DAViCal
caldav-PROPPATCH.php
1<?php
11dbg_error_log("PROPPATCH", "method handler");
12
13require_once('vCalendar.php');
14require_once('DAVResource.php');
15
16$dav_resource = new DAVResource($request->path);
17if ( !$dav_resource->HavePrivilegeTo('DAV::write-properties') ) {
18 $parent = $dav_resource->GetParentContainer();
19 if ( !$dav_resource->IsBinding() || !$parent->HavePrivilegeTo('DAV::write') ) {
20 $request->PreconditionFailed(403, 'DAV::write-properties', 'You do not have permission to write properties to that resource' );
21 }
22}
23
24$position = 0;
25$xmltree = BuildXMLTree( $request->xml_tags, $position);
26
27// echo $xmltree->Render();
28
29if ( $xmltree->GetNSTag() != "DAV::propertyupdate" ) {
30 $request->PreconditionFailed( 403, 'DAV::propertyupdate', 'XML request did not contain a &lt;propertyupdate&gt; tag' );
31}
32
36$setprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::set/DAV::prop/*");
37$rmprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::remove/DAV::prop/*");
38
45$failure = array();
46$success = array();
47
48$reply = new XMLDocument( array( 'DAV:' => '') );
49
57function add_failure( $type, $tag, $status, $description=null, $error_tag = null) {
58 global $failure, $reply;
59 $prop = new XMLElement('prop');
60 $reply->NSElement($prop, $tag);
61 $propstat = array($prop,new XMLElement( 'status', $status ));
62
63 if ( isset($description))
64 $propstat[] = new XMLElement( 'responsedescription', $description );
65 if ( isset($error_tag) )
66 $propstat[] = new XMLElement( 'error', new XMLElement( $error_tag ) );
67
68 $failure[$type.'-'.$tag] = new XMLElement('propstat', $propstat );
69}
70
71
77$qry = new AwlQuery();
78$qry->Begin();
79$setcalendar = count($xmltree->GetPath('/DAV::propertyupdate/DAV::set/DAV::prop/DAV::resourcetype/urn:ietf:params:xml:ns:caldav:calendar'));
80foreach( $setprops AS $k => $setting ) {
81 $tag = $setting->GetNSTag();
82 $content = $setting->RenderContent(0,null,true);
83
84 switch( $tag ) {
85
86 case 'DAV::displayname':
90 if ( $dav_resource->IsCollection() || $dav_resource->IsPrincipal() ) {
91 if ( $dav_resource->IsBinding() ) {
92 $qry->QDo('UPDATE dav_binding SET dav_displayname = :displayname WHERE dav_name = :dav_name',
93 array( ':displayname' => $content, ':dav_name' => $dav_resource->dav_name()) );
94 }
95 else if ( $dav_resource->IsPrincipal() ) {
96 $qry->QDo('UPDATE dav_principal SET fullname = :displayname, displayname = :displayname, modified = current_timestamp WHERE user_no = :user_no',
97 array( ':displayname' => $content, ':user_no' => $request->user_no) );
98 }
99 else {
100 $qry->QDo('UPDATE collection SET dav_displayname = :displayname, modified = current_timestamp WHERE dav_name = :dav_name',
101 array( ':displayname' => $content, ':dav_name' => $dav_resource->dav_name()) );
102 }
103 $success[$tag] = 1;
104 }
105 else {
106 add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
107 translate("The displayname may only be set on collections, principals or bindings."), 'cannot-modify-protected-property');
108 }
109 break;
110
111 case 'DAV::resourcetype':
116 $resourcetypes = $setting->GetPath('DAV::resourcetype/*');
117 $setcollection = false;
118 $setcalendar = false;
119 $setaddressbook = false;
120 $setother = false;
121 foreach( $resourcetypes AS $xnode ) {
122 switch( $xnode->GetNSTag() ) {
123 case 'urn:ietf:params:xml:ns:caldav:calendar': $setcalendar = true; break;
124 case 'urn:ietf:params:xml:ns:carddav:addressbook': $setaddressbook = true; break;
125 case 'DAV::collection': $setcollection = true; break;
126 default:
127 $setother = true;
128 }
129 }
130 if ( $dav_resource->IsCollection() && $setcollection && ! $dav_resource->IsPrincipal() && ! $dav_resource->IsBinding()
131 && !($setcalendar && $setaddressbook) && !$setother ) {
132 $resourcetypes = '<collection xmlns="DAV:"/>';
133 if ( $setcalendar ) $resourcetypes .= '<calendar xmlns="urn:ietf:params:xml:ns:caldav"/>';
