* CalDAV/CardDAV: log failed requests with ### like exceptions to ease diagnose problems, log if clients requests accounts not visible because of account-selection preference, skip proxys if not visible

phpgwapi/inc/class.accounts.inc.php

@@ -621,6 +621,40 @@ class accounts
 		return $data['account_type'] == 'u' ? 1 : 2;
 	}
 
+	/**
+	 * Checks if a given account is visible to current user
+	 *
+	 * Not all existing accounts are visible because off account_selection preference: 'none' or 'groupmembers'
+	 *
+	 * @param int|string $account_id nummeric account_id or account_lid
+	 * @return boolean true = account is visible, false = account not visible, null = account does not exist
+	 */
+	function visible($account_id)
+	{
+		if (!is_numeric($account_id))	// account_lid given
+		{
+			$account_lid = $account_id;
+			if (!($account_id = $this->name2id($account_lid))) return null;
+		}
+		else
+		{
+			if (!($account_lid = $this->id2name($account_id))) return null;
+		}
+		if (!isset($GLOBALS['egw_info']['user']['apps']['admin']) &&
+			// do NOT allow other user, if account-selection is none
+			($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
+				$account_lid != $GLOBALS['egw_info']['user']['account_lid'] ||
+			// only allow group-members for account-selection is groupmembers
+			$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
+				!array_intersect($this->memberships($account_id,true),
+					$this->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
+		{
+			//error_log(__METHOD__."($account_id='$account_lid') returning FALSE");
+			return false;	// user is not allowed to see given account
+		}
+		return true;	// user allowed to see given account
+	}
+
 	/**
 	 * Get all memberships of an account $account_id / groups the account is a member off
 	 *

phpgwapi/inc/class.groupdav.inc.php

@@ -1556,7 +1556,9 @@ class groupdav extends HTTP_WebDAV_Server
 			$content .= $c;
 			if ($extra) $content .= $extra;
 			if ($this->to_log) $content .= "\n### ".implode("\n### ", $this->to_log)."\n";
-			$content .= sprintf('*** %s --> "%s" took %5.3f s',$_SERVER['REQUEST_METHOD'].($_SERVER['REQUEST_METHOD']=='REPORT'?' '.$this->propfind_options['root']['name']:'').' '.$_SERVER['PATH_INFO'],$this->_http_status,microtime(true)-self::$request_starttime)."\n\n";
+			$content .= $this->_http_status[0] == '4' && substr($this->_http_status,0,3) != '412' ||
+				$this->_http_status[0] == '5' ? '###' : '***';	// mark failed requests with ###, instead of ***
+			$content .= sprintf(' %s --> "%s" took %5.3f s',$_SERVER['REQUEST_METHOD'].($_SERVER['REQUEST_METHOD']=='REPORT'?' '.$this->propfind_options['root']['name']:'').' '.$_SERVER['PATH_INFO'],$this->_http_status,microtime(true)-self::$request_starttime)."\n\n";
 
 			if ($msg_file && ($f = fopen($msg_file,'a')))
 			{

phpgwapi/inc/class.groupdav_principals.inc.php

@@ -614,15 +614,9 @@ class groupdav_principals extends groupdav_handler
 		{
 			if (!($id = $this->accounts->name2id($name,'account_lid','u')) ||
 				!($account = $this->accounts->read($id)) ||
-				!isset($GLOBALS['egw_info']['user']['apps']['admin']) &&
-				// do NOT allow other user, if account-selection is none
-				($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
-					$name != $GLOBALS['egw_info']['user']['account_lid'] ||
-				// only allow group-members for account-selection is groupmembers
-				$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
-					!array_intersect($this->accounts->memberships($account['account_id'],true),
-						$this->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
+				!$this->accounts->visible($name))
 			{
+				$this->groupdav->log(__METHOD__."('$name', ...) account '$name' NOT found OR not visible to you (check account-selection preference)!");
 				return '404 Not Found';
 			}
 			while (substr($rest,-1) == '/') $rest = substr($rest,0,-1);
@@ -1220,7 +1214,10 @@ class groupdav_principals extends groupdav_handler
 		$set = array();
 		foreach($accounts as $account_id => $account_lid)
 		{
-			$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.($account_id < 0 ? 'groups/' : 'users/').$account_lid.'/');
+			if ($this->accounts->visible($account_lid))	// only add visible accounts, gives error in iCal otherwise
+			{
+				$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.($account_id < 0 ? 'groups/' : 'users/').$account_lid.'/');
+			}
 		}
 		if ($add_proxys)
 		{
@@ -1300,7 +1297,8 @@ class groupdav_principals extends groupdav_handler
 		foreach($this->acl->get_grants($app, $app != 'addressbook', $account) as $account_id => $rights)
 		{
 			if ($account_id != $account && ($rights & EGW_ACL_READ) &&
-				($account_lid = $this->accounts->id2name($account_id)))
+				($account_lid = $this->accounts->id2name($account_id)) &&
+				$this->accounts->visible($account_lid))	// only add visible accounts, gives error in iCal otherwise
 			{
 				$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.
 					($account_id < 0 ? 'groups/' : 'users/').