Improvement to access control

crates/carddav/src/addressbook/methods/report/addressbook_multiget.rs

@@ -16,7 +16,7 @@ use rustical_dav::{
         MultistatusElement,
     },
 };
-use rustical_store::{AddressObject, AddressbookStore};
+use rustical_store::{auth::User, AddressObject, AddressbookStore};
 use serde::Deserialize;
 
 #[derive(Deserialize, Clone, Debug)]
@@ -64,6 +64,7 @@ pub async fn get_objects_addressbook_multiget<AS: AddressbookStore + ?Sized>(
 pub async fn handle_addressbook_multiget<AS: AddressbookStore + ?Sized>(
     addr_multiget: AddressbookMultigetRequest,
     req: HttpRequest,
+    user: &User,
     principal: &str,
     cal_id: &str,
     addr_store: &AS,
@@ -92,11 +93,13 @@ pub async fn handle_addressbook_multiget<AS: AddressbookStore + ?Sized>(
     let mut responses = Vec::new();
     for object in objects {
         let path = format!("{}/{}", req.path(), object.get_id());
-        responses.push(AddressObjectResource::from(object).propfind(
-            &path,
-            props.clone(),
-            req.resource_map(),
-        )?);
+        responses.push(
+            AddressObjectResource {
+                object,
+                principal: principal.to_owned(),
+            }
+            .propfind(&path, props.clone(), user, req.resource_map())?,
+        );
     }
 
     let not_found_responses = not_found

crates/carddav/src/addressbook/methods/report/mod.rs

@@ -47,6 +47,7 @@ pub async fn route_report_addressbook<AS: AddressbookStore + ?Sized>(
             handle_addressbook_multiget(
                 addr_multiget,
                 req,
+                &user,
                 &principal,
                 &addressbook_id,
                 addr_store.as_ref(),
@@ -57,6 +58,7 @@ pub async fn route_report_addressbook<AS: AddressbookStore + ?Sized>(
             handle_sync_collection(
                 sync_collection,
                 req,
+                &user,
                 &principal,
                 &addressbook_id,
                 addr_store.as_ref(),

crates/carddav/src/addressbook/methods/report/sync_collection.rs

@@ -12,6 +12,7 @@ use rustical_dav::{
     },
 };
 use rustical_store::{
+    auth::User,
     synctoken::{format_synctoken, parse_synctoken},
     AddressbookStore,
 };
@@ -42,6 +43,7 @@ pub struct SyncCollectionRequest {
 pub async fn handle_sync_collection<AS: AddressbookStore + ?Sized>(
     sync_collection: SyncCollectionRequest,
     req: HttpRequest,
+    user: &User,
     principal: &str,
     addressbook_id: &str,
     addr_store: &AS,
@@ -69,11 +71,13 @@ pub async fn handle_sync_collection<AS: AddressbookStore + ?Sized>(
             vec![principal, addressbook_id, &object.get_id()],
         )
         .unwrap();
-        responses.push(AddressObjectResource::from(object).propfind(
-            &path,
-            props.clone(),
-            req.resource_map(),
-        )?);
+        responses.push(
+            AddressObjectResource {
+                object,
+                principal: principal.to_owned(),
+            }
+            .propfind(&path, props.clone(), user, req.resource_map())?,
+        );
     }
 
     for object_id in deleted_objects {