/** * Checks the validity of the ACL and sets it on the resource * * @param DAVACL_Resource $resource * @return void * @throws DAV_Status */ protected function handle($resource) { $resource->assertLock(); if (!$resource instanceof DAVACL_Resource) { throw new DAV_Status(DAV::HTTP_METHOD_NOT_ALLOWED); } $supported = $resource->user_prop_supported_privilege_set(); $supported = DAVACL_Element_supported_privilege::flatten($supported); foreach ($this->aces as $ace) { foreach ($ace->privileges as $privilege) { // Check if the privilege is supported... if (!isset($supported[$privilege])) { throw new DAV_Status(DAV::HTTP_FORBIDDEN, DAV::COND_NOT_SUPPORTED_PRIVILEGE); } elseif ($supported[$privilege]['abstract']) { throw new DAV_Status(DAV::HTTP_FORBIDDEN, DAV::COND_NO_ABSTRACT); } } if ($ace->principal instanceof DAV_Element_href) { $path = $ace->principal->URIs[0]; if (!($principal = DAV::$REGISTRY->resource($path)) || !$principal instanceof DAVACL_Principal) { throw new DAV_Status(DAV::HTTP_FORBIDDEN, DAV::COND_RECOGNIZED_PRINCIPAL); } } } //TODO: enforce ACL restrictions $resource->set_acl($this->aces); }
public function testFlatten() { $priv2 = new DAVACL_Element_supported_privilege('NS1 privilege2', false, 'Can I do something else?'); $this->obj->add_supported_privilege($priv2); $expected = array('NS1 privilege2' => array('children' => array('NS1 privilege2'), 'abstract' => false), 'NS1 privilege1' => array('children' => array('NS1 privilege1', 'NS1 privilege2'), 'abstract' => true)); $this->assertSame($expected, DAVACL_Element_supported_privilege::flatten(array($this->obj)), 'DAVACL_Element_supported_privilege::flatten() should return a correctly flattened array'); }