nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-05-21 01:54:23 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Obfuscate event data when reader only has read-free-busy permission.

Browse Source 
Signed-off-by: Andrew McMillan <andrew@morphoss.com>
This commit is contained in:
Andrew McMillan 2011-01-04 17:08:22 +13:00
parent e70bcd80d1
commit 51576df490
2 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
inc/DAVResource.php
View File

@ -12,6 +12,7 @@
require_once('AwlCache.php');
require_once('AwlQuery.php');
require_once('DAVTicket.php');
require_once('iCalendar.php');
/**
@ -260,8 +261,18 @@ class DAVResource
else {
$this->resourcetypes = '';
if ( isset($this->resource->caldav_data) ) {
if ( substr($this->resource->caldav_data,0,15) == 'BEGIN:VCALENDAR' ) {
$this->resource->displayname = $this->resource->summary;
if ( strtoupper(substr($this->resource->caldav_data,0,15)) == 'BEGIN:VCALENDAR' ) {
$this->contenttype = 'text/calendar';
if ( !$this->HavePrivilegeTo('read') && $this->HavePrivilegeTo('read-free-busy') ) {
$vcal = new iCalComponent($this->resource->caldav_data);
$confidential = $vcal->CloneConfidential();
$this->resource->caldav_data = $confidential->Render();
$this->resource->displayname = $this->resource->summary = translate('Busy');
$this->resource->description = null;
$this->resource->location = null;
$this->resource->url = null;
}
}
else if ( strtoupper(substr($this->resource->caldav_data,0,11)) == 'BEGIN:VCARD' ) {
$this->contenttype = 'text/vcard';
@ -269,7 +280,6 @@ class DAVResource
else if ( strtoupper(substr($this->resource->caldav_data,0,11)) == 'BEGIN:VLIST' ) {
$this->contenttype = 'text/x-vlist';
}
$this->resource->displayname = $this->resource->summary;
}
}
}
@ -479,7 +489,7 @@ EOSQL;
}
@dbg_error_log( 'DAVResource', ':FetchCollection: Read cached collection named "%s" of type "%s".', $this->collection->dav_name, $this->collection->type );
}
if ( isset($this->collection->bound_from) ) {
$this->_is_binding = true;
$this->bound_from = str_replace( $this->collection->bound_to, $this->collection->bound_from, $this->dav_name);
@ -1478,9 +1488,9 @@ EOQRY;
break;
case 'DAV::owner':
// After a careful reading of RFC3744 we see that this must be the principal-URL of the owner
$owner_url = ( isset($this->_is_binding) && $this->_is_binding ? $this->collection->bind_owner_url : $this->principal_url() );
$reply->DAVElement( $prop, 'owner', $reply->href( $owner_url ) );
// The principal-URL of the owner
if ( !isset($this->principal) ) $this->FetchPrincipal();
$reply->DAVElement( $prop, 'owner', $reply->href( $this->principal->url() ) );
break;
// Empty tag responses.

6
issues/i_1378ca0a.cil
View File

@ -1,9 +1,9 @@
Summary: DAVResource should sometimes obfuscate resource data
Status: New
Status: Finished
CreatedBy: Andrew McMillan <andrew@morphoss.com>
AssignedTo:
AssignedTo: Andrew McMillan <andrew@morphoss.com>
Inserted: 2011-01-02T21:25:18
Updated: 2011-01-02T21:25:18
Updated: 2011-01-04T04:06:12
When freebusy permissions are available, DAVResource will sometimes
be called on to provide the real resource data, and in such cases