search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
A more efficient query for GET including sub-collections.
[davical.git] / inc / CalDAVRequest.php
blobbdfd0c7beabebea8e79e6fb279c08199f713b761
1 <?php
2 /**
3 * Functions that are needed for all CalDAV Requests
4 *
5 * - Ascertaining the paths
6 * - Ascertaining the current user's permission to those paths.
7 * - Utility functions which we can use to decide whether this
8 * is a permitted activity for this user.
9 *
10 * @package davical
11 * @subpackage Request
12 * @author Andrew McMillan <andrew@mcmillan.net.nz>
13 * @copyright Catalyst .Net Ltd, Morphoss Ltd
14 * @license http://gnu.org/copyleft/gpl.html GNU GPL v3 or later
15 */
16
17 require_once("AwlCache.php");
18 require_once("XMLDocument.php");
19 require_once("DAVPrincipal.php");
20 require_once("DAVTicket.php");
21
22 define('DEPTH_INFINITY', 9999);
23
24 /**
25 * A class for collecting things to do with this request.
26 *
27 * @package davical
28 */
29 class CalDAVRequest
30 {
31 var $options;
32
33 /**
34 * The raw data sent along with the request
35 */
36 var $raw_post;
37
38 /**
39 * The HTTP request method: PROPFIND, LOCK, REPORT, OPTIONS, etc...
40 */
41 var $method;
42
43 /**
44 * The depth parameter from the request headers, coerced into a valid integer: 0, 1
45 * or DEPTH_INFINITY which is defined above. The default is set per various RFCs.
46 */
47 var $depth;
48
49 /**
50 * The 'principal' (user/resource/...) which this request seeks to access
51 * @var DAVPrincipal
52 */
53 var $principal;
54
55 /**
56 * The 'current_user_principal_xml' the DAV:current-user-principal answer. An
57 * XMLElement object with an <href> or <unauthenticated> fragment.
58 */
59 var $current_user_principal_xml;
60
61 /**
62 * The user agent making the request.
63 */
64 var $user_agent;
65
66 /**
67 * The ID of the collection containing this path, or of this path if it is a collection
68 */
69 var $collection_id;
70
71 /**
72 * The path corresponding to the collection_id
73 */
74 var $collection_path;
75
76 /**
77 * The type of collection being requested:
78 * calendar, schedule-inbox, schedule-outbox
79 */
80 var $collection_type;
81
82 /**
83 * The type of collection being requested:
84 * calendar, schedule-inbox, schedule-outbox
85 */
86 protected $exists;
87
88 /**
89 * The value of any 'Destionation:' header, if present.
90 */
91 var $destination;
92
93 /**
94 * The decimal privileges allowed by this user to the identified resource.
95 */
96 protected $privileges;
97
98 /**
99 * A static structure of supported privileges.
100 */
101 var $supported_privileges;
102
103 /**
104 * A DAVTicket object, if there is a ?ticket=id or Ticket: id with this request
105 */
106 public $ticket;
107
108 /**
109 * An array of values from the 'Prefer' header. At present only 'return-minimal' is acted on in any way - you
110 * can test that value with the PreferMinimal() method.
111 */
112 private $prefer;
113
114 /**
115 * Create a new CalDAVRequest object.
116 */
117 function __construct( $options = array() ) {
118 global $session, $c, $debugging;
119
120 $this->options = $options;
121 if ( !isset($this->options['allow_by_email']) ) $this->options['allow_by_email'] = false;
122
123 if ( isset($_SERVER['HTTP_PREFER']) ) {
124 $this->prefer = explode( ',', $_SERVER['HTTP_PREFER']);
125 }
126 else if ( isset($_SERVER['HTTP_BRIEF']) && (strtoupper($_SERVER['HTTP_PREFER']) == 'T') ) {
127 $this->prefer = array( 'return-minimal');
128 }
129 else
130 $this->prefer = array();
131
132 /**
133 * Our path is /<script name>/<user name>/<user controlled> if it ends in
134 * a trailing '/' then it is referring to a DAV 'collection' but otherwise
135 * it is referring to a DAV data item.
136 *
137 * Permissions are controlled as follows:
138 * 1. if there is no <user name> component, the request has read privileges
139 * 2. if the requester is an admin, the request has read/write priviliges
140 * 3. if there is a <user name> component which matches the logged on user
141 * then the request has read/write privileges
142 * 4. otherwise we query the defined relationships between users and use
143 * the minimum privileges returned from that analysis.
144 */
145 $this->path = (isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : "/");
146 $this->path = rawurldecode($this->path);
147
148 /** Allow a request for .../calendar.ics to translate into the calendar URL */
149 if ( preg_match( '#^(/[^/]+/[^/]+).ics$#', $this->path, $matches ) ) {
150 $this->path = $matches[1]. '/';
151 }
152
153 // dbg_error_log( "caldav", "Sanitising path '%s'", $this->path );
154 $bad_chars_regex = '/[\\^\\[\\(\\\\]/';
155 if ( preg_match( $bad_chars_regex, $this->path ) ) {
156 $this->DoResponse( 400, translate("The calendar path contains illegal characters.") );
157 }
158 if ( strstr($this->path,'//') ) $this->path = preg_replace( '#//+#', '/', $this->path);
159
160 if ( !isset($c->raw_post) ) $c->raw_post = file_get_contents( 'php://input');
161 if ( isset($_SERVER['HTTP_CONTENT_ENCODING']) ) {
162 $encoding = $_SERVER['HTTP_CONTENT_ENCODING'];
163 @dbg_error_log('caldav', 'Content-Encoding: %s', $encoding );
164 $encoding = preg_replace('{[^a-z0-9-]}i','',$encoding);
165 if ( ! ini_get('open_basedir') && (isset($c->dbg['ALL']) || isset($c->dbg['caldav'])) ) {
166 $fh = fopen('/tmp/encoded_data.'.$encoding,'w');
167 if ( $fh ) {
168 fwrite($fh,$c->raw_post);
169 fclose($fh);
170 }
171 }
172 switch( $encoding ) {
173 case 'gzip':
174 $this->raw_post = @gzdecode($c->raw_post);
175 break;
176 case 'deflate':
177 $this->raw_post = @gzinflate($c->raw_post);
178 break;
179 case 'compress':
180 $this->raw_post = @gzuncompress($c->raw_post);
181 break;
182 default:
183 }
184 if ( empty($this->raw_post) && !empty($c->raw_post) ) {
185 $this->PreconditionFailed(415, 'content-encoding', sprintf('Unable to decode "%s" content encoding.', $_SERVER['HTTP_CONTENT_ENCODING']));
186 }
187 $c->raw_post = $this->raw_post;
188 }
189 else {
190 $this->raw_post = $c->raw_post;
191 }
192
193 if ( isset($debugging) && isset($_GET['method']) ) {
194 $_SERVER['REQUEST_METHOD'] = $_GET['method'];
195 }
196 else if ( $_SERVER['REQUEST_METHOD'] == 'POST' && isset($_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE']) ){
197 $_SERVER['REQUEST_METHOD'] = $_SERVER['HTTP_X_HTTP_METHOD_OVERRIDE'];
198 }
199 $this->method = $_SERVER['REQUEST_METHOD'];
200 $this->content_type = (isset($_SERVER['CONTENT_TYPE']) ? $_SERVER['CONTENT_TYPE'] : null);
201 if ( preg_match( '{^(\S+/\S+)\s*(;.*)?$}', $this->content_type, $matches ) ) {
202 $this->content_type = $matches[1];
203 }
204 if ( strlen($c->raw_post) > 0 ) {
205 if ( $this->method == 'PROPFIND' || $this->method == 'REPORT' || $this->method == 'PROPPATCH' || $this->method == 'BIND' || $this->method == 'MKTICKET' || $this->method == 'ACL' ) {
206 if ( !preg_match( '{^(text|application)/xml$}', $this->content_type ) ) {
207 @dbg_error_log( "LOG request", 'Request is "%s" but client set content-type to "%s". Assuming they meant XML!',
208 $this->method, $this->content_type );
209 $this->content_type = 'text/xml';
210 }
211 }
212 else if ( $this->method == 'PUT' || $this->method == 'POST' ) {
213 $this->CoerceContentType();
214 }
215 }
216 else {
217 $this->content_type = 'text/plain';
218 }
219 $this->user_agent = ((isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "Probably Mulberry"));
220
221 /**
222 * A variety of requests may set the "Depth" header to control recursion
223 */
224 if ( isset($_SERVER['HTTP_DEPTH']) ) {
225 $this->depth = $_SERVER['HTTP_DEPTH'];
226 }
227 else {
228 /**
229 * Per rfc2518, section 9.2, 'Depth' might not always be present, and if it
230 * is not present then a reasonable request-type-dependent default should be
231 * chosen.
