From e6bbd589733618585c69b9f8110a690cf00fdbd2 Mon Sep 17 00:00:00 2001
From: Andrew McMillan <debian@mcmillan.net.nz>
Date: Wed, 23 Jan 2008 18:41:11 +1300
Subject: [PATCH] Efficiency improvements from bypassing get_permissions() call
 in query.

---
 inc/caldav-REPORT-calquery.php | 13 ++++++++-----
 inc/caldav-REPORT-freebusy.php |  5 ++++-
 inc/caldav-REPORT-multiget.php | 14 ++++++++------
 inc/caldav-REPORT.php          |  2 +-
 4 files changed, 21 insertions(+), 13 deletions(-)

diff --git a/inc/caldav-REPORT-calquery.php b/inc/caldav-REPORT-calquery.php
index 837a7f24..af5f7e92 100644
--- a/inc/caldav-REPORT-calquery.php
+++ b/inc/caldav-REPORT-calquery.php
@@ -235,12 +235,15 @@ if ( is_array($qry_filters) ) {
   dbg_log_array( "calquery", "qry_filters", $qry_filters, true );
   $where .= BuildSqlFilter( $qry_filters );
 }
-
-$where .= "AND (calendar_item.class != 'PRIVATE' OR calendar_item.class IS NULL OR get_permissions($session->user_no,caldav_data.user_no) ~ 'A') "; // Must have 'all' permissions to see confidential items
-if ( isset($c->hide_TODO) && $c->hide_TODO ) {
-  $where .= "AND (caldav_data.caldav_type NOT IN ('VTODO') OR get_permissions($session->user_no,caldav_data.user_no) ~ 'A') ";
+if ( ! $request->AllowedTo('all') ) {
+  $where .= "AND (calendar_item.class != 'PRIVATE' OR calendar_item.class IS NULL) ";
 }
-$qry = new PgQuery( "SELECT * , get_permissions($session->user_no,caldav_data.user_no) as permissions FROM caldav_data INNER JOIN calendar_item USING(user_no, dav_name)". $where . " ORDER BY caldav_data.user_no, caldav_data.dav_name" );
+
+if ( isset($c->hide_TODO) && $c->hide_TODO && ! $request->AllowedTo('all') ) {
+  $where .= "AND caldav_data.caldav_type NOT IN ('VTODO') ";
+}
+
+$qry = new PgQuery( "SELECT * FROM caldav_data INNER JOIN calendar_item USING(user_no, dav_name)". $where . " ORDER BY caldav_data.user_no, caldav_data.dav_name" );
 if ( $qry->Exec("calquery",__LINE__,__FILE__) && $qry->rows > 0 ) {
   while( $calendar_object = $qry->Fetch() ) {
     if ( !$need_post_filter || apply_filter( $qry_filters, $calendar_object ) ) {
diff --git a/inc/caldav-REPORT-freebusy.php b/inc/caldav-REPORT-freebusy.php
index 30037914..9f0145f3 100644
--- a/inc/caldav-REPORT-freebusy.php
+++ b/inc/caldav-REPORT-freebusy.php
@@ -23,7 +23,10 @@ if ( isset( $fbq_end ) ) {
 $where .= "AND caldav_data.caldav_type IN ( 'VEVENT', 'VFREEBUSY' ) ";
 $where .= "AND (calendar_item.transp != 'TRANSPARENT' OR calendar_item.transp IS NULL) ";
 $where .= "AND (calendar_item.status != 'CANCELLED' OR calendar_item.status IS NULL) ";
-$where .= "AND (calendar_item.class != 'PRIVATE' OR calendar_item.class IS NULL OR get_permissions($session->user_no,caldav_data.user_no) ~ 'A') "; // Must have 'all' permissions to see confidential items
+
+if ( ! $request->AllowedTo('all') ) {
+  $where .= "AND (calendar_item.class != 'PRIVATE' OR calendar_item.class IS NULL) ";
+}
 
 $busy = array();
 $busy_tentative = array();
diff --git a/inc/caldav-REPORT-multiget.php b/inc/caldav-REPORT-multiget.php
index edd4fffa..f0d0a292 100644
--- a/inc/caldav-REPORT-multiget.php
+++ b/inc/caldav-REPORT-multiget.php
@@ -47,12 +47,15 @@ $where = " WHERE caldav_data.dav_name ~ ".qpg("^".$request->path)." ";
 if ( $href_in != "" ) {
   $where .= " AND caldav_data.dav_name IN ( $href_in ) ";
 }
-  
-$where .= "AND (calendar_item.class != 'PRIVATE' OR calendar_item.class IS NULL OR get_permissions($session->user_no,caldav_data.user_no) ~ 'A') "; // Must have 'all' permissions to see confidential items
-if ( isset($c->hide_TODO) && $c->hide_TODO ) {
-  $where .= "AND (caldav_data.caldav_type NOT IN ('VTODO') OR get_permissions($session->user_no,caldav_data.user_no) ~ 'A') ";
+if ( ! $request->AllowedTo('all') ) {
+  $where .= "AND (calendar_item.class != 'PRIVATE' OR calendar_item.class IS NULL) ";
 }
-$qry = new PgQuery( "SELECT * , get_permissions($session->user_no,caldav_data.user_no) as permissions FROM caldav_data INNER JOIN calendar_item USING(user_no, dav_name)". $where );
+
+if ( isset($c->hide_TODO) && $c->hide_TODO && ! $request->AllowedTo('all') ) {
+  $where .= "AND caldav_data.caldav_type NOT IN ('VTODO') ";
+}
+
+$qry = new PgQuery( "SELECT * FROM caldav_data INNER JOIN calendar_item USING(user_no, dav_name)". $where );
 if ( $qry->Exec("REPORT",__LINE__,__FILE__) && $qry->rows > 0 ) {
   while( $calendar_object = $qry->Fetch() ) {
     $responses[] = calendar_to_xml( $properties, $calendar_object );
@@ -62,4 +65,3 @@ if ( $qry->Exec("REPORT",__LINE__,__FILE__) && $qry->rows > 0 ) {
 $multistatus = new XMLElement( "multistatus", $responses, array('xmlns'=>'DAV:') );
 
 $request->XMLResponse( 207, $multistatus );
-?>
\ No newline at end of file
diff --git a/inc/caldav-REPORT.php b/inc/caldav-REPORT.php
index 727cbad8..79bedf80 100644
--- a/inc/caldav-REPORT.php
+++ b/inc/caldav-REPORT.php
@@ -70,7 +70,7 @@ function calendar_to_xml( $properties, $item ) {
   $caldav_data = $item->caldav_data;
   $displayname = $item->summary;
   if ( isset($properties['CALENDAR-DATA']) || isset($properties['DISPLAYNAME']) ) {
-    if ( !is_numeric(strpos($item->permissions,'A')) && $session->user_no != $item->user_no ){
+    if ( !$request->AllowedTo('all') && $session->user_no != $item->user_no ){
       // the user is not admin / owner of this calendarlooking at his calendar and can not admin the other cal
       if ( $item->class == 'CONFIDENTIAL' ) {
         $ical = new iCalendar( array( "icalendar" => $caldav_data) );