From e6df2a49815e25cc53d74f1877afc9269d87e554 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@winzerhof-wurst.at>
Date: Thu, 22 Feb 2024 17:59:20 +0100
Subject: [PATCH] fix(dav): ACLs for shared addressbooks

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
---
 3rdparty                                        | 2 +-
 apps/dav/lib/CardDAV/AddressBook.php            | 7 ++++++-
 apps/dav/lib/DAV/Sharing/Backend.php            | 2 +-
 apps/dav/tests/unit/CardDAV/AddressBookTest.php | 2 +-
 4 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/3rdparty b/3rdparty
index 9aabf1a490571..e8a165a3811f1 160000
--- a/3rdparty
+++ b/3rdparty
@@ -1 +1 @@
-Subproject commit 9aabf1a490571ef88073d069222e9a232b772fc8
+Subproject commit e8a165a3811f1b454694337aaff47c30888ca9fc
diff --git a/apps/dav/lib/CardDAV/AddressBook.php b/apps/dav/lib/CardDAV/AddressBook.php
index 468961b958e71..4f589031f06e7 100644
--- a/apps/dav/lib/CardDAV/AddressBook.php
+++ b/apps/dav/lib/CardDAV/AddressBook.php
@@ -118,7 +118,7 @@ public function getACL() {
 			],
 			[
 				'privilege' => '{DAV:}write-properties',
-				'principal' => '{DAV:}authenticated',
+				'principal' => $this->getOwner(),
 				'protected' => true,
 			],
 		];
@@ -129,6 +129,11 @@ public function getACL() {
 				'principal' => '{DAV:}authenticated',
 				'protected' => true,
 			];
+			$acl[] = [
+				'privilege' => '{DAV:}write-properties',
+				'principal' => '{DAV:}authenticated',
+				'protected' => true,
+			];
 		}
 
 		if (!$this->isShared()) {
diff --git a/apps/dav/lib/DAV/Sharing/Backend.php b/apps/dav/lib/DAV/Sharing/Backend.php
index b115ef61313ed..f5c2a6c7688a7 100644
--- a/apps/dav/lib/DAV/Sharing/Backend.php
+++ b/apps/dav/lib/DAV/Sharing/Backend.php
@@ -265,7 +265,7 @@ public function applyShareAcl(int $resourceId, array $acl): array {
 					'principal' => $share['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}principal'],
 					'protected' => true,
 				];
-			} elseif ($this->resourceType === 'calendar') {
+			} elseif (in_array($this->resourceType, ['calendar','addressbook'])) {
 				// Allow changing the properties of read only calendars,
 				// so users can change the visibility.
 				$acl[] = [
diff --git a/apps/dav/tests/unit/CardDAV/AddressBookTest.php b/apps/dav/tests/unit/CardDAV/AddressBookTest.php
index f9cba4e6a8337..fa312f98797b3 100644
--- a/apps/dav/tests/unit/CardDAV/AddressBookTest.php
+++ b/apps/dav/tests/unit/CardDAV/AddressBookTest.php
@@ -169,7 +169,7 @@ public function testAcl($expectsWrite, $readOnlyValue, $hasOwnerSet): void {
 			'protected' => true
 		], [
 			'privilege' => '{DAV:}write-properties',
-			'principal' => '{DAV:}authenticated',
+			'principal' => $hasOwnerSet ? 'user1' : 'user2',
 			'protected' => true
 		]];
 		if ($hasOwnerSet) {