From 10afabbeb9dba524e3ac2115814a1fb675afb88e Mon Sep 17 00:00:00 2001 From: Andrew McMillan Date: Mon, 31 Oct 2011 13:15:49 +1300 Subject: [PATCH] Rationalise confidential event rewriting and fix $c->hide_alarm function. --- inc/DAVResource.php | 2 +- inc/caldav-REPORT-calquery.php | 14 +- inc/caldav-REPORT.php | 148 +++--------------- .../regression-suite/0218-Moz-REPORT.result | 21 +-- .../regression-suite/0219-Moz-REPORT.result | 21 +-- 5 files changed, 51 insertions(+), 155 deletions(-) diff --git a/inc/DAVResource.php b/inc/DAVResource.php index eb196b66..03c4d9ee 100644 --- a/inc/DAVResource.php +++ b/inc/DAVResource.php @@ -283,7 +283,7 @@ class DAVResource $this->resource->location = null; $this->resource->url = null; } - else if ( isset($c->hide_alarms) && $c->hide_alarms && !$this->HavePrivilegeTo('write') ) { + else if ( isset($c->hide_alarm) && $c->hide_alarm && !$this->HavePrivilegeTo('write') ) { $vcal1 = new iCalComponent($this->resource->caldav_data); $comps = $vcal1->GetComponents(); $vcal2 = new iCalComponent(); diff --git a/inc/caldav-REPORT-calquery.php b/inc/caldav-REPORT-calquery.php index 8419c243..eda04f9d 100644 --- a/inc/caldav-REPORT-calquery.php +++ b/inc/caldav-REPORT-calquery.php @@ -334,25 +334,25 @@ $sql = 'SELECT caldav_data.*,calendar_item.* FROM collection INNER JOIN caldav_ if ( isset($c->strict_result_ordering) && $c->strict_result_ordering ) $sql .= " ORDER BY caldav_data.dav_id"; $qry = new AwlQuery( $sql, $params ); if ( $qry->Exec("calquery",__LINE__,__FILE__) && $qry->rows() > 0 ) { - while( $calendar_object = $qry->Fetch() ) { - if ( !$need_post_filter || apply_filter( $qry_filters, $calendar_object ) ) { + while( $dav_object = $qry->Fetch() ) { + if ( !$need_post_filter || apply_filter( $qry_filters, $dav_object ) ) { if ( $bound_from != $target_collection->dav_name() ) { - $calendar_object->dav_name = str_replace( $bound_from, $target_collection->dav_name(), $calendar_object->dav_name); + $dav_object->dav_name = str_replace( $bound_from, $target_collection->dav_name(), $dav_object->dav_name); } if ( $need_expansion ) { - $vResource = new vComponent($calendar_object->caldav_data); + $vResource = new vComponent($dav_object->caldav_data); $expanded = expand_event_instances($vResource, $expand_range_start, $expand_range_end, $expand_as_floating ); if ( $expanded->ComponentCount() == 0 ) continue; - if ( $need_expansion ) $calendar_object->caldav_data = $expanded->Render(); + if ( $need_expansion ) $dav_object->caldav_data = $expanded->Render(); } else if ( isset($range_filter) ) { - $vResource = new vComponent($calendar_object->caldav_data); + $vResource = new vComponent($dav_object->caldav_data); $expanded = getVCalendarRange($vResource); dbg_error_log('calquery', 'Expanded to %s:%s which might overlap %s:%s', $expanded->from, $expanded->until, $range_filter->from, $range_filter->until ); if ( !