예제 #1
0
$allowed = false;
if ($dav_resource->HavePrivilegeTo('all', false) || $session->user_no == $resource->user_no || $session->user_no == $resource->logged_user || $c->allow_get_email_visibility && $ic->IsAttendee($session->email)) {
    /**
     * These people get to see all of the event, and they should always
     * get any alarms as well.
     */
    $allowed = true;
} else {
    if ($resource->class != 'PRIVATE') {
        $allowed = true;
        // but we may well obfuscate it below
        if (!$dav_resource->HavePrivilegeTo('DAV::read') || $resource->class == 'CONFIDENTIAL' && !$request->HavePrivilegeTo('DAV::write-content')) {
            $ical = new iCalComponent($resource->caldav_data);
            $comps = $ical->GetComponents('VTIMEZONE', false);
            $confidential = obfuscated_event($comps[0]);
            $ical->SetComponents(array($confidential), $resource->caldav_type);
            $resource->caldav_data = $ical->Render();
        }
    }
}
// else $resource->class == 'PRIVATE' and this person may not see it.
if (!$allowed) {
    $request->DoResponse(403, translate("Forbidden"));
}
header('Etag: "' . $resource->dav_etag . '"');
header('Content-Length: ' . strlen($resource->caldav_data));
$contenttype = 'text/plain';
switch ($resource->caldav_type) {
    case 'VJOURNAL':
    case 'VEVENT':
    case 'VTODO':
예제 #2
0
/**
* Return XML for a single component from the DB
*
* @param array $properties The properties for this component
* @param string $item The DB row data for this component
*
* @return string An XML document which is the response for the component
*/
function component_to_xml($properties, $item)
{
    global $session, $c, $request, $reply;
    dbg_error_log("REPORT", "Building XML Response for item '%s'", $item->dav_name);
    $denied = array();
    $unsupported = array();
    $caldav_data = $item->caldav_data;
    $displayname = preg_replace('{^.*/}', '', $item->dav_name);
    $type = 'unknown';
    $contenttype = 'text/plain';
    switch ($item->caldav_type) {
        case 'VJOURNAL':
        case 'VEVENT':
        case 'VTODO':
            $displayname = $item->summary;
            $type = 'calendar';
            $contenttype = 'text/calendar';
            break;
        case 'VCARD':
            $displayname = $item->fn;
            $type = 'vcard';
            $contenttype = 'text/vcard';
            break;
    }
    if (isset($properties['calendar-data']) || isset($properties['displayname'])) {
        if (!$request->AllowedTo('all') && $session->user_no != $item->user_no) {
            // the user is not admin / owner of this calendarlooking at his calendar and can not admin the other cal
            /** @todo We should examine the ORGANIZER and ATTENDEE fields in the event.  If this person is there then they should see this */
            if ($type == 'calendar' && $item->class == 'CONFIDENTIAL' || !$request->AllowedTo('read')) {
                $ical = new iCalComponent($caldav_data);
                $resources = $ical->GetComponents('VTIMEZONE', false);
                $first = $resources[0];
                // if the event is confidential we fake one that just says "Busy"
                $confidential = new iCalComponent();
                $confidential->SetType($first->GetType());
                $confidential->AddProperty('SUMMARY', translate('Busy'));
                $confidential->AddProperty('CLASS', 'CONFIDENTIAL');
                $confidential->SetProperties($first->GetProperties('DTSTART'), 'DTSTART');
                $confidential->SetProperties($first->GetProperties('RRULE'), 'RRULE');
                $confidential->SetProperties($first->GetProperties('DURATION'), 'DURATION');
                $confidential->SetProperties($first->GetProperties('DTEND'), 'DTEND');
                $confidential->SetProperties($first->GetProperties('UID'), 'UID');
                $ical->SetComponents(array($confidential), $confidential->GetType());
                $caldav_data = $ical->Render();
                $displayname = translate('Busy');
            }
        }
    }
    $url = ConstructURL($item->dav_name);
    $prop = new XMLElement("prop");
    foreach ($properties as $k => $v) {
        switch ($k) {
            case 'getcontentlength':
                $contentlength = strlen($caldav_data);
                $prop->NewElement($k, $contentlength);
                break;
            case 'getlastmodified':
                $prop->NewElement($k, ISODateToHTTPDate($item->modified));
                break;
            case 'calendar-data':
                if ($type == 'calendar') {
                    $reply->CalDAVElement($prop, $k, $caldav_data);
                } else {
                    $unsupported[] = $k;
                }
                break;
            case 'address-data':
                if ($type == 'vcard') {
                    $reply->CardDAVElement($prop, $k, $caldav_data);
                } else {
                    $unsupported[] = $k;
                }
                break;
            case 'getcontenttype':
                $prop->NewElement($k, $contenttype);
                break;
            case 'current-user-principal':
                $prop->NewElement("current-user-principal", $request->current_user_principal_xml);
                break;
            case 'displayname':
                $prop->NewElement($k, $displayname);
                break;
            case 'resourcetype':
                $prop->NewElement($k);
                // Just an empty resourcetype for a non-collection.
