From 9d461d646faec68f0866bc8b459171471782086b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Enrique=20J=2E=20Hern=C3=A1ndez=20Blasco?=
 <ejhernandez@zentyal.com>
Date: Tue, 9 Feb 2016 23:54:15 +0100
Subject: [PATCH] oc-contacts: Add edit/delete own and Folder Contact/Owner
 sharing perm

By storing these custom MAPI roles in the ACL.

An extension field called 'X-OPENCHANGE-CREATOR' is created in the vcard
to validate the creator/owner of the contact in the shared folder.
---
 OpenChange/MAPIStoreContactsFolder.m  | 31 +++++++++++++++++++++-
 OpenChange/MAPIStoreContactsMessage.m | 37 +++++++++++++++++++--------
 2 files changed, 56 insertions(+), 12 deletions(-)

diff --git a/OpenChange/MAPIStoreContactsFolder.m b/OpenChange/MAPIStoreContactsFolder.m
index fd6db947a..d55c34a25 100644
--- a/OpenChange/MAPIStoreContactsFolder.m
+++ b/OpenChange/MAPIStoreContactsFolder.m
@@ -74,18 +74,34 @@
 
 - (NSArray *) rolesForExchangeRights: (uint32_t) rights
 {
+  /* Limitations
+
+     Following rights are not supported by SOGo specifically:
+
+     - CreateSubfolders: No contacts subfolders
+     - FolderVisible: It is inferred by other rights when extracting
+   */
   NSMutableArray *roles;
 
-  roles = [NSMutableArray arrayWithCapacity: 6];
+  roles = [NSMutableArray arrayWithCapacity: 8];
   if (rights & RightsCreateItems)
     [roles addObject: SOGoRole_ObjectCreator];
   if (rights & RightsDeleteAll)
     [roles addObject: SOGoRole_ObjectEraser];
+  if (rights & RightsDeleteOwn)
+    [roles addObject: MAPIStoreRightDeleteOwn];
   if (rights & RightsEditAll)
     [roles addObject: SOGoRole_ObjectEditor];
+  if (rights & RightsEditOwn)
+    [roles addObject: MAPIStoreRightEditOwn];
   if (rights & RightsReadItems)
     [roles addObject: SOGoRole_ObjectViewer];
 
+  if (rights & RightsFolderOwner)
+    [roles addObject: MAPIStoreRightFolderOwner];
+  if (rights & RightsFolderContact)
+    [roles addObject: MAPIStoreRightFolderContact];
+
   return roles;
 }
 
@@ -95,15 +111,28 @@
 
   if ([roles containsObject: SOGoRole_ObjectCreator])
     rights |= RightsCreateItems;
+
   if ([roles containsObject: SOGoRole_ObjectEraser])
     rights |= RightsDeleteAll | RightsDeleteOwn;
+  else if ([roles containsObject: MAPIStoreRightDeleteOwn])
+    rights |= RightsDeleteOwn;
+
   if ([roles containsObject: SOGoRole_ObjectEditor])
     rights |= RightsEditAll | RightsEditOwn;
+  else if ([roles containsObject: MAPIStoreRightEditOwn])
+    rights |= RightsEditOwn;
+
   if ([roles containsObject: SOGoRole_ObjectViewer])
     rights |= RightsReadItems;
   if (rights != 0)
     rights |= RoleNone; /* actually "folder visible" */
 
+  if ([roles containsObject: MAPIStoreRightFolderOwner])
+    rights |= RightsFolderOwner | RoleNone;
+
+  if ([roles containsObject: MAPIStoreRightFolderContact])
+    rights |= RightsFolderContact;
+
   return rights;
 }
 
diff --git a/OpenChange/MAPIStoreContactsMessage.m b/OpenChange/MAPIStoreContactsMessage.m
index 4befdfd5d..344f31c39 100644
--- a/OpenChange/MAPIStoreContactsMessage.m
+++ b/OpenChange/MAPIStoreContactsMessage.m
@@ -31,9 +31,11 @@
 #import <NGCards/NGVCardPhoto.h>
 #import <NGCards/NSArray+NGCards.h>
 #import <NGCards/NSString+NGCards.h>
+#import <NGObjWeb/WOContext+SoObjects.h>
 #import <Contacts/SOGoContactGCSEntry.h>
 #import <Mailer/NSString+Mail.h>
 #import <SOGo/SOGoPermissions.h>
+#import <SOGo/SOGoUser.h>
 #import <SOGo/SOGoUserManager.h>
 
 #import "MAPIStoreAttachment.h"
@@ -1224,23 +1226,28 @@ enum {  // [MS-OXOCNTC] 2.2.1.2.11
 }
 
 // ---------------------------------------------------------
+// Permissions
+// ---------------------------------------------------------
+
+- (NSString *) creator
+{
+  return [[[sogoObject vCard] uniqueChildWithTag: @"x-openchange-creator"]
+                  flattenedValuesForKey: @""];
+}
+
+- (NSString *) owner
+{
+  return [self creator];
+}
 
 - (BOOL) subscriberCanReadMessage
 {
   return [[self activeUserRoles] containsObject: SOGoRole_ObjectViewer];
 }
 
-- (BOOL) subscriberCanModifyMessage
-{
-  NSArray *roles;
-
-  roles = [self activeUserRoles];
-
-  return ((isNew
-           && [roles containsObject: SOGoRole_ObjectCreator])
-          || (!isNew && [roles containsObject: SOGoRole_ObjectEditor]));
-}
-
+// ---------------------------------------------------------
+// Save
+// ---------------------------------------------------------
 - (void) saveDistList:(TALLOC_CTX *) memCtx
 {
   [self warnWithFormat: @"IPM.DistList messages are ignored"];
@@ -1584,6 +1591,14 @@ enum {  // [MS-OXOCNTC] 2.2.1.2.11
   if (value)
     [newCard setNote: value];
 
+  /* Store the creator name for sharing purposes */
+  if (isNew)
+    {
+      value = [[[self context] activeUser] login];
+      [[newCard uniqueChildWithTag: @"x-openchange-creator"]
+        setSingleValue: value forKey: @""];
+    }
+
   //
   // we save the new/modified card
   //