From efaf9771d0503f6f574d3e931fcb04499c054d2d Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Thu, 23 Jul 2020 19:05:49 +0200 Subject: [PATCH] do NOT push participants of type email for privacy reasons --- api/src/Link.php | 3 ++- calendar/inc/class.calendar_hooks.inc.php | 22 +++++++++++++++++++++- 2 files changed, 23 insertions(+), 2 deletions(-) diff --git a/api/src/Link.php b/api/src/Link.php index e1c50fdd9c..87e84ee3bf 100644 --- a/api/src/Link.php +++ b/api/src/Link.php @@ -92,7 +92,8 @@ namespace EGroupware\Api; * 'fetch' => 'app.class.method', // method to return entry data for a given id. the method called should support id, and expected mime-type * // basically you should return something like array(id, title, mimetype, body, linked-files) * - * 'push_data' => "key" | ["key1", ...] // keys of ACL relevant and privacy save data needed for push of changes to client + * 'push_data' => | "key" | ["key1", ...] // keys of ACL relevant and privacy save data needed for push of changes to client + * // or callable to do the cleaning eg. used in calendar * * 'additional' => array( // allow one app to register sub-types, * 'app-sub' => array( // different from 'types' approach above diff --git a/calendar/inc/class.calendar_hooks.inc.php b/calendar/inc/class.calendar_hooks.inc.php index 7cb912c2ec..3681b3786c 100644 --- a/calendar/inc/class.calendar_hooks.inc.php +++ b/calendar/inc/class.calendar_hooks.inc.php @@ -68,10 +68,30 @@ class calendar_hooks 'merge' => true, 'entry' => 'Event', 'entries' => 'Events', - 'push_data' => ['id','owner','participants','start','end'] + 'push_data' => self::class.'::prepareEventPush', ); } + + /** + * Prepare event to be pushed via Link::notify_update() + * + * Remove privacy sensitive data: + * - participants of type email + * + * @param $event + * @return array + */ + static public function prepareEventPush($event) + { + $event = array_intersect_key($event, array_flip(['id','owner','participants','start','end'])); + foreach($event['participants'] as $uid => $status) + { + if ($uid[0] === 'e') unset($event['participants'][$uid]); + } + return $event; + } + /** * Hook called to retrieve a app specific exportLimit *