232 */
233 switch( $this->method ) {
234 case 'DELETE':
235 case 'MOVE':
236 case 'COPY':
237 case 'LOCK':
238 $this->depth = 'infinity';
239 break;
240
241 case 'REPORT':
242 $this->depth = 0;
243 break;
244
245 case 'PROPFIND':
246 default:
247 $this->depth = 0;
248 }
249 }
250 if ( !is_int($this->depth) && "infinity" == $this->depth ) $this->depth = DEPTH_INFINITY;
251 $this->depth = intval($this->depth);
252
253 /**
254 * MOVE/COPY use a "Destination" header and (optionally) an "Overwrite" one.
255 */
256 if ( isset($_SERVER['HTTP_DESTINATION']) ) {
257 $this->destination = $_SERVER['HTTP_DESTINATION'];
258 if ( preg_match('{^(https?)://([a-z.-]+)(:[0-9]+)?(/.*)$}', $this->destination, $matches ) ) {
259 $this->destination = $matches[4];
260 }
261 }
262 $this->overwrite = ( isset($_SERVER['HTTP_OVERWRITE']) && ($_SERVER['HTTP_OVERWRITE'] == 'F') ? false : true ); // RFC4918, 9.8.4 says default True.
263
264 /**
265 * LOCK things use an "If" header to hold the lock in some cases, and "Lock-token" in others
266 */
267 if ( isset($_SERVER['HTTP_IF']) ) $this->if_clause = $_SERVER['HTTP_IF'];
268 if ( isset($_SERVER['HTTP_LOCK_TOKEN']) && preg_match( '#[<]opaquelocktoken:(.*)[>]#', $_SERVER['HTTP_LOCK_TOKEN'], $matches ) ) {
269 $this->lock_token = $matches[1];
270 }
271
272 /**
273 * Check for an access ticket.
274 */
275 if ( isset($_GET['ticket']) ) {
276 $this->ticket = new DAVTicket($_GET['ticket']);
277 }
278 else if ( isset($_SERVER['HTTP_TICKET']) ) {
279 $this->ticket = new DAVTicket($_SERVER['HTTP_TICKET']);
280 }
281
282 /**
283 * LOCK things use a "Timeout" header to set a series of reducing alternative values
284 */
285 if ( isset($_SERVER['HTTP_TIMEOUT']) ) {
286 $timeouts = explode( ',', $_SERVER['HTTP_TIMEOUT'] );
287 foreach( $timeouts AS $k => $v ) {
288 if ( strtolower($v) == 'infinite' ) {
289 $this->timeout = (isset($c->maximum_lock_timeout) ? $c->maximum_lock_timeout : 86400 * 100);
290 break;
291 }
292 elseif ( strtolower(substr($v,0,7)) == 'second-' ) {
293 $this->timeout = min( intval(substr($v,7)), (isset($c->maximum_lock_timeout) ? $c->maximum_lock_timeout : 86400 * 100) );
294 break;
295 }
296 }
297 if ( ! isset($this->timeout) || $this->timeout == 0 ) $this->timeout = (isset($c->default_lock_timeout) ? $c->default_lock_timeout : 900);
298 }
299
300 $this->principal = new Principal('path',$this->path);
301
302 /**
303 * RFC2518, 5.2: URL pointing to a collection SHOULD end in '/', and if it does not then
304 * we SHOULD return a Content-location header with the correction...
305 *
306 * We therefore look for a collection which matches one of the following URLs:
307 * - The exact request.
