function obfuscated_event($icalendar)
{
// The user is not admin / owner of this calendar looking at his calendar and can not admin the other cal,
// or maybe they don't have *read* access but they got here, so they must at least have free/busy access
// so we will present an obfuscated version of the event that just says "Busy" (translated :-)
$confidential = new iCalComponent();
$confidential->SetType($icalendar->GetType());
$confidential->AddProperty('SUMMARY', translate('Busy'));
$confidential->AddProperty('CLASS', 'CONFIDENTIAL');
$confidential->SetProperties($icalendar->GetProperties('DTSTART'), 'DTSTART');
$confidential->SetProperties($icalendar->GetProperties('RRULE'), 'RRULE');
$confidential->SetProperties($icalendar->GetProperties('DURATION'), 'DURATION');
$confidential->SetProperties($icalendar->GetProperties('DTEND'), 'DTEND');
$confidential->SetProperties($icalendar->GetProperties('UID'), 'UID');
$confidential->SetProperties($icalendar->GetProperties('CREATED'), 'CREATED');
return $confidential;
}
/**
* Return XML for a single component from the DB
*
* @param array $properties The properties for this component
* @param string $item The DB row data for this component
*
* @return string An XML document which is the response for the component
*/
function component_to_xml($properties, $item)
{
global $session, $c, $request, $reply;
dbg_error_log("REPORT", "Building XML Response for item '%s'", $item->dav_name);
$denied = array();
$unsupported = array();
$caldav_data = $item->caldav_data;
$displayname = preg_replace('{^.*/}', '', $item->dav_name);
$type = 'unknown';
$contenttype = 'text/plain';
switch ($item->caldav_type) {
case 'VJOURNAL':
case 'VEVENT':
case 'VTODO':
$displayname = $item->summary;
$type = 'calendar';
$contenttype = 'text/calendar';
break;
case 'VCARD':
$displayname = $item->fn;
$type = 'vcard';
$contenttype = 'text/vcard';
break;
}
if (isset($properties['calendar-data']) || isset($properties['displayname'])) {
if (!$request->AllowedTo('all') && $session->user_no != $item->user_no) {
// the user is not admin / owner of this calendarlooking at his calendar and can not admin the other cal
/** @todo We should examine the ORGANIZER and ATTENDEE fields in the event. If this person is there then they should see this */
if ($type == 'calendar' && $item->class == 'CONFIDENTIAL' || !$request->AllowedTo('read')) {
$ical = new iCalComponent($caldav_data);
$resources = $ical->GetComponents('VTIMEZONE', false);
$first = $resources[0];
// if the event is confidential we fake one that just says "Busy"
$confidential = new iCalComponent();
$confidential->SetType($first->GetType());
$confidential->AddProperty('SUMMARY', translate('Busy'));
$confidential->AddProperty('CLASS', 'CONFIDENTIAL');
$confidential->SetProperties($first->GetProperties('DTSTART'), 'DTSTART');
$confidential->SetProperties($first->GetProperties('RRULE'), 'RRULE');
$confidential->SetProperties($first->GetProperties('DURATION'), 'DURATION');
$confidential->SetProperties($first->GetProperties('DTEND'), 'DTEND');
$confidential->SetProperties($first->GetProperties('UID'), 'UID');
$ical->SetComponents(array($confidential), $confidential->GetType());
$caldav_data = $ical->Render();
$displayname = translate('Busy');
}
}
}
$url = ConstructURL($item->dav_name);
$prop = new XMLElement("prop");
foreach ($properties as $k => $v) {
switch ($k) {
case 'getcontentlength':
$contentlength = strlen($caldav_data);
$prop->NewElement($k, $contentlength);
break;
case 'getlastmodified':
$prop->NewElement($k, ISODateToHTTPDate($item->modified));
break;
case 'calendar-data':
if ($type == 'calendar') {
$reply->CalDAVElement($prop, $k, $caldav_data);
} else {
$unsupported[] = $k;
}
break;
case 'address-data':
if ($type == 'vcard') {
$reply->CardDAVElement($prop, $k, $caldav_data);
} else {
$unsupported[] = $k;
}
break;
case 'getcontenttype':
$prop->NewElement($k, $contenttype);
break;
case 'current-user-principal':
$prop->NewElement("current-user-principal", $request->current_user_principal_xml);
break;
case 'displayname':
$prop->NewElement($k, $displayname);
break;
case 'resourcetype':
$prop->NewElement($k);
// Just an empty resourcetype for a non-collection.
