Skip to content

Commit

Permalink
Merge pull request #46747 from nextcloud/refactor/dav/security-attrib…
Browse files Browse the repository at this point in the history 
…utes
  • Loading branch information
@provokateurin
provokateurin authored Jul 31, 2024
2 parents fcc63ca + 9d6221e commit e7eea97
Show file tree
Hide file tree
Showing 3 changed files with 16 additions and 16 deletions.
6 changes: 4 additions & 2 deletions apps/dav/lib/Controller/BirthdayCalendarController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,9 @@

use OCA\DAV\BackgroundJob\GenerateBirthdayCalendarBackgroundJob;
use OCA\DAV\CalDAV\CalDavBackend;
use OCA\DAV\Settings\CalDAVSettings;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Http\Response;
use OCP\BackgroundJob\IJobList;
Expand Down Expand Up @@ -70,8 +72,8 @@ public function __construct($appName, IRequest $request,

/**
* @return Response
* @AuthorizedAdminSetting(settings=OCA\DAV\Settings\CalDAVSettings)
*/
#[AuthorizedAdminSetting(settings: CalDAVSettings::class)]
public function enable() {
$this->config->setAppValue($this->appName, 'generateBirthdayCalendar', 'yes');

Expand All @@ -87,8 +89,8 @@ public function enable() {

/**
* @return Response
* @AuthorizedAdminSetting(settings=OCA\DAV\Settings\CalDAVSettings)
*/
#[AuthorizedAdminSetting(settings: CalDAVSettings::class)]
public function disable() {
$this->config->setAppValue($this->appName, 'generateBirthdayCalendar', 'no');

Expand Down
4 changes: 2 additions & 2 deletions apps/dav/lib/Controller/DirectController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
use OCA\DAV\Db\Direct;
use OCA\DAV\Db\DirectMapper;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\Attribute\NoAdminRequired;
use OCP\AppFramework\Http\DataResponse;
use OCP\AppFramework\OCS\OCSBadRequestException;
use OCP\AppFramework\OCS\OCSForbiddenException;
Expand Down Expand Up @@ -69,8 +70,6 @@ public function __construct(string $appName,
}

/**
* @NoAdminRequired
*
* Get a direct link to a file
*
* @param int $fileId ID of the file
Expand All @@ -82,6 +81,7 @@ public function __construct(string $appName,
*
* 200: Direct link returned
*/
#[NoAdminRequired]
public function getUrl(int $fileId, int $expirationTime = 60 * 60 * 8): DataResponse {
$userFolder = $this->rootFolder->getUserFolder($this->userId);

Expand Down
22 changes: 10 additions & 12 deletions apps/dav/lib/Controller/InvitationResponseController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@

use OCA\DAV\CalDAV\InvitationResponse\InvitationResponseServer;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http\Attribute\NoCSRFRequired;
use OCP\AppFramework\Http\Attribute\OpenAPI;
use OCP\AppFramework\Http\Attribute\PublicPage;
use OCP\AppFramework\Http\TemplateResponse;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\IDBConnection;
Expand Down Expand Up @@ -52,12 +54,11 @@ public function __construct(string $appName, IRequest $request,
}

/**
* @PublicPage
* @NoCSRFRequired
*
* @param string $token
* @return TemplateResponse
*/
#[PublicPage]
#[NoCSRFRequired]
public function accept(string $token):TemplateResponse {
$row = $this->getTokenInformation($token);
if (!$row) {
Expand All @@ -76,12 +77,11 @@ public function accept(string $token):TemplateResponse {
}

/**
* @PublicPage
* @NoCSRFRequired
*
* @param string $token
* @return TemplateResponse
*/
#[PublicPage]
#[NoCSRFRequired]
public function decline(string $token):TemplateResponse {
$row = $this->getTokenInformation($token);
if (!$row) {
Expand All @@ -101,26 +101,24 @@ public function decline(string $token):TemplateResponse {
}

/**
* @PublicPage
* @NoCSRFRequired
*
* @param string $token
* @return TemplateResponse
*/
#[PublicPage]
#[NoCSRFRequired]
public function options(string $token):TemplateResponse {
return new TemplateResponse($this->appName, 'schedule-response-options', [
'token' => $token
], 'guest');
}

/**
* @PublicPage
* @NoCSRFRequired
*
* @param string $token
*
* @return TemplateResponse
*/
#[PublicPage]
#[NoCSRFRequired]
public function processMoreOptionsResult(string $token):TemplateResponse {
$partstat = $this->request->getParam('partStat');

Expand Down

0 comments on commit e7eea97

Please sign in to comment.