134 else if ( $setaddressbook ) $resourcetypes .= '<addressbook xmlns="urn:ietf:params:xml:ns:carddav"/>';
135 $qry->QDo('UPDATE collection SET is_calendar = :is_calendar::boolean, is_addressbook = :is_addressbook::boolean,
136 resourcetypes = :resourcetypes WHERE dav_name = :dav_name',
137 array( ':dav_name' => $dav_resource->dav_name(), ':resourcetypes' => $resourcetypes,
138 ':is_calendar' => $setcalendar, ':is_addressbook' => $setaddressbook ) );
139 $success[$tag] = 1;
140 }
141 else if ( $setcalendar && $setaddressbook ) {
142 add_failure('set', $tag, 'HTTP/1.1 409 Conflict',
143 translate("A collection may not be both a calendar and an addressbook."));
144 }
145 else if ( $setother ) {
146 add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
147 translate("Unsupported resourcetype modification."), 'cannot-modify-protected-property');
148 }
149 else {
150 add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
151 translate("Resources may not be changed to / from collections."), 'cannot-modify-protected-property');
152 }
153 break;
154
155 case 'DAV::group-member-set':
156 if ( $dav_resource->IsProxyCollection() ) {
157 $privileges_read = privilege_to_bits( array('read', 'read-free-busy', 'schedule-deliver') );
158 $privileges_write = privilege_to_bits( array('write', 'schedule-send') );
159 $type = 'read';
160 if ( $dav_resource->IsProxyCollection('write') ) {
161 $type = 'write';
162 }
163
164 $by_principal = $dav_resource->getProperty('principal_id');
165 $sqlparams = array( ':by_principal' => $by_principal );
166
167 $existing_grants = array();
168 $qry->QDo('SELECT to_principal, privileges FROM grants WHERE by_principal = :by_principal', $sqlparams);
169 while ( $row = $qry->Fetch() ) {
170 $existing_grants[$row->to_principal] = bindec($row->privileges);
171 }
172
173 $group_members = $setting->GetElements('DAV::href');
174 foreach( $group_members AS $member ) {
175 $to_principal = new Principal('path', DeconstructURL( $member->GetContent() ));
176 if ( !$to_principal->Exists() ) {
177 add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
178 translate('Principal not found') . ': ' . $member->GetContent(), 'recognized-principal');
179 break;
180 }
181 $sqlparams[':to_principal'] = $to_principal->principal_id();
182
183 if ( array_key_exists($to_principal->principal_id(), $existing_grants) ) {
184 $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24) WHERE to_principal=:to_principal AND by_principal=:by_principal';
185 $existing_privileges = $existing_grants[$to_principal->principal_id()];
186 unset( $existing_grants[$to_principal->principal_id()] );
187 } else {
188 $sql = 'INSERT INTO grants (by_principal, to_principal, privileges) VALUES(:by_principal, :to_principal, :privileges::INT::BIT(24))';
189 $existing_privileges = 0;
190 }
191
192 $privileges = $existing_privileges | $privileges_read; // always add read privileges here
193 if ( $type == 'write' ) {
194 $privileges |= $privileges_write; // add write privileges as well
195 } else {
196 $privileges &= $privileges_write ^ DAVICAL_MAXPRIV; // substract write privileges
197 }
198 if ( $privileges == $existing_privileges ) continue; // unchanged
199 $sqlparams[':privileges'] = $privileges;
200
201 $qry->QDo($sql, $sqlparams);
202 dbg_error_log("PROPPATCH", "group-member-set: %s (%s) is granted %s access to %s", $to_principal->username(), $to_principal->principal_id(), $type, $dav_resource->getProperty('username'));
203
204 Principal::cacheDelete('dav_name',$to_principal->dav_name());
205 Principal::cacheFlush('principal_id IN (SELECT member_id FROM group_member WHERE group_id = ?)', array($to_principal->principal_id()));
206 }
207
208 // if there are any remaining grants of our $type, we need to delete them
209 // ("set" means "replace any existing property", WEBDAV RFC2518 12.13.2)
210 foreach ( $existing_grants AS $id => $existing_privs ) {
211 $have_write = $existing_privs & $privileges_write;
