read-free-busy, schedule-send and schedule-deliver privileges

This commit is contained in:
Ralf Becker 2011-09-22 18:46:16 +00:00
parent 15ed02894f
commit b5269738d7
3 changed files with 69 additions and 17 deletions

View File

@ -751,6 +751,35 @@ class calendar_groupdav extends groupdav_handler
return true; return true;
} }
/**
* Return priviledges for current user, default is read and read-current-user-privilege-set
*
* Reimplemented to add read-free-busy and schedule-deliver privilege
*
* @param string $path path of collection
* @param int $user=null owner of the collection, default current user
* @return array with privileges
*/
public function current_user_privileges($path, $user=null)
{
$priviledes = parent::current_user_privileges($user);
if ($this->bo->check_perms(EGW_ACL_FREEBUSY, 0, $user))
{
$priviledes['read-free-busy'] = HTTP_WebDAV_Server::mkprop(groupdav::CALDAV, 'read-free-busy', '');
if (substr($path, -8) == '/outbox/' && $this->bo->check_acl_invite($user))
{
$priviledes['schedule-send'] = HTTP_WebDAV_Server::mkprop(groupdav::CALDAV, 'schedule-send', '');
}
}
if (substr($path, -7) == '/inbox/' && $this->bo->check_acl_invite($user))
{
$priviledes['schedule-deliver'] = HTTP_WebDAV_Server::mkprop(groupdav::CALDAV, 'schedule-deliver', '');
}
return $priviledes;
}
/** /**
* Fix event series with exceptions, called by calendar_ical::importVCal(): * Fix event series with exceptions, called by calendar_ical::importVCal():
* a) only series master = first event got cal_id from URL * a) only series master = first event got cal_id from URL
@ -761,9 +790,6 @@ class calendar_groupdav extends groupdav_handler
*/ */
static function fix_series(array &$events) static function fix_series(array &$events)
{ {
//foreach($events as $n => $event) error_log(__METHOD__." $n before: ".array2string($event));
//$master =& $events[0];
$bo = new calendar_boupdate(); $bo = new calendar_boupdate();
// get array with orginal recurrences indexed by recurrence-id // get array with orginal recurrences indexed by recurrence-id

