/** * Returns a representation of the principal as a collection */ function AsCollection() { $dav_name = isset($this->original_request_url) ? DeconstructURL($this->original_request_url) : $this->dav_name(); $collection = (object) array('collection_id' => $this->principal_id() ? $this->principal_id() : 0, 'is_calendar' => false, 'is_addressbook' => false, 'is_principal' => true, 'type' => 'principal' . (isset($this->original_request_url) ? '_link' : ''), 'user_no' => $this->user_no() ? $this->user_no() : 0, 'username' => $this->username(), 'dav_name' => $dav_name, 'parent_container' => '/', 'email' => $this->email() ? $this->email() : '', 'created' => $this->created, 'updated' => $this->modified, 'dav_etag' => substr($this->unique_tag(), 1, -1), 'resourcetypes' => $this->resourcetypes); $collection->dav_displayname = isset($this->dav_displayname) ? $this->dav_displayname : (isset($this->fullname) ? $this->fullname : $collection->username); return $collection; }
/** * Return general server-related properties for this URL */ function ResourceProperty($tag, $prop, &$reply, &$denied) { global $c, $session, $request; // dbg_error_log( 'DAVResource', 'Processing "%s" on "%s".', $tag, $this->dav_name ); if ($reply === null) { $reply = $GLOBALS['reply']; } switch ($tag) { case 'DAV::allprop': $property_list = $this->DAV_AllProperties(); $discarded = array(); foreach ($property_list as $k => $v) { $this->ResourceProperty($v, $prop, $reply, $discarded); } break; case 'DAV::href': $prop->NewElement('href', ConstructURL($this->dav_name)); break; case 'DAV::resource-id': if ($this->resource_id > 0) { $reply->DAVElement($prop, 'resource-id', $reply->href(ConstructURL('/.resources/' . $this->resource_id))); } else { return false; } break; case 'DAV::parent-set': $sql = <<<EOQRY SELECT b.parent_container FROM dav_binding b JOIN collection c ON (b.bound_source_id=c.collection_id) WHERE regexp_replace( b.dav_name, '^.*/', c.dav_name ) = :bound_from EOQRY; $qry = new AwlQuery($sql, array(':bound_from' => $this->bound_from())); $parents = array(); if ($qry->Exec('DAVResource', __LINE__, __FILE__) && $qry->rows() > 0) { while ($row = $qry->Fetch()) { $parents[$row->parent_container] = true; } } $parents[preg_replace('{(?<=/)[^/]+/?$}', '', $this->bound_from())] = true; $parents[preg_replace('{(?<=/)[^/]+/?$}', '', $this->dav_name())] = true; $parent_set = $reply->DAVElement($prop, 'parent-set'); foreach ($parents as $parent => $v) { if (preg_match('{^(.*)?/([^/]+)/?$}', $parent, $matches)) { $reply->DAVElement($parent_set, 'parent', array(new XMLElement('href', ConstructURL($matches[1])), new XMLElement('segment', $matches[2]))); } else { if ($parent == '/') { $reply->DAVElement($parent_set, 'parent', array(new XMLElement('href', '/'), new XMLElement('segment', ConstructURL('/') == '/caldav.php/' ? 'caldav.php' : ''))); } } } break; case 'DAV::getcontenttype': if (!isset($this->contenttype) && !$this->_is_collection && !isset($this->resource)) { $this->FetchResource(); } $prop->NewElement('getcontenttype', $this->contenttype); break; case 'DAV::resourcetype': $resourcetypes = $prop->NewElement('resourcetype'); if ($this->_is_collection) { $type_list = $this->GetProperty('resourcetype'); if (!is_array($type_list)) { return true; } // dbg_error_log( 'DAVResource', ':ResourceProperty: "%s" are "%s".', $tag, implode(', ',$type_list) ); foreach ($type_list as $k => $v) { if ($v == '') { continue; } $reply->NSElement($resourcetypes, $v); } if ($this->_is_binding) { $reply->NSElement($resourcetypes, 'http://xmlns.davical.org/davical:webdav-binding'); } } break; case 'DAV::getlastmodified': /** getlastmodified is HTTP Date