break;
case 'getetag':
$prop->NewElement($k, '"' . $item->dav_etag . '"');
break;
case '"current-user-privilege-set"':
$prop->NewElement($k, privileges($request->permissions));
break;
case 'SOME-DENIED-PROPERTY':
/** indicating the style for future expansion */
$denied[] = $k;
break;
default:
dbg_error_log('REPORT', "Request for unsupported property '%s' of calendar item.", $v);
$unsupported[] = $k;
}
}
$status = new XMLElement("status", "HTTP/1.1 200 OK");
$propstat = new XMLElement("propstat", array($prop, $status));
$href = new XMLElement("href", $url);
$elements = array($href, $propstat);
if (count($denied) > 0) {
$status = new XMLElement("status", "HTTP/1.1 403 Forbidden");
$noprop = new XMLElement("prop");
foreach ($denied as $k => $v) {
$noprop->NewElement(strtolower($v));
}
$elements[] = new XMLElement("propstat", array($noprop, $status));
}
if (count($unsupported) > 0) {
$status = new XMLElement("status", "HTTP/1.1 404 Not Found");
$noprop = new XMLElement("prop");
foreach ($unsupported as $k => $v) {
$noprop->NewElement(strtolower($v));
}
$elements[] = new XMLElement("propstat", array($noprop, $status));
}
$response = new XMLElement("response", $elements);
return $response;
}
/**
* Generate a VTODO from a SyncAppointment(Exception)
* @param string $data
* @param string $id
* @return iCalComponent
*/
private function _ParseASTaskToVTodo($data, $id)
{
$vtodo = new iCalComponent();
$vtodo->SetType("VTODO");
if (isset($data->body)) {
$vtodo->AddProperty("DESCRIPTION", $data->body);
}
if (isset($data->asbody->data)) {
if (isset($data->nativebodytype) && $data->nativebodytype == SYNC_BODYPREFERENCE_RTF) {
$rtfparser = new rtf();
$rtfparser->loadrtf(base64_decode($data->asbody->data));
$rtfparser->output("ascii");
$rtfparser->parse();
$vtodo->AddProperty("DESCRIPTION", $rtfparser->out);
} else {
$vtodo->AddProperty("DESCRIPTION", $data->asbody->data);
}
}
if (isset($data->complete)) {
if ($data->complete == "0") {
$vtodo->AddProperty("STATUS", "NEEDS-ACTION");
} else {
$vtodo->AddProperty("STATUS", "COMPLETED");
}
}
if (isset($data->datecompleted)) {
$vtodo->AddProperty("COMPLETED", gmdate("Ymd\\THis\\Z", $data->datecompleted));
}
if ($data->utcduedate) {
$vtodo->AddProperty("DUE", gmdate("Ymd\\THis\\Z", $data->utcduedate));
}
if (isset($data->importance)) {
if ($data->importance == "1") {
$vtodo->AddProperty("PRIORITY", 6);
} elseif ($data->importance == "2") {
$vtodo->AddProperty("PRIORITY", 9);
} else {
$vtodo->AddProperty("PRIORITY", 1);
}
}
if (isset($data->recurrence)) {
$vtodo->AddProperty("RRULE", $this->_GenerateRecurrence($data->recurrence));
}
if ($data->reminderset && $data->remindertime) {
$valarm = new iCalComponent();
$valarm->SetType("VALARM");
$valarm->AddProperty("ACTION", "DISPLAY");
$valarm->AddProperty("TRIGGER;VALUE=DATE-TIME", gmdate("Ymd\\THis\\Z", $data->remindertime));
$vtodo->AddComponent($valarm);
}
if (isset($data->sensitivity)) {
switch ($data->sensitivity) {
case "0":
$vtodo->AddProperty("CLASS", "PUBLIC");
break;
case "2":
$vtodo->AddProperty("CLASS", "PRIVATE");
break;
case "3":
$vtodo->AddProperty("CLASS", "CONFIDENTIAL");
break;
}
}
if (isset($data->utcstartdate)) {
$vtodo->AddProperty("DTSTART", gmdate("Ymd\\THis\\Z", $data->utcstartdate));
}
if (isset($data->subject)) {
$vtodo->AddProperty("SUMMARY", $data->subject);
}
if (isset($data->rtf)) {
$rtfparser = new rtf();
$rtfparser->loadrtf(base64_decode($data->rtf));
$rtfparser->output("ascii");
$rtfparser->parse();
$vtodo->AddProperty("DESCRIPTION", $rtfparser->out);
}
if (isset($data->categories) && is_array($data->categories)) {
$vtodo->AddProperty("CATEGORIES", implode(",", $data->categories));
}
return $vtodo;
}
function export_iCalendar(DAVResource $dav_resource)
{
global $session, $c, $request;
if (!$dav_resource->IsCalendar() && !(isset($c->get_includes_subcollections) && $c->get_includes_subcollections)) {
/** RFC2616 says we must send an Allow header if we send a 405 */
header("Allow: PROPFIND,PROPPATCH,OPTIONS,MKCOL,REPORT,DELETE");
$request->DoResponse(405, translate("GET requests on collections are only supported for calendars."));
}
/**
* The CalDAV specification does not define GET on a collection, but typically this is
* used as a .ics download for the whole collection, which is what we do also.
