forked from extern/egroupware
read-free-busy, schedule-send and schedule-deliver privileges
This commit is contained in:
parent
15ed02894f
commit
b5269738d7
@ -751,6 +751,35 @@ class calendar_groupdav extends groupdav_handler
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return priviledges for current user, default is read and read-current-user-privilege-set
|
||||||
|
*
|
||||||
|
* Reimplemented to add read-free-busy and schedule-deliver privilege
|
||||||
|
*
|
||||||
|
* @param string $path path of collection
|
||||||
|
* @param int $user=null owner of the collection, default current user
|
||||||
|
* @return array with privileges
|
||||||
|
*/
|
||||||
|
public function current_user_privileges($path, $user=null)
|
||||||
|
{
|
||||||
|
$priviledes = parent::current_user_privileges($user);
|
||||||
|
|
||||||
|
if ($this->bo->check_perms(EGW_ACL_FREEBUSY, 0, $user))
|
||||||
|
{
|
||||||
|
$priviledes['read-free-busy'] = HTTP_WebDAV_Server::mkprop(groupdav::CALDAV, 'read-free-busy', '');
|
||||||
|
|
||||||
|
if (substr($path, -8) == '/outbox/' && $this->bo->check_acl_invite($user))
|
||||||
|
{
|
||||||
|
$priviledes['schedule-send'] = HTTP_WebDAV_Server::mkprop(groupdav::CALDAV, 'schedule-send', '');
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if (substr($path, -7) == '/inbox/' && $this->bo->check_acl_invite($user))
|
||||||
|
{
|
||||||
|
$priviledes['schedule-deliver'] = HTTP_WebDAV_Server::mkprop(groupdav::CALDAV, 'schedule-deliver', '');
|
||||||
|
}
|
||||||
|
return $priviledes;
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Fix event series with exceptions, called by calendar_ical::importVCal():
|
* Fix event series with exceptions, called by calendar_ical::importVCal():
|
||||||
* a) only series master = first event got cal_id from URL
|
* a) only series master = first event got cal_id from URL
|
||||||
@ -761,9 +790,6 @@ class calendar_groupdav extends groupdav_handler
|
|||||||
*/
|
*/
|
||||||
static function fix_series(array &$events)
|
static function fix_series(array &$events)
|
||||||
{
|
{
|
||||||
//foreach($events as $n => $event) error_log(__METHOD__." $n before: ".array2string($event));
|
|
||||||
//$master =& $events[0];
|
|
||||||
|
|
||||||
$bo = new calendar_boupdate();
|
$bo = new calendar_boupdate();
|
||||||
|
|
||||||
// get array with orginal recurrences indexed by recurrence-id
|
// get array with orginal recurrences indexed by recurrence-id
|
||||||
|
@ -27,6 +27,8 @@ require_once('HTTP/WebDAV/Server.php');
|
|||||||
* - /<username>/ users home-set with
|
* - /<username>/ users home-set with
|
||||||
* - /<username>/addressbook/ addressbook of user or group <username> given the user has rights to view it
|
* - /<username>/addressbook/ addressbook of user or group <username> given the user has rights to view it
|
||||||
* - /<username>/calendar/ calendar of user <username> given the user has rights to view it
|
* - /<username>/calendar/ calendar of user <username> given the user has rights to view it
|
||||||
|
* - /<username>/inbox/ scheduling inbox of user <username>
|
||||||
|
* - /<username>/outbox/ scheduling outbox of user <username>
|
||||||
* - /<username>/infolog/ InfoLog's of user <username> given the user has rights to view it
|
* - /<username>/infolog/ InfoLog's of user <username> given the user has rights to view it
|
||||||
* - /addressbook/ all addressbooks current user has rights to, announced as directory-gateway now
|
* - /addressbook/ all addressbooks current user has rights to, announced as directory-gateway now
