Make LDAP directory synchronization for offline use work but restrict to read-only access

author: Thomas Bruederli <bruederli@kolabsys.com> 2014-03-12 11:57:32 (GMT)
committer: Thomas Bruederli <bruederli@kolabsys.com> 2014-03-13 09:18:50 (GMT)
commit: c895ade019a4beacc189257f46325b1a76e323c3 (patch)
tree: 26c8da643c15c28346898cf42d410e51ee8917d3
parent: 3fe616421a8d7340b4dd29ce56dafec4733d4d3c (diff)
download: iRony-c895ade019a4beacc189257f46325b1a76e323c3.tar.gz
4 files changed, 86 insertions, 11 deletions
diff --git a/lib/Kolab/CardDAV/LDAPCard.php b/lib/Kolab/CardDAV/LDAPCard.php
new file mode 100644
index 0000000..c563e37
--- /dev/null
+++ b/lib/Kolab/CardDAV/LDAPCard.php
@@ -0,0 +1,72 @@
+<?php
+
+/**
+ * Class that represents a single vCard node from an LDAP directory
+ * with limited permissions (read-only).
+ *
+ * @author Thomas Bruederli <bruederli@kolabsys.com>
+ *
+ * Copyright (C) 2014, Kolab Systems AG <contact@kolabsys.com>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+namespace Kolab\CardDAV;
+
+use Sabr\DAV;
+
+/**
+ * Represents a single vCard from an LDAP directory
+ */
+class LDAPCard extends \Sabre\CardDAV\Card
+{
+    /**
+     * Updates the VCard-formatted object
+     *
+     * @param string $cardData
+     * @return string|null
+     */
+    public function put($cardData)
+    {
+        throw new DAV\Exception\MethodNotAllowed('Modifying directory entries is not allowed');
+    }
+
+    /**
+     * Deletes the card
+     *
+     * @return void
+     */
+    public function delete()
+    {
+        throw new DAV\Exception\MethodNotAllowed('Deleting directory entries is not allowed');
+    }
+
+    /**
+     * Returns a list of ACE's for directory entries.
+     *
+     * @return array
+     */
+    public function getACL() {
+
+        return array(
+            array(
+                'privilege' => '{DAV:}read',
+                'principal' => $this->addressBookInfo['principaluri'],
+                'protected' => true,
+            ),
+        );
+
+    }
+}
+
diff --git a/lib/Kolab/CardDAV/LDAPDirectory.php b/lib/Kolab/CardDAV/LDAPDirectory.php
index 622ce29..70fae38 100644
--- a/lib/Kolab/CardDAV/LDAPDirectory.php
+++ b/lib/Kolab/CardDAV/LDAPDirectory.php
@@ -32,7 +32,6 @@ use \rcube_ldap;
 use \rcube_ldap_generic;
 use Sabre\DAV;
 use Sabre\DAVACL;
-use Sabre\CardDAV\Card;
 use Sabre\CardDAV\Property;
 
 /**
@@ -123,17 +122,17 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory,
         if ($ldap = $this->connect()) {
             // used cached uid mapping
             if ($ID = $this->uid2id[$uid]) {
-                $record = $ldap->get_record($ID, true);
+                $contact = $ldap->get_record($ID, true);
             }
             else {  // query for uid
                 $result = $ldap->search('uid', $uid, 1, true, true);
                 if ($result->count) {
-                    $record = $result[0];
+                    $contact = $result[0];
                 }
             }
 
-            if ($record) {
-                $this->_normalize_contact($record);
+            if ($contact) {
+                $this->_normalize_contact($contact);
                 $obj = array(
                     'id' => $contact['uid'],
                     'uri' => $contact['uid'] . '.vcf',
@@ -142,7 +141,7 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory,
                     'etag' => self::_get_etag($contact),
                 );
 
-                return new Card($this->carddavBackend, $this->addressBookInfo, $obj);
+                return new LDAPCard($this->carddavBackend, $this->addressBookInfo, $obj);
             }
         }
 
@@ -192,7 +191,7 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory,
                 // TODO: cache result
                 $this->uid2id[$contact['uid']] = $contact['ID'];
 
-                $children[] = new Card($this->carddavBackend, $this->addressBookInfo, $obj);
+                $children[] = new LDAPCard($this->carddavBackend, $this->addressBookInfo, $obj);
             }
         }
 
@@ -446,7 +445,11 @@ class LDAPDirectory extends DAV\Collection implements \Sabre\CardDAV\IDirectory,
     private function map_property2ldap($propname)
     {
         $attribs = array();
-        $ldap = $this->connect();
+
+        // LDAP backend not available, abort
+        if (!($ldap = $this->connect())) {
+            return $attribs;
+        }
 
         $vcard_fieldmap = array(
             'FN'    => array('name'),
diff --git a/lib/Kolab/CardDAV/Plugin.php b/lib/Kolab/CardDAV/Plugin.php
index 1456e78..adf8151 100644
--- a/lib/Kolab/CardDAV/Plugin.php
+++ b/lib/Kolab/CardDAV/Plugin.php
@@ -67,7 +67,7 @@ class Plugin extends CardDAV\Plugin
     public function beforeGetProperties($path, DAV\INode $node, array &$requestedProperties, array &$returnedProperties)
     {
         // publish global ldap address book for this principal
-        if ($node instanceof DAVACL\IPrincipal && empty($this->directories) && \rcube::get_instance()->config->get('global_ldap_directory')) {
+        if ($node instanceof DAVACL\IPrincipal && empty($this->directories) && \rcube::get_instance()->config->get('kolabdav_ldap_directory')) {
             $this->directories[] = self::ADDRESSBOOK_ROOT . '/' . $node->getName() . '/' . LDAPDirectory::DIRECTORY_NAME;
         }
 
diff --git a/lib/Kolab/CardDAV/UserAddressBooks.php b/lib/Kolab/CardDAV/UserAddressBooks.php
index db71bbe..4d9063a 100644
--- a/lib/Kolab/CardDAV/UserAddressBooks.php
+++ b/lib/Kolab/CardDAV/UserAddressBooks.php
@@ -50,7 +50,7 @@ class UserAddressBooks extends \Sabre\CardDAV\UserAddressBooks implements DAV\IE
             $objs[] = new AddressBook($this->carddavBackend, $addressbook);
         }
 
-        if (rcube::get_instance()->config->get('global_ldap_directory')) {
+        if (rcube::get_instance()->config->get('kolabdav_ldap_directory')) {
             $objs[] = $this->getLDAPDirectory();
         }
 
@@ -84,7 +84,7 @@ class UserAddressBooks extends \Sabre\CardDAV\UserAddressBooks implements DAV\IE
     {
         if (!$this->ldap_directory) {
             $rcube = rcube::get_instance();
-            $config = $rcube->config->get('global_ldap_directory');
+            $config = $rcube->config->get('kolabdav_ldap_directory');
             $config['debug'] = $rcube->config->get('ldap_debug');
             $this->ldap_directory = new LDAPDirectory($config, $this->principalUri, $this->carddavBackend);
         }
author	Thomas Bruederli <bruederli@kolabsys.com>	2014-03-12 11:57:32 (GMT)
committer	Thomas Bruederli <bruederli@kolabsys.com>	2014-03-13 09:18:50 (GMT)
commit	c895ade019a4beacc189257f46325b1a76e323c3 (patch)
tree	26c8da643c15c28346898cf42d410e51ee8917d3
parent	3fe616421a8d7340b4dd29ce56dafec4733d4d3c (diff)
download	iRony-c895ade019a4beacc189257f46325b1a76e323c3.tar.gz