format: i.e. the Last-Modified header in response to a GET */ $reply->NSElement($prop, $tag, ISODateToHTTPDate($this->GetProperty('modified'))); break; case 'DAV::creationdate': /** creationdate is ISO8601 format */ $reply->NSElement($prop, $tag, DateToISODate($this->GetProperty('created'), true)); break; case 'DAV::getcontentlength': if ($this->_is_collection) { return false; } if (!isset($this->resource)) { $this->FetchResource(); } if (isset($this->resource)) { $reply->NSElement($prop, $tag, strlen($this->resource->caldav_data)); } break; case 'DAV::getcontentlanguage': $locale = isset($c->current_locale) ? $c->current_locale : ''; if (isset($this->locale) && $this->locale != '') { $locale = $this->locale; } $reply->NSElement($prop, $tag, $locale); break; case 'DAV::acl-restrictions': $reply->NSElement($prop, $tag, array(new XMLElement('grant-only'), new XMLElement('no-invert'))); break; case 'DAV::inherited-acl-set': $inherited_acls = array(); if (!$this->_is_collection) { $inherited_acls[] = $reply->href(ConstructURL($this->collection->dav_name)); } $reply->NSElement($prop, $tag, $inherited_acls); break; case 'DAV::owner': // The principal-URL of the owner if ($this->IsExternal()) { $reply->DAVElement($prop, 'owner', $reply->href(ConstructURL($this->collection->bound_from))); } else { $reply->DAVElement($prop, 'owner', $reply->href(ConstructURL(DeconstructURL($this->principal_url())))); } break; case 'DAV::add-member': if (!$this->_is_collection) { return false; } if (isset($c->post_add_member) && $c->post_add_member === false) { return false; } $reply->DAVElement($prop, 'add-member', $reply->href(ConstructURL(DeconstructURL($this->url())) . '?add-member')); break; // Empty tag responses. // Empty tag responses. case 'DAV::group': case 'DAV::alternate-URI-set': $reply->NSElement($prop, $tag); break; case 'DAV::getetag': if ($this->_is_collection) { return false; } $reply->NSElement($prop, $tag, $this->unique_tag()); break; case 'http://calendarserver.org/ns/:getctag': if (!$this->_is_collection) { return false; } $reply->NSElement($prop, $tag, $this->unique_tag()); break; case 'DAV::sync-token': if (!$this->_is_collection) { return false; } $sync_token = $this->sync_token(); if (empty($sync_token)) { return false; } $reply->NSElement($prop, $tag, $sync_token); break; case 'http://calendarserver.org/ns/:calendar-proxy-read-for': $proxy_type = 'read'; case 'http://calendarserver.org/ns/:calendar-proxy-write-for': if (isset($c->disable_caldav_proxy) && $c->disable_caldav_proxy) { return false; } if (!isset($proxy_type)) { $proxy_type = 'write'; } // ProxyFor is an already constructed URL $reply->CalendarserverElement($prop, 'calendar-proxy-' . $proxy_type . '-for', $reply->href($this->principal->ProxyFor($proxy_type))); break; case 'DAV::current-user-privilege-set': if ($this->HavePrivilegeTo('DAV::read-current-user-privilege-set')) { $reply->NSElement($prop, $tag, $this->BuildPrivileges()); } else { $denied[] = $tag; } break; case 'urn:ietf:params:xml:ns:caldav:supported-calendar-data': if (!$this->IsCalendar() && !$this->IsSchedulingCollection()) { return false; } $reply->NSElement($prop, $tag, 'text/calendar'); break; case 'urn:ietf:params:xml:ns:caldav:supported-calendar-component-set': if (!