DAViCal
caldav-PROPPATCH.php
1 <?php
11 dbg_error_log("PROPPATCH", "method handler");
12 
13 require_once('vCalendar.php');
14 require_once('DAVResource.php');
15 
16 $dav_resource = new DAVResource($request->path);
17 if ( !$dav_resource->HavePrivilegeTo('DAV::write-properties') ) {
18  $parent = $dav_resource->GetParentContainer();
19  if ( !$dav_resource->IsBinding() || !$parent->HavePrivilegeTo('DAV::write') ) {
20  $request->PreconditionFailed(403, 'DAV::write-properties', 'You do not have permission to write properties to that resource' );
21  }
22 }
23 
24 $position = 0;
25 $xmltree = BuildXMLTree( $request->xml_tags, $position);
26 
27 // echo $xmltree->Render();
28 
29 if ( $xmltree->GetNSTag() != "DAV::propertyupdate" ) {
30  $request->PreconditionFailed( 403, 'DAV::propertyupdate', 'XML request did not contain a &lt;propertyupdate&gt; tag' );
31 }
32 
36 $setprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::set/DAV::prop/*");
37 $rmprops = $xmltree->GetPath("/DAV::propertyupdate/DAV::remove/DAV::prop/*");
38 
45 $failure = array();
46 $success = array();
47 
48 $reply = new XMLDocument( array( 'DAV:' => '') );
49 
57 function add_failure( $type, $tag, $status, $description=null, $error_tag = null) {
58  global $failure, $reply;
59  $prop = new XMLElement('prop');
60  $reply->NSElement($prop, $tag);
61  $propstat = array($prop,new XMLElement( 'status', $status ));
62 
63  if ( isset($description))
64  $propstat[] = new XMLElement( 'responsedescription', $description );
65  if ( isset($error_tag) )
66  $propstat[] = new XMLElement( 'error', new XMLElement( $error_tag ) );
67 
68  $failure[$type.'-'.$tag] = new XMLElement('propstat', $propstat );
69 }
70 
71 
77 $qry = new AwlQuery();
78 $qry->Begin();
79 $setcalendar = count($xmltree->GetPath('/DAV::propertyupdate/DAV::set/DAV::prop/DAV::resourcetype/urn:ietf:params:xml:ns:caldav:calendar'));
80 foreach( $setprops AS $k => $setting ) {
81  $tag = $setting->GetNSTag();
82  $content = $setting->RenderContent(0,null,true);
83 
84  switch( $tag ) {
85 
86  case 'DAV::displayname':
90  if ( $dav_resource->IsCollection() || $dav_resource->IsPrincipal() ) {
91  if ( $dav_resource->IsBinding() ) {
92  $qry->QDo('UPDATE dav_binding SET dav_displayname = :displayname WHERE dav_name = :dav_name',
93  array( ':displayname' => $content, ':dav_name' => $dav_resource->dav_name()) );
94  }
95  else if ( $dav_resource->IsPrincipal() ) {
96  $qry->QDo('UPDATE dav_principal SET fullname = :displayname, displayname = :displayname, modified = current_timestamp WHERE user_no = :user_no',
97  array( ':displayname' => $content, ':user_no' => $request->user_no) );
98  }
99  else {
100  $qry->QDo('UPDATE collection SET dav_displayname = :displayname, modified = current_timestamp WHERE dav_name = :dav_name',
101  array( ':displayname' => $content, ':dav_name' => $dav_resource->dav_name()) );
102  }
103  $success[$tag] = 1;
104  }
105  else {
106  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
107  translate("The displayname may only be set on collections, principals or bindings."), 'cannot-modify-protected-property');
108  }
109  break;
110 
111  case 'DAV::resourcetype':
116  $resourcetypes = $setting->GetPath('DAV::resourcetype/*');
117  $setcollection = false;
118  $setcalendar = false;
119  $setaddressbook = false;
120  $setother = false;
121  foreach( $resourcetypes AS $xnode ) {
122  switch( $xnode->GetNSTag() ) {
123  case 'urn:ietf:params:xml:ns:caldav:calendar': $setcalendar = true; break;
124  case 'urn:ietf:params:xml:ns:carddav:addressbook': $setaddressbook = true; break;
125  case 'DAV::collection': $setcollection = true; break;
126  default:
127  $setother = true;
128  }
129  }
130  if ( $dav_resource->IsCollection() && $setcollection && ! $dav_resource->IsPrincipal() && ! $dav_resource->IsBinding()
131  && !($setcalendar && $setaddressbook) && !$setother ) {
132  $resourcetypes = '<collection xmlns="DAV:"/>';