*/
if (isset($c->get_includes_subcollections) && $c->get_includes_subcollections) {
$where = 'caldav_data.collection_id IN ';
$where .= '(SELECT bound_source_id FROM dav_binding WHERE dav_binding.dav_name ~ :path_match ';
$where .= 'UNION ';
$where .= 'SELECT collection_id FROM collection WHERE collection.dav_name ~ :path_match) ';
$params = array(':path_match' => '^' . $dav_resource->dav_name());
$distinct = 'DISTINCT ON (calendar_item.uid) ';
} else {
$where = 'caldav_data.collection_id = :collection_id ';
$params = array(':collection_id' => $dav_resource->resource_id());
$distinct = '';
}
$sql = 'SELECT ' . $distinct . ' caldav_data, class, caldav_type, calendar_item.user_no, logged_user ';
$sql .= 'FROM collection INNER JOIN caldav_data USING(collection_id) ';
$sql .= 'INNER JOIN calendar_item USING ( dav_id ) WHERE ' . $where;
if (isset($c->strict_result_ordering) && $c->strict_result_ordering) {
$sql .= ' ORDER BY calendar_item.uid, calendar_item.dav_id';
}
$qry = new AwlQuery($sql, $params);
if (!$qry->Exec("GET", __LINE__, __FILE__)) {
$request->DoResponse(500, translate("Database Error"));
}
/**
* Here we are constructing a whole calendar response for this collection, including
* the timezones that are referred to by the events we have selected.
*/
$vcal = new iCalComponent();
$vcal->VCalendar();
$displayname = $dav_resource->GetProperty('displayname');
if (isset($displayname)) {
$vcal->AddProperty("X-WR-CALNAME", $displayname);
}
if (!empty($c->auto_refresh_duration)) {
$vcal->AddProperty("X-APPLE-AUTO-REFRESH-INTERVAL", $c->auto_refresh_duration);
$vcal->AddProperty("AUTO-REFRESH", $c->auto_refresh_duration);
$vcal->AddProperty("X-PUBLISHED-TTL", $c->auto_refresh_duration);
}
$need_zones = array();
$timezones = array();
while ($event = $qry->Fetch()) {
$ical = new iCalComponent($event->caldav_data);
/** Save the timezone component(s) into a minimal set for inclusion later */
$event_zones = $ical->GetComponents('VTIMEZONE', true);
foreach ($event_zones as $k => $tz) {
$tzid = $tz->GetPValue('TZID');
if (!isset($tzid)) {
continue;
}
if ($tzid != '' && !isset($timezones[$tzid])) {
$timezones[$tzid] = $tz;
}
}
/** Work out which ones are actually used here */
$comps = $ical->GetComponents('VTIMEZONE', false);
foreach ($comps as $k => $comp) {
$tzid = $comp->GetPParamValue('DTSTART', 'TZID');
if (isset($tzid) && !isset($need_zones[$tzid])) {
$need_zones[$tzid] = 1;
}
$tzid = $comp->GetPParamValue('DUE', 'TZID');
if (isset($tzid) && !isset($need_zones[$tzid])) {
$need_zones[$tzid] = 1;
}
$tzid = $comp->GetPParamValue('DTEND', 'TZID');
if (isset($tzid) && !isset($need_zones[$tzid])) {
$need_zones[$tzid] = 1;
}
if ($dav_resource->HavePrivilegeTo('all', false) || $session->user_no == $event->user_no || $session->user_no == $event->logged_user || isset($session->email) && $c->allow_get_email_visibility && $comp->IsAttendee($session->email)) {
/**
* These people get to see all of the event, and they should always
* get any alarms as well.
