$allowed = false; if ($dav_resource->HavePrivilegeTo('all', false) || $session->user_no == $resource->user_no || $session->user_no == $resource->logged_user || $c->allow_get_email_visibility && $ic->IsAttendee($session->email)) { /** * These people get to see all of the event, and they should always * get any alarms as well. */ $allowed = true; } else { if ($resource->class != 'PRIVATE') { $allowed = true; // but we may well obfuscate it below if (!$dav_resource->HavePrivilegeTo('DAV::read') || $resource->class == 'CONFIDENTIAL' && !$request->HavePrivilegeTo('DAV::write-content')) { $ical = new iCalComponent($resource->caldav_data); $comps = $ical->GetComponents('VTIMEZONE', false); $confidential = obfuscated_event($comps[0]); $ical->SetComponents(array($confidential), $resource->caldav_type); $resource->caldav_data = $ical->Render(); } } } // else $resource->class == 'PRIVATE' and this person may not see it. if (!$allowed) { $request->DoResponse(403, translate("Forbidden")); } header('Etag: "' . $resource->dav_etag . '"'); header('Content-Length: ' . strlen($resource->caldav_data)); $contenttype = 'text/plain'; switch ($resource->caldav_type) { case 'VJOURNAL': case 'VEVENT': case 'VTODO':
/** * Return XML for a single component from the DB * * @param array $properties The properties for this component * @param string $item The DB row data for this component * * @return string An XML document which is the response for the component */ function component_to_xml($properties, $item) { global $session, $c, $request, $reply; dbg_error_log("REPORT", "Building XML Response for item '%s'", $item->dav_name); $denied = array(); $unsupported = array(); $caldav_data = $item->caldav_data; $displayname = preg_replace('{^.*/}', '', $item->dav_name); $type = 'unknown'; $contenttype = 'text/plain'; switch ($item->caldav_type) { case 'VJOURNAL': case 'VEVENT': case 'VTODO': $displayname = $item->summary; $type = 'calendar'; $contenttype = 'text/calendar'; break; case 'VCARD': $displayname = $item->fn; $type = 'vcard'; $contenttype = 'text/vcard'; break; } if (isset($properties['calendar-data']) || isset($properties['displayname'])) { if (!$request->AllowedTo('all') && $session->user_no != $item->user_no) { // the user is not admin / owner of this calendarlooking at his calendar and can not admin the other cal /** @todo We should examine the ORGANIZER and ATTENDEE fields in the event. If this person is there then they should see this */ if ($type == 'calendar' && $item->class == 'CONFIDENTIAL' || !$request->AllowedTo('read')) { $ical = new iCalComponent($caldav_data); $resources = $ical->GetComponents('VTIMEZONE', false); $first = $resources[0]; // if the event is confidential we fake one that just says "Busy" $confidential = new iCalComponent(); $confidential->SetType($first->GetType()); $confidential->AddProperty('SUMMARY', translate('Busy')); $confidential->AddProperty('CLASS', 'CONFIDENTIAL'); $confidential->SetProperties($first->GetProperties('DTSTART'), 'DTSTART'); $confidential->SetProperties($first->GetProperties('RRULE'), 'RRULE'); $confidential->SetProperties($first->GetProperties('DURATION'), 'DURATION'); $confidential->SetProperties($first->GetProperties('DTEND'), 'DTEND'); $confidential->SetProperties($first->GetProperties('UID'), 'UID'); $ical->SetComponents(array($confidential), $confidential->GetType()); $caldav_data = $ical->Render(); $displayname = translate('Busy'); } } } $url = ConstructURL($item->dav_name); $prop = new XMLElement("prop"); foreach ($properties as $k => $v) { switch ($k) { case 'getcontentlength': $contentlength = strlen($caldav_data); $prop->NewElement($k, $contentlength); break; case 'getlastmodified': $prop->NewElement($k, ISODateToHTTPDate($item->modified)); break; case 'calendar-data': if ($type == 'calendar') { $reply->CalDAVElement($prop, $k, $caldav_data); } else { $unsupported[] = $k; } break; case 'address-data': if ($type == 'vcard') { $reply->CardDAVElement($prop, $k, $caldav_data); } else { $unsupported[] = $k; } break; case 'getcontenttype': $prop->NewElement($k, $contenttype); break; case 'current-user-principal': $prop->NewElement("current-user-principal", $request->current_user_principal_xml); break; case 'displayname': $prop->NewElement($k, $displayname); break; case 'resourcetype': $prop->NewElement($k); // Just an empty resourcetype for a non-collection. break; case 'getetag': $prop->NewElement($k, '"' . $item->dav_etag . '"'); break; case '"current-user-privilege-set"': $prop->NewElement($k, privileges($request->permissions)); break; case 'SOME-DENIED-PROPERTY': /** indicating the style for future expansion */ $denied[] = $k; break; default: dbg_error_log('REPORT', "Request for unsupported property '%s' of calendar item.", $v); $unsupported[] = $k; } } $status = new XMLElement("status", "HTTP/1.1 200 OK"); $propstat = new XMLElement("propstat", array($prop, $status)); $href = new XMLElement("href", $url); $elements = array($href, $propstat); if (count($denied) > 0) { $status = new XMLElement("status", "HTTP/1.1 403 Forbidden"); $noprop = new XMLElement("prop"); foreach ($denied as $k => $v) { $noprop->NewElement(strtolower($v)); } $elements[] = new XMLElement("propstat", array($noprop, $status)); } if (count($unsupported) > 0) { $status = new XMLElement("status", "HTTP/1.1 404 Not Found"); $noprop = new XMLElement("prop"); foreach ($unsupported as $k => $v) { $noprop->NewElement(strtolower($v)); } $elements[] = new XMLElement("propstat", array($noprop, $status)); } $response = new XMLElement("response", $elements); return $response; }
/** * This function will import a whole calendar * @param string $ics_content the ics file to import * @param int $user_no the user wich will receive this ics file * @param string $path the $path where it will be store such as /user_foo/home/ * @param boolean $caldav_context Whether we are responding via CalDAV or interactively * * Any VEVENTs with the same UID will be concatenated together */ function import_collection($ics_content, $user_no, $path, $caldav_context, $appending = false) { global $c, $session, $tz_regex; if (!ini_get('open_basedir') && (isset($c->dbg['ALL']) || isset($c->dbg['put']))) { $fh = fopen('/tmp/PUT-2.txt', 'w'); if ($fh) { fwrite($fh, $ics_content); fclose($fh); } } $calendar = new iCalComponent($ics_content); $timezones = $calendar->GetComponents('VTIMEZONE', true); $components = $calendar->GetComponents('VTIMEZONE', false); $displayname = $calendar->GetPValue('X-WR-CALNAME'); if (!$appending && isset($displayname)) { $sql = 'UPDATE collection SET dav_displayname = :displayname WHERE dav_name = :dav_name'; $qry = new AwlQuery($sql, array(':displayname' => $displayname, ':dav_name' => $path)); if (!$qry->Exec('PUT', __LINE__, __FILE__)) { rollback_on_error($caldav_context, $user_no, $path); } } $tz_ids = array(); foreach ($timezones as $k => $tz) { $tz_ids[$tz->GetPValue('TZID')] = $k; } /** Build an array of resources. Each resource is an array of iCalComponent */ $resources = array(); foreach ($components as $k => $comp) { $uid = $comp->GetPValue('UID'); if ($uid == null || $uid == '') { continue; } if (!isset($resources[$uid])) { $resources[$uid] = array(); } $resources[$uid][] = $comp; /** Ensure we have the timezone component for this in our array as well */ $tzid = $comp->GetPParamValue('DTSTART', 'TZID'); if (!isset($tzid) || $tzid == '') { $tzid = $comp->GetPParamValue('DUE', 'TZID'); } if (!isset($resources[$uid][$tzid]) && isset($tz_ids[$tzid])) { $resources[$uid][$tzid] = $timezones[$tz_ids[$tzid]]; } } $sql = 'SELECT * FROM collection WHERE dav_name = :dav_name'; $qry = new AwlQuery($sql, array(':dav_name' => $path)); if (!