From 9f22d28af9d104db4f6e27da2ebe11e86d3b39f4 Mon Sep 17 00:00:00 2001
From: srosse <none@none>
Date: Thu, 22 Jan 2015 13:28:15 +0100
Subject: [PATCH] OO-1352: better control of access, add unit tests for the
 WebDAV access

---
 .../manager/CustomStaticFolderManager.java    |  5 ++
 .../calendar/CalendarWebDAVProvider.java      | 10 +++-
 .../modules/bc/BriefcaseWebDAVProvider.java   |  8 ++-
 .../services/webdav/WebDAVProvider.java       |  2 +
 .../webdav/manager/WebDAVManagerImpl.java     |  8 +--
 .../course/CoursefolderWebDAVProvider.java    |  5 ++
 .../group/GroupfoldersWebDAVProvider.java     |  5 ++
 .../SharedFolderWebDAVProvider.java           |  6 +++
 .../services/webdav/WebDAVCommandsTest.java   | 52 +++++++++++++++++++
 9 files changed, 94 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/olat/admin/sysinfo/manager/CustomStaticFolderManager.java b/src/main/java/org/olat/admin/sysinfo/manager/CustomStaticFolderManager.java
index a751c329b96..1cfe1062d44 100644
--- a/src/main/java/org/olat/admin/sysinfo/manager/CustomStaticFolderManager.java
+++ b/src/main/java/org/olat/admin/sysinfo/manager/CustomStaticFolderManager.java
@@ -68,6 +68,11 @@ public class CustomStaticFolderManager implements InitializingBean, WebDAVProvid
 	public String getMountPoint() {
 		return MOUNT_POINT;
 	}
+	
+	@Override
+	public boolean hasAccess(IdentityEnvironment identityEnv) {
+		return identityEnv != null && identityEnv.getRoles() != null && identityEnv.getRoles().isOLATAdmin();
+	}
 
 	@Override
 	public VFSContainer getContainer(IdentityEnvironment identityEnv) {
diff --git a/src/main/java/org/olat/commons/calendar/CalendarWebDAVProvider.java b/src/main/java/org/olat/commons/calendar/CalendarWebDAVProvider.java
index 28474840361..430b0c6e3e5 100644
--- a/src/main/java/org/olat/commons/calendar/CalendarWebDAVProvider.java
+++ b/src/main/java/org/olat/commons/calendar/CalendarWebDAVProvider.java
@@ -38,6 +38,12 @@ public class CalendarWebDAVProvider implements WebDAVProvider {
 
 	private static final String MOUNT_POINT = "calendars";
 	
+	@Override
+	public boolean hasAccess(IdentityEnvironment identityEnv) {
+		return identityEnv != null;
+	}
+	
+	@Override
 	public VFSContainer getContainer(IdentityEnvironment identityEnv) {
 		VirtualContainer calendars = new VirtualContainer("calendars");
 		calendars.setLocalSecurityCallback(new ReadOnlyCallback());
@@ -48,8 +54,8 @@ public class CalendarWebDAVProvider implements WebDAVProvider {
 		return calendars;
 	}
 
+	@Override
 	public String getMountPoint() {
 		return MOUNT_POINT;
 	}
-
-}
+}
\ No newline at end of file
diff --git a/src/main/java/org/olat/core/commons/modules/bc/BriefcaseWebDAVProvider.java b/src/main/java/org/olat/core/commons/modules/bc/BriefcaseWebDAVProvider.java
index 47dbbb2c85f..1dad8af1cdd 100644
--- a/src/main/java/org/olat/core/commons/modules/bc/BriefcaseWebDAVProvider.java
+++ b/src/main/java/org/olat/core/commons/modules/bc/BriefcaseWebDAVProvider.java
@@ -36,7 +36,8 @@ import org.olat.core.util.vfs.VFSContainer;
 public class BriefcaseWebDAVProvider implements WebDAVProvider {
 
 	private static final String MOUNTPOINT = "home";
-	
+
+	@Override
 	public String getMountPoint() {
 		return MOUNTPOINT;
 	}
@@ -46,6 +47,11 @@ public class BriefcaseWebDAVProvider implements WebDAVProvider {
 		return new BriefcaseWebDAVMergeSource(identity);
 	}
 
