inc/caldav-GET.php

   1 <?php
   2 /**
   3 * CalDAV Server - handle GET method
   4 *
   5 * @package   davical
   6 * @subpackage   caldav
   7 * @author    Andrew McMillan <andrew@mcmillan.net.nz>
   8 * @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/>
   9 * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
  10 */
  11 dbg_error_log("get", "GET method handler");
  12
  13 require("caldav-GET-functions.php");
  14
  15 $dav_resource = new DAVResource($request->path);
  16 $dav_resource->NeedPrivilege( array('urn:ietf:params:xml:ns:caldav:read-free-busy','DAV::read') );
  17 if ( $dav_resource->IsExternal() ) {
  18   require_once("external-fetch.php");
  19   update_external ( $dav_resource );
  20 }
  21
  22 if ( ! $dav_resource->Exists() ) {
  23   $request->DoResponse( 404, translate("Resource Not Found.") );
  24 }
  25
  26
  27 if ( $dav_resource->IsCollection() ) {
  28   $response = export_iCalendar($dav_resource);
  29   header( 'Etag: '.$dav_resource->unique_tag() );
  30   $request->DoResponse( 200, ($request->method == 'HEAD' ? '' : $response), 'text/calendar; charset="utf-8"' );
  31 }
  32
  33
  34 // Just a single event then
  35
  36 $resource = $dav_resource->resource();
  37 $ic = new iCalComponent( $resource->caldav_data );
  38
  39 $resource->caldav_data = preg_replace( '{(?<!\r)\n}', "\r\n", $resource->caldav_data);
  40
  41 /** Default deny... */
  42 $allowed = false;
  43 if ( $dav_resource->HavePrivilegeTo('all', false) || $session->user_no == $resource->user_no || $session->user_no == $resource->logged_user
  44       || ( $c->allow_get_email_visibility && $ic->IsAttendee($session->email) ) ) {
  45   /**
  46   * These people get to see all of the event, and they should always
  47   * get any alarms as well.
  48   */
  49   $allowed = true;
  50 }
  51 else if ( $resource->class != 'PRIVATE' ) {
  52   $allowed = true; // but we may well obfuscate it below
  53   if ( ! $dav_resource->HavePrivilegeTo('DAV::read') || ( $resource->class == 'CONFIDENTIAL' && ! $request->HavePrivilegeTo('DAV::write-content') ) ) {
  54     $ical = new iCalComponent( $resource->caldav_data );
  55     $comps = $ical->GetComponents('VTIMEZONE',false);
  56     $confidential = obfuscated_event($comps[0]);
  57     $ical->SetComponents( array($confidential), $resource->caldav_type );
  58     $resource->caldav_data = $ical->Render();
  59   }
  60 }
  61 // else $resource->class == 'PRIVATE' and this person may not see it.
  62
  63 if ( ! $allowed ) {
  64   $request->DoResponse( 403, translate("Forbidden") );
  65 }
  66
  67 header( 'Etag: "'.$resource->dav_etag.'"' );
  68 header( 'Content-Length: '.strlen($resource->caldav_data) );
  69
  70 $contenttype = 'text/plain';
  71 switch( $resource->caldav_type ) {
  72   case 'VJOURNAL':
  73   case 'VEVENT':
  74   case 'VTODO':
  75     $contenttype = 'text/calendar';
  76     break;
  77
  78   case 'VCARD':
  79     $contenttype = 'text/vcard';
  80     break;
  81 }
  82
  83 $request->DoResponse( 200, ($request->method == 'HEAD' ? '' : $resource->caldav_data), $contenttype.'; charset="utf-8"' );