summaryrefslogtreecommitdiffstats
path: root/3dparty/Sabre/DAVACL
diff options
context:
space:
mode:
Diffstat (limited to '3dparty/Sabre/DAVACL')
-rw-r--r--3dparty/Sabre/DAVACL/AbstractPrincipalCollection.php121
-rw-r--r--3dparty/Sabre/DAVACL/Exception/AceConflict.php34
-rw-r--r--3dparty/Sabre/DAVACL/Exception/NeedPrivileges.php84
-rw-r--r--3dparty/Sabre/DAVACL/Exception/NoAbstract.php34
-rw-r--r--3dparty/Sabre/DAVACL/Exception/NotRecognizedPrincipal.php34
-rw-r--r--3dparty/Sabre/DAVACL/Exception/NotSupportedPrivilege.php34
-rw-r--r--3dparty/Sabre/DAVACL/IACL.php58
-rw-r--r--3dparty/Sabre/DAVACL/IPrincipal.php75
-rw-r--r--3dparty/Sabre/DAVACL/IPrincipalBackend.php73
-rw-r--r--3dparty/Sabre/DAVACL/Plugin.php1238
-rw-r--r--3dparty/Sabre/DAVACL/Principal.php256
-rw-r--r--3dparty/Sabre/DAVACL/PrincipalBackend/PDO.php206
-rw-r--r--3dparty/Sabre/DAVACL/PrincipalCollection.php35
-rw-r--r--3dparty/Sabre/DAVACL/Property/Acl.php186
-rw-r--r--3dparty/Sabre/DAVACL/Property/CurrentUserPrivilegeSet.php75
-rw-r--r--3dparty/Sabre/DAVACL/Property/Principal.php154
-rw-r--r--3dparty/Sabre/DAVACL/Property/SupportedPrivilegeSet.php92
-rw-r--r--3dparty/Sabre/DAVACL/Version.php24
18 files changed, 2813 insertions, 0 deletions
diff --git a/3dparty/Sabre/DAVACL/AbstractPrincipalCollection.php b/3dparty/Sabre/DAVACL/AbstractPrincipalCollection.php
new file mode 100644
index 00000000000..7d120feb2bf
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/AbstractPrincipalCollection.php
@@ -0,0 +1,121 @@
+<?php
+
+/**
+ * Principals Collection
+ *
+ * This is a helper class that easily allows you to create a collection that
+ * has a childnode for every principal.
+ *
+ * To use this class, simply implement the getChildForPrincipal method.
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+abstract class Sabre_DAVACL_AbstractPrincipalCollection extends Sabre_DAV_Directory {
+
+ /**
+ * Node or 'directory' name.
+ *
+ * @var string
+ */
+ protected $path;
+
+ /**
+ * Principal backend
+ *
+ * @var Sabre_DAVACL_IPrincipalBackend
+ */
+ protected $principalBackend;
+
+ /**
+ * If this value is set to true, it effectively disables listing of users
+ * it still allows user to find other users if they have an exact url.
+ *
+ * @var bool
+ */
+ public $disableListing = false;
+
+ /**
+ * Creates the object
+ *
+ * This object must be passed the principal backend. This object will
+ * filter all principals from a specfied prefix ($principalPrefix). The
+ * default is 'principals', if your principals are stored in a different
+ * collection, override $principalPrefix
+ *
+ *
+ * @param Sabre_DAVACL_IPrincipalBackend $principalBackend
+ * @param string $principalPrefix
+ * @param string $nodeName
+ */
+ public function __construct(Sabre_DAVACL_IPrincipalBackend $principalBackend, $principalPrefix = 'principals') {
+
+ $this->principalPrefix = $principalPrefix;
+ $this->principalBackend = $principalBackend;
+
+ }
+
+ /**
+ * This method returns a node for a principal.
+ *
+ * The passed array contains principal information, and is guaranteed to
+ * at least contain a uri item. Other properties may or may not be
+ * supplied by the authentication backend.
+ *
+ * @param array $principalInfo
+ * @return Sabre_DAVACL_IPrincipal
+ */
+ abstract function getChildForPrincipal(array $principalInfo);
+
+ /**
+ * Returns the name of this collection.
+ *
+ * @return string
+ */
+ public function getName() {
+
+ list(,$name) = Sabre_DAV_URLUtil::splitPath($this->principalPrefix);
+ return $name;
+
+ }
+
+ /**
+ * Return the list of users
+ *
+ * @return void
+ */
+ public function getChildren() {
+
+ if ($this->disableListing)
+ throw new Sabre_DAV_Exception_MethodNotAllowed('Listing members of this collection is disabled');
+
+ $children = array();
+ foreach($this->principalBackend->getPrincipalsByPrefix($this->principalPrefix) as $principalInfo) {
+
+ $children[] = $this->getChildForPrincipal($principalInfo);
+
+
+ }
+ return $children;
+
+ }
+
+ /**
+ * Returns a child object, by its name.
+ *
+ * @param string $name
+ * @throws Sabre_DAV_Exception_FileNotFound
+ * @return Sabre_DAV_IPrincipal
+ */
+ public function getChild($name) {
+
+ $principalInfo = $this->principalBackend->getPrincipalByPath($this->principalPrefix . '/' . $name);
+ if (!$principalInfo) throw new Sabre_DAV_Exception_FileNotFound('Principal with name ' . $name . ' not found');
+ return $this->getChildForPrincipal($principalInfo);
+
+ }
+
+}
diff --git a/3dparty/Sabre/DAVACL/Exception/AceConflict.php b/3dparty/Sabre/DAVACL/Exception/AceConflict.php
new file mode 100644
index 00000000000..d10aeb4345c
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Exception/AceConflict.php
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * Sabre_DAVACL_Exception_AceConflict
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Exception_AceConflict extends Sabre_DAV_Exception_Conflict {
+
+ /**
+ * Adds in extra information in the xml response.
+ *
+ * This method adds the {DAV:}no-ace-conflict element as defined in rfc3744
+ *
+ * @param Sabre_DAV_Server $server
+ * @param DOMElement $errorNode
+ * @return void
+ */
+ public function serialize(Sabre_DAV_Server $server,DOMElement $errorNode) {
+
+ $doc = $errorNode->ownerDocument;
+
+ $np = $doc->createElementNS('DAV:','d:no-ace-conflict');
+ $errorNode->appendChild($np);
+
+ }
+
+}
+
+?>
diff --git a/3dparty/Sabre/DAVACL/Exception/NeedPrivileges.php b/3dparty/Sabre/DAVACL/Exception/NeedPrivileges.php
new file mode 100644
index 00000000000..640ab8efff4
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Exception/NeedPrivileges.php
@@ -0,0 +1,84 @@
+<?php
+
+/**
+ * NeedPrivileges
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @version $Id$
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+
+/**
+ * NeedPrivileges
+ *
+ * The 403-need privileges is thrown when a user didn't have the appropriate
+ * permissions to perform an operation
+ */
+class Sabre_DAVACL_Exception_NeedPrivileges extends Sabre_DAV_Exception_Forbidden {
+
+ /**
+ * The relevant uri
+ *
+ * @var string
+ */
+ protected $uri;
+
+ /**
+ * The privileges the user didn't have.
+ *
+ * @var array
+ */
+ protected $privileges;
+
+ /**
+ * Constructor
+ *
+ * @param string $uri
+ * @param array $privileges
+ */
+ public function __construct($uri,array $privileges) {
+
+ $this->uri = $uri;
+ $this->privileges = $privileges;
+
+ }
+
+ /**
+ * Adds in extra information in the xml response.
+ *
+ * This method adds the {DAV:}need-privileges element as defined in rfc3744
+ *
+ * @param Sabre_DAV_Server $server
+ * @param DOMElement $errorNode
+ * @return void
+ */
+ public function serialize(Sabre_DAV_Server $server,DOMElement $errorNode) {
+
+ $doc = $errorNode->ownerDocument;
+
+ $np = $doc->createElementNS('DAV:','d:need-privileges');
+ $errorNode->appendChild($np);
+
+ foreach($this->privileges as $privilege) {
+
+ $resource = $doc->createElementNS('DAV:','d:resource');
+ $np->appendChild($resource);
+
+ $resource->appendChild($doc->createElementNS('DAV:','d:href',$server->getBaseUri() . $this->uri));
+
+ $priv = $doc->createElementNS('DAV:','d:privilege');
+ $resource->appendChild($priv);
+
+ preg_match('/^{([^}]*)}(.*)$/',$privilege,$privilegeParts);
+ $priv->appendChild($doc->createElementNS($privilegeParts[1],'d:' . $privilegeParts[2]));
+
+
+ }
+
+ }
+
+}
+
diff --git a/3dparty/Sabre/DAVACL/Exception/NoAbstract.php b/3dparty/Sabre/DAVACL/Exception/NoAbstract.php
new file mode 100644
index 00000000000..60f49ebff4a
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Exception/NoAbstract.php
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * Sabre_DAVACL_Exception_NoAbstract
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Exception_NoAbstract extends Sabre_DAV_Exception_PreconditionFailed {
+
+ /**
+ * Adds in extra information in the xml response.
+ *
+ * This method adds the {DAV:}no-abstract element as defined in rfc3744
+ *
+ * @param Sabre_DAV_Server $server
+ * @param DOMElement $errorNode
+ * @return void
+ */
+ public function serialize(Sabre_DAV_Server $server,DOMElement $errorNode) {
+
+ $doc = $errorNode->ownerDocument;
+
+ $np = $doc->createElementNS('DAV:','d:no-abstract');
+ $errorNode->appendChild($np);
+
+ }
+
+}
+
+?>
diff --git a/3dparty/Sabre/DAVACL/Exception/NotRecognizedPrincipal.php b/3dparty/Sabre/DAVACL/Exception/NotRecognizedPrincipal.php
new file mode 100644
index 00000000000..e056dc9e4f7
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Exception/NotRecognizedPrincipal.php
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * Sabre_DAVACL_Exception_NotRecognizedPrincipal
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Exception_NotRecognizedPrincipal extends Sabre_DAV_Exception_PreconditionFailed {
+
+ /**
+ * Adds in extra information in the xml response.