$this->_is_collection) { return false; } if ($this->IsCalendar()) { if (!isset($this->dead_properties)) { $this->FetchDeadProperties(); } if (isset($this->dead_properties[$tag])) { $set_of_components = $this->dead_properties[$tag]; foreach ($set_of_components as $k => $v) { if (preg_match('{(VEVENT|VTODO|VJOURNAL|VTIMEZONE|VFREEBUSY|VPOLL|VAVAILABILITY)}', $v, $matches)) { $set_of_components[$k] = $matches[1]; } else { unset($set_of_components[$k]); } } } else { if (isset($c->default_calendar_components) && is_array($c->default_calendar_components)) { $set_of_components = $c->default_calendar_components; } else { $set_of_components = array('VEVENT', 'VTODO', 'VJOURNAL'); } } } else { if ($this->IsSchedulingCollection()) { $set_of_components = array('VEVENT', 'VTODO', 'VFREEBUSY'); } else { return false; } } $components = array(); foreach ($set_of_components as $v) { $components[] = $reply->NewXMLElement('comp', '', array('name' => $v), 'urn:ietf:params:xml:ns:caldav'); } $reply->CalDAVElement($prop, 'supported-calendar-component-set', $components); break; case 'DAV::supported-method-set': $prop->NewElement('supported-method-set', $this->BuildSupportedMethods()); break; case 'DAV::supported-report-set': $prop->NewElement('supported-report-set', $this->BuildSupportedReports($reply)); break; case 'DAV::supportedlock': $prop->NewElement('supportedlock', new XMLElement('lockentry', array(new XMLElement('lockscope', new XMLElement('exclusive')), new XMLElement('locktype', new XMLElement('write'))))); break; case 'DAV::supported-privilege-set': $prop->NewElement('supported-privilege-set', $request->BuildSupportedPrivileges($reply)); break; case 'DAV::principal-collection-set': $prop->NewElement('principal-collection-set', $reply->href(ConstructURL('/'))); break; case 'DAV::current-user-principal': $prop->NewElement('current-user-principal', $reply->href(ConstructURL(DeconstructURL($request->principal->url())))); break; case 'SOME-DENIED-PROPERTY': /** indicating the style for future expansion */ $denied[] = $reply->Tag($tag); break; case 'urn:ietf:params:xml:ns:caldav:calendar-timezone': if (!$this->_is_collection) { return false; } if (!isset($this->collection->vtimezone) || $this->collection->vtimezone == '') { return false; } $cal = new iCalComponent(); $cal->VCalendar(); $cal->AddComponent(new iCalComponent($this->collection->vtimezone)); $reply->NSElement($prop, $tag, $cal->Render()); break; case 'urn:ietf:params:xml:ns:carddav:address-data': case 'urn:ietf:params:xml:ns:caldav:calendar-data': if ($this->_is_collection) { return false; } if (!isset($c->sync_resource_data_ok) || $c->sync_resource_data_ok == false) { return false; } if (!isset($this->resource)) { $this->FetchResource(); } $reply->NSElement($prop, $tag, $this->resource->caldav_data); break; case 'urn:ietf:params:xml:ns:carddav:max-resource-size': if (!$this->_is_collection || !$this->_is_addressbook) { return false; } $reply->NSElement($prop, $tag, 65500); break; case 'urn:ietf:params:xml:ns:carddav:supported-address-data': if (!$this->_is_collection || !$this->_is_addressbook) { return false; } $address_data = $reply->NewXMLElement('address-data', false, array('content-type' => 'text/vcard', 'version' => '3.0'), 'urn:ietf:params:xml:ns:carddav'); $reply->NSElement($prop, $tag, $address_data); break; case 'DAV::acl': if ($this->HavePrivilegeTo('DAV::read-acl')) { $reply->NSElement($prop, $tag, $this->GetACL($reply)); } else { $denied[] = $tag; } break; case 'http://www.xythos.com/namespaces/StorageServer:ticketdiscovery': case 'DAV::ticketdiscovery': $reply->NSElement($prop, 'http://www.xythos.com/namespaces/StorageServer:ticketdiscovery', $this->BuildTicketinfo($reply)); break; default: $property_value = $this->GetProperty(preg_replace('{^(DAV:|urn:ietf:params:xml:ns:ca(rd|l)dav):}', '', $tag)); if (isset($property_value)) { $reply->NSElement($prop, $tag, $property_value); } else { if (!isset($this->dead_properties)) { $this->FetchDeadProperties(); } if (isset($this->dead_properties[$tag])) { $reply->NSElement($prop, $tag, $this->dead_properties[$tag]); } else { // dbg_error_log( 'DAVResource', 'Request for unsupported property "%s" of path "%s".', $tag, $this->dav_name ); return false; } } } return true; }