$expanded->overlaps($range_filter) ) continue; } - $responses[] = calendar_to_xml( $properties, $calendar_object ); + $responses[] = component_to_xml( $properties, $dav_object ); } } } diff --git a/inc/caldav-REPORT.php b/inc/caldav-REPORT.php index ca1848a7..c100e5d8 100644 --- a/inc/caldav-REPORT.php +++ b/inc/caldav-REPORT.php @@ -39,7 +39,7 @@ if ( $xmltree->GetTag() != 'DAV::principal-property-search' $target->NeedPrivilege( array('DAV::read', 'urn:ietf:params:xml:ns:caldav:read-free-busy'), true ); // They may have either } -require_once("iCalendar.php"); +require_once("vCalendar.php"); $reportnum = -1; $report = array(); @@ -80,110 +80,6 @@ switch( $xmltree->GetTag() ) { } -/** -* Return XML for a single calendar (or todo) entry from the DB -* -* @param array $properties The properties for this calendar -* @param string $item The calendar data for this calendar -* -* @return string An XML document which is the response for the calendar -*/ -function calendar_to_xml( $properties, $item ) { - global $session, $c, $request, $reply; - - dbg_error_log("REPORT","Building XML Response for item '%s'", $item->dav_name ); - - $denied = array(); - $caldav_data = $item->caldav_data; - $displayname = $item->summary; - if ( isset($properties['calendar-data']) || isset($properties['displayname']) ) { - if ( !$request->AllowedTo('all') && $session->user_no != $item->user_no ){ - // the user is not admin / owner of this calendarlooking at his calendar and can not admin the other cal - /** @todo We should examine the ORGANIZER and ATTENDEE fields in the event. If this person is there then they should see this */ - if ( $item->class == 'CONFIDENTIAL' || !$request->AllowedTo('read') ) { - $ical = new iCalComponent( $caldav_data ); - $resources = $ical->GetComponents('VTIMEZONE',false); - $first = $resources[0]; - - // if the event is confidential we fake one that just says "Busy" - $confidential = new iCalComponent(); - $confidential->SetType($first->GetType()); - $confidential->AddProperty( 'SUMMARY', translate('Busy') ); - $confidential->AddProperty( 'CLASS', 'CONFIDENTIAL' ); - $confidential->SetProperties( $first->GetProperties('DTSTART'), 'DTSTART' ); - $confidential->SetProperties( $first->GetProperties('RRULE'), 'RRULE' ); - $confidential->SetProperties( $first->GetProperties('DURATION'), 'DURATION' ); - $confidential->SetProperties( $first->GetProperties('DTEND'), 'DTEND' ); - $confidential->SetProperties( $first->GetProperties('UID'), 'UID' ); - $ical->SetComponents(array($confidential),$confidential->GetType()); - - $caldav_data = $ical->Render(); - $displayname = translate('Busy'); - } - } - } - - $url = ConstructURL($item->dav_name); - - $prop = new XMLElement("prop"); - foreach( $properties AS $k => $v ) { - switch( $k ) { - case 'getcontentlength': - $contentlength = strlen($caldav_data); - $prop->NewElement($k, $contentlength ); - break; - case 'getlastmodified': - $prop->NewElement($k, ISODateToHTTPDate($item->modified) ); - break; - case 'calendar-data': - $reply->CalDAVElement($prop, $k, $caldav_data ); - break; - case 'getcontenttype': - $prop->NewElement($k, "text/calendar" ); - break; - case 'current-user-principal': - $prop->NewElement("current-user-principal", $request->current_user_principal_xml); - break; - case 'displayname': - $prop->NewElement($k, $displayname ); - break; - case 'resourcetype': - $prop->NewElement($k); // Just an empty resourcetype for a non-collection. - break; - case 'getetag': - $prop->NewElement($k, '"'.