mirror of
https://github.com/EGroupware/egroupware.git
synced 2024-12-22 06:30:59 +01:00
* CalDAV/OutlookSynchronizer: reject invitations when client deletes then without appropriate rights in his calendar
This commit is contained in:
parent
8590939709
commit
4c6e41d479
36
.travis.yml
36
.travis.yml
@ -13,25 +13,15 @@ matrix:
|
||||
|
||||
services:
|
||||
- memcached
|
||||
- mysql #we use mariadb instead installed via addons below
|
||||
- mysql
|
||||
# - postgres
|
||||
|
||||
#addons:
|
||||
# mariadb: '10.0'
|
||||
|
||||
sudo: required
|
||||
|
||||
before_script:
|
||||
- sudo apt-get update -qq
|
||||
- sudo apt-get install -y libpcre3-dev
|
||||
- sudo apt-get install -y libpcre3-dev apache2 libapache2-mod-fastcgi
|
||||
- case $(phpenv version-name) in
|
||||
"5.6")
|
||||
yes "" | pecl install memcache;
|
||||
yes "" | pecl install apcu-4.0.11;
|
||||
yes "" | pecl install igbinary;
|
||||
echo "extension=memcached.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini;
|
||||
phpenv config-rm xdebug.ini;
|
||||
;;
|
||||
"7"|"7.0"|"7.1"|"7.2")
|
||||
yes "" | pecl install apcu;
|
||||
echo "extension=memcached.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini;
|
||||
@ -41,15 +31,23 @@ before_script:
|
||||
echo "extension=memcached.so" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini;
|
||||
;;
|
||||
esac
|
||||
# enable apache with php-fpm see https://docs.travis-ci.com/user/languages/php/#apache--php
|
||||
- sudo cp ~/.phpenv/versions/$(phpenv version-name)/etc/php-fpm.conf.default ~/.phpenv/versions/$(phpenv version-name)/etc/php-fpm.conf
|
||||
- sudo a2enmod rewrite actions fastcgi alias
|
||||
- echo "cgi.fix_pathinfo = 1" >> ~/.phpenv/versions/$(phpenv version-name)/etc/php.ini
|
||||
- sudo sed -i -e "s,www-data,travis,g" /etc/apache2/envvars
|
||||
- sudo chown -R travis:travis /var/lib/apache2/fastcgi
|
||||
- ~/.phpenv/versions/$(phpenv version-name)/sbin/php-fpm
|
||||
# configure apache virtual hosts
|
||||
- sudo cp -f doc/travis-ci-apache.conf /etc/apache2/sites-available/000-default.conf
|
||||
- sudo sed -e "s?%TRAVIS_BUILD_DIR%?$(pwd)?g" --in-place /etc/apache2/sites-available/000-default.conf
|
||||
- sudo service apache2 restart
|
||||
- case $(phpenv version-name) in
|
||||
"5.6")
|
||||
composer require 'phpunit/phpunit:~5.7';
|
||||
;;
|
||||
"7"|"7.0")
|
||||
composer require 'phpunit/phpunit:~6';
|
||||
;;
|
||||
"7.2")
|
||||
composer require --ignore-platform-reqs 'phpunit/phpunit:~8';
|
||||
;;
|
||||
*)
|
||||
composer require --ignore-platform-reqs 'phpunit/phpunit:~7';
|
||||
composer require --ignore-platform-reqs 'phpunit/phpunit:~9';
|
||||
;;
|
||||
esac
|
||||
- php -m
|
||||
|
@ -983,7 +983,7 @@ class Accounts
|
||||
if (!is_array($app_users))
|
||||
{
|
||||
self::setup_cache();
|
||||
$cache = &self::$cache['account_split'][$app_user];
|
||||
$cache = &self::$cache['account_split'][$app_users];
|
||||
|
||||
if (is_array($cache))
|
||||
{
|
||||
|
@ -125,7 +125,7 @@ class Ldap
|
||||
*
|
||||
* @var Api\Accounts
|
||||
*/
|
||||
private $frontend;
|
||||
protected $frontend;
|
||||
|
||||
/**
|
||||
* Instance of the ldap class
|
||||
|
@ -769,9 +769,10 @@ class Cache
|
||||
if (is_null(Cache::$default_provider))
|
||||
{
|
||||
Cache::$default_provider =
|
||||
function_exists('apcu_fetch') && Cache\Apcu::available() ? 'EGroupware\Api\Cache\Apcu' :
|
||||
(function_exists('apc_fetch') && Cache\Apc::available() ? 'EGroupware\Api\Cache\Apc' :
|
||||
'EGroupware\Api\Cache\Files');
|
||||
PHP_SAPI === 'cli' ? 'EGroupware\Api\Cache\Files' :
|
||||
(function_exists('apcu_fetch') && Cache\Apcu::available() ? 'EGroupware\Api\Cache\Apcu' :
|
||||
(function_exists('apc_fetch') && Cache\Apc::available() ? 'EGroupware\Api\Cache\Apc' :
|
||||
'EGroupware\Api\Cache\Files'));
|
||||
}
|
||||
|
||||
//error_log('Cache::$default_provider='.array2string(Cache::$default_provider));
|
||||
|
@ -13,6 +13,9 @@
|
||||
|
||||
namespace EGroupware\Api\Cache;
|
||||
|
||||
// fix warning in tests, if memcache extension not available
|
||||
if (defined('MEMCACHE_COMPRESSED')) define('MEMCACHE_COMPRESSED', 2);
|
||||
|
||||
/**
|
||||
* Caching provider storing data in memcached via PHP's memcache extension
|
||||
*
|
||||
|
@ -1658,6 +1658,8 @@ class Session
|
||||
*/
|
||||
private static function set_cookiedomain()
|
||||
{
|
||||
if (PHP_SAPI === "cli") return; // gives warnings and has no benefit
|
||||
|
||||
if ($GLOBALS['egw_info']['server']['cookiedomain'])
|
||||
{
|
||||
// Admin set domain, eg. .domain.com to allow egw.domain.com and www.domain.com
|
||||
|
@ -395,7 +395,11 @@ class Translation
|
||||
static function &load_app($app,$lang)
|
||||
{
|
||||
//$start = microtime(true);
|
||||
if (is_null(self::$db)) self::init(false);
|
||||
if (!isset(self::$db))
|
||||
{
|
||||
self::init(false);
|
||||
if (!isset(self::$db)) return;
|
||||
}
|
||||
$loaded = array();
|
||||
foreach(self::$db->select(self::LANG_TABLE,'message_id,content',array(
|
||||
'lang' => $lang,
|
||||
|
375
api/tests/CalDAVTest.php
Normal file
375
api/tests/CalDAVTest.php
Normal file
@ -0,0 +1,375 @@
|
||||
<?php
|
||||
/**
|
||||
* CalDAV tests base class
|
||||
*
|
||||
* @link http://www.egroupware.org
|
||||
* @author Ralf Becker
|
||||
* @package api
|
||||
* @subpackage caldav
|
||||
