DAViCal
caldav-PROPPATCH.php
1 <?php
11 dbg_error_log("PROPPATCH", "method handler");
12 
13 require_once('vCalendar.php');
14 require_once('DAVResource.php');
15 
16 $dav_resource = new DAVResource($request->path);
17 if ( !$dav_resource->HavePrivilegeTo('DAV::write-properties') ) {
18  $parent = $dav_resource->GetParentContainer();
19  if ( !$dav_resource->IsBinding() || !$parent->HavePrivilegeTo('DAV::write') ) {
20  $request->PreconditionFailed(403, 'DAV::write-properties', 'You do not have permission to write properties to that resource' );
21  }
22 }
23 
24 $position = 0;
25 $xmltree = BuildXMLTree( $request->xml_tags, $position);
26 
27 // echo $xmltree->Render();
28 
29 if ( $xmltree->GetNSTag() != "DAV::propertyupdate" ) {
30  $request->PreconditionFailed( 403, 'DAV::propertyupdate', 'XML request did not contain a &lt;propertyupdate&gt; tag' );
31 }
32 
36 $setprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::set/DAV::prop/*");
37 $rmprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::remove/DAV::prop/*");
38 
45 $failure = array();
46 $success = array();
47 
48 $reply = new XMLDocument( array( 'DAV:' => '') );
49 
57 function add_failure( $type, $tag, $status, $description=null, $error_tag = null) {
58  global $failure, $reply;
59  $prop = new XMLElement('prop');
60  $reply->NSElement($prop, $tag);
61  $propstat = array($prop,new XMLElement( 'status', $status ));
62 
63  if ( isset($description))
64  $propstat[] = new XMLElement( 'responsedescription', $description );
65  if ( isset($error_tag) )
66  $propstat[] = new XMLElement( 'error', new XMLElement( $error_tag ) );
67 
68  $failure[$type.'-'.$tag] = new XMLElement('propstat', $propstat );
69 }
70 
71 
77 $qry = new AwlQuery();
78 $qry->Begin();
79 $setcalendar = count($xmltree->GetPath('/DAV::propertyupdate/DAV::set/DAV::prop/DAV::resourcetype/urn:ietf:params:xml:ns:caldav:calendar'));
80 foreach( $setprops AS $k => $setting ) {
81  $tag = $setting->GetNSTag();
82  $content = $setting->RenderContent(0,null,true);
83 
84  switch( $tag ) {
85 
86  case 'DAV::displayname':
90  if ( $dav_resource->IsCollection() || $dav_resource->IsPrincipal() ) {
91  if ( $dav_resource->IsBinding() ) {
92  $qry->QDo('UPDATE dav_binding SET dav_displayname = :displayname WHERE dav_name = :dav_name',
93  array( ':displayname' => $content, ':dav_name' => $dav_resource->dav_name()) );
94  }
95  else if ( $dav_resource->IsPrincipal() ) {
96  $qry->QDo('UPDATE dav_principal SET fullname = :displayname, displayname = :displayname, modified = current_timestamp WHERE user_no = :user_no',
97  array( ':displayname' => $content, ':user_no' => $request->user_no) );
98  }
99  else {
100  $qry->QDo('UPDATE collection SET dav_displayname = :displayname, modified = current_timestamp WHERE dav_name = :dav_name',
101  array( ':displayname' => $content, ':dav_name' => $dav_resource->dav_name()) );
102  }
103  $success[$tag] = 1;
104  }
105  else {
106  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
107  translate("The displayname may only be set on collections, principals or bindings."), 'cannot-modify-protected-property');
108  }
109  break;
110 
111  case 'DAV::resourcetype':
116  $resourcetypes = $setting->GetPath('DAV::resourcetype/*');
117  $setcollection = false;
118  $setcalendar = false;
119  $setaddressbook = false;
120  $setother = false;
121  foreach( $resourcetypes AS $xnode ) {
122  switch( $xnode->GetNSTag() ) {
123  case 'urn:ietf:params:xml:ns:caldav:calendar': $setcalendar = true; break;
124  case 'urn:ietf:params:xml:ns:carddav:addressbook': $setaddressbook = true; break;
125  case 'DAV::collection': $setcollection = true; break;
126  default:
127  $setother = true;
128  }
129  }
130  if ( $dav_resource->IsCollection() && $setcollection && ! $dav_resource->IsPrincipal() && ! $dav_resource->IsBinding()
131  && !($setcalendar && $setaddressbook) && !$setother ) {
132  $resourcetypes = '<collection xmlns="DAV:"/>';
133  if ( $setcalendar ) $resourcetypes .= '<calendar xmlns="urn:ietf:params:xml:ns:caldav"/>';