$item->dav_etag.'"' ); - break; - case '"current-user-privilege-set"': - $prop->NewElement($k, privileges($request->permissions) ); - break; - case 'SOME-DENIED-PROPERTY': /** indicating the style for future expansion */ - $denied[] = $v; - break; - default: - dbg_error_log( 'REPORT', "Request for unsupported property '%s' of calendar item.", $v ); - $unsupported[] = $v; - } - } - $status = new XMLElement("status", "HTTP/1.1 200 OK" ); - - $propstat = new XMLElement( "propstat", array( $prop, $status) ); - $href = new XMLElement("href", $url ); - $elements = array($href,$propstat); - - if ( count($denied) > 0 ) { - $status = new XMLElement("status", "HTTP/1.1 403 Forbidden" ); - $noprop = new XMLElement("prop"); - foreach( $denied AS $k => $v ) { - $noprop->NewElement( strtolower($v) ); - } - $elements[] = new XMLElement( "propstat", array( $noprop, $status) ); - } - - $response = new XMLElement( "response", $elements ); - - return $response; -} - /** * Return XML for a single component from the DB @@ -219,33 +115,27 @@ function component_to_xml( $properties, $item ) { $contenttype = 'text/vcard'; break; } - if ( isset($properties['calendar-data']) || isset($properties['displayname']) ) { - if ( !$request->AllowedTo('all') && $session->user_no != $item->user_no ){ - // the user is not admin / owner of this calendarlooking at his calendar and can not admin the other cal - /** @todo We should examine the ORGANIZER and ATTENDEE fields in the event. If this person is there then they should see this */ - if ( $type == 'calendar' && $item->class == 'CONFIDENTIAL' || !$request->AllowedTo('read') ) { - $ical = new iCalComponent( $caldav_data ); - $resources = $ical->GetComponents('VTIMEZONE',false); - $first = $resources[0]; - - // if the event is confidential we fake one that just says "Busy" - $confidential = new iCalComponent(); - $confidential->SetType($first->GetType()); - $confidential->AddProperty( 'SUMMARY', translate('Busy') ); - $confidential->AddProperty( 'CLASS', 'CONFIDENTIAL' ); - $confidential->SetProperties( $first->GetProperties('DTSTART'), 'DTSTART' ); - $confidential->SetProperties( $first->GetProperties('RRULE'), 'RRULE' ); - $confidential->SetProperties( $first->GetProperties('DURATION'), 'DURATION' ); - $confidential->SetProperties( $first->GetProperties('DTEND'), 'DTEND' ); - $confidential->SetProperties( $first->GetProperties('UID'), 'UID' ); - $ical->SetComponents(array($confidential),$confidential->GetType()); - - $caldav_data = $ical->Render(); - $displayname = translate('Busy'); + if ( $type == 'calendar' ) { + if ( isset($properties['calendar-data']) || isset($properties['displayname']) ) { + if ( !$request->AllowedTo('all') && $session->user_no != $item->user_no ) { + // the user is not admin / owner of this calendar looking at his calendar and can not admin the other cal + if ( $item->class == 'CONFIDENTIAL' || !$request->AllowedTo('read') ) { + dbg_error_log("REPORT","Anonymising confidential event for: %s", $item->dav_name ); + $vcal = new vCalendar( $caldav_data ); + $caldav_data = $vcal->Confidential()->Render(); + $displayname = translate('Busy'); + } } } + + if ( isset($properties['calendar-data']) && isset($c->hide_alarm) && $c->hide_alarm && !