                break;
            case 'getetag':
                $prop->NewElement($k, '"' . $item->dav_etag . '"');
                break;
            case '"current-user-privilege-set"':
                $prop->NewElement($k, privileges($request->permissions));
                break;
            case 'SOME-DENIED-PROPERTY':
                /** indicating the style for future expansion */
                $denied[] = $k;
                break;
            default:
                dbg_error_log('REPORT', "Request for unsupported property '%s' of calendar item.", $v);
                $unsupported[] = $k;
        }
    }
    $status = new XMLElement("status", "HTTP/1.1 200 OK");
    $propstat = new XMLElement("propstat", array($prop, $status));
    $href = new XMLElement("href", $url);
    $elements = array($href, $propstat);
    if (count($denied) > 0) {
        $status = new XMLElement("status", "HTTP/1.1 403 Forbidden");
        $noprop = new XMLElement("prop");
        foreach ($denied as $k => $v) {
            $noprop->NewElement(strtolower($v));
        }
        $elements[] = new XMLElement("propstat", array($noprop, $status));
    }
    if (count($unsupported) > 0) {
        $status = new XMLElement("status", "HTTP/1.1 404 Not Found");
        $noprop = new XMLElement("prop");
        foreach ($unsupported as $k => $v) {
            $noprop->NewElement(strtolower($v));
        }
        $elements[] = new XMLElement("propstat", array($noprop, $status));
    }
    $response = new XMLElement("response", $elements);
    return $response;
}
예제 #3
0
/**
* This function will import a whole calendar
* @param string $ics_content the ics file to import
* @param int $user_no the user wich will receive this ics file
* @param string $path the $path where it will be store such as /user_foo/home/
* @param boolean $caldav_context Whether we are responding via CalDAV or interactively
*
* Any VEVENTs with the same UID will be concatenated together
*/
function import_collection($ics_content, $user_no, $path, $caldav_context, $appending = false)
{
    global $c, $session, $tz_regex;
    if (!ini_get('open_basedir') && (isset($c->dbg['ALL']) || isset($c->dbg['put']))) {
        $fh = fopen('/tmp/PUT-2.txt', 'w');
        if ($fh) {
            fwrite($fh, $ics_content);
            fclose($fh);
        }
    }
    $calendar = new iCalComponent($ics_content);
    $timezones = $calendar->GetComponents('VTIMEZONE', true);
    $components = $calendar->GetComponents('VTIMEZONE', false);
    $displayname = $calendar->GetPValue('X-WR-CALNAME');
    if (!$appending && isset($displayname)) {
        $sql = 'UPDATE collection SET dav_displayname = :displayname WHERE dav_name = :dav_name';
        $qry = new AwlQuery($sql, array(':displayname' => $displayname, ':dav_name' => $path));
        if (!$qry->Exec('PUT', __LINE__, __FILE__)) {
            rollback_on_error($caldav_context, $user_no, $path);
        }
    }
    $tz_ids = array();
    foreach ($timezones as $k => $tz) {
        $tz_ids[$tz->GetPValue('TZID')] = $k;
    }
    /** Build an array of resources.  Each resource is an array of iCalComponent */
    $resources = array();
    foreach ($components as $k => $comp) {
        $uid = $comp->GetPValue('UID');
        if ($uid == null || $uid == '') {
            continue;
        }
        if (!isset($resources[$uid])) {
            $resources[$uid] = array();
        }
        $resources[$uid][] = $comp;
        /** Ensure we have the timezone component for this in our array as well */
        $tzid = $comp->GetPParamValue('DTSTART', 'TZID');
        if (!isset($tzid) || $tzid == '') {
            $tzid = $comp->GetPParamValue('DUE', 'TZID');
        }
        if (!isset($resources[$uid][$tzid]) && isset($tz_ids[$tzid])) {
            $resources[$uid][$tzid] = $timezones[$tz_ids[$tzid]];
        }
    }
    $sql = 'SELECT * FROM collection WHERE dav_name = :dav_name';
    $qry = new AwlQuery($sql, array(':dav_name' => $path));
    if (!$qry->Exec('PUT', __LINE__, __FILE__)) {
        rollback_on_error($caldav_context, $user_no, $path);
    }
    if (!$qry->rows() == 1) {
        dbg_error_log('ERROR', ' PUT: Collection does not exist at "%s" for user %d', $path, $user_no);
        rollback_on_error($caldav_context, $user_no, $path);
    }
    $collection = $qry->Fetch();
    if (!(isset($c->skip_bad_event_on_import) && $c->skip_bad_event_on_import)) {
        $qry->Begin();
