nikdoof/rustical
1
1
Fork 0
mirror of https://github.com/lennart-k/rustical.git synced 2025-12-14 10:32:19 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix data model to fix event collisions with multiple principals

Browse Source
This commit is contained in:
Lennart
2024-06-21 21:16:31 +02:00
parent aed6bcff63
commit 06d1095c66
11 changed files with 245 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
crates/caldav/src/calendar/methods/delete.rs
View File

@@ -29,7 +29,7 @@ pub async fn route_delete_calendar<A: CheckAuthentication, C: CalendarStore + ?S
.store
.write()
.await
.delete_calendar(&cid, !no_trash)
.delete_calendar(&principal, &cid, !no_trash)
.await?;
Ok(HttpResponse::Ok().body(""))

20
crates/caldav/src/calendar/methods/mkcalendar.rs
View File

@@ -69,16 +69,22 @@ pub async fn route_mkcol_calendar<A: CheckAuthentication, C: CalendarStore + ?Si
let calendar = Calendar {
id: cid.to_owned(),
owner: principal,
principal: principal.to_owned(),
order: request.order.unwrap_or(0),
name: request.displayname,
displayname: request.displayname,
timezone: request.calendar_timezone,
color: request.calendar_color,
description: request.calendar_description,
deleted_at: None,
};
match context.store.read().await.get_calendar(&cid).await {
match context
.store
.read()
.await
.get_calendar(&principal, &cid)
.await
{
Err(rustical_store::Error::NotFound) => {
// No conflict, no worries
}
@@ -92,13 +98,7 @@ pub async fn route_mkcol_calendar<A: CheckAuthentication, C: CalendarStore + ?Si
}
}
match context
.store
.write()
.await
.insert_calendar(cid, calendar)
.await
{
match context.store.write().await.insert_calendar(calendar).await {
// The spec says we should return a mkcalendar-response but I don't know what goes into it.
// However, it works without one but breaks on iPadOS when using an empty one :)
Ok(()) => Ok(HttpResponse::Created()

10
crates/caldav/src/calendar/methods/report.rs
View File

@@ -120,20 +120,22 @@ pub enum ReportRequest {
async fn get_events_calendar_query<C: CalendarStore + ?Sized>(
_cal_query: CalendarQueryRequest,
principal: &str,
cid: &str,
store: &RwLock<C>,
) -> Result<Vec<Event>, Error> {
// TODO: Implement filtering
Ok(store.read().await.get_events(cid).await?)
Ok(store.read().await.get_events(principal, cid).await?)
}
async fn get_events_calendar_multiget<C: CalendarStore + ?Sized>(
_cal_query: CalendarMultigetRequest,
principal: &str,
cid: &str,
store: &RwLock<C>,
) -> Result<Vec<Event>, Error> {
// TODO: proper implementation
Ok(store.read().await.get_events(cid).await?)
Ok(store.read().await.get_events(principal, cid).await?)
}
pub async fn route_report_calendar<A: CheckAuthentication, C: CalendarStore + ?Sized>(
@@ -152,10 +154,10 @@ pub async fn route_report_calendar<A: CheckAuthentication, C: CalendarStore + ?S
let request: ReportRequest = quick_xml::de::from_str(&body)?;
let events = match request.clone() {
ReportRequest::CalendarQuery(cal_query) => {
get_events_calendar_query(cal_query, &cid, &cal_store).await?
get_events_calendar_query(cal_query, &principal, &cid, &cal_store).await?
}
ReportRequest::CalendarMultiget(cal_multiget) => {
get_events_calendar_multiget(cal_multiget, &cid, &cal_store).await?
get_events_calendar_multiget(cal_multiget, &principal, &cid, &cal_store).await?
}
};

