[3733] | 1 | <?php |
---|
| 2 | /** |
---|
| 3 | * CalDAV Server - handle BIND method |
---|
| 4 | * |
---|
| 5 | * @package davical |
---|
| 6 | * @subpackage caldav |
---|
| 7 | * @author Andrew McMillan <andrew@mcmillan.net.nz> |
---|
| 8 | * @copyright Morphoss Ltd - http://www.morphoss.com/ |
---|
| 9 | * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later |
---|
| 10 | */ |
---|
| 11 | dbg_error_log('BIND', 'method handler'); |
---|
| 12 | require_once('AwlQuery.php'); |
---|
| 13 | |
---|
| 14 | $request->NeedPrivilege('DAV::bind'); |
---|
| 15 | |
---|
| 16 | if ( ! $request->IsCollection() ) { |
---|
| 17 | $request->PreconditionFailed(403,'DAV::bind-into-collection',translate('The BIND Request-URI MUST identify a collection.')); |
---|
| 18 | } |
---|
| 19 | $parent_container = $request->path; |
---|
| 20 | if ( preg_match( '{[^/]$}', $parent_container ) ) $parent_container .= '/'; |
---|
| 21 | |
---|
| 22 | require_once('DAVResource.php'); |
---|
| 23 | $parent = new DAVResource( $parent_container ); |
---|
| 24 | if ( ! $parent->Exists() || $parent->IsSchedulingCollection() ) { |
---|
| 25 | $request->PreconditionFailed(403, 'DAV::method-not-allowed',translate('The BIND method is not allowed at that location.') ); |
---|
| 26 | } |
---|
| 27 | |
---|
| 28 | require_once('XMLDocument.php'); |
---|
| 29 | $reply = new XMLDocument(array( 'DAV:' => '' )); |
---|
| 30 | |
---|
| 31 | $position = 0; |
---|
| 32 | $xmltree = BuildXMLTree( $request->xml_tags, $position); |
---|
| 33 | |
---|
| 34 | $segment = $xmltree->GetElements('DAV::segment'); |
---|
| 35 | $segment = $segment[0]->GetContent(); |
---|
| 36 | |
---|
| 37 | if ( preg_match( '{[/\\\\]}', $segment ) ) { |
---|
| 38 | $request->PreconditionFailed(403, 'DAV::name-allowed',translate('That destination name contains invalid characters.') ); |
---|
| 39 | } |
---|
| 40 | |
---|
| 41 | $href = $xmltree->GetElements('DAV::href'); |
---|
| 42 | $href = $href[0]->GetContent(); |
---|
| 43 | |
---|
| 44 | $destination_path = $parent_container . $segment .'/'; |
---|
| 45 | $destination = new DAVResource( $destination_path ); |
---|
| 46 | if ( $destination->Exists() ) { |
---|
| 47 | $request->PreconditionFailed(403,'DAV::can-overwrite',translate('A resource already exists at the destination.')); |
---|
| 48 | } |
---|
| 49 | |
---|
| 50 | $source = new DAVResource( $href ); |
---|
| 51 | if ( !$source->Exists() ) { |
---|
| 52 | $request->PreconditionFailed(403,'DAV::bind-source-exists',translate('The BIND Request MUST identify an existing resource.')); |
---|
| 53 | } |
---|
| 54 | |
---|
| 55 | if ( $source->IsPrincipal() || !$source->IsCollection() ) { |
---|
| 56 | $request->PreconditionFailed(403,'DAV::binding-allowed',translate('DAViCal only allows BIND requests for collections at present.')); |
---|
| 57 | } |
---|
| 58 | |
---|
| 59 | /* |
---|
| 60 | bind_id INT8 DEFAULT nextval('dav_id_seq') PRIMARY KEY, |
---|
| 61 | bound_source_id INT8 REFERENCES collection(collection_id) ON UPDATE CASCADE ON DELETE CASCADE, |
---|
| 62 | access_ticket_id TEXT REFERENCES access_ticket(ticket_id) ON UPDATE CASCADE ON DELETE SET NULL, |
---|
| 63 | parent_container TEXT NOT NULL, |
---|
| 64 | dav_name TEXT UNIQUE NOT NULL, |
---|
| 65 | dav_displayname TEXT |
---|
| 66 | */ |
---|
| 67 | |
---|
| 68 | $sql = 'INSERT INTO dav_binding ( bound_source_id, access_ticket_id, dav_owner_id, parent_container, dav_name, dav_displayname ) |
---|
| 69 | VALUES( :target_id, :ticket_id, :session_principal, :parent_container, :dav_name, :displayname )'; |
---|
| 70 | $params = array( |
---|
| 71 | ':target_id' => $source->GetProperty('collection_id'), |
---|
| 72 | ':ticket_id' => (isset($request->ticket) ? $request->ticket->id() : null), |
---|
| 73 | ':parent_container' => $parent->dav_name(), |
---|
| 74 | ':session_principal' => $session->principal_id, |
---|
| 75 | ':dav_name' => $destination_path, |
---|
| 76 | ':displayname' => $source->GetProperty('displayname') |
---|
| 77 | ); |
---|
| 78 | $qry = new AwlQuery( $sql, $params ); |
---|
| 79 | if ( $qry->Exec('BIND',__LINE__,__FILE__) ) { |
---|
| 80 | header('Location: '. ConstructURL($destination_path) ); |
---|
| 81 | $request->DoResponse(201); |
---|
| 82 | } |
---|
| 83 | else { |
---|
| 84 | $request->DoResponse(500,translate('Database Error')); |
---|
| 85 | } |
---|