Some preparations for supporting principal memberships

2025-12-14 14:02:29 +00:00 · 2025-02-02 11:34:10 +01:00
parent 93d16f02d9
commit 031d94c9d1
18 changed files with 54 additions and 27 deletions
--- a/crates/carddav/src/address_object/methods.rs
+++ b/crates/carddav/src/address_object/methods.rs
@@ -26,8 +26,8 @@ pub async fn get_object<AS: AddressbookStore>(
        object_id,
    } = path.into_inner();

-    if user.id != principal {
-        return Ok(HttpResponse::Unauthorized().body(""));
+    if !user.is_principal(&principal) {
+        return Err(Error::Unauthorized);
    }

    let addressbook = store.get_addressbook(&principal, &addressbook_id).await?;
@@ -64,8 +64,8 @@ pub async fn put_object<AS: AddressbookStore>(
        object_id,
    } = path.into_inner();

-    if user.id != principal {
-        return Ok(HttpResponse::Unauthorized().body(""));
+    if !user.is_principal(&principal) {
+        return Err(Error::Unauthorized);
    }

    // TODO: implement If-Match
@@ -79,5 +79,5 @@ pub async fn put_object<AS: AddressbookStore>(
        .put_object(principal, addressbook_id, object, overwrite)
        .await?;

-    Ok(HttpResponse::Created().body(""))
+    Ok(HttpResponse::Created().finish())
 }
--- a/crates/carddav/src/address_object/resource.rs
+++ b/crates/carddav/src/address_object/resource.rs
@@ -87,7 +87,9 @@ impl Resource for AddressObjectResource {
    }

    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
-        Ok(UserPrivilegeSet::owner_only(self.principal == user.id))
+        Ok(UserPrivilegeSet::owner_only(
+            user.is_principal(&self.principal),
+        ))
    }
 }

--- a/crates/carddav/src/addressbook/methods/mkcol.rs
+++ b/crates/carddav/src/addressbook/methods/mkcol.rs
@@ -48,7 +48,7 @@ pub async fn route_mkcol<AS: AddressbookStore>(
    root_span: RootSpan,
 ) -> Result<HttpResponse, Error> {
    let (principal, addressbook_id) = path.into_inner();
-    if principal != user.id {
+    if !user.is_principal(&principal) {
        return Err(Error::Unauthorized);
    }

--- a/crates/carddav/src/addressbook/methods/post.rs
+++ b/crates/carddav/src/addressbook/methods/post.rs
@@ -20,7 +20,7 @@ pub async fn route_post<A: AddressbookStore, S: SubscriptionStore>(
    req: HttpRequest,
 ) -> Result<HttpResponse, Error> {
    let (principal, addressbook_id) = path.into_inner();
-    if principal != user.id {
+    if !user.is_principal(&principal) {
        return Err(Error::Unauthorized);
    }

--- a/crates/carddav/src/addressbook/methods/report/mod.rs
+++ b/crates/carddav/src/addressbook/methods/report/mod.rs
@@ -30,7 +30,7 @@ pub async fn route_report_addressbook<AS: AddressbookStore>(
    addr_store: Data<AS>,
 ) -> Result<impl Responder, Error> {
    let (principal, addressbook_id) = path.into_inner();
-    if principal != user.id {
+    if !user.is_principal(&principal) {
        return Err(Error::Unauthorized);
    }

--- a/crates/carddav/src/addressbook/resource.rs
+++ b/crates/carddav/src/addressbook/resource.rs
@@ -185,7 +185,9 @@ impl Resource for AddressbookResource {
    }

    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
-        Ok(UserPrivilegeSet::owner_only(self.0.principal == user.id))
+        Ok(UserPrivilegeSet::owner_only(
+            user.is_principal(&self.0.principal),
+        ))
    }
 }

--- a/crates/carddav/src/principal/mod.rs
+++ b/crates/carddav/src/principal/mod.rs
@@ -108,7 +108,9 @@ impl Resource for PrincipalResource {
    }

    fn get_user_privileges(&self, user: &User) -> Result<UserPrivilegeSet, Self::Error> {
-        Ok(UserPrivilegeSet::owner_only(self.principal == user.id))
+        Ok(UserPrivilegeSet::owner_only(
+            user.is_principal(&self.principal),
+        ))
    }
 }