134  else if ( $setaddressbook ) $resourcetypes .= '<addressbook xmlns="urn:ietf:params:xml:ns:carddav"/>';
135  $qry->QDo('UPDATE collection SET is_calendar = :is_calendar::boolean, is_addressbook = :is_addressbook::boolean,
136  resourcetypes = :resourcetypes WHERE dav_name = :dav_name',
137  array( ':dav_name' => $dav_resource->dav_name(), ':resourcetypes' => $resourcetypes,
138  ':is_calendar' => $setcalendar, ':is_addressbook' => $setaddressbook ) );
139  $success[$tag] = 1;
140  }
141  else if ( $setcalendar && $setaddressbook ) {
142  add_failure('set', $tag, 'HTTP/1.1 409 Conflict',
143  translate("A collection may not be both a calendar and an addressbook."));
144  }
145  else if ( $setother ) {
146  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
147  translate("Unsupported resourcetype modification."), 'cannot-modify-protected-property');
148  }
149  else {
150  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
151  translate("Resources may not be changed to / from collections."), 'cannot-modify-protected-property');
152  }
153  break;
154 
155  case 'DAV::group-member-set':
156  if ( $dav_resource->IsProxyCollection() ) {
157  $privileges_read = privilege_to_bits( array('read', 'read-free-busy', 'schedule-deliver') );
158  $privileges_write = privilege_to_bits( array('write', 'schedule-send') );
159  $type = 'read';
160  if ( $dav_resource->IsProxyCollection('write') ) {
161  $type = 'write';
162  }
163 
164  $by_principal = $dav_resource->getProperty('principal_id');
165  $sqlparams = array( ':by_principal' => $by_principal );
166 
167  $existing_grants = array();
168  $qry->QDo('SELECT to_principal, privileges FROM grants WHERE by_principal = :by_principal', $sqlparams);
169  while ( $row = $qry->Fetch() ) {
170  $existing_grants[$row->to_principal] = bindec($row->privileges);
171  }
172 
173  $group_members = $setting->GetElements('DAV::href');
174  foreach( $group_members AS $member ) {
175  $to_principal = new Principal('path', DeconstructURL( $member->GetContent() ));
176  if ( !$to_principal->Exists() ) {
177  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
178  translate('Principal not found') . ': ' . $member->GetContent(), 'recognized-principal');
179  break;
180  }
181  $sqlparams[':to_principal'] = $to_principal->principal_id();
182 
183  if ( array_key_exists($to_principal->principal_id(), $existing_grants) ) {
184  $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24) WHERE to_principal=:to_principal AND by_principal=:by_principal';
185  $existing_privileges = $existing_grants[$to_principal->principal_id()];
186  unset( $existing_grants[$to_principal->principal_id()] );
187  } else {
188  $sql = 'INSERT INTO grants (by_principal, to_principal, privileges) VALUES(:by_principal, :to_principal, :privileges::INT::BIT(24))';
189  $existing_privileges = 0;
190  }
191 
192  $privileges = $existing_privileges | $privileges_read; // always add read privileges here
193  if ( $type == 'write' ) {
194  $privileges |= $privileges_write; // add write privileges as well
195  } else {
196  $privileges &= $privileges_write ^ DAVICAL_MAXPRIV; // substract write privileges
197  }
198  if ( $privileges == $existing_privileges ) continue; // unchanged
199  $sqlparams[':privileges'] = $privileges;
200 
201  $qry->QDo($sql, $sqlparams);
202  dbg_error_log("PROPPATCH", "group-member-set: %s (%s) is granted %s access to %s", $to_principal->username(), $to_principal->principal_id(), $type, $dav_resource->getProperty('username'));
203 
204  Principal::cacheDelete('dav_name',$to_principal->dav_name());
205  Principal::cacheFlush('principal_id IN (SELECT member_id FROM group_member WHERE group_id = ?)', array($to_principal->principal_id()));
206  }
207 
208  // if there are any remaining grants of our $type, we need to delete them
209  // ("set" means "replace any existing property", WEBDAV RFC2518 12.13.2)
210  foreach ( $existing_grants AS $id => $existing_privs ) {
211  $have_write = $existing_privs & $privileges_write;
212  if ( $type == 'read' && $have_write ) continue;
