aboutsummaryrefslogtreecommitdiffstats
path: root/vendor/sabre/dav/lib/DAVACL
diff options
context:
space:
mode:
authorAndrew Manning <tamanning@zoho.com>2016-06-30 21:51:33 -0400
committerAndrew Manning <tamanning@zoho.com>2016-06-30 21:51:33 -0400
commit0fd8eeec23a0613db8ea6c5bb54b4658ddaa0e61 (patch)
treeb6684b05aee92729406a90f397ccd446f58863c7 /vendor/sabre/dav/lib/DAVACL
parent7124c0aee5486aab74272c81ceb3e383b2e3a7f7 (diff)
parent852b2659e9a71f0542e822aa20efc009e22ff66a (diff)
downloadvolse-hubzilla-0fd8eeec23a0613db8ea6c5bb54b4658ddaa0e61.tar.gz
volse-hubzilla-0fd8eeec23a0613db8ea6c5bb54b4658ddaa0e61.tar.bz2
volse-hubzilla-0fd8eeec23a0613db8ea6c5bb54b4658ddaa0e61.zip
Merge remote-tracking branch 'upstream/dev' into wiki
Diffstat (limited to 'vendor/sabre/dav/lib/DAVACL')
-rw-r--r--vendor/sabre/dav/lib/DAVACL/ACLTrait.php100
-rw-r--r--vendor/sabre/dav/lib/DAVACL/AbstractPrincipalCollection.php2
-rw-r--r--vendor/sabre/dav/lib/DAVACL/FS/Collection.php52
-rw-r--r--vendor/sabre/dav/lib/DAVACL/FS/File.php49
-rw-r--r--vendor/sabre/dav/lib/DAVACL/FS/HomeCollection.php72
-rw-r--r--vendor/sabre/dav/lib/DAVACL/IACL.php1
-rw-r--r--vendor/sabre/dav/lib/DAVACL/Plugin.php609
-rw-r--r--vendor/sabre/dav/lib/DAVACL/Principal.php71
-rw-r--r--vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php2
-rw-r--r--vendor/sabre/dav/lib/DAVACL/PrincipalCollection.php57
-rw-r--r--vendor/sabre/dav/lib/DAVACL/Xml/Property/SupportedPrivilegeSet.php20
-rw-r--r--vendor/sabre/dav/lib/DAVACL/Xml/Request/AclPrincipalPropSetReport.php67
-rw-r--r--vendor/sabre/dav/lib/DAVACL/Xml/Request/PrincipalMatchReport.php107
13 files changed, 766 insertions, 443 deletions
diff --git a/vendor/sabre/dav/lib/DAVACL/ACLTrait.php b/vendor/sabre/dav/lib/DAVACL/ACLTrait.php
new file mode 100644
index 000000000..602654a2e
--- /dev/null
+++ b/vendor/sabre/dav/lib/DAVACL/ACLTrait.php
@@ -0,0 +1,100 @@
+<?php
+
+namespace Sabre\DAVACL;
+
+/**
+ * This trait is a default implementation of the IACL interface.
+ *
+ * In many cases you only want to implement 1 or to of the IACL functions,
+ * this trait allows you to be a bit lazier.
+ *
+ * By default this trait grants all privileges to the owner of the resource.
+ *
+ * @copyright Copyright (C) fruux GmbH (https://fruux.com/)
+ * @author Evert Pot (https://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+trait ACLTrait {
+
+ /**
+ * Returns the owner principal
+ *
+ * This must be a url to a principal, or null if there's no owner
+ *
+ * @return string|null
+ */
+ function getOwner() {
+
+ return null;
+
+ }
+
+ /**
+ * Returns a group principal
+ *
+ * This must be a url to a principal, or null if there's no owner
+ *
+ * @return string|null
+ */
+ function getGroup() {
+
+ return null;
+
+ }
+
+ /**
+ * Returns a list of ACE's for this node.
+ *
+ * Each ACE has the following properties:
+ * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
+ * currently the only supported privileges
+ * * 'principal', a url to the principal who owns the node
+ * * 'protected' (optional), indicating that this ACE is not allowed to
+ * be updated.
+ *
+ * @return array
+ */
+ function getACL() {
+
+ return [
+ [
+ 'privilege' => '{DAV:}all',
+ 'principal' => '{DAV:}owner',
+ 'protected' => true,
+ ]
+ ];
+
+ }
+
+ /**
+ * Updates the ACL
+ *
+ * This method will receive a list of new ACE's as an array argument.
+ *
+ * @param array $acl
+ * @return void
+ */
+ function setACL(array $acl) {
+
+ throw new \Sabre\DAV\Exception\Forbidden('Setting ACL is not supported on this node');
+ }
+
+ /**
+ * Returns the list of supported privileges for this node.
+ *
+ * The returned data structure is a list of nested privileges.
+ * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
+ * standard structure.
+ *
+ * If null is returned from this method, the default privilege set is used,
+ * which is fine for most common usecases.