View File

@ -27,6 +27,8 @@ require_once('HTTP/WebDAV/Server.php');
* - /<username>/ users home-set with * - /<username>/ users home-set with
* - /<username>/addressbook/ addressbook of user or group <username> given the user has rights to view it * - /<username>/addressbook/ addressbook of user or group <username> given the user has rights to view it
* - /<username>/calendar/ calendar of user <username> given the user has rights to view it * - /<username>/calendar/ calendar of user <username> given the user has rights to view it
* - /<username>/inbox/ scheduling inbox of user <username>
* - /<username>/outbox/ scheduling outbox of user <username>
* - /<username>/infolog/ InfoLog's of user <username> given the user has rights to view it * - /<username>/infolog/ InfoLog's of user <username> given the user has rights to view it
* - /addressbook/ all addressbooks current user has rights to, announced as directory-gateway now * - /addressbook/ all addressbooks current user has rights to, announced as directory-gateway now
* - /calendar/ calendar of current user * - /calendar/ calendar of current user
@ -152,7 +154,14 @@ class groupdav extends HTTP_WebDAV_Server
var $supported_privileges = array( var $supported_privileges = array(
'all' => array( 'all' => array(
'*description*' => 'all privileges', '*description*' => 'all privileges',
'read' => 'read resource', 'read' => array(
'*description*' => 'read resource',
'read-free-busy' => array(
'*ns*' => self::CALDAV,
'*description*' => 'allow free busy report query',
'*only*' => '/calendar/',
),
),
'write' => array( 'write' => array(
'*description*' => 'write resource', '*description*' => 'write resource',
'write-properties' => 'write resource properties', 'write-properties' => 'write resource properties',
@ -164,6 +173,16 @@ class groupdav extends HTTP_WebDAV_Server
'read-acl' => 'read resource access control list', 'read-acl' => 'read resource access control list',
'write-acl' => 'write resource access control list', 'write-acl' => 'write resource access control list',
'read-current-user-privilege-set' => 'read privileges for current principal', 'read-current-user-privilege-set' => 'read privileges for current principal',
'schedule-deliver' => array(
'*ns*' => self::CALDAV,
'*description*' => 'schedule privileges for current principal',
'*only*' => '/inbox/',
),
'schedule-send' => array(
'*ns*' => self::CALDAV,
'*description*' => 'schedule privileges for current principal',
'*only*' => '/outbox/',
),
), ),
); );
/** /**
@ -412,7 +431,7 @@ class groupdav extends HTTP_WebDAV_Server
{ {
foreach($supported_privileges as $name => $data) foreach($supported_privileges as $name => $data)
{ {
$props['supported-privilege-set'][] = $this->supported_privilege($name, $data); $props['supported-privilege-set'][] = $this->supported_privilege($name, $data, $path);
} }
} }
if (!isset($props['owner']) && $this->prop_requested('owner') === true) if (!isset($props['owner']) && $this->prop_requested('owner') === true)
@ -441,20 +460,26 @@ class groupdav extends HTTP_WebDAV_Server
* Generate (hierachical) supported-privilege property * Generate (hierachical) supported-privilege property
* *
* @param string $name name of privilege * @param string $name name of privilege
* @param string|array $data string with describtion or array with agregated privileges plus value for key '*description*' * @param string|array $data string with describtion or array with agregated privileges plus value for key '*description*', '*ns*', '*only*'
* @param string $path=null path to match with $data['*only*']
* @return array of self::mkprop() arrays * @return array of self::mkprop() arrays
*/ */
protected function supported_privilege($name, $data) protected function supported_privilege($name, $data, $path=null)
{ {
$props = array(); $props = array();
$props[] = self::mkprop('privilege', array(self::mkprop($name, ''))); $props[] = self::mkprop('privilege', array(is_array($data) && $data['*ns*'] ?
self::mkprop($data['*ns*'], $name, '') : self::mkprop($name, '')));
$props[] = self::mkprop('description', is_array($data) ? $data['*description*'] : $data); $props[] = self::mkprop('description', is_array($data) ? $data['*description*'] : $data);
if (is_array($data)) if (is_array($data))
{ {
unset($data['*description*']);
foreach($data as $name => $data) foreach($data as $name => $data)
{ {
$props[] = $this->supported_privilege($name, $data); if ($name[0] == '*') continue;
if (is_array($data) && $data['*only*'] && strpos($path, $data['*only*']) === false)
{
continue; // wrong path
}
$props[] = $this->supported_privilege($name, $data, $path);
} }
} }
return self::mkprop('supported-privilege', $props); return self::mkprop('supported-privilege', $props);
@ -689,7 +714,7 @@ class groupdav extends HTTP_WebDAV_Server
} }
$props['getetag'] = 'EGw-'.$app.'-wGE'; $props['getetag'] = 'EGw-'.$app.'-wGE';
if ($handler) $privileges = $handler->current_user_privileges($user) ; if ($handler) $privileges = $handler->current_user_privileges($path.$app.'/', $user) ;
return $this->add_collection($path.$app.'/', $props, $privileges); return $this->add_collection($path.$app.'/', $props, $privileges);
} }

View File

@ -391,33 +391,34 @@ abstract class groupdav_handler
* *
* Priviledges are for the collection, not the resources / entries! * Priviledges are for the collection, not the resources / entries!
* *
* @param string $path path of collection
* @param int $user=null owner of the collection, default current user * @param int $user=null owner of the collection, default current user
* @return array with privileges * @return array with privileges
*/ */
public function current_user_privileges($user=null) public function current_user_privileges($path, $user=null)
{ {
static $grants; static $grants;
if (is_null($grants)) if (is_null($grants))
{ {
$grants = $this->acl->get_grants($this->app, $this->app != 'addressbook'); $grants = $this->acl->get_grants($this->app, $this->app != 'addressbook');
} }
$priviledes = array('read-current-user-privilege-set'); $priviledes = array('read-current-user-privilege-set' => 'read-current-user-privilege-set');
if (!$user || $grants[$user] & EGW_ACL_READ) if (!$user || $grants[$user] & EGW_ACL_READ)
{ {
$priviledes[] = 'read'; $priviledes['read'] = 'read';
} }
if (!$user || $grants[$user] & EGW_ACL_ADD) if (!$user || $grants[$user] & EGW_ACL_ADD)
{ {
$priviledes[] = 'bind'; // PUT for new resources $priviledes['bind'] = 'bind'; // PUT for new resources
} }
if (!$user || $grants[$user] & EGW_ACL_EDIT) if (!$user || $grants[$user] & EGW_ACL_EDIT)
{ {
$priviledes[] = 'write-content'; // otherwise iOS calendar does not allow to add events $priviledes['write-content'] = 'write-content'; // otherwise iOS calendar does not allow to add events
} }
if (!$user || $grants[$user] & EGW_ACL_DELETE) if (!$user || $grants[$user] & EGW_ACL_DELETE)
{ {
$priviledes[] = 'unbind'; // DELETE $priviledes['unbind'] = 'unbind'; // DELETE
} }
// copy/move of existing resources might require write-properties, thought we do not support an explicit PROPATCH // copy/move of existing resources might require write-properties, thought we do not support an explicit PROPATCH
return $priviledes; return $priviledes;