213  if ( $type == 'write' && ! $have_write ) continue;
214 
215  $negative_readwrite = ( $privileges_read | $privileges_write ) ^ DAVICAL_MAXPRIV;
216  $remaining_privs = $existing_privs & $negative_readwrite;
217 
218  if ( $remaining_privs > 0 ) {
219  $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24)';
220  $sqlparams[':privileges'] = $remaining_privs;
221  } else {
222  $sql = 'DELETE FROM grants';
223  }
224  $sqlparams[':to_principal'] = $id;
225  $qry->QDo($sql.' WHERE to_principal=:to_principal AND by_principal=:by_principal', $sqlparams);
226  dbg_error_log("PROPPATCH", "group-member-set: %s is no longer granted %s access to %s", $id, $type, $dav_resource->getProperty('username'));
227  Principal::cacheFlush('principal_id = :to_principal', $sqlparams);
228  }
229  }
230  else {
231  /* @todo PROPPATCH set group-member-set for regular group principal */
232  dbg_error_log("ERROR", "PROPPATCH: set group-member-set for non-proxy collection: don't know what to do!");
233  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
234  'group-member-set ' . translate('unimplemented'), 'cannot-modify-protected-property');
235  break;
236  }
237  $success[$tag] = 1;
238  break;
239 
240  case 'urn:ietf:params:xml:ns:caldav:schedule-calendar-transp':
241  if ( $dav_resource->IsCollection() && ( $dav_resource->IsCalendar() || $setcalendar ) && !$dav_resource->IsBinding() ) {
242  $transparency = $setting->GetPath('urn:ietf:params:xml:ns:caldav:schedule-calendar-transp/*');
243  $transparency = preg_replace( '{^.*:}', '', $transparency[0]->GetNSTag());
244  $qry->QDo('UPDATE collection SET schedule_transp = :transparency WHERE dav_name = :dav_name',
245  array( ':dav_name' => $dav_resource->dav_name(), ':transparency' => $transparency ) );
246  $success[$tag] = 1;
247  }
248  else {
249  add_failure('set', $tag, 'HTTP/1.1 409 Conflict',
250  translate("The CalDAV:schedule-calendar-transp property may only be set on calendars."));
251  }
252  break;
253 
254  case 'urn:ietf:params:xml:ns:caldav:calendar-free-busy-set':
255  add_failure('set', $tag, 'HTTP/1.1 409 Conflict',
256  translate("The calendar-free-busy-set is superseded by the schedule-calendar-transp property of a calendar collection.") );
257  break;
258 
259  case 'urn:ietf:params:xml:ns:caldav:calendar-timezone':
260  if ( $dav_resource->IsCollection() && $dav_resource->IsCalendar() && ! $dav_resource->IsBinding() ) {
261  $tzcomponent = $setting->GetPath('urn:ietf:params:xml:ns:caldav:calendar-timezone');
262  $tzstring = $tzcomponent[0]->GetContent();
263  $calendar = new vCalendar( $tzstring );
264  $timezones = $calendar->GetComponents('VTIMEZONE');
265  if ( count($timezones) == 0 ) break;
266  $tz = $timezones[0]; // Backward compatibility
267  $tzid = $tz->GetPValue('TZID');
268  $params = array( ':tzid' => $tzid );
269  $qry = new AwlQuery('SELECT 1 FROM timezones WHERE tzid = :tzid', $params );
270  if ( $qry->Exec('PUT',__LINE__,__FILE__) && $qry->rows() == 0 ) {
271  $params[':olson_name'] = $calendar->GetOlsonName($tz);
272  $params[':vtimezone'] = (isset($tz) ? $tz->Render() : null );
273  $qry->QDo('INSERT INTO timezones (tzid, olson_name, active, vtimezone) VALUES(:tzid,:olson_name,false,:vtimezone)', $params );
274  }
275 
276  $qry->QDo('UPDATE collection SET timezone = :tzid WHERE dav_name = :dav_name',
277  array( ':tzid' => $tzid, ':dav_name' => $dav_resource->dav_name()) );
278  require_once("instance_range.php");
279  update_instance_ranges($dav_resource->dav_name());
280  }
281  else {
282  add_failure('set', $tag, 'HTTP/1.1 409 Conflict', translate("calendar-timezone property is only valid for a calendar."));
283  }
284  break;
285 
289  case 'http://calendarserver.org/ns/:getctag':
290  case 'DAV::owner':
291  case 'DAV::principal-collection-set':
292  case 'urn:ietf:params:xml:ns:caldav:calendar-user-address-set':
293  case 'urn:ietf:params:xml:ns:caldav:schedule-inbox-URL':
294  case 'urn:ietf:params:xml:ns:caldav:schedule-outbox-URL':
295  case 'DAV::getetag':