308 * - If the exact request, doesn't end in '/', then the request URL with a '/' appended
309 * - The request URL truncated to the last '/'
310 * The collection URL for this request is therefore the longest row in the result, so we
311 * can "... ORDER BY LENGTH(dav_name) DESC LIMIT 1"
312 */
313 $sql = "SELECT * FROM collection WHERE dav_name = :exact_name";
314 $params = array( ':exact_name' => $this->path );
315 if ( !preg_match( '#/$#', $this->path ) ) {
316 $sql .= " OR dav_name = :truncated_name OR dav_name = :trailing_slash_name";
317 $params[':truncated_name'] = preg_replace( '#[^/]*$#', '', $this->path);
318 $params[':trailing_slash_name'] = $this->path."/";
319 }
320 $sql .= " ORDER BY LENGTH(dav_name) DESC LIMIT 1";
321 $qry = new AwlQuery( $sql, $params );
322 if ( $qry->Exec('caldav',__LINE__,__FILE__) && $qry->rows() == 1 && ($row = $qry->Fetch()) ) {
323 if ( $row->dav_name == $this->path."/" ) {
324 $this->path = $row->dav_name;
325 dbg_error_log( "caldav", "Path is actually a collection - sending Content-Location header." );
326 header( "Content-Location: ".ConstructURL($this->path) );
327 }
328
329 $this->collection_id = $row->collection_id;
330 $this->collection_path = $row->dav_name;
331 $this->collection_type = ($row->is_calendar == 't' ? 'calendar' : 'collection');
332 $this->collection = $row;
333 if ( preg_match( '#^((/[^/]+/)\.(in|out)/)[^/]*$#', $this->path, $matches ) ) {
334 $this->collection_type = 'schedule-'. $matches[3]. 'box';
335 }
336 $this->collection->type = $this->collection_type;
337 }
338 else if ( preg_match( '{^( ( / ([^/]+) / ) \.(in|out)/ ) [^/]*$}x', $this->path, $matches ) ) {
339 // The request is for a scheduling inbox or outbox (or something inside one) and we should auto-create it
340 $params = array( ':username' => $matches[3], ':parent_container' => $matches[2], ':dav_name' => $matches[1] );
341 $params[':boxname'] = ($matches[4] == 'in' ? ' Inbox' : ' Outbox');
342 $this->collection_type = 'schedule-'. $matches[4]. 'box';
343 $params[':resourcetypes'] = sprintf('<DAV::collection/><urn:ietf:params:xml:ns:caldav:%s/>', $this->collection_type );
344 $sql = <<<EOSQL
345 INSERT INTO collection ( user_no, parent_container, dav_name, dav_displayname, is_calendar, created, modified, dav_etag, resourcetypes )
346 VALUES( (SELECT user_no FROM usr WHERE username = text(:username)),
347 :parent_container, :dav_name,
348 (SELECT fullname FROM usr WHERE username = text(:username)) || :boxname,
349 FALSE, current_timestamp, current_timestamp, '1', :resourcetypes )
350 EOSQL;
351
352 $qry = new AwlQuery( $sql, $params );
353 $qry->Exec('caldav',__LINE__,__FILE__);
354 dbg_error_log( 'caldav', 'Created new collection as "%s".', trim($params[':boxname']) );
355
356 // Uncache anything to do with the collection
357 $cache = getCacheInstance();
358 $cache->delete( 'collection-'.$params[':dav_name'], null );
359 $cache->delete( 'principal-'.$params[':parent_container'], null );
360
361 $qry = new AwlQuery( "SELECT * FROM collection WHERE dav_name = :dav_name", array( ':dav_name' => $matches[1] ) );
362 if ( $qry->Exec('caldav',__LINE__,__FILE__) && $qry->rows() == 1 && ($row = $qry->Fetch()) ) {
363 $this->collection_id = $row->collection_id;
364 $this->collection_path = $matches[1];
365 $this->collection = $row;
366 $this->collection->type = $this->collection_type;
367 }
368 }
369 else if ( preg_match( '#^((/[^/]+/)calendar-proxy-(read|write))/?[^/]*$#', $this->path, $matches ) ) {
370 $this->collection_type = 'proxy';
371 $this->_is_proxy_request = true;
372 $this->proxy_type = $matches[3];
373 $this->collection_path = $matches[1].'/'; // Enforce trailling '/'
374 if ( $this->collection_path == $this->path."/" ) {
375 $this->path .= '/';
376 dbg_error_log( "caldav", "Path is actually a (proxy) collection - sending Content-Location header." );
377 header( "Content-Location: ".ConstructURL($this->path) );
378 }
379 }
380 else if ( $this->options['allow_by_email'] && preg_match( '#^/(\S+@\S+[.]\S+)/?$#', $this->path) ) {
381 /** @todo we should deprecate this now that Evolution 2.27 can do scheduling extensions */
382 $this->collection_id = -1;
383 $this->collection_type = 'email';
384 $this->collection_path = $this->path;
385 $this->_is_principal = true;
386 }
387 else if ( preg_match( '#^(/[^/]+)/?$#', $this->path, $matches) || preg_match( '#^(/principals/[^/]+/[^/]+)/?$#', $this->path, $matches) ) {
388 $this->collection_id = -1;
389 $this->collection_path = $matches[1].'/'; // Enforce trailling '/'
390 $this->collection_type = 'principal';
391 $this->_is_principal = true;
392 if ( $this->collection_path == $this->path."/" ) {
393 $this->path .= '/';
394 dbg_error_log( "caldav", "Path is actually a collection - sending Content-Location header." );
395 header( "Content-Location: ".ConstructURL($this->path) );
396 }
397 if ( preg_match( '#^(/principals/[^/]+/[^/]+)/?$#', $this->path, $matches) ) {
398 // Force a depth of 0 on these, which are at the wrong URL.
399 $this->depth = 0;
400 }
401 }
402 else if ( $this->path == '/' ) {
403 $this->collection_id = -1;
404 $this->collection_path = '/';
405 $this->collection_type = 'root';
406 }
407
408 if ( $this->collection_path == $this->path ) $this->_is_collection = true;
409 dbg_error_log( "caldav", " Collection '%s' is %d, type %s", $this->collection_path, $this->collection_id, $this->collection_type );
410
411 /**
412 * Extract the user whom we are accessing
413 */
414 $this->principal = new DAVPrincipal( array( "path" => $this->path, "options" => $this->options ) );
415 $this->user_no = $this->principal->user_no();
416 $this->username = $this->principal->username();
417 $this->by_email = $this->principal->byEmail();
418 $this->principal_id = $this->principal->principal_id();
419
420 if ( $this->collection_type == 'principal' || $this->collection_type == 'email' || $this->collection_type == 'proxy' ) {
421 $this->collection = $this->principal->AsCollection();
422 if( $this->collection_type == 'proxy' ) {
423 $this->collection = $this->principal->AsCollection();
424 $this->collection->is_proxy = 't';
425 $this->collection->type = 'proxy';
426 $this->collection->proxy_type = $this->proxy_type;
427 $this->collection->dav_displayname = sprintf('Proxy %s for %s', $this->proxy_type, $this->principal->username() );
428 }
429 }
430 elseif( $this->collection_type == 'root' ) {
431 $this->collection = (object) array(
432 'collection_id' => 0,
433 'dav_name' => '/',
434 'dav_etag' => md5($c->system_name),
435 'is_calendar' => 'f',
436 'is_addressbook' => 'f',
437 'is_principal' => 'f',
438 'user_no' => 0,
439 'dav_displayname' => $c->system_name,
440 'type' => 'root',
441 'created' => date('Ymd\THis')
442 );
443 }
444
445 /**
446 * Evaluate our permissions for accessing the target
447 */
448 $this->setPermissions();
449
450 $this->supported_methods = array(
451 'OPTIONS' => '',
452 'PROPFIND' => '',
453 'REPORT' => '',
454 'DELETE' => '',
455 'LOCK' => '',
456 'UNLOCK' => '',
457 'MOVE' => '',
458 'ACL' => ''
459 );
460 if ( $this->IsCollection() ) {
461 switch ( $this->collection_type ) {
462 case 'root':
463 case 'email':
464 // We just override the list completely here.