+ *
+ * This method adds the {DAV:}recognized-principal element as defined in rfc3744
+ *
+ * @param Sabre_DAV_Server $server
+ * @param DOMElement $errorNode
+ * @return void
+ */
+ public function serialize(Sabre_DAV_Server $server,DOMElement $errorNode) {
+
+ $doc = $errorNode->ownerDocument;
+
+ $np = $doc->createElementNS('DAV:','d:recognized-principal');
+ $errorNode->appendChild($np);
+
+ }
+
+}
+
+?>
diff --git a/3dparty/Sabre/DAVACL/Exception/NotSupportedPrivilege.php b/3dparty/Sabre/DAVACL/Exception/NotSupportedPrivilege.php
new file mode 100644
index 00000000000..27db7cdd7dd
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Exception/NotSupportedPrivilege.php
@@ -0,0 +1,34 @@
+<?php
+
+/**
+ * Sabre_DAVACL_Exception_NotSupportedPrivilege
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Exception_NotSupportedPrivilege extends Sabre_DAV_Exception_PreconditionFailed {
+
+ /**
+ * Adds in extra information in the xml response.
+ *
+ * This method adds the {DAV:}not-supported-privilege element as defined in rfc3744
+ *
+ * @param Sabre_DAV_Server $server
+ * @param DOMElement $errorNode
+ * @return void
+ */
+ public function serialize(Sabre_DAV_Server $server,DOMElement $errorNode) {
+
+ $doc = $errorNode->ownerDocument;
+
+ $np = $doc->createElementNS('DAV:','d:not-supported-privilege');
+ $errorNode->appendChild($np);
+
+ }
+
+}
+
+?>
diff --git a/3dparty/Sabre/DAVACL/IACL.php b/3dparty/Sabre/DAVACL/IACL.php
new file mode 100644
index 00000000000..506be4248d7
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/IACL.php
@@ -0,0 +1,58 @@
+<?php
+
+/**
+ * ACL-enabled node
+ *
+ * If you want to add WebDAV ACL to a node, you must implement this class
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+interface Sabre_DAVACL_IACL extends Sabre_DAV_INode {
+
+ /**
+ * Returns the owner principal
+ *
+ * This must be a url to a principal, or null if there's no owner
+ *
+ * @return string|null
+ */
+ function getOwner();
+
+ /**
+ * Returns a group principal
+ *
+ * This must be a url to a principal, or null if there's no owner
+ *
+ * @return string|null
+ */
+ function getGroup();
+
+ /**
+ * Returns a list of ACE's for this node.
+ *
+ * Each ACE has the following properties:
+ * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
+ * currently the only supported privileges
+ * * 'principal', a url to the principal who owns the node
+ * * 'protected' (optional), indicating that this ACE is not allowed to
+ * be updated.
+ *
+ * @return array
+ */
+ function getACL();
+
+ /**
+ * Updates the ACL
+ *
+ * This method will receive a list of new ACE's.
+ *
+ * @param array $acl
+ * @return void
+ */
+ function setACL(array $acl);
+
+}
diff --git a/3dparty/Sabre/DAVACL/IPrincipal.php b/3dparty/Sabre/DAVACL/IPrincipal.php
new file mode 100644
index 00000000000..7868811db76
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/IPrincipal.php
@@ -0,0 +1,75 @@
+<?php
+
+/**
+ * IPrincipal interface
+ *
+ * Implement this interface to define your own principals
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+interface Sabre_DAVACL_IPrincipal extends Sabre_DAV_INode {
+
+ /**
+ * Returns a list of altenative urls for a principal
+ *
+ * This can for example be an email address, or ldap url.
+ *
+ * @return array
+ */
+ function getAlternateUriSet();
+
+ /**
+ * Returns the full principal url
+ *
+ * @return string
+ */
+ function getPrincipalUrl();
+
+ /**
+ * Returns the list of group members
+ *
+ * If this principal is a group, this function should return
+ * all member principal uri's for the group.
+ *
+ * @return array
+ */
+ function getGroupMemberSet();
+
+ /**
+ * Returns the list of groups this principal is member of
+ *
+ * If this principal is a member of a (list of) groups, this function
+ * should return a list of principal uri's for it's members.
+ *
+ * @return array
+ */
+ function getGroupMembership();
+
+ /**
+ * Sets a list of group members
+ *
+ * If this principal is a group, this method sets all the group members.
+ * The list of members is always overwritten, never appended to.
+ *
+ * This method should throw an exception if the members could not be set.
+ *
+ * @param array $principals
+ * @return void
+ */
+ function setGroupMemberSet(array $principals);
+
+ /**
+ * Returns the displayname
+ *
+ * This should be a human readable name for the principal.
+ * If none is available, return the nodename.
+ *
+ * @return string
+ */
+ function getDisplayName();
+
+}
diff --git a/3dparty/Sabre/DAVACL/IPrincipalBackend.php b/3dparty/Sabre/DAVACL/IPrincipalBackend.php
new file mode 100644
index 00000000000..8899f6f80df
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/IPrincipalBackend.php
@@ -0,0 +1,73 @@
+<?php
+
+/**
+ * Implement this interface to create your own principal backends.
+ *
+ * Creating backends for principals is entirely optional. You can also
+ * implement Sabre_DAVACL_IPrincipal directly. This interface is used solely by
+ * Sabre_DAVACL_AbstractPrincipalCollection.
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+interface Sabre_DAVACL_IPrincipalBackend {
+
+ /**
+ * Returns a list of principals based on a prefix.
+ *
+ * This prefix will often contain something like 'principals'. You are only
+ * expected to return principals that are in this base path.
+ *
+ * You are expected to return at least a 'uri' for every user, you can
+ * return any additional properties if you wish so. Common properties are:
+ * {DAV:}displayname
+ * {http://sabredav.org/ns}email-address - This is a custom SabreDAV
+ * field that's actualy injected in a number of other properties. If
+ * you have an email address, use this property.
+ *
+ * @param string $prefixPath
+ * @return array
+ */
+ function getPrincipalsByPrefix($prefixPath);
+
+ /**
+ * Returns a specific principal, specified by it's path.
+ * The returned structure should be the exact same as from
+ * getPrincipalsByPrefix.
+ *
+ * @param string $path
+ * @return array
+ */
+ function getPrincipalByPath($path);
+
+ /**
+ * Returns the list of members for a group-principal
+ *
+ * @param string $principal
+ * @return array
+ */
+ function getGroupMemberSet($principal);
+
+ /**
+ * Returns the list of groups a principal is a member of
+ *
+ * @param string $principal
+ * @return array
+ */
+ function getGroupMembership($principal);
+
+ /**
+ * Updates the list of group members for a group principal.
+ *
+ * The principals should be passed as a list of uri's.
+ *
+ * @param string $principal
+ * @param array $members
+ * @return void
+ */
+ function setGroupMemberSet($principal, array $members);
+
+}
diff --git a/3dparty/Sabre/DAVACL/Plugin.php b/3dparty/Sabre/DAVACL/Plugin.php
new file mode 100644
index 00000000000..b964bdb5dec
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Plugin.php
@@ -0,0 +1,1238 @@
+<?php
+
+/**
+ * SabreDAV ACL Plugin
+ *
+ * This plugin provides funcitonality to enforce ACL permissions.
+ * ACL is defined in RFC3744.
+ *
+ * In addition it also provides support for the {DAV:}current-user-principal
+ * property, defined in RFC5397 and the {DAV:}expand-property report, as
+ * defined in RFC3253.
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Plugin extends Sabre_DAV_ServerPlugin {
+
+ /**
+ * Recursion constants
+ *
+ * This only checks the base node
+ */
+ const R_PARENT = 1;
+
+ /**
+ * Recursion constants
+ *
+ * This checks every node in the tree
+ */
+ const R_RECURSIVE = 2;
+
+ /**
+ * Recursion constants
+ *
+ * This checks every parentnode in the tree, but not leaf-nodes.
+ */
+ const R_RECURSIVEPARENTS = 3;
+
+ /**
+ * Reference to server object.
+ *
+ * @var Sabre_DAV_Server
+ */
+ protected $server;
+
+ /**
+ * List of urls containing principal collections.
+ * Modify this if your principals are located elsewhere.
+ *
+ * @var array
+ */
+ public $principalCollectionSet = array(
+ 'principals',
+ );
+
+ /**
+ * By default ACL is only enforced for nodes that have ACL support (the
+ * ones that implement Sabre_DAVACL_IACL). For any other node, access is
+ * always granted.
+ *
+ * To override this behaviour you can turn this setting off. This is useful
+ * if you plan to fully support ACL in the entire tree.
+ *
+ * @var bool
+ */
+ public $allowAccessToNodesWithoutACL = true;
+
+ /**
+ * By default nodes that are inaccessible by the user, can still be seen
+ * in directory listings (PROPFIND on parent with Depth: 1)
+ *
+ * In certain cases it's desirable to hide inaccessible nodes. Setting this
+ * to true will cause these nodes to be hidden from directory listings.
+ *
+ * @var bool
+ */
+ public $hideNodesFromListings = false;
+
+ /**
+ * This string is prepended to the username of the currently logged in
+ * user. This allows the plugin to determine the principal path based on
+ * the username.
+ *
+ * @var string
+ */
+ public $defaultUsernamePath = 'principals';
+
+ /**
+ * Returns a list of features added by this plugin.
+ *
+ * This list is used in the response of a HTTP OPTIONS request.
+ *
+ * @return array
+ */
+ public function getFeatures() {
+
+ return array('access-control');
+
+ }
+
+ /**
+ * Returns a list of available methods for a given url
+ *
+ * @param string $uri
+ * @return array
+ */
+ public function getMethods($uri) {
+
+ return array('ACL');
+
+ }
+
+ /**
+ * Returns a plugin name.
+ *
+ * Using this name other plugins will be able to access other plugins
+ * using Sabre_DAV_Server::getPlugin
+ *
+ * @return string
+ */
+ public function getPluginName() {
+
+ return 'acl';
+
+ }
+
+ /**
+ * Returns a list of reports this plugin supports.
+ *
+ * This will be used in the {DAV:}supported-report-set property.
+ * Note that you still need to subscribe to the 'report' event to actually
+ * implement them
+ *
+ * @param string $uri
+ * @return array
+ */
+ public function getSupportedReportSet($uri) {
+
+ return array(
+ '{DAV:}expand-property',
+ '{DAV:}principal-property-search',
+ '{DAV:}principal-search-property-set',
+ );
+
+ }
+
+
+ /**
+ * Checks if the current user has the specified privilege(s).
+ *
+ * You can specify a single privilege, or a list of privileges.
+ * This method will throw an exception if the privilege is not available
+ * and return true otherwise.
+ *
+ * @param string $uri
+ * @param array|string $privileges
+ * @param bool $throwExceptions if set to false, this method won't through exceptions.
