1 | <?php |
---|
2 | /** |
---|
3 | * CalDAV Server - handle PUT method |
---|
4 | * |
---|
5 | * @package davical |
---|
6 | * @subpackage caldav |
---|
7 | * @author Andrew McMillan <andrew@morphoss.com> |
---|
8 | * @copyright Morphoss Ltd - http://www.morphoss.com/ |
---|
9 | * @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later |
---|
10 | */ |
---|
11 | dbg_error_log("POST", "method handler"); |
---|
12 | |
---|
13 | require_once("XMLDocument.php"); |
---|
14 | require_once("iCalendar.php"); |
---|
15 | include_once('caldav-PUT-functions.php'); |
---|
16 | include_once('freebusy-functions.php'); |
---|
17 | |
---|
18 | if ( ! $request->AllowedTo("CALDAV:schedule-send-freebusy") |
---|
19 | && ! $request->AllowedTo("CALDAV:schedule-send-invite") |
---|
20 | && ! $request->AllowedTo("CALDAV:schedule-send-reply") ) { |
---|
21 | // $request->DoResponse(403); |
---|
22 | dbg_error_log( "WARN", ": POST: permissions not yet checked" ); |
---|
23 | } |
---|
24 | |
---|
25 | if ( ! ini_get('open_basedir') && (isset($c->dbg['ALL']) || isset($c->dbg['post'])) ) { |
---|
26 | $fh = fopen('/tmp/POST.txt','w'); |
---|
27 | if ( $fh ) { |
---|
28 | fwrite($fh,$request->raw_post); |
---|
29 | fclose($fh); |
---|
30 | } |
---|
31 | } |
---|
32 | |
---|
33 | |
---|
34 | function handle_freebusy_request( $ic ) { |
---|
35 | global $c, $session, $request; |
---|
36 | |
---|
37 | $reply = new XMLDocument( array("DAV:" => "", "urn:ietf:params:xml:ns:caldav" => "C" ) ); |
---|
38 | $responses = array(); |
---|
39 | |
---|
40 | $fbq_start = $ic->GetPValue('DTSTART'); |
---|
41 | $fbq_end = $ic->GetPValue('DTEND'); |
---|
42 | if ( ! ( isset($fbq_start) || isset($fbq_end) ) ) { |
---|
43 | $request->DoResponse( 400, 'All valid freebusy requests MUST contain a DTSTART and a DTEND' ); |
---|
44 | } |
---|
45 | |
---|
46 | $range_start = new RepeatRuleDateTime($fbq_start); |
---|
47 | $range_end = new RepeatRuleDateTime($fbq_end); |
---|
48 | |
---|
49 | $attendees = $ic->GetProperties('ATTENDEE'); |
---|
50 | if ( preg_match( '# iCal/\d#', $_SERVER['HTTP_USER_AGENT']) ) { |
---|
51 | dbg_error_log( "POST", "Non-compliant iCal request. Using X-WR-ATTENDEE property" ); |
---|
52 | $wr_attendees = $ic->GetProperties('X-WR-ATTENDEE'); |
---|
53 | foreach( $wr_attendees AS $k => $v ) { |
---|
54 | $attendees[] = $v; |
---|
55 | } |
---|
56 | } |
---|
57 | dbg_error_log( "POST", "Responding with free/busy for %d attendees", count($attendees) ); |
---|
58 | |
---|
59 | foreach( $attendees AS $k => $attendee ) { |
---|
60 | $attendee_email = preg_replace( '/^mailto:/', '', $attendee->Value() ); |
---|
61 | dbg_error_log( "POST", "Calculating free/busy for %s", $attendee_email ); |
---|
62 | |
---|
63 | /** @TODO: Refactor this so we only do one query here and loop through the results */ |
---|
64 | //$params = array( ':session_principal' => $session->principal_id, ':scan_depth' => $c->permission_scan_depth, ':email' => $attendee_email ); |
---|
65 | //$qry = new AwlQuery('SELECT pprivs(:session_principal::int8,principal_id,:scan_depth::int) AS p, username FROM usr JOIN principal USING(user_no) WHERE lower(usr.email) = lower(:email)', $params ); |
---|
66 | //if ( !$qry->Exec('POST',__LINE__,__FILE__) ) $request->DoResponse( 501, 'Database error'); |
---|
67 | //if ( $qry->rows() > 1 ) { |
---|
68 | // Unlikely, but if we get more than one result we'll do an exact match instead. |
---|
69 | // if ( !$qry->QDo('SELECT pprivs(:session_principal::int8,principal_id,:scan_depth::int) AS p, username FROM usr JOIN principal USING(user_no) WHERE usr.email = :email', $params ) ) |
---|
70 | // $request->DoResponse( 501, 'Database error'); |
---|
71 | // if ( $qry->rows() == 0 ) { |
---|
72 | /** Sigh... Go back to the original case-insensitive match */ |
---|
73 | // $qry->QDo('SELECT pprivs(:session_principal::int8,principal_id,:scan_depth::int) AS p, username FROM usr JOIN principal USING(user_no) WHERE lower(usr.email) = lower(:email)', $params ); |
---|
74 | // } |
---|
75 | //} |
---|
76 | |
---|