* @copyright (c) 2020 by Ralf Becker <rb@egroupware.org>
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
*/
|
||||
|
||||
namespace EGroupware\Api;
|
||||
|
||||
// so tests can run standalone
|
||||
require_once __DIR__.'/../src/loader/common.php'; // autoloader
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
use GuzzleHttp\Client, GuzzleHttp\RequestOptions;
|
||||
use Horde_Icalendar, Horde_Icalendar_Exception;
|
||||
use Psr\Http\Message\ResponseInterface;
|
||||
|
||||
/**
|
||||
* Abstract CalDAVTest using GuzzleHttp\Client against EGroupware CalDAV/CardDAV server
|
||||
*
|
||||
* @see http://docs.guzzlephp.org/en/v6/quickstart.html
|
||||
*
|
||||
* @package EGroupware\Api
|
||||
*/
|
||||
abstract class CalDAVTest extends TestCase
|
||||
{
|
||||
/**
|
||||
* Base URL of CalDAV server
|
||||
*/
|
||||
const CALDAV_BASE = 'http://localhost/egroupware/groupdav.php';
|
||||
|
||||
/**
|
||||
* Get full URL for a CalDAV path
|
||||
*
|
||||
* @param string $path CalDAV path
|
||||
* @return string URL
|
||||
*/
|
||||
protected function url($path='/')
|
||||
{
|
||||
$base = self::CALDAV_BASE;
|
||||
if (!empty($GLOBALS['EGW_DOMAIN']) && $GLOBALS['EGW_DOMAIN'] !== 'default')
|
||||
{
|
||||
$base = str_replace('localhost', $GLOBALS['EGW_DOMAIN'], $base);
|
||||
}
|
||||
return $base.$path;
|
||||
}
|
||||
|
||||
/**
|
||||
* Default options for GuzzleHttp\Client
|
||||
*
|
||||
* @var array
|
||||
* @see http://docs.guzzlephp.org/en/v6/request-options.html
|
||||
*/
|
||||
protected $client_options = [
|
||||
RequestOptions::HTTP_ERRORS => false, // return all HTTP status, not throwing exceptions
|
||||
RequestOptions::HEADERS => [
|
||||
'Cookie' => 'XDEBUG_SESSION=PHPSTORM',
|
||||
//'User-Agent' => 'CalDAVSynchronizer',
|
||||
],
|
||||
];
|
||||
|
||||
/**
|
||||
* Get HTTP client for tests
|
||||
*
|
||||
* It will use by default the always existing user "demo" with password "guest" (use [] to NOT authenticate).
|
||||
* Additional users need to be created with $this->createUser("name").
|
||||
*
|
||||
* @param string|array $user_or_options ='demo' string with account_lid of user for authentication or array of options
|
||||
* @return Client
|
||||
* @see http://docs.guzzlephp.org/en/v6/request-options.html
|
||||
* @see http://docs.guzzlephp.org/en/v6/quickstart.html
|
||||
*/
|
||||
protected function getClient($user_or_options='demo')
|
||||
{
|
||||
if (!is_array($user_or_options))
|
||||
{
|
||||
$user_or_options = $this->auth($user_or_options);
|
||||
}
|
||||
return new Client(array_merge($this->client_options, $user_or_options));
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a number of users with optional ACL rights too
|
||||
*
|
||||
* Example with boss granting secretary full rights on his calendar, plus one other user:
|
||||
*
|
||||
* $this->users = [
|
||||
* 'boss' => [],
|
||||
* 'secretary' => ['rights' => ['boss' => Acl::READ|Acl::ADD|Acl::EDIT|Acl::DELETE]],
|
||||
* 'other' => [],
|
||||
* ];
|
||||
* $this->createUsersACL($this->users);
|
||||
*
|
||||
* @param array& $users $account_lid => array with values for keys with (defaults) "firstname" ($_acount_lid), "lastname" ("User"),
|
||||
* "email" ("$_account_lid@example.org"), "password" (random string), "primary_group" ("NoGroups" to not set rights)
|
||||
* "rights" array with $grantee => $rights pairs (need to be created before!)
|
||||
* @param string $app app to create the rights for, default "calendar"
|
||||
* @throws \Exception
|
||||
*/
|
||||
protected function createUsersACL(array &$users, $app='calendar')
|
||||
{
|
||||
foreach($users as $user => $data)
|
||||
{
|
||||
$data['id'] = $this->createUser($user, $data);
|
||||
|
||||
foreach($data['rights'] ?? [] as $grantee => $rights)
|
||||
{
|
||||
$this->addAcl('calendar', $data['id'], $grantee, $rights);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Array to track created users for tearDown and authentication
|
||||
*
|
||||
* @var array $account_lid => array with other data pairs
|
||||
*/
|
||||
private $created_users = [];
|
||||
|
||||
/**
|
||||
* Create a user
|
||||
*
|
||||
* Created users are automatic deleted in tearDown() and can be passed to auth() or getClient() methods.
|
||||
* Users have random passwords to force new/different sessions!
|
||||
*
|
||||
* @param string $_account_lid
|
||||
* @param array& $data =[] values for keys with (defaults) "firstname" ($_acount_lid), "lastname" ("User"),
|
||||
* "email" ("$_account_lid@example.org"), "password" (random string), "primary_group" ("NoGroups" to not set rights)
|
||||
* on return: with defaults set
|
||||
* @return int account_id of created user
|
||||
* @throws \Exception
|
||||
*/
|
||||
protected function createUser($_account_lid, array &$data=[])
|
||||
{
|
||||
// add some defaults
|
||||
$data = array_merge([
|
||||
'firstname' => ucfirst($_account_lid),
|
||||
'lastname' => 'User',
|
||||
'email' => $_account_lid.'@example.org',
|
||||
'password' => 'secret',//Auth::randomstring(12),
|
||||
'primary_group' => 'NoGroup',
|
||||
], $data);
|
||||
|
||||
$data['id'] = $this->getSetup()->add_account($_account_lid, $data['firstname'], $data['lastname'],
|
||||
$data['password'], $data['primary_group'], false, $data['email']);
|
||||
|
||||
// give use run rights for CalDAV apps, as NoGroup does NOT!