|
||||||
* - /calendar/ calendar of current user
|
* - /calendar/ calendar of current user
|
||||||
@ -152,7 +154,14 @@ class groupdav extends HTTP_WebDAV_Server
|
|||||||
var $supported_privileges = array(
|
var $supported_privileges = array(
|
||||||
'all' => array(
|
'all' => array(
|
||||||
'*description*' => 'all privileges',
|
'*description*' => 'all privileges',
|
||||||
'read' => 'read resource',
|
'read' => array(
|
||||||
|
'*description*' => 'read resource',
|
||||||
|
'read-free-busy' => array(
|
||||||
|
'*ns*' => self::CALDAV,
|
||||||
|
'*description*' => 'allow free busy report query',
|
||||||
|
'*only*' => '/calendar/',
|
||||||
|
),
|
||||||
|
),
|
||||||
'write' => array(
|
'write' => array(
|
||||||
'*description*' => 'write resource',
|
'*description*' => 'write resource',
|
||||||
'write-properties' => 'write resource properties',
|
'write-properties' => 'write resource properties',
|
||||||
@ -164,6 +173,16 @@ class groupdav extends HTTP_WebDAV_Server
|
|||||||
'read-acl' => 'read resource access control list',
|
'read-acl' => 'read resource access control list',
|
||||||
'write-acl' => 'write resource access control list',
|
'write-acl' => 'write resource access control list',
|
||||||
'read-current-user-privilege-set' => 'read privileges for current principal',
|
'read-current-user-privilege-set' => 'read privileges for current principal',
|
||||||
|
'schedule-deliver' => array(
|
||||||
|
'*ns*' => self::CALDAV,
|
||||||
|
'*description*' => 'schedule privileges for current principal',
|
||||||
|
'*only*' => '/inbox/',
|
||||||
|
),
|
||||||
|
'schedule-send' => array(
|
||||||
|
'*ns*' => self::CALDAV,
|
||||||
|
'*description*' => 'schedule privileges for current principal',
|
||||||
|
'*only*' => '/outbox/',
|
||||||
|
),
|
||||||
),
|
),
|
||||||
);
|
);
|
||||||
/**
|
/**
|
||||||
@ -412,7 +431,7 @@ class groupdav extends HTTP_WebDAV_Server
|
|||||||
{
|
{
|
||||||
foreach($supported_privileges as $name => $data)
|
foreach($supported_privileges as $name => $data)
|
||||||
{
|
{
|
||||||
$props['supported-privilege-set'][] = $this->supported_privilege($name, $data);
|
$props['supported-privilege-set'][] = $this->supported_privilege($name, $data, $path);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!isset($props['owner']) && $this->prop_requested('owner') === true)
|
if (!isset($props['owner']) && $this->prop_requested('owner') === true)
|
||||||
@ -441,20 +460,26 @@ class groupdav extends HTTP_WebDAV_Server
|
|||||||
* Generate (hierachical) supported-privilege property
|
* Generate (hierachical) supported-privilege property
|
||||||
*
|
*
|
||||||
* @param string $name name of privilege
|
* @param string $name name of privilege
|
||||||
* @param string|array $data string with describtion or array with agregated privileges plus value for key '*description*'
|
* @param string|array $data string with describtion or array with agregated privileges plus value for key '*description*', '*ns*', '*only*'
|
||||||
|
* @param string $path=null path to match with $data['*only*']
|
||||||
* @return array of self::mkprop() arrays
|
* @return array of self::mkprop() arrays
|
||||||
*/
|
*/
|
||||||
protected function supported_privilege($name, $data)
|
protected function supported_privilege($name, $data, $path=null)
|
||||||
{
|
{
|
||||||
$props = array();
|
$props = array();
|
||||||
$props[] = self::mkprop('privilege', array(self::mkprop($name, '')));
|
$props[] = self::mkprop('privilege', array(is_array($data) && $data['*ns*'] ?