77 | $response = $reply->NewXMLElement("response", false, false, 'urn:ietf:params:xml:ns:caldav'); |
---|
78 | $reply->CalDAVElement($response, "recipient", $reply->href($attendee->Value()) ); |
---|
79 | |
---|
80 | //if ( $qry->rows() == 0 ) { |
---|
81 | // $reply->CalDAVElement($response, "request-status", "3.7;Invalid Calendar User" ); |
---|
82 | // $reply->CalDAVElement($response, "calendar-data" ); |
---|
83 | // $responses[] = $response; |
---|
84 | // continue; |
---|
85 | //} |
---|
86 | //if ( ! $attendee_usr = $qry->Fetch() ) $request->DoResponse( 501, 'Database error'); |
---|
87 | //if ( (privilege_to_bits('schedule-query-freebusy') & bindec($attendee_usr->p)) == 0 ) { |
---|
88 | // $reply->CalDAVElement($response, "request-status", "3.8;No authority" ); |
---|
89 | // $reply->CalDAVElement($response, "calendar-data" ); |
---|
90 | // $responses[] = $response; |
---|
91 | // continue; |
---|
92 | //} |
---|
93 | $attendee_path_match = '^/'.$attendee_usr->username.'/'; |
---|
94 | $fb = get_freebusy( $attendee_path_match, $attendee_email,$range_start, $range_end, bindec($attendee_usr->p) ); |
---|
95 | |
---|
96 | $fb->AddProperty( 'UID', $ic->GetPValue('UID') ); |
---|
97 | $fb->SetProperties( $ic->GetProperties('ORGANIZER'), 'ORGANIZER'); |
---|
98 | $fb->AddProperty( $attendee ); |
---|
99 | |
---|
100 | $vcal = new iCalComponent(); |
---|
101 | $vcal->VCalendar( array('METHOD' => 'REPLY') ); |
---|
102 | $vcal->AddComponent( $fb ); |
---|
103 | |
---|
104 | $response = $reply->NewXMLElement( "response", false, false, 'urn:ietf:params:xml:ns:caldav' ); |
---|
105 | $reply->CalDAVElement($response, "recipient", $reply->href($attendee->Value()) ); |
---|
106 | $reply->CalDAVElement($response, "request-status", "2.0;Success" ); // Cargo-cult setting |
---|
107 | $reply->CalDAVElement($response, "calendar-data", $vcal->Render() ); |
---|
108 | $responses[] = $response; |
---|
109 | } |
---|
110 | |
---|
111 | $response = $reply->NewXMLElement( "schedule-response", $responses, $reply->GetXmlNsArray(), 'urn:ietf:params:xml:ns:caldav' ); |
---|
112 | $request->XMLResponse( 200, $response ); |
---|
113 | } |
---|
114 | |
---|
115 | |
---|
116 | function handle_cancel_request( $ic ) { |
---|
117 | global $c, $session, $request; |
---|
118 | |
---|
119 | $reply = new XMLDocument( array("DAV:" => "", "urn:ietf:params:xml:ns:caldav" => "C" ) ); |
---|
120 | |
---|
121 | $responses[] = $reply->NewXMLElement( "response", false, false, 'urn:ietf:params:xml:ns:caldav' ); |
---|
122 | $reply->CalDAVElement($response, "request-status", "2.0;Success" ); // Cargo-cult setting |
---|
123 | $response = $reply->NewXMLElement( "schedule-response", $responses, $reply->GetXmlNsArray() ); |
---|
124 | $request->XMLResponse( 200, $response ); |
---|
125 | } |
---|
126 | |
---|
127 | $ical = new iCalComponent( $request->raw_post ); |
---|
128 | $method = $ical->GetPValue('METHOD'); |
---|
129 | |
---|
130 | $resources = $ical->GetComponents('VTIMEZONE',false); |
---|
131 | $first = $resources[0]; |
---|
132 | switch ( $method ) { |
---|
133 | case 'REQUEST': |
---|
134 | dbg_error_log('POST', 'Handling iTIP "REQUEST" method with "%s" component.', $method, $first->GetType() ); |
---|
135 | if ( $first->GetType() == 'VFREEBUSY' ) |
---|
136 | handle_freebusy_request( $first ); |
---|
137 | elseif ( $first->GetType() == 'VEVENT' ) { |
---|
138 | handle_schedule_request( $ical ); |
---|
139 | } |
---|
140 | else { |
---|
141 | dbg_error_log('POST', 'Ignoring iTIP "REQUEST" with "%s" component.', $first->GetType() ); |
---|
142 | } |
---|
143 | break; |
---|
144 | case 'REPLY': |
---|
145 | dbg_error_log('POST', 'Handling iTIP "REPLY" with "%s" component.', $first->GetType() ); |
---|
146 | handle_schedule_reply ( $ical ); |
---|
147 | break; |
---|
148 | |
---|
149 | case 'CANCEL': |
---|
150 | dbg_error_log("POST", "Handling iTIP 'CANCEL' method.", $method ); |
---|
151 | handle_cancel_request( $first ); |
---|
152 | break; |
---|
153 | |
---|
154 | default: |
---|
155 | dbg_error_log("POST", "Unhandled '%s' method in request.", $method ); |
---|
156 | } |
---|