+ * @throws Sabre_DAVACL_Exception_NeedPrivileges
+ * @return bool
+ */
+ public function checkPrivileges($uri,$privileges,$recursion = self::R_PARENT, $throwExceptions = true) {
+
+ if (!is_array($privileges)) $privileges = array($privileges);
+
+ $acl = $this->getCurrentUserPrivilegeSet($uri);
+
+ if (is_null($acl)) {
+ if ($this->allowAccessToNodesWithoutACL) {
+ return true;
+ } else {
+ if ($throwExceptions)
+ throw new Sabre_DAVACL_Exception_NeedPrivileges($uri,$privileges);
+ else
+ return false;
+
+ }
+ }
+
+ $failed = array();
+ foreach($privileges as $priv) {
+
+ if (!in_array($priv, $acl)) {
+ $failed[] = $priv;
+ }
+
+ }
+
+ if ($failed) {
+ if ($throwExceptions)
+ throw new Sabre_DAVACL_Exception_NeedPrivileges($uri,$failed);
+ else
+ return false;
+ }
+ return true;
+
+ }
+
+ /**
+ * Returns the standard users' principal.
+ *
+ * This is one authorative principal url for the current user.
+ * This method will return null if the user wasn't logged in.
+ *
+ * @return string|null
+ */
+ public function getCurrentUserPrincipal() {
+
+ $authPlugin = $this->server->getPlugin('auth');
+ if (is_null($authPlugin)) return null;
+
+ $userName = $authPlugin->getCurrentUser();
+ if (!$userName) return null;
+
+ return $this->defaultUsernamePath . '/' . $userName;
+
+ }
+
+ /**
+ * Returns a list of principals that's associated to the current
+ * user, either directly or through group membership.
+ *
+ * @return array
+ */
+ public function getCurrentUserPrincipals() {
+
+ $currentUser = $this->getCurrentUserPrincipal();
+
+ if (is_null($currentUser)) return array();
+
+ $check = array($currentUser);
+ $principals = array($currentUser);
+
+ while(count($check)) {
+
+ $principal = array_shift($check);
+
+ $node = $this->server->tree->getNodeForPath($principal);
+ if ($node instanceof Sabre_DAVACL_IPrincipal) {
+ foreach($node->getGroupMembership() as $groupMember) {
+
+ if (!in_array($groupMember, $principals)) {
+
+ $check[] = $groupMember;
+ $principals[] = $groupMember;
+
+ }
+
+ }
+
+ }
+
+ }
+
+ return $principals;
+
+ }
+
+ /**
+ * Returns the supported privilege structure for this ACL plugin.
+ *
+ * See RFC3744 for more details. Currently we default on a simple,
+ * standard structure.
+ *
+ * @return array
+ */
+ public function getSupportedPrivilegeSet() {
+
+ return array(
+ 'privilege' => '{DAV:}all',
+ 'abstract' => true,
+ 'aggregates' => array(
+ array(
+ 'privilege' => '{DAV:}read',
+ 'aggregates' => array(
+ array(
+ 'privilege' => '{DAV:}read-acl',
+ 'abstract' => true,
+ ),
+ array(
+ 'privilege' => '{DAV:}read-current-user-privilege-set',
+ 'abstract' => true,
+ ),
+ ),
+ ), // {DAV:}read
+ array(
+ 'privilege' => '{DAV:}write',
+ 'aggregates' => array(
+ array(
+ 'privilege' => '{DAV:}write-acl',
+ 'abstract' => true,
+ ),
+ array(
+ 'privilege' => '{DAV:}write-properties',
+ 'abstract' => true,
+ ),
+ array(
+ 'privilege' => '{DAV:}write-content',
+ 'abstract' => true,
+ ),
+ array(
+ 'privilege' => '{DAV:}bind',
+ 'abstract' => true,
+ ),
+ array(
+ 'privilege' => '{DAV:}unbind',
+ 'abstract' => true,
+ ),
+ array(
+ 'privilege' => '{DAV:}unlock',
+ 'abstract' => true,
+ ),
+ ),
+ ), // {DAV:}write
+ ),
+ ); // {DAV:}all
+
+ }
+
+ /**
+ * Returns the supported privilege set as a flat list
+ *
+ * This is much easier to parse.
+ *
+ * The returned list will be index by privilege name.
+ * The value is a struct containing the following properties:
+ * - aggregates
+ * - abstract
+ * - concrete
+ *
+ * @return array
+ */
+ final public function getFlatPrivilegeSet() {
+
+ $privs = $this->getSupportedPrivilegeSet();
+
+ $flat = array();
+ $this->getFPSTraverse($privs, null, $flat);
+
+ return $flat;
+
+ }
+
+ /**
+ * Traverses the privilege set tree for reordering
+ *
+ * This function is solely used by getFlatPrivilegeSet, and would have been
+ * a closure if it wasn't for the fact I need to support PHP 5.2.
+ *
+ * @return void
+ */
+ final private function getFPSTraverse($priv, $concrete, &$flat) {
+
+ $myPriv = array(
+ 'privilege' => $priv['privilege'],
+ 'abstract' => isset($priv['abstract']) && $priv['abstract'],
+ 'aggregates' => array(),
+ 'concrete' => isset($priv['abstract']) && $priv['abstract']?$concrete:$priv['privilege'],
+ );
+
+ if (isset($priv['aggregates']))
+ foreach($priv['aggregates'] as $subPriv) $myPriv['aggregates'][] = $subPriv['privilege'];
+
+ $flat[$priv['privilege']] = $myPriv;
+
+ if (isset($priv['aggregates'])) {
+
+ foreach($priv['aggregates'] as $subPriv) {
+
+ $this->getFPSTraverse($subPriv, $myPriv['concrete'], $flat);
+
+ }
+
+ }
+
+ }
+
+ /**
+ * Returns the full ACL list.
+ *
+ * Either a uri or a Sabre_DAV_INode may be passed.
+ *
+ * null will be returned if the node doesn't support ACLs.
+ *
+ * @param string|Sabre_DAV_INode $node
+ * @return array
+ */
+ public function getACL($node) {
+
+ if (is_string($node)) {
+ $node = $this->server->tree->getNodeForPath($node);
+ }
+ if ($node instanceof Sabre_DAVACL_IACL) {
+ return $node->getACL();
+ }
+ return null;
+
+ }
+
+ /**
+ * Returns a list of privileges the current user has
+ * on a particular node.
+ *
+ * Either a uri or a Sabre_DAV_INode may be passed.
+ *
+ * null will be returned if the node doesn't support ACLs.
+ *
+ * @param string|Sabre_DAV_INode $node
+ * @return array
+ */
+ public function getCurrentUserPrivilegeSet($node) {
+
+ if (is_string($node)) {
+ $node = $this->server->tree->getNodeForPath($node);
+ }
+
+ $acl = $this->getACL($node);
+ if (is_null($acl)) return null;
+
+ $principals = $this->getCurrentUserPrincipals();
+
+ $collected = array();
+
+ foreach($acl as $ace) {
+
+ if (in_array($ace['principal'], $principals)) {
+ $collected[] = $ace;
+ }
+
+ }
+
+ // Now we deduct all aggregated privileges.
+ $flat = $this->getFlatPrivilegeSet();
+
+ $collected2 = array();
+ foreach($collected as $privilege) {
+
+ $collected2[] = $privilege['privilege'];
+ foreach($flat[$privilege['privilege']]['aggregates'] as $subPriv) {
+ if (!in_array($subPriv, $collected2))
+ $collected2[] = $subPriv;
+ }
+
+ }
+
+ return $collected2;
+
+ }
+
+ /**
+ * Sets up the plugin
+ *
+ * This method is automatically called by the server class.
+ *
+ * @param Sabre_DAV_Server $server
+ * @return void
+ */
+ public function initialize(Sabre_DAV_Server $server) {
+
+ $this->server = $server;
+ $server->subscribeEvent('beforeGetProperties',array($this,'beforeGetProperties'));
+
+ $server->subscribeEvent('beforeMethod', array($this,'beforeMethod'),20);
+ $server->subscribeEvent('beforeBind', array($this,'beforeBind'),20);
+ $server->subscribeEvent('beforeUnbind', array($this,'beforeUnbind'),20);
+ $server->subscribeEvent('updateProperties',array($this,'updateProperties'));
+ $server->subscribeEvent('beforeUnlock', array($this,'beforeUnlock'),20);
+ $server->subscribeEvent('report',array($this,'report'));
+ $server->subscribeEvent('unknownMethod', array($this, 'unknownMethod'));
+
+ array_push($server->protectedProperties,
+ '{DAV:}alternate-URI-set',
+ '{DAV:}principal-URL',
+ '{DAV:}group-membership',
+ '{DAV:}principal-collection-set',
+ '{DAV:}current-user-principal',
+ '{DAV:}supported-privilege-set',
+ '{DAV:}current-user-privilege-set',
+ '{DAV:}acl',
+ '{DAV:}acl-restrictions',
+ '{DAV:}inherited-acl-set',
+ '{DAV:}owner',
+ '{DAV:}group'
+ );
+
+ // Automatically mapping nodes implementing IPrincipal to the
+ // {DAV:}principal resourcetype.
+ $server->resourceTypeMapping['Sabre_DAVACL_IPrincipal'] = '{DAV:}principal';
+
+ // Mapping the group-member-set property to the HrefList property
+ // class.
+ $server->propertyMap['{DAV:}group-member-set'] = 'Sabre_DAV_Property_HrefList';
+
+ }
+
+
+ /* {{{ Event handlers */
+
+ /**
+ * Triggered before any method is handled
+ *
+ * @param string $method
+ * @param string $uri
+ * @return void
+ */
+ public function beforeMethod($method, $uri) {
+
+ $exists = $this->server->tree->nodeExists($uri);
+
+ // If the node doesn't exists, none of these checks apply
+ if (!$exists) return;
+
+ switch($method) {
+
+ case 'GET' :
+ case 'HEAD' :
+ case 'OPTIONS' :
+ // For these 3 we only need to know if the node is readable.
+ $this->checkPrivileges($uri,'{DAV:}read');
+ break;
+
+ case 'PUT' :
+ case 'LOCK' :
+ case 'UNLOCK' :
+ // This method requires the write-content priv if the node
+ // already exists, and bind on the parent if the node is being
+ // created.
+ // The bind privilege is handled in the beforeBind event.
+ $this->checkPrivileges($uri,'{DAV:}write-content');
+ break;
+
+
+ case 'PROPPATCH' :
+ $this->checkPrivileges($uri,'{DAV:}write-properties');
+ break;
+
+ case 'ACL' :
+ $this->checkPrivileges($uri,'{DAV:}write-acl');
+ break;
+
+ case 'COPY' :
+ case 'MOVE' :
+ // Copy requires read privileges on the entire source tree.
