From b5269738d7f87fc757c9ceff60bca23c2b03ae6d Mon Sep 17 00:00:00 2001 From: Ralf Becker Date: Thu, 22 Sep 2011 18:46:16 +0000 Subject: [PATCH] read-free-busy, schedule-send and schedule-deliver privileges --- calendar/inc/class.calendar_groupdav.inc.php | 32 +++++++++++++-- phpgwapi/inc/class.groupdav.inc.php | 41 ++++++++++++++++---- phpgwapi/inc/class.groupdav_handler.inc.php | 13 ++++--- 3 files changed, 69 insertions(+), 17 deletions(-) diff --git a/calendar/inc/class.calendar_groupdav.inc.php b/calendar/inc/class.calendar_groupdav.inc.php index 010e00a66c..c0056ae9bc 100644 --- a/calendar/inc/class.calendar_groupdav.inc.php +++ b/calendar/inc/class.calendar_groupdav.inc.php @@ -751,6 +751,35 @@ class calendar_groupdav extends groupdav_handler return true; } + /** + * Return priviledges for current user, default is read and read-current-user-privilege-set + * + * Reimplemented to add read-free-busy and schedule-deliver privilege + * + * @param string $path path of collection + * @param int $user=null owner of the collection, default current user + * @return array with privileges + */ + public function current_user_privileges($path, $user=null) + { + $priviledes = parent::current_user_privileges($user); + + if ($this->bo->check_perms(EGW_ACL_FREEBUSY, 0, $user)) + { + $priviledes['read-free-busy'] = HTTP_WebDAV_Server::mkprop(groupdav::CALDAV, 'read-free-busy', ''); + + if (substr($path, -8) == '/outbox/' && $this->bo->check_acl_invite($user)) + { + $priviledes['schedule-send'] = HTTP_WebDAV_Server::mkprop(groupdav::CALDAV, 'schedule-send', ''); + } + } + if (substr($path, -7) == '/inbox/' && $this->bo->check_acl_invite($user)) + { + $priviledes['schedule-deliver'] = HTTP_WebDAV_Server::mkprop(groupdav::CALDAV, 'schedule-deliver', ''); + } + return $priviledes; + } + /** * Fix event series with exceptions, called by calendar_ical::importVCal(): * a) only series master = first event got cal_id from URL @@ -761,9 +790,6 @@ class calendar_groupdav extends groupdav_handler */ static function fix_series(array &$events) { - //foreach($events as $n => $event) error_log(__METHOD__." $n before: ".array2string($event)); - //$master =& $events[0]; - $bo = new calendar_boupdate(); // get array with orginal recurrences indexed by recurrence-id diff --git a/phpgwapi/inc/class.groupdav.inc.php b/phpgwapi/inc/class.groupdav.inc.php index d3e3337178..04f8a0edeb 100644 --- a/phpgwapi/inc/class.groupdav.inc.php +++ b/phpgwapi/inc/class.groupdav.inc.php @@ -27,6 +27,8 @@ require_once('HTTP/WebDAV/Server.php'); * - // users home-set with * - //addressbook/ addressbook of user or group given the user has rights to view it * - //calendar/ calendar of user given the user has rights to view it + * - //inbox/ scheduling inbox of user + * - //outbox/ scheduling outbox of user * - //infolog/ InfoLog's of user given the user has rights to view it * - /addressbook/ all addressbooks current user has rights to, announced as directory-gateway now * - /calendar/ calendar of current user @@ -152,7 +154,14 @@ class groupdav extends HTTP_WebDAV_Server var $supported_privileges = array( 'all' => array( '*description*' => 'all privileges', - 'read' => 'read resource', + 'read' => array( + '*description*' => 'read resource', + 'read-free-busy' => array( + '*ns*' => self::CALDAV, + '*description*' => 'allow free busy report query', + '*only*' => '/calendar/', + ), + ), 'write' => array( '*description*' => 'write resource', 'write-properties' => 'write resource properties', @@ -164,6 +173,16 @@ class groupdav extends HTTP_WebDAV_Server 'read-acl' => 'read resource access control list', 'write-acl' => 'write resource access control list', 'read-current-user-privilege-set' => 'read privileges for current principal', + 'schedule-deliver' => array( + '*ns*' => self::CALDAV, + '*description*' => 'schedule privileges for current principal', + '*only*' => '/inbox/', + ), + 