[3733] | 1 | <?php |
---|
| 2 | /** |
---|
| 3 | * CalDAV Server - handle MOVE method |
---|
| 4 | * |
---|
| 5 | * @package davical |
---|
| 6 | * @subpackage caldav |
---|
| 7 | * @author Andrew McMillan <andrew@morphoss.com> |
---|
| 8 | * @copyright Morphoss Ltd |
---|
| 9 | * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 |
---|
| 10 | */ |
---|
| 11 | dbg_error_log("MOVE", "method handler"); |
---|
| 12 | |
---|
| 13 | require_once('DAVResource.php'); |
---|
| 14 | |
---|
| 15 | $request->NeedPrivilege('DAV::unbind'); |
---|
| 16 | |
---|
| 17 | if ( ! ini_get('open_basedir') && (isset($c->dbg['ALL']) || (isset($c->dbg['move']) && $c->dbg['move'])) ) { |
---|
| 18 | $fh = fopen('/tmp/MOVE.txt','w'); |
---|
| 19 | if ( $fh ) { |
---|
| 20 | fwrite($fh,$request->raw_post); |
---|
| 21 | fclose($fh); |
---|
| 22 | } |
---|
| 23 | } |
---|
| 24 | |
---|
| 25 | $lock_opener = $request->FailIfLocked(); |
---|
| 26 | |
---|
| 27 | $dest = new DAVResource($request->destination); |
---|
| 28 | |
---|
| 29 | if ( $dest->dav_name() == '/' || $dest->IsPrincipal() ) { |
---|
| 30 | $dest->NeedPrivilege('DAV::bind'); |
---|
| 31 | } |
---|
| 32 | |
---|
| 33 | if ( ! $dest->ContainerExists() ) { |
---|
| 34 | $request->DoResponse( 409, translate('Destination collection does not exist') ); |
---|
| 35 | } |
---|
| 36 | |
---|
| 37 | if ( ! $request->overwrite && $dest->Exists() ) { |
---|
| 38 | $request->DoResponse( 412, translate('Not overwriting existing destination resource') ); |
---|
| 39 | } |
---|
| 40 | |
---|
| 41 | if ( isset($request->etag_none_match) && $request->etag_none_match != '*' ) { |
---|
| 42 | $request->DoResponse( 412 ); /** request to move, but only if there is no source? WTF! */ |
---|
| 43 | } |
---|
| 44 | |
---|
| 45 | $src = new DAVResource($request->path); |
---|
| 46 | if ( ! $src->Exists() ) { |
---|
| 47 | $request->DoResponse( 412, translate('Source resource does not exist.') ); |
---|
| 48 | } |
---|
| 49 | |
---|
| 50 | if ( $src->IsCollection() ) { |
---|
| 51 | switch( $dest->ContainerType() ) { |
---|
| 52 | case 'calendar': |
---|
| 53 | case 'addressbook': |
---|
| 54 | case 'schedule-inbox': |
---|
| 55 | case 'schedule-outbox': |
---|
| 56 | $request->DoResponse( 412, translate('Special collections may not contain a calendar or other special collection.') ); |
---|
| 57 | }; |
---|
| 58 | } |
---|
| 59 | else { |
---|
| 60 | if ( (isset($request->etag_if_match) && $request->etag_if_match != '' ) |
---|
| 61 | || ( isset($request->etag_none_match) && $request->etag_none_match != '') ) { |
---|
| 62 | |
---|
| 63 | /** |
---|
| 64 | * RFC2068, 14.25: |
---|
| 65 | * If none of the entity tags match, or if "*" is given and no current |
---|
| 66 | * entity exists, the server MUST NOT perform the requested method, and |
---|
| 67 | * MUST return a 412 (Precondition Failed) response. |
---|
| 68 | * |
---|
| 69 | * RFC2068, 14.26: |
---|
| 70 | * If any of the entity tags match the entity tag of the entity that |
---|
| 71 | * would have been returned in the response to a similar GET request |
---|
| 72 | * (without the If-None-Match header) on that resource, or if "*" is |
---|
| 73 | * given and any current entity exists for that resource, then the |
---|
| 74 | * server MUST NOT perform the requested method. |
---|
| 75 | */ |
---|
| 76 | $error = ''; |
---|
| 77 | if ( isset($request->etag_if_match) && $request->etag_if_match != $src->unique_tag() ) { |
---|
| 78 | $error = translate( 'Existing resource does not match "If-Match" header - not accepted.'); |
---|
| 79 | } |
---|
| 80 | else if ( isset($request->etag_none_match) && $request->etag_none_match != '' && $request->etag_none_match == $src->unique_tag() ) { |
---|
| 81 | $error = translate( 'Existing resource matches "If-None-Match" header - not accepted.'); |
---|
| 82 | } |
---|
| 83 | if ( $error != '' ) $request->DoResponse( 412, $error ); |
---|
| 84 | } |
---|
| 85 | } |
---|
| 86 | |
---|
| 87 | $src->NeedPrivilege('DAV::unbind'); |
---|
| 88 | $dest->NeedPrivilege('DAV::write-content'); |
---|
| 89 | if ( ! $dest->Exists() ) $dest->NeedPrivilege('DAV::bind'); |