+ // If the target exists write-content normally needs to be
+ // checked, however, we're deleting the node beforehand and
+ // creating a new one after, so this is handled by the
+ // beforeUnbind event.
+ //
+ // The creation of the new node is handled by the beforeBind
+ // event.
+ //
+ // If MOVE is used beforeUnbind will also be used to check if
+ // the sourcenode can be deleted.
+ $this->checkPrivileges($uri,'{DAV:}read',self::R_RECURSIVE);
+
+ break;
+
+ }
+
+ }
+
+ /**
+ * Triggered before a new node is created.
+ *
+ * This allows us to check permissions for any operation that creates a
+ * new node, such as PUT, MKCOL, MKCALENDAR, LOCK, COPY and MOVE.
+ *
+ * @param string $uri
+ * @return void
+ */
+ public function beforeBind($uri) {
+
+ list($parentUri,$nodeName) = Sabre_DAV_URLUtil::splitPath($uri);
+ $this->checkPrivileges($parentUri,'{DAV:}bind');
+
+ }
+
+ /**
+ * Triggered before a node is deleted
+ *
+ * This allows us to check permissions for any operation that will delete
+ * an existing node.
+ *
+ * @param string $uri
+ * @return void
+ */
+ public function beforeUnbind($uri) {
+
+ list($parentUri,$nodeName) = Sabre_DAV_URLUtil::splitPath($uri);
+ $this->checkPrivileges($parentUri,'{DAV:}unbind',self::R_RECURSIVEPARENTS);
+
+ }
+
+ /**
+ * Triggered before a node is unlocked.
+ *
+ * @param string $uri
+ * @param Sabre_DAV_Locks_LockInfo $lock
+ * @TODO: not yet implemented
+ * @return void
+ */
+ public function beforeUnlock($uri, Sabre_DAV_Locks_LockInfo $lock) {
+
+
+ }
+
+ /**
+ * Triggered before properties are looked up in specific nodes.
+ *
+ * @param string $uri
+ * @param Sabre_DAV_INode $node
+ * @param array $requestedProperties
+ * @param array $returnedProperties
+ * @TODO really should be broken into multiple methods, or even a class.
+ * @return void
+ */
+ public function beforeGetProperties($uri, Sabre_DAV_INode $node, &$requestedProperties, &$returnedProperties) {
+
+ // Checking the read permission
+ if (!$this->checkPrivileges($uri,'{DAV:}read',self::R_PARENT,false)) {
+
+ // User is not allowed to read properties
+ if ($this->hideNodesFromListings) {
+ return false;
+ }
+
+ // Marking all requested properties as '403'.
+ foreach($requestedProperties as $key=>$requestedProperty) {
+ unset($requestedProperties[$key]);
+ $returnedProperties[403][$requestedProperty] = null;
+ }
+ return;
+
+ }
+
+ /* Adding principal properties */
+ if ($node instanceof Sabre_DAVACL_IPrincipal) {
+
+ if (false !== ($index = array_search('{DAV:}alternate-URI-set', $requestedProperties))) {
+
+ unset($requestedProperties[$index]);
+ $returnedProperties[200]['{DAV:}alternate-URI-set'] = new Sabre_DAV_Property_HrefList($node->getAlternateUriSet());
+
+ }
+ if (false !== ($index = array_search('{DAV:}principal-URL', $requestedProperties))) {
+
+ unset($requestedProperties[$index]);
+ $returnedProperties[200]['{DAV:}principal-URL'] = new Sabre_DAV_Property_Href($node->getPrincipalUrl() . '/');
+
+ }
+ if (false !== ($index = array_search('{DAV:}group-member-set', $requestedProperties))) {
+
+ unset($requestedProperties[$index]);
+ $returnedProperties[200]['{DAV:}group-member-set'] = new Sabre_DAV_Property_HrefList($node->getGroupMemberSet());
+
+ }
+ if (false !== ($index = array_search('{DAV:}group-membership', $requestedProperties))) {
+
+ unset($requestedProperties[$index]);
+ $returnedProperties[200]['{DAV:}group-membership'] = new Sabre_DAV_Property_HrefList($node->getGroupMembership());
+
+ }
+
+ if (false !== ($index = array_search('{DAV:}displayname', $requestedProperties))) {
+
+ $returnedProperties[200]['{DAV:}displayname'] = $node->getDisplayName();
+
+ }
+
+ }
+ if (false !== ($index = array_search('{DAV:}principal-collection-set', $requestedProperties))) {
+
+ unset($requestedProperties[$index]);
+ $val = $this->principalCollectionSet;
+ // Ensuring all collections end with a slash
+ foreach($val as $k=>$v) $val[$k] = $v . '/';
+ $returnedProperties[200]['{DAV:}principal-collection-set'] = new Sabre_DAV_Property_HrefList($val);
+
+ }
+ if (false !== ($index = array_search('{DAV:}current-user-principal', $requestedProperties))) {
+
+ unset($requestedProperties[$index]);
+ if ($url = $this->getCurrentUserPrincipal()) {
+ $returnedProperties[200]['{DAV:}current-user-principal'] = new Sabre_DAVACL_Property_Principal(Sabre_DAVACL_Property_Principal::HREF, $url . '/');
+ } else {
+ $returnedProperties[200]['{DAV:}current-user-principal'] = new Sabre_DAVACL_Property_Principal(Sabre_DAVACL_Property_Principal::UNAUTHENTICATED);
+ }
+
+ }
+ if (false !== ($index = array_search('{DAV:}supported-privilege-set', $requestedProperties))) {
+
+ unset($requestedProperties[$index]);
+ $returnedProperties[200]['{DAV:}supported-privilege-set'] = new Sabre_DAVACL_Property_SupportedPrivilegeSet($this->getSupportedPrivilegeSet());
+
+ }
+ if (false !== ($index = array_search('{DAV:}current-user-privilege-set', $requestedProperties))) {
+
+ if (!$this->checkPrivileges($uri, '{DAV:}read-current-user-privilege-set', self::R_PARENT, false)) {
+ $returnedProperties[403]['{DAV:}current-user-privilege-set'] = null;
+ unset($requestedProperties[$index]);
+ } else {
+ $val = $this->getCurrentUserPrivilegeSet($node);
+ if (!is_null($val)) {
+ unset($requestedProperties[$index]);
+ $returnedProperties[200]['{DAV:}current-user-privilege-set'] = new Sabre_DAVACL_Property_CurrentUserPrivilegeSet($val);
+ }
+ }
+
+ }
+
+ /* The ACL property contains all the permissions */
+ if (false !== ($index = array_search('{DAV:}acl', $requestedProperties))) {
+
+ if (!$this->checkPrivileges($uri, '{DAV:}read-acl', self::R_PARENT, false)) {
+
+ unset($requestedProperties[$index]);
+ $returnedProperties[403]['{DAV:}acl'] = null;
+
+ } else {
+
+ $acl = $this->getACL($node);
+ if (!is_null($acl)) {
+ unset($requestedProperties[$index]);
+ $returnedProperties[200]['{DAV:}acl'] = new Sabre_DAVACL_Property_Acl($this->getACL($node));
+ }
+
+ }
+
+ }
+
+ }
+
+ /**
+ * This method intercepts PROPPATCH methods and make sure the
+ * group-member-set is updated correctly.
+ *
+ * @param array $propertyDelta
+ * @param array $result
+ * @param Sabre_DAV_INode $node
+ * @return void
+ */
+ public function updateProperties(&$propertyDelta, &$result, Sabre_DAV_INode $node) {
+
+ if (!array_key_exists('{DAV:}group-member-set', $propertyDelta))
+ return;
+
+ if (is_null($propertyDelta['{DAV:}group-member-set'])) {
+ $memberSet = array();
+ } elseif ($propertyDelta['{DAV:}group-member-set'] instanceof Sabre_DAV_Property_HrefList) {
+ $memberSet = $propertyDelta['{DAV:}group-member-set']->getHrefs();
+ } else {
+ throw new Sabre_DAV_Exception('The group-member-set property MUST be an instance of Sabre_DAV_Property_HrefList or null');
+ }
+
+ if (!($node instanceof Sabre_DAVACL_IPrincipal)) {
+ $result[403]['{DAV:}group-member-set'] = null;
+ unset($propertyDelta['{DAV:}group-member-set']);
+
+ // Returning false will stop the updateProperties process
+ return false;
+ }
+
+ $node->setGroupMemberSet($memberSet);
+
+ $result[200]['{DAV:}group-member-set'] = null;
+ unset($propertyDelta['{DAV:}group-member-set']);
+
+ }
+
+ /**
+ * This method handels HTTP REPORT requests
+ *
+ * @param string $reportName
+ * @param DOMNode $dom
+ * @return void
+ */
+ public function report($reportName, $dom) {
+
+ switch($reportName) {
+
+ case '{DAV:}principal-property-search' :
+ $this->principalPropertySearchReport($dom);
+ return false;
+ case '{DAV:}principal-search-property-set' :
+ $this->principalSearchPropertySetReport($dom);
+ return false;
+ case '{DAV:}expand-property' :
+ $this->expandPropertyReport($dom);
+ return false;
+
+ }
+
+ }
+
+ /**
+ * This event is triggered for any HTTP method that is not known by the
+ * webserver.
+ *
+ * @param string $method
+ * @param string $uri
+ * @return void
+ */
+ public function unknownMethod($method, $uri) {
+
+ if ($method!=='ACL') return;
+
+ $this->httpACL($uri);
+ return false;
+
+ }
+
+ /**
+ * This method is responsible for handling the 'ACL' event.