212 if ( $type == 'read' && $have_write ) continue;
213 if ( $type == 'write' && ! $have_write ) continue;
214
215 $negative_readwrite = ( $privileges_read | $privileges_write ) ^ DAVICAL_MAXPRIV;
216 $remaining_privs = $existing_privs & $negative_readwrite;
217
218 if ( $remaining_privs > 0 ) {
219 $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24)';
220 $sqlparams[':privileges'] = $remaining_privs;
221 } else {
222 $sql = 'DELETE FROM grants';
223 }
224 $sqlparams[':to_principal'] = $id;
225 $qry->QDo($sql.' WHERE to_principal=:to_principal AND by_principal=:by_principal', $sqlparams);
226 dbg_error_log("PROPPATCH", "group-member-set: %s is no longer granted %s access to %s", $id, $type, $dav_resource->getProperty('username'));
227 Principal::cacheFlush('principal_id = :to_principal', $sqlparams);
228 }
229 }
230 else {
231 /* @todo PROPPATCH set group-member-set for regular group principal */
232 dbg_error_log("ERROR", "PROPPATCH: set group-member-set for non-proxy collection: don't know what to do!");
233 add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
234 'group-member-set ' . translate('unimplemented'), 'cannot-modify-protected-property');
235 break;
236 }
237 $success[$tag] = 1;
238 break;
239
240 case 'urn:ietf:params:xml:ns:caldav:schedule-calendar-transp':
241 if ( $dav_resource->IsCollection() && ( $dav_resource->IsCalendar() || $setcalendar ) && !$dav_resource->IsBinding() ) {
242 $transparency = $setting->GetPath('urn:ietf:params:xml:ns:caldav:schedule-calendar-transp/*');
243 $transparency = preg_replace( '{^.*:}', '', $transparency[0]->GetNSTag());
244 $qry->QDo('UPDATE collection SET schedule_transp = :transparency WHERE dav_name = :dav_name',
245 array( ':dav_name' => $dav_resource->dav_name(), ':transparency' => $transparency ) );
246 $success[$tag] = 1;
247 }
248 else {
249 add_failure('set', $tag, 'HTTP/1.1 409 Conflict',
250 translate("The CalDAV:schedule-calendar-transp property may only be set on calendars."));
251 }
252 break;
253
254 case 'urn:ietf:params:xml:ns:caldav:calendar-free-busy-set':
255 add_failure('set', $tag, 'HTTP/1.1 409 Conflict',
256 translate("The calendar-free-busy-set is superseded by the schedule-calendar-transp property of a calendar collection.") );
257 break;
258
259 case 'urn:ietf:params:xml:ns:caldav:calendar-timezone':
260 if ( $dav_resource->IsCollection() && $dav_resource->IsCalendar() && ! $dav_resource->IsBinding() ) {
261 $tzcomponent = $setting->GetPath('urn:ietf:params:xml:ns:caldav:calendar-timezone');
262 $tzstring = $tzcomponent[0]->GetContent();
263 $calendar = new vCalendar( $tzstring );
264 $timezones = $calendar->GetComponents('VTIMEZONE');
265 if ( count($timezones) == 0 ) break;
266 $tz = $timezones[0]; // Backward compatibility
267 $tzid = $tz->GetPValue('TZID');
268 $params = array( ':tzid' => $tzid );
269 $qry = new AwlQuery('SELECT 1 FROM timezones WHERE tzid = :tzid', $params );
270 if ( $qry->Exec('PUT',__LINE__,__FILE__) && $qry->rows() == 0 ) {
271 $params[':olson_name'] = $calendar->GetOlsonName($tz);
272 $params[':vtimezone'] = (isset($tz) ? $tz->Render() : null );
273 $qry->QDo('INSERT INTO timezones (tzid, olson_name, active, vtimezone) VALUES(:tzid,:olson_name,false,:vtimezone)', $params );
274 }
275
276 $qry->QDo('UPDATE collection SET timezone = :tzid WHERE dav_name = :dav_name',
277 array( ':tzid' => $tzid, ':dav_name' => $dav_resource->dav_name()) );
278 require_once("instance_range.php");
279 update_instance_ranges($dav_resource->dav_name());
280 }
281 else {
282 add_failure('set', $tag, 'HTTP/1.1 409 Conflict', translate("calendar-timezone property is only valid for a calendar."));
283 }
284 break;
285
289 case 'http://calendarserver.org/ns/:getctag':
290 case 'DAV::owner':
291 case 'DAV::principal-collection-set':
292 case 'urn:ietf:params:xml:ns:caldav:calendar-user-address-set':
293 case 'urn:ietf:params:xml:ns:caldav:schedule-inbox-URL':
