From 1fec8fd111cc0490faf8672934e16630b676100a Mon Sep 17 00:00:00 2001
From: Andrew Ruthven <andrew@etc.gen.nz>
Date: Wed, 22 Jan 2025 14:47:18 +1300
Subject: [PATCH] Add debug logging for ACE changes

---
 inc/caldav-ACL.php | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/inc/caldav-ACL.php b/inc/caldav-ACL.php
index cb0fa213..93b90c66 100644
--- a/inc/caldav-ACL.php
+++ b/inc/caldav-ACL.php
@@ -125,6 +125,9 @@ function process_ace( $grantor, $by_principal, $by_collection, $ace ) {
   $principal_content = $principal_node->GetContent();
   if ( count($principal_content) != 1 ) $request->MalformedRequest('ACL request must contain exactly one principal per ACE');
   $principal_content = $principal_content[0];
+
+  dbg_error_log( 'ACE', 'NSTag: "%s", by_collection: %s, by_principal: %s', $principal_content->GetNSTag(), $by_collection ?? 'Null', $by_principal ?? 'Null');
+
   switch( $principal_content->GetNSTag() ) {
     case 'DAV::property':
       $principal_property = $principal_content->GetContent();
@@ -142,8 +145,10 @@ function process_ace( $grantor, $by_principal, $by_collection, $ace ) {
       $principal_type = 'href';
       $grantee = new DAVResource( DeconstructURL($principal_content->GetContent()) );
       $grantee_id = $grantee->getProperty('principal_id');
+
       if ( !$grantee->Exists() || !$grantee->IsPrincipal() )
         $request->PreconditionFailed(403,'recognized-principal', 'Principal "' . $principal_content->GetContent() . '" not found.');
+
       $sqlparms = array( ':to_principal' => $grantee_id);
       $where = 'WHERE to_principal=:to_principal AND ';
       if ( isset($by_principal) ) {
@@ -154,6 +159,7 @@ function process_ace( $grantor, $by_principal, $by_collection, $ace ) {
         $sqlparms[':by_collection'] = $by_collection;
         $where .= 'by_collection = :by_collection';
       }
+
       $qry = new AwlQuery('SELECT privileges FROM grants '.$where, $sqlparms);
       if ( $qry->Exec('ACL',__LINE__,__FILE__) && $qry->rows() == 1 && $current = $qry->Fetch() ) {
         $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24) '.$where;
@@ -169,6 +175,15 @@ function process_ace( $grantor, $by_principal, $by_collection, $ace ) {
         Principal::cacheDelete('dav_name',$grantee->dav_name());
         Principal::cacheFlush('principal_id IN (SELECT member_id FROM group_member WHERE group_id = ?)', array($grantee_id));
       }
+
+      /**
+       *  Basically this has changed everyone's permissions now, so...
+       */
+      $cache = getCacheInstance();
+      $cache->flush();
+
+      #Principal::cacheFlush('TRUE');
+
       break;
 
     case 'DAV::authenticated':