+ *
+ * @param string $uri
+ * @return void
+ */
+ public function httpACL($uri) {
+
+ $body = $this->server->httpRequest->getBody(true);
+ $dom = Sabre_DAV_XMLUtil::loadDOMDocument($body);
+
+ $newAcl =
+ Sabre_DAVACL_Property_Acl::unserialize($dom->firstChild)
+ ->getPrivileges();
+
+ // Normalizing urls
+ foreach($newAcl as $k=>$newAce) {
+ $newAcl[$k]['principal'] = $this->server->calculateUri($newAce['principal']);
+ }
+
+ $node = $this->server->tree->getNodeForPath($uri);
+
+ if (!($node instanceof Sabre_DAVACL_IACL)) {
+ throw new Sabre_DAV_Exception_MethodNotAllowed('This node does not support the ACL method');
+ }
+
+ $oldAcl = $this->getACL($node);
+
+ $supportedPrivileges = $this->getFlatPrivilegeSet();
+
+ /* Checking if protected principals from the existing principal set are
+ not overwritten. */
+ foreach($oldAcl as $k=>$oldAce) {
+
+ if (!isset($oldAce['protected']) || !$oldAce['protected']) continue;
+
+ $found = false;
+ foreach($newAcl as $newAce) {
+ if (
+ $newAce['privilege'] === $oldAce['privilege'] &&
+ $newAce['principal'] === $oldAce['principal'] &&
+ $newAce['protected']
+ )
+ $found = true;
+ }
+
+ if (!$found)
+ throw new Sabre_DAVACL_Exception_AceConflict('This resource contained a protected {DAV:}ace, but this privilege did not occur in the ACL request');
+
+ }
+
+ foreach($newAcl as $k=>$newAce) {
+
+ // Do we recognize the privilege
+ if (!isset($supportedPrivileges[$newAce['privilege']])) {
+ throw new Sabre_DAVACL_Exception_NotSupportedPrivilege('The privilege you specified (' . $newAce['privilege'] . ') is not recognized by this server');
+ }
+
+ if ($supportedPrivileges[$newAce['privilege']]['abstract']) {
+ throw new Sabre_DAVACL_Exception_NoAbstract('The privilege you specified (' . $newAce['privilege'] . ') is an abstract privilege');
+ }
+
+ // Looking up the principal
+ try {
+ $principal = $this->server->tree->getNodeForPath($newAce['principal']);
+ } catch (Sabre_DAV_Exception_FileNotFound $e) {
+ throw new Sabre_DAVACL_Exception_NotRecognizedPrincipal('The specified principal (' . $newAce['principal'] . ') does not exist');
+ }
+ if (!($principal instanceof Sabre_DAVACL_IPrincipal)) {
+ throw new Sabre_DAVACL_Exception_NotRecognizedPrincipal('The specified uri (' . $newAce['principal'] . ') is not a principal');
+ }
+
+ }
+ $node->setACL($newAcl);
+
+ }
+
+ /* }}} */
+
+ /* Reports {{{ */
+
+ /**
+ * The expand-property report is defined in RFC3253 section 3-8.
+ *
+ * This report is very similar to a standard PROPFIND. The difference is
+ * that it has the additional ability to look at properties containing a
+ * {DAV:}href element, follow that property and grab additional elements
+ * there.
+ *
+ * Other rfc's, such as ACL rely on this report, so it made sense to put
+ * it in this plugin.
+ *
+ * @param DOMElement $dom
+ * @return void
+ */
+ protected function expandPropertyReport($dom) {
+
+ $requestedProperties = $this->parseExpandPropertyReportRequest($dom->firstChild->firstChild);
+ $depth = $this->server->getHTTPDepth(0);
+ $requestUri = $this->server->getRequestUri();
+
+ $result = $this->expandProperties($requestUri,$requestedProperties,$depth);
+
+ $dom = new DOMDocument('1.0','utf-8');
+ $dom->formatOutput = true;
+ $multiStatus = $dom->createElement('d:multistatus');
+ $dom->appendChild($multiStatus);
+
+ // Adding in default namespaces
+ foreach($this->server->xmlNamespaces as $namespace=>$prefix) {
+
+ $multiStatus->setAttribute('xmlns:' . $prefix,$namespace);
+
+ }
+
+ foreach($result as $response) {
+ $response->serialize($this->server, $multiStatus);
+ }
+
+ $xml = $dom->saveXML();
+ $this->server->httpResponse->setHeader('Content-Type','application/xml; charset=utf-8');
+ $this->server->httpResponse->sendStatus(207);
+ $this->server->httpResponse->sendBody($xml);
+
+ }
+
+ /**
+ * This method is used by expandPropertyReport to parse
+ * out the entire HTTP request.
+ *
+ * @param DOMElement $node
+ * @return array
+ */
+ protected function parseExpandPropertyReportRequest($node) {
+
+ $requestedProperties = array();
+ do {
+
+ if (Sabre_DAV_XMLUtil::toClarkNotation($node)!=='{DAV:}property') continue;
+
+ if ($node->firstChild) {
+
+ $children = $this->parseExpandPropertyReportRequest($node->firstChild);
+
+ } else {
+
+ $children = array();
+
+ }
+
+ $namespace = $node->getAttribute('namespace');
+ if (!$namespace) $namespace = 'DAV:';
+
+ $propName = '{'.$namespace.'}' . $node->getAttribute('name');
+ $requestedProperties[$propName] = $children;
+
+ } while ($node = $node->nextSibling);
+
+ return $requestedProperties;
+
+ }
+
+ /**
+ * This method expands all the properties and returns
+ * a list with property values
+ *
+ * @param array $path
+ * @param array $requestedProperties the list of required properties
+ * @param array $depth
+ */
+ protected function expandProperties($path,array $requestedProperties,$depth) {
+
+ $foundProperties = $this->server->getPropertiesForPath($path,array_keys($requestedProperties),$depth);
+
+ $result = array();
+
+ foreach($foundProperties as $node) {
+
+ foreach($requestedProperties as $propertyName=>$childRequestedProperties) {
+
+ // We're only traversing if sub-properties were requested
+ if(count($childRequestedProperties)===0) continue;
+
+ // We only have to do the expansion if the property was found
+ // and it contains an href element.
+ if (!array_key_exists($propertyName,$node[200])) continue;
+
+ if ($node[200][$propertyName] instanceof Sabre_DAV_Property_IHref) {
+ $hrefs = array($node[200][$propertyName]->getHref());
+ } elseif ($node[200][$propertyName] instanceof Sabre_DAV_Property_HrefList) {
+ $hrefs = $node[200][$propertyName]->getHrefs();
+ }
+
+ $childProps = array();
+ foreach($hrefs as $href) {
+ $childProps = array_merge($childProps, $this->expandProperties($href,$childRequestedProperties,0));
+ }
+ $node[200][$propertyName] = new Sabre_DAV_Property_ResponseList($childProps);
+
+ }
+ $result[] = new Sabre_DAV_Property_Response($path, $node);
+
+ }
+
+ return $result;
+
+ }
+
+ /**
+ * principalSearchPropertySetReport
+ *
+ * This method responsible for handing the
+ * {DAV:}principal-search-property-set report. This report returns a list
+ * of properties the client may search on, using the
+ * {DAV:}principal-property-search report.
+ *
+ * @param DOMDocument $dom
+ * @return void
+ */
+ protected function principalSearchPropertySetReport(DOMDocument $dom) {
+
+ $searchProperties = array(
+ '{DAV:}displayname' => 'display name'
+ );
+
+ $httpDepth = $this->server->getHTTPDepth(0);
+ if ($httpDepth!==0) {
+ throw new Sabre_DAV_Exception_BadRequest('This report is only defined when Depth: 0');
+ }
+
+ if ($dom->firstChild->hasChildNodes())
+ throw new Sabre_DAV_Exception_BadRequest('The principal-search-property-set report element is not allowed to have child elements');
+
+ $dom = new DOMDocument('1.0','utf-8');
+ $dom->formatOutput = true;
+ $root = $dom->createElement('d:principal-search-property-set');
+ $dom->appendChild($root);
+ // Adding in default namespaces
+ foreach($this->server->xmlNamespaces as $namespace=>$prefix) {
+
+ $root->setAttribute('xmlns:' . $prefix,$namespace);
+
+ }
+
+ $nsList = $this->server->xmlNamespaces;
+
+ foreach($searchProperties as $propertyName=>$description) {
+
+ $psp = $dom->createElement('d:principal-search-property');
+ $root->appendChild($psp);
+
+ $prop = $dom->createElement('d:prop');
+ $psp->appendChild($prop);
+
+ $propName = null;
+ preg_match('/^{([^}]*)}(.*)$/',$propertyName,$propName);
+
+ $currentProperty = $dom->createElement($nsList[$propName[1]] . ':' . $propName[2]);
+ $prop->appendChild($currentProperty);
+
+ $descriptionElem = $dom->createElement('d:description');
+ $descriptionElem->setAttribute('xml:lang','en');
+ $descriptionElem->appendChild($dom->createTextNode($description));
+ $psp->appendChild($descriptionElem);
+
+
+ }
+
+ $this->server->httpResponse->setHeader('Content-Type','application/xml; charset=utf-8');
+ $this->server->httpResponse->sendStatus(200);
+ $this->server->httpResponse->sendBody($dom->saveXML());
+
+ }
+
+ /**
+ * principalPropertySearchReport
+ *
+ * This method is reponsible for handing the
+ * {DAV:}principal-property-search report. This report can be used for
+ * clients to search for groups of principals, based on the value of one
+ * or more properties.
+ *
+ * @param DOMDocument $dom
+ * @return void
+ */
+ protected function principalPropertySearchReport(DOMDocument $dom) {
+
+ $searchableProperties = array(
+ '{DAV:}displayname' => 'display name'
+
+ );
+
+ list($searchProperties, $requestedProperties, $applyToPrincipalCollectionSet) = $this->parsePrincipalPropertySearchReportRequest($dom);
+
+ $result = array();
+
+ if ($applyToPrincipalCollectionSet) {
+ $uris = array();
+ } else {
+ $uris = array($this->server->getRequestUri());
+ }
+
+ $lookupResults = array();
+ foreach($uris as $uri) {
+
+ $p = array_keys($searchProperties);
+ $p[] = '{DAV:}resourcetype';
+ $r = $this->server->getPropertiesForPath($uri, $p, 1);
+
+ // The first item in the results is the parent, so we get rid of it.
+ array_shift($r);
+ $lookupResults = array_merge($lookupResults, $r);
+ }
+
+ $matches = array();
+
+ foreach($lookupResults as $lookupResult) {
+
+ // We're only looking for principals
+ if (!isset($lookupResult[200]['{DAV:}resourcetype']) ||
+ (!($lookupResult[200]['{DAV:}resourcetype'] instanceof Sabre_DAV_Property_ResourceType)) ||
+ !$lookupResult[200]['{DAV:}resourcetype']->is('{DAV:}principal')) continue;
+
+ foreach($searchProperties as $searchProperty=>$searchValue) {
+ if (!isset($searchableProperties[$searchProperty])) {
+ // If a property is not 'searchable', the spec dictates
+ // this is not a match.
