directories which are a direct child of the share root
+                $this->info->getId() === $share->getNodeId();
+        }
+
+        // For file drop we need to be allowed to read the directory with the nickname
+        if (!$allowDirectory && !$this->info->isReadable()) {
+            // avoid detecting files through this way
+            throw new NotFound();
+        }
+
+        $path = $this->path . '/' . $name;
+        if (is_null($info)) {
+            try {
+                $this->fileView->verifyPath($this->path, $name, true);
+                $info = $this->fileView->getFileInfo($path);
+            } catch (StorageNotAvailableException $e) {
+                throw new \Sabre\DAV\Exception\ServiceUnavailable($e->getMessage(), 0, $e);
+            } catch (InvalidPathException $ex) {
+                throw new InvalidPath($ex->getMessage(), false, $ex);
+            } catch (ForbiddenException $e) {
+                throw new \Sabre\DAV\Exception\Forbidden($e->getMessage(), $e->getCode(), $e);
+            }
+        }
+
+        if (!$info) {
+            throw new \Sabre\DAV\Exception\NotFound('File with name ' . $path . ' could not be located');
+        }
+
+        if ($info->getMimeType() === FileInfo::MIMETYPE_FOLDER) {
+            $node = new \OCA\DAV\Connector\Sabre\Directory($this->fileView, $info, $this->tree, $this->shareManager);
+        } else {
+            // In case reading a directory was allowed but it turns out the node was a not a directory, reject it now.
+            if (!$this->info->isReadable()) {
+                throw new NotFound();
+            }
+
+            $node = new File($this->fileView, $info, $this->shareManager, $request, $l10n);
+        }
+        if ($this->tree) {
+            $this->tree->cacheNode($node);
+        }
+        return $node;
+    }
+
+    /**
+     * Returns an array with all the child nodes
+     *
+     * @return \Sabre\DAV\INode[]
+     * @throws \Sabre\DAV\Exception\Locked
+     * @throws Forbidden
+     */
+    public function getChildren() {
+        if (!is_null($this->dirContent)) {
+            return $this->dirContent;
+        }
+        try {
+            if (!$this->info->isReadable()) {
+                // return 403 instead of 404 because a 404 would make
+                // the caller believe that the collection itself does not exist
+                if (Server::get(IAppManager::class)->isEnabledForAnyone('files_accesscontrol')) {
+                    throw new Forbidden('No read permissions. This might be caused by files_accesscontrol, check your configured rules');
+                } else {
+                    throw new Forbidden('No read permissions');
+                }
+            }
+            $folderContent = $this->getNode()->getDirectoryListing();
+        } catch (LockedException $e) {
+            throw new Locked();
+        }
+
+        $nodes = [];
+        $request = Server::get(IRequest::class);
+        $l10nFactory = Server::get(IFactory::class);
+        $l10n = $l10nFactory->get(Application::APP_ID);
+        foreach ($folderContent as $info) {
+            $node = $this->getChild($info->getName(), $info, $request, $l10n);
+            $nodes[] = $node;
+        }
+        $this->dirContent = $nodes;
+        return $this->dirContent;
+    }
+
+    /**
+     * Checks if a child exists.
+     *
+     * @param string $name
+     * @return bool
+     */
+    public function childExists($name) {
+        // note: here we do NOT resolve the chunk file name to the real file name
+        // to make sure we return false when checking for file existence with a chunk
+        // file name.
+        // This is to make sure that "createFile" is still triggered
+        // (required old code) instead of "updateFile".
+        //
+        // TODO: resolve chunk file name here and implement "updateFile"
+        $path = $this->path . '/' . $name;
+        return $this->fileView->file_exists($path);
+    }
+
+    /**
+     * Deletes all files in this directory, and then itself
+     *
