Merge pull request #654 in ZP/z-push from...

Merge pull request #654 in ZP/z-push from feature/ZP-1357-private-items-when-impersonating to develop * commit '5220fd16': ZP-1357 Simplify check if the user is impersonated for folder origin. ZP-1357 Remove unnecessary log output. ZP-1357 Fixed GetMainUser() return type. ZP-1357 Get authenticated and impersonated user from the backend instead of from the request. ZP-1357 Remove unnecessary log output. ZP-1357 Prevent editing private items in impersonated folder. Added impersonated folder origin.

Merge pull request #654 in ZP/z-push from...
Merge pull request #654 in ZP/z-push from feature/ZP-1357-private-items-when-impersonating to develop * commit '5220fd16': ZP-1357 Simplify check if the user is impersonated for folder origin. ZP-1357 Remove unnecessary log output. ZP-1357 Fixed GetMainUser() return type. ZP-1357 Get authenticated and impersonated user from the backend instead of from the request. ZP-1357 Remove unnecessary log output. ZP-1357 Prevent editing private items in impersonated folder. Added impersonated folder origin.
e26261dc · Sebastian Kummer · 6c6bfa4b · 5220fd16 · e26261dc · e26261dc
Commit e26261dc authored Feb 22, 2018 by Sebastian Kummer
8 changed files
--- a/src/backend/kopano/importer.php
+++ b/src/backend/kopano/importer.php
@@ -254,7 +254,7 @@ class ImportChangesICS implements IImportChanges {
        $sharedUser = ZPush::GetAdditionalSyncFolderStore(bin2hex($this->folderid));
        // if this is either a user folder or SYSTEM and no restriction is set, we don't need to check
-        if (($sharedUser == false || $sharedUser == 'SYSTEM') && $this->cutoffdate === false) {
+        if (($sharedUser == false || $sharedUser == 'SYSTEM') && $this->cutoffdate === false && !ZPush::GetBackend()->GetImpersonatedUser()) {
            return true;
        }

--- a/src/backend/kopano/kopano.php
+++ b/src/backend/kopano/kopano.php
@@ -1500,6 +1500,26 @@ class BackendKopano implements IBackend, ISearchProvider {
        return $this->storeName;
    }
+    /**
+     * Returns the impersonated user name.
+     *
+     * @access public
+     * @return string or false if no user is impersonated
+     */
+    public function GetImpersonatedUser() {
+        return $this->impersonateUser;
+    }
+    /**
+     * Returns the authenticated user name.
+     *
+     * @access public
+     * @return string
+     */
+    public function GetMainUser() {
+        return $this->mainUser;
+    }
    /**
     * Indicates if the Backend supports folder statistics.
     *

--- a/src/backend/kopano/mapiprovider.php
+++ b/src/backend/kopano/mapiprovider.php
@@ -989,7 +989,11 @@ class MAPIProvider {
        }
        $folder->BackendId = bin2hex($folderprops[PR_SOURCE_KEY]);
-        $folder->serverid = ZPush::GetDeviceManager()->GetFolderIdForBackendId($folder->BackendId, true, DeviceManager::FLD_ORIGIN_USER, $folderprops[PR_DISPLAY_NAME]);
+        $folderOrigin = DeviceManager::FLD_ORIGIN_USER;
+        if (ZPush::GetBackend()->GetImpersonatedUser()) {
+            $folderOrigin = DeviceManager::FLD_ORIGIN_IMPERSONATED;
+        }
+        $folder->serverid = ZPush::GetDeviceManager()->GetFolderIdForBackendId($folder->BackendId, true, $folderOrigin, $folderprops[PR_DISPLAY_NAME]);
        if($folderprops[PR_PARENT_ENTRYID] == $storeprops[PR_IPM_SUBTREE_ENTRYID]) {
            $folder->parentid = "0";
        }

--- a/src/backend/kopano/mapiutils.php
+++ b/src/backend/kopano/mapiutils.php
@@ -366,8 +366,12 @@ class MAPIUtils {
        $sensitivity = mapi_getprops($mapimessage, array(PR_SENSITIVITY));
        if (isset($sensitivity[PR_SENSITIVITY]) && $sensitivity[PR_SENSITIVITY] >= SENSITIVITY_PRIVATE) {
            $hexFolderid = bin2hex($folderid);
-            $sharedUser = ZPush::GetAdditionalSyncFolderStore($hexFolderid);
            $shortId = ZPush::GetDeviceManager()->GetFolderIdForBackendId($hexFolderid);
+            if (Utils::GetFolderOriginFromId($shortId) == DeviceManager::FLD_ORIGIN_IMPERSONATED) {
+                ZLog::Write(LOGLEVEL_DEBUG, sprintf("MAPIUtils->IsMessageSharedAndPrivate(): Message is in impersonated store '%s' and marked as private", ZPush::GetBackend()->GetImpersonatedUser()));
+                return true;
+            }
+            $sharedUser = ZPush::GetAdditionalSyncFolderStore($hexFolderid);
            if (Utils::GetFolderOriginFromId($shortId) != DeviceManager::FLD_ORIGIN_USER && $sharedUser != false && $sharedUser != 'SYSTEM') {
                ZLog::Write(LOGLEVEL_DEBUG, sprintf("MAPIUtils->IsMessageSharedAndPrivate(): Message is in shared store '%s' and marked as private", $sharedUser));
                return true;

