/**
* Checks the validity of the ACL and sets it on the resource
*
* @param DAVACL_Resource $resource
* @return void
* @throws DAV_Status
*/
protected function handle($resource)
{
$resource->assertLock();
if (!$resource instanceof DAVACL_Resource) {
throw new DAV_Status(DAV::HTTP_METHOD_NOT_ALLOWED);
}
$supported = $resource->user_prop_supported_privilege_set();
$supported = DAVACL_Element_supported_privilege::flatten($supported);
foreach ($this->aces as $ace) {
foreach ($ace->privileges as $privilege) {
// Check if the privilege is supported...
if (!isset($supported[$privilege])) {
throw new DAV_Status(DAV::HTTP_FORBIDDEN, DAV::COND_NOT_SUPPORTED_PRIVILEGE);
} elseif ($supported[$privilege]['abstract']) {
throw new DAV_Status(DAV::HTTP_FORBIDDEN, DAV::COND_NO_ABSTRACT);
}
}
if ($ace->principal instanceof DAV_Element_href) {
$path = $ace->principal->URIs[0];
if (!($principal = DAV::$REGISTRY->resource($path)) || !$principal instanceof DAVACL_Principal) {
throw new DAV_Status(DAV::HTTP_FORBIDDEN, DAV::COND_RECOGNIZED_PRINCIPAL);
}
}
}
//TODO: enforce ACL restrictions
$resource->set_acl($this->aces);
}
public function testFlatten()
{
$priv2 = new DAVACL_Element_supported_privilege('NS1 privilege2', false, 'Can I do something else?');
$this->obj->add_supported_privilege($priv2);
$expected = array('NS1 privilege2' => array('children' => array('NS1 privilege2'), 'abstract' => false), 'NS1 privilege1' => array('children' => array('NS1 privilege1', 'NS1 privilege2'), 'abstract' => true));
$this->assertSame($expected, DAVACL_Element_supported_privilege::flatten(array($this->obj)), 'DAVACL_Element_supported_privilege::flatten() should return a correctly flattened array');
}
