diff --git a/Documentation/SOGoInstallationGuide.asciidoc b/Documentation/SOGoInstallationGuide.asciidoc index ebcd50f82..fb5e0d74f 100644 --- a/Documentation/SOGoInstallationGuide.asciidoc +++ b/Documentation/SOGoInstallationGuide.asciidoc @@ -693,6 +693,9 @@ Defaults to `NO` when unset. |S |SOGoDisableSharing |List of modules where sharing should be disabled, for example `(Mail, Calendar)`. Modules can be `Mail`, `Contacts` and `Calendar`. Default value empty list (sharing enabled for everybody). +|S |SOGoDisableSharingAnyAuthUser +|List of modules where sharing with any authenticated user option should be disabled, for example `(Mail, Calendar)`. Modules can be `Mail`, `Contacts` and `Calendar`. Default value empty list (sharing enabled for everybody). + |S |SOGoPasswordChangeEnabled |Parameter used to allow or not users to change their passwords from SOGo. diff --git a/SoObjects/SOGo/SOGoSystemDefaults.h b/SoObjects/SOGo/SOGoSystemDefaults.h index 359b715a3..c435a9950 100644 --- a/SoObjects/SOGo/SOGoSystemDefaults.h +++ b/SoObjects/SOGo/SOGoSystemDefaults.h @@ -130,6 +130,7 @@ NSComparisonResult languageSort(id el1, id el2, void *context); - (NSString *) JWTSecret; - (NSArray *) disableSharing; +- (NSArray *) disableSharingAnyAuthUser; @end diff --git a/SoObjects/SOGo/SOGoSystemDefaults.m b/SoObjects/SOGo/SOGoSystemDefaults.m index f517c7a3e..b97e1896a 100644 --- a/SoObjects/SOGo/SOGoSystemDefaults.m +++ b/SoObjects/SOGo/SOGoSystemDefaults.m @@ -819,5 +819,18 @@ NSComparisonResult languageSort(id el1, id el2, void *context) return disableSharing; } +- (NSArray *) disableSharingAnyAuthUser +{ + static NSArray *disableSharingAnyAuthUser = nil; + + if (!disableSharingAnyAuthUser) + { + disableSharingAnyAuthUser = [self stringArrayForKey: @"SOGoDisableSharingAnyAuthUser"]; + [disableSharingAnyAuthUser retain]; + } + + return disableSharingAnyAuthUser; +} + @end diff --git a/UI/Common/UIxAclEditor.m b/UI/Common/UIxAclEditor.m index 920474ea6..ac6f4a9a4 100644 --- a/UI/Common/UIxAclEditor.m +++ b/UI/Common/UIxAclEditor.m @@ -101,7 +101,11 @@ NSDictionary *currentUserInfos; NSMutableDictionary *userData; id result; + WORequest *request; + NSArray *reqPathArray; NSEnumerator *aclsEnum; + BOOL defaultUserDisable; + SOGoSystemDefaults *sd; if (!prepared) { @@ -142,8 +146,27 @@ } // Add the 'Any authenticated' user - if (defaultUserID) + request = [[self context] request]; + reqPathArray = [request requestHandlerPathArray]; + sd = [SOGoSystemDefaults sharedSystemDefaults]; + if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingMail] + && nil != [sd disableSharingAnyAuthUser] + && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingMail]) { + defaultUserDisable = YES; + } + if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingContacts] + && nil != [sd disableSharingAnyAuthUser] + && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingContacts]) { + defaultUserDisable = YES; + } + if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingCalendar] + && nil != [sd disableSharingAnyAuthUser] + && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingCalendar]) { + defaultUserDisable = YES; + } + if (!defaultUserDisable && defaultUserID) { + userData = [NSDictionary dictionaryWithObjectsAndKeys: defaultUserID, @"uid", [self labelForKey: @"Any Authenticated User"], @"cn", diff --git a/UI/Common/UIxUserRightsEditor.m b/UI/Common/UIxUserRightsEditor.m index d03bee896..356ea6fb1 100644 --- a/UI/Common/UIxUserRightsEditor.m +++ b/UI/Common/UIxUserRightsEditor.m @@ -292,6 +292,32 @@ while ((currentUser = [usersList nextObject])) { currentUid = [currentUser objectForKey: @"uid"]; + + //Check if we disable the fact to set rights for defaultsUser + if (!defaultUserID) + ASSIGN (defaultUserID, [[self clientObject] defaultUserID]); + if([currentUid isEqualToString: defaultUserID]) + { + if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingMail] + && nil != [sd disableSharingAnyAuthUser] + && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingMail]) { + response = [self responseWithStatus: 403]; + return response; + } + if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingContacts] + && nil != [sd disableSharingAnyAuthUser] + && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingContacts]) { + response = [self responseWithStatus: 403]; + return response; + } + if (NSNotFound != [reqPathArray indexOfObject: kDisableSharingCalendar] + && nil != [sd disableSharingAnyAuthUser] + && NSNotFound != [[sd disableSharingAnyAuthUser] indexOfObject: kDisableSharingCalendar]) { + response = [self responseWithStatus: 403]; + return response; + } + } + if (!([self _initRightsForUserID: currentUid])) { jsonResponse = [NSDictionary dictionaryWithObject: [self labelForKey: @"No such user."]