|
||||
$this->addAcl(['groupdav','calendar','infolog','addressbook'], 'run', $data['id']);
|
||||
|
||||
$this->created_users[$_account_lid] = $data;
|
||||
|
||||
return $data['id'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Get authentication information for given user to use
|
||||
*
|
||||
* @param string $_account_lid ='demo'
|
||||
* @return array
|
||||
*/
|
||||
protected function auth($_account_lid='demo')
|
||||
{
|
||||
if ($_account_lid === 'demo')
|
||||
{
|
||||
$password = 'guest';
|
||||
}
|
||||
elseif (!isset($this->created_users[$_account_lid]))
|
||||
{
|
||||
throw new \InvalidArgumentException("No user '$_account_lid' exist, need to create it with createUser('$_account_lid')");
|
||||
}
|
||||
else
|
||||
{
|
||||
$password = $this->created_users[$_account_lid]['password'];
|
||||
}
|
||||
return [RequestOptions::AUTH => [$_account_lid, $password]];
|
||||
}
|
||||
|
||||
/**
|
||||
* Tear down:
|
||||
* - delete users created by createUser() incl. their ACL and data
|
||||
*/
|
||||
public function tearDown()
|
||||
{
|
||||
$setup = $this->getSetup();
|
||||
|
||||
foreach($this->created_users as $account_lid => $data)
|
||||
{
|
||||
// if ($id) $setup->accounts->delete($data['id']);
|
||||
unset($this->created_users[$account_lid]);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Add ACL rights
|
||||
*
|
||||
* @param string|array $apps app-names
|
||||
* @param string $location eg. "run"
|
||||
* @param int|string $account accountid or account_lid
|
||||
* @param int $rights rights to set, default 1
|
||||
*/
|
||||
function addAcl($apps, $location, $account, $rights=1)
|
||||
{
|
||||
return $this->getSetup()->add_acl($apps, $location, $account, $rights);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return instance of setup object eg. to create users
|
||||
*
|
||||
* @return \setup
|
||||
*/
|
||||
private function getSetup()
|
||||
{
|
||||
if (!isset($_REQUEST['domain']))
|
||||
{
|
||||
$_REQUEST['domain'] = $GLOBALS['EGW_DOMAIN'] ?? 'default';
|
||||
}
|
||||
$_REQUEST['ConfigDomain'] = $_REQUEST['domain'];
|
||||
require_once __DIR__.'/../../setup/inc/functions.inc.php';
|
||||
|
||||
return $GLOBALS['egw_setup'];
|
||||
}
|
||||
|
||||
/**
|
||||
* Check HTTP status in response
|
||||
*
|
||||
* @param int|array $expected one or more valid status codes
|
||||
* @param ResponseInterface $response
|
||||
* @param string $message ='' additional message to prefix result message
|
||||
*/
|
||||
protected function assertHttpStatus($expected, ResponseInterface $response, $message='')
|
||||
{
|
||||
$status = $response->getStatusCode();
|
||||
$this->assertEquals(in_array($status, (array)$expected) ? $status : ((array)$expected)[0], $status,
|
||||
(!empty($message) ? $message.': ' : ''). 'Expected HTTP status: '.json_encode($expected).
|
||||
", Server returned: $status ".$response->getReasonPhrase());
|
||||
}
|
||||
|
||||
/**
|
||||
* Asserts an iCal file matches an expected one taking into account $_overwrites
|
||||
*
|
||||
* @param string $_expected
|
||||
* @param string $_acctual
|
||||
* @param string $_message
|
||||
* @param array $_overwrites =[] eg. ['vEvent' => [['ATTENDEE' => ['mailto:boss@example.org' => ['PARTSTAT' => 'DECLINED']]]]]
|
||||
* (first vEvent attendee with value 'mailto:boss@...' has param 'PARTSTAT=DECLINED')
|
||||
* @throws Horde_Icalendar_Exception
|
||||
*/
|
||||
protected function assertIcal($_expected, $_acctual, $_message=null, $_overwrites=[])
|
||||
{
|
||||
// enable to see full iCals
|
||||
//$this->assertEquals($_expected, (string)$_acctual, $_message.": iCal not byte-by-byte identical");
|
||||
|
||||
$expected = new Horde_Icalendar();
|
||||
$expected->parsevCalendar($_expected);
|
||||
$acctual = new Horde_Icalendar();
|
||||
$acctual->parsevCalendar($_acctual);
|
||||
|
||||
if (($msgs = $this->checkComponentEqual($expected, $acctual, $_overwrites)))
|
||||
{
|
||||
$this->assertEquals($_expected, (string)$_acctual, ($_message ? $_message.":\n" : '').implode("\n", $msgs));
|
||||
}
|
||||
else
|
||||
{
|
||||
$this->assertTrue(true); // due to $_overwrite probable $_expected !== $_acctual
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Check two iCal components are equal modulo overwrites / expected difference
|
||||
*
|
||||
* Only a whitelist of attributes per component are checked, see $component_attrs2check variable.
|
||||
*
|
||||
* @param Horde_Icalendar $_expected
|
||||
* @param Horde_Icalendar $_acctual
|
||||
* @param string $_message
|
||||
* @param array $_overwrites =[] eg. ['ATTENDEE' => ['boss@example.org' => ['PARTSTAT' => 'DECLINED']]]
|
||||
* @throws Horde_Icalendar_Exception
|
||||
* @return array message(s) what's not equal
|
||||
*/
|
||||
protected function checkComponentEqual(Horde_Icalendar $_expected, Horde_Icalendar $_acctual, $_overwrites=[])
|
||||
{
|
||||
// only following attributes in these components are checked:
|
||||
static $component_attrs2check = [
|
||||
'vcalendar' => ['VERSION'],
|
||||
'vTimeZone' => ['TZID'],
|
||||
'vEvent' => ['UID', 'SUMMARY', 'LOCATION', 'DESCRIPTION', 'DTSTART', 'DTEND', 'ORGANIZER', 'ATTENDEE'],
|
||||
];
|
||||
|
||||
if ($_expected->getType() !== $_acctual->getType())
|
||||
{
|
||||
return ["component type not equal"];
|
||||
}
|
||||
$msgs = [];
|
||||
foreach ($component_attrs2check[$_expected->getType()] ?? [] as $attr)
|
||||
{
|
||||
$acctualAttrs = $_acctual->getAllAttributes($attr);
|
||||
foreach($_expected->getAllAttributes($attr) as $expectedAttr)
|
||||
{
|
||||
$found = false;
|
||||
foreach($acctualAttrs as $acctualAttr)
|
||||
