PageRenderTime 46ms CodeModel.GetById 18ms RepoModel.GetById 0ms app.codeStats 0ms

/inc/caldav-MKCOL.php

https://gitlab.com/tiggerben/davical
PHP | 265 lines | 165 code | 31 blank | 69 comment | 31 complexity | 6754d96412aae6447568b53848480b85 MD5 | raw file
    

  1. <?php
    2. 

  2. /**
    3. 

  3. * CalDAV Server - handle MKCOL and MKCALENDAR method
    4. 

  4. *
    5. 

  5. * @package   davical
    6. 

  6. * @subpackage   caldav
    7. 

  7. * @author    Andrew McMillan <andrew@mcmillan.net.nz>
    8. 

  8. * @copyright Catalyst IT Ltd, Morphoss Ltd - http://www.morphoss.com/
    9. 

  9. * @license   http://gnu.org/copyleft/gpl.html GNU GPL v2
    10. 

  10. */
    11. 

  11. dbg_error_log('MKCOL', 'method handler');
    12. 

  12. require_once('AwlQuery.php');
    13. 

  13. 

  14. $request->NeedPrivilege('DAV::bind');
    15. 

  15. $displayname = $request->path;
    16. 

  16. 

  17. // Enforce trailling '/' on collection name
    18. 

  18. if ( ! preg_match( '#/$#', $request->path ) ) {
    19. 

  19.   dbg_error_log( 'MKCOL', 'Add trailling "/" to "%s"', $request->path);
    20. 

  20.   $request->path .= '/';
    21. 

  21. }
    22. 

  22. 

  23. $parent_container = '/';
    24. 

  24. if ( preg_match( '#^(.*/)([^/]+)(/)?$#', $request->path, $matches ) ) {
    25. 

  25.   $parent_container = $matches[1];
    26. 

  26.   $displayname = $matches[2];
    27. 

  27. }
    28. 

  28. 

  29. require_once('DAVResource.php');
    30. 

  30. $parent = new DAVResource( $parent_container );
    31. 

  31. if ( $parent->IsSchedulingCollection( 'inbox' ) ) {
    32. 

  32.   $request->PreconditionFailed(403, 'urn:ietf:params:xml:ns:caldav:no-mkcol-in-inbox' );
    33. 

  33. }
    34. 

  34. 

  35. 

  36. $request_type = $request->method;
    37. 

  37. $is_calendar = ($request_type == 'MKCALENDAR');
    38. 

  38. $is_addressbook = false;
    39. 

  39. 

  40. $resourcetypes = '<DAV::collection/>';
    41. 

  41. if ($is_calendar) $resourcetypes .= '<urn:ietf:params:xml:ns:caldav:calendar/>';
    42. 

  42. 

  43. require_once('XMLDocument.php');
    44. 

  44. $reply = new XMLDocument(array( 'DAV:' => '', 'urn:ietf:params:xml:ns:caldav' => 'C' ));
    45. 

  45. 

  46. $failure_code = null;
    47. 

  47. 

  48. $failure = array();
    49. 

  49. $dav_properties = array();
    50. 

  50. 

  51. if ( isset($request->xml_tags) ) {
    52. 

  52.   /**
    53. 

  53.   * The MKCOL request may contain XML to set some DAV properties
    54. 

  54.   */
    55. 

  55.   $position = 0;
    56. 

  56.   $xmltree = BuildXMLTree( $request->xml_tags, $position);
    57. 

  57.   if ( $xmltree->GetNSTag() == 'DAV::mkcol' ) $request_type = 'extended-mkcol';
    58. 

  58. 

  59.   if ( $xmltree->GetNSTag() != 'urn:ietf:params:xml:ns:caldav:mkcalendar' && $request_type != 'extended-mkcol' ) {
    60. 

  60.     $request->DoResponse( 406, sprintf('The XML is not a "DAV::mkcol" or "urn:ietf:params:xml:ns:caldav:mkcalendar" document (%s)', $xmltree->GetNSTag()) );
    61. 

  61.   }
    62. 

  62.   $setprops = $xmltree->GetContent();   // <set>
    63. 

  63.   $setprops = $setprops[0]->GetContent();  // <prop>
    64. 

  64.   $setprops = $setprops[0]->GetContent();  // the array of properties.
    65. 

  65. 

  66.   foreach( $setprops AS $k => $setting ) {
    67. 

