// if it ends in * a trailing '/' then it is referring to a DAV 'collection' but otherwise * it is referring to a DAV data item. * * Permissions are controlled as follows: * 1. if there is no component, the request has read privileges * 2. if the requester is an admin, the request has read/write priviliges * 3. if there is a component which matches the logged on user * then the request has read/write privileges * 4. otherwise we query the defined relationships between users and use * the maximum privileges returned from that analysis. */ $request_path = $_SERVER['PATH_INFO']; $path_split = preg_split('#/+#', $request_path ); $permissions = array(); if ( !isset($path_split[1]) || $path_split[1] == '' ) { dbg_error_log( "caldav", "No useful path split possible" ); unset($path_user_no); unset($path_username); $permissions = array("read" => 1 ); } else { $path_username = $path_split[1]; @dbg_error_log( "caldav", "Path split into at least /// %s /// %s /// %s", $path_split[1], $path_split[2], $path_split[3] ); $qry = new PgQuery( "SELECT * FROM usr WHERE username = ?;", $path_username ); if ( $qry->Exec("caldav") && $path_user_record = $qry->Fetch() ) { $path_user_no = $path_user_record->user_no; } if ( $session->AllowedTo("Admin") || $session->user_no == $path_user_no ) { $permissions = array('read' => 1, "write" => 1 ); } else if ( isset($path_user_no) ) { /** * We need to query the database for permissions */ $qry = new PgQuery( "SELECT get_permissions( ?, ? ) AS perm;", $session->user_no, $path_user_no); if ( $qry->Exec("caldav") && $permission_result = $qry->Fetch() ) { $permission_result = "!".$permission_result->perm; // We prepend something to ensure we get a non-zero position. $permissions = array(); if ( strpos($permission_result,"R") ) $permissions['read'] = 1; if ( strpos($permission_result,"W") ) $permissions['write'] = 1; } } } /** * If the content we are receiving is XML then we parse it here. */ $xml_parser = xml_parser_create_ns('UTF-8'); $xml_tags = array(); xml_parser_set_option ( $xml_parser, XML_OPTION_SKIP_WHITE, 1 ); xml_parse_into_struct( $xml_parser, $raw_post, $xml_tags ); xml_parser_free($xml_parser); unset($etag_if_match); unset($etag_none_match); if ( isset($_SERVER["HTTP_IF_NONE_MATCH"]) ) { $etag_none_match = str_replace('"','',$_SERVER["HTTP_IF_NONE_MATCH"]); if ( $etag_none_match == '' ) unset($etag_none_match); } if ( isset($_SERVER["HTTP_IF_MATCH"]) ) { $etag_if_match = str_replace('"','',$_SERVER["HTTP_IF_MATCH"]); if ( $etag_if_match == '' ) unset($etag_if_match); } /** * We put the code for each type of request into a separate include file */ switch ( $_SERVER['REQUEST_METHOD'] ) { case 'OPTIONS': include_once("caldav-OPTIONS.php"); break; case 'REPORT': include_once("caldav-REPORT.php"); break; case 'PROPFIND': include_once("caldav-PROPFIND.php"); break; case 'MKCALENDAR': include_once("caldav-MKCALENDAR.php"); break; case 'MKCOL': include_once("caldav-MKCOL.php"); break; case 'PUT': include_once("caldav-PUT.php"); break; case 'GET': include_once("caldav-GET.php"); break; case 'DELETE': include_once("caldav-DELETE.php"); break; default: dbg_error_log( "caldav", "Unhandled request method >>%s<<", $_SERVER['REQUEST_METHOD'] ); dbg_log_array( "caldav", 'HEADERS', $raw_headers ); dbg_log_array( "caldav", '_SERVER', $_SERVER, true ); dbg_error_log( "caldav", "RAW: %s", str_replace("\n", "",str_replace("\r", "", $raw_post)) ); } exit(0); ?>