465 $this->supported_methods = array(
466 'OPTIONS' => '',
467 'PROPFIND' => '',
468 'REPORT' => ''
469 );
470 break;
471 case 'schedule-inbox':
472 case 'schedule-outbox':
473 $this->supported_methods = array_merge(
474 $this->supported_methods,
475 array(
476 'POST' => '', 'GET' => '', 'PUT' => '', 'HEAD' => '', 'PROPPATCH' => ''
477 )
478 );
479 break;
480 case 'calendar':
481 $this->supported_methods['GET'] = '';
482 $this->supported_methods['PUT'] = '';
483 $this->supported_methods['HEAD'] = '';
484 break;
485 case 'collection':
486 case 'principal':
487 $this->supported_methods['GET'] = '';
488 $this->supported_methods['PUT'] = '';
489 $this->supported_methods['HEAD'] = '';
490 $this->supported_methods['MKCOL'] = '';
491 $this->supported_methods['MKCALENDAR'] = '';
492 $this->supported_methods['PROPPATCH'] = '';
493 $this->supported_methods['BIND'] = '';
494 break;
495 }
496 }
497 else {
498 $this->supported_methods = array_merge(
499 $this->supported_methods,
500 array(
501 'GET' => '',
502 'HEAD' => '',
503 'PUT' => ''
504 )
505 );
506 }
507
508 $this->supported_reports = array(
509 'DAV::principal-property-search' => '',
510 'DAV::expand-property' => '',
511 'DAV::sync-collection' => ''
512 );
513 if ( isset($this->collection) && $this->collection->is_calendar ) {
514 $this->supported_reports = array_merge(
515 $this->supported_reports,
516 array(
517 'urn:ietf:params:xml:ns:caldav:calendar-query' => '',
518 'urn:ietf:params:xml:ns:caldav:calendar-multiget' => '',
519 'urn:ietf:params:xml:ns:caldav:free-busy-query' => ''
520 )
521 );
522 }
523 if ( isset($this->collection) && $this->collection->is_addressbook ) {
524 $this->supported_reports = array_merge(
525 $this->supported_reports,
526 array(
527 'urn:ietf:params:xml:ns:carddav:addressbook-query' => '',
528 'urn:ietf:params:xml:ns:carddav:addressbook-multiget' => ''
529 )
530 );
531 }
532
533
534 /**
535 * If the content we are receiving is XML then we parse it here. RFC2518 says we
536 * should reasonably expect to see either text/xml or application/xml
537 */
538 if ( isset($this->content_type) && preg_match( '#(application|text)/xml#', $this->content_type ) ) {
539 if ( !isset($this->raw_post) || $this->raw_post == '' ) {
540 $this->XMLResponse( 400, new XMLElement( 'error', new XMLElement('missing-xml'), array( 'xmlns' => 'DAV:') ) );
541 }
542 $xml_parser = xml_parser_create_ns('UTF-8');
543 $this->xml_tags = array();
544 xml_parser_set_option ( $xml_parser, XML_OPTION_SKIP_WHITE, 1 );
545 xml_parser_set_option ( $xml_parser, XML_OPTION_CASE_FOLDING, 0 );
546 $rc = xml_parse_into_struct( $xml_parser, $this->raw_post, $this->xml_tags );
547 if ( $rc == false ) {
548 dbg_error_log( 'ERROR', 'XML parsing error: %s at line %d, column %d',
549 xml_error_string(xml_get_error_code($xml_parser)),
550 xml_get_current_line_number($xml_parser), xml_get_current_column_number($xml_parser) );
551 $this->XMLResponse( 400, new XMLElement( 'error', new XMLElement('invalid-xml'), array( 'xmlns' => 'DAV:') ) );
552 }
553 xml_parser_free($xml_parser);
554 if ( count($this->xml_tags) ) {
555 dbg_error_log( "caldav", " Parsed incoming XML request body." );
556 }
557 else {
558 $this->xml_tags = null;
559 dbg_error_log( "ERROR", "Incoming request sent content-type XML with no XML request body." );
560 }
561 }
562
563 /**
564 * Look out for If-None-Match or If-Match headers
565 */
566 if ( isset($_SERVER["HTTP_IF_NONE_MATCH"]) ) {
567 $this->etag_none_match = $_SERVER["HTTP_IF_NONE_MATCH"];
568 if ( $this->etag_none_match == '' ) unset($this->etag_none_match);
569 }
570 if ( isset($_SERVER["HTTP_IF_MATCH"]) ) {
571 $this->etag_if_match = $_SERVER["HTTP_IF_MATCH"];
572 if ( $this->etag_if_match == '' ) unset($this->etag_if_match);
573 }
574 }
575
576
577 /**
578 * Permissions are controlled as follows:
579 * 1. if the path is '/', the request has read privileges
580 * 2. if the requester is an admin, the request has read/write priviliges
581 * 3. if there is a <user name> component which matches the logged on user
582 * then the request has read/write privileges
583 * 4. otherwise we query the defined relationships between users and use
584 * the minimum privileges returned from that analysis.
585 *
586 * @param int $user_no The current user number
587 *
588 */
589 function setPermissions() {
590 global $c, $session;
591
592 if ( $this->path == '/' || $this->path == '' ) {
593 $this->privileges = privilege_to_bits( array('read','read-free-busy','read-acl'));
594 dbg_error_log( "caldav", "Full read permissions for user accessing /" );
595 }
596 else if ( $session->AllowedTo("Admin") || $session->principal->user_no() == $this->user_no ) {
597 $this->privileges = privilege_to_bits('all');
598 dbg_error_log( "caldav", "Full permissions for %s", ( $session->principal->user_no() == $this->user_no ? "user accessing their own hierarchy" : "a systems administrator") );
599 }
600 else {
601 $this->privileges = 0;
602 if ( $this->IsPublic() ) {
603 $this->privileges = privilege_to_bits(array('read','read-free-busy'));
604 dbg_error_log( "caldav", "Basic read permissions for user accessing a public collection" );
605 }
606 else if ( isset($c->public_freebusy_url) && $c->public_freebusy_url ) {
607 $this->privileges = privilege_to_bits('read-free-busy');
608 dbg_error_log( "caldav", "Basic free/busy permissions for user accessing a public free/busy URL" );
609 }
610
611 /**
612 * In other cases we need to query the database for permissions
613 */
614 $params = array( ':session_principal_id' => $session->principal->principal_id(), ':scan_depth' => $c->permission_scan_depth );
615 if ( isset($this->by_email) && $this->by_email ) {
616 $sql ='SELECT pprivs( :session_principal_id::int8, :request_principal_id::int8, :scan_depth::int ) AS perm';
617 $params[':request_principal_id'] = $this->principal_id;
618 }
619 else {
620 $sql = 'SELECT path_privs( :session_principal_id::int8, :request_path::text, :scan_depth::int ) AS perm';
621 $params[':request_path'] = $this->path;
622 }
623 $qry = new AwlQuery( $sql, $params );
624 if ( $qry->Exec('caldav',__LINE__,__FILE__) && $permission_result = $qry->Fetch() )
625 $this->privileges |= bindec($permission_result->perm);
626
627 dbg_error_log( 'caldav', 'Restricted permissions for user accessing someone elses hierarchy: %s', decbin($this->privileges) );
628 if ( isset($this->ticket) && $this->ticket->MatchesPath($this->path) ) {
629 $this->privileges |= $this->ticket->privileges();
630 dbg_error_log( 'caldav', 'Applying permissions for ticket "%s" now: %s', $this->ticket->id(), decbin($this->privileges) );
631 }
632 }
633
634 /** convert privileges into older style permissions */
635 $this->permissions = array();
636 $privs = bits_to_privilege($this->privileges);
637 foreach( $privs AS $k => $v ) {
638 switch( $v ) {
639 case 'DAV::all': $type = 'abstract'; break;
640 case 'DAV::write': $type = 'aggregate'; break;
641 default: $type = 'real';
642 }
643 $v = str_replace('DAV::', '', $v);
644 $this->permissions[$v] = $type;
645 }
646
647 }
648
649
650 /**
651 * Checks whether the resource is locked, returning any lock token, or false
652 *
653 * @todo This logic does not catch all locking scenarios. For example an infinite
654 * depth request should check the permissions for all collections and resources within
655 * that. At present we only maintain permissions on a per-collection basis though.