+     * @return void
+     * @throws FileLocked
+     * @throws \Sabre\DAV\Exception\Forbidden
+     */
+    public function delete() {
+        if ($this->path === '' || $this->path === '/' || !$this->info->isDeletable()) {
+            throw new \Sabre\DAV\Exception\Forbidden();
+        }
+
+        try {
+            if (!$this->fileView->rmdir($this->path)) {
+                // assume it wasn't possible to remove due to permission issue
+                throw new \Sabre\DAV\Exception\Forbidden();
+            }
+        } catch (ForbiddenException $ex) {
+            throw new Forbidden($ex->getMessage(), $ex->getRetry());
+        } catch (LockedException $e) {
+            throw new FileLocked($e->getMessage(), $e->getCode(), $e);
+        }
+    }
+
+    private function getLogger(): LoggerInterface {
+        return Server::get(LoggerInterface::class);
+    }
+
+    /**
+     * Returns available diskspace information
+     *
+     * @return array
+     */
+    public function getQuotaInfo() {
+        if ($this->quotaInfo) {
+            return $this->quotaInfo;
+        }
+        $relativePath = $this->fileView->getRelativePath($this->info->getPath());
+        if ($relativePath === null) {
+            $this->getLogger()->warning('error while getting quota as the relative path cannot be found');
+            return [0, 0];
+        }
+
+        try {
+            $storageInfo = \OC_Helper::getStorageInfo($relativePath, $this->info, false);
+            if ($storageInfo['quota'] === FileInfo::SPACE_UNLIMITED) {
+                $free = FileInfo::SPACE_UNLIMITED;
+            } else {
+                $free = $storageInfo['free'];
+            }
+            $this->quotaInfo = [
+                $storageInfo['used'],
+                $free
+            ];
+            return $this->quotaInfo;
+        } catch (NotFoundException $e) {
+            $this->getLogger()->warning('error while getting quota into', ['exception' => $e]);
+            return [0, 0];
+        } catch (StorageNotAvailableException $e) {
+            $this->getLogger()->warning('error while getting quota into', ['exception' => $e]);
+            return [0, 0];
+        } catch (NotPermittedException $e) {
+            $this->getLogger()->warning('error while getting quota into', ['exception' => $e]);
+            return [0, 0];
+        }
+    }
+
+    /**
+     * Moves a node into this collection.
+     *
+     * It is up to the implementors to:
+     *   1. Create the new resource.
+     *   2. Remove the old resource.
+     *   3. Transfer any properties or other data.
+     *
+     * Generally you should make very sure that your collection can easily move
+     * the move.
+     *
+     * If you don't, just return false, which will trigger sabre/dav to handle
+     * the move itself. If you return true from this function, the assumption
+     * is that the move was successful.
+     *
+     * @param string $targetName New local file/collection name.
+     * @param string $fullSourcePath Full path to source node
+     * @param INode $sourceNode Source node itself
+     * @return bool
+     * @throws BadRequest
+     * @throws ServiceUnavailable
+     * @throws Forbidden
+     * @throws FileLocked
+     * @throws \Sabre\DAV\Exception\Forbidden
+     */
+    public function moveInto($targetName, $fullSourcePath, INode $sourceNode) {
+        if (!$sourceNode instanceof Node) {
+            // it's a file of another kind, like FutureFile
+            if ($sourceNode instanceof IFile) {
+                // fallback to default copy+delete handling
+                return false;
+            }
+            throw new BadRequest('Incompatible node types');
+        }
+
+        $destinationPath = $this->getPath() . '/' . $targetName;
+
+
+        $targetNodeExists = $this->childExists($targetName);
+
+        // at getNodeForPath we also check the path for isForbiddenFileOrDir
+        // with that we have covered both source and destination
+        if ($sourceNode instanceof Directory && $targetNodeExists) {