'schedule-send' => array( + '*ns*' => self::CALDAV, + '*description*' => 'schedule privileges for current principal', + '*only*' => '/outbox/', + ), ), ); /** @@ -412,7 +431,7 @@ class groupdav extends HTTP_WebDAV_Server { foreach($supported_privileges as $name => $data) { - $props['supported-privilege-set'][] = $this->supported_privilege($name, $data); + $props['supported-privilege-set'][] = $this->supported_privilege($name, $data, $path); } } if (!isset($props['owner']) && $this->prop_requested('owner') === true) @@ -441,20 +460,26 @@ class groupdav extends HTTP_WebDAV_Server * Generate (hierachical) supported-privilege property * * @param string $name name of privilege - * @param string|array $data string with describtion or array with agregated privileges plus value for key '*description*' + * @param string|array $data string with describtion or array with agregated privileges plus value for key '*description*', '*ns*', '*only*' + * @param string $path=null path to match with $data['*only*'] * @return array of self::mkprop() arrays */ - protected function supported_privilege($name, $data) + protected function supported_privilege($name, $data, $path=null) { $props = array(); - $props[] = self::mkprop('privilege', array(self::mkprop($name, ''))); + $props[] = self::mkprop('privilege', array(is_array($data) && $data['*ns*'] ? + self::mkprop($data['*ns*'], $name, '') : self::mkprop($name, ''))); $props[] = self::mkprop('description', is_array($data) ? $data['*description*'] : $data); if (is_array($data)) { - unset($data['*description*']); foreach($data as $name => $data) { - $props[] = $this->supported_privilege($name, $data); + if ($name[0] == '*') continue; + if (is_array($data) && $data['*only*'] && strpos($path, $data['*only*']) === false) + { + continue; // wrong path + } + $props[] = $this->supported_privilege($name, $data, $path); } } return self::mkprop('supported-privilege', $props); @@ -689,7 +714,7 @@ class groupdav extends HTTP_WebDAV_Server } $props['getetag'] = 'EGw-'.$app.'-wGE'; - if ($handler) $privileges = $handler->current_user_privileges($user) ; + if ($handler) $privileges = $handler->current_user_privileges($path.$app.'/', $user) ; return $this->add_collection($path.$app.'/', $props, $privileges); } diff --git a/phpgwapi/inc/class.groupdav_handler.inc.php b/phpgwapi/inc/class.groupdav_handler.inc.php index 0d29c7a59a..71659f498d 100644 --- a/phpgwapi/inc/class.groupdav_handler.inc.php +++ b/phpgwapi/inc/class.groupdav_handler.inc.php @@ -391,33 +391,34 @@ abstract class groupdav_handler * * Priviledges are for the collection, not the resources / entries! * + * @param string $path path of collection * @param int $user=null owner of the collection, default current user * @return array with privileges */ - public function current_user_privileges($user=null) + public function current_user_privileges($path, $user=null) { static $grants; if (is_null($grants)) { $grants = $this->acl->get_grants($this->app, $this->app != 'addressbook'); } - $priviledes = array('read-current-user-privilege-set'); + $priviledes = array('read-current-user-privilege-set' => 'read-current-user-privilege-set'); if (!$user || $grants[$user] & EGW_ACL_READ) { - $priviledes[] = 'read'; + $priviledes['read'] = 'read'; } if (!$user || $grants[$user] & EGW_ACL_ADD) { - $priviledes[] = 'bind'; // PUT for new resources + $priviledes['bind'] = 'bind'; // PUT for new resources } if (!$user || $grants[$user] & EGW_ACL_EDIT) { - $priviledes[] = 'write-content'; // otherwise iOS calendar does not allow to add events + $priviledes['write-content'] = 'write-content'; // otherwise iOS calendar does not allow to add events } if (!$user || $grants[$user] & EGW_ACL_DELETE) { - $priviledes[] = 'unbind'; // DELETE + $priviledes['unbind'] = 'unbind'; // DELETE } // copy/move of existing resources might require write-properties, thought we do not support an explicit PROPATCH return $priviledes;