656 */
657 function IsLocked() {
658 if ( !isset($this->_locks_found) ) {
659 $this->_locks_found = array();
660
661 $sql = 'DELETE FROM locks WHERE (start + timeout) < current_timestamp';
662 $qry = new AwlQuery($sql);
663 $qry->Exec('caldav',__LINE__,__FILE__);
664
665 /**
666 * Find the locks that might apply and load them into an array
667 */
668 $sql = 'SELECT * FROM locks WHERE :dav_name::text ~ (\'^\'||dav_name||:pattern_end_match)::text';
669 $qry = new AwlQuery($sql, array( ':dav_name' => $this->path, ':pattern_end_match' => ($this->IsInfiniteDepth() ? '' : '$') ) );
670 if ( $qry->Exec('caldav',__LINE__,__FILE__) ) {
671 while( $lock_row = $qry->Fetch() ) {
672 $this->_locks_found[$lock_row->opaquelocktoken] = $lock_row;
673 }
674 }
675 else {
676 $this->DoResponse(500,translate("Database Error"));
677 // Does not return.
678 }
679 }
680
681 foreach( $this->_locks_found AS $lock_token => $lock_row ) {
682 if ( $lock_row->depth == DEPTH_INFINITY || $lock_row->dav_name == $this->path ) {
683 return $lock_token;
684 }
685 }
686
687 return false; // Nothing matched
688 }
689
690
691 /**
692 * Checks whether the collection is public
693 */
694 function IsPublic() {
695 if ( isset($this->collection) && isset($this->collection->publicly_readable) && $this->collection->publicly_readable == 't' ) {
696 return true;
697 }
698 return false;
699 }
700
701
702 private static function supportedPrivileges() {
703 return array(
704 'all' => array(
705 'read' => translate('Read the content of a resource or collection'),
706 'write' => array(
707 'bind' => translate('Create a resource or collection'),
708 'unbind' => translate('Delete a resource or collection'),
709 'write-content' => translate('Write content'),
710 'write-properties' => translate('Write properties')
711 ),
712 'urn:ietf:params:xml:ns:caldav:read-free-busy' => translate('Read the free/busy information for a calendar collection'),
713 'read-acl' => translate('Read ACLs for a resource or collection'),
714 'read-current-user-privilege-set' => translate('Read the details of the current user\'s access control to this resource.'),
715 'write-acl' => translate('Write ACLs for a resource or collection'),
716 'unlock' => translate('Remove a lock'),
717
718 'urn:ietf:params:xml:ns:caldav:schedule-deliver' => array(
719 'urn:ietf:params:xml:ns:caldav:schedule-deliver-invite'=> translate('Deliver scheduling invitations from an organiser to this scheduling inbox'),
720 'urn:ietf:params:xml:ns:caldav:schedule-deliver-reply' => translate('Deliver scheduling replies from an attendee to this scheduling inbox'),
721 'urn:ietf:params:xml:ns:caldav:schedule-query-freebusy' => translate('Allow free/busy enquiries targeted at the owner of this scheduling inbox')
722 ),
723
724 'urn:ietf:params:xml:ns:caldav:schedule-send' => array(
725 'urn:ietf:params:xml:ns:caldav:schedule-send-invite' => translate('Send scheduling invitations as an organiser from the owner of this scheduling outbox.'),
726 'urn:ietf:params:xml:ns:caldav:schedule-send-reply' => translate('Send scheduling replies as an attendee from the owner of this scheduling outbox.'),
727 'urn:ietf:params:xml:ns:caldav:schedule-send-freebusy' => translate('Send free/busy enquiries')
728 )
729 )
730 );
731 }
732
733 /**
734 * Returns the dav_name of the resource in our internal namespace
735 */
736 function dav_name() {
737 if ( isset($this->path) ) return $this->path;
738 return null;
739 }
740
741
742 /**
743 * Returns the name for this depth: 0, 1, infinity
744 */
745 function GetDepthName( ) {
746 if ( $this->IsInfiniteDepth() ) return 'infinity';
747 return $this->depth;
748 }
749
750 /**
751 * Returns the tail of a Regex appropriate for this Depth, when appended to
752 *
753 */
754 function DepthRegexTail( $for_collection_report = false) {
755 if ( $this->IsInfiniteDepth() ) return '';
756 if ( $this->depth == 0 && $for_collection_report ) return '[^/]+$';
757 if ( $this->depth == 0 ) return '$';
758 return '[^/]*/?$';
759 }
760
761 /**
762 * Returns the locked row, either from the cache or from the database
763 *
764 * @param string $dav_name The resource which we want to know the lock status for
765 */
766 function GetLockRow( $lock_token ) {
767 if ( isset($this->_locks_found) && isset($this->_locks_found[$lock_token]) ) {
768 return $this->_locks_found[$lock_token];
769 }
770
771 $qry = new AwlQuery('SELECT * FROM locks WHERE opaquelocktoken = :lock_token', array( ':lock_token' => $lock_token ) );
772 if ( $qry->Exec('caldav',__LINE__,__FILE__) ) {
773 $lock_row = $qry->Fetch();
774 $this->_locks_found = array( $lock_token => $lock_row );
775 return $this->_locks_found[$lock_token];
776 }
777 else {
778 $this->DoResponse( 500, translate("Database Error") );
779 }
780
781 return false; // Nothing matched
782 }
783
784
785 /**
786 * Checks to see whether the lock token given matches one of the ones handed in
787 * with the request.
788 *
789 * @param string $lock_token The opaquelocktoken which we are looking for
790 */
791 function ValidateLockToken( $lock_token ) {
792 if ( isset($this->lock_token) && $this->lock_token == $lock_token ) {
793 dbg_error_log( "caldav", "They supplied a valid lock token. Great!" );
794 return true;
795 }
796 if ( isset($this->if_clause) ) {
797 dbg_error_log( "caldav", "Checking lock token '%s' against '%s'", $lock_token, $this->if_clause );
798 $tokens = preg_split( '/[<>]/', $this->if_clause );
799 foreach( $tokens AS $k => $v ) {
800 dbg_error_log( "caldav", "Checking lock token '%s' against '%s'", $lock_token, $v );
801 if ( 'opaquelocktoken:' == substr( $v, 0, 16 ) ) {
802 if ( substr( $v, 16 ) == $lock_token ) {
803 dbg_error_log( "caldav", "Lock token '%s' validated OK against '%s'", $lock_token, $v );
804 return true;
805 }
806 }
807 }
808 }
809 else {
810 @dbg_error_log( "caldav", "Invalid lock token '%s' - not in Lock-token (%s) or If headers (%s) ", $lock_token, $this->lock_token, $this->if_clause );
811 }
812
813 return false;
814 }
815
816
817 /**
818 * Returns the DB object associated with a lock token, or false.