294 case 'urn:ietf:params:xml:ns:caldav:schedule-outbox-URL':
295 case 'DAV::getetag':
296 case 'DAV::getcontentlength':
297 case 'DAV::getcontenttype':
298 case 'DAV::getlastmodified':
299 case 'DAV::creationdate':
300 case 'DAV::lockdiscovery':
301 case 'DAV::supportedlock':
302 case 'DAV::group-membership':
303 case 'http://calendarserver.org/ns/:calendar-proxy-read-for':
304 case 'http://calendarserver.org/ns/:calendar-proxy-write-for':
305 add_failure('set', $tag, 'HTTP/1.1 403 Forbidden', translate("Property is read-only"), 'cannot-modify-protected-property');
306 break;
307
311 default:
312 $qry->QDo('SELECT set_dav_property( :dav_name, :user_no::integer, :tag::text, :value::text)',
313 array( ':dav_name' => $dav_resource->dav_name(), ':user_no' => $request->user_no, ':tag' => $tag, ':value' => $content) );
314 $result = $qry->Fetch();
315 if ( $result->set_dav_property ) {
316 $success[$tag] = 1;
317 } else {
318 dbg_error_log("ERROR", "failed to set_dav_property %s on %s to '%s'", $tag, $dav_resource->dav_name(), $content);
319 add_failure('set', $tag, 'HTTP/1.1 403 Forbidden');
320 }
321 break;
322 }
323}
324
325foreach( $rmprops AS $k => $setting ) {
326 $tag = $setting->GetNSTag();
327 $content = $setting->RenderContent();
328
329 switch( $tag ) {
330
331 case 'DAV::resourcetype':
332 add_failure('rm', $tag, 'HTTP/1.1 403 Forbidden',
333 translate("DAV::resourcetype may only be set to a new value, it may not be removed."), 'cannot-modify-protected-property');
334 break;
335
336 case 'DAV::group-member-set':
337 if ( $dav_resource->IsProxyCollection() ) {
338 $type = 'read';
339 $privileges = privilege_to_bits( array('read', 'read-free-busy', 'schedule-deliver') );
340 if ( $dav_resource->IsProxyCollection('write') ) {
341 $type = 'write';
342 $privileges |= privilege_to_bits( array('write', 'schedule-send') );
343 }
344
345 $by_principal = $dav_resource->getProperty('principal_id');
346 $sqlparams = array( ':by_principal' => $by_principal );
347
348 // look up existing grants of our type
349 $existing_grants = array();
350 $qry->QDo('SELECT privileges, to_principal FROM grants WHERE by_principal = :by_principal', $sqlparams);
351 while( $row = $qry->Fetch() ) {
352 $existing_privileges = bindec($row->privileges);
353 if ( ($existing_privileges & $privileges) == $privileges ) {
354 $existing_grants[$row->to_principal] = $existing_privileges;
355 }
356 }
357
358 // examine the members to be removed
359 $group_members = $setting->GetElements('DAV::href');
360 foreach( $group_members AS $member ) {
361 $to_principal = new Principal('path', DeconstructURL( $member->GetContent() ));
362 // "Specifying the removal of a property that does not exist is not an error."
363 if ( !$to_principal->Exists() ) continue;
364 if ( !array_key_exists($to_principal->principal_id(), $existing_grants) ) continue;
365
366 $remaining_privileges = $existing_grants[$to_principal->principal_id()] & ($privileges ^ DAVICAL_MAXPRIV);
367 if ($remaining_privileges > 0) {
368 $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24) ';
369 $sqlparams[':privileges'] = $remaining_privileges;
370 } else {
371 $sql = 'DELETE FROM grants ';
372 }
373
374 $sqlparams[':to_principal'] = $to_principal->principal_id();
375 $qry->QDo($sql.'WHERE by_principal = :by_principal AND to_principal = :to_principal', $sqlparams);
376
377 dbg_error_log("PROPPATCH", "group-member-set: %s is no longer granted %s access to %s", $to_principal->username(), $type, $by_principal);
378 Principal::cacheFlush('principal_id = :to_principal', $sqlparams);
379 }
380 }
381 else {
382 /* @todo PROPPATCH remove group-member-set for regular group principal */
383 dbg_error_log("ERROR", "PROPPATCH: remove group-member-set for non-proxy collection: don't know what to do!");
384 add_failure('rm', $tag, 'HTTP/1.1 403 Forbidden',
385 'group-member-set ' . translate('unimplemented'), 'cannot-modify-protected-property');