133  if ( $setcalendar ) $resourcetypes .= '<calendar xmlns="urn:ietf:params:xml:ns:caldav"/>';
134  else if ( $setaddressbook ) $resourcetypes .= '<addressbook xmlns="urn:ietf:params:xml:ns:carddav"/>';
135  $qry->QDo('UPDATE collection SET is_calendar = :is_calendar::boolean, is_addressbook = :is_addressbook::boolean,
136  resourcetypes = :resourcetypes WHERE dav_name = :dav_name',
137  array( ':dav_name' => $dav_resource->dav_name(), ':resourcetypes' => $resourcetypes,
138  ':is_calendar' => $setcalendar, ':is_addressbook' => $setaddressbook ) );
139  $success[$tag] = 1;
140  }
141  else if ( $setcalendar && $setaddressbook ) {
142  add_failure('set', $tag, 'HTTP/1.1 409 Conflict',
143  translate("A collection may not be both a calendar and an addressbook."));
144  }
145  else if ( $setother ) {
146  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
147  translate("Unsupported resourcetype modification."), 'cannot-modify-protected-property');
148  }
149  else {
150  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
151  translate("Resources may not be changed to / from collections."), 'cannot-modify-protected-property');
152  }
153  break;
154 
155  case 'DAV::group-member-set':
156  if ( $dav_resource->IsProxyCollection() ) {
157  $privileges_read = privilege_to_bits( array('read', 'read-free-busy', 'schedule-deliver') );
158  $privileges_write = privilege_to_bits( array('write', 'schedule-send') );
159  $type = 'read';
160  if ( $dav_resource->IsProxyCollection('write') ) {
161  $type = 'write';
162  }
163 
164  $by_principal = $dav_resource->getProperty('principal_id');
165  $sqlparams = array( ':by_principal' => $by_principal );
166 
167  $existing_grants = array();
168  $qry->QDo('SELECT to_principal, privileges FROM grants WHERE by_principal = :by_principal', $sqlparams);
169  while ( $row = $qry->Fetch() ) {
170  $existing_grants[$row->to_principal] = bindec($row->privileges);
171  }
172 
173  $group_members = $setting->GetElements('DAV::href');
174  foreach( $group_members AS $member ) {
175  $to_principal = new Principal('path', DeconstructURL( $member->GetContent() ));
176  if ( !$to_principal->Exists() ) {
177  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
178  translate('Principal not found') . ': ' . $member->GetContent(), 'recognized-principal');
179  break;
180  }
181  $sqlparams[':to_principal'] = $to_principal->principal_id();
182 
183  if ( array_key_exists($to_principal->principal_id(), $existing_grants) ) {
184  $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24) WHERE to_principal=:to_principal AND by_principal=:by_principal';
185  $existing_privileges = $existing_grants[$to_principal->principal_id()];
186  unset( $existing_grants[$to_principal->principal_id()] );
187  } else {
188  $sql = 'INSERT INTO grants (by_principal, to_principal, privileges) VALUES(:by_principal, :to_principal, :privileges::INT::BIT(24))';
189  $existing_privileges = 0;
190  }
191 
192  $privileges = $existing_privileges | $privileges_read; // always add read privileges here
193  if ( $type == 'write' ) {
194  $privileges |= $privileges_write; // add write privileges as well
195  } else {
196  $privileges &= $privileges_write ^ DAVICAL_MAXPRIV; // substract write privileges
197  }
198  if ( $privileges == $existing_privileges ) continue; // unchanged
199  $sqlparams[':privileges'] = $privileges;
200 
201  $qry->QDo($sql, $sqlparams);
202  dbg_error_log("PROPPATCH", "group-member-set: %s (%s) is granted %s access to %s", $to_principal->username(), $to_principal->principal_id(), $type, $dav_resource->getProperty('username'));
203 
204  Principal::cacheDelete('dav_name',$to_principal->dav_name());
205  Principal::cacheFlush('principal_id IN (SELECT member_id FROM group_member WHERE group_id = ?)', array($to_principal->principal_id()));
206  }
207 
208  // if there are any remaining grants of our $type, we need to delete them
209  // ("set" means "replace any existing property", WEBDAV RFC2518 12.13.2)
210  foreach ( $existing_grants AS $id => $existing_privs ) {