819 *
820 * @param string $lock_token The opaquelocktoken which we are looking for
821 */
822 function GetLockDetails( $lock_token ) {
823 if ( !isset($this->_locks_found) && false === $this->IsLocked() ) return false;
824 if ( isset($this->_locks_found[$lock_token]) ) return $this->_locks_found[$lock_token];
825 return false;
826 }
827
828
829 /**
830 * This will either (a) return false if no locks apply, or (b) return the lock_token
831 * which the request successfully included to open the lock, or:
832 * (c) respond directly to the client with the failure.
833 *
834 * @return mixed false (no lock) or opaquelocktoken (opened lock)
835 */
836 function FailIfLocked() {
837 if ( $existing_lock = $this->IsLocked() ) { // NOTE Assignment in if() is expected here.
838 dbg_error_log( "caldav", "There is a lock on '%s'", $this->path);
839 if ( ! $this->ValidateLockToken($existing_lock) ) {
840 $lock_row = $this->GetLockRow($existing_lock);
841 /**
842 * Already locked - deny it
843 */
844 $response[] = new XMLElement( 'response', array(
845 new XMLElement( 'href', $lock_row->dav_name ),
846 new XMLElement( 'status', 'HTTP/1.1 423 Resource Locked')
847 ));
848 if ( $lock_row->dav_name != $this->path ) {
849 $response[] = new XMLElement( 'response', array(
850 new XMLElement( 'href', $this->path ),
851 new XMLElement( 'propstat', array(
852 new XMLElement( 'prop', new XMLElement( 'lockdiscovery' ) ),
853 new XMLElement( 'status', 'HTTP/1.1 424 Failed Dependency')
854 ))
855 ));
856 }
857 $response = new XMLElement( "multistatus", $response, array('xmlns'=>'DAV:') );
858 $xmldoc = $response->Render(0,'<?xml version="1.0" encoding="utf-8" ?>');
859 $this->DoResponse( 207, $xmldoc, 'text/xml; charset="utf-8"' );
860 // Which we won't come back from
861 }
862 return $existing_lock;
863 }
864 return false;
865 }
866
867
868 /**
869 * Coerces the Content-type of the request into something valid/appropriate
870 */
871 function CoerceContentType() {
872 if ( isset($this->content_type) ) {
873 $type = explode( '/', $this->content_type, 2);
874 /** @todo: Perhaps we should look at the target collection type, also. */
875 if ( $type[0] == 'text' ) {
876 if ( !empty($type[1]) && ($type[1] == 'vcard' || $type[1] == 'calendar' || $type[1] == 'x-vcard') ) {
877 return;
878 }
879 }
880 }
881
882 /** Null (or peculiar) content-type supplied so we have to try and work it out... */
883 $first_word = trim(substr( $this->raw_post, 0, 30));
884 $first_word = strtoupper( preg_replace( '/\s.*/s', '', $first_word ) );
885 switch( $first_word ) {
886 case '<?XML':
887 dbg_error_log( 'LOG WARNING', 'Application sent content-type of "%s" instead of "text/xml"',
888 (isset($this->content_type)?$this->content_type:'(null)') );
889 $this->content_type = 'text/xml';
890 break;
891 case 'BEGIN:VCALENDAR':
892 dbg_error_log( 'LOG WARNING', 'Application sent content-type of "%s" instead of "text/calendar"',
893 (isset($this->content_type)?$this->content_type:'(null)') );
894 $this->content_type = 'text/calendar';
895 break;
896 case 'BEGIN:VCARD':
897 dbg_error_log( 'LOG WARNING', 'Application sent content-type of "%s" instead of "text/vcard"',
898 (isset($this->content_type)?$this->content_type:'(null)') );
899 $this->content_type = 'text/vcard';
900 break;
901 default:
902 dbg_error_log( 'LOG NOTICE', 'Unusual content-type of "%s" and first word of content is "%s"',
903 (isset($this->content_type)?$this->content_type:'(null)'), $first_word );
904 }
905 if ( empty($this->content_type) ) $this->content_type = 'text/plain';
906 }
907
908
909 /**
910 * Returns true if the 'Prefer: return-minimal' or 'Brief: t' were present in the request headers.
911 */
912 function PreferMinimal() {
913 if ( empty($this->prefer) ) return false;
914 foreach( $this->prefer AS $v ) {
915 if ( $v == 'return-minimal' ) return true;
916 }
917 return false;
918 }
919
920 /**
921 * Returns true if the URL referenced by this request points at a collection.
922 */
923 function IsCollection( ) {
924 if ( !isset($this->_is_collection) ) {
925 $this->_is_collection = preg_match( '#/$#', $this->path );
926 }
927 return $this->_is_collection;
928 }
929
930
931 /**
932 * Returns true if the URL referenced by this request points at a calendar collection.
933 */
934 function IsCalendar( ) {
935 if ( !$this->IsCollection() || !isset($this->collection) ) return false;
936 return $this->collection->is_calendar == 't';
937 }
938
939
940 /**
941 * Returns true if the URL referenced by this request points at an addressbook collection.
942 */
943 function IsAddressBook( ) {
944 if ( !$this->IsCollection() || !isset($this->collection) ) return false;
945 return $this->collection->is_addressbook == 't';
946 }
947
948
949 /**
950 * Returns true if the URL referenced by this request points at a principal.
951 */
952 function IsPrincipal( ) {
953 if ( !isset($this->_is_principal) ) {
954 $this->_is_principal = preg_match( '#^/[^/]+/$#', $this->path );
955 }
956 return $this->_is_principal;
957 }
958
959
960 /**
961 * Returns true if the URL referenced by this request is within a proxy URL
962 */
963 function IsProxyRequest( ) {
964 if ( !isset($this->_is_proxy_request) ) {
965 $this->_is_proxy_request = preg_match( '#^/[^/]+/calendar-proxy-(read|write)/?[^/]*$#', $this->path );
966 }
967 return $this->_is_proxy_request;
968 }
969
970
971 /**
972 * Returns true if the request asked for infinite depth
973 */
974 function IsInfiniteDepth( ) {
975 return ($this->depth == DEPTH_INFINITY);
976 }
977
978
979 /**
980 * Returns the ID of the collection of, or containing this request
981 */
982 function CollectionId( ) {
983 return $this->collection_id;
984 }
985
986
987 /**
988 * Returns the array of supported privileges converted into XMLElements
989 */
990 function BuildSupportedPrivileges( &$reply, $privs = null ) {
991 $privileges = array();
992 if ( $privs === null ) $privs = self::supportedPrivileges();
993 foreach( $privs AS $k => $v ) {
994 dbg_error_log( 'caldav', 'Adding privilege "%s" which is "%s".', $k, $v );
995 $privilege = new XMLElement('privilege');
996 $reply->NSElement($privilege,$k);
997 $privset = array($privilege);
998 if ( is_array($v) ) {
999 dbg_error_log( 'caldav', '"%s" is a container of sub-privileges.', $k );
1000 $privset = array_merge($privset, $this->BuildSupportedPrivileges($reply,$v));
1001 }
1002 else if ( $v == 'abstract' ) {
1003 dbg_error_log( 'caldav', '"%s" is an abstract privilege.', $v );
1004 $privset[] = new XMLElement('abstract');
1005 }
1006 else if ( strlen($v) > 1 ) {
1007 $privset[] = new XMLElement('description', $v);
1008 }
1009 $privileges[] = new XMLElement('supported-privilege',$privset);
1010 }
1011 return $privileges;
1012 }
1013
1014
1015 /**
1016 * Are we allowed to do the requested activity
1017 *
1018 * +------------+------------------------------------------------------+
1019 * | METHOD | PRIVILEGES |
1020 * +------------+------------------------------------------------------+
1021 * | MKCALENDAR | DAV:bind |
1022 * | REPORT | DAV:read or CALDAV:read-free-busy (on all referenced |
1023 * | | resources) |
1024 * +------------+------------------------------------------------------+
1025 *
1026 * @param string $activity The activity we want to do.
