nikdoof/rustical
1
1
Fork 0
mirror of https://github.com/lennart-k/rustical.git synced 2025-12-22 20:59:29 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix data model to fix event collisions with multiple principals

Browse Source
This commit is contained in:
Lennart
2024-06-21 21:16:31 +02:00
parent aed6bcff63
commit 06d1095c66
11 changed files with 245 additions and 100 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
crates/caldav/src/event/methods.rs
View File

@@ -14,7 +14,7 @@ pub async fn delete_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
) -> Result<HttpResponse, Error> {
let _user = auth.inner.user_id;
// TODO: verify whether user is authorized
let (_principal, mut cid, uid) = path.into_inner();
let (principal, mut cid, uid) = path.into_inner();
if cid.ends_with(".ics") {
cid.truncate(cid.len() - 4);
}
@@ -28,7 +28,7 @@ pub async fn delete_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
.store
.write()
.await
.delete_event(&cid, &uid, !no_trash)
.delete_event(&principal, &cid, &uid, !no_trash)
.await?;
Ok(HttpResponse::Ok().body(""))
@@ -46,15 +46,25 @@ pub async fn get_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
return Ok(HttpResponse::Unauthorized().body(""));
}
let calendar = context.store.read().await.get_calendar(&cid).await?;
if auth.inner.user_id != calendar.owner {
let calendar = context
.store
.read()
.await
.get_calendar(&principal, &cid)
.await?;
if auth.inner.user_id != calendar.principal {
return Ok(HttpResponse::Unauthorized().body(""));
}
if uid.ends_with(".ics") {
uid.truncate(uid.len() - 4);
}
let event = context.store.read().await.get_event(&cid, &uid).await?;
let event = context
.store
.read()
.await
.get_event(&principal, &cid, &uid)
.await?;
Ok(HttpResponse::Ok()
.insert_header(("ETag", event.get_etag()))
@@ -73,8 +83,13 @@ pub async fn put_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
return Ok(HttpResponse::Unauthorized().body(""));
}
let calendar = context.store.read().await.get_calendar(&cid).await?;
if auth_info.user_id != calendar.owner {
let calendar = context
.store
.read()
.await
.get_calendar(&principal, &cid)
.await?;
if auth_info.user_id != calendar.principal {
return Ok(HttpResponse::Unauthorized().body(""));
}
@@ -86,7 +101,7 @@ pub async fn put_event<A: CheckAuthentication, C: CalendarStore + ?Sized>(
.store
.write()
.await
.put_event(cid, uid, body)
.put_event(principal, cid, uid, body)
.await?;
Ok(HttpResponse::Ok().body(""))

6
crates/caldav/src/event/resource.rs
View File

@@ -14,6 +14,7 @@ use tokio::sync::RwLock;
pub struct EventResource<C: CalendarStore + ?Sized> {
pub cal_store: Arc<RwLock<C>>,
pub path: String,
pub principal: String,
pub cid: String,
pub uid: String,
}
@@ -94,7 +95,7 @@ impl<C: CalendarStore + ?Sized> ResourceService for EventResource<C> {
_auth_info: AuthInfo,
path_components: Self::PathComponents,
) -> Result<Self, Self::Error> {
let (_principal, cid, uid) = path_components;
let (principal, cid, uid) = path_components;
let cal_store = req
.app_data::<Data<RwLock<C>>>()
@@ -104,6 +105,7 @@ impl<C: CalendarStore + ?Sized> ResourceService for EventResource<C> {
Ok(Self {
cal_store,
principal,
cid,
uid,
path: req.path().to_string(),
@@ -115,7 +117,7 @@ impl<C: CalendarStore + ?Sized> ResourceService for EventResource<C> {
.cal_store
.read()
.await
.get_event(&self.cid, &self.uid)
.get_event(&self.principal, &self.cid, &self.uid)
.await?;
Ok(EventFile {
event,