$qry->Exec('PUT', __LINE__, __FILE__)) { rollback_on_error($caldav_context, $user_no, $path); } if (!$qry->rows() == 1) { dbg_error_log('ERROR', ' PUT: Collection does not exist at "%s" for user %d', $path, $user_no); rollback_on_error($caldav_context, $user_no, $path); } $collection = $qry->Fetch(); if (!(isset($c->skip_bad_event_on_import) && $c->skip_bad_event_on_import)) { $qry->Begin(); } $base_params = array(':collection_id' => $collection->collection_id); if (!$appending) { if (!$qry->QDo('DELETE FROM calendar_item WHERE collection_id = :collection_id', $base_params) || !$qry->QDo('DELETE FROM caldav_data WHERE collection_id = :collection_id', $base_params)) { rollback_on_error($caldav_context, $user_no, $collection->collection_id); } } $dav_data_insert = <<<EOSQL INSERT INTO caldav_data ( user_no, dav_name, dav_etag, caldav_data, caldav_type, logged_user, created, modified, collection_id ) VALUES( :user_no, :dav_name, :etag, :dav_data, :caldav_type, :session_user, current_timestamp, current_timestamp, :collection_id ) EOSQL; $calitem_insert = <<<EOSQL INSERT INTO calendar_item (user_no, dav_name, dav_id, dav_etag, uid, dtstamp, dtstart, dtend, summary, location, class, transp, description, rrule, tz_id, last_modified, url, priority, created, due, percent_complete, status, collection_id ) VALUES ( :user_no, :dav_name, currval('dav_id_seq'), :etag, :uid, :dtstamp, :dtstart, ##dtend##, :summary, :location, :class, :transp, :description, :rrule, :tzid, :modified, :url, :priority, :created, :due, :percent_complete, :status, :collection_id) EOSQL; $last_tz_locn = ''; foreach ($resources as $uid => $resource) { if (isset($c->skip_bad_event_on_import) && $c->skip_bad_event_on_import) { $qry->Begin(); } /** Construct the VCALENDAR data */ $vcal = new iCalComponent(); $vcal->VCalendar(); $vcal->SetComponents($resource); create_scheduling_requests($vcal); $icalendar = $vcal->Render(); /** As ever, we mostly deal with the first resource component */ $first = $resource[0]; $dav_data_params = $base_params; $dav_data_params[':user_no'] = $user_no; $dav_data_params[':dav_name'] = sprintf('%s%s.ics', $path, $uid); $dav_data_params[':etag'] = md5($icalendar); $calitem_params = $dav_data_params; $dav_data_params[':dav_data'] = $icalendar; $dav_data_params[':caldav_type'] = $first->GetType(); $dav_data_params[':session_user'] = $session->user_no; if (!$qry->QDo($dav_data_insert, $dav_data_params)) { rollback_on_error($caldav_context, $user_no, $path); } $qry->QDo('SELECT dav_id FROM caldav_data WHERE dav_name = :dav_name ', array(':dav_name' => $dav_data_params[':dav_name'])); if ($qry->rows() == 1 && ($row = $qry->Fetch())) { $dav_id = $row->dav_id; } $dtstart = $first->GetPValue('DTSTART'); $calitem_params[':dtstart'] = $dtstart; if ((!isset($dtstart) || $dtstart == '') && $first->GetPValue('DUE') != '') { $dtstart = $first->GetPValue('DUE'); } $dtend = $first->GetPValue('DTEND'); if (isset($dtend) && $dtend != '') { dbg_error_log('PUT', ' DTEND: "%s", DTSTART: "%s", DURATION: "%s"', $dtend, $dtstart, $first->GetPValue('DURATION')); $calitem_params[':dtend'] = $dtend; $dtend = ':dtend'; } else { $dtend = 'NULL'; if ($first->GetPValue('DURATION') != '' and $dtstart != '') { $duration = trim(preg_replace('#[PT]#', ' ', $first->GetPValue('DURATION'))); if ($duration == '') { $duration = '0 seconds'; } $dtend = '(:dtstart::timestamp with time zone + :duration::interval)'; $calitem_params[':duration'] = $duration; } elseif ($first->GetType() == 'VEVENT') { /** * From RFC2445 4.6.1: * For cases where a "VEVENT" calendar component specifies a "DTSTART" * property with a DATE data type but no "DTEND" property, the events * non-inclusive end is the end of the calendar date specified by the * "DTSTART" property. For cases where a "VEVENT" calendar component specifies * a "DTSTART" property