--- a/src/lib/core/asdevice.php
+++ b/src/lib/core/asdevice.php
@@ -668,6 +668,7 @@ class ASDevice extends StateObject {
     *                                                                  'C' (configured)
     *                                                                  'S' (shared)
     *                                                                  'G' (global address book)
+     *                                                                  'I' (impersonated)
     * @param string    $folderName             Folder name of the backend folder
     *
     * @access public
@@ -1124,6 +1125,7 @@ class ASDevice extends StateObject {
     *                                                                  'C' (configured)
     *                                                                  'S' (shared)
     *                                                                  'G' (global address book)
+     *                                                                  'I' (impersonated)
     * @param string    $folderName             Folder name of the backend folder
     *
     * @access private

--- a/src/lib/core/devicemanager.php
+++ b/src/lib/core/devicemanager.php
@@ -42,6 +42,7 @@ class DeviceManager {
    const FLD_ORIGIN_CONFIG = "C";
    const FLD_ORIGIN_SHARED = "S";
    const FLD_ORIGIN_GAB = "G";
+    const FLD_ORIGIN_IMPERSONATED = "I";
    const FLD_FLAGS_NONE = 0;
    const FLD_FLAGS_SENDASOWNER = 1;
@@ -1052,13 +1053,14 @@ class DeviceManager {
     *                                                                  'C' (configured)
     *                                                                  'S' (shared)
     *                                                                  'G' (global address book)
+     *                                                                  'I' (impersonated)
     * @param string    $folderName             Folder name of the backend folder
     *
     * @access public
     * @return string/boolean  returns false if there is folderid known for this backendid and $generateNewIdIfNew is not set or false.
     */
    public function GetFolderIdForBackendId($backendid, $generateNewIdIfNew = false, $folderOrigin = self::FLD_ORIGIN_USER, $folderName = null) {
-        if (!in_array($folderOrigin, array(DeviceManager::FLD_ORIGIN_CONFIG, DeviceManager::FLD_ORIGIN_GAB, DeviceManager::FLD_ORIGIN_SHARED, DeviceManager::FLD_ORIGIN_USER))) {
+        if (!in_array($folderOrigin, array(DeviceManager::FLD_ORIGIN_CONFIG, DeviceManager::FLD_ORIGIN_GAB, DeviceManager::FLD_ORIGIN_SHARED, DeviceManager::FLD_ORIGIN_USER, DeviceManager::FLD_ORIGIN_IMPERSONATED))) {
            ZLog::Write(LOGLEVEL_WARN, sprintf("ASDevice->GetFolderIdForBackendId(): folder type '%' is unknown in DeviceManager", $folderOrigin));
        }
        return $this->device->GetFolderIdForBackendId($backendid, $generateNewIdIfNew, $folderOrigin, $folderName);

--- a/src/lib/request/request.php
+++ b/src/lib/request/request.php
@@ -719,14 +719,14 @@ class Request {
     */
    static private function filterEvilInput($input, $filter, $replacevalue = '') {
        $re = false;
-        if ($filter == self::LETTERS_ONLY)            $re = "/[^A-Za-z]/";
+        if ($filter == self::LETTERS_ONLY)          $re = "/[^A-Za-z]/";
-        else if ($filter == self::HEX_ONLY)           $re = "/[^A-Fa-f0-9]/";
+        elseif ($filter == self::HEX_ONLY)          $re = "/[^A-Fa-f0-9]/";
-        else if ($filter == self::WORDCHAR_ONLY)      $re = "/[^A-Za-z0-9]/";
+        elseif ($filter == self::WORDCHAR_ONLY)     $re = "/[^A-Za-z0-9]/";
-        else if ($filter == self::NUMBERS_ONLY)       $re = "/[^0-9]/";
+        elseif ($filter == self::NUMBERS_ONLY)      $re = "/[^0-9]/";
-        else if ($filter == self::NUMBERSDOT_ONLY)    $re = "/[^0-9\.]/";
+        elseif ($filter == self::NUMBERSDOT_ONLY)   $re = "/[^0-9\.]/";
-        else if ($filter == self::HEX_EXTENDED)       $re = "/[^A-Fa-f0-9\:\.]/";
+        elseif ($filter == self::HEX_EXTENDED)      $re = "/[^A-Fa-f0-9\:\.]/";
-        else if ($filter == self::HEX_EXTENDED2)      $re = "/[^A-Fa-f0-9\:USG]/"; // Folder origin constants from DeviceManager::FLD_ORIGIN_* (C already hex)
+        elseif ($filter == self::HEX_EXTENDED2)     $re = "/[^A-Fa-f0-9\:USGI]/"; // Folder origin constants from DeviceManager::FLD_ORIGIN_* (C already hex)
-        else if ($filter == self::ISO8601)            $re = "/[^\d{8}T\d{6}Z]/";
+        elseif ($filter == self::ISO8601)           $re = "/[^\d{8}T\d{6}Z]/";
        return ($re) ? preg_replace($re, $replacevalue, $input) : '';
    }

--- a/src/lib/utils/utils.php
+++ b/src/lib/utils/utils.php
@@ -1089,6 +1089,7 @@ class Utils {
            case DeviceManager::FLD_ORIGIN_GAB:
            case DeviceManager::FLD_ORIGIN_SHARED:
            case DeviceManager::FLD_ORIGIN_USER:
+            case DeviceManager::FLD_ORIGIN_IMPERSONATED:
                return $origin;
        }
        ZLog::Write(LOGLEVEL_WARN, sprintf("Utils->GetFolderOriginFromId(): Unknown folder origin for folder with id '%s'", $folderid));
@@ -1114,6 +1115,8 @@ class Utils {
                return 'shared';
            case DeviceManager::FLD_ORIGIN_USER:
                return 'user';
+            case DeviceManager::FLD_ORIGIN_IMPERSONATED:
+                return 'impersonated';
        }
        ZLog::Write(LOGLEVEL_WARN, sprintf("Utils->GetFolderOriginStringFromId(): Unknown folder origin for folder with id '%s'", $folderid));
        return 'unknown';