extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-03-04 10:11:26 +01:00
Code Issues Packages Projects Releases Wiki Activity

* CalDAV/CardDAV: only show own user and memberships on automatic index page (or PROPFIND) for privacy and security reasons

Browse Source
This commit is contained in:
ralf 2025-02-18 13:20:06 +01:00
parent 66a4baf75f
commit a7f5d333d0
2 changed files with 9 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/src/CalDAV.php
View File

@ -447,8 +447,11 @@ class CalDAV extends HTTP_WebDAV_Server
$files['files'][] = $this->add_collection('/principals/', array(
'displayname' => lang('Accounts'),
));
// users home
$this->add_home($files, $path.$GLOBALS['egw_info']['user']['account_lid'].'/', $GLOBALS['egw_info']['user']['account_id'], $options['depth'] == 'infinity' ? 'infinity' : $options['depth']-1);
// home of memberships
foreach($this->accounts->search([
'type' => 'both',
'type' => 'owngroups',
'order' =>'account_lid',
'start' => $_GET['start'] ?? 0,
'offset' => $nresults,

25
api/src/CalDAV/Principals.php
View File

@ -790,21 +790,10 @@ class Principals extends Handler
if ($options['depth'])
{
if ($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
!isset($GLOBALS['egw_info']['user']['apps']['admin']))
// only display own user by default
if (($account = $this->accounts->read($GLOBALS['egw_info']['user']['account_id'])))
{
if (($account = $this->accounts->read($GLOBALS['egw_info']['user']['account_id'])))
{
$files[] = $this->add_account($account);
}
}
else
{
// add all users (account_selection == groupmembers is handled by accounts->search())
foreach($this->accounts->search(array('type' => 'accounts','order' => 'account_lid')) as $account)
{
$files[] = $this->add_account($account);
}
$files[] = $this->add_account($account);
}
}
}
@ -862,12 +851,8 @@ class Principals extends Handler
if ($options['depth'])
{
// only show own groups, if account-selection is groupmembers or none
$type = in_array($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'], array('groupmembers','none')) ?
'owngroups' : 'groups';
// add all groups or only membergroups
foreach($this->accounts->search(array('type' => $type,'order' => 'account_lid')) as $account)
// only show own groups
foreach($this->accounts->search(array('type' => 'owngroups','order' => 'account_lid')) as $account)
{
$files[] = $this->add_group($account);
}