  67.     $tag = $setting->GetNSTag();
    68. 

  68.     $content = $setting->RenderContent(0,null,true);
    69. 

  69.     
    70. 

  70.     dbg_error_log( 'MKCOL', 'Processing tag "%s"', $tag);
    71. 

  71. 

  72.     switch( $tag ) {
    73. 

  73. 

  74.       case 'DAV::resourcetype':
    75. 

  75.         /** Any value for resourcetype other than 'calendar' is ignored */
    76. 

  76.         dbg_error_log( 'MKCOL', 'Extended MKCOL with resourcetype specified. "%s"', $content);
    77. 

  77.         $is_addressbook = count($setting->GetPath('DAV::resourcetype/urn:ietf:params:xml:ns:carddav:addressbook'));
    78. 

  78.         $is_calendar    = count($setting->GetPath('DAV::resourcetype/urn:ietf:params:xml:ns:caldav:calendar'));
    79. 

  79.         if ( $is_addressbook && $is_calendar ) {
    80. 

  80.           $failure['set-'.$tag] = new XMLElement( 'propstat', array(
    81. 

  81.               new XMLElement( 'prop', new XMLElement($reply->Tag($tag))),
    82. 

  82.               new XMLElement( 'status', 'HTTP/1.1 409 Conflict' ),
    83. 

  83.               new XMLElement('responsedescription', translate('Collections may not be both CalDAV calendars and CardDAV addressbooks at the same time') )
    84. 

  84.           ));
    85. 

  85.         }
    86. 

  86.         else {
    87. 

  87.           $resourcetypes = $setting->GetPath('DAV::resourcetype/*');
    88. 

  88.           $types = '';
    89. 

  89.           foreach( $resourcetypes AS $k => $v ) {
    90. 

  90.             $types .= '<'.$v->GetNSTag().'/>';
    91. 

  91.           }
    92. 

  92.           $resourcetypes = $types;
    93. 

  93.           $success[$tag] = 1;
    94. 

  94.         }
    95. 

  95.         break;
    96. 

  96. 

  97.       case 'DAV::displayname':
    98. 

  98.         $displayname = $content;
    99. 

  99.         /**
    100. 

  100.         * @todo This is definitely a bug in SOHO Organizer and we probably should respond
    101. 

  101.         * with an error, rather than silently doing what they *seem* to want us to do.
    102. 

  102.         */
    103. 

  103.         if ( preg_match( '/^SOHO.Organizer.6\./', $_SERVER['HTTP_USER_AGENT'] ) ) {
    104. 

  104.           dbg_error_log( 'MKCOL', 'Displayname is "/" to "%s"', $request->path);
    105. 

  105.           $parent_container = $request->path;
    106. 

  106.           $request->path .= $content . '/';
    107. 

  107.         }
    108. 

  108.         $success[$tag] = 1;
    109. 

  109.         break;
    110. 

  110. 

  111.       case 'urn:ietf:params:xml:ns:caldav:supported-calendar-component-set':
    112. 

  112.         /** We allow this to be written as a dead property */
    113. 

  113.         $dav_properties[$tag] = $content;
    114. 

  114.         $success[$tag] = 1;
    115. 

  115.         break;
    116. 

  116. 

  117.       case 'urn:ietf:params:xml:ns:caldav:supported-calendar-data':  /** Ignored, since we will support iCalendar 2.0 */
    118. 

  118.       case 'urn:ietf:params:xml:ns:caldav:calendar-data':  /** Ignored, since we will support iCalendar 2.0 */
    119. 

  119.       case 'urn:ietf:params:xml:ns:caldav:max-resource-size':  /** Ignored, since we will support arbitrary size */
    120. 

  120.       case 'urn:ietf:params:xml:ns:caldav:min-date-time':  /** Ignored, since we will support arbitrary time */
    121. 

  121.       case 'urn:ietf:params:xml:ns:caldav:max-date-time':  /** Ignored, since we will support arbitrary time */
    122. 

  122.       case 'urn:ietf:params:xml:ns:caldav:max-instances':  /** Ignored, since we will support arbitrary instances */
    123. 

  123.         $success[$tag] = 1;
    124. 

  124.         break;
    125. 

  125. 

  126.       /**
    127. 

  127.       * The following properties are read-only, so they will cause the request to fail
    128. 

  128.       */
    129. 

  129.       case 'DAV::getetag':
    130. 

