extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-03-05 02:32:05 +01:00
Code Issues Packages Projects Releases Wiki Activity

* CalDAV/CardDAV: only show own user and memberships on automatic index page (or PROPFIND) for privacy and security reasons

Browse Source
This commit is contained in:
ralf 2025-02-18 13:20:06 +01:00
parent 66a4baf75f
commit a7f5d333d0
2 changed files with 9 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
api/src/CalDAV.php
View File

@ -447,8 +447,11 @@ class CalDAV extends HTTP_WebDAV_Server
$files['files'][] = $this->add_collection('/principals/', array( $files['files'][] = $this->add_collection('/principals/', array(
'displayname' => lang('Accounts'), 'displayname' => lang('Accounts'),
)); ));
// users home
$this->add_home($files, $path.$GLOBALS['egw_info']['user']['account_lid'].'/', $GLOBALS['egw_info']['user']['account_id'], $options['depth'] == 'infinity' ? 'infinity' : $options['depth']-1);
// home of memberships
foreach($this->accounts->search([ foreach($this->accounts->search([
'type' => 'both', 'type' => 'owngroups',
'order' =>'account_lid', 'order' =>'account_lid',
'start' => $_GET['start'] ?? 0, 'start' => $_GET['start'] ?? 0,
'offset' => $nresults, 'offset' => $nresults,

21
api/src/CalDAV/Principals.php
View File

@ -790,23 +790,12 @@ class Principals extends Handler
if ($options['depth']) if ($options['depth'])
{ {
if ($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' && // only display own user by default
!isset($GLOBALS['egw_info']['user']['apps']['admin']))
{
if (($account = $this->accounts->read($GLOBALS['egw_info']['user']['account_id']))) if (($account = $this->accounts->read($GLOBALS['egw_info']['user']['account_id'])))
{ {
$files[] = $this->add_account($account); $files[] = $this->add_account($account);
} }
} }
else
{
// add all users (account_selection == groupmembers is handled by accounts->search())
foreach($this->accounts->search(array('type' => 'accounts','order' => 'account_lid')) as $account)
{
$files[] = $this->add_account($account);
}
}
}
} }
else else
{ {
@ -862,12 +851,8 @@ class Principals extends Handler
if ($options['depth']) if ($options['depth'])
{ {
// only show own groups, if account-selection is groupmembers or none // only show own groups
$type = in_array($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'], array('groupmembers','none')) ? foreach($this->accounts->search(array('type' => 'owngroups','order' => 'account_lid')) as $account)
'owngroups' : 'groups';
// add all groups or only membergroups
foreach($this->accounts->search(array('type' => $type,'order' => 'account_lid')) as $account)
{ {
$files[] = $this->add_group($account); $files[] = $this->add_group($account);
} }