296  case 'DAV::getcontentlength':
297  case 'DAV::getcontenttype':
298  case 'DAV::getlastmodified':
299  case 'DAV::creationdate':
300  case 'DAV::lockdiscovery':
301  case 'DAV::supportedlock':
302  case 'DAV::group-membership':
303  case 'http://calendarserver.org/ns/:calendar-proxy-read-for':
304  case 'http://calendarserver.org/ns/:calendar-proxy-write-for':
305  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden', translate("Property is read-only"), 'cannot-modify-protected-property');
306  break;
307 
311  default:
312  $qry->QDo('SELECT set_dav_property( :dav_name, :user_no::integer, :tag::text, :value::text)',
313  array( ':dav_name' => $dav_resource->dav_name(), ':user_no' => $request->user_no, ':tag' => $tag, ':value' => $content) );
314  $result = $qry->Fetch();
315  if ( $result->set_dav_property ) {
316  $success[$tag] = 1;
317  } else {
318  dbg_error_log("ERROR", "failed to set_dav_property %s on %s to '%s'", $tag, $dav_resource->dav_name(), $content);
319  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden');
320  }
321  break;
322  }
323 }
324 
325 foreach( $rmprops AS $k => $setting ) {
326  $tag = $setting->GetNSTag();
327  $content = $setting->RenderContent();
328 
329  switch( $tag ) {
330 
331  case 'DAV::resourcetype':
332  add_failure('rm', $tag, 'HTTP/1.1 403 Forbidden',
333  translate("DAV::resourcetype may only be set to a new value, it may not be removed."), 'cannot-modify-protected-property');
334  break;
335 
336  case 'DAV::group-member-set':
337  if ( $dav_resource->IsProxyCollection() ) {
338  $type = 'read';
339  $privileges = privilege_to_bits( array('read', 'read-free-busy', 'schedule-deliver') );
340  if ( $dav_resource->IsProxyCollection('write') ) {
341  $type = 'write';
342  $privileges |= privilege_to_bits( array('write', 'schedule-send') );
343  }
344 
345  $by_principal = $dav_resource->getProperty('principal_id');
346  $sqlparams = array( ':by_principal' => $by_principal );
347 
348  // look up existing grants of our type
349  $existing_grants = array();
350  $qry->QDo('SELECT privileges, to_principal FROM grants WHERE by_principal = :by_principal', $sqlparams);
351  while( $row = $qry->Fetch() ) {
352  $existing_privileges = bindec($row->privileges);
353  if ( ($existing_privileges & $privileges) == $privileges ) {
354  $existing_grants[$row->to_principal] = $existing_privileges;
355  }
356  }
357 
358  // examine the members to be removed
359  $group_members = $setting->GetElements('DAV::href');
360  foreach( $group_members AS $member ) {
361  $to_principal = new Principal('path', DeconstructURL( $member->GetContent() ));
362  // "Specifying the removal of a property that does not exist is not an error."
363  if ( !$to_principal->Exists() ) continue;
364  if ( !array_key_exists($to_principal->principal_id(), $existing_grants) ) continue;
365 
366  $remaining_privileges = $existing_grants[$to_principal->principal_id()] & ($privileges ^ DAVICAL_MAXPRIV);
367  if ($remaining_privileges > 0) {
368  $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24) ';
369  $sqlparams[':privileges'] = $remaining_privileges;
370  } else {
371  $sql = 'DELETE FROM grants ';
372  }
373 
374  $sqlparams[':to_principal'] = $to_principal->principal_id();
375  $qry->QDo($sql.'WHERE by_principal = :by_principal AND to_principal = :to_principal', $sqlparams);
376 
377  dbg_error_log("PROPPATCH", "group-member-set: %s is no longer granted %s access to %s", $to_principal->username(), $type, $by_principal);
378  Principal::cacheFlush('principal_id = :to_principal', $sqlparams);
379  }
380  }
381  else {
382  /* @todo PROPPATCH remove group-member-set for regular group principal */
383  dbg_error_log("ERROR", "PROPPATCH: remove group-member-set for non-proxy collection: don't know what to do!");
384  add_failure('rm', $tag, 'HTTP/1.1 403 Forbidden',
385  'group-member-set ' . translate('unimplemented'), 'cannot-modify-protected-property');
386  break;
387  }
388  $success[$tag] = 1;
389  break;
390 
