From a6e63939436c9e29d6ac2291bb970c3bb08a6bb3 Mon Sep 17 00:00:00 2001
From: Ralf Becker <RalfBecker@outdoor-training.de>
Date: Tue, 7 Apr 2020 16:16:31 +0200
Subject: [PATCH] disable avatar sharing link, as it currently destroys
 sessions for already logged in users, plus some more fixes for VC

---
 api/src/Contacts/Photo.php                   | 17 ++++++++++++++++-
 calendar/inc/class.calendar_boupdate.inc.php | 11 +++++++----
 calendar/inc/class.calendar_uiforms.inc.php  |  4 ++--
 3 files changed, 25 insertions(+), 7 deletions(-)

diff --git a/api/src/Contacts/Photo.php b/api/src/Contacts/Photo.php
index dc185798dc..d6eac61e26 100644
--- a/api/src/Contacts/Photo.php
+++ b/api/src/Contacts/Photo.php
@@ -35,12 +35,19 @@ class Photo
 	 */
 	protected $path;
 
+	/**
+	 * @var bool
+	 */
+	protected $no_sharing_link=false;
+
 	/**
 	 * Contructor
 	 *
 	 * @param int|string|array $id_data contact-id, "account:$account_id", array with contact-data or email for gravatar-url
+	 * @param boolean $no_sharing_link =false true: do NOT generate sharing link, as we currently destroy the EGroupware
+	 * session, if the link is from an other EGroupware user
 	 */
-	function __construct($id_data)
+	function __construct($id_data, $no_sharing_link=false)
 	{
 		if (is_array($id_data))
 		{
@@ -56,6 +63,7 @@ class Photo
 				//throw Api\Exception\NotFound("Contact '$id_data' not found!");
 			}
 		}
+		$this->no_sharing_link = $no_sharing_link;
 	}
 
 	/**
@@ -127,6 +135,13 @@ class Photo
 		{
 			return $this->anonLavatar();
 		}
+		// do we want a sharing link or not
+		if ($this->no_sharing_link)
+		{
+			return Api\Framework::getUrl(Api\Egw::link('/api/avatar.php', [
+				'contact_id' => $this->contact['id'],
+			]));
+		}
 		// if we got photo, we have to create a temp. file to share
 		if ($path[0] !== '/')
 		{
diff --git a/calendar/inc/class.calendar_boupdate.inc.php b/calendar/inc/class.calendar_boupdate.inc.php
index c5cd27583e..24e8519553 100644
--- a/calendar/inc/class.calendar_boupdate.inc.php
+++ b/calendar/inc/class.calendar_boupdate.inc.php
@@ -815,9 +815,10 @@ class calendar_boupdate extends calendar_bo
 	 * @param array $old_event Event before the change
 	 * @param array $new_event =null Event after the change
 	 * @param int|string $user =0 User/participant who started the notify, default current user
+	 * @param array $alarm =null values for "offset", "start", etc.
 	 * @return bool true/false
 	 */
-	function send_update($msg_type,$to_notify,$old_event,$new_event=null,$user=0)
+	function send_update($msg_type, $to_notify, $old_event, $new_event=null, $user=0, array $alarm=null)
 	{
 		//error_log(__METHOD__."($msg_type,".array2string($to_notify).",...) ".array2string($new_event));
 		if (!is_array($to_notify))
@@ -1052,7 +1053,9 @@ class calendar_boupdate extends calendar_bo
 				if (!empty($event['##videoconference']) && class_exists('EGroupware\\Status\\Videoconference\\Call'))
 				{
 					$avatar = new Api\Contacts\Photo(is_numeric($userid) ? "account:$userid" :
-						(isset($res_info) && $res_info['type'] === 'c' ? $res_info['res_id'] : $userid));
+						(isset($res_info) && $res_info['type'] === 'c' ? $res_info['res_id'] : $userid),
+						// disable sharing links currently, as sharing links from a different EGroupware user destroy the session
+						true);
 
 					$details['videoconference'] = EGroupware\Status\Videoconference\Call::genMeetingUrl($event['##videoconference'], [
 						'name' => $fullname,
@@ -1154,7 +1157,7 @@ class calendar_boupdate extends calendar_bo
 								'id' => $event['id'],
 								'app' => 'calendar',
 								'videoconference' => $details['videoconference'],
-							));
+							) + ($alarm ? ['alarm-offset' => (int)$alarm['offset']] : []));
 						}
 						if ($m_type === MSG_ALARM) $notification->set_popupdata('calendar', array('egw_pr_notify' => 1, 'type' => $m_type));
 						$notification->set_popupmessage($subject."\n\n".$notify_body."\n\n".$details['description']."\n\n".$details_body."\n\n");
@@ -1243,7 +1246,7 @@ class calendar_boupdate extends calendar_bo
 		Api\Translation::add_app('calendar');
 		$GLOBALS['egw_info']['flags']['currentapp'] = 'calendar';
 
-		$ret = $this->send_update(MSG_ALARM,$to_notify,$event,False,$alarm['owner']);
+		$ret = $this->send_update(MSG_ALARM, $to_notify, $event, False, $alarm['owner'], $alarm);
 
 		// create a new alarm for recuring events for the next event, if one exists
 		if ($event['recur_type'] != MCAL_RECUR_NONE && ($event = $this->read($alarm['cal_id'],$event_time_user+1)))
diff --git a/calendar/inc/class.calendar_uiforms.inc.php b/calendar/inc/class.calendar_uiforms.inc.php
index df491ad92f..287b3eaece 100644
--- a/calendar/inc/class.calendar_uiforms.inc.php
+++ b/calendar/inc/class.calendar_uiforms.inc.php
@@ -251,7 +251,7 @@ class calendar_uiforms extends calendar_ui
 		// add automatic alarm 5min before videoconference for all participants
 		if (!empty($_GET['videoconference']))
 		{
-			$offset = -5 * 60;
+			$offset = 5 * 60;
 			$alarms[1+count($alarms)] =  array(
 				'offset' => $offset,
 				'time'   => $start - $offset,
@@ -274,7 +274,7 @@ class calendar_uiforms extends calendar_ui
 			'recur_exception' => array(),
 			'title' => $title ? $title : '',
 			'category' => $cat_id,
-			'##videoconference' => !empty($_GET['videoconference']),
+			'videoconference' => !empty($_GET['videoconference']),
 			'##notify_externals' => !empty($_GET['videoconference']) ? 'yes' : $this->cal_prefs['notify_externals'],
 		);
 	}