{
|
||||
if (count($acctualAttrs) === 1 || $expectedAttr['value'] === $acctualAttr['value'])
|
||||
{
|
||||
$found = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
if (!$found)
|
||||
{
|
||||
$msgs[] = "No $attr {$expectedAttr['value']} found";
|
||||
continue;
|
||||
}
|
||||
// remove / ignore X-parameters, eg. X-EGROUPWARE-UID in ATTENDEE or ORGANIZER
|
||||
$acctualAttr['params'] = array_filter($acctualAttr['params'], function ($key) {
|
||||
return substr($key, 0, 2) !== 'X-';
|
||||
}, ARRAY_FILTER_USE_KEY);
|
||||
|
||||
if (isset($_overwrites[$attr]) && is_scalar($_overwrites[$attr]))
|
||||
{
|
||||
$expectedAttr = [
|
||||
'name' => $attr,
|
||||
'value' => $_overwrites[$attr],
|
||||
'values' => [$_overwrites[$attr]],
|
||||
'params' => [],
|
||||
];
|
||||
}
|
||||
elseif (isset($_overwrites[$attr]) && is_array($_overwrites[$attr]))
|
||||
{
|
||||
foreach ($_overwrites[$attr] as $value => $params)
|
||||
{
|
||||
if ($value === $expectedAttr['value'])
|
||||
{
|
||||
$expectedAttr['params'] = array_merge($expectedAttr['params'], $params);
|
||||
}
|
||||
}
|
||||
}
|
||||
if ($expectedAttr != $acctualAttr)
|
||||
{
|
||||
$this->assertEquals($expectedAttr, $acctualAttr, "$attr not equal");
|
||||
$msgs[] = "$attr not equal";
|
||||
}
|
||||
}
|
||||
}
|
||||
// check sub-components, overrites use an index by type eg. 1. vEvent: ['vEvent'=>[[<overwrites for 1. vEvent]]]
|
||||
$idx_by_type = [];
|
||||
foreach($_expected->getComponents() as $idx => $component)
|
||||
{
|
||||
if (!isset($idx_by_type[$type = $component->getType()])) $idx_by_type[$type] = 0;
|
||||
$msgs = array_merge($msgs, $this->checkComponentEqual($component, $_acctual->getComponent($idx),
|
||||
$_overwrites[$type][$idx_by_type[$type]] ?? []));
|
||||
$idx_by_type[$type]++;
|
||||
}
|
||||
return $msgs;
|
||||
}
|
||||
|
||||
public static function setUpBeforeClass()
|
||||
{
|
||||
parent::setUpBeforeClass();
|
||||
}
|
||||
|
||||
public static function tearDownAfterClass()
|
||||
{
|
||||
parent::tearDownAfterClass();
|
||||
}
|
||||
|
||||
public function setUp()
|
||||
{
|
||||
|
||||
}
|
||||
}
|
@ -1338,7 +1338,7 @@ class calendar_bo
|
||||
elseif ($grants[$uid] & Acl::READ)
|
||||
{
|
||||
// if we have a READ grant from a participant, we dont give an implicit privat grant too
|
||||
$grant |= Acl::READ;
|
||||
$grant |= self::ACL_FREEBUSY | Acl::READ;
|
||||
// we cant break here, as we might be a participant too, and would miss the privat grant
|
||||
}
|
||||
elseif (!is_numeric($uid))
|
||||
|
@ -1375,35 +1375,56 @@ class calendar_groupdav extends Api\CalDAV\Handler
|
||||
return true; // simply ignore DELETE in inbox for now
|
||||
}
|
||||
$return_no_access = true; // to allow to check if current use is a participant and reject the event for him
|
||||
if (!is_array($event = $this->_common_get_put_delete('DELETE',$options,$id,$return_no_access)) || !$return_no_access ||
|
||||
// Work around problems with Outlook CalDAV Synchroniser (https://caldavsynchronizer.org/)
|
||||
// - sends a DELETE to reject a meeting request --> deletes event for all participants, if user has delete rights on the calendar
|
||||
// --> only set status for everyone else but the organizer
|
||||
self::get_agent() == 'caldavsynchronizer' && is_array($event) && $event['owner'] != $user)
|
||||
$event = $this->_common_get_put_delete('DELETE',$options,$id,$return_no_access);
|
||||
|
||||
// no event found --> 404 Not Found
|
||||
if (!is_array($event))
|
||||
{
|
||||
if (is_array($event) && (!$return_no_access || $event['owner'] != $user))
|
||||
$ret = $event;
|
||||
error_log("_common_get_put_delete('DELETE', ..., $id) user=$user, return_no_access=".array2string($return_no_access)." returned ".array2string($event));
|
||||
}
|
||||
// Work around problems with Outlook CalDAV Synchronizer (https://caldavsynchronizer.org/)
|
||||
// - sends a DELETE to reject a meeting request --> deletes event for all participants, if user has delete rights from the organizer
|
||||
// --> only set status for everyone else but the organizer
|
||||
// OR no delete rights and deleting an event in someone else calendar --> check if calendar owner is a participant --> reject him
|
||||
elseif ((!$return_no_access || (self::get_agent() === 'caldavsynchronizer' && $event['owner'] != $user)) &&
|
||||
// check if current user has edit rights for calendar of $user, can change status / reject invitation for him
|
||||
$this->bo->check_perms(Acl::EDIT, 0, $user))
|
||||
{
|
||||
// check if user is a participant or one of the groups he is a member of --> reject the meeting request
|
||||
$ret = '403 Forbidden';
|
||||
$memberships = $GLOBALS['egw']->accounts->memberships($user, true);
|
||||
foreach(array_keys($event['participants']) as $uid)
|
||||
{
|
||||
// check if user is a participant or one of the groups he is a member of --> reject the meeting request
|
||||
$ret = '403 Forbidden';
|
||||
$memberships = $GLOBALS['egw']->accounts->memberships($this->bo->user, true);
|
||||
foreach(array_keys($event['participants']) as $uid)
|
||||
if ($user == $uid || in_array($uid, $memberships))
|
||||
{
|
||||
if ($this->bo->user == $uid || in_array($uid, $memberships))
|
||||
{
|
||||
$this->bo->set_status($event,$this->bo->user, 'R');
|
||||
$ret = true;
|
||||
break;
|
||||
}
|
||||
$this->bo->set_status($event, $user, 'R');
|
||||
$ret = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
}
|
||||
// current user has no delete rights for event --> reject invitation, if he is a participant
|
||||
elseif (!$return_no_access)
|
||||
{
|
||||