  130.       case 'DAV::getcontentlength':
    131. 

  131.       case 'DAV::getcontenttype':
    132. 

  132.       case 'DAV::getlastmodified':
    133. 

  133.       case 'DAV::creationdate':
    134. 

  134.       case 'DAV::lockdiscovery':
    135. 

  135.       case 'DAV::supportedlock':
    136. 

  136.         $failure['set-'.$tag] = new XMLElement( 'propstat', array(
    137. 

  137.             new XMLElement( 'prop', new XMLElement($reply->Tag($tag))),
    138. 

  138.             new XMLElement( 'status', 'HTTP/1.1 409 Conflict' ),
    139. 

  139.             new XMLElement('responsedescription', translate('Property is read-only') )
    140. 

  140.         ));
    141. 

  141.         if ( isset($failure_code) && $failure_code != 409 ) $failure_code = 207;
    142. 

  142.         else if ( !isset($failure_code) ) $failure_code = 409;
    143. 

  143.         break;
    144. 

  144. 

  145.       /**
    146. 

  146.       * If we don't have any special processing for the property, we just store it verbatim (which will be an XML fragment).
    147. 

  147.       */
    148. 

  148.       default:
    149. 

  149.         $dav_properties[$tag] = $content;
    150. 

  150.         $success[$tag] = 1;
    151. 

  151.         break;
    152. 

  152.     }
    153. 

  153.   }
    154. 

  154. 

  155.   /**
    156. 

  156.   * If we have encountered any instances of failure, the whole damn thing fails.
    157. 

  157.   */
    158. 

  158.   if ( count($failure) > 0 ) {
    159. 

  159.     $props = array();
    160. 

  160.     $status = array();
    161. 

  161.     foreach( $success AS $tag => $v ) {
    162. 

  162.       // Unfortunately although these succeeded, we failed overall, so they didn't happen...
    163. 

  163.       $props[] = new XMLElement($reply->Tag($tag));
    164. 

  164.     }
    165. 

  165. 

  166.     $status[] = new XMLElement( 'propstat', array(
    167. 

  167.       new XMLElement('prop', $props),
    168. 

  168.       new XMLElement('status', 'HTTP/1.1 424 Failed Dependency' )
    169. 

  169.     ));
    170. 

  170. 

  171.     if ( $request_type == 'extended-mkcol' ) {
    172. 

  172.       $request->DoResponse( $failure_code, $reply->Render('mkcol-response', array_merge( $status, $failure ), 'text/xml; charset="utf-8"' ) );
    173. 

  173.     }
    174. 

  174.     else {
    175. 

  175.       array_unshift( $failure, $reply->href( ConstructURL($request->path) ) );
    176. 

  176.       $failure[] = new XMLElement('responsedescription', translate('Some properties were not able to be set.') );
    177. 

  177. 

  178.       $request->DoResponse( 207, $reply->Render('multistatus', new XMLElement( 'response', $failure )), 'text/xml; charset="utf-8"' );
    179. 

  179.     }
    180. 

  180. 

  181.   }
    182. 

  182. }
    183. 

  183. 

  184. $sql = 'SELECT * FROM collection WHERE dav_name = :dav_name';
    185. 

  185. $qry = new AwlQuery( $sql, array( ':dav_name' => $request->path) );
    186. 

  186. if ( ! $qry->Exec('MKCOL',__LINE__,__FILE__) ) {
    187. 

  187.   $request->DoResponse( 500, translate('Error querying database.') );
    188. 

  188. }
    189. 

  189. if ( $qry->rows() != 0 ) {
    190. 

  190.   $request->DoResponse( 405, translate('A collection already exists at that location.') );
    191. 

  191. }
    192. 

  192. 

  193. $qry = new AwlQuery();
    194. 

  194. $qry->Begin();
    195. 

  195. 

  196. if ( ! $qry->QDo( 'INSERT INTO collection ( user_no, parent_container, dav_name, dav_etag, dav_displayname,
    197. 

  197.                                  is_calendar, is_addressbook, resourcetypes, created, modified )
    198. 

  198.               VALUES( :user_no, :parent_container, :dav_name, :dav_etag, :dav_displayname,
    199. 

  199.                       :is_calendar, :is_addressbook, :resourcetypes, current_timestamp, current_timestamp )',
    200. 

  200.            array(
    201. 

  201.               ':user_no'          => $request->user_no,
    202. 