/** * Initialise from a path * @param object $inpath The path to populate the resource data from */ function FromPath($inpath) { global $c; $this->dav_name = DeconstructURL($inpath); $this->FetchCollection(); if ($this->_is_collection) { if ($this->_is_principal || $this->collection->type == 'principal') { $this->FetchPrincipal(); } } else { $this->FetchResource(); } dbg_error_log('DAVResource', ':FromPath: Path "%s" is%s a collection%s.', $this->dav_name, $this->_is_collection ? ' ' . $this->resourcetypes : ' not', $this->_is_principal ? ' and a principal' : ''); }
function process_ace($grantor, $by_principal, $by_collection, $ace) { global $cache_delete_list, $request; $elements = $ace->GetContent(); $principal_node = $elements[0]; $grant = $elements[1]; if ($principal_node->GetNSTag() != 'DAV::principal') { $request->MalformedRequest('ACL request must contain a principal, not ' . $principal->GetNSTag()); } $grant_tag = $grant->GetNSTag(); if ($grant_tag == 'DAV::deny') { $request->PreconditionFailed(403, 'grant-only'); } if ($grant_tag == 'DAV::invert') { $request->PreconditionFailed(403, 'no-invert'); } if ($grant->GetNSTag() != 'DAV::grant') { $request->MalformedRequest('ACL request must contain a principal for each ACE'); } $privilege_names = array(); $xml_privs = $grant->GetPath("/DAV::grant/DAV::privilege/*"); foreach ($xml_privs as $k => $priv) { $privilege_names[] = $priv->GetNSTag(); } $privileges = privilege_to_bits($privilege_names); $principal_content = $principal_node->GetContent(); if (count($principal_content) != 1) { $request->MalformedRequest('ACL request must contain exactly one principal per ACE'); } $principal_content = $principal_content[0]; switch ($principal_content->GetNSTag()) { case 'DAV::property': $principal_property = $principal_content->GetContent(); if ($principal_property[0]->GetNSTag() != 'DAV::owner') { $request->PreconditionFailed(403, 'recognized-principal'); } if (privilege_to_bits('all') != $privileges) { $request->PreconditionFailed(403, 'no-protected-ace-conflict', 'Owner must always have all permissions'); } continue; // and then we ignore it, since it's protected break; case 'DAV::unauthenticated': $request->PreconditionFailed(403, 'allowed-principal', 'May not set privileges for unauthenticated users'); break; case 'DAV::href': $principal_type = 'href'; $grantee = new DAVResource(DeconstructURL($principal_content->GetContent())); $grantee_id = $grantee->getProperty('principal_id'); if (!$grantee->Exists() || !$grantee->IsPrincipal()) { $request->PreconditionFailed(403, 'recognized-principal', 'Principal "' + $principal_content->GetContent() + '" not found.'); } $sqlparms = array(':to_principal' => $grantee_id); $where = 'WHERE to_principal=:to_principal AND '; if (isset($by_principal)) { $sqlparms[':by_principal'] = $by_principal; $where .= 'by_principal = :by_principal'; } else { $sqlparms[':by_collection'] = $by_collection; $where .= 'by_collection = :by_collection'; } $qry = new AwlQuery('SELECT privileges FROM grants ' . $where, $sqlparms); if ($qry->Exec('ACL', __LINE__, __FILE__) && $qry->rows() == 1 && ($current = $qry->Fetch())) { $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24) ' . $where; } else { $sqlparms[':by_principal'] = $by_principal; $sqlparms[':by_collection'] = $by_collection; $sql = 'INSERT INTO grants (by_principal, by_collection, to_principal, privileges) VALUES(:by_principal, :by_collection, :to_principal, :privileges::INT::BIT(24))'; } $sqlparms[':privileges'] = $privileges; $qry = new AwlQuery($sql, $sqlparms); if ($qry->Exec('ACL', __LINE__, __FILE__)) { Principal::cacheDelete('dav_name', $grantee->dav_name()); Principal::cacheFlush('principal_id IN (SELECT member_id FROM group_member WHERE group_id = ?)', array($grantee_id)); } break; case 'DAV::authenticated': $principal_type = 'authenticated'; if (bindec($grantor->GetProperty('default_privileges')) == $privileges) { continue; } // There is no change, so skip it $sqlparms = array(':privileges' => $privileges); if (isset($by_collection)) { $sql = 'UPDATE collection SET default_privileges=:privileges::INT::BIT(24) WHERE collection_id=:by_collection'; $sqlparms[':by_collection'] = $by_collection; } else { $sql = 'UPDATE principal SET default_privileges=:privileges::INT::BIT(24) WHERE principal_id=:by_principal'; $sqlparms[':by_principal'] = $by_principal; } $qry = new AwlQuery($sql, $sqlparms); if ($qry->Exec('ACL', __LINE__, __FILE__)) { /** * Basically this has changed everyone's permissions now, so... */ Principal::cacheFlush('TRUE'); } break; case 'DAV::all': // $principal_type = 'all'; $request->PreconditionFailed(403, 'allowed-principal', 'May not set privileges for unauthenticated users'); break; default: $request->PreconditionFailed(403, 'recognized-principal'); break; } }
$principal_property = $principal_content->GetContent(); if ($principal_property[0]->GetTag() != 'DAV::owner') { $request->PreconditionFailed(403, 'recognized-principal'); } if (privilege_to_bits('all') != $privileges) { $request->PreconditionFailed(403, 'no-protected-ace-conflict', 'Owner must always have all permissions'); } continue; // and then we ignore it, since it's protected break; case 'DAV::unauthenticated': $request->PreconditionFailed(403, 'allowed-principal', 'May not set privileges for unauthenticated users'); break; case 'DAV::href': $principal_type = 'href'; $principal = new DAVResource(DeconstructURL($principal_content->GetContent())); if (!$principal->Exists() || !$principal->IsPrincipal()) { $request->PreconditionFailed(403, 'recognized-principal', 'Principal "' + $principal_content->GetContent() + '" not found.'); } $sqlparms = array(':to_principal' => $principal->GetProperty('principal_id')); $where = 'WHERE to_principal=:to_principal AND '; if (isset($by_principal)) { $sqlparms[':by_principal'] = $by_principal; $where .= 'by_principal = :by_principal'; } else { $sqlparms[':by_collection'] = $by_collection; $where .= 'by_collection = :by_collection'; } $qry = new AwlQuery('SELECT privileges FROM grants ' . $where, $sqlparms); if ($qry->Exec('ACL', __LINE__, __FILE__) && $qry->rows() == 1 && ($current = $qry->Fetch())) { $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24) ' . $where;
/** * Return the URL for this principal * @param string $type The type of URL we want (the principal, by default) * @param boolean $internal Whether an internal reference is requested * @return string The principal-URL */ public function url($type = 'principal', $internal = false) { global $c; if ($internal) { $result = $this->dav_name(); } else { if (isset($this->original_request_url) && $type == 'principal') { $result = $this->original_request_url; } else { $result = $this->url; } } switch ($type) { case 'principal': break; case 'schedule-default-calendar': $result = $this->default_calendar(); break; case 'schedule-inbox': $result .= '.in/'; break; case 'schedule-outbox': $result .= '.out/'; break; case 'dropbox': $result .= '.drop/'; break; case 'notifications': $result .= '.notify/'; break; default: fatal('Unknown internal URL type "' . $type . '"'); } return ConstructURL(DeconstructURL($result)); }