+ continue;
+ }
+
+ if (isset($lookupResult[200][$searchProperty]) &&
+ mb_stripos($lookupResult[200][$searchProperty], $searchValue, 0, 'UTF-8')!==false) {
+ $matches[] = $lookupResult['href'];
+ }
+
+ }
+
+ }
+
+ $matchProperties = array();
+
+ foreach($matches as $match) {
+
+ list($result) = $this->server->getPropertiesForPath($match, $requestedProperties, 0);
+ $matchProperties[] = $result;
+
+ }
+
+ $xml = $this->server->generateMultiStatus($matchProperties);
+ $this->server->httpResponse->setHeader('Content-Type','application/xml; charset=utf-8');
+ $this->server->httpResponse->sendStatus(207);
+ $this->server->httpResponse->sendBody($xml);
+
+ }
+
+ /**
+ * parsePrincipalPropertySearchReportRequest
+ *
+ * This method parses the request body from a
+ * {DAV:}principal-property-search report.
+ *
+ * This method returns an array with two elements:
+ * 1. an array with properties to search on, and their values
+ * 2. a list of propertyvalues that should be returned for the request.
+ *
+ * @param DOMDocument $dom
+ * @return array
+ */
+ protected function parsePrincipalPropertySearchReportRequest($dom) {
+
+ $httpDepth = $this->server->getHTTPDepth(0);
+ if ($httpDepth!==0) {
+ throw new Sabre_DAV_Exception_BadRequest('This report is only defined when Depth: 0');
+ }
+
+ $searchProperties = array();
+
+ $applyToPrincipalCollectionSet = false;
+
+ // Parsing the search request
+ foreach($dom->firstChild->childNodes as $searchNode) {
+
+ if (Sabre_DAV_XMLUtil::toClarkNotation($searchNode) == '{DAV:}apply-to-principal-collection-set')
+ $applyToPrincipalCollectionSet = true;
+
+ if (Sabre_DAV_XMLUtil::toClarkNotation($searchNode)!=='{DAV:}property-search')
+ continue;
+
+ $propertyName = null;
+ $propertyValue = null;
+
+ foreach($searchNode->childNodes as $childNode) {
+
+ switch(Sabre_DAV_XMLUtil::toClarkNotation($childNode)) {
+
+ case '{DAV:}prop' :
+ $property = Sabre_DAV_XMLUtil::parseProperties($searchNode);
+ reset($property);
+ $propertyName = key($property);
+ break;
+
+ case '{DAV:}match' :
+ $propertyValue = $childNode->textContent;
+ break;
+
+ }
+
+
+ }
+
+ if (is_null($propertyName) || is_null($propertyValue))
+ throw new Sabre_DAV_Exception_BadRequest('Invalid search request. propertyname: ' . $propertyName . '. propertvvalue: ' . $propertyValue);
+
+ $searchProperties[$propertyName] = $propertyValue;
+
+ }
+
+ return array($searchProperties, array_keys(Sabre_DAV_XMLUtil::parseProperties($dom->firstChild)), $applyToPrincipalCollectionSet);
+
+ }
+
+
+ /* }}} */
+
+}
diff --git a/3dparty/Sabre/DAVACL/Principal.php b/3dparty/Sabre/DAVACL/Principal.php
new file mode 100644
index 00000000000..158b271058c
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Principal.php
@@ -0,0 +1,256 @@
+<?php
+
+/**
+ * Principal class
+ *
+ * This class is a representation of a simple principal
+ *
+ * Many WebDAV specs require a user to show up in the directory
+ * structure.
+ *
+ * This principal also has basic ACL settings, only allowing the principal
+ * access it's own principal.
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Principal extends Sabre_DAV_Node implements Sabre_DAVACL_IPrincipal, Sabre_DAV_IProperties, Sabre_DAVACL_IACL {
+
+ /**
+ * Struct with principal information.
+ *
+ * @var array
+ */
+ protected $principalProperties;
+
+ /**
+ * Principal backend
+ *
+ * @var Sabre_DAVACL_IPrincipalBackend
+ */
+ protected $principalBackend;
+
+ /**
+ * Creates the principal object
+ *
+ * @param array $principalProperties
+ */
+ public function __construct(Sabre_DAVACL_IPrincipalBackend $principalBackend, array $principalProperties = array()) {
+
+ if (!isset($principalProperties['uri'])) {
+ throw new Sabre_DAV_Exception('The principal properties must at least contain the \'uri\' key');
+ }
+ $this->principalBackend = $principalBackend;
+ $this->principalProperties = $principalProperties;
+
+ }
+
+ /**
+ * Returns the full principal url
+ *
+ * @return string
+ */
+ public function getPrincipalUrl() {
+
+ return $this->principalProperties['uri'];
+
+ }
+
+ /**
+ * Returns a list of altenative urls for a principal
+ *
+ * This can for example be an email address, or ldap url.
+ *
+ * @return array
+ */
+ public function getAlternateUriSet() {
+
+ if (isset($this->principalProperties['{http://sabredav.org/ns}email-address'])) {
+ return array('mailto:' . $this->principalProperties['{http://sabredav.org/ns}email-address']);
+ } else {
+ return array();
+ }
+
+ }
+
+ /**
+ * Returns the list of group members
+ *
+ * If this principal is a group, this function should return
+ * all member principal uri's for the group.
+ *
+ * @return array
+ */
+ public function getGroupMemberSet() {
+
+ return $this->principalBackend->getGroupMemberSet($this->principalProperties['uri']);
+
+ }
+
+ /**
+ * Returns the list of groups this principal is member of
+ *
+ * If this principal is a member of a (list of) groups, this function
+ * should return a list of principal uri's for it's members.
+ *
+ * @return array
+ */
+ public function getGroupMembership() {
+
+ return $this->principalBackend->getGroupMemberShip($this->principalProperties['uri']);
+
+ }
+
+
+ /**
+ * Sets a list of group members
+ *
+ * If this principal is a group, this method sets all the group members.
+ * The list of members is always overwritten, never appended to.
+ *
+ * This method should throw an exception if the members could not be set.
+ *
+ * @param array $principals
+ * @return void
+ */
+ public function setGroupMemberSet(array $groupMembers) {
+
+ $this->principalBackend->setGroupMemberSet($this->principalProperties['uri'], $groupMembers);
+
+ }
+
+
+ /**
+ * Returns this principals name.
+ *
+ * @return string
+ */
+ public function getName() {
+
+ $uri = $this->principalProperties['uri'];
+ list(, $name) = Sabre_DAV_URLUtil::splitPath($uri);
+
+ return $name;
+
+ }
+
+ /**
+ * Returns the name of the user
+ *
+ * @return void
+ */
+ public function getDisplayName() {
+
+ if (isset($this->principalProperties['{DAV:}displayname'])) {
+ return $this->principalProperties['{DAV:}displayname'];
+ } else {
+ return $this->getName();
+ }
+
+ }
+
+ /**
+ * Returns a list of properties
+ *
+ * @param array $requestedProperties
+ * @return void
+ */
+ public function getProperties($requestedProperties) {
+
+ $newProperties = array();
+ foreach($requestedProperties as $propName) {
+
+ if (isset($this->principalProperties[$propName])) {
+ $newProperties[$propName] = $this->principalProperties[$propName];
+ }
+
+ }
+
+ return $newProperties;
+
+ }
+
+ /**
+ * Updates this principals properties.
+ *
+ * Currently this is not supported
+ *
+ * @param array $properties
+ * @see Sabre_DAV_IProperties::updateProperties
+ * @return bool|array
+ */
+ public function updateProperties($properties) {
+
+ return false;
+
+ }
+
+ /**
+ * Returns the owner principal
+ *
+ * This must be a url to a principal, or null if there's no owner
+ *
+ * @return string|null
+ */
+ public function getOwner() {
+
+ return $this->principalProperties['uri'];
+
+
+ }
+
+ /**
+ * Returns a group principal
+ *
+ * This must be a url to a principal, or null if there's no owner
+ *
+ * @return string|null
+ */
+ public function getGroup() {
+
+ return null;
+
+ }
+
+ /**
+ * Returns a list of ACE's for this node.
+ *
+ * Each ACE has the following properties:
+ * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
+ * currently the only supported privileges
+ * * 'principal', a url to the principal who owns the node
+ * * 'protected' (optional), indicating that this ACE is not allowed to
+ * be updated.
+ *
+ * @return array
+ */
+ public function getACL() {
+
+ return array(
+ array(
+ 'privilege' => '{DAV:}read',
+ 'principal' => $this->principalProperties['uri'],
+ 'protected' => true,
+ ),
+ );
+
+ }
+
+ /**
+ * Updates the ACL
+ *
+ * This method will receive a list of new ACE's.
+ *
+ * @param array $acl
+ * @return void
+ */
+ public function setACL(array $acl) {
+
+ throw new Sabre_DAV_Exception_MethodNotAllowed('Updating ACLs is not allowed here');
+
+ }
+
+}
diff --git a/3dparty/Sabre/DAVACL/PrincipalBackend/PDO.php b/3dparty/Sabre/DAVACL/PrincipalBackend/PDO.php
new file mode 100644
index 00000000000..55bd1903c9b
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/PrincipalBackend/PDO.php
@@ -0,0 +1,206 @@
+<?php
+
+/**
+ * PDO principal backend
+ *
+ * This is a simple principal backend that maps exactly to the users table, as
+ * used by Sabre_DAV_Auth_Backend_PDO.
+ *
+ * It assumes all principals are in a single collection. The default collection
+ * is 'principals/', but this can be overriden.
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_PrincipalBackend_PDO implements Sabre_DAVACL_IPrincipalBackend {
+
+ /**
+ * pdo
+ *
+ * @var PDO
+ */
+ protected $pdo;
+
+ /**
+ * PDO table name for 'principals'
+ *
+ * @var string
+ */
+ protected $tableName;
+
+ /**
+ * PDO table name for 'group members'
+ *
+ * @var string
+ */
+ protected $groupMembersTableName;
+
+ /**
+ * Sets up the backend.
+ *
+ * @param PDO $pdo
+ * @param string $tableName
+ */
+ public function __construct(PDO $pdo, $tableName = 'principals', $groupMembersTableName = 'groupmembers') {
+
+ $this->pdo = $pdo;
+ $this->tableName = $tableName;
+ $this->groupMembersTableName = $groupMembersTableName;
+
+ }
+
+
+ /**
+ * Returns a list of principals based on a prefix.
+ *
+ * This prefix will often contain something like 'principals'. You are only
+ * expected to return principals that are in this base path.
+ *
+ * You are expected to return at least a 'uri' for every user, you can
+ * return any additional properties if you wish so. Common properties are:
+ * {DAV:}displayname
+ * {http://sabredav.org/ns}email-address - This is a custom SabreDAV
+ * field that's actualy injected in a number of other properties. If
+ * you have an email address, use this property.
