[3733] | 1 | <?php |
---|
| 2 | /** |
---|
| 3 | * CalDAV Server - handle PUT method |
---|
| 4 | * |
---|
| 5 | * @package davical |
---|
| 6 | * @subpackage caldav |
---|
| 7 | * @author Andrew McMillan <andrew@morphoss.com> |
---|
| 8 | * @copyright Morphoss Ltd - http://www.morphoss.com/ |
---|
| 9 | * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later |
---|
| 10 | */ |
---|
| 11 | dbg_error_log("POST", "method handler"); |
---|
| 12 | |
---|
| 13 | require_once("XMLDocument.php"); |
---|
| 14 | require_once("iCalendar.php"); |
---|
| 15 | include_once('caldav-PUT-functions.php'); |
---|
| 16 | include_once('freebusy-functions.php'); |
---|
| 17 | |
---|
| 18 | if ( ! $request->AllowedTo("CALDAV:schedule-send-freebusy") |
---|
| 19 | && ! $request->AllowedTo("CALDAV:schedule-send-invite") |
---|
| 20 | && ! $request->AllowedTo("CALDAV:schedule-send-reply") ) { |
---|
| 21 | // $request->DoResponse(403); |
---|
| 22 | dbg_error_log( "WARN", ": POST: permissions not yet checked" ); |
---|
| 23 | } |
---|
| 24 | |
---|
| 25 | if ( ! ini_get('open_basedir') && (isset($c->dbg['ALL']) || isset($c->dbg['post'])) ) { |
---|
| 26 | $fh = fopen('/tmp/POST.txt','w'); |
---|
| 27 | if ( $fh ) { |
---|
| 28 | fwrite($fh,$request->raw_post); |
---|
| 29 | fclose($fh); |
---|
| 30 | } |
---|
| 31 | } |
---|
| 32 | |
---|
| 33 | |
---|
| 34 | function handle_freebusy_request( $ic ) { |
---|
| 35 | global $c, $session, $request; |
---|
| 36 | |
---|
| 37 | $reply = new XMLDocument( array("DAV:" => "", "urn:ietf:params:xml:ns:caldav" => "C" ) ); |
---|
| 38 | $responses = array(); |
---|
| 39 | |
---|
| 40 | $fbq_start = $ic->GetPValue('DTSTART'); |
---|
| 41 | $fbq_end = $ic->GetPValue('DTEND'); |
---|
| 42 | if ( ! ( isset($fbq_start) || isset($fbq_end) ) ) { |
---|
| 43 | $request->DoResponse( 400, 'All valid freebusy requests MUST contain a DTSTART and a DTEND' ); |
---|
| 44 | } |
---|
| 45 | |
---|
| 46 | $range_start = new RepeatRuleDateTime($fbq_start); |
---|
| 47 | $range_end = new RepeatRuleDateTime($fbq_end); |
---|
| 48 | |
---|
| 49 | $attendees = $ic->GetProperties('ATTENDEE'); |
---|
| 50 | if ( preg_match( '# iCal/\d#', $_SERVER['HTTP_USER_AGENT']) ) { |
---|
| 51 | dbg_error_log( "POST", "Non-compliant iCal request. Using X-WR-ATTENDEE property" ); |
---|
| 52 | $wr_attendees = $ic->GetProperties('X-WR-ATTENDEE'); |
---|
| 53 | foreach( $wr_attendees AS $k => $v ) { |
---|
| 54 | $attendees[] = $v; |
---|
| 55 | } |
---|
| 56 | } |
---|
| 57 | dbg_error_log( "POST", "Responding with free/busy for %d attendees", count($attendees) ); |
---|
| 58 | |
---|
| 59 | foreach( $attendees AS $k => $attendee ) { |
---|
| 60 | $attendee_email = preg_replace( '/^mailto:/', '', $attendee->Value() ); |
---|
| 61 | dbg_error_log( "POST", "Calculating free/busy for %s", $attendee_email ); |
---|
| 62 | |
---|
| 63 | /** @TODO: Refactor this so we only do one query here and loop through the results */ |
---|
| 64 | //$params = array( ':session_principal' => $session->principal_id, ':scan_depth' => $c->permission_scan_depth, ':email' => $attendee_email ); |
---|
| 65 | //$qry = new AwlQuery('SELECT pprivs(:session_principal::int8,principal_id,:scan_depth::int) AS p, username FROM usr JOIN principal USING(user_no) WHERE lower(usr.email) = lower(:email)', $params ); |
---|
| 66 | //if ( !$qry->Exec('POST',__LINE__,__FILE__) ) $request->DoResponse( 501, 'Database error'); |
---|
| 67 | //if ( $qry->rows() > 1 ) { |
---|
| 68 | // Unlikely, but if we get more than one result we'll do an exact match instead. |
---|
| 69 | // if ( !$qry->QDo('SELECT pprivs(:session_principal::int8,principal_id,:scan_depth::int) AS p, username FROM usr JOIN principal USING(user_no) WHERE usr.email = :email', $params ) ) |
---|
| 70 | // $request->DoResponse( 501, 'Database error'); |
---|
| 71 | // if ( $qry->rows() == 0 ) { |
---|
| 72 | /** Sigh... Go back to the original case-insensitive match */ |
---|
| 73 | // $qry->QDo('SELECT pprivs(:session_principal::int8,principal_id,:scan_depth::int) AS p, username FROM usr JOIN principal USING(user_no) WHERE lower(usr.email) = lower(:email)', $params ); |
---|
| 74 | // } |
---|
| 75 | //} |
---|
| 76 | |
---|