+            throw new \Sabre\DAV\Exception\Forbidden('Could not copy directory ' . $sourceNode->getName() . ', target exists');
+        }
+
+        [$sourceDir,] = \Sabre\Uri\split($sourceNode->getPath());
+        $destinationDir = $this->getPath();
+
+        $sourcePath = $sourceNode->getPath();
+
+        $isMovableMount = false;
+        $sourceMount = Server::get(IMountManager::class)->find($this->fileView->getAbsolutePath($sourcePath));
+        $internalPath = $sourceMount->getInternalPath($this->fileView->getAbsolutePath($sourcePath));
+        if ($sourceMount instanceof MoveableMount && $internalPath === '') {
+            $isMovableMount = true;
+        }
+
+        try {
+            $sameFolder = ($sourceDir === $destinationDir);
+            // if we're overwriting or same folder
+            if ($targetNodeExists || $sameFolder) {
+                // note that renaming a share mount point is always allowed
+                if (!$this->fileView->isUpdatable($destinationDir) && !$isMovableMount) {
+                    throw new \Sabre\DAV\Exception\Forbidden();
+                }
+            } else {
+                if (!$this->fileView->isCreatable($destinationDir)) {
+                    throw new \Sabre\DAV\Exception\Forbidden();
+                }
+            }
+
+            if (!$sameFolder) {
+                // moving to a different folder, source will be gone, like a deletion
+                // note that moving a share mount point is always allowed
+                if (!$this->fileView->isDeletable($sourcePath) && !$isMovableMount) {
+                    throw new \Sabre\DAV\Exception\Forbidden();
+                }
+            }
+
+            $fileName = basename($destinationPath);
+            try {
+                $this->fileView->verifyPath($destinationDir, $fileName);
+            } catch (InvalidPathException $ex) {
+                throw new InvalidPath($ex->getMessage());
+            }
+
+            $renameOkay = $this->fileView->rename($sourcePath, $destinationPath);
+            if (!$renameOkay) {
+                throw new \Sabre\DAV\Exception\Forbidden('');
+            }
+        } catch (StorageNotAvailableException $e) {
+            throw new ServiceUnavailable($e->getMessage(), $e->getCode(), $e);
+        } catch (ForbiddenException $ex) {
+            throw new Forbidden($ex->getMessage(), $ex->getRetry(), $ex);
+        } catch (LockedException $e) {
+            throw new FileLocked($e->getMessage(), $e->getCode(), $e);
+        }
+
+        return true;
+    }
+
+
+    public function copyInto($targetName, $sourcePath, INode $sourceNode) {
+        if ($sourceNode instanceof File || $sourceNode instanceof Directory) {
+            try {
+                $destinationPath = $this->getPath() . '/' . $targetName;
+                $sourcePath = $sourceNode->getPath();
+
+                if (!$this->fileView->isCreatable($this->getPath())) {
+                    throw new \Sabre\DAV\Exception\Forbidden();
+                }
+
+                try {
+                    $this->fileView->verifyPath($this->getPath(), $targetName);
+                } catch (InvalidPathException $ex) {
+                    throw new InvalidPath($ex->getMessage());
+                }
+
+                $copyOkay = $this->fileView->copy($sourcePath, $destinationPath);
+
+                if (!$copyOkay) {
+                    throw new \Sabre\DAV\Exception\Forbidden('Copy did not proceed');
+                }
+
+                return true;
+            } catch (StorageNotAvailableException $e) {
+                throw new ServiceUnavailable($e->getMessage(), $e->getCode(), $e);
+            } catch (ForbiddenException $ex) {
+                throw new Forbidden($ex->getMessage(), $ex->getRetry(), $ex);
+            } catch (LockedException $e) {
+                throw new FileLocked($e->getMessage(), $e->getCode(), $e);
+            }
+        }
+
+        return false;
+    }
+
+    public function getNode(): Folder {
+        return $this->node;
+    }
 }