211  $have_write = $existing_privs & $privileges_write;
212  if ( $type == 'read' && $have_write ) continue;
213  if ( $type == 'write' && ! $have_write ) continue;
214 
215  $negative_readwrite = ( $privileges_read | $privileges_write ) ^ DAVICAL_MAXPRIV;
216  $remaining_privs = $existing_privs & $negative_readwrite;
217 
218  if ( $remaining_privs > 0 ) {
219  $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24)';
220  $sqlparams[':privileges'] = $remaining_privs;
221  } else {
222  $sql = 'DELETE FROM grants';
223  }
224  $sqlparams[':to_principal'] = $id;
225  $qry->QDo($sql.' WHERE to_principal=:to_principal AND by_principal=:by_principal', $sqlparams);
226  dbg_error_log("PROPPATCH", "group-member-set: %s is no longer granted %s access to %s", $id, $type, $dav_resource->getProperty('username'));
227  Principal::cacheFlush('principal_id = :to_principal', $sqlparams);
228  }
229  }
230  else {
231  /* @todo PROPPATCH set group-member-set for regular group principal */
232  dbg_error_log("ERROR", "PROPPATCH: set group-member-set for non-proxy collection: don't know what to do!");
233  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden',
234  'group-member-set ' . translate('unimplemented'), 'cannot-modify-protected-property');
235  break;
236  }
237  $success[$tag] = 1;
238  break;
239 
240  case 'urn:ietf:params:xml:ns:caldav:schedule-calendar-transp':
241  if ( $dav_resource->IsCollection() && ( $dav_resource->IsCalendar() || $setcalendar ) && !$dav_resource->IsBinding() ) {
242  $transparency = $setting->GetPath('urn:ietf:params:xml:ns:caldav:schedule-calendar-transp/*');
243  $transparency = preg_replace( '{^.*:}', '', $transparency[0]->GetNSTag());
244  $qry->QDo('UPDATE collection SET schedule_transp = :transparency WHERE dav_name = :dav_name',
245  array( ':dav_name' => $dav_resource->dav_name(), ':transparency' => $transparency ) );
246  $success[$tag] = 1;
247  }
248  else {
249  add_failure('set', $tag, 'HTTP/1.1 409 Conflict',
250  translate("The CalDAV:schedule-calendar-transp property may only be set on calendars."));
251  }
252  break;
253 
254  case 'urn:ietf:params:xml:ns:caldav:calendar-free-busy-set':
255  add_failure('set', $tag, 'HTTP/1.1 409 Conflict',
256  translate("The calendar-free-busy-set is superseded by the schedule-calendar-transp property of a calendar collection.") );
257  break;
258 
259  case 'urn:ietf:params:xml:ns:caldav:calendar-timezone':
260  if ( $dav_resource->IsCollection() && $dav_resource->IsCalendar() && ! $dav_resource->IsBinding() ) {
261  $tzcomponent = $setting->GetPath('urn:ietf:params:xml:ns:caldav:calendar-timezone');
262  $tzstring = $tzcomponent[0]->GetContent();
263  $calendar = new vCalendar( $tzstring );
264  $timezones = $calendar->GetComponents('VTIMEZONE');
265  if ( count($timezones) == 0 ) break;
266  $tz = $timezones[0]; // Backward compatibility
267  $tzid = $tz->GetPValue('TZID');
268  $params = array( ':tzid' => $tzid );
269  $qry = new AwlQuery('SELECT 1 FROM timezones WHERE tzid = :tzid', $params );
270  if ( $qry->Exec('PUT',__LINE__,__FILE__) && $qry->rows() == 0 ) {
271  $params[':olson_name'] = $calendar->GetOlsonName($tz);
272  $params[':vtimezone'] = (isset($tz) ? $tz->Render() : null );
273  $qry->QDo('INSERT INTO timezones (tzid, olson_name, active, vtimezone) VALUES(:tzid,:olson_name,false,:vtimezone)', $params );
274  }
275 
276  $qry->QDo('UPDATE collection SET timezone = :tzid WHERE dav_name = :dav_name',
277  array( ':tzid' => $tzid, ':dav_name' => $dav_resource->dav_name()) );
278  }
279  else {
280  add_failure('set', $tag, 'HTTP/1.1 409 Conflict', translate("calendar-timezone property is only valid for a calendar."));
281  }
282  break;
283 
287  case 'http://calendarserver.org/ns/:getctag':
288  case 'DAV::owner':
289  case 'DAV::principal-collection-set':
290  case 'urn:ietf:params:xml:ns:caldav:calendar-user-address-set':
291  case 'urn:ietf:params:xml:ns:caldav:schedule-inbox-URL':