    }
    $base_params = array(':collection_id' => $collection->collection_id);
    if (!$appending) {
        if (!$qry->QDo('DELETE FROM calendar_item WHERE collection_id = :collection_id', $base_params) || !$qry->QDo('DELETE FROM caldav_data WHERE collection_id = :collection_id', $base_params)) {
            rollback_on_error($caldav_context, $user_no, $collection->collection_id);
        }
    }
    $dav_data_insert = <<<EOSQL
INSERT INTO caldav_data ( user_no, dav_name, dav_etag, caldav_data, caldav_type, logged_user, created, modified, collection_id )
    VALUES( :user_no, :dav_name, :etag, :dav_data, :caldav_type, :session_user, current_timestamp, current_timestamp, :collection_id )
EOSQL;
    $calitem_insert = <<<EOSQL
INSERT INTO calendar_item (user_no, dav_name, dav_id, dav_etag, uid, dtstamp, dtstart, dtend, summary, location, class, transp,
                    description, rrule, tz_id, last_modified, url, priority, created, due, percent_complete, status, collection_id )
    VALUES ( :user_no, :dav_name, currval('dav_id_seq'), :etag, :uid, :dtstamp, :dtstart, ##dtend##, :summary, :location, :class, :transp,
                :description, :rrule, :tzid, :modified, :url, :priority, :created, :due, :percent_complete, :status, :collection_id)
EOSQL;
    $last_tz_locn = '';
    foreach ($resources as $uid => $resource) {
        if (isset($c->skip_bad_event_on_import) && $c->skip_bad_event_on_import) {
            $qry->Begin();
        }
        /** Construct the VCALENDAR data */
        $vcal = new iCalComponent();
        $vcal->VCalendar();
        $vcal->SetComponents($resource);
        create_scheduling_requests($vcal);
        $icalendar = $vcal->Render();
        /** As ever, we mostly deal with the first resource component */
        $first = $resource[0];
        $dav_data_params = $base_params;
        $dav_data_params[':user_no'] = $user_no;
        $dav_data_params[':dav_name'] = sprintf('%s%s.ics', $path, $uid);
        $dav_data_params[':etag'] = md5($icalendar);
        $calitem_params = $dav_data_params;
        $dav_data_params[':dav_data'] = $icalendar;
        $dav_data_params[':caldav_type'] = $first->GetType();
        $dav_data_params[':session_user'] = $session->user_no;
        if (!$qry->QDo($dav_data_insert, $dav_data_params)) {
            rollback_on_error($caldav_context, $user_no, $path);
        }
        $qry->QDo('SELECT dav_id FROM caldav_data WHERE dav_name = :dav_name ', array(':dav_name' => $dav_data_params[':dav_name']));
        if ($qry->rows() == 1 && ($row = $qry->Fetch())) {
            $dav_id = $row->dav_id;
        }
        $dtstart = $first->GetPValue('DTSTART');
        $calitem_params[':dtstart'] = $dtstart;
        if ((!isset($dtstart) || $dtstart == '') && $first->GetPValue('DUE') != '') {
            $dtstart = $first->GetPValue('DUE');
        }
        $dtend = $first->GetPValue('DTEND');
        if (isset($dtend) && $dtend != '') {
            dbg_error_log('PUT', ' DTEND: "%s", DTSTART: "%s", DURATION: "%s"', $dtend, $dtstart, $first->GetPValue('DURATION'));
            $calitem_params[':dtend'] = $dtend;
            $dtend = ':dtend';
        } else {
            $dtend = 'NULL';
            if ($first->GetPValue('DURATION') != '' and $dtstart != '') {
                $duration = trim(preg_replace('#[PT]#', ' ', $first->GetPValue('DURATION')));
                if ($duration == '') {
                    $duration = '0 seconds';
                }
                $dtend = '(:dtstart::timestamp with time zone + :duration::interval)';
                $calitem_params[':duration'] = $duration;
            } elseif ($first->GetType() == 'VEVENT') {
                /**
                 * From RFC2445 4.6.1:
                 * For cases where a "VEVENT" calendar component specifies a "DTSTART"
                 * property with a DATE data type but no "DTEND" property, the events
                 * non-inclusive end is the end of the calendar date specified by the
                 * "DTSTART" property. For cases where a "VEVENT" calendar component specifies
                 * a "DTSTART" property with a DATE-TIME data type but no "DTEND" property,
                 * the event ends on the same calendar date and time of day specified by the
                 * "DTSTART" property.
                 *
                 * So we're looking for 'VALUE=DATE', to identify the duration, effectively.