with a DATE-TIME data type but no "DTEND" property, * the event ends on the same calendar date and time of day specified by the * "DTSTART" property. * * So we're looking for 'VALUE=DATE', to identify the duration, effectively. * */ $value_type = $first->GetPParamValue('DTSTART', 'VALUE'); dbg_error_log('PUT', 'DTSTART without DTEND. DTSTART value type is %s', $value_type); if (isset($value_type) && $value_type == 'DATE') { $dtend = '(:dtstart::timestamp with time zone::date + \'1 day\'::interval)'; } else { $dtend = ':dtstart'; } } } $last_modified = $first->GetPValue('LAST-MODIFIED'); if (!isset($last_modified) || $last_modified == '') { $last_modified = gmdate('Ymd\\THis\\Z'); } $calitem_params[':modified'] = $last_modified; $dtstamp = $first->GetPValue('DTSTAMP'); if (!isset($dtstamp) || $dtstamp == '') { $dtstamp = $last_modified; } $calitem_params[':dtstamp'] = $dtstamp; /** RFC2445, 4.8.1.3: Default is PUBLIC, or also if overridden by the collection settings */ $class = $collection->public_events_only == 't' ? 'PUBLIC' : $first->GetPValue('CLASS'); if (!isset($class) || $class == '') { $class = 'PUBLIC'; } $calitem_params[':class'] = $class; /** Calculate what timezone to set, first, if possible */ $tzid = $first->GetPParamValue('DTSTART', 'TZID'); if (!isset($tzid) || $tzid == '') { $tzid = $first->GetPParamValue('DUE', 'TZID'); } if (isset($tzid) && $tzid != '') { if (isset($resource[$tzid])) { $tz = $resource[$tzid]; $tz_locn = $tz->GetPValue('X-LIC-LOCATION'); } else { unset($tz); unset($tz_locn); } if (!isset($tz_locn) || !preg_match($tz_regex, $tz_locn)) { if (preg_match('#([^/]+/[^/]+)$#', $tzid, $matches)) { $tz_locn = $matches[1]; } } dbg_error_log('PUT', ' Using TZID[%s] and location of [%s]', $tzid, isset($tz_locn) ? $tz_locn : ''); if (isset($tz_locn) && $tz_locn != $last_tz_locn && preg_match($tz_regex, $tz_locn)) { dbg_error_log('PUT', ' Setting timezone to %s', $tz_locn); if ($tz_locn != '') { $qry->QDo('SET TIMEZONE TO \'' . $tz_locn . "'"); } $last_tz_locn = $tz_locn; } $params = array(':tzid' => $tzid); $qry = new AwlQuery('SELECT tz_locn FROM time_zone WHERE tz_id = :tzid', $params); if ($qry->Exec('PUT', __LINE__, __FILE__) && $qry->rows() == 0) { $params[':tzlocn'] = $tz_locn; $params[':tzspec'] = isset($tz) ? $tz->Render() : null; $qry->QDo('INSERT INTO time_zone (tz_id, tz_locn, tz_spec) VALUES(:tzid,:tzlocn,:tzspec)', $params); } if (!isset($tz_locn) || $tz_locn == '') { $tz_locn = $tzid; } } else { $tzid = null; } $sql = str_replace('##dtend##', $dtend, $calitem_insert); $calitem_params[':tzid'] = $tzid; $calitem_params[':uid'] = $first->GetPValue('UID'); $calitem_params[':summary'] = $first->GetPValue('SUMMARY'); $calitem_params[':location'] = $first->GetPValue('LOCATION'); $calitem_params[':transp'] = $first->GetPValue('TRANSP'); $calitem_params[':description'] = $first->GetPValue('DESCRIPTION'); $calitem_params[':rrule'] = $first->GetPValue('RRULE'); $calitem_params[':url'] = $first->GetPValue('URL'); $calitem_params[':priority'] = $first->GetPValue('PRIORITY'); $calitem_params[':due'] = $first->GetPValue('DUE'); $calitem_params[':percent_complete'] = $first->GetPValue('PERCENT-COMPLETE'); $calitem_params[':status'] = $first->GetPValue('STATUS'); $created = $first->GetPValue('CREATED'); if ($created == '00001231T000000Z') { $created = '20001231T000000Z'; } $calitem_params[':created'] = $created; if (!$qry->QDo($sql, $calitem_params)) { rollback_on_error($caldav_context, $user_no, $path); } write_alarms($dav_id, $first); write_attendees($dav_id, $first); create_scheduling_requests($vcal); if (isset($c->skip_bad_event_on_import) && $c->skip_bad_event_on_import) { $qry->Commit(); } } if (!(isset($c->skip_bad_event_on_import) && $c->skip_bad_event_on_import)) { if (!$qry->Commit()) { rollback_on_error($caldav_context, $user_no, $path); } } }