// check if current user is a participant or one of the groups he is a member of --> reject the meeting request
|
||||
$ret = '403 Forbidden';
|
||||
$memberships = $GLOBALS['egw']->accounts->memberships($this->bo->user, true);
|
||||
foreach(array_keys($event['participants']) as $uid)
|
||||
{
|
||||
$ret = $event;
|
||||
if ($this->bo->user == $uid || in_array($uid, $memberships))
|
||||
{
|
||||
$this->bo->set_status($event, $this->bo->user, 'R');
|
||||
$ret = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
// we have delete rights on the event and (try to) delete it
|
||||
else
|
||||
{
|
||||
$ret = $this->bo->delete($event['id']);
|
||||
if (!$ret) { error_log("delete($event[id]) returned FALSE"); $ret = '400 Failed to delete event';}
|
||||
}
|
||||
if ($this->debug) error_log(__METHOD__."(,$id) return_no_access=$return_no_access, event[participants]=".array2string(is_array($event)?$event['participants']:null).", user={$this->bo->user} --> return ".array2string($ret));
|
||||
return $ret;
|
||||
|
121
calendar/tests/CalDAV/CalDAVcreateReadDelete.php
Normal file
121
calendar/tests/CalDAV/CalDAVcreateReadDelete.php
Normal file
@ -0,0 +1,121 @@
|
||||
<?php
|
||||
/**
|
||||
* CalDAV tests: create, read and delete an event
|
||||
*
|
||||
* @link https://www.egroupware.org
|
||||
* @author Ralf Becker <rb@egroupware.org>
|
||||
* @package calendar
|
||||
* @subpackage tests
|
||||
* @copyright (c) 2020 by Ralf Becker <rb@egroupware.org>
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
*/
|
||||
|
||||
namespace EGroupware\calendar;
|
||||
|
||||
require_once __DIR__.'/../../../api/tests/CalDAVTest.php';
|
||||
|
||||
use EGroupware\Api\CalDAVTest;
|
||||
use GuzzleHttp\RequestOptions;
|
||||
|
||||
class CalDAVcreateReadDelete extends CalDAVTest
|
||||
{
|
||||
/**
|
||||
* Test accessing CalDAV without authentication
|
||||
*/
|
||||
public function testNoAuth()
|
||||
{
|
||||
$response = $this->getClient([])->get($this->url('/'));
|
||||
|
||||
$this->assertHttpStatus(401, $response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Test accessing CalDAV with authentication
|
||||
*/
|
||||
public function testAuth()
|
||||
{
|
||||
$response = $this->getClient()->get($this->url('/'));
|
||||
|
||||
$this->assertHttpStatus(200, $response);
|
||||
}
|
||||
|
||||
const EVENT_URL = '/demo/calendar/new-event-1233456789-new.ics';
|
||||
const EVENT_ICAL = <<<EOICAL
|
||||
BEGIN:VCALENDAR
|
||||
VERSION:2.0
|
||||
BEGIN:VTIMEZONE
|
||||
TZID:Europe/Berlin
|
||||
BEGIN:DAYLIGHT
|
||||
TZOFFSETFROM:+0100
|
||||
TZOFFSETTO:+0200
|
||||
TZNAME:CEST
|
||||
DTSTART:19700329T020000
|
||||
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
|
||||
END:DAYLIGHT
|
||||
BEGIN:STANDARD
|
||||
TZOFFSETFROM:+0200
|
||||
TZOFFSETTO:+0100
|
||||
TZNAME:CET
|
||||
DTSTART:19701025T030000
|
||||
RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
|
||||
END:STANDARD
|
||||
END:VTIMEZONE
|
||||
BEGIN:VEVENT
|
||||
DTSTART;TZID=Europe/Berlin:20110406T210000
|
||||
DTEND;TZID=Europe/Berlin:20110406T220000
|
||||
DTSTAMP:20110406T183747Z
|
||||
LAST-MODIFIED:20110406T183747Z
|
||||
LOCATION:Somewhere
|
||||
SUMMARY:Tonight
|
||||
UID:new-event-1233456789-new
|
||||
END:VEVENT
|
||||
END:VCALENDAR
|
||||
EOICAL;
|
||||
|
||||
/**
|
||||
* Create an event
|
||||
*/
|
||||
public function testCreate()
|
||||
{
|
||||
$response = $this->getClient()->put($this->url(self::EVENT_URL), [
|
||||
RequestOptions::HEADERS => [
|
||||
'Content-Type' => 'text/calendar',
|
||||
'If-None-Match' => '*',
|
||||
],
|
||||
RequestOptions::BODY => self::EVENT_ICAL,
|
||||
]);
|
||||
|
||||
$this->assertHttpStatus(201, $response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Read created event
|
||||
*/
|
||||
public function testRead()
|
||||
{
|
||||
$response = $this->getClient()->get($this->url(self::EVENT_URL));
|
||||
|
||||
$this->assertHttpStatus(200, $response);
|
||||
$this->assertIcal(self::EVENT_ICAL, $response->getBody());
|
||||
}
|
||||
|
||||
/**
|
||||
* Delete created event
|
||||
*/
|
||||
public function testDelete()
|
||||
{
|
||||
$response = $this->getClient()->delete($this->url(self::EVENT_URL));
|
||||
|
||||
$this->assertHttpStatus(204, $response);
|
||||
}
|
||||
|
||||
/**
|
||||
* Read created event
|
||||
*/
|
||||
public function testReadDeleted()
|
||||
{
|
||||
$response = $this->getClient()->get($this->url(self::EVENT_URL));
|
||||
|
||||
$this->assertHttpStatus(404, $response);
|
||||
}
|
||||
}
|
368
calendar/tests/CalDAV/CalDAVsingleDELETE.php
Normal file
368
calendar/tests/CalDAV/CalDAVsingleDELETE.php
Normal file
@ -0,0 +1,368 @@
|
||||
<?php
|
||||
/**
|
||||
* CalDAV tests: DELETE requests for non-series by Outlook CalDAV Synchronizer and other clients
|
||||
*
|
||||
* @link https://www.egroupware.org
|
||||
* @author Ralf Becker <rb@egroupware.org>
|
||||
* @package calendar
|
||||
* @subpackage tests
|
||||
* @copyright (c) 2020 by Ralf Becker <rb@egroupware.org>
|
||||
* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
|
||||
*/
|
||||
|
||||
namespace EGroupware\calendar;
|
||||
|
||||
require_once __DIR__.'/../../../api/tests/CalDAVTest.php';
|
||||
|
||||
use EGroupware\Api\CalDAVTest;
|
||||
use GuzzleHttp\RequestOptions;
|
||||
use EGroupware\Api\Acl;
|
||||
|
||||
/**
|
||||
* Class CalDAVsingleDELETE
|
||||
*
|
||||
* This tests check all sorts of DELETE requests by organizer and attendees, with and without (delete) rights on the organizer.
|
||||
*
|
||||
* For CalDAV Synchronizer, which does not distingues between deleting and rejecting events, we only allow the
|
||||
* organizer to delete an event.