apps/dav/lib/Files/Sharing/FilesDropPlugin.php

Indentation +71 added lines, -71 removed lines

@@ -17,76 +17,76 @@
  */
 class FilesDropPlugin extends ServerPlugin {
 
-	private ?View $view = null;
-	private ?IShare $share = null;
-	private bool $enabled = false;
-
-	public function setView(View $view): void {
-		$this->view = $view;
-	}
-
-	public function setShare(IShare $share): void {
-		$this->share = $share;
-	}
-
-	public function enable(): void {
-		$this->enabled = true;
-	}
-
-
-	/**
-	 * This initializes the plugin.
-	 *
-	 * @param \Sabre\DAV\Server $server Sabre server
-	 *
-	 * @return void
-	 * @throws MethodNotAllowed
-	 */
-	public function initialize(\Sabre\DAV\Server $server): void {
-		$server->on('beforeMethod:*', [$this, 'beforeMethod'], 999);
-		$this->enabled = false;
-	}
-
-	public function beforeMethod(RequestInterface $request, ResponseInterface $response): void {
-		if (!$this->enabled || $this->share === null || $this->view === null) {
-			return;
-		}
-
-		// Only allow file drop
-		if ($request->getMethod() !== 'PUT') {
-			throw new MethodNotAllowed('Only PUT is allowed on files drop');
-		}
-
-		// Always upload at the root level
-		$path = explode('/', $request->getPath());
-		$path = array_pop($path);
-
-		// Extract the attributes for the file request
-		$isFileRequest = false;
-		$attributes = $this->share->getAttributes();
-		$nickName = $request->hasHeader('X-NC-Nickname') ? urldecode($request->getHeader('X-NC-Nickname')) : null;
-		if ($attributes !== null) {
-			$isFileRequest = $attributes->getAttribute('fileRequest', 'enabled') === true;
-		}
-
-		// We need a valid nickname for file requests
-		if ($isFileRequest && ($nickName == null || trim($nickName) === '')) {
-			throw new MethodNotAllowed('Nickname is required for file requests');
-		}
-
-		// If this is a file request we need to create a folder for the user
-		if ($isFileRequest) {
-			// Check if the folder already exists
-			if (!($this->view->file_exists($nickName) === true)) {
-				$this->view->mkdir($nickName);
-			}
-			// Put all files in the subfolder
-			$path = $nickName . '/' . $path;
-		}
-
-		$newName = \OC_Helper::buildNotExistingFileNameForView('/', $path, $this->view);
-		$url = $request->getBaseUrl() . '/files/' . $this->share->getToken() . $newName;
-		$request->setUrl($url);
-	}
+    private ?View $view = null;
+    private ?IShare $share = null;
+    private bool $enabled = false;
+
+    public function setView(View $view): void {
+        $this->view = $view;
+    }
+
+    public function setShare(IShare $share): void {
+        $this->share = $share;
+    }
+
+    public function enable(): void {
+        $this->enabled = true;
+    }
+
+
+    /**
+     * This initializes the plugin.
+     *
+     * @param \Sabre\DAV\Server $server Sabre server
+     *
+     * @return void
+     * @throws MethodNotAllowed
+     */
+    public function initialize(\Sabre\DAV\Server $server): void {
+        $server->on('beforeMethod:*', [$this, 'beforeMethod'], 999);
+        $this->enabled = false;
+    }
+
+    public function beforeMethod(RequestInterface $request, ResponseInterface $response): void {
+        if (!$this->enabled || $this->share === null || $this->view === null) {
+            return;
+        }
+
+        // Only allow file drop
+        if ($request->getMethod() !== 'PUT') {
+            throw new MethodNotAllowed('Only PUT is allowed on files drop');
+        }
+
+        // Always upload at the root level
+        $path = explode('/', $request->getPath());
+        $path = array_pop($path);
+
+        // Extract the attributes for the file request
+        $isFileRequest = false;
+        $attributes = $this->share->getAttributes();
+        $nickName = $request->hasHeader('X-NC-Nickname') ? urldecode($request->getHeader('X-NC-Nickname')) : null;
+        if ($attributes !== null) {
+            $isFileRequest = $attributes->getAttribute('fileRequest', 'enabled') === true;
+        }
+
+        // We need a valid nickname for file requests
+        if ($isFileRequest && ($nickName == null || trim($nickName) === '')) {
+            throw new MethodNotAllowed('Nickname is required for file requests');
+        }
+
+        // If this is a file request we need to create a folder for the user
+        if ($isFileRequest) {
+            // Check if the folder already exists
+            if (!($this->view->file_exists($nickName) === true)) {
+                $this->view->mkdir($nickName);
+            }
+            // Put all files in the subfolder
+            $path = $nickName . '/' . $path;
+        }
+
+        $newName = \OC_Helper::buildNotExistingFileNameForView('/', $path, $this->view);
+        $url = $request->getBaseUrl() . '/files/' . $this->share->getToken() . $newName;
+        $request->setUrl($url);
+    }
 
