diff --git a/apps/dav/lib/CardDAV/ContactsManager.php b/apps/dav/lib/CardDAV/ContactsManager.php index bed1e676337dd..8b65b77fa1857 100644 --- a/apps/dav/lib/CardDAV/ContactsManager.php +++ b/apps/dav/lib/CardDAV/ContactsManager.php @@ -26,6 +26,7 @@ namespace OCA\DAV\CardDAV; use OCP\Contacts\IManager; +use OCP\IConfig; use OCP\IL10N; use OCP\IURLGenerator; @@ -36,15 +37,19 @@ class ContactsManager { /** @var IL10N */ private $l10n; + /** @var IConfig */ + private $config; + /** * ContactsManager constructor. * * @param CardDavBackend $backend * @param IL10N $l10n */ - public function __construct(CardDavBackend $backend, IL10N $l10n) { + public function __construct(CardDavBackend $backend, IL10N $l10n, IConfig $config) { $this->backend = $backend; $this->l10n = $l10n; + $this->config = $config; } /** @@ -63,6 +68,11 @@ public function setupContactsProvider(IManager $cm, $userId, IURLGenerator $urlG * @param IURLGenerator $urlGenerator */ public function setupSystemContactsProvider(IManager $cm, IURLGenerator $urlGenerator) { + $systemAddressBookExposed = $this->config->getAppValue('dav', 'system_addressbook_exposed', 'yes') === 'yes'; + if (!$systemAddressBookExposed) { + return; + } + $addressBooks = $this->backend->getAddressBooksForUser("principals/system/system"); $this->register($cm, $addressBooks, $urlGenerator); } diff --git a/apps/dav/tests/unit/CardDAV/ContactsManagerTest.php b/apps/dav/tests/unit/CardDAV/ContactsManagerTest.php index 32a0946d2b908..809956e7f8609 100644 --- a/apps/dav/tests/unit/CardDAV/ContactsManagerTest.php +++ b/apps/dav/tests/unit/CardDAV/ContactsManagerTest.php @@ -28,6 +28,7 @@ use OCA\DAV\CardDAV\CardDavBackend; use OCA\DAV\CardDAV\ContactsManager; use OCP\Contacts\IManager; +use OCP\IConfig; use OCP\IL10N; use OCP\IURLGenerator; use Test\TestCase; @@ -36,16 +37,20 @@ class ContactsManagerTest extends TestCase { public function test(): void { /** @var IManager | \PHPUnit\Framework\MockObject\MockObject $cm */ $cm = $this->getMockBuilder(IManager::class)->disableOriginalConstructor()->getMock(); - $cm->expects($this->exactly(2))->method('registerAddressBook'); + $cm->expects($this->exactly(1))->method('registerAddressBook'); + /** @var IURLGenerator&MockObject $urlGenerator */ $urlGenerator = $this->getMockBuilder(IURLGenerator::class)->disableOriginalConstructor()->getMock(); /** @var CardDavBackend | \PHPUnit\Framework\MockObject\MockObject $backEnd */ $backEnd = $this->getMockBuilder(CardDavBackend::class)->disableOriginalConstructor()->getMock(); $backEnd->method('getAddressBooksForUser')->willReturn([ ['{DAV:}displayname' => 'Test address book', 'uri' => 'default'], ]); + /** @var IConfig&MockObject $config */ + $config = $this->createMock(IConfig::class); + /** @var IL10N&MockObject $l */ $l = $this->createMock(IL10N::class); - $app = new ContactsManager($backEnd, $l); + $app = new ContactsManager($backEnd, $l, $config); $app->setupContactsProvider($cm, 'user01', $urlGenerator); } } diff --git a/build/integration/features/contacts-menu.feature b/build/integration/features/contacts-menu.feature index d058644867c7b..a88444fa5a774 100644 --- a/build/integration/features/contacts-menu.feature +++ b/build/integration/features/contacts-menu.feature @@ -192,3 +192,23 @@ Feature: contacts-menu And searching for contacts matching with "test" # Disabled because it regularly fails on drone: # Then the list of searched contacts has "0" contacts + + Scenario: users cannot list other users from the system address book + Given user "user1" exists + And As an "admin" + And Deleting the user "user0" + And user "user0" exists + And invoking occ with "config:app:set dav system_addressbook_exposed --value false" + And Logging in using web as "user1" + And searching for contacts matching with "test" + Then the list of searched contacts has "0" contacts + And invoking occ with "config:app:delete dav system_addressbook_exposed" + + Scenario: users can list other users from the system address book + Given user "user1" exists + And As an "admin" + And Deleting the user "user0" + And user "user0" exists + And Logging in using web as "user1" + And searching for contacts matching with "" + Then the list of searched contacts has "1" contacts