* CalDAV/CardDAV: log failed requests with ### like exceptions to ease diagnose problems, log if clients requests accounts not visible because of account-selection preference, skip proxys if not visible

This commit is contained in:
Ralf Becker 2012-04-12 10:44:55 +00:00
parent cd4fc03b25
commit e136ebc108
3 changed files with 45 additions and 11 deletions

View File

@ -549,6 +549,40 @@ class accounts
return $data['account_type'] == 'u' ? 1 : 2;
}
/**
* Checks if a given account is visible to current user
*
* Not all existing accounts are visible because off account_selection preference: 'none' or 'groupmembers'
*
* @param int|string $account_id nummeric account_id or account_lid
* @return boolean true = account is visible, false = account not visible, null = account does not exist
*/
function visible($account_id)
{
if (!is_numeric($account_id)) // account_lid given
{
$account_lid = $account_id;
if (!($account_id = $this->name2id($account_lid))) return null;
}
else
{
if (!($account_lid = $this->id2name($account_id))) return null;
}
if (!isset($GLOBALS['egw_info']['user']['apps']['admin']) &&
// do NOT allow other user, if account-selection is none
($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
$account_lid != $GLOBALS['egw_info']['user']['account_lid'] ||
// only allow group-members for account-selection is groupmembers
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
!array_intersect($this->memberships($account_id,true),
$this->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
{
//error_log(__METHOD__."($account_id='$account_lid') returning FALSE");
return false; // user is not allowed to see given account
}
return true; // user allowed to see given account
}
/**
* Get all memberships of an account $account_id / groups the account is a member off
*

View File

@ -1556,7 +1556,9 @@ class groupdav extends HTTP_WebDAV_Server
$content .= $c;
if ($extra) $content .= $extra;
if ($this->to_log) $content .= "\n### ".implode("\n### ", $this->to_log)."\n";
$content .= sprintf('*** %s --> "%s" took %5.3f s',$_SERVER['REQUEST_METHOD'].($_SERVER['REQUEST_METHOD']=='REPORT'?' '.$this->propfind_options['root']['name']:'').' '.$_SERVER['PATH_INFO'],$this->_http_status,microtime(true)-self::$request_starttime)."\n\n";
$content .= $this->_http_status[0] == '4' && substr($this->_http_status,0,3) != '412' ||
$this->_http_status[0] == '5' ? '###' : '***'; // mark failed requests with ###, instead of ***
$content .= sprintf(' %s --> "%s" took %5.3f s',$_SERVER['REQUEST_METHOD'].($_SERVER['REQUEST_METHOD']=='REPORT'?' '.$this->propfind_options['root']['name']:'').' '.$_SERVER['PATH_INFO'],$this->_http_status,microtime(true)-self::$request_starttime)."\n\n";
if ($msg_file && ($f = fopen($msg_file,'a')))
{

View File

@ -614,15 +614,9 @@ class groupdav_principals extends groupdav_handler
{
if (!($id = $this->accounts->name2id($name,'account_lid','u')) ||
!($account = $this->accounts->read($id)) ||
!isset($GLOBALS['egw_info']['user']['apps']['admin']) &&
// do NOT allow other user, if account-selection is none
($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
$name != $GLOBALS['egw_info']['user']['account_lid'] ||
// only allow group-members for account-selection is groupmembers
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
!array_intersect($this->accounts->memberships($account['account_id'],true),
$this->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
!$this->accounts->visible($name))
{
$this->groupdav->log(__METHOD__."('$name', ...) account '$name' NOT found OR not visible to you (check account-selection preference)!");
return '404 Not Found';
}
while (substr($rest,-1) == '/') $rest = substr($rest,0,-1);
@ -1220,7 +1214,10 @@ class groupdav_principals extends groupdav_handler
$set = array();
foreach($accounts as $account_id => $account_lid)
{
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.($account_id < 0 ? 'groups/' : 'users/').$account_lid.'/');
if ($this->accounts->visible($account_lid)) // only add visible accounts, gives error in iCal otherwise
{
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.($account_id < 0 ? 'groups/' : 'users/').$account_lid.'/');
}
}
if ($add_proxys)
{
@ -1300,7 +1297,8 @@ class groupdav_principals extends groupdav_handler
foreach($this->acl->get_grants($app, $app != 'addressbook', $account) as $account_id => $rights)
{
if ($account_id != $account && ($rights & EGW_ACL_READ) &&
($account_lid = $this->accounts->id2name($account_id)))
($account_lid = $this->accounts->id2name($account_id)) &&
$this->accounts->visible($account_lid)) // only add visible accounts, gives error in iCal otherwise
{
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.
($account_id < 0 ? 'groups/' : 'users/').