 }

apps/dav/lib/Files/Sharing/RootCollection.php

Indentation +13 added lines, -13 removed lines

@@ -14,19 +14,19 @@
 use Sabre\DAVACL\PrincipalBackend\BackendInterface;
 
 class RootCollection extends AbstractPrincipalCollection {
-	public function __construct(
-		private INode $root,
-		BackendInterface $principalBackend,
-		string $principalPrefix = 'principals',
-	) {
-		parent::__construct($principalBackend, $principalPrefix);
-	}
+    public function __construct(
+        private INode $root,
+        BackendInterface $principalBackend,
+        string $principalPrefix = 'principals',
+    ) {
+        parent::__construct($principalBackend, $principalPrefix);
+    }
 
-	public function getChildForPrincipal(array $principalInfo): INode {
-		return $this->root;
-	}
+    public function getChildForPrincipal(array $principalInfo): INode {
+        return $this->root;
+    }
 
-	public function getName() {
-		return 'files';
-	}
+    public function getName() {
+        return 'files';
+    }
 }

apps/dav/lib/Upload/UploadHome.php

Indentation +100 added lines, -100 removed lines

@@ -17,104 +17,104 @@
 use Sabre\DAV\ICollection;
 
 class UploadHome implements ICollection {
-	private string $uid;
-	private ?Folder $uploadFolder = null;
-
-	public function __construct(
-		private readonly array $principalInfo,
-		private readonly CleanupService $cleanupService,
-		private readonly IRootFolder $rootFolder,
-		private readonly IUserSession $userSession,
-		private readonly \OCP\Share\IManager $shareManager,
-	) {
-		[$prefix, $name] = \Sabre\Uri\split($principalInfo['uri']);
-		if ($prefix === 'principals/shares') {
-			$this->uid = $this->shareManager->getShareByToken($name)->getShareOwner();
-		} else {
-			$user = $this->userSession->getUser();
-			if (!$user) {
-				throw new Forbidden('Not logged in');
-			}
-
-			$this->uid = $user->getUID();
-		}
-	}
-
-	public function createFile($name, $data = null) {
-		throw new Forbidden('Permission denied to create file (filename ' . $name . ')');
-	}
-
-	public function createDirectory($name) {
-		$this->impl()->createDirectory($name);
-
-		// Add a cleanup job
-		$this->cleanupService->addJob($this->uid, $name);
-	}
-
-	public function getChild($name): UploadFolder {
-		return new UploadFolder(
-			$this->impl()->getChild($name),
-			$this->cleanupService,
-			$this->getStorage(),
-			$this->uid,
-		);
-	}
-
-	public function getChildren(): array {
-		return array_map(function ($node) {
-			return new UploadFolder(
-				$node,
-				$this->cleanupService,
-				$this->getStorage(),
-				$this->uid,
-			);
-		}, $this->impl()->getChildren());
-	}
-
-	public function childExists($name): bool {
-		return !is_null($this->getChild($name));
-	}
-
-	public function delete() {
-		$this->impl()->delete();
-	}
-
-	public function getName() {
-		[,$name] = \Sabre\Uri\split($this->principalInfo['uri']);
-		return $name;
-	}
-
-	public function setName($name) {
-		throw new Forbidden('Permission denied to rename this folder');
-	}
-
-	public function getLastModified() {
-		return $this->impl()->getLastModified();
-	}
-
-	private function getUploadFolder(): Folder {
-		if ($this->uploadFolder === null) {
-			$path = '/' . $this->uid . '/uploads';
-			try {
-				$folder = $this->rootFolder->get($path);
-				if (!$folder instanceof Folder) {
-					throw new \Exception('Upload folder is a file');
-				}
-				$this->uploadFolder = $folder;
-			} catch (NotFoundException $e) {
-				$this->uploadFolder = $this->rootFolder->newFolder($path);
-			}
-		}
-		return $this->uploadFolder;