386 break;
387 }
388 $success[$tag] = 1;
389 break;
390
391 case 'urn:ietf:params:xml:ns:caldav:calendar-timezone':
392 if ( $dav_resource->IsCollection() && $dav_resource->IsCalendar() && ! $dav_resource->IsBinding() ) {
393 $qry->QDo('UPDATE collection SET timezone = NULL WHERE dav_name = :dav_name', array( ':dav_name' => $dav_resource->dav_name()) );
394 require_once("instance_range.php");
395 update_instance_ranges($dav_resource->dav_name());
396 }
397 else {
398 add_failure('rm', $tag, 'HTTP/1.1 403 Forbidden',
399 translate("calendar-timezone property is only valid for a calendar."), 'cannot-modify-protected-property');
400 }
401 break;
402
406 case 'http://calendarserver.org/ns/:getctag':
407 case 'DAV::owner':
408 case 'DAV::principal-collection-set':
409 case 'urn:ietf:params:xml:ns:caldav:CALENDAR-USER-ADDRESS-SET':
410 case 'urn:ietf:params:xml:ns:caldav:schedule-inbox-URL':
411 case 'urn:ietf:params:xml:ns:caldav:schedule-outbox-URL':
412 case 'DAV::getetag':
413 case 'DAV::getcontentlength':
414 case 'DAV::getcontenttype':
415 case 'DAV::getlastmodified':
416 case 'DAV::creationdate':
417 case 'DAV::displayname':
418 case 'DAV::lockdiscovery':
419 case 'DAV::supportedlock':
420 case 'DAV::group-membership':
421 case 'http://calendarserver.org/ns/:calendar-proxy-read-for':
422 case 'http://calendarserver.org/ns/:calendar-proxy-write-for':
423 add_failure('rm', $tag, 'HTTP/1.1 409 Conflict', translate("Property is read-only"));
424 dbg_error_log( 'PROPPATCH', ' RMProperty %s is read only and cannot be removed', $tag);
425 break;
426
430 default:
431 $qry->QDo('DELETE FROM property WHERE dav_name=:dav_name AND property_name=:property_name',
432 array( ':dav_name' => $dav_resource->dav_name(), ':property_name' => $tag) );
433 $success[$tag] = 1;
434 break;
435 }
436}
437
438
442if ( count($failure) > 0 ) {
443
444 $qry->Rollback();
445
446 $url = ConstructURL($request->path);
447 $multistatus = new XMLElement('multistatus');
448 array_unshift($failure,new XMLElement('responsedescription', translate("Some properties were not able to be changed.") ));
449 array_unshift($failure,new XMLElement('href', $url));
450 $response = $reply->DAVElement($multistatus,'response', $failure);
451
452 if ( !empty($success) ) {
453 $prop = new XMLElement('prop');
454 foreach( $success AS $tag => $v ) {
455 $reply->NSElement($prop, $tag);
456 }
457 $reply->DAVElement($response, 'propstat', array( $prop, new XMLElement( 'status', 'HTTP/1.1 424 Failed Dependency' )) );
458 }
459 $request->DoResponse( 207, $reply->Render($multistatus), 'text/xml; charset="utf-8"' );
460
461}
462
466if ( $qry->Commit() ) {
467
468 $cache = getCacheInstance();
469 $cache_ns = null;
470 if ( $dav_resource->IsPrincipal() ) {
471 $cache_ns = 'principal-'.$dav_resource->dav_name();
472 }
473 else if ( $dav_resource->IsCollection() ) {
474 // Uncache anything to do with the collection
475 $cache_ns = 'collection-'.$dav_resource->dav_name();
476 }
477
478 if ( isset($cache_ns) ) $cache->delete( $cache_ns, null );
479
480 if ( $request->PreferMinimal() ) {
481 $request->DoResponse(200); // Does not return.
482 }
483
484 $url = ConstructURL($request->path);
485 $multistatus = new XMLElement('multistatus');
486 $response = $multistatus->NewElement('response');
487 $reply->DAVElement($response,'href', $url);
488 $reply->DAVElement($response,'responsedescription', translate("All requested changes were made.") );
489
490 $prop = new XMLElement('prop');
491 foreach( $success AS $tag => $v ) {
492 $reply->NSElement($prop, $tag);
493 }
494 $reply->DAVElement($response, 'propstat', array( $prop, new XMLElement( 'status', 'HTTP/1.1 200 OK' )) );
495
496 $url = ConstructURL($request->path);
497 array_unshift( $failure, new XMLElement('href', $url ) );
498
499 $request->DoResponse( 207, $reply->Render($multistatus), 'text/xml; charset="utf-8"' );
500}
501
505$request->DoResponse( 500 );
506exit(0); // unneccessary
507