|
||||
*
|
||||
* @package EGroupware\calendar
|
||||
* @covers \calendar_groupdav::delete()
|
||||
* @uses \calendar_groupdav::put()
|
||||
* @uses \calendar_groupdav::get()
|
||||
*/
|
||||
class CalDAVsingleDELETE extends CalDAVTest
|
||||
{
|
||||
/**
|
||||
* Users and their ACL for the test
|
||||
*
|
||||
* @var array
|
||||
*/
|
||||
protected $users = [
|
||||
'boss' => [],
|
||||
'secretary' => [
|
||||
'rights' => [
|
||||
'boss' => Acl::READ|Acl::ADD|Acl::EDIT|Acl::DELETE,
|
||||
]
|
||||
],
|
||||
'other' => [],
|
||||
];
|
||||
|
||||
/**
|
||||
* Create some users incl. ACL
|
||||
*/
|
||||
public function setUp()
|
||||
{
|
||||
parent::setUp();
|
||||
|
||||
$this->createUsersACL($this->users, 'calendar');
|
||||
}
|
||||
|
||||
/**
|
||||
* Check created users
|
||||
*/
|
||||
public function testPrincipals()
|
||||
{
|
||||
foreach($this->users as $user => &$data)
|
||||
{
|
||||
$response = $this->getClient()->propfind($this->url('/principals/users/'.$user.'/'), [
|
||||
RequestOptions::HEADERS => [
|
||||
'Depth' => 0,
|
||||
],
|
||||
]);
|
||||
$this->assertHttpStatus(207, $response);
|
||||
}
|
||||
}
|
||||
|
||||
const EVENT_BOSS_ATTENDEE_ORGANIZER_URL = '/other/calendar/new-event-boss-attendee-123456789-new.ics';
|
||||
const EVENT_BOSS_ATTENDEE_URL = '/boss/calendar/new-event-boss-attendee-123456789-new.ics';
|
||||
const EVENT_BOSS_ATTENDEE_ICAL = <<<EOICAL
|
||||
BEGIN:VCALENDAR
|
||||
VERSION:2.0
|
||||
BEGIN:VTIMEZONE
|
||||
TZID:Europe/Berlin
|
||||
BEGIN:DAYLIGHT
|
||||
TZOFFSETFROM:+0100
|
||||
TZOFFSETTO:+0200
|
||||
TZNAME:CEST
|
||||
DTSTART:19700329T020000
|
||||
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
|
||||
END:DAYLIGHT
|
||||
BEGIN:STANDARD
|
||||
TZOFFSETFROM:+0200
|
||||
TZOFFSETTO:+0100
|
||||
TZNAME:CET
|
||||
DTSTART:19701025T030000
|
||||
RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
|
||||
END:STANDARD
|
||||
END:VTIMEZONE
|
||||
BEGIN:VEVENT
|
||||
DTSTART;TZID=Europe/Berlin:20110406T210000
|
||||
DTEND;TZID=Europe/Berlin:20110406T220000
|
||||
DTSTAMP:20110406T183747Z
|
||||
LAST-MODIFIED:20110406T183747Z
|
||||
LOCATION:Somewhere
|
||||
SUMMARY:Tonight
|
||||
ORGANIZER;CN="Other User":mailto:other@example.org
|
||||
ATTENDEE;CN="Other User";CUTYPE=INDIVIDUAL;PARTSTAT=ACCEPTED;ROLE=CHAIR:mailto:other@example.org
|
||||
ATTENDEE;CN="Boss User";CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RSVP=TRUE:mailto:boss@example.org
|
||||
UID:new-event-boss-attendee-123456789-new
|
||||
END:VEVENT
|
||||
END:VCALENDAR
|
||||
EOICAL;
|
||||
|
||||
/**
|
||||
* Check secretary deletes in boss's calendar event he is an attendee / invited
|
||||
*
|
||||
* @throws \Horde_Icalendar_Exception
|
||||
*/
|
||||
public function testSecretaryDeletesBossAttendee()
|
||||
{
|
||||
// create invitation by organizer
|
||||
$response = $this->getClient('other')->put($this->url(self::EVENT_BOSS_ATTENDEE_ORGANIZER_URL), [
|
||||
RequestOptions::HEADERS => [
|
||||
'Content-Type' => 'text/calendar',
|
||||
'Prefer' => 'return=representation'
|
||||
],
|
||||
RequestOptions::BODY => self::EVENT_BOSS_ATTENDEE_ICAL,
|
||||
]);
|
||||
$this->assertHttpStatus([200,201], $response);
|
||||
$this->assertIcal(self::EVENT_BOSS_ATTENDEE_ICAL, $response->getBody());
|
||||
|
||||
// secretrary deletes event in boss's calendar
|
||||
$response = $this->getClient('secretary')->delete($this->url(self::EVENT_BOSS_ATTENDEE_URL));
|
||||
$this->assertHttpStatus(204, $response, 'Secretary delete/rejects for boss');
|
||||
|
||||
// use organizer to check event still exists and boss rejected
|
||||
$response = $this->getClient('other')->get($this->url(self::EVENT_BOSS_ATTENDEE_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(200, $response, 'Check event still exists after DELETE in attendee calendar');
|
||||
$this->assertIcal(self::EVENT_BOSS_ATTENDEE_ICAL, $response->getBody(),
|
||||
'Boss should have declined the invitation',
|
||||
['vEvent' => [['ATTENDEE' => ['mailto:boss@example.org' => ['PARTSTAT' => 'DECLINED', 'RSVP' => 'FALSE']]]]]
|
||||
);
|
||||
|
||||
// secretary tries to delete event in organizers calendar
|
||||
$response = $this->getClient('secretary')->delete($this->url(self::EVENT_BOSS_ATTENDEE_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(403, $response, 'Secretary not allowed to delete for organizer');
|
||||
|
||||
// boss deletes/rejects event in his calendar
|
||||
$response = $this->getClient('boss')->delete($this->url(self::EVENT_BOSS_ATTENDEE_URL));
|
||||
$this->assertHttpStatus(204, $response, 'Boss deletes/rejects in his calendar');
|
||||
|
||||
// boss deletes/rejects event in organizers calendar
|
||||
$response = $this->getClient('boss')->delete($this->url(self::EVENT_BOSS_ATTENDEE_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(204, $response, 'Boss deletes/rejects in organizers calendar');
|
||||
|
||||
// use organizer to delete event
|
||||
$response = $this->getClient('other')->delete($this->url(self::EVENT_BOSS_ATTENDEE_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(204, $response);
|
||||
|
||||
// use organizer to check event deleted
|
||||
$response = $this->getClient('other')->get($this->url(self::EVENT_BOSS_ATTENDEE_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(404, $response, "Check event deleted by organizer");
|
||||
}
|
||||
|
||||
const EVENT_BOSS_ORGANIZER_URL = '/boss/calendar/new-event-boss-organizer-123456789-new.ics';
|
||||
const EVENT_BOSS_ORGANIZER_OTHER_URL = '/other/calendar/new-event-boss-organizer-123456789-new.ics';
|
||||
const EVENT_BOSS_ORGANIZER_ICAL = <<<EOICAL
|
||||
BEGIN:VCALENDAR
|
||||
VERSION:2.0
|
||||
BEGIN:VTIMEZONE
|
||||
TZID:Europe/Berlin
|
||||
BEGIN:DAYLIGHT
|
||||
TZOFFSETFROM:+0100
|
||||
TZOFFSETTO:+0200
|
||||
TZNAME:CEST
|
||||
DTSTART:19700329T020000
|
||||
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
