inc/caldav-DELTICKET.php

   1 <?php
   2 /**
   3 * CalDAV Server - handle DELTICKET method in line with defunct proposed RFC
   4 *   from:  http://tools.ietf.org/html/draft-ito-dav-ticket-00
   5 *
   6 * Why are we using a defunct RFC?  Well, we want to support some kind of system
   7 * for providing a URI to people to give out for granting privileged access
   8 * without requiring logins.  Using a defunct proposed spec seems better than
   9 * inventing our own.  As well as Xythos, Cosmo follows this specification,
  10 * with some documented variations, which we will also follow.  In particular
  11 * we use the xmlns="http://www.xythos.com/namespaces/StorageServer" rather
  12 * than the DAV: namespace.
  13 *
  14 * @package   davical
  15 * @subpackage   caldav
  16 * @author    Andrew McMillan <andrew@mcmillan.net.nz>
  17 * @copyright Morphoss Ltd - http://www.morphoss.com/
  18 * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
  19 */
  20 dbg_error_log('DELTICKET', 'method handler');
  21 require_once('DAVResource.php');
  22
  23 if ( ! $request->HavePrivilegeTo('DAV::unbind') && $request->ticket->owner() != $session->principal_id ) {
  24   $request->NeedPrivilege('DAV::unbind');
  25 }
  26
  27 if ( ! isset($request->ticket) ) {
  28   if ( isset($_GET['ticket']) || isset($_SERVER['HTTP_TICKET']) ) {
  29     $r = new DAVResource($request->path);
  30     if ( ! $r->Exists() ) {
  31       $request->PreconditionFailed(404,'not-found');
  32     }
  33     else {
  34       $request->PreconditionFailed(412,'ticket-does-not-exist','The specified ticket does not exist');
  35     }
  36   }
  37   else
  38     $request->MalformedRequest('No ticket specified');
  39 }
  40
  41 $qry = new AwlQuery('DELETE FROM access_ticket WHERE ticket_id=:ticket_id', array( ':ticket_id'   => $request->ticket->id() ) );
  42 if ( $qry->Exec('DELTICKET', __LINE__, __FILE__) ) {
  43   $request->DoResponse( 204 );
  44 }
  45 $request->DoResponse( 500 );