292  case 'urn:ietf:params:xml:ns:caldav:schedule-outbox-URL':
293  case 'DAV::getetag':
294  case 'DAV::getcontentlength':
295  case 'DAV::getcontenttype':
296  case 'DAV::getlastmodified':
297  case 'DAV::creationdate':
298  case 'DAV::lockdiscovery':
299  case 'DAV::supportedlock':
300  case 'DAV::group-membership':
301  case 'http://calendarserver.org/ns/:calendar-proxy-read-for':
302  case 'http://calendarserver.org/ns/:calendar-proxy-write-for':
303  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden', translate("Property is read-only"), 'cannot-modify-protected-property');
304  break;
305 
309  default:
310  $qry->QDo('SELECT set_dav_property( :dav_name, :user_no::integer, :tag::text, :value::text)',
311  array( ':dav_name' => $dav_resource->dav_name(), ':user_no' => $request->user_no, ':tag' => $tag, ':value' => $content) );
312  $result = $qry->Fetch();
313  if ( $result->set_dav_property ) {
314  $success[$tag] = 1;
315  } else {
316  dbg_error_log("ERROR", "failed to set_dav_property %s on %s to '%s'", $tag, $dav_resource->dav_name(), $content);
317  add_failure('set', $tag, 'HTTP/1.1 403 Forbidden');
318  }
319  break;
320  }
321 }
322 
323 foreach( $rmprops AS $k => $setting ) {
324  $tag = $setting->GetNSTag();
325  $content = $setting->RenderContent();
326 
327  switch( $tag ) {
328 
329  case 'DAV::resourcetype':
330  add_failure('rm', $tag, 'HTTP/1.1 403 Forbidden',
331  translate("DAV::resourcetype may only be set to a new value, it may not be removed."), 'cannot-modify-protected-property');
332  break;
333 
334  case 'DAV::group-member-set':
335  if ( $dav_resource->IsProxyCollection() ) {
336  $type = 'read';
337  $privileges = privilege_to_bits( array('read', 'read-free-busy', 'schedule-deliver') );
338  if ( $dav_resource->IsProxyCollection('write') ) {
339  $type = 'write';
340  $privileges |= privilege_to_bits( array('write', 'schedule-send') );
341  }
342 
343  $by_principal = $dav_resource->getProperty('principal_id');
344  $sqlparams = array( ':by_principal' => $by_principal );
345 
346  // look up existing grants of our type
347  $existing_grants = array();
348  $qry->QDo('SELECT privileges, to_principal FROM grants WHERE by_principal = :by_principal', $sqlparams);
349  while( $row = $qry->Fetch() ) {
350  $existing_privileges = bindec($row->privileges);
351  if ( ($existing_privileges & $privileges) == $privileges ) {
352  $existing_grants[$row->to_principal] = $existing_privileges;
353  }
354  }
355 
356  // examine the members to be removed
357  $group_members = $setting->GetElements('DAV::href');
358  foreach( $group_members AS $member ) {
359  $to_principal = new Principal('path', DeconstructURL( $member->GetContent() ));
360  // "Specifying the removal of a property that does not exist is not an error."
361  if ( !$to_principal->Exists() ) continue;
362  if ( !array_key_exists($to_principal->principal_id(), $existing_grants) ) continue;
363 
364  $remaining_privileges = $existing_grants[$to_principal->principal_id()] & ($privileges ^ DAVICAL_MAXPRIV);
365  if ($remaining_privileges > 0) {
366  $sql = 'UPDATE grants SET privileges=:privileges::INT::BIT(24) ';
367  $sqlparams[':privileges'] = $remaining_privileges;
368  } else {
369  $sql = 'DELETE FROM grants ';
370  }
371 
372  $sqlparams[':to_principal'] = $to_principal->principal_id();
373  $qry->QDo($sql.'WHERE by_principal = :by_principal AND to_principal = :to_principal', $sqlparams);
374 
375  dbg_error_log("PROPPATCH", "group-member-set: %s is no longer granted %s access to %s", $to_principal->username(), $type, $by_principal);
376  Principal::cacheFlush('principal_id = :to_principal', $sqlparams);
377  }
378  }
379  else {
380  /* @todo PROPPATCH remove group-member-set for regular group principal */
381  dbg_error_log("ERROR", "PROPPATCH: remove group-member-set for non-proxy collection: don't know what to do!");
382  add_failure('rm', $tag, 'HTTP/1.1 403 Forbidden',
383  'group-member-set ' . translate('unimplemented'), 'cannot-modify-protected-property');