-	}
-
-	private function impl(): Directory {
-		$folder = $this->getUploadFolder();
-		$view = new View($folder->getPath());
-		return new Directory($view, $folder);
-	}
-
-	private function getStorage() {
-		return $this->getUploadFolder()->getStorage();
-	}
+    private string $uid;
+    private ?Folder $uploadFolder = null;
+
+    public function __construct(
+        private readonly array $principalInfo,
+        private readonly CleanupService $cleanupService,
+        private readonly IRootFolder $rootFolder,
+        private readonly IUserSession $userSession,
+        private readonly \OCP\Share\IManager $shareManager,
+    ) {
+        [$prefix, $name] = \Sabre\Uri\split($principalInfo['uri']);
+        if ($prefix === 'principals/shares') {
+            $this->uid = $this->shareManager->getShareByToken($name)->getShareOwner();
+        } else {
+            $user = $this->userSession->getUser();
+            if (!$user) {
+                throw new Forbidden('Not logged in');
+            }
+
+            $this->uid = $user->getUID();
+        }
+    }
+
+    public function createFile($name, $data = null) {
+        throw new Forbidden('Permission denied to create file (filename ' . $name . ')');
+    }
+
+    public function createDirectory($name) {
+        $this->impl()->createDirectory($name);
+
+        // Add a cleanup job
+        $this->cleanupService->addJob($this->uid, $name);
+    }
+
+    public function getChild($name): UploadFolder {
+        return new UploadFolder(
+            $this->impl()->getChild($name),
+            $this->cleanupService,
+            $this->getStorage(),
+            $this->uid,
+        );
+    }
+
+    public function getChildren(): array {
+        return array_map(function ($node) {
+            return new UploadFolder(
+                $node,
+                $this->cleanupService,
+                $this->getStorage(),
+                $this->uid,
+            );
+        }, $this->impl()->getChildren());
+    }
+
+    public function childExists($name): bool {
+        return !is_null($this->getChild($name));
+    }
+
+    public function delete() {
+        $this->impl()->delete();
+    }
+
+    public function getName() {
+        [,$name] = \Sabre\Uri\split($this->principalInfo['uri']);
+        return $name;
+    }
+
+    public function setName($name) {
+        throw new Forbidden('Permission denied to rename this folder');
+    }
+
+    public function getLastModified() {
+        return $this->impl()->getLastModified();
+    }
+
+    private function getUploadFolder(): Folder {
+        if ($this->uploadFolder === null) {
+            $path = '/' . $this->uid . '/uploads';
+            try {
+                $folder = $this->rootFolder->get($path);
+                if (!$folder instanceof Folder) {
+                    throw new \Exception('Upload folder is a file');
+                }
+                $this->uploadFolder = $folder;
+            } catch (NotFoundException $e) {
+                $this->uploadFolder = $this->rootFolder->newFolder($path);
+            }
+        }
+        return $this->uploadFolder;
+    }
+
+    private function impl(): Directory {
+        $folder = $this->getUploadFolder();
+        $view = new View($folder->getPath());
+        return new Directory($view, $folder);
+    }
+
+    private function getStorage() {
+        return $this->getUploadFolder()->getStorage();
+    }
 }

apps/dav/lib/Upload/UploadFolder.php

Indentation +91 added lines, -91 removed lines

@@ -17,95 +17,95 @@
 use Sabre\DAV\ICollection;
 