16
crates/caldav/src/calendar/resource.rs
View File

@@ -197,7 +197,7 @@ impl Resource for CalendarFile {
prefix, self.principal
)))),
CalendarPropName::Displayname => {
Ok(CalendarProp::Displayname(self.calendar.name.clone()))
Ok(CalendarProp::Displayname(self.calendar.displayname.clone()))
}
CalendarPropName::CalendarColor => {
Ok(CalendarProp::CalendarColor(self.calendar.color.clone()))
@@ -238,8 +238,8 @@ impl Resource for CalendarFile {
CalendarProp::Resourcetype(_) => Err(rustical_dav::Error::PropReadOnly),
CalendarProp::CurrentUserPrincipal(_) => Err(rustical_dav::Error::PropReadOnly),
CalendarProp::Owner(_) => Err(rustical_dav::Error::PropReadOnly),
CalendarProp::Displayname(name) => {
self.calendar.name = name;
CalendarProp::Displayname(displayname) => {
self.calendar.displayname = displayname;
Ok(())
}
CalendarProp::CalendarColor(color) => {
@@ -289,7 +289,7 @@ impl<C: CalendarStore + ?Sized> ResourceService for CalendarResource<C> {
.cal_store
.read()
.await
.get_calendar(&self.calendar_id)
.get_calendar(&self.principal, &self.calendar_id)
.await
.map_err(|_e| Error::NotFound)?;
Ok(CalendarFile {
@@ -308,7 +308,7 @@ impl<C: CalendarStore + ?Sized> ResourceService for CalendarResource<C> {
.cal_store
.read()
.await
.get_events(&self.calendar_id)
.get_events(&self.principal, &self.calendar_id)
.await?
.into_iter()
.map(|event| EventFile {
@@ -341,7 +341,11 @@ impl<C: CalendarStore + ?Sized> ResourceService for CalendarResource<C> {
self.cal_store
.write()
.await
.update_calendar(self.calendar_id.to_owned(), file.calendar)
.update_calendar(
self.principal.to_owned(),
self.calendar_id.to_owned(),
file.calendar,
)
.await?;
Ok(())
}

31
crates/caldav/src/event/methods.rs
View File

@@ -14,7 +14,7 @@ pub async fn delete_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
) -> Result<HttpResponse, Error> {
let _user = auth.inner.user_id;
// TODO: verify whether user is authorized
let (_principal, mut cid, uid) = path.into_inner();
let (principal, mut cid, uid) = path.into_inner();
if cid.ends_with(".ics") {
cid.truncate(cid.len() - 4);
}
@@ -28,7 +28,7 @@ pub async fn delete_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
.store
.write()
.await
.delete_event(&cid, &uid, !no_trash)
.delete_event(&principal, &cid, &uid, !no_trash)
.await?;
Ok(HttpResponse::Ok().body(""))
@@ -46,15 +46,25 @@ pub async fn get_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
return Ok(HttpResponse::Unauthorized().body(""));
}
let calendar = context.store.read().await.get_calendar(&cid).await?;
if auth.inner.user_id != calendar.owner {
let calendar = context
.store
.read()
.await
.get_calendar(&principal, &cid)
.await?;
if auth.inner.user_id != calendar.principal {
return Ok(HttpResponse::Unauthorized().body(""));
}
if uid.ends_with(".ics") {
uid.truncate(uid.len() - 4);
}
let event = context.store.read().await.get_event(&cid, &uid).await?;
let event = context
.store
.read()
.await
.get_event(&principal, &cid, &uid)
.await?;
Ok(HttpResponse::Ok()
.insert_header(("ETag", event.get_etag()))
@@ -73,8 +83,13 @@ pub async fn put_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
return Ok(HttpResponse::Unauthorized().body(""));
}
let calendar = context.store.read().await.get_calendar(&cid).await?;
if auth_info.user_id != calendar.owner {
let calendar = context
.store
.read()
.await
.get_calendar(&principal, &cid)
.await?;
if auth_info.user_id != calendar.principal {
return Ok(HttpResponse::Unauthorized().body(""));
}
@@ -86,7 +101,7 @@ pub async fn put_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
.store
.write()
.await
.put_event(cid, uid, body)
.put_event(principal, cid, uid, body)
.await?;
Ok(HttpResponse::Ok().body(""))

6
crates/caldav/src/event/resource.rs
View File

@@ -14,6 +14,7 @@ use tokio::sync::RwLock;
pub struct EventResource<C: CalendarStore + ?Sized> {
pub cal_store: Arc<RwLock<C>>,
pub path: String,
pub principal: String,
pub cid: String,
pub uid: String,
}
@@ -94,7 +95,7 @@ impl<C: CalendarStore + ?Sized> ResourceService for EventResource<C> {
_auth_info: AuthInfo,
path_components: Self::PathComponents,
) -> Result<Self, Self::Error> {
let (_principal, cid, uid) = path_components;
let (principal, cid, uid) = path_components;
let cal_store = req
.app_data::<Data<RwLock<C>>>()
@@ -104,6 +105,7 @@ impl<C: CalendarStore + ?Sized> ResourceService for EventResource<C> {
Ok(Self {
cal_store,
principal,
cid,
uid,
path: req.path().to_string(),
@@ -115,7 +117,7 @@ impl<C: CalendarStore + ?Sized> ResourceService for EventResource<C> {
.cal_store
.read()
.await
.get_event(&self.cid, &self.uid)
.get_event(&self.principal, &self.cid, &self.uid)
.await?;
Ok(EventFile {
event,