---|
| 90 | |
---|
| 91 | |
---|
| 92 | function rollback( $response_code = 412 ) { |
---|
| 93 | global $request; |
---|
| 94 | $qry = new AwlQuery('ROLLBACK'); |
---|
| 95 | $qry->Exec('move'); // Just in case |
---|
| 96 | $request->DoResponse( $response_code ); |
---|
| 97 | // And we don't return from that. |
---|
| 98 | } |
---|
| 99 | |
---|
| 100 | |
---|
| 101 | $qry = new AwlQuery('BEGIN'); |
---|
| 102 | if ( !$qry->Exec('move') ) rollback(500); |
---|
| 103 | |
---|
| 104 | $src_name = $src->dav_name(); |
---|
| 105 | $dst_name = $dest->dav_name(); |
---|
| 106 | $src_collection = $src->GetProperty('collection_id'); |
---|
| 107 | $dst_collection = $dest->GetProperty('collection_id'); |
---|
| 108 | $src_user_no = $src->GetProperty('user_no'); |
---|
| 109 | $dst_user_no = $dest->GetProperty('user_no'); |
---|
| 110 | |
---|
| 111 | |
---|
| 112 | if ( $src->IsCollection() ) { |
---|
| 113 | if ( $dest->Exists() ) { |
---|
| 114 | $qry = new AwlQuery( 'DELETE FROM collection WHERE dav_name = :dst_name', array( ':dst_name' => $dst_name ) ); |
---|
| 115 | if ( !$qry->Exec('move') ) rollback(500); |
---|
| 116 | } |
---|
| 117 | /** @TODO: Need to confirm this will work correctly if we move this into another user's hierarchy. */ |
---|
| 118 | $sql = 'UPDATE collection SET dav_name = :dst_name '; |
---|
| 119 | $params = array(':dst_name' => $dst_name); |
---|
| 120 | if ( $src_user_no != $dst_user_no ) { |
---|
| 121 | $sql .= ', user_no = :dst_user_no '; |
---|
| 122 | $params[':dst_user_no'] = $dst_user_no; |
---|
| 123 | } |
---|
| 124 | $sql .= 'WHERE collection_id = :src_collection'; |
---|
| 125 | $params[':src_collection'] = $src_collection; |
---|
| 126 | $qry = new AwlQuery( $sql, $params ); |
---|
| 127 | if ( !$qry->Exec('move') ) rollback(500); |
---|
| 128 | } |
---|
| 129 | else { |
---|
| 130 | if ( $dest->Exists() ) { |
---|
| 131 | $qry = new AwlQuery( 'DELETE FROM caldav_data WHERE dav_name = :dst_name', array( ':dst_name' => $dst_name) ); |
---|
| 132 | if ( !$qry->Exec('move') ) rollback(500); |
---|
| 133 | } |
---|
| 134 | $sql = 'UPDATE caldav_data SET dav_name = :dst_name'; |
---|
| 135 | $params = array( ':dst_name' => $dst_name ); |
---|
| 136 | if ( $src_user_no != $dst_user_no ) { |
---|
| 137 | $sql .= ', user_no = :dst_user_no'; |
---|
| 138 | $params[':dst_user_no'] = $dst_user_no; |
---|
| 139 | } |
---|
| 140 | if ( $src_collection != $dst_collection ) { |
---|
| 141 | $sql .= ', collection_id = :dst_collection'; |
---|
| 142 | $params[':dst_collection'] = $dst_collection; |
---|
| 143 | } |
---|
| 144 | $sql .=' WHERE dav_name = :src_name'; |
---|
| 145 | $params[':src_name'] = $src_name; |
---|
| 146 | $qry = new AwlQuery( $sql, $params ); |
---|
| 147 | if ( !$qry->Exec('move') ) rollback(500); |
---|
| 148 | |
---|
| 149 | $qry = new AwlQuery( 'SELECT write_sync_change( :src_collection, 404, :src_name );', array( |
---|
| 150 | ':src_name' => $src_name, |
---|
| 151 | ':src_collection' => $src_collection |
---|
| 152 | ) ); |
---|
| 153 | if ( !$qry->Exec('move') ) rollback(500); |
---|
| 154 | if ( function_exists('log_caldav_action') ) { |
---|
| 155 | log_caldav_action( 'DELETE', $src->GetProperty('uid'), $src_user_no, $src_collection, $src_name ); |
---|
| 156 | } |
---|
| 157 | |
---|
| 158 | $qry = new AwlQuery( 'SELECT write_sync_change( :dst_collection, :sync_type, :dst_name );', array( |
---|
| 159 | ':dst_name' => $dst_name, |
---|
| 160 | ':dst_collection' => $dst_collection, |
---|
| 161 | ':sync_type' => ( $dest->Exists() ? 200 : 201 ) |
---|
| 162 | ) ); |
---|
| 163 | if ( !$qry->Exec('move') ) rollback(500); |
---|
| 164 | if ( function_exists('log_caldav_action') ) { |
---|
| 165 | log_caldav_action( ( $dest->Exists() ? 'UPDATE' : 'INSERT' ), $src->GetProperty('uid'), $dst_user_no, $dst_collection, $dst_name ); |
---|
| 166 | } |
---|
| 167 | |
---|
| 168 | } |
---|
| 169 | |
---|
| 170 | $qry = new AwlQuery('COMMIT'); |
---|
| 171 | if ( !$qry->Exec('move') ) rollback(500); |
---|
| 172 | |
---|
| 173 | $request->DoResponse( 200 ); |
---|