|
||||||
|
self::mkprop($data['*ns*'], $name, '') : self::mkprop($name, '')));
|
||||||
$props[] = self::mkprop('description', is_array($data) ? $data['*description*'] : $data);
|
$props[] = self::mkprop('description', is_array($data) ? $data['*description*'] : $data);
|
||||||
if (is_array($data))
|
if (is_array($data))
|
||||||
{
|
{
|
||||||
unset($data['*description*']);
|
|
||||||
foreach($data as $name => $data)
|
foreach($data as $name => $data)
|
||||||
{
|
{
|
||||||
$props[] = $this->supported_privilege($name, $data);
|
if ($name[0] == '*') continue;
|
||||||
|
if (is_array($data) && $data['*only*'] && strpos($path, $data['*only*']) === false)
|
||||||
|
{
|
||||||
|
continue; // wrong path
|
||||||
|
}
|
||||||
|
$props[] = $this->supported_privilege($name, $data, $path);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return self::mkprop('supported-privilege', $props);
|
return self::mkprop('supported-privilege', $props);
|
||||||
@ -689,7 +714,7 @@ class groupdav extends HTTP_WebDAV_Server
|
|||||||
}
|
}
|
||||||
$props['getetag'] = 'EGw-'.$app.'-wGE';
|
$props['getetag'] = 'EGw-'.$app.'-wGE';
|
||||||
|
|
||||||
if ($handler) $privileges = $handler->current_user_privileges($user) ;
|
if ($handler) $privileges = $handler->current_user_privileges($path.$app.'/', $user) ;
|
||||||
|
|
||||||
return $this->add_collection($path.$app.'/', $props, $privileges);
|
return $this->add_collection($path.$app.'/', $props, $privileges);
|
||||||
}
|
}
|
||||||
|
@ -391,33 +391,34 @@ abstract class groupdav_handler
|
|||||||
*
|
*
|
||||||
* Priviledges are for the collection, not the resources / entries!
|
* Priviledges are for the collection, not the resources / entries!
|
||||||
*
|
*
|
||||||
|
* @param string $path path of collection
|
||||||
* @param int $user=null owner of the collection, default current user
|
* @param int $user=null owner of the collection, default current user
|
||||||
* @return array with privileges
|
* @return array with privileges
|
||||||
*/
|
*/
|
||||||
public function current_user_privileges($user=null)
|
public function current_user_privileges($path, $user=null)
|
||||||
{
|
{
|
||||||
static $grants;
|
static $grants;
|
||||||
if (is_null($grants))
|
if (is_null($grants))
|
||||||
{
|
{
|
||||||
$grants = $this->acl->get_grants($this->app, $this->app != 'addressbook');
|
$grants = $this->acl->get_grants($this->app, $this->app != 'addressbook');
|
||||||
}
|
}
|
||||||
$priviledes = array('read-current-user-privilege-set');
|
$priviledes = array('read-current-user-privilege-set' => 'read-current-user-privilege-set');
|
||||||
|
|
||||||
if (!$user || $grants[$user] & EGW_ACL_READ)
|
if (!$user || $grants[$user] & EGW_ACL_READ)
|
||||||
{
|
{
|
||||||
$priviledes[] = 'read';
|
$priviledes['read'] = 'read';
|
||||||
}
|
}
|
||||||
if (!$user || $grants[$user] & EGW_ACL_ADD)
|
if (!$user || $grants[$user] & EGW_ACL_ADD)
|
||||||
{
|
{
|
||||||
$priviledes[] = 'bind'; // PUT for new resources
|
$priviledes['bind'] = 'bind'; // PUT for new resources
|
||||||
}
|
}
|
||||||
if (!$user || $grants[$user] & EGW_ACL_EDIT)
|
if (!$user || $grants[$user] & EGW_ACL_EDIT)
|
||||||
{
|
{
|
||||||
$priviledes[] = 'write-content'; // otherwise iOS calendar does not allow to add events
|
$priviledes['write-content'] = 'write-content'; // otherwise iOS calendar does not allow to add events
|
||||||
}
|
}
|
||||||
if (!$user || $grants[$user] & EGW_ACL_DELETE)
|
if (!$user || $grants[$user] & EGW_ACL_DELETE)
|
||||||
{
|
{
|
||||||
$priviledes[] = 'unbind'; // DELETE
|
$priviledes['unbind'] = 'unbind'; // DELETE
|
||||||
}
|
}
|
||||||
// copy/move of existing resources might require write-properties, thought we do not support an explicit PROPATCH
|
// copy/move of existing resources might require write-properties, thought we do not support an explicit PROPATCH
|
||||||
return $priviledes;
|
return $priviledes;
|
||||||
|
Loading…
Reference in New Issue
Block a user