1027 */
1028 function AllowedTo( $activity ) {
1029 global $session;
1030 dbg_error_log('caldav', 'Checking whether "%s" is allowed to "%s"', $session->principal->username(), $activity);
1031 if ( isset($this->permissions['all']) ) return true;
1032 switch( $activity ) {
1033 case 'all':
1034 return false; // If they got this far then they don't
1035 break;
1036
1037 case "CALDAV:schedule-send-freebusy":
1038 return isset($this->permissions['read']) || isset($this->permissions['urn:ietf:params:xml:ns:caldav:read-free-busy']);
1039 break;
1040
1041 case "CALDAV:schedule-send-invite":
1042 return isset($this->permissions['read']) || isset($this->permissions['urn:ietf:params:xml:ns:caldav:read-free-busy']);
1043 break;
1044
1045 case "CALDAV:schedule-send-reply":
1046 return isset($this->permissions['read']) || isset($this->permissions['urn:ietf:params:xml:ns:caldav:read-free-busy']);
1047 break;
1048
1049 case 'freebusy':
1050 return isset($this->permissions['read']) || isset($this->permissions['urn:ietf:params:xml:ns:caldav:read-free-busy']);
1051 break;
1052
1053 case 'delete':
1054 return isset($this->permissions['write']) || isset($this->permissions['unbind']);
1055 break;
1056
1057 case 'proppatch':
1058 return isset($this->permissions['write']) || isset($this->permissions['write-properties']);
1059 break;
1060
1061 case 'modify':
1062 return isset($this->permissions['write']) || isset($this->permissions['write-content']);
1063 break;
1064
1065 case 'create':
1066 return isset($this->permissions['write']) || isset($this->permissions['bind']);
1067 break;
1068
1069 case 'mkcalendar':
1070 case 'mkcol':
1071 if ( !isset($this->permissions['write']) || !isset($this->permissions['bind']) ) return false;
1072 if ( $this->is_principal ) return false;
1073 if ( $this->path == '/' ) return false;
1074 break;
1075
1076 default:
1077 $test_bits = privilege_to_bits( $activity );
1078 // dbg_error_log( 'caldav', 'request::AllowedTo("%s") (%s) against allowed "%s" => "%s" (%s)',
1079 // (is_array($activity) ? implode(',',$activity) : $activity), decbin($test_bits),
1080 // decbin($this->privileges), ($this->privileges & $test_bits), decbin($this->privileges & $test_bits) );
1081 return (($this->privileges & $test_bits) > 0 );
1082 break;
1083 }
1084
1085 return false;
1086 }
1087
1088
1089
1090 /**
1091 * Return the privileges bits for the current session user to this resource
1092 */
1093 function Privileges() {
1094 return $this->privileges;
1095 }
1096
1097
1098 /**
1099 * Check that the incoming Etag matches the one for the existing (or non-existing) resource.
1100 *
1101 * @param boolean $exists Whether the destination exists
1102 * @param string $dest_etag The etag for the destination.
1103 */
1104 function CheckEtagMatch( $exists, $dest_etag ) {
1105 global $c;
1106
1107 if ( ! $exists ) {
1108 if ( (isset($this->etag_if_match) && $this->etag_if_match != '') ) {
1109 /**
1110 * RFC2068, 14.25:
1111 * If none of the entity tags match, or if "*" is given and no current
1112 * entity exists, the server MUST NOT perform the requested method, and
1113 * MUST return a 412 (Precondition Failed) response.
1114 */
1115 $this->PreconditionFailed(412, 'if-match', translate('No resource exists at the destination.'));
1116 }
1117 }
1118 else {
1119
1120 if ( isset($c->strict_etag_checking) && $c->strict_etag_checking )
1121 $trim_chars = '\'\\" ';
1122 else
1123 $trim_chars = ' ';
1124
1125 if ( isset($this->etag_if_match) && $this->etag_if_match != '' && trim( $this->etag_if_match, $trim_chars) != trim( $dest_etag, $trim_chars ) ) {
1126 /**
1127 * RFC2068, 14.25:
1128 * If none of the entity tags match, or if "*" is given and no current
1129 * entity exists, the server MUST NOT perform the requested method, and
1130 * MUST return a 412 (Precondition Failed) response.
1131 */
1132 $this->PreconditionFailed(412,'if-match',sprintf('Existing resource ETag of <<%s>> does not match <<%s>>', $dest_etag, $this->etag_if_match) );
1133 }
1134 else if ( isset($this->etag_none_match) && $this->etag_none_match != ''
1135 && ($this->etag_none_match == $dest_etag || $this->etag_none_match == '*') ) {
1136 /**
1137 * RFC2068, 14.26:
1138 * If any of the entity tags match the entity tag of the entity that
1139 * would have been returned in the response to a similar GET request
1140 * (without the If-None-Match header) on that resource, or if "*" is
1141 * given and any current entity exists for that resource, then the
1142 * server MUST NOT perform the requested method.
1143 */
1144 $this->PreconditionFailed(412,'if-none-match', translate( 'Existing resource matches "If-None-Match" header - not accepted.'));
1145 }
1146 }
1147
1148 }
1149
1150
1151 /**
1152 * Is the user has the privileges to do what is requested.
1153 */
1154 function HavePrivilegeTo( $do_what ) {
1155 $test_bits = privilege_to_bits( $do_what );
1156 // dbg_error_log( 'caldav', 'request::HavePrivilegeTo("%s") [%s] against allowed "%s" => "%s" (%s)',
1157 // (is_array($do_what) ? implode(',',$do_what) : $do_what), decbin($test_bits),
1158 // decbin($this->privileges), ($this->privileges & $test_bits), decbin($this->privileges & $test_bits) );
1159 return ($this->privileges & $test_bits) > 0;
1160 }
1161
1162
1163 /**
1164 * Sometimes it's a perfectly formed request, but we just don't do that :-(
1165 * @param array $unsupported An array of the properties we don't support.