*/
$vcal->AddComponent($comp);
continue;
}
/** No visibility even of the existence of these events if they aren't admin/owner/attendee */
if ($event->class == 'PRIVATE') {
continue;
}
if (!$dav_resource->HavePrivilegeTo('DAV::read') || $event->class == 'CONFIDENTIAL') {
$vcal->AddComponent(obfuscated_event($comp));
} elseif (isset($c->hide_alarm) && $c->hide_alarm) {
// Otherwise we hide the alarms (if configured to)
$comp->ClearComponents('VALARM');
$vcal->AddComponent($comp);
} else {
$vcal->AddComponent($comp);
}
}
}
/** Put the timezones on there that we need */
foreach ($need_zones as $tzid => $v) {
if (isset($timezones[$tzid])) {
$vcal->AddComponent($timezones[$tzid]);
}
}
return $vcal->Render();
}
function get_freebusy($path_match, $range_start, $range_end, $bin_privs = null)
{
global $request;
// printf( "Path: %s\n", $path_match);
// print_r($range_start);
// print_r($range_end);
if (!isset($bin_privs)) {
$bin_privs = $request->Privileges();
}
if (!isset($range_start) || !isset($range_end)) {
$request->DoResponse(400, 'All valid freebusy requests MUST contain a time-range filter');
}
$params = array(':path_match' => $path_match, ':start' => $range_start->UTC(), ':end' => $range_end->UTC());
$where = ' WHERE caldav_data.dav_name ~ :path_match ';
$where .= 'AND rrule_event_overlaps( dtstart, dtend, rrule, :start, :end) ';
$where .= "AND caldav_data.caldav_type IN ( 'VEVENT', 'VTODO' ) ";
$where .= "AND (calendar_item.transp != 'TRANSPARENT' OR calendar_item.transp IS NULL) ";
$where .= "AND (calendar_item.status != 'CANCELLED' OR calendar_item.status IS NULL) ";
$where .= "AND collection.is_calendar AND collection.schedule_transp = 'opaque' ";
if ($bin_privs != privilege_to_bits('all')) {
$where .= "AND (calendar_item.class != 'PRIVATE' OR calendar_item.class IS NULL) ";
}
// $debugging = true;
$fbtimes = array();
$sql = 'SELECT caldav_data.caldav_data, calendar_item.rrule, calendar_item.transp, calendar_item.status, ';
$sql .= "to_char(calendar_item.dtstart at time zone 'GMT'," . iCalendar::SqlUTCFormat() . ') AS start, ';
$sql .= "to_char(calendar_item.dtend at time zone 'GMT'," . iCalendar::SqlUTCFormat() . ') AS finish, ';
$sql .= "calendar_item.class, calendar_item.dav_id ";
$sql .= 'FROM caldav_data INNER JOIN calendar_item USING(dav_id,user_no,dav_name,collection_id) ';
$sql .= 'INNER JOIN collection USING(collection_id)';
$sql .= $where;
if (isset($c->strict_result_ordering) && $c->strict_result_ordering) {
$sql .= ' ORDER BY dav_id';
}
$qry = new AwlQuery($sql, $params);
if ($qry->Exec("REPORT", __LINE__, __FILE__) && $qry->rows() > 0) {
while ($calendar_object = $qry->Fetch()) {
$extra = '';
if ($calendar_object->status == 'TENTATIVE') {
$extra = ';BUSY-TENTATIVE';
}
// else if ( $debugging ) {
// $extra = ';'.$calendar_object->dav_id;
// }
dbg_error_log("REPORT", " FreeBusy: Not transparent, tentative or cancelled: %s, %s, %s", $calendar_object->start, $calendar_object->finish, $calendar_object->class);
$ics = new vComponent($calendar_object->caldav_data);
$expanded = expand_event_instances($ics, $range_start, $range_end);
$expansion = $expanded->GetComponents(array('VEVENT' => true, 'VTODO' => true, 'VJOURNAL' => true));
foreach ($expansion as $k => $v) {
// echo "=====================================================\n";
// printf( "Type: %s\n", $v->GetType());
// print_r($v);
// echo "-----------------------------------------------------\n";
$start_date = $v->GetProperty('DTSTART');
if (!isset($start_date)) {
continue;
}
$start_date = new RepeatRuleDateTime($start_date);
$duration = $v->GetProperty('DURATION');
$duration = !isset($duration) ? 'P1D' : $duration->Value();
$end_date = clone $start_date;
$end_date->modify($duration);
if ($end_date == $start_date || $end_date < $range_start || $start_date > $range_end) {
continue;
}
$thisfb = $start_date->UTC() . '/' . $end_date->UTC() . $extra;
