From f7dd3a11fe0ff7aa80c53ef288db47148015859f Mon Sep 17 00:00:00 2001
From: Hamza <hamzamahjoubi221@gmail.com>
Date: Thu, 7 May 2026 14:07:33 +0200
Subject: [PATCH] fix: add proper ACLs for trashbin proxys

Signed-off-by: Hamza <hamzamahjoubi221@gmail.com>
---
 .htaccess                                     |  4 ++++
 apps/dav/lib/CalDAV/Trashbin/TrashbinHome.php | 23 +++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/.htaccess b/.htaccess
index 164a630b75f9b..0fbb169a512e0 100644
--- a/.htaccess
+++ b/.htaccess
@@ -123,3 +123,7 @@
 
 AddDefaultCharset utf-8
 Options -Indexes
+#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####
+
+ErrorDocument 403 /index.php/error/403
+ErrorDocument 404 /index.php/error/404
diff --git a/apps/dav/lib/CalDAV/Trashbin/TrashbinHome.php b/apps/dav/lib/CalDAV/Trashbin/TrashbinHome.php
index 1c76bd2295d8b..58df321fd1e82 100644
--- a/apps/dav/lib/CalDAV/Trashbin/TrashbinHome.php
+++ b/apps/dav/lib/CalDAV/Trashbin/TrashbinHome.php
@@ -36,6 +36,29 @@ public function getOwner(): string {
 		return $this->principalInfo['uri'];
 	}
 
+	#[\Override]
+	public function getACL(): array {
+		$ownerPrincipal = $this->principalInfo['uri'];
+		return [
+			[
+				'privilege' => '{DAV:}all',
+				'principal' => $ownerPrincipal,
+				'protected' => true,
+			],
+			[
+				'privilege' => '{DAV:}read',
+				'principal' => $ownerPrincipal . '/calendar-proxy-write',
+				'protected' => true,
+			],
+			[
+				'privilege' => '{DAV:}read',
+				'principal' => $ownerPrincipal . '/calendar-proxy-read',
+				'protected' => true,
+			],
+		];
+	}
+
+	#[\Override]
 	public function createFile($name, $data = null) {
 		throw new Forbidden('Permission denied to create files in the trashbin');
 	}