feat(core): Add SOGoDisableSharingAnyAuthUser option to disable sharing to any user authenticated for mail, contacts and calendar

2026-05-20 19:05:25 +00:00 · 2023-11-03 17:01:49 +01:00
parent 6e60b10755
commit e0ef59d5f2
5 changed files with 67 additions and 1 deletions
@@ -693,6 +693,9 @@ Defaults to `NO` when unset.
 |S |SOGoDisableSharing
 |List of modules where sharing should be disabled, for example `(Mail, Calendar)`. Modules can be `Mail`, `Contacts` and `Calendar`. Default value empty list (sharing enabled for everybody).

+|S |SOGoDisableSharingAnyAuthUser
+|List of modules where sharing with any authenticated user option should be disabled, for example `(Mail, Calendar)`. Modules can be `Mail`, `Contacts` and `Calendar`. Default value empty list (sharing enabled for everybody).
+
 |S |SOGoPasswordChangeEnabled
 |Parameter used to allow or not users to change their passwords from
 SOGo.
@@ -130,6 +130,7 @@ NSComparisonResult languageSort(id el1, id el2, void *context);
 - (NSString *) JWTSecret;

 - (NSArray *) disableSharing;
+- (NSArray *) disableSharingAnyAuthUser;

@end

@@ -819,5 +819,18 @@ NSComparisonResult languageSort(id el1, id el2, void *context)
  return disableSharing;
 }

+- (NSArray *) disableSharingAnyAuthUser
+{
+  static NSArray *disableSharingAnyAuthUser = nil;
+
+  if (!disableSharingAnyAuthUser)
+    {
+      disableSharingAnyAuthUser = [self stringArrayForKey: @"SOGoDisableSharingAnyAuthUser"];
+      [disableSharingAnyAuthUser retain];
+    }
+  
+  return disableSharingAnyAuthUser;
+}
+

@end
@@ -101,7 +101,11 @@
  NSDictionary *currentUserInfos;
  NSMutableDictionary *userData;
  id <WOActionResults> result;
+  WORequest *request;
+  NSArray *reqPathArray;
  NSEnumerator *aclsEnum;
+  BOOL defaultUserDisable;
+  SOGoSystemDefaults *sd;

  if (!prepared)
    {
@@ -142,8 +146,27 @@
        }

      // Add the 'Any authenticated' user
-      if (defaultUserID)
+      request = [[self context] request];
+      reqPathArray = [request requestHandlerPathArray];
+      sd = [SOGoSystemDefaults sharedSystemDefaults];
+      if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingMail]
+        && nil != [sd disableSharingAnyAuthUser] 
+        && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingMail]) {
+          defaultUserDisable = YES;
+      }
+      if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingContacts]
+        && nil != [sd disableSharingAnyAuthUser] 
+        && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingContacts]) {
+          defaultUserDisable = YES;
+      }
+      if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingCalendar]
+        && nil != [sd disableSharingAnyAuthUser] 
+        && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingCalendar]) {
+          defaultUserDisable = YES;
+      }      
+      if (!defaultUserDisable && defaultUserID)
      {
+
          userData = [NSDictionary dictionaryWithObjectsAndKeys:
                                     defaultUserID, @"uid",
                                   [self labelForKey: @"Any Authenticated User"], @"cn",
@@ -292,6 +292,32 @@
  while ((currentUser = [usersList nextObject]))
    {
      currentUid = [currentUser objectForKey: @"uid"];
+
+      //Check if we disable the fact to set rights for defaultsUser
+      if (!defaultUserID)
+        ASSIGN (defaultUserID, [[self clientObject] defaultUserID]);
+      if([currentUid isEqualToString: defaultUserID])
+      {
+        if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingMail]
+          && nil != [sd disableSharingAnyAuthUser] 
+          && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingMail]) {
+            response = [self responseWithStatus: 403];
+            return response;
+        }
+        if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingContacts]
+          && nil != [sd disableSharingAnyAuthUser] 
+          && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingContacts]) {
+            response = [self responseWithStatus: 403];
+            return response;
+        }
+        if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingCalendar]
+          && nil != [sd disableSharingAnyAuthUser] 
+          && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingCalendar]) {
+            response = [self responseWithStatus: 403];
+            return response;
+        }
+      }
+
      if (!([self _initRightsForUserID: currentUid]))
        {
          jsonResponse = [NSDictionary dictionaryWithObject: [self labelForKey: @"No such user."]