1 | <?php |
---|
2 | /** |
---|
3 | * CalDAV Server - handle BIND method |
---|
4 | * |
---|
5 | * @package davical |
---|
6 | * @subpackage caldav |
---|
7 | * @author Andrew McMillan <andrew@mcmillan.net.nz> |
---|
8 | * @copyright Morphoss Ltd - http://www.morphoss.com/ |
---|
9 | * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later |
---|
10 | */ |
---|
11 | dbg_error_log('BIND', 'method handler'); |
---|
12 | require_once('AwlQuery.php'); |
---|
13 | |
---|
14 | $request->NeedPrivilege('DAV::bind'); |
---|
15 | |
---|
16 | if ( ! $request->IsCollection() ) { |
---|
17 | $request->PreconditionFailed(403,'DAV::bind-into-collection',translate('The BIND Request-URI MUST identify a collection.')); |
---|
18 | } |
---|
19 | $parent_container = $request->path; |
---|
20 | if ( preg_match( '{[^/]$}', $parent_container ) ) $parent_container .= '/'; |
---|
21 | |
---|
22 | require_once('DAVResource.php'); |
---|
23 | $parent = new DAVResource( $parent_container ); |
---|
24 | if ( ! $parent->Exists() || $parent->IsSchedulingCollection() ) { |
---|
25 | $request->PreconditionFailed(403, 'DAV::method-not-allowed',translate('The BIND method is not allowed at that location.') ); |
---|
26 | } |
---|
27 | |
---|
28 | require_once('XMLDocument.php'); |
---|
29 | $reply = new XMLDocument(array( 'DAV:' => '' )); |
---|
30 | |
---|
31 | $position = 0; |
---|
32 | $xmltree = BuildXMLTree( $request->xml_tags, $position); |
---|
33 | |
---|
34 | $segment = $xmltree->GetElements('DAV::segment'); |
---|
35 | $segment = $segment[0]->GetContent(); |
---|
36 | |
---|
37 | if ( preg_match( '{[/\\\\]}', $segment ) ) { |
---|
38 | $request->PreconditionFailed(403, 'DAV::name-allowed',translate('That destination name contains invalid characters.') ); |
---|
39 | } |
---|
40 | |
---|
41 | $href = $xmltree->GetElements('DAV::href'); |
---|
42 | $href = $href[0]->GetContent(); |
---|
43 | |
---|
44 | $destination_path = $parent_container . $segment .'/'; |
---|
45 | $destination = new DAVResource( $destination_path ); |
---|
46 | if ( $destination->Exists() ) { |
---|
47 | $request->PreconditionFailed(403,'DAV::can-overwrite',translate('A resource already exists at the destination.')); |
---|
48 | } |
---|
49 | |
---|
50 | $source = new DAVResource( $href ); |
---|
51 | if ( !$source->Exists() ) { |
---|
52 | $request->PreconditionFailed(403,'DAV::bind-source-exists',translate('The BIND Request MUST identify an existing resource.')); |
---|
53 | } |
---|
54 | |
---|
55 | if ( $source->IsPrincipal() || !$source->IsCollection() ) { |
---|
56 | $request->PreconditionFailed(403,'DAV::binding-allowed',translate('DAViCal only allows BIND requests for collections at present.')); |
---|
57 | } |
---|
58 | |
---|
59 | /* |
---|
60 | bind_id INT8 DEFAULT nextval('dav_id_seq') PRIMARY KEY, |
---|
61 | bound_source_id INT8 REFERENCES collection(collection_id) ON UPDATE CASCADE ON DELETE CASCADE, |
---|
62 | access_ticket_id TEXT REFERENCES access_ticket(ticket_id) ON UPDATE CASCADE ON DELETE SET NULL, |
---|
63 | parent_container TEXT NOT NULL, |
---|
64 | dav_name TEXT UNIQUE NOT NULL, |
---|
65 | dav_displayname TEXT |
---|
66 | */ |
---|
67 | |
---|
68 | $sql = 'INSERT INTO dav_binding ( bound_source_id, access_ticket_id, dav_owner_id, parent_container, dav_name, dav_displayname ) |
---|
69 | VALUES( :target_id, :ticket_id, :session_principal, :parent_container, :dav_name, :displayname )'; |
---|
70 | $params = array( |
---|
71 | ':target_id' => $source->GetProperty('collection_id'), |
---|
72 | ':ticket_id' => (isset($request->ticket) ? $request->ticket->id() : null), |
---|
73 | ':parent_container' => $parent->dav_name(), |
---|
74 | ':session_principal' => $session->principal_id, |
---|
75 | ':dav_name' => $destination_path, |
---|
76 | ':displayname' => $source->GetProperty('displayname') |
---|
77 | ); |
---|
78 | $qry = new AwlQuery( $sql, $params ); |
---|
79 | if ( $qry->Exec('BIND',__LINE__,__FILE__) ) { |
---|
80 | header('Location: '. ConstructURL($destination_path) ); |
---|
81 | $request->DoResponse(201); |
---|
82 | } |
---|
83 | else { |
---|
84 | $request->DoResponse(500,translate('Database Error')); |
---|
85 | } |
---|