+	@Override
+	public boolean hasAccess(IdentityEnvironment identityEnv) {
+		return identityEnv != null;
+	}
+
 	/**
 	 * @see org.olat.core.commons.services.webdav.WebDAVProvider#getContainer(org.olat.core.id.Identity)
 	 */
diff --git a/src/main/java/org/olat/core/commons/services/webdav/WebDAVProvider.java b/src/main/java/org/olat/core/commons/services/webdav/WebDAVProvider.java
index e0901275e19..5879ac519fd 100644
--- a/src/main/java/org/olat/core/commons/services/webdav/WebDAVProvider.java
+++ b/src/main/java/org/olat/core/commons/services/webdav/WebDAVProvider.java
@@ -30,6 +30,8 @@ import org.olat.core.id.IdentityEnvironment;
 import org.olat.core.util.vfs.VFSContainer;
 
 public interface WebDAVProvider {
+	
+	public boolean hasAccess(IdentityEnvironment identityEnv);
 
 	/**
 	 * Get a name under which this provider would like to list its container as at the root level of the WebDAV mount point
diff --git a/src/main/java/org/olat/core/commons/services/webdav/manager/WebDAVManagerImpl.java b/src/main/java/org/olat/core/commons/services/webdav/manager/WebDAVManagerImpl.java
index c9d042f2246..187a107fa03 100644
--- a/src/main/java/org/olat/core/commons/services/webdav/manager/WebDAVManagerImpl.java
+++ b/src/main/java/org/olat/core/commons/services/webdav/manager/WebDAVManagerImpl.java
@@ -130,7 +130,9 @@ public class WebDAVManagerImpl implements WebDAVManager, InitializingBean {
 		MergeSource vfsRoot = new MergeSource(null, "webdav");
 		for (Map.Entry<String, WebDAVProvider> entry : webdavModule.getWebDAVProviders().entrySet()) {
 			WebDAVProvider provider = entry.getValue();
-			vfsRoot.addContainer(new WebDAVProviderNamedContainer(identityEnv, provider));
+			if(provider.hasAccess(identityEnv)) {
+				vfsRoot.addContainer(new WebDAVProviderNamedContainer(identityEnv, provider));
+			}
 		}
 		return vfsRoot;
 	}
@@ -139,9 +141,7 @@ public class WebDAVManagerImpl implements WebDAVManager, InitializingBean {
 		//create the / folder
 		VirtualContainer rootContainer = new VirtualContainer("");
 		rootContainer.setLocalSecurityCallback(new ReadOnlyCallback());
-
-		VFSResourceRoot fdc = new VFSResourceRoot(usess.getIdentity(), rootContainer);
-		return fdc;
+		return new VFSResourceRoot(usess.getIdentity(), rootContainer);
 	}
 
 	/**
diff --git a/src/main/java/org/olat/course/CoursefolderWebDAVProvider.java b/src/main/java/org/olat/course/CoursefolderWebDAVProvider.java
index 52eccf277dc..a40accd5412 100644
--- a/src/main/java/org/olat/course/CoursefolderWebDAVProvider.java
+++ b/src/main/java/org/olat/course/CoursefolderWebDAVProvider.java
@@ -40,6 +40,11 @@ public class CoursefolderWebDAVProvider implements WebDAVProvider {
 	public String getMountPoint() {
 		return MOUNTPOINT;
 	}
+	
+	@Override
+	public boolean hasAccess(IdentityEnvironment identityEnv) {
+		return identityEnv != null;
+	}
 
 	@Override
 	public VFSContainer getContainer(IdentityEnvironment identityEnv) {
diff --git a/src/main/java/org/olat/group/GroupfoldersWebDAVProvider.java b/src/main/java/org/olat/group/GroupfoldersWebDAVProvider.java
index 71f8579d588..29d9fbfcfee 100644
--- a/src/main/java/org/olat/group/GroupfoldersWebDAVProvider.java
+++ b/src/main/java/org/olat/group/GroupfoldersWebDAVProvider.java
@@ -46,6 +46,11 @@ public class GroupfoldersWebDAVProvider implements WebDAVProvider {
 	public void setCollaborationManager(CollaborationManager collaborationManager) {
 		this.collaborationManager = collaborationManager;
 	}
+	
+	@Override
+	public boolean hasAccess(IdentityEnvironment identityEnv) {
+		return identityEnv != null;
+	}
 
