public function testJsonConversion()
{
$json = DAVACL_Element_ace::aces2json(array($this->obj));
$objects = DAVACL_Element_ace::json2aces($json);
$expected = array($this->obj);
$expected[0]->inherited = null;
$this->assertEquals($expected, $objects, 'Json created with DAVACL_Element_ace::aces2json() should be converted back to the original objects by DAVACL_Element_ace::json2aces(), except for the inherited property, which should be null after deserialization');
}
/**
* @see DAVACL_Resource::user_set_acl()
*/
public function user_set_acl($aces)
{
$trimmedPath = trim($this->path, '/');
if (substr($trimmedPath, 0, 5) === 'home' . DIRECTORY_SEPARATOR && strrpos($trimmedPath, '/') === 4) {
// This is a user's home folder, so no ACE's allowed which grant access to 'DAV: unauthenticated' or 'DAV: authenticated' principals
foreach ($aces as $ace) {
if (!$ace->deny && ($ace->principal === DAVACL::PRINCIPAL_ALL || $ace->principal === DAVACL::PRINCIPAL_AUTHENTICATED || $ace->principal === DAVACL::PRINCIPAL_UNAUTHENTICATED)) {
throw new DAV_Status(DAV::HTTP_FORBIDDEN, "On users' home folders, it is not allowed to grant privileges to unauthenticated users or to 'all BeeHub users' in general");
}
}
}
$this->user_set(DAV::PROP_ACL, $aces ? DAVACL_Element_ace::aces2json($aces) : null);
$this->storeProperties();
}
public function method_MOVE($member, $destination)
{
$this->assert(DAVACL::PRIV_UNBIND);
// Get the ACL of the source (including inherited ACE's)
$sourceAcl = DAV::$REGISTRY->resource($this->path . $member)->user_prop_acl();
// Determine if moving is allowed and if so, move the object
DAV::$REGISTRY->resource($this->path . $member)->assert(DAVACL::PRIV_WRITE_CONTENT);
DAV::$REGISTRY->resource($this->path . $member)->assert(BeeHub::PRIV_READ_CONTENT);
DAV::$REGISTRY->resource($this->path . $member)->assert(DAVACL::PRIV_READ_ACL);
$destinationResource = DAV::$REGISTRY->resource($destination);
if ($destinationResource instanceof DAVACL_Resource) {
$destinationResource->assert(DAVACL::PRIV_WRITE_CONTENT);
$destinationResource->assert(DAVACL::PRIV_WRITE_ACL);
$destinationResource->delete_recursively();
} else {
DAV::$REGISTRY->resource(dirname($destination))->assert(DAVACL::PRIV_WRITE_CONTENT);
}
$localDest = BeeHub::localPath($destination);
rename(BeeHub::localPath($this->path . $member), $localDest);
// Then move all properties to the new location
$filesCollection = BeeHub::getNoSQL()->selectCollection('files');
$path = DAV::unslashify($this->path . $member);
if (substr($path, 0, 1) === '/') {
$path = substr($path, 1);
}
$newPath = DAV::unslashify($destination);
if (substr($newPath, 0, 1) === '/') {
$newPath = substr($newPath, 1);
}
// We look up all paths that begin with the path of the resource we have to
// move. If it is a collection, this means we will also find all child
// resources and thus change all their locations in the database too.
$mongoResults = $filesCollection->find(array('path' => array('$regex' => '^' . preg_quote($path) . '(/.*|$)')));
foreach ($mongoResults as $mongoDocument) {
$mongoDocument['path'] = $newPath . substr($mongoDocument['path'], strlen($path));
$mongoDocument['depth'] = substr_count($mongoDocument['path'], '/') + 1;
$filesCollection->save($mongoDocument);
}
$locksCollection = BeeHub::getNoSQL()->selectCollection('locks');
$mongoResults = $locksCollection->find(array('path' => array('$regex' => '^' . preg_quote($path) . '/.*')));
foreach ($mongoResults as $mongoDocument) {
$mongoDocument['path'] = $newPath . substr($mongoDocument['path'], strlen($path));
$locksCollection->save($mongoDocument);
}
$locksCollection->remove(array('path' => $path));
// We need to make sure that the effective ACL at the destination is the same as at the resource
$destinationAcl = array();
$inheritedAcl = array();
$copyInherited = true;
foreach ($sourceAcl as $ace) {
if ($ace->protected) {
// Protected ACE's don't require copying; at this moment all resources have the same protected resources
continue;
}
if ($ace->inherited) {
// Inherited ACE's don't always need to be copied, so let's store them seperately for now
$ace->inherited = null;
$inheritedAcl[] = $ace;
} else {
// If there is already a 'deny all to everybody' ACE in the ACL, then no need to copy any inherited ACL's
if ($ace->principal === DAVACL::PRINCIPAL_ALL && !$ace->invert && in_array(DAVACL::PRIV_ALL, $ace->privileges) && $ace->deny) {
$copyInherited = false;
}
$destinationAcl[] = $ace;
}
}
$destinationResource = DAV::$REGISTRY->resource($destination);
// If the inherited ACE's at the destination are the same as at the source, then no need to copy them (for example when moving within the same directory). The effective ACL will still be the same
if ($copyInherited) {
$oldDestinationAcl = $destinationResource->user_prop_acl();
$copyInherited = false;
foreach ($oldDestinationAcl as $ace) {
if (!$ace->inherited) {
continue;
}
if (count($inheritedAcl) > 0 && $ace->principal === $inheritedAcl[0]->principal && $ace->invert === $inheritedAcl[0]->invert && $ace->deny === $inheritedAcl[0]->deny && $ace->privileges === $inheritedAcl[0]->privileges) {
array_shift($inheritedAcl);
} else {
$copyInherited = true;
break;
}
}
}
// If needed; copy the inherited ACE's so we have the complete ACL of the source. And end it with a 'deny all to everybody' ACE so inherited ACE's at the destination don't change the effective ACL
if ($copyInherited) {
$destinationAcl = array_merge($destinationAcl, $inheritedAcl);
$destinationAcl[] = new DAVACL_Element_ace(DAVACL::PRINCIPAL_ALL, false, array(DAVACL::PRIV_ALL), true, false, null);
}
// And store the ACL at the destination
$destinationResource->user_set(DAV::PROP_ACL, $destinationAcl ? DAVACL_Element_ace::aces2json($destinationAcl) : null);
$destinationResource->storeProperties();
}