 class UploadFolder implements ICollection {
-	public function __construct(
-		private Directory $node,
-		private CleanupService $cleanupService,
-		private IStorage $storage,
-		private string $uid,
-	) {
-	}
-
-	public function createFile($name, $data = null) {
-		// TODO: verify name - should be a simple number
-		try {
-			$this->node->createFile($name, $data);
-		} catch (\Exception $e) {
-			if ($this->node->childExists($name)) {
-				$child = $this->node->getChild($name);
-				$child->delete();
-			}
-			throw $e;
-		}
-	}
-
-	public function createDirectory($name) {
-		throw new Forbidden('Permission denied to create file (filename ' . $name . ')');
-	}
-
-	public function getChild($name) {
-		if ($name === '.file') {
-			return new FutureFile($this->node, '.file');
-		}
-		return new UploadFile($this->node->getChild($name));
-	}
-
-	public function getChildren() {
-		$tmpChildren = $this->node->getChildren();
-
-		$children = [];
-		$children[] = new FutureFile($this->node, '.file');
-
-		foreach ($tmpChildren as $child) {
-			$children[] = new UploadFile($child);
-		}
-
-		if ($this->storage->instanceOfStorage(ObjectStoreStorage::class)) {
-			/** @var ObjectStoreStorage $storage */
-			$objectStore = $this->storage->getObjectStore();
-			if ($objectStore instanceof IObjectStoreMultiPartUpload) {
-				$cache = Server::get(ICacheFactory::class)->createDistributed(ChunkingV2Plugin::CACHE_KEY);
-				$uploadSession = $cache->get($this->getName());
-				if ($uploadSession) {
-					$uploadId = $uploadSession[ChunkingV2Plugin::UPLOAD_ID];
-					$id = $uploadSession[ChunkingV2Plugin::UPLOAD_TARGET_ID];
-					$parts = $objectStore->getMultipartUploads($this->storage->getURN($id), $uploadId);
-					foreach ($parts as $part) {
-						$children[] = new PartFile($this->node, $part);
-					}
-				}
-			}
-		}
-
-		return $children;
-	}
-
-	public function childExists($name) {
-		if ($name === '.file') {
-			return true;
-		}
-		return $this->node->childExists($name);
-	}
-
-	public function delete() {
-		$this->node->delete();
-
-		// Background cleanup job is not needed anymore
-		$this->cleanupService->removeJob($this->uid, $this->getName());
-	}
-
-	public function getName() {
-		return $this->node->getName();
-	}
-
-	public function setName($name) {
-		throw new Forbidden('Permission denied to rename this folder');
-	}
-
-	public function getLastModified() {
-		return $this->node->getLastModified();
-	}
-
-	public function getStorage() {
-		return $this->storage;
-	}
+    public function __construct(
+        private Directory $node,
+        private CleanupService $cleanupService,
+        private IStorage $storage,
+        private string $uid,
+    ) {
+    }
+
+    public function createFile($name, $data = null) {
+        // TODO: verify name - should be a simple number
+        try {
+            $this->node->createFile($name, $data);
+        } catch (\Exception $e) {
+            if ($this->node->childExists($name)) {
+                $child = $this->node->getChild($name);
+                $child->delete();
+            }
+            throw $e;
+        }
+    }
+
+    public function createDirectory($name) {
+        throw new Forbidden('Permission denied to create file (filename ' . $name . ')');
+    }
+
+    public function getChild($name) {
+        if ($name === '.file') {
+            return new FutureFile($this->node, '.file');
+        }
+        return new UploadFile($this->node->getChild($name));
+    }
+
+    public function getChildren() {
+        $tmpChildren = $this->node->getChildren();
+
+        $children = [];
+        $children[] = new FutureFile($this->node, '.file');
+
+        foreach ($tmpChildren as $child) {
+            $children[] = new UploadFile($child);
+        }
+
+        if ($this->storage->instanceOfStorage(ObjectStoreStorage::class)) {
+            /** @var ObjectStoreStorage $storage */
+            $objectStore = $this->storage->getObjectStore();
+            if ($objectStore instanceof IObjectStoreMultiPartUpload) {
+                $cache = Server::get(ICacheFactory::class)->createDistributed(ChunkingV2Plugin::CACHE_KEY);
+                $uploadSession = $cache->get($this->getName());
+                if ($uploadSession) {
+                    $uploadId = $uploadSession[ChunkingV2Plugin::UPLOAD_ID];
+                    $id = $uploadSession[ChunkingV2Plugin::UPLOAD_TARGET_ID];
+                    $parts = $objectStore->getMultipartUploads($this->storage->getURN($id), $uploadId);
+                    foreach ($parts as $part) {
+                        $children[] = new PartFile($this->node, $part);
+                    }
+                }
+            }
+        }
+
+        return $children;
+    }
+
+    public function childExists($name) {
+        if ($name === '.file') {
+            return true;
+        }
+        return $this->node->childExists($name);
+    }
+
+    public function delete() {
+        $this->node->delete();
+
+        // Background cleanup job is not needed anymore
+        $this->cleanupService->removeJob($this->uid, $this->getName());
+    }
+
+    public function getName() {
+        return $this->node->getName();
+    }
+
+    public function setName($name) {
+        throw new Forbidden('Permission denied to rename this folder');
+    }
+
+    public function getLastModified() {
+        return $this->node->getLastModified();
+    }
+
+    public function getStorage() {
+        return $this->storage;
+    }
 }

