/**
* Check that we have the correct privileges to set the ACL
*
* @param array $aces The ACL in the form of an array of ACEs
* @return mixed No idea what this method returns
*/
public function set_acl($aces)
{
$this->assert(DAVACL::PRIV_WRITE_ACL);
return parent::set_acl($aces);
}
/**
* Checks the validity of the ACL and sets it on the resource
*
* @param DAVACL_Resource $resource
* @return void
* @throws DAV_Status
*/
protected function handle($resource)
{
$resource->assertLock();
if (!$resource instanceof DAVACL_Resource) {
throw new DAV_Status(DAV::HTTP_METHOD_NOT_ALLOWED);
}
$supported = $resource->user_prop_supported_privilege_set();
$supported = DAVACL_Element_supported_privilege::flatten($supported);
foreach ($this->aces as $ace) {
foreach ($ace->privileges as $privilege) {
// Check if the privilege is supported...
if (!isset($supported[$privilege])) {
throw new DAV_Status(DAV::HTTP_FORBIDDEN, DAV::COND_NOT_SUPPORTED_PRIVILEGE);
} elseif ($supported[$privilege]['abstract']) {
throw new DAV_Status(DAV::HTTP_FORBIDDEN, DAV::COND_NO_ABSTRACT);
}
}
if ($ace->principal instanceof DAV_Element_href) {
$path = $ace->principal->URIs[0];
if (!($principal = DAV::$REGISTRY->resource($path)) || !$principal instanceof DAVACL_Principal) {
throw new DAV_Status(DAV::HTTP_FORBIDDEN, DAV::COND_RECOGNIZED_PRINCIPAL);
}
}
}
//TODO: enforce ACL restrictions
$resource->set_acl($this->aces);
}
