diff --git a/inc/CalDAVRequest.php b/inc/CalDAVRequest.php index c507343e..bd1b549a 100644 --- a/inc/CalDAVRequest.php +++ b/inc/CalDAVRequest.php @@ -16,6 +16,7 @@ require_once("XMLDocument.php"); require_once("CalDAVPrincipal.php"); +include("DAVTicket.php"); define('DEPTH_INFINITY', 9999); @@ -93,6 +94,11 @@ class CalDAVRequest */ var $supported_privileges; + /** + * A DAVTicket object, if there is a ?ticket=id or Ticket: id with this request + */ + public $ticket; + /** * Create a new CalDAVRequest object. */ @@ -203,6 +209,16 @@ class CalDAVRequest $this->lock_token = $matches[1]; } + /** + * Check for an access ticket. + */ + if ( isset($_GET['ticket']) ) { + $this->ticket = new DAVTicket($_GET['ticket']); + } + else if ( isset($_SERVER['HTTP_TICKET']) ) { + $this->ticket = new DAVTicket($_SERVER['HTTP_TICKET']); + } + /** * LOCK things use a "Timeout" header to set a series of reducing alternative values */ diff --git a/inc/DAVTicket.php b/inc/DAVTicket.php new file mode 100644 index 00000000..8655863f --- /dev/null +++ b/inc/DAVTicket.php @@ -0,0 +1,112 @@ + +* @copyright Morphoss Ltd +* @license http://gnu.org/copyleft/gpl.html GNU GPL v3 or later +*/ + +require_once('AwlQuery.php'); + + +/** +* A class for things to do with a DAV Ticket +* +* @package davical +*/ +class DAVTicket +{ + /** + * @var The ID of the ticket + */ + private $ticket_id; + + /** + * @var dav_name + */ + private $dav_name; + + /** + * @var The collection_id of/containing the ticketed resource + */ + private $target_collection_id; + + /** + * @var The resource_id of the ticketed resource, if it is not a collection + */ + private $target_resource_id; + + /** + * @var The expiry of the ticket + */ + private $expiry; + + /** + * @var The ID of the principal who owns this ticket + */ + private $dav_owner_id; + + /** + * @var A bit mask representing the privileges provided by this ticket + */ + private $privileges; + + /** + * @var A bit mask representing the privileges granted to the ticket owner to the collection (or container of this) resource. + */ + private $grantor_collection_privileges; + + /** + * Constructor + * @param string $ticket_id + */ + function __construct( $ticket_id ) { + global $c; + + $this->dav_name = null; + $this->target_collection_id = null; + $this->target_resource_id = null; + $this->expiry = null; + $this->expired = true; + $this->dav_owner_id = null; + $this->ticket_id = $ticket_id; + $this->privileges = 0; + $this->grantor_collection_privileges = 0; + + $qry = new AwlQuery( + 'SELECT access_ticket.*, collection.dav_name, (access_ticket.expiry >= current_timestamp) AS expired, + path_privs(access_ticket.dav_owner_id,collection.dav_name,:scan_depth) AS grantor_collection_privileges + FROM access_ticket JOIN collection ON (target_collection_id = collection_id) + WHERE ticket_id = :ticket_id', + array(':ticket_id' => $ticket_id, ':scan_depth' => $c->permission_scan_depth) + ); + if ( $qry->Exec('DAVTicket',__LINE__,__FILE__) && $qry->rows() == 1 && $t = $qry->Fetch() && $t->expired === 'f' ) { + foreach( $t AS $k => $v ) { + $this->{$k} = $v; + } + $this->expired = false; + $this->privileges = bindec($this->privileges); + $this->grantor_collection_privileges = bindec($this->grantor_collection_privileges); + } + if ( isset($this->target_resource_id) ) { + $qry = new AwlQuery( 'SELECT dav_name FROM caldav_data WHERE dav_id = :dav_id', array(':dav_id' => $this->target_resource_id ) ); + if ( $qry->Exec('DAVTicket',__LINE__,__FILE__) && $qry->rows() == 1 && $r = $qry->Fetch() ) { + $this->dav_name = $r->dav_name; + } + } + } + + + function dav_name() { + return $this->dav_name; + } + + + function privileges() { + return ($this->privileges & $this->grantor_collection_privileges); + } + +}