+ *
+ * @param string $prefixPath
+ * @return array
+ */
+ public function getPrincipalsByPrefix($prefixPath) {
+ $result = $this->pdo->query('SELECT uri, email, displayname FROM `'. $this->tableName . '`');
+
+ $principals = array();
+
+ while($row = $result->fetch(PDO::FETCH_ASSOC)) {
+
+ // Checking if the principal is in the prefix
+ list($rowPrefix) = Sabre_DAV_URLUtil::splitPath($row['uri']);
+ if ($rowPrefix !== $prefixPath) continue;
+
+ $principals[] = array(
+ 'uri' => $row['uri'],
+ '{DAV:}displayname' => $row['displayname']?$row['displayname']:basename($row['uri']),
+ '{http://sabredav.org/ns}email-address' => $row['email'],
+ );
+
+ }
+
+ return $principals;
+
+ }
+
+ /**
+ * Returns a specific principal, specified by it's path.
+ * The returned structure should be the exact same as from
+ * getPrincipalsByPrefix.
+ *
+ * @param string $path
+ * @return array
+ */
+ public function getPrincipalByPath($path) {
+
+ $stmt = $this->pdo->prepare('SELECT id, uri, email, displayname FROM `'.$this->tableName.'` WHERE uri = ?');
+ $stmt->execute(array($path));
+
+ $users = array();
+
+ $row = $stmt->fetch(PDO::FETCH_ASSOC);
+ if (!$row) return;
+
+ return array(
+ 'id' => $row['id'],
+ 'uri' => $row['uri'],
+ '{DAV:}displayname' => $row['displayname']?$row['displayname']:basename($row['uri']),
+ '{http://sabredav.org/ns}email-address' => $row['email'],
+ );
+
+ }
+
+ /**
+ * Returns the list of members for a group-principal
+ *
+ * @param string $principal
+ * @return array
+ */
+ public function getGroupMemberSet($principal) {
+
+ $principal = $this->getPrincipalByPath($principal);
+ if (!$principal) throw new Sabre_DAV_Exception('Principal not found');
+
+ $stmt = $this->pdo->prepare('SELECT principals.uri as uri FROM `'.$this->groupMembersTableName.'` AS groupmembers LEFT JOIN `'.$this->tableName.'` AS principals ON groupmembers.member_id = principals.id WHERE groupmembers.principal_id = ?');
+ $stmt->execute(array($principal['id']));
+
+ $result = array();
+ while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+ $result[] = $row['uri'];
+ }
+ return $result;
+
+ }
+
+ /**
+ * Returns the list of groups a principal is a member of
+ *
+ * @param string $principal
+ * @return array
+ */
+ public function getGroupMembership($principal) {
+
+ $principal = $this->getPrincipalByPath($principal);
+ if (!$principal) throw new Sabre_DAV_Exception('Principal not found');
+
+ $stmt = $this->pdo->prepare('SELECT principals.uri as uri FROM `'.$this->groupMembersTableName.'` AS groupmembers LEFT JOIN `'.$this->tableName.'` AS principals ON groupmembers.principal_id = principals.id WHERE groupmembers.member_id = ?');
+ $stmt->execute(array($principal['id']));
+
+ $result = array();
+ while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+ $result[] = $row['uri'];
+ }
+ return $result;
+
+ }
+
+ /**
+ * Updates the list of group members for a group principal.
+ *
+ * The principals should be passed as a list of uri's.
+ *
+ * @param string $principal
+ * @param array $members
+ * @return void
+ */
+ public function setGroupMemberSet($principal, array $members) {
+
+ // Grabbing the list of principal id's.
+ $stmt = $this->pdo->prepare('SELECT id, uri FROM `'.$this->tableName.'` WHERE uri IN (? ' . str_repeat(', ? ', count($members)) . ');');
+ $stmt->execute(array_merge(array($principal), $members));
+
+ $memberIds = array();
+ $principalId = null;
+
+ while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
+ if ($row['uri'] == $principal) {
+ $principalId = $row['id'];
+ } else {
+ $memberIds[] = $row['id'];
+ }
+ }
+ if (!$principalId) throw new Sabre_DAV_Exception('Principal not found');
+
+ // Wiping out old members
+ $stmt = $this->pdo->prepare('DELETE FROM `'.$this->groupMembersTableName.'` WHERE principal_id = ?;');
+ $stmt->execute(array($principalId));
+
+ foreach($memberIds as $memberId) {
+
+ $stmt = $this->pdo->prepare('INSERT INTO `'.$this->groupMembersTableName.'` (principal_id, member_id) VALUES (?, ?);');
+ $stmt->execute(array($principalId, $memberId));
+
+ }
+
+ }
+
+}
diff --git a/3dparty/Sabre/DAVACL/PrincipalCollection.php b/3dparty/Sabre/DAVACL/PrincipalCollection.php
new file mode 100644
index 00000000000..3cc0ae84621
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/PrincipalCollection.php
@@ -0,0 +1,35 @@
+<?php
+
+/**
+ * Principals Collection
+ *
+ * This collection represents a list of users. It uses
+ * Sabre_DAV_Auth_Backend to determine which users are available on the list.
+ *
+ * The users are instances of Sabre_DAV_Auth_Principal
+ *
+ * @package Sabre
+ * @subpackage DAV
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_PrincipalCollection extends Sabre_DAVACL_AbstractPrincipalCollection {
+
+ /**
+ * This method returns a node for a principal.
+ *
+ * The passed array contains principal information, and is guaranteed to
+ * at least contain a uri item. Other properties may or may not be
+ * supplied by the authentication backend.
+ *
+ * @param array $principal
+ * @return Sabre_DAV_INode
+ */
+ public function getChildForPrincipal(array $principal) {
+
+ return new Sabre_DAVACL_Principal($this->principalBackend, $principal);
+
+ }
+
+}
diff --git a/3dparty/Sabre/DAVACL/Property/Acl.php b/3dparty/Sabre/DAVACL/Property/Acl.php
new file mode 100644
index 00000000000..e41e7411310
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Property/Acl.php
@@ -0,0 +1,186 @@
+<?php
+
+/**
+ * This class represents the {DAV:}acl property
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Property_Acl extends Sabre_DAV_Property {
+
+ /**
+ * List of privileges
+ *
+ * @var array
+ */
+ private $privileges;
+
+ /**
+ * Wether or not the server base url is required to be prefixed when
+ * serializing the property.
+ *
+ * @var boolean
+ */
+ private $prefixBaseUrl;
+
+ /**
+ * Constructor
+ *
+ * This object requires a structure similar to the return value from
+ * Sabre_DAVACL_Plugin::getACL().
+ *
+ * Each privilege is a an array with at least a 'privilege' property, and a
+ * 'principal' property. A privilege may have a 'protected' property as
+ * well.
+ *
+ * The prefixBaseUrl should be set to false, if the supplied principal urls
+ * are already full urls. If this is kept to true, the servers base url
+ * will automatically be prefixed.
+ *
+ * @param bool $prefixBaseUrl
+ * @param array $privileges
+ */
+ public function __construct(array $privileges, $prefixBaseUrl = true) {
+
+ $this->privileges = $privileges;
+ $this->prefixBaseUrl = $prefixBaseUrl;
+
+ }
+
+ /**
+ * Returns the list of privileges for this property
+ *
+ * @return array
+ */
+ public function getPrivileges() {
+
+ return $this->privileges;
+
+ }
+
+ /**
+ * Serializes the property into a DOMElement
+ *
+ * @param Sabre_DAV_Server $server
+ * @param DOMElement $node
+ * @return void
+ */
+ public function serialize(Sabre_DAV_Server $server,DOMElement $node) {
+
+ $doc = $node->ownerDocument;
+ foreach($this->privileges as $ace) {
+
+ $this->serializeAce($doc, $node, $ace, $server);
+
+ }
+
+ }
+
+ /**
+ * Unserializes the {DAV:}acl xml element.
+ *
+ * @param DOMElement $dom
+ * @return Sabre_DAVACL_Property_Acl
+ */
+ static public function unserialize(DOMElement $dom) {
+
+ $privileges = array();
+ $xaces = $dom->getElementsByTagNameNS('urn:DAV','ace');
+ for($ii=0; $ii < $xaces->length; $ii++) {
+
+ $xace = $xaces->item($ii);
+ $principal = $xace->getElementsByTagNameNS('urn:DAV','principal');
+ if ($principal->length !== 1) {
+ throw new Sabre_DAV_Exception_BadRequest('Each {DAV:}ace element must have one {DAV:}principal element');
+ }
+ $principal = Sabre_DAVACL_Property_Principal::unserialize($principal->item(0));
+
+ if ($principal->getType()!==Sabre_DAVACL_Property_Principal::HREF) {
+ throw new Sabre_DAV_Exception_NotImplemented('Currently only uri based principals are support, {DAV:}all, {DAV:}unauthenticated and {DAV:}authenticated are not implemented yet');
+ }
+
+ $principal = $principal->getHref();
+ $protected = false;
+
+ if ($xace->getElementsByTagNameNS('urn:DAV','protected')->length > 0) {
+ $protected = true;
+ }
+
+ $grants = $xace->getElementsByTagNameNS('urn:DAV','grant');
+ if ($grants->length < 1) {
+ throw new Sabre_DAV_Exception_NotImplemented('Every {DAV:}ace element must have a {DAV:}grant element. {DAV:}deny is not yet supported');
+ }
+ $grant = $grants->item(0);
+
+ $xprivs = $grant->getElementsByTagNameNS('urn:DAV','privilege');
+ for($jj=0; $jj<$xprivs->length; $jj++) {
+
+ $xpriv = $xprivs->item($jj);
+
+ $privilegeName = null;
+
+ for ($kk=0;$kk<$xpriv->childNodes->length;$kk++) {
+
+ $childNode = $xpriv->childNodes->item($kk);
+ if ($t = Sabre_DAV_XMLUtil::toClarkNotation($childNode)) {
+ $privilegeName = $t;
+ break;
+ }
+ }
+ if (is_null($privilegeName)) {
+ throw new Sabre_DAV_Exception_BadRequest('{DAV:}privilege elements must have a privilege element contained within them.');
+ }
+
+ $privileges[] = array(
+ 'principal' => $principal,
+ 'protected' => $protected,
+ 'privilege' => $privilegeName,
+ );
+
+ }
+
+ }
+
+ return new self($privileges);
+
+ }
+
+ /**
+ * Serializes a single access control entry.
