* CalDAV/CardDAV: log failed requests with ### like exceptions to ease diagnose problems, log if clients requests accounts not visible because of account-selection preference, skip proxys if not visible

This commit is contained in:
Ralf Becker 2012-04-12 10:44:00 +00:00
parent 18d74430ea
commit 15c9fd0d32
3 changed files with 45 additions and 11 deletions

View File

@ -621,6 +621,40 @@ class accounts
return $data['account_type'] == 'u' ? 1 : 2; return $data['account_type'] == 'u' ? 1 : 2;
} }
/**
* Checks if a given account is visible to current user
*
* Not all existing accounts are visible because off account_selection preference: 'none' or 'groupmembers'
*
* @param int|string $account_id nummeric account_id or account_lid
* @return boolean true = account is visible, false = account not visible, null = account does not exist
*/
function visible($account_id)
{
if (!is_numeric($account_id)) // account_lid given
{
$account_lid = $account_id;
if (!($account_id = $this->name2id($account_lid))) return null;
}
else
{
if (!($account_lid = $this->id2name($account_id))) return null;
}
if (!isset($GLOBALS['egw_info']['user']['apps']['admin']) &&
// do NOT allow other user, if account-selection is none
($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
$account_lid != $GLOBALS['egw_info']['user']['account_lid'] ||
// only allow group-members for account-selection is groupmembers
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
!array_intersect($this->memberships($account_id,true),
$this->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
{
//error_log(__METHOD__."($account_id='$account_lid') returning FALSE");
return false; // user is not allowed to see given account
}
return true; // user allowed to see given account
}
/** /**
* Get all memberships of an account $account_id / groups the account is a member off * Get all memberships of an account $account_id / groups the account is a member off
* *

View File

@ -1556,7 +1556,9 @@ class groupdav extends HTTP_WebDAV_Server
$content .= $c; $content .= $c;
if ($extra) $content .= $extra; if ($extra) $content .= $extra;
if ($this->to_log) $content .= "\n### ".implode("\n### ", $this->to_log)."\n"; if ($this->to_log) $content .= "\n### ".implode("\n### ", $this->to_log)."\n";
$content .= sprintf('*** %s --> "%s" took %5.3f s',$_SERVER['REQUEST_METHOD'].($_SERVER['REQUEST_METHOD']=='REPORT'?' '.$this->propfind_options['root']['name']:'').' '.$_SERVER['PATH_INFO'],$this->_http_status,microtime(true)-self::$request_starttime)."\n\n"; $content .= $this->_http_status[0] == '4' && substr($this->_http_status,0,3) != '412' ||
$this->_http_status[0] == '5' ? '###' : '***'; // mark failed requests with ###, instead of ***
$content .= sprintf(' %s --> "%s" took %5.3f s',$_SERVER['REQUEST_METHOD'].($_SERVER['REQUEST_METHOD']=='REPORT'?' '.$this->propfind_options['root']['name']:'').' '.$_SERVER['PATH_INFO'],$this->_http_status,microtime(true)-self::$request_starttime)."\n\n";
if ($msg_file && ($f = fopen($msg_file,'a'))) if ($msg_file && ($f = fopen($msg_file,'a')))
{ {

View File

@ -614,15 +614,9 @@ class groupdav_principals extends groupdav_handler
{ {
if (!($id = $this->accounts->name2id($name,'account_lid','u')) || if (!($id = $this->accounts->name2id($name,'account_lid','u')) ||
!($account = $this->accounts->read($id)) || !($account = $this->accounts->read($id)) ||
!isset($GLOBALS['egw_info']['user']['apps']['admin']) && !$this->accounts->visible($name))
// do NOT allow other user, if account-selection is none
($GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'none' &&
$name != $GLOBALS['egw_info']['user']['account_lid'] ||
// only allow group-members for account-selection is groupmembers
$GLOBALS['egw_info']['user']['preferences']['common']['account_selection'] == 'groupmembers' &&
!array_intersect($this->accounts->memberships($account['account_id'],true),
$this->accounts->memberships($GLOBALS['egw_info']['user']['account_id'],true))))
{ {
$this->groupdav->log(__METHOD__."('$name', ...) account '$name' NOT found OR not visible to you (check account-selection preference)!");
return '404 Not Found'; return '404 Not Found';
} }
while (substr($rest,-1) == '/') $rest = substr($rest,0,-1); while (substr($rest,-1) == '/') $rest = substr($rest,0,-1);
@ -1220,7 +1214,10 @@ class groupdav_principals extends groupdav_handler
$set = array(); $set = array();
foreach($accounts as $account_id => $account_lid) foreach($accounts as $account_id => $account_lid)
{ {
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.($account_id < 0 ? 'groups/' : 'users/').$account_lid.'/'); if ($this->accounts->visible($account_lid)) // only add visible accounts, gives error in iCal otherwise
{
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.($account_id < 0 ? 'groups/' : 'users/').$account_lid.'/');
}
} }
if ($add_proxys) if ($add_proxys)
{ {
@ -1300,7 +1297,8 @@ class groupdav_principals extends groupdav_handler
foreach($this->acl->get_grants($app, $app != 'addressbook', $account) as $account_id => $rights) foreach($this->acl->get_grants($app, $app != 'addressbook', $account) as $account_id => $rights)
{ {
if ($account_id != $account && ($rights & EGW_ACL_READ) && if ($account_id != $account && ($rights & EGW_ACL_READ) &&
($account_lid = $this->accounts->id2name($account_id))) ($account_lid = $this->accounts->id2name($account_id)) &&
$this->accounts->visible($account_lid)) // only add visible accounts, gives error in iCal otherwise
{ {
$set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'. $set[] = HTTP_WebDAV_Server::mkprop('href', $this->base_uri.'/principals/'.
($account_id < 0 ? 'groups/' : 'users/'). ($account_id < 0 ? 'groups/' : 'users/').