| 77 | $response = $reply->NewXMLElement("response", false, false, 'urn:ietf:params:xml:ns:caldav'); |
---|
| 78 | $reply->CalDAVElement($response, "recipient", $reply->href($attendee->Value()) ); |
---|
| 79 | |
---|
| 80 | //if ( $qry->rows() == 0 ) { |
---|
| 81 | // $reply->CalDAVElement($response, "request-status", "3.7;Invalid Calendar User" ); |
---|
| 82 | // $reply->CalDAVElement($response, "calendar-data" ); |
---|
| 83 | // $responses[] = $response; |
---|
| 84 | // continue; |
---|
| 85 | //} |
---|
| 86 | //if ( ! $attendee_usr = $qry->Fetch() ) $request->DoResponse( 501, 'Database error'); |
---|
| 87 | //if ( (privilege_to_bits('schedule-query-freebusy') & bindec($attendee_usr->p)) == 0 ) { |
---|
| 88 | // $reply->CalDAVElement($response, "request-status", "3.8;No authority" ); |
---|
| 89 | // $reply->CalDAVElement($response, "calendar-data" ); |
---|
| 90 | // $responses[] = $response; |
---|
| 91 | // continue; |
---|
| 92 | //} |
---|
| 93 | $attendee_path_match = '^/'.$attendee_usr->username.'/'; |
---|
| 94 | $fb = get_freebusy( $attendee_path_match, $attendee_email,$range_start, $range_end, bindec($attendee_usr->p) ); |
---|
| 95 | |
---|
| 96 | $fb->AddProperty( 'UID', $ic->GetPValue('UID') ); |
---|
| 97 | $fb->SetProperties( $ic->GetProperties('ORGANIZER'), 'ORGANIZER'); |
---|
| 98 | $fb->AddProperty( $attendee ); |
---|
| 99 | |
---|
| 100 | $vcal = new iCalComponent(); |
---|
| 101 | $vcal->VCalendar( array('METHOD' => 'REPLY') ); |
---|
| 102 | $vcal->AddComponent( $fb ); |
---|
| 103 | |
---|
| 104 | $response = $reply->NewXMLElement( "response", false, false, 'urn:ietf:params:xml:ns:caldav' ); |
---|
| 105 | $reply->CalDAVElement($response, "recipient", $reply->href($attendee->Value()) ); |
---|
| 106 | $reply->CalDAVElement($response, "request-status", "2.0;Success" ); // Cargo-cult setting |
---|
| 107 | $reply->CalDAVElement($response, "calendar-data", $vcal->Render() ); |
---|
| 108 | $responses[] = $response; |
---|
| 109 | } |
---|
| 110 | |
---|
| 111 | $response = $reply->NewXMLElement( "schedule-response", $responses, $reply->GetXmlNsArray(), 'urn:ietf:params:xml:ns:caldav' ); |
---|
| 112 | $request->XMLResponse( 200, $response ); |
---|
| 113 | } |
---|
| 114 | |
---|
| 115 | |
---|
| 116 | function handle_cancel_request( $ic ) { |
---|
| 117 | global $c, $session, $request; |
---|
| 118 | |
---|
| 119 | $reply = new XMLDocument( array("DAV:" => "", "urn:ietf:params:xml:ns:caldav" => "C" ) ); |
---|
| 120 | |
---|
| 121 | $responses[] = $reply->NewXMLElement( "response", false, false, 'urn:ietf:params:xml:ns:caldav' ); |
---|
| 122 | $reply->CalDAVElement($response, "request-status", "2.0;Success" ); // Cargo-cult setting |
---|
| 123 | $response = $reply->NewXMLElement( "schedule-response", $responses, $reply->GetXmlNsArray() ); |
---|
| 124 | $request->XMLResponse( 200, $response ); |
---|
| 125 | } |
---|
| 126 | |
---|
| 127 | $ical = new iCalComponent( $request->raw_post ); |
---|
| 128 | $method = $ical->GetPValue('METHOD'); |
---|
| 129 | |
---|
| 130 | $resources = $ical->GetComponents('VTIMEZONE',false); |
---|
| 131 | $first = $resources[0]; |
---|
| 132 | switch ( $method ) { |
---|
| 133 | case 'REQUEST': |
---|
| 134 | dbg_error_log('POST', 'Handling iTIP "REQUEST" method with "%s" component.', $method, $first->GetType() ); |
---|
| 135 | if ( $first->GetType() == 'VFREEBUSY' ) |
---|
| 136 | handle_freebusy_request( $first ); |
---|
| 137 | elseif ( $first->GetType() == 'VEVENT' ) { |
---|
| 138 | handle_schedule_request( $ical ); |
---|
| 139 | } |
---|
| 140 | else { |
---|
| 141 | dbg_error_log('POST', 'Ignoring iTIP "REQUEST" with "%s" component.', $first->GetType() ); |
---|
| 142 | } |
---|
| 143 | break; |
---|
| 144 | case 'REPLY': |
---|
| 145 | dbg_error_log('POST', 'Handling iTIP "REPLY" with "%s" component.', $first->GetType() ); |
---|
| 146 | handle_schedule_reply ( $ical ); |
---|
| 147 | break; |
---|
| 148 | |
---|
| 149 | case 'CANCEL': |
---|
| 150 | dbg_error_log("POST", "Handling iTIP 'CANCEL' method.", $method ); |
---|
| 151 | handle_cancel_request( $first ); |
---|
| 152 | break; |
---|
| 153 | |
---|
| 154 | default: |
---|
| 155 | dbg_error_log("POST", "Unhandled '%s' method in request.", $method ); |
---|
| 156 | } |
---|