nik/davical
1
0
Fork 0
mirror of https://gitlab.com/davical-project/davical.git synced 2026-02-10 02:53:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Work in progress.

Browse Source
This commit is contained in:
Andrew McMillan 2009-12-24 20:38:20 +13:00
parent 3fb0b392fa
commit 633da890d7
1 changed files with 69 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
inc/caldav-ACL.php
View File

@ -26,4 +26,73 @@ if ( ! ini_get('open_basedir') && (isset($c->dbg['ALL']) || (isset($c->dbg['put'
$resource = new DAVResource( $request->path );
/**
* Preconditions
(DAV:no-ace-conflict): The ACEs submitted in the ACL request MUST NOT
conflict with each other. This is a catchall error code indicating
that an implementation-specific ACL restriction has been violated.
(DAV:no-protected-ace-conflict): The ACEs submitted in the ACL
request MUST NOT conflict with the protected ACEs on the resource.
For example, if the resource has a protected ACE granting DAV:write
to a given principal, then it would not be consistent if the ACL
request submitted an ACE denying DAV:write to the same principal.
(DAV:no-inherited-ace-conflict): The ACEs submitted in the ACL
request MUST NOT conflict with the inherited ACEs on the resource.
For example, if the resource inherits an ACE from its parent
collection granting DAV:write to a given principal, then it would not
be consistent if the ACL request submitted an ACE denying DAV:write
to the same principal. Note that reporting of this error will be
implementation-dependent. Implementations MUST either report this
error or allow the ACE to be set, and then let normal ACE evaluation
rules determine whether the new ACE has any impact on the privileges
available to a specific principal.
(DAV:limited-number-of-aces): The number of ACEs submitted in the ACL
request MUST NOT exceed the number of ACEs allowed on that resource.
However, ACL-compliant servers MUST support at least one ACE granting
privileges to a single principal, and one ACE granting privileges to
a group.
(DAV:deny-before-grant): All non-inherited deny ACEs MUST precede all
non-inherited grant ACEs.
(DAV:grant-only): The ACEs submitted in the ACL request MUST NOT
include a deny ACE. This precondition applies only when the ACL
restrictions of the resource include the DAV:grant-only constraint
(defined in Section 5.6.1).
(DAV:no-invert): The ACL request MUST NOT include a DAV:invert
element. This precondition applies only when the ACL semantics of
the resource includes the DAV:no-invert constraint (defined in
Section 5.6.2).
(DAV:no-abstract): The ACL request MUST NOT attempt to grant or deny
an abstract privilege (see Section 5.3).
(DAV:not-supported-privilege): The ACEs submitted in the ACL request
MUST be supported by the resource.
(DAV:missing-required-principal): The result of the ACL request MUST
have at least one ACE for each principal identified in a
DAV:required-principal XML element in the ACL semantics of that
resource (see Section 5.5).
(DAV:recognized-principal): Every principal URL in the ACL request
MUST identify a principal resource.
(DAV:allowed-principal): The principals specified in the ACEs
submitted in the ACL request MUST be allowed as principals for the
resource. For example, a server where only authenticated principals
can access resources would not allow the DAV:all or
DAV:unauthenticated principals to be used in an ACE, since these
would allow unauthenticated access to resources.
*/
$ace = $xmltree->GetPath("/DAV::acl/DAV::ace/*");
foreach( $ace AS $k => $v ) {
}
$request->DoResponse( 200 );