array_push($fbtimes, $thisfb);
}
}
}
$freebusy = new iCalComponent();
$freebusy->SetType('VFREEBUSY');
$freebusy->AddProperty('DTSTAMP', date('Ymd\\THis\\Z'));
$freebusy->AddProperty('DTSTART', $range_start->UTC());
$freebusy->AddProperty('DTEND', $range_end->UTC());
sort($fbtimes);
foreach ($fbtimes as $k => $v) {
$text = explode(';', $v, 2);
$freebusy->AddProperty('FREEBUSY', $text[0], isset($text[1]) ? array('FBTYPE' => $text[1]) : null);
}
return $freebusy;
}
/**
* Deliver scheduling replies to organizer and other attendees
* @param iCalComponent $ical the VCALENDAR to deliver
* @return false on error
*/
function handle_schedule_reply($ical)
{
global $c, $session, $request;
$resources = $ical->GetComponents('VTIMEZONE', false);
$ic = $resources[0];
$etag = md5($request->raw_post);
$organizer = $ic->GetProperties('ORGANIZER');
// for now we treat events with out organizers as an error
if (count($organizer) < 1) {
return false;
}
$attendees = array_merge($organizer, $ic->GetProperties('ATTENDEE'));
$wr_attendees = $ic->GetProperties('X-WR-ATTENDEE');
if (count($wr_attendees) > 0) {
dbg_error_log("POST", "Non-compliant iCal request. Using X-WR-ATTENDEE property");
foreach ($wr_attendees as $k => $v) {
$attendees[] = $v;
}
}
dbg_error_log("POST", "Attempting to deliver scheduling request for %d attendees", count($attendees));
foreach ($attendees as $k => $attendee) {
$attendee_email = preg_replace('/^mailto:/', '', $attendee->Value());
dbg_error_log("POST", "Delivering to %s", $attendee_email);
$attendee_principal = new CalDAVPrincipal(array('email' => $attendee_email, 'options' => array('allow_by_email' => true)));
$deliver_path = preg_replace('/^.*caldav.php/', '', $attendee_principal->schedule_inbox_url);
$attendee_email = preg_replace('/^mailto:/', '', $attendee->Value());
if ($attendee_email == $request->principal->email) {
dbg_error_log("POST", "not delivering to owner");
continue;
}
$ar = new DAVResource($deliver_path);
if (!$ar->HavePrivilegeTo('schedule-deliver-reply')) {
$reply = new XMLDocument(array('DAV:' => ''));
$privnodes = array($reply->href(ConstructURL($attendee_principal->schedule_inbox_url)), new XMLElement('privilege'));
// RFC3744 specifies that we can only respond with one needed privilege, so we pick the first.
$reply->NSElement($privnodes[1], 'schedule-deliver-reply');
$xml = new XMLElement('need-privileges', new XMLElement('resource', $privnodes));
$xmldoc = $reply->Render('error', $xml);
$request->DoResponse(403, $xmldoc, 'text/xml; charset="utf-8"');
continue;
}
$ncal = new iCalComponent();
$ncal->VCalendar();
$ncal->AddProperty('METHOD', 'REPLY');
$ncal->AddComponent(array_merge($ical->GetComponents('VEVENT', false), array($ic)));
$content = $ncal->Render();
write_resource($attendee_principal->user_no, $deliver_path . $etag . '.ics', $content, $ar->GetProperty('collection_id'), $request->user_no, md5($content), $ncal, $put_action_type = 'INSERT', $caldav_context = true, $log_action = true, $etag);
}
$request->DoResponse(201, 'Created');
}
private function AddDefault(iCalComponent $component)
{
$properties = $component->GetProperties();
$now = gmdate("Ymd\\THis\\Z");
$a = array(1, 1, 1);
foreach ($properties as $property) {
//echo "D: " . $property->Name(). ":" . $property->Value() . "<br/>";
if (strcasecmp('DTSTAMP', $property->Name()) === 0) {
$property->Value($now);
$a[0] = 0;
}
if (strcasecmp('LAST-MODIFIED', $property->Name()) === 0) {
$property->Value($now);
$a[1] = 0;
}
if (strcasecmp('X-WEBCAL-GENERATION', $property->Name()) === 0) {
$property->Value('1');
$a[2] = 0;
}
}
for ($i = 0; $i < count($a); $i++) {
//echo $i.':'.$a[$i]."<br/>";
if ($a[$i]) {
switch ($i) {
case 0:
$c['DTSTAMP'] = $now;
break;
case 1:
$c['LAST-MODIFIED'] = $now;
break;
case 2:
$c['X-WEBCAL-GENERATION'] = 1;
break;
default:
continue;
}
$key = key($c);
$val = $c[$key];
$component->AddProperty($key, $val);
$c = NULL;
}
}
}
