!fixup don't add ACL for each individual proxy, just use calendar-proxy groups

Signed-off-by: Georg Ehrke <[email protected]>

Author: georgehrke

apps/dav/lib/CalDAV/Calendar.php

@@ -47,9 +47,14 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 	/** @var IConfig */
 	private $config;
 
-	/** @var ProxyMapper */
-	private $proxyMapper;
-
+	/**
+	 * Calendar constructor.
+	 *
+	 * @param BackendInterface $caldavBackend
+	 * @param $calendarInfo
+	 * @param IL10N $l10n
+	 * @param IConfig $config
+	 */
 	public function __construct(BackendInterface $caldavBackend, $calendarInfo, IL10N $l10n, IConfig $config) {
 		parent::__construct($caldavBackend, $calendarInfo);
 
@@ -62,9 +67,6 @@ public function __construct(BackendInterface $caldavBackend, $calendarInfo, IL10
 		}
 
 		$this->config = $config;
-
-		// TODO: proper DI
-		$this->proxyMapper = \OC::$server->query(ProxyMapper::class);
 	}
 
 	/**
@@ -126,29 +128,54 @@ public function getPrincipalURI() {
 		return $this->calendarInfo['principaluri'];
 	}
 
+	/**
+	 * @return array
+	 */
 	public function getACL() {
 		$acl =  [
 			[
 				'privilege' => '{DAV:}read',
 				'principal' => $this->getOwner(),
 				'protected' => true,
-			]];
+			],
+			[
+				'privilege' => '{DAV:}read',
+				'principal' => $this->getOwner() . '/calendar-proxy-write',
+				'protected' => true,
+			],
+			[
+				'privilege' => '{DAV:}read',
+				'principal' => $this->getOwner() . '/calendar-proxy-read',
+				'protected' => true,
+			],
+		];
+
 		if ($this->getName() !== BirthdayService::BIRTHDAY_CALENDAR_URI) {
 			$acl[] = [
 				'privilege' => '{DAV:}write',
 				'principal' => $this->getOwner(),
 				'protected' => true,
 			];
+			$acl[] = [
+				'privilege' => '{DAV:}write',
+				'principal' => $this->getOwner() . '/calendar-proxy-write',
+				'protected' => true,
+			];
 		} else {
 			$acl[] = [
 				'privilege' => '{DAV:}write-properties',
 				'principal' => $this->getOwner(),
 				'protected' => true,
 			];
+			$acl[] = [
+				'privilege' => '{DAV:}write-properties',
+				'principal' => $this->getOwner() . '/calendar-proxy-read',
+				'protected' => true,
+			];
 		}
 
 		if (!$this->isShared()) {
-			return $this->addProxies($acl);
+			return $acl;
 		}
 
 		if ($this->getOwner() !== parent::getOwner()) {
@@ -181,37 +208,9 @@ public function getACL() {
 
 		$acl = $this->caldavBackend->applyShareAcl($this->getResourceId(), $acl);
 		$allowedPrincipals = [$this->getOwner(), parent::getOwner(), 'principals/system/public'];
-		$acl = array_filter($acl, function($rule) use ($allowedPrincipals) {
+		return array_filter($acl, function($rule) use ($allowedPrincipals) {
 			return \in_array($rule['principal'], $allowedPrincipals, true);
 		});
-
-		$acl = $this->addProxies($acl);
-
-		return $acl;
-	}
-
-	public function addProxies(array $acl): array {
-		list($prefix, $name) = \Sabre\Uri\split($this->getOwner());
-		$proxies = $this->proxyMapper->getProxiesOf($name);
-
-		foreach ($proxies as $proxy) {
-			if ($proxy->getPermissions() & ProxyMapper::PERMISSION_READ) {
-				$acl[] =  [
-					'privilege' => '{DAV:}read',
-					'principal' => 'principals/users/' . $proxy->getProxyId(),
-					'protected' => true,
-				];
-			}
-			if ($proxy->getPermissions() & ProxyMapper::PERMISSION_WRITE) {
-				$acl[] =  [
-					'privilege' => '{DAV:}write',
-					'principal' => 'principals/users/' . $proxy->getProxyId(),
-					'protected' => true,
-				];
-			}
-		}
-
-		return $acl;
 	}
 
 	public function getChildACL() {