  202.               ':parent_container' => $parent_container,
    203. 

  203.               ':dav_name'         => $request->path,
    204. 

  204.               ':dav_etag'         => md5($request->user_no. $request->path),
    205. 

  205.               ':dav_displayname'  => $displayname,
    206. 

  206.               ':is_calendar'      => ($is_calendar ? 't' : 'f'),
    207. 

  207.               ':is_addressbook'   => ($is_addressbook ? 't' : 'f'),
    208. 

  208.               ':resourcetypes'    => $resourcetypes
    209. 

  209.            ) ) ) {
    210. 

  210.   $request->DoResponse( 500, translate('Error writing calendar details to database.') );
    211. 

  211. }
    212. 

  212. foreach( $dav_properties AS $k => $v ) {
    213. 

  213.   if ( ! $qry->QDo('SELECT set_dav_property( :dav_name, :user_no::integer, :tag::text, :value::text )',
    214. 

  214.              array( ':dav_name' => $request->path, ':user_no' => $request->user_no, ':tag' => $k, ':value' => $v) ) ) {
    215. 

  215.     $request->DoResponse( 500, translate('Error writing calendar properties to database.') );
    216. 

  216.   }
    217. 

  217. }
    218. 

  218. if ( !$qry->Commit() ) {
    219. 

  219.   $request->DoResponse( 500, translate('Error writing calendar details to database.') );
    220. 

  220. }
    221. 

  221. dbg_error_log( 'MKCOL', 'New calendar "%s" created named "%s" for user "%d" in parent "%s"', $request->path, $displayname, $session->user_no, $parent_container);
    222. 

  222. header('Cache-Control: no-cache'); /** RFC4791 mandates this at 5.3.1 */
    223. 

  223. $request->DoResponse( 201, '' );
    224. 

  224. 

  225. /**
    226. 

  226. * @todo We could also respond to the request...
    227. 

  227. *
    228. 

  228. *   <?xml version="1.0" encoding="utf-8" ?>
    229. 

  229. *   <C:mkcalendar xmlns:D="DAV:" xmlns:C="urn:ietf:params:xml:ns:caldav">
    230. 

  230. *     <D:set>
    231. 

  231. *       <D:prop>
    232. 

  232. *         <D:displayname>Lisa's Events</D:displayname>
    233. 

  233. *         <C:calendar-description xml:lang="en">Calendar restricted to events.</C:calendar-description>
    234. 

  234. *         <C:supported-calendar-component-set>
    235. 

  235. *           <C:comp name="VEVENT"/>
    236. 

  236. *         </C:supported-calendar-component-set>
    237. 

  237. *         <C:calendar-timezone><![CDATA[BEGIN:VCALENDAR
    238. 

  238. *   PRODID:-//Example Corp.//CalDAV Client//EN
    239. 

  239. *   VERSION:2.0
    240. 

  240. *   BEGIN:VTIMEZONE
    241. 

  241. *   TZID:US-Eastern
    242. 

  242. *   LAST-MODIFIED:19870101T000000Z
    243. 

  243. *   BEGIN:STANDARD
    244. 

  244. *   DTSTART:19671029T020000
    245. 

  245. *   RRULE:FREQ=YEARLY;BYDAY=-1SU;BYMONTH=10
    246. 

  246. *   TZOFFSETFROM:-0400
    247. 

  247. *   TZOFFSETTO:-0500
    248. 

  248. *   TZNAME:Eastern Standard Time (US & Canada)
    249. 

  249. *   END:STANDARD
    250. 

  250. *   BEGIN:DAYLIGHT
    251. 

  251. *   DTSTART:19870405T020000
    252. 

  252. *   RRULE:FREQ=YEARLY;BYDAY=1SU;BYMONTH=4
    253. 

  253. *   TZOFFSETFROM:-0500
    254. 

  254. *   TZOFFSETTO:-0400
    255. 

  255. *   TZNAME:Eastern Daylight Time (US & Canada)
    256. 

  256. *   END:DAYLIGHT
    257. 

  257. *   END:VTIMEZONE
    258. 

  258. *   END:VCALENDAR
    259. 

  259. *   ]]></C:calendar-timezone>
    260. 

  260. *       </D:prop>
    261. 

  261. *     </D:set>
    262. 

  262. *   </C:mkcalendar>
    263. 

  263. *
    264. 

  264. */
    265. 

  265. 

  266.