                 *
                 */
                $value_type = $first->GetPParamValue('DTSTART', 'VALUE');
                dbg_error_log('PUT', 'DTSTART without DTEND. DTSTART value type is %s', $value_type);
                if (isset($value_type) && $value_type == 'DATE') {
                    $dtend = '(:dtstart::timestamp with time zone::date + \'1 day\'::interval)';
                } else {
                    $dtend = ':dtstart';
                }
            }
        }
        $last_modified = $first->GetPValue('LAST-MODIFIED');
        if (!isset($last_modified) || $last_modified == '') {
            $last_modified = gmdate('Ymd\\THis\\Z');
        }
        $calitem_params[':modified'] = $last_modified;
        $dtstamp = $first->GetPValue('DTSTAMP');
        if (!isset($dtstamp) || $dtstamp == '') {
            $dtstamp = $last_modified;
        }
        $calitem_params[':dtstamp'] = $dtstamp;
        /** RFC2445, 4.8.1.3: Default is PUBLIC, or also if overridden by the collection settings */
        $class = $collection->public_events_only == 't' ? 'PUBLIC' : $first->GetPValue('CLASS');
        if (!isset($class) || $class == '') {
            $class = 'PUBLIC';
        }
        $calitem_params[':class'] = $class;
        /** Calculate what timezone to set, first, if possible */
        $tzid = $first->GetPParamValue('DTSTART', 'TZID');
        if (!isset($tzid) || $tzid == '') {
            $tzid = $first->GetPParamValue('DUE', 'TZID');
        }
        if (isset($tzid) && $tzid != '') {
            if (isset($resource[$tzid])) {
                $tz = $resource[$tzid];
                $tz_locn = $tz->GetPValue('X-LIC-LOCATION');
            } else {
                unset($tz);
                unset($tz_locn);
            }
            if (!isset($tz_locn) || !preg_match($tz_regex, $tz_locn)) {
                if (preg_match('#([^/]+/[^/]+)$#', $tzid, $matches)) {
                    $tz_locn = $matches[1];
                }
            }
            dbg_error_log('PUT', ' Using TZID[%s] and location of [%s]', $tzid, isset($tz_locn) ? $tz_locn : '');
            if (isset($tz_locn) && $tz_locn != $last_tz_locn && preg_match($tz_regex, $tz_locn)) {
                dbg_error_log('PUT', ' Setting timezone to %s', $tz_locn);
                if ($tz_locn != '') {
                    $qry->QDo('SET TIMEZONE TO \'' . $tz_locn . "'");
                }
                $last_tz_locn = $tz_locn;
            }
            $params = array(':tzid' => $tzid);
            $qry = new AwlQuery('SELECT tz_locn FROM time_zone WHERE tz_id = :tzid', $params);
            if ($qry->Exec('PUT', __LINE__, __FILE__) && $qry->rows() == 0) {
                $params[':tzlocn'] = $tz_locn;
                $params[':tzspec'] = isset($tz) ? $tz->Render() : null;
                $qry->QDo('INSERT INTO time_zone (tz_id, tz_locn, tz_spec) VALUES(:tzid,:tzlocn,:tzspec)', $params);
            }
            if (!isset($tz_locn) || $tz_locn == '') {
                $tz_locn = $tzid;
            }
        } else {
            $tzid = null;
        }
        $sql = str_replace('##dtend##', $dtend, $calitem_insert);
        $calitem_params[':tzid'] = $tzid;
        $calitem_params[':uid'] = $first->GetPValue('UID');
        $calitem_params[':summary'] = $first->GetPValue('SUMMARY');
        $calitem_params[':location'] = $first->GetPValue('LOCATION');
        $calitem_params[':transp'] = $first->GetPValue('TRANSP');
        $calitem_params[':description'] = $first->GetPValue('DESCRIPTION');
        $calitem_params[':rrule'] = $first->GetPValue('RRULE');
        $calitem_params[':url'] = $first->GetPValue('URL');
        $calitem_params[':priority'] = $first->GetPValue('PRIORITY');
        $calitem_params[':due'] = $first->GetPValue('DUE');
        $calitem_params[':percent_complete'] = $first->GetPValue('PERCENT-COMPLETE');
        $calitem_params[':status'] = $first->GetPValue('STATUS');
        $created = $first->GetPValue('CREATED');
        if ($created == '00001231T000000Z') {
            $created = '20001231T000000Z';
        }
        $calitem_params[':created'] = $created;
        if (!$qry->QDo($sql, $calitem_params)) {
            rollback_on_error($caldav_context, $user_no, $path);
        }
        write_alarms($dav_id, $first);
        write_attendees($dav_id, $first);
        create_scheduling_requests($vcal);
        if (isset($c->skip_bad_event_on_import) && $c->skip_bad_event_on_import) {
            $qry->Commit();
        }
    }
    if (!(isset($c->skip_bad_event_on_import) && $c->skip_bad_event_on_import)) {
        if (!$qry->Commit()) {
            rollback_on_error($caldav_context, $user_no, $path);
        }
    }
}