391  case 'urn:ietf:params:xml:ns:caldav:calendar-timezone':
392  if ( $dav_resource->IsCollection() && $dav_resource->IsCalendar() && ! $dav_resource->IsBinding() ) {
393  $qry->QDo('UPDATE collection SET timezone = NULL WHERE dav_name = :dav_name', array( ':dav_name' => $dav_resource->dav_name()) );
394  require_once("instance_range.php");
395  update_instance_ranges($dav_resource->dav_name());
396  }
397  else {
398  add_failure('rm', $tag, 'HTTP/1.1 403 Forbidden',
399  translate("calendar-timezone property is only valid for a calendar."), 'cannot-modify-protected-property');
400  }
401  break;
402 
406  case 'http://calendarserver.org/ns/:getctag':
407  case 'DAV::owner':
408  case 'DAV::principal-collection-set':
409  case 'urn:ietf:params:xml:ns:caldav:CALENDAR-USER-ADDRESS-SET':
410  case 'urn:ietf:params:xml:ns:caldav:schedule-inbox-URL':
411  case 'urn:ietf:params:xml:ns:caldav:schedule-outbox-URL':
412  case 'DAV::getetag':
413  case 'DAV::getcontentlength':
414  case 'DAV::getcontenttype':
415  case 'DAV::getlastmodified':
416  case 'DAV::creationdate':
417  case 'DAV::displayname':
418  case 'DAV::lockdiscovery':
419  case 'DAV::supportedlock':
420  case 'DAV::group-membership':
421  case 'http://calendarserver.org/ns/:calendar-proxy-read-for':
422  case 'http://calendarserver.org/ns/:calendar-proxy-write-for':
423  add_failure('rm', $tag, 'HTTP/1.1 409 Conflict', translate("Property is read-only"));
424  dbg_error_log( 'PROPPATCH', ' RMProperty %s is read only and cannot be removed', $tag);
425  break;
426 
430  default:
431  $qry->QDo('DELETE FROM property WHERE dav_name=:dav_name AND property_name=:property_name',
432  array( ':dav_name' => $dav_resource->dav_name(), ':property_name' => $tag) );
433  $success[$tag] = 1;
434  break;
435  }
436 }
437 
438 
442 if ( count($failure) > 0 ) {
443 
444  $qry->Rollback();
445 
446  $url = ConstructURL($request->path);
447  $multistatus = new XMLElement('multistatus');
448  array_unshift($failure,new XMLElement('responsedescription', translate("Some properties were not able to be changed.") ));
449  array_unshift($failure,new XMLElement('href', $url));
450  $response = $reply->DAVElement($multistatus,'response', $failure);
451 
452  if ( !empty($success) ) {
453  $prop = new XMLElement('prop');
454  foreach( $success AS $tag => $v ) {
455  $reply->NSElement($prop, $tag);
456  }
457  $reply->DAVElement($response, 'propstat', array( $prop, new XMLElement( 'status', 'HTTP/1.1 424 Failed Dependency' )) );
458  }
459  $request->DoResponse( 207, $reply->Render($multistatus), 'text/xml; charset="utf-8"' );
460 
461 }
462 
466 if ( $qry->Commit() ) {
467 
468  $cache = getCacheInstance();
469  $cache_ns = null;
470  if ( $dav_resource->IsPrincipal() ) {
471  $cache_ns = 'principal-'.$dav_resource->dav_name();
472  }
473  else if ( $dav_resource->IsCollection() ) {
474  // Uncache anything to do with the collection
475  $cache_ns = 'collection-'.$dav_resource->dav_name();
476  }
477 
478  if ( isset($cache_ns) ) $cache->delete( $cache_ns, null );
479 
480  if ( $request->PreferMinimal() ) {
481  $request->DoResponse(200); // Does not return.
482  }
483 
484  $url = ConstructURL($request->path);
485  $multistatus = new XMLElement('multistatus');
486  $response = $multistatus->NewElement('response');
487  $reply->DAVElement($response,'href', $url);
488  $reply->DAVElement($response,'responsedescription', translate("All requested changes were made.") );
489 
490  $prop = new XMLElement('prop');
491  foreach( $success AS $tag => $v ) {
492  $reply->NSElement($prop, $tag);
493  }
494  $reply->DAVElement($response, 'propstat', array( $prop, new XMLElement( 'status', 'HTTP/1.1 200 OK' )) );
495 
496  $url = ConstructURL($request->path);
497  array_unshift( $failure, new XMLElement('href', $url ) );
498 
499  $request->DoResponse( 207, $reply->Render($multistatus), 'text/xml; charset="utf-8"' );
500 }
501 
505 $request->DoResponse( 500 );
506 exit(0); // unneccessary
507 
Principal
Definition: Principal.php:19
DAVResource
Definition: DAVResource.php:24