$request->HavePrivilegeTo('write') ) { + dbg_error_log("REPORT","Stripping event alarms for: %s", $item->dav_name ); + $vcal = new vCalendar($caldav_data); + $vcal->ClearComponents('VALARM'); + $caldav_data = $vcal->Render(); + } } - + $url = ConstructURL($item->dav_name); $prop = new XMLElement("prop"); diff --git a/testing/tests/regression-suite/0218-Moz-REPORT.result b/testing/tests/regression-suite/0218-Moz-REPORT.result index fb357ead..298b9150 100644 --- a/testing/tests/regression-suite/0218-Moz-REPORT.result +++ b/testing/tests/regression-suite/0218-Moz-REPORT.result @@ -2,8 +2,8 @@ HTTP/1.1 207 Multi-Status Date: Dow, 01 Jan 2000 00:00:00 GMT DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule DAV: extended-mkcol, calendar-proxy, bind, addressbook, calendar-auto-schedule -ETag: "452f45250e12e66d9f6db823b4615a48" -Content-Length: 3503 +ETag: "987fc68a44b7bc99bdf6fe3ab2d0b0ad" +Content-Length: 3587 Content-Type: text/xml; charset="utf-8" @@ -60,6 +60,16 @@ END:VCALENDAR BEGIN:VCALENDAR PRODID:-//Mozilla Calendar//NONSGML Sunbird//EN VERSION:2.0 +BEGIN:VEVENT +CREATED:20061223T032350Z +LAST-MODIFIED:20061223T033144Z +DTSTAMP:20061223T033144Z +UID:9d050be7-8a02-4355-8ed3-02a9fc5f473f +CLASS:CONFIDENTIAL +DTSTART;TZID=/mozilla.org/20050126_1/Antarctica/McMurdo:20061223T160000 +DTEND;TZID=/mozilla.org/20050126_1/Antarctica/McMurdo:20061223T180000 +SUMMARY:Busy +END:VEVENT BEGIN:VTIMEZONE TZID:/mozilla.org/20050126_1/Antarctica/McMurdo X-LIC-LOCATION:Antarctica/McMurdo @@ -78,13 +88,6 @@ DTSTART:19701004T020000 RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=1SU;BYMONTH=10 END:DAYLIGHT END:VTIMEZONE -BEGIN:VEVENT -SUMMARY:Busy -CLASS:CONFIDENTIAL -DTSTART;TZID=/mozilla.org/20050126_1/Antarctica/McMurdo:20061223T160000 -DTEND;TZID=/mozilla.org/20050126_1/Antarctica/McMurdo:20061223T180000 -UID:9d050be7-8a02-4355-8ed3-02a9fc5f473f -END:VEVENT END:VCALENDAR diff --git a/testing/tests/regression-suite/0219-Moz-REPORT.result b/testing/tests/regression-suite/0219-Moz-REPORT.result index 11acd203..1ae215d0 100644 --- a/testing/tests/regression-suite/0219-Moz-REPORT.result +++ b/testing/tests/regression-suite/0219-Moz-REPORT.result @@ -2,8 +2,8 @@ HTTP/1.1 207 Multi-Status Date: Dow, 01 Jan 2000 00:00:00 GMT DAV: 1, 2, 3, access-control, calendar-access, calendar-schedule DAV: extended-mkcol, calendar-proxy, bind, addressbook -ETag: "452f45250e12e66d9f6db823b4615a48" -Content-Length: 3503 +ETag: "987fc68a44b7bc99bdf6fe3ab2d0b0ad" +Content-Length: 3587 Content-Type: text/xml; charset="utf-8" @@ -60,6 +60,16 @@ END:VCALENDAR BEGIN:VCALENDAR PRODID:-//Mozilla Calendar//NONSGML Sunbird//EN VERSION:2.0 +BEGIN:VEVENT +CREATED:20061223T032350Z +LAST-MODIFIED:20061223T033144Z +DTSTAMP:20061223T033144Z +UID:9d050be7-8a02-4355-8ed3-02a9fc5f473f +CLASS:CONFIDENTIAL +DTSTART;TZID=/mozilla.org/20050126_1/Antarctica/McMurdo:20061223T160000 +DTEND;TZID=/mozilla.org/20050126_1/Antarctica/McMurdo:20061223T180000 +SUMMARY:Busy +END:VEVENT BEGIN:VTIMEZONE TZID:/mozilla.org/20050126_1/Antarctica/McMurdo X-LIC-LOCATION:Antarctica/McMurdo @@ -78,13 +88,6 @@ DTSTART:19701004T020000 RRULE:FREQ=YEARLY;INTERVAL=1;BYDAY=1SU;BYMONTH=10 END:DAYLIGHT END:VTIMEZONE -BEGIN:VEVENT -SUMMARY:Busy -CLASS:CONFIDENTIAL -DTSTART;TZID=/mozilla.org/20050126_1/Antarctica/McMurdo:20061223T160000 -DTEND;TZID=/mozilla.org/20050126_1/Antarctica/McMurdo:20061223T180000 -UID:9d050be7-8a02-4355-8ed3-02a9fc5f473f -END:VEVENT END:VCALENDAR