apps/dav/lib/Upload/RootCollection.php

Indentation +28 added lines, -28 removed lines

@@ -17,34 +17,34 @@
 
 class RootCollection extends AbstractPrincipalCollection {
 
-	public function __construct(
-		PrincipalBackend\BackendInterface $principalBackend,
-		string $principalPrefix,
-		private CleanupService $cleanupService,
-		private IRootFolder $rootFolder,
-		private IUserSession $userSession,
-		private IManager $shareManager,
-	) {
-		parent::__construct($principalBackend, $principalPrefix);
-	}
+    public function __construct(
+        PrincipalBackend\BackendInterface $principalBackend,
+        string $principalPrefix,
+        private CleanupService $cleanupService,
+        private IRootFolder $rootFolder,
+        private IUserSession $userSession,
+        private IManager $shareManager,
+    ) {
+        parent::__construct($principalBackend, $principalPrefix);
+    }
 
-	/**
-	 * @inheritdoc
-	 */
-	public function getChildForPrincipal(array $principalInfo): UploadHome {
-		return new UploadHome(
-			$principalInfo,
-			$this->cleanupService,
-			$this->rootFolder,
-			$this->userSession,
-			$this->shareManager,
-		);
-	}
+    /**
+     * @inheritdoc
+     */
+    public function getChildForPrincipal(array $principalInfo): UploadHome {
+        return new UploadHome(
+            $principalInfo,
+            $this->cleanupService,
+            $this->rootFolder,
+            $this->userSession,
+            $this->shareManager,
+        );
+    }
 
-	/**
-	 * @inheritdoc
-	 */
-	public function getName(): string {
-		return 'uploads';
-	}
+    /**
+     * @inheritdoc
+     */
+    public function getName(): string {
+        return 'uploads';
+    }
 }

apps/dav/lib/Upload/CleanupService.php

Indentation +10 added lines, -10 removed lines

@@ -12,16 +12,16 @@
 use OCP\BackgroundJob\IJobList;
 
 class CleanupService {
-	public function __construct(
-		private IJobList $jobList,
-	) {
-	}
+    public function __construct(
+        private IJobList $jobList,
+    ) {
+    }
 
-	public function addJob(string $uid, string $folder) {
-		$this->jobList->add(UploadCleanup::class, ['uid' => $uid, 'folder' => $folder]);
-	}
+    public function addJob(string $uid, string $folder) {
+        $this->jobList->add(UploadCleanup::class, ['uid' => $uid, 'folder' => $folder]);
+    }
 
-	public function removeJob(string $uid, string $folder) {
-		$this->jobList->remove(UploadCleanup::class, ['uid' => $uid, 'folder' => $folder]);
-	}
+    public function removeJob(string $uid, string $folder) {
+        $this->jobList->remove(UploadCleanup::class, ['uid' => $uid, 'folder' => $folder]);
+    }
 }