+ *
+ * @param DOMDocument $doc
+ * @param DOMElement $node
+ * @param array $ace
+ * @param Sabre_DAV_Server $server
+ * @return void
+ */
+ private function serializeAce($doc,$node,$ace, $server) {
+
+ $xace = $doc->createElementNS('DAV:','d:ace');
+ $node->appendChild($xace);
+
+ $principal = $doc->createElementNS('DAV:','d:principal');
+ $xace->appendChild($principal);
+ $principal->appendChild($doc->createElementNS('DAV:','d:href',($this->prefixBaseUrl?$server->getBaseUri():'') . $ace['principal'] . '/'));
+
+ $grant = $doc->createElementNS('DAV:','d:grant');
+ $xace->appendChild($grant);
+
+ $privParts = null;
+
+ preg_match('/^{([^}]*)}(.*)$/',$ace['privilege'],$privParts);
+
+ $xprivilege = $doc->createElementNS('DAV:','d:privilege');
+ $grant->appendChild($xprivilege);
+
+ $xprivilege->appendChild($doc->createElementNS($privParts[1],'d:'.$privParts[2]));
+
+ if (isset($ace['protected']) && $ace['protected'])
+ $xace->appendChild($doc->createElement('d:protected'));
+
+ }
+
+}
diff --git a/3dparty/Sabre/DAVACL/Property/CurrentUserPrivilegeSet.php b/3dparty/Sabre/DAVACL/Property/CurrentUserPrivilegeSet.php
new file mode 100644
index 00000000000..72274597b31
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Property/CurrentUserPrivilegeSet.php
@@ -0,0 +1,75 @@
+<?php
+
+/**
+ * CurrentUserPrivilegeSet
+ *
+ * This class represents the current-user-privilege-set property. When
+ * requested, it contain all the privileges a user has on a specific node.
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Property_CurrentUserPrivilegeSet extends Sabre_DAV_Property {
+
+ /**
+ * List of privileges
+ *
+ * @var array
+ */
+ private $privileges;
+
+ /**
+ * Creates the object
+ *
+ * Pass the privileges in clark-notation
+ *
+ * @param array $privileges
+ */
+ public function __construct(array $privileges) {
+
+ $this->privileges = $privileges;
+
+ }
+
+ /**
+ * Serializes the property in the DOM
+ *
+ * @param Sabre_DAV_Server $server
+ * @param DOMElement $node
+ * @return void
+ */
+ public function serialize(Sabre_DAV_Server $server,DOMElement $node) {
+
+ $doc = $node->ownerDocument;
+ foreach($this->privileges as $privName) {
+
+ $this->serializePriv($doc,$node,$privName);
+
+ }
+
+ }
+
+ /**
+ * Serializes one privilege
+ *
+ * @param DOMDocument $doc
+ * @param DOMElement $node
+ * @param string $privName
+ * @return void
+ */
+ protected function serializePriv($doc,$node,$privName) {
+
+ $xp = $doc->createElementNS('DAV:','d:privilege');
+ $node->appendChild($xp);
+
+ $privParts = null;
+ preg_match('/^{([^}]*)}(.*)$/',$privName,$privParts);
+
+ $xp->appendChild($doc->createElementNS($privParts[1],'d:'.$privParts[2]));
+
+ }
+
+}
diff --git a/3dparty/Sabre/DAVACL/Property/Principal.php b/3dparty/Sabre/DAVACL/Property/Principal.php
new file mode 100644
index 00000000000..dad9a3550fb
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Property/Principal.php
@@ -0,0 +1,154 @@
+<?php
+
+/**
+ * Principal property
+ *
+ * The principal property represents a principal from RFC3744 (ACL).
+ * The property can be used to specify a principal or pseudo principals.
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Property_Principal extends Sabre_DAV_Property implements Sabre_DAV_Property_IHref {
+
+ /**
+ * To specify a not-logged-in user, use the UNAUTHENTICTED principal
+ */
+ const UNAUTHENTICATED = 1;
+
+ /**
+ * To specify any principal that is logged in, use AUTHENTICATED
+ */
+ const AUTHENTICATED = 2;
+
+ /**
+ * Specific princpals can be specified with the HREF
+ */
+ const HREF = 3;
+
+ /**
+ * Principal-type
+ *
+ * Must be one of the UNAUTHENTICATED, AUTHENTICATED or HREF constants.
+ *
+ * @var int
+ */
+ private $type;
+
+ /**
+ * Url to principal
+ *
+ * This value is only used for the HREF principal type.
+ *
+ * @var string
+ */
+ private $href;
+
+ /**
+ * Creates the property.
+ *
+ * The 'type' argument must be one of the type constants defined in this class.
+ *
+ * 'href' is only required for the HREF type.
+ *
+ * @param int $type
+ * @param string $href
+ * @return void
+ */
+ public function __construct($type, $href = null) {
+
+ $this->type = $type;
+
+ if ($type===self::HREF && is_null($href)) {
+ throw new Sabre_DAV_Exception('The href argument must be specified for the HREF principal type.');
+ }
+ $this->href = $href;
+
+ }
+
+ /**
+ * Returns the principal type
+ *
+ * @return int
+ */
+ public function getType() {
+
+ return $this->type;
+
+ }
+
+ /**
+ * Returns the principal uri.
+ *
+ * @return string
+ */
+ public function getHref() {
+
+ return $this->href;
+
+ }
+
+ /**
+ * Serializes the property into a DOMElement.
+ *
+ * @param Sabre_DAV_Server $server
+ * @param DOMElement $node
+ * @return void
+ */
+ public function serialize(Sabre_DAV_Server $server, DOMElement $node) {
+
+ $prefix = $server->xmlNamespaces['DAV:'];
+ switch($this->type) {
+
+ case self::UNAUTHENTICATED :
+ $node->appendChild(
+ $node->ownerDocument->createElement($prefix . ':unauthenticated')
+ );
+ break;
+ case self::AUTHENTICATED :
+ $node->appendChild(
+ $node->ownerDocument->createElement($prefix . ':authenticated')
+ );
+ break;
+ case self::HREF :
+ $href = $node->ownerDocument->createElement($prefix . ':href');
+ $href->nodeValue = $server->getBaseUri() . $this->href;
+ $node->appendChild($href);
+ break;
+
+ }
+
+ }
+
+ /**
+ * Deserializes a DOM element into a property object.
+ *
+ * @param DOMElement $dom
+ * @return Sabre_DAV_Property_Principal
+ */
+ static public function unserialize(DOMElement $dom) {
+
+ $parent = $dom->firstChild;
+ while(!Sabre_DAV_XMLUtil::toClarkNotation($parent)) {
+ $parent = $parent->nextSibling;
+ }
+
+ switch(Sabre_DAV_XMLUtil::toClarkNotation($parent)) {
+
+ case '{DAV:}unauthenticated' :
+ return new self(self::UNAUTHENTICATED);
+ case '{DAV:}authenticated' :
+ return new self(self::AUTHENTICATED);
+ case '{DAV:}href':
+ return new self(self::HREF, $parent->textContent);
+ default :
+ throw new Sabre_DAV_Exception_BadRequest('Unexpected element (' . Sabre_DAV_XMLUtil::toClarkNotation($parent) . '). Could not deserialize');
+
+ }
+
+ }
+
+}
diff --git a/3dparty/Sabre/DAVACL/Property/SupportedPrivilegeSet.php b/3dparty/Sabre/DAVACL/Property/SupportedPrivilegeSet.php
new file mode 100644
index 00000000000..93c3895035d
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Property/SupportedPrivilegeSet.php
@@ -0,0 +1,92 @@
+<?php
+
+/**
+ * SupportedPrivilegeSet property
+ *
+ * This property encodes the {DAV:}supported-privilege-set property, as defined
+ * in rfc3744. Please consult the rfc for details about it's structure.
+ *
+ * This class expects a structure like the one given from
+ * Sabre_DAVACL_Plugin::getSupportedPrivilegeSet as the argument in its
+ * constructor.
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Property_SupportedPrivilegeSet extends Sabre_DAV_Property {
+
+ /**
+ * privileges
+ *
+ * @var array
+ */
+ private $privileges;
+
+ /**
+ * Constructor
+ *
+ * @param array $privileges
+ */
+ public function __construct(array $privileges) {
+
+ $this->privileges = $privileges;
+
+ }
+
+ /**
+ * Serializes the property into a domdocument.
+ *
+ * @param Sabre_DAV_Server $server
+ * @param DOMElement $node
+ * @return void
+ */
+ public function serialize(Sabre_DAV_Server $server,DOMElement $node) {
+
+ $doc = $node->ownerDocument;
+ $this->serializePriv($doc, $node, $this->privileges);
+
+ }
+
+ /**
+ * Serializes a property
+ *
+ * This is a recursive function.
+ *
+ * @param DOMDocument $doc
+ * @param DOMElement $node
+ * @param array $privilege
+ * @return void
+ */
+ private function serializePriv($doc,$node,$privilege) {
+
+ $xsp = $doc->createElementNS('DAV:','d:supported-privilege');
+ $node->appendChild($xsp);
+
+ $xp = $doc->createElementNS('DAV:','d:privilege');
+ $xsp->appendChild($xp);
+
+ $privParts = null;
+ preg_match('/^{([^}]*)}(.*)$/',$privilege['privilege'],$privParts);
+
+ $xp->appendChild($doc->createElementNS($privParts[1],'d:'.$privParts[2]));
+
+ if (isset($privilege['abstract']) && $privilege['abstract']) {
+ $xsp->appendChild($doc->createElementNS('DAV:','d:abstract'));
+ }
+
+ if (isset($privilege['description'])) {
+ $xsp->appendChild($doc->createElementNS('DAV:','d:description',$privilege['description']));
+ }
+
+ if (isset($privilege['aggregates'])) {
+ foreach($privilege['aggregates'] as $subPrivilege) {
+ $this->serializePriv($doc,$xsp,$subPrivilege);
+ }
+ }
+
+ }
+
+}
diff --git a/3dparty/Sabre/DAVACL/Version.php b/3dparty/Sabre/DAVACL/Version.php
new file mode 100644
index 00000000000..a705507486c
--- /dev/null
+++ b/3dparty/Sabre/DAVACL/Version.php
@@ -0,0 +1,24 @@
+<?php
+
+/**
+ * This class contains the SabreDAV version constants.
+ *
+ * @package Sabre
+ * @subpackage DAVACL
+ * @copyright Copyright (C) 2007-2011 Rooftop Solutions. All rights reserved.
+ * @author Evert Pot (http://www.rooftopsolutions.nl/)
+ * @license http://code.google.com/p/sabredav/wiki/License Modified BSD License
+ */
+class Sabre_DAVACL_Version {
+
+ /**
+ * Full version number
+ */
+ const VERSION = '1.4.4';
+
+ /**
+ * Stability : alpha, beta, stable
+ */
+ const STABILITY = 'stable';
+
+}