 	@Override
 	public String getMountPoint() {
diff --git a/src/main/java/org/olat/modules/sharedfolder/SharedFolderWebDAVProvider.java b/src/main/java/org/olat/modules/sharedfolder/SharedFolderWebDAVProvider.java
index 8fa86c8ca16..8c16f8db64b 100644
--- a/src/main/java/org/olat/modules/sharedfolder/SharedFolderWebDAVProvider.java
+++ b/src/main/java/org/olat/modules/sharedfolder/SharedFolderWebDAVProvider.java
@@ -79,9 +79,15 @@ public class SharedFolderWebDAVProvider implements WebDAVProvider {
 	/**
 	 * @see org.olat.core.commons.services.webdav.WebDAVProvider#getMountPoint()
 	 */
+	@Override
 	public String getMountPoint() {
 		return "sharedfolders";
 	}
+	
+	@Override
+	public boolean hasAccess(IdentityEnvironment identityEnv) {
+		return identityEnv != null;
+	}
 
 	/**
 	 * @see org.olat.core.commons.services.webdav.WebDAVProvider#getContainer(org.olat.core.id.Identity)
diff --git a/src/test/java/org/olat/core/commons/services/webdav/WebDAVCommandsTest.java b/src/test/java/org/olat/core/commons/services/webdav/WebDAVCommandsTest.java
index c52d4e80bce..9a74b0c2f25 100644
--- a/src/test/java/org/olat/core/commons/services/webdav/WebDAVCommandsTest.java
+++ b/src/test/java/org/olat/core/commons/services/webdav/WebDAVCommandsTest.java
@@ -664,6 +664,58 @@ public class WebDAVCommandsTest extends WebDAVTestCase {
 		conn.close();
 	}
 	
+	@Test
+	public void customizingFolder()
+	throws IOException, URISyntaxException {
+		Identity admin = JunitTestHelper.createAndPersistIdentityAsAdmin("admin-webdav");
+		dbInstance.commitAndCloseSession();
+		
+		WebDAVConnection conn = new WebDAVConnection();
+		conn.setCredentials(admin.getName(), "A6B7C8");
+
+		//Has access?
+		URI customizingUri = conn.getBaseURI().path("webdav").path("customizing").build();
+		String customizingXml = conn.propfind(customizingUri, 2);
+		Assert.assertTrue(customizingXml.contains("<D:href>/webdav/customizing/</D:href>"));
+
+		//PUT in the folder
+		URI textUri = conn.getBaseURI().path("webdav").path("customizing").path("infos.txt").build();
+		HttpPut put = conn.createPut(textUri);
+		InputStream dataStream = WebDAVCommandsTest.class.getResourceAsStream("text.txt");
+		InputStreamEntity entity = new InputStreamEntity(dataStream, -1);
+		put.setEntity(entity);
+		HttpResponse putResponse = conn.execute(put);
+		Assert.assertEquals(201, putResponse.getStatusLine().getStatusCode());
+		
+		//GET
+		HttpGet get = conn.createGet(textUri);
+		HttpResponse getResponse = conn.execute(get);
+		Assert.assertEquals(200, getResponse.getStatusLine().getStatusCode());
+		String text = EntityUtils.toString(getResponse.getEntity());
+		Assert.assertEquals("Small text", text);
+
+		conn.close();
+	}
+	
+	@Test
+	public void customizingFolder_permission()
+	throws IOException, URISyntaxException {
+		Identity user = JunitTestHelper.createAndPersistIdentityAsRndUser("user-webdav");
+		dbInstance.commitAndCloseSession();
+		
+		WebDAVConnection conn = new WebDAVConnection();
+		conn.setCredentials(user.getName(), "A6B7C8");
+
+		URI customizingUri = conn.getBaseURI().path("webdav").path("customizing").build();
+		HttpPropFind propfind = new HttpPropFind(customizingUri);
+		propfind.addHeader("Depth", Integer.toString(2));
+		HttpResponse response = conn.execute(propfind);
+		Assert.assertEquals(404, response.getStatusLine().getStatusCode());
+		EntityUtils.consume(response.getEntity());
+
+		conn.close();
+	}
+	
 	private VFSItem createFile(VFSContainer container, String filename) throws IOException {
 		VFSLeaf testLeaf = container.createChildLeaf(filename);
 		InputStream in = WebDAVCommandsTest.class.getResourceAsStream("text.txt");
-- 
GitLab