|
||||
END:DAYLIGHT
|
||||
BEGIN:STANDARD
|
||||
TZOFFSETFROM:+0200
|
||||
TZOFFSETTO:+0100
|
||||
TZNAME:CET
|
||||
DTSTART:19701025T030000
|
||||
RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
|
||||
END:STANDARD
|
||||
END:VTIMEZONE
|
||||
BEGIN:VEVENT
|
||||
DTSTART;TZID=Europe/Berlin:20110406T210000
|
||||
DTEND;TZID=Europe/Berlin:20110406T220000
|
||||
DTSTAMP:20110406T183747Z
|
||||
LAST-MODIFIED:20110406T183747Z
|
||||
LOCATION:Somewhere
|
||||
SUMMARY:Tonight
|
||||
ORGANIZER;CN="Boss User":mailto:boss@example.org
|
||||
ATTENDEE;CN="Boss User";CUTYPE=INDIVIDUAL;PARTSTAT=ACCEPTED;ROLE=CHAIR:mailto:boss@example.org
|
||||
ATTENDEE;CN="Other User";CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RSVP=TRUE:mailto:other@example.org
|
||||
UID:new-event-boss-organizer-123456789-new
|
||||
END:VEVENT
|
||||
END:VCALENDAR
|
||||
EOICAL;
|
||||
|
||||
/**
|
||||
* Check secretary deletes for boss, which is organizer of event
|
||||
*
|
||||
* @throws \Horde_Icalendar_Exception
|
||||
*/
|
||||
public function testSecretaryDeletesBossOrganizer()
|
||||
{
|
||||
// create invitation by boss as organizer
|
||||
$response = $this->getClient('boss')->put($this->url(self::EVENT_BOSS_ORGANIZER_URL), [
|
||||
RequestOptions::HEADERS => [
|
||||
'Content-Type' => 'text/calendar',
|
||||
'Prefer' => 'return=representation'
|
||||
],
|
||||
RequestOptions::BODY => self::EVENT_BOSS_ORGANIZER_ICAL,
|
||||
]);
|
||||
$this->assertHttpStatus([200,201], $response);
|
||||
$this->assertIcal(self::EVENT_BOSS_ORGANIZER_ICAL, $response->getBody());
|
||||
|
||||
// attendee deletes/rejects event in his calendar
|
||||
$response = $this->getClient('other')->delete($this->url(self::EVENT_BOSS_ORGANIZER_OTHER_URL));
|
||||
$this->assertHttpStatus(204, $response);
|
||||
|
||||
// secretrary deletes event in boss's calendar
|
||||
$response = $this->getClient('secretary')->delete($this->url(self::EVENT_BOSS_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(204, $response, 'Secretary deletes for boss');
|
||||
|
||||
// use organizer/boss to check event deleted
|
||||
$response = $this->getClient('boss')->get($this->url(self::EVENT_BOSS_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(404, $response, "Check event deleted by secretary");
|
||||
}
|
||||
|
||||
/**
|
||||
* Check organizer (boss) can delete event in his calendar
|
||||
*
|
||||
* @throws \Horde_Icalendar_Exception
|
||||
*/
|
||||
public function testOrganizerDeletes()
|
||||
{
|
||||
// create invitation by boss as organizer
|
||||
$response = $this->getClient('boss')->put($this->url(self::EVENT_BOSS_ORGANIZER_URL), [
|
||||
RequestOptions::HEADERS => [
|
||||
'Content-Type' => 'text/calendar',
|
||||
'Prefer' => 'return=representation'
|
||||
],
|
||||
RequestOptions::BODY => self::EVENT_BOSS_ORGANIZER_ICAL,
|
||||
]);
|
||||
$this->assertHttpStatus([200,201], $response);
|
||||
$this->assertIcal(self::EVENT_BOSS_ORGANIZER_ICAL, $response->getBody());
|
||||
|
||||
// organizer deletes event in his calendar
|
||||
$response = $this->getClient('boss')->delete($this->url(self::EVENT_BOSS_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(204, $response, 'Organizer deletes');
|
||||
|
||||
// use organizer/boss to check event deleted
|
||||
$response = $this->getClient('boss')->get($this->url(self::EVENT_BOSS_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(404, $response, "Check event deleted by organizer");
|
||||
|
||||
// use attendee to check event deleted
|
||||
$response = $this->getClient('other')->get($this->url(self::EVENT_BOSS_ORGANIZER_OTHER_URL));
|
||||
$this->assertHttpStatus(404, $response, "Check event deleted by organizer");
|
||||
}
|
||||
|
||||
const EVENT_SECRETARY_ATTENDEE_URL = '/secretary/calendar/new-event-secreatary-attendee-123456789-new.ics';
|
||||
const EVENT_SECRETARY_ATTENDEE_ORGANIZER_URL = '/boss/calendar/new-event-secreatary-attendee-123456789-new.ics';
|
||||
const EVENT_SECRETARY_ATTENDEE_ICAL = <<<EOICAL
|
||||
BEGIN:VCALENDAR
|
||||
VERSION:2.0
|
||||
BEGIN:VTIMEZONE
|
||||
TZID:Europe/Berlin
|
||||
BEGIN:DAYLIGHT
|
||||
TZOFFSETFROM:+0100
|
||||
TZOFFSETTO:+0200
|
||||
TZNAME:CEST
|
||||
DTSTART:19700329T020000
|
||||
RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=-1SU
|
||||
END:DAYLIGHT
|
||||
BEGIN:STANDARD
|
||||
TZOFFSETFROM:+0200
|
||||
TZOFFSETTO:+0100
|
||||
TZNAME:CET
|
||||
DTSTART:19701025T030000
|
||||
RRULE:FREQ=YEARLY;BYMONTH=10;BYDAY=-1SU
|
||||
END:STANDARD
|
||||
END:VTIMEZONE
|
||||
BEGIN:VEVENT
|
||||
DTSTART;TZID=Europe/Berlin:20110406T210000
|
||||
DTEND;TZID=Europe/Berlin:20110406T220000
|
||||
DTSTAMP:20110406T183747Z
|
||||
LAST-MODIFIED:20110406T183747Z
|
||||
LOCATION:Somewhere
|
||||
SUMMARY:Tonight
|
||||
ORGANIZER;CN="Boss User":mailto:boss@example.org
|
||||
ATTENDEE;CN="Boss User";CUTYPE=INDIVIDUAL;PARTSTAT=ACCEPTED;ROLE=CHAIR:mailto:boss@example.org
|
||||
ATTENDEE;CN="Secretary User";CUTYPE=INDIVIDUAL;PARTSTAT=NEEDS-ACTION;ROLE=REQ-PARTICIPANT;RSVP=TRUE:mailto:secretary@example.org
|
||||
UID:new-event-secreatary-attendee-123456789-new
|
||||
END:VEVENT
|
||||
END:VCALENDAR
|
||||
EOICAL;
|
||||
|
||||
/**
|
||||
* Check secretary as attendee deletes event
|
||||
*
|
||||
* @throws \Horde_Icalendar_Exception
|
||||
*/
|
||||
public function testSecretaryAttendeeDeletes()
|
||||
{
|
||||
// create invitation by boss as organizer
|
||||
$response = $this->getClient('boss')->put($this->url(self::EVENT_SECRETARY_ATTENDEE_ORGANIZER_URL), [
|
||||
RequestOptions::HEADERS => [
|
||||
'Content-Type' => 'text/calendar',
|
||||
'Prefer' => 'return=representation'
|
||||
],
|
||||
RequestOptions::BODY => self::EVENT_SECRETARY_ATTENDEE_ICAL,
|
||||
]);
|
||||
$this->assertHttpStatus([200,201], $response);
|
||||
$this->assertIcal(self::EVENT_SECRETARY_ATTENDEE_ICAL, $response->getBody());
|
||||
|
||||