384  break;
385  }
386  $success[$tag] = 1;
387  break;
388 
389  case 'urn:ietf:params:xml:ns:caldav:calendar-timezone':
390  if ( $dav_resource->IsCollection() && $dav_resource->IsCalendar() && ! $dav_resource->IsBinding() ) {
391  $qry->QDo('UPDATE collection SET timezone = NULL WHERE dav_name = :dav_name', array( ':dav_name' => $dav_resource->dav_name()) );
392  }
393  else {
394  add_failure('rm', $tag, 'HTTP/1.1 403 Forbidden',
395  translate("calendar-timezone property is only valid for a calendar."), 'cannot-modify-protected-property');
396  }
397  break;
398 
402  case 'http://calendarserver.org/ns/:getctag':
403  case 'DAV::owner':
404  case 'DAV::principal-collection-set':
405  case 'urn:ietf:params:xml:ns:caldav:CALENDAR-USER-ADDRESS-SET':
406  case 'urn:ietf:params:xml:ns:caldav:schedule-inbox-URL':
407  case 'urn:ietf:params:xml:ns:caldav:schedule-outbox-URL':
408  case 'DAV::getetag':
409  case 'DAV::getcontentlength':
410  case 'DAV::getcontenttype':
411  case 'DAV::getlastmodified':
412  case 'DAV::creationdate':
413  case 'DAV::displayname':
414  case 'DAV::lockdiscovery':
415  case 'DAV::supportedlock':
416  case 'DAV::group-membership':
417  case 'http://calendarserver.org/ns/:calendar-proxy-read-for':
418  case 'http://calendarserver.org/ns/:calendar-proxy-write-for':
419  add_failure('rm', $tag, 'HTTP/1.1 409 Conflict', translate("Property is read-only"));
420  dbg_error_log( 'PROPPATCH', ' RMProperty %s is read only and cannot be removed', $tag);
421  break;
422 
426  default:
427  $qry->QDo('DELETE FROM property WHERE dav_name=:dav_name AND property_name=:property_name',
428  array( ':dav_name' => $dav_resource->dav_name(), ':property_name' => $tag) );
429  $success[$tag] = 1;
430  break;
431  }
432 }
433 
434 
438 if ( count($failure) > 0 ) {
439 
440  $qry->Rollback();
441 
442  $url = ConstructURL($request->path);
443  $multistatus = new XMLElement('multistatus');
444  array_unshift($failure,new XMLElement('responsedescription', translate("Some properties were not able to be changed.") ));
445  array_unshift($failure,new XMLElement('href', $url));
446  $response = $reply->DAVElement($multistatus,'response', $failure);
447 
448  if ( !empty($success) ) {
449  $prop = new XMLElement('prop');
450  foreach( $success AS $tag => $v ) {
451  $reply->NSElement($prop, $tag);
452  }
453  $reply->DAVElement($response, 'propstat', array( $prop, new XMLElement( 'status', 'HTTP/1.1 424 Failed Dependency' )) );
454  }
455  $request->DoResponse( 207, $reply->Render($multistatus), 'text/xml; charset="utf-8"' );
456 
457 }
458 
462 if ( $qry->Commit() ) {
463 
464  $cache = getCacheInstance();
465  $cache_ns = null;
466  if ( $dav_resource->IsPrincipal() ) {
467  $cache_ns = 'principal-'.$dav_resource->dav_name();
468  }
469  else if ( $dav_resource->IsCollection() ) {
470  // Uncache anything to do with the collection
471  $cache_ns = 'collection-'.$dav_resource->dav_name();
472  }
473 
474  if ( isset($cache_ns) ) $cache->delete( $cache_ns, null );
475 
476  if ( $request->PreferMinimal() ) {
477  $request->DoResponse(200); // Does not return.
478  }
479 
480  $url = ConstructURL($request->path);
481  $multistatus = new XMLElement('multistatus');
482  $response = $multistatus->NewElement('response');
483  $reply->DAVElement($response,'href', $url);
484  $reply->DAVElement($response,'responsedescription', translate("All requested changes were made.") );
485 
486  $prop = new XMLElement('prop');
487  foreach( $success AS $tag => $v ) {
488  $reply->NSElement($prop, $tag);
489  }
490  $reply->DAVElement($response, 'propstat', array( $prop, new XMLElement( 'status', 'HTTP/1.1 200 OK' )) );
491 
492  $url = ConstructURL($request->path);
493  array_unshift( $failure, new XMLElement('href', $url ) );
494 
495  $request->DoResponse( 207, $reply->Render($multistatus), 'text/xml; charset="utf-8"' );
496 }
497 
501 $request->DoResponse( 500 );
502 exit(0); // unneccessary
503