1166 */
1167 function UnsupportedRequest( $unsupported ) {
1168 if ( isset($unsupported) && count($unsupported) > 0 ) {
1169 $badprops = new XMLElement( "prop" );
1170 foreach( $unsupported AS $k => $v ) {
1171 // Not supported at this point...
1172 dbg_error_log("ERROR", " %s: Support for $v:$k properties is not implemented yet", $this->method );
1173 $badprops->NewElement(strtolower($k),false,array("xmlns" => strtolower($v)));
1174 }
1175 $error = new XMLElement("error", $badprops, array("xmlns" => "DAV:") );
1176
1177 $this->XMLResponse( 422, $error );
1178 }
1179 }
1180
1181
1182 /**
1183 * Send a need-privileges error response. This function will only return
1184 * if the $href is not supplied and the current user has the specified
1185 * permission for the request path.
1186 *
1187 * @param string $privilege The name of the needed privilege.
1188 * @param string $href The unconstructed URI where we needed the privilege.
1189 */
1190 function NeedPrivilege( $privileges, $href=null ) {
1191 if ( is_string($privileges) ) $privileges = array( $privileges );
1192 if ( !isset($href) ) {
1193 if ( $this->HavePrivilegeTo($privileges) ) return;
1194 $href = $this->path;
1195 }
1196
1197 $reply = new XMLDocument( array('DAV:' => '') );
1198 $privnodes = array( $reply->href(ConstructURL($href)), new XMLElement( 'privilege' ) );
1199 // RFC3744 specifies that we can only respond with one needed privilege, so we pick the first.
1200 $reply->NSElement( $privnodes[1], $privileges[0] );
1201 $xml = new XMLElement( 'need-privileges', new XMLElement( 'resource', $privnodes) );
1202 $xmldoc = $reply->Render('error',$xml);
1203 $this->DoResponse( 403, $xmldoc, 'text/xml; charset="utf-8"' );
1204 exit(0); // Unecessary, but might clarify things
1205 }
1206
1207
1208 /**
1209 * Send an error response for a failed precondition.
1210 *
1211 * @param int $status The status code for the failed precondition. Normally 403
1212 * @param string $precondition The namespaced precondition tag.
1213 * @param string $explanation An optional text explanation for the failure.
1214 */
1215 function PreconditionFailed( $status, $precondition, $explanation = '', $xmlns='DAV:') {
1216 $xmldoc = sprintf('<?xml version="1.0" encoding="utf-8" ?>
1217 <error xmlns="%s">
1218 <%s/>%s
1219 </error>', $xmlns, str_replace($xmlns.':', '', $precondition), $explanation );
1220
1221 $this->DoResponse( $status, $xmldoc, 'text/xml; charset="utf-8"' );
1222 exit(0); // Unecessary, but might clarify things
1223 }
1224
1225
1226 /**
1227 * Send a simple error informing the client that was a malformed request
1228 *
1229 * @param string $text An optional text description of the failure.
1230 */
1231 function MalformedRequest( $text = 'Bad request' ) {
1232 $this->DoResponse( 400, $text );
1233 exit(0); // Unecessary, but might clarify things
1234 }
1235
1236
1237 /**
1238 * Send an XML Response. This function will never return.
1239 *
1240 * @param int $status The HTTP status to respond
1241 * @param XMLElement $xmltree An XMLElement tree to be rendered
1242 */
1243 function XMLResponse( $status, $xmltree ) {
1244 $xmldoc = $xmltree->Render(0,'<?xml version="1.0" encoding="utf-8" ?>');
1245 $etag = md5($xmldoc);
1246 if ( !headers_sent() ) header("ETag: \"$etag\"");
1247 $this->DoResponse( $status, $xmldoc, 'text/xml; charset="utf-8"' );
1248 exit(0); // Unecessary, but might clarify things
1249 }
1250
1251 /**
1252 * Utility function we call when we have a simple status-based response to
1253 * return to the client. Possibly
1254 *
1255 * @param int $status The HTTP status code to send.
1256 * @param string $message The friendly text message to send with the response.
1257 */
1258 function DoResponse( $status, $message="", $content_type="text/plain; charset=\"utf-8\"" ) {
1259 global $session, $c;
1260 if ( !headers_sent() ) @header( sprintf("HTTP/1.1 %d %s", $status, getStatusMessage($status)) );
1261 if ( !headers_sent() ) @header( sprintf("X-DAViCal-Version: DAViCal/%d.%d.%d; DB/%d.%d.%d", $c->code_major, $c->code_minor, $c->code_patch, $c->schema_major, $c->schema_minor, $c->schema_patch) );
1262 if ( !headers_sent() ) header( "Content-type: ".$content_type );
1263
1264 if ( (isset($c->dbg['ALL']) && $c->dbg['ALL']) || (isset($c->dbg['response']) && $c->dbg['response'])
1265 || $status == 400 || $status == 402 || $status == 403 || $status > 404 ) {
1266 @dbg_error_log( "LOG ", 'Response status %03d for %s %s', $status, $this->method, $_SERVER['REQUEST_URI'] );
1267 $lines = headers_list();
1268 dbg_error_log( "LOG ", "***************** Response Header ****************" );
1269 foreach( $lines AS $v ) {
1270 dbg_error_log( "LOG headers", "-->%s", $v );
1271 }
1272 dbg_error_log( "LOG ", "******************** Response ********************" );
1273 // Log the request in all it's gory detail.
1274 $lines = preg_split( '#[\r\n]+#', $message);
1275 foreach( $lines AS $v ) {
1276 dbg_error_log( "LOG response", "-->%s", $v );
1277 }
1278 }
1279
1280 if ( $message != '' ) {
1281 if ( !headers_sent() ) header( "Content-Length: ".strlen($message) );
1282 echo $message;
1283 }
1284
1285 if ( isset($c->dbg['caldav']) && $c->dbg['caldav'] ) {
1286 if ( strlen($message) > 100 || strstr($message, "\n") ) {
1287 $message = substr( preg_replace("#\s+#m", ' ', $message ), 0, 100) . (strlen($message) > 100 ? "..." : "");
1288 }
1289
1290 dbg_error_log("caldav", "Status: %d, Message: %s, User: %d, Path: %s", $status, $message, $session->principal->user_no(), $this->path);
1291 }
1292 if ( isset($c->dbg['statistics']) && $c->dbg['statistics'] ) {
1293 $script_time = microtime(true) - $c->script_start_time;
1294 @dbg_error_log("statistics", "Method: %s, Status: %d, Script: %5.3lfs, Queries: %5.3lfs, URL: %s",
1295 $this->method, $status, $script_time, $c->total_query_time, $this->path);
1296 }
1297 while ( ob_get_level() > 0 ) ob_end_flush();
1298 exit(0);
1299 }
1300
1301 }
1302
DAViCal CalDAV & CardDAV Server