// secretary deletes in her calendar
|
||||
$response = $this->getClient('secretary')->delete($this->url(self::EVENT_SECRETARY_ATTENDEE_URL));
|
||||
$this->assertHttpStatus(204, $response, 'Secretary (attendee) deletes');
|
||||
|
||||
// use organizer to check it's really deleted
|
||||
$response = $this->getClient('boss')->get($this->url(self::EVENT_SECRETARY_ATTENDEE_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(404, $response, "Check event deleted by secretary");
|
||||
}
|
||||
|
||||
/**
|
||||
* Check secretary as attendee deletes event with CalDAVSynchronizer
|
||||
*
|
||||
* @throws \Horde_Icalendar_Exception
|
||||
*/
|
||||
public function testSecretaryAttendeeDeletesCalDAVSynchronizer()
|
||||
{
|
||||
// create invitation by boss as organizer
|
||||
$response = $this->getClient('boss')->put($this->url(self::EVENT_SECRETARY_ATTENDEE_ORGANIZER_URL), [
|
||||
RequestOptions::HEADERS => [
|
||||
'Content-Type' => 'text/calendar',
|
||||
'Prefer' => 'return=representation'
|
||||
],
|
||||
RequestOptions::BODY => self::EVENT_SECRETARY_ATTENDEE_ICAL,
|
||||
]);
|
||||
$this->assertHttpStatus([200,201], $response);
|
||||
$this->assertIcal(self::EVENT_SECRETARY_ATTENDEE_ICAL, $response->getBody());
|
||||
|
||||
// secretary deletes in her calendar with CalDAVSynchronizer
|
||||
$response = $this->getClient('secretary')->delete($this->url(self::EVENT_SECRETARY_ATTENDEE_URL),
|
||||
[RequestOptions::HEADERS => ['User-Agent' => 'CalDAVSynchronizer']]);
|
||||
$this->assertHttpStatus(204, $response, 'Secretary (attendee) deletes/rejects');
|
||||
|
||||
// use organizer to check it's NOT deleted, as CalDAVSynchronizer / Outlook does not distinguish between reject and delete
|
||||
$response = $this->getClient('boss')->get($this->url(self::EVENT_SECRETARY_ATTENDEE_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(200, $response, "Check event NOT deleted by secretary");
|
||||
$this->assertIcal(self::EVENT_SECRETARY_ATTENDEE_ICAL, $response->getBody(),
|
||||
'Secretary should have declined the invitation',
|
||||
['vEvent' => [['ATTENDEE' => ['mailto:secretary@example.org' => ['PARTSTAT' => 'DECLINED', 'RSVP' => 'FALSE']]]]]
|
||||
);
|
||||
|
||||
// organizer deletes in his calendar with CalDAVSynchronizer
|
||||
$response = $this->getClient('boss')->delete($this->url(self::EVENT_SECRETARY_ATTENDEE_ORGANIZER_URL),
|
||||
[RequestOptions::HEADERS => ['User-Agent' => 'CalDAVSynchronizer']]);
|
||||
$this->assertHttpStatus(204, $response, 'Organizer deletes');
|
||||
|
||||
// use organizer to check it's deleted, as CalDAVSynchronizer / Outlook should still delete for organizer
|
||||
$response = $this->getClient('boss')->get($this->url(self::EVENT_SECRETARY_ATTENDEE_ORGANIZER_URL));
|
||||
$this->assertHttpStatus(404, $response, "Check event deleted by organizer");
|
||||
}
|
||||
}
|
@ -101,6 +101,8 @@
|
||||
"tinymce/tinymce": "^5.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"guzzlehttp/guzzle": "^6.5",
|
||||
"phpunit/phpunit": "^6.5"
|
||||
},
|
||||
"suggests": {
|
||||
"ext-opcache": "Opcode cache to speed up PHP",
|
||||
|
1749
composer.lock
generated
1749
composer.lock
generated
File diff suppressed because it is too large
Load Diff
27
doc/travis-ci-apache.conf
Normal file
27
doc/travis-ci-apache.conf
Normal file
@ -0,0 +1,27 @@
|
||||
<VirtualHost *:80>
|
||||
# https://docs.travis-ci.com/user/languages/php/#apache--php
|
||||
|
||||
DocumentRoot %TRAVIS_BUILD_DIR%
|
||||
|
||||
# tests assume EGroupware to be under /egroupware not docroot
|
||||
Alias /egroupware %TRAVIS_BUILD_DIR%
|
||||
|
||||
<Directory "%TRAVIS_BUILD_DIR%/">
|
||||
Options FollowSymLinks MultiViews ExecCGI
|
||||
AllowOverride All
|
||||
Require all granted
|
||||
</Directory>
|
||||
|
||||
# Wire up Apache to use Travis CI's php-fpm.
|
||||
<IfModule mod_fastcgi.c>
|
||||
AddHandler php5-fcgi .php
|
||||
Action php5-fcgi /php5-fcgi
|
||||
Alias /php5-fcgi /usr/lib/cgi-bin/php5-fcgi
|
||||
FastCgiExternalServer /usr/lib/cgi-bin/php5-fcgi -host 127.0.0.1:9000 -pass-header Authorization
|
||||
|
||||
<Directory /usr/lib/cgi-bin>
|
||||
Require all granted
|
||||
</Directory>
|
||||
</IfModule>
|
||||
|
||||
</VirtualHost>
|
@ -253,6 +253,7 @@ class setup
|
||||
case PHP_SESSION_DISABLED:
|
||||
throw new \ErrorException('EGroupware requires PHP session extension!');
|
||||
case PHP_SESSION_NONE:
|
||||
if (headers_sent()) return false;
|
||||
ini_set('session.use_cookie', true);
|
||||
session_name(self::SESSIONID);
|
||||
session_set_cookie_params(0, '/', self::cookiedomain(),
|
||||
|
@ -25,9 +25,9 @@ $GLOBALS['egw_info'] = array(
|
||||
'currentapp' => 'setup',
|
||||
'noapi' => True
|
||||
));
|
||||
if(file_exists('../header.inc.php'))
|
||||
if(file_exists(__DIR__.'/../../header.inc.php'))
|
||||
{
|
||||
include('../header.inc.php');
|
||||
include_once(__DIR__.'/../../header.inc.php');
|
||||
}
|
||||
// for an old header we need to setup a reference for the domains
|
||||
if (!is_array($GLOBALS['egw_domain'])) $GLOBALS['egw_domain'] =& $GLOBALS['phpgw_domain'];
|
||||
@ -56,14 +56,17 @@ require_once(EGW_INCLUDE_ROOT . '/api/src/loader/common.php');
|
||||
* function to handle multilanguage support
|
||||
*
|
||||
*/
|
||||
function lang($key,$vars=null)
|
||||
if (!function_exists('lang'))
|
||||
{
|
||||
if(!is_array($vars))
|
||||
function lang($key, $vars = null)
|
||||
{
|
||||
$vars = func_get_args();
|
||||
array_shift($vars); // remove $key
|
||||
if (!is_array($vars))
|
||||
{
|
||||
$vars = func_get_args();
|
||||
array_shift($vars); // remove $key
|
||||
}
|
||||
return $GLOBALS['egw_setup']->translation->translate("$key", $vars);
|
||||
}
|
||||
return $GLOBALS['egw_setup']->translation->translate("$key", $vars);
|
||||
}
|
||||
|
||||
if(file_exists(EGW_SERVER_ROOT.'/api/setup/setup.inc.php'))
|
||||
|
Loading…
Reference in New Issue
Block a user