+ *
+ * @return array|null
+ */
+ function getSupportedPrivilegeSet() {
+
+ return null;
+
+ }
+
+}
diff --git a/vendor/sabre/dav/lib/DAVACL/AbstractPrincipalCollection.php b/vendor/sabre/dav/lib/DAVACL/AbstractPrincipalCollection.php
index 460f78981..9d2026380 100644
--- a/vendor/sabre/dav/lib/DAVACL/AbstractPrincipalCollection.php
+++ b/vendor/sabre/dav/lib/DAVACL/AbstractPrincipalCollection.php
@@ -110,7 +110,7 @@ abstract class AbstractPrincipalCollection extends DAV\Collection implements IPr
*
* @param string $name
* @throws DAV\Exception\NotFound
- * @return IPrincipal
+ * @return DAV\INode
*/
function getChild($name) {
diff --git a/vendor/sabre/dav/lib/DAVACL/FS/Collection.php b/vendor/sabre/dav/lib/DAVACL/FS/Collection.php
index 5fab4768c..1c08b43b1 100644
--- a/vendor/sabre/dav/lib/DAVACL/FS/Collection.php
+++ b/vendor/sabre/dav/lib/DAVACL/FS/Collection.php
@@ -3,6 +3,7 @@
namespace Sabre\DAVACL\FS;
use Sabre\DAV\FSExt\Directory as BaseCollection;
+use Sabre\DAVACL\ACLTrait;
use Sabre\DAVACL\IACL;
use Sabre\DAV\Exception\Forbidden;
use Sabre\DAV\Exception\NotFound;
@@ -16,6 +17,8 @@ use Sabre\DAV\Exception\NotFound;
*/
class Collection extends BaseCollection implements IACL {
+ use ACLTrait;
+
/**
* A list of ACL rules.
*
@@ -52,8 +55,8 @@ class Collection extends BaseCollection implements IACL {
* exist.
*
* @param string $name
- * @throws DAV\Exception\NotFound
- * @return DAV\INode
+ * @throws NotFound
+ * @return \Sabre\DAV\INode
*/
function getChild($name) {
@@ -88,19 +91,6 @@ class Collection extends BaseCollection implements IACL {
}
/**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -118,36 +108,4 @@ class Collection extends BaseCollection implements IACL {
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's as an array argument.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new Forbidden('Setting ACL is not allowed here');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/vendor/sabre/dav/lib/DAVACL/FS/File.php b/vendor/sabre/dav/lib/DAVACL/FS/File.php
index 0d549528b..387597bf7 100644
--- a/vendor/sabre/dav/lib/DAVACL/FS/File.php
+++ b/vendor/sabre/dav/lib/DAVACL/FS/File.php
@@ -4,7 +4,7 @@ namespace Sabre\DAVACL\FS;
use Sabre\DAV\FSExt\File as BaseFile;
use Sabre\DAVACL\IACL;
-use Sabre\DAV\Exception\Forbidden;
+use Sabre\DAVACL\ACLTrait;
/**
* This is an ACL-enabled file node.
@@ -15,6 +15,8 @@ use Sabre\DAV\Exception\Forbidden;
*/
class File extends BaseFile implements IACL {
+ use ACLTrait;
+
/**
* A list of ACL rules.
*
@@ -58,19 +60,6 @@ class File extends BaseFile implements IACL {
}
/**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -88,36 +77,4 @@ class File extends BaseFile implements IACL {
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's as an array argument.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new Forbidden('Setting ACL is not allowed here');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/vendor/sabre/dav/lib/DAVACL/FS/HomeCollection.php b/vendor/sabre/dav/lib/DAVACL/FS/HomeCollection.php
index c27616770..9e21353ea 100644
--- a/vendor/sabre/dav/lib/DAVACL/FS/HomeCollection.php
+++ b/vendor/sabre/dav/lib/DAVACL/FS/HomeCollection.php
@@ -2,8 +2,8 @@
namespace Sabre\DAVACL\FS;
-use Sabre\DAV\Exception\Forbidden;
use Sabre\DAVACL\AbstractPrincipalCollection;
+use Sabre\DAVACL\ACLTrait;
use Sabre\DAVACL\IACL;
use Sabre\DAVACL\PrincipalBackend\BackendInterface;
use Sabre\Uri;
@@ -21,6 +21,8 @@ use Sabre\Uri;
*/
class HomeCollection extends AbstractPrincipalCollection implements IACL {
+ use ACLTrait;
+
/**
* Name of this collection.
*
@@ -70,20 +72,15 @@ class HomeCollection extends AbstractPrincipalCollection implements IACL {
* supplied by the authentication backend.
*
* @param array $principalInfo
- * @return void
+ * @return \Sabre\DAVACL\INode
*/
function getChildForPrincipal(array $principalInfo) {
$owner = $principalInfo['uri'];
$acl = [
[
- 'privilege' => '{DAV:}read',
- 'principal' => $owner,
- 'protected' => true,
- ],
- [
- 'privilege' => '{DAV:}write',
- 'principal' => $owner,
+ 'privilege' => '{DAV:}all',
+ 'principal' => '{DAV:}owner',
'protected' => true,
],
];
@@ -103,31 +100,6 @@ class HomeCollection extends AbstractPrincipalCollection implements IACL {
}
- /**
- * Returns the owner principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getOwner() {
-
- return null;
-
- }
-
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
/**
* Returns a list of ACE's for this node.
@@ -153,36 +125,4 @@ class HomeCollection extends AbstractPrincipalCollection implements IACL {
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's as an array argument.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new Forbidden('Setting ACL is not allowed here');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/vendor/sabre/dav/lib/DAVACL/IACL.php b/vendor/sabre/dav/lib/DAVACL/IACL.php
index 81908d08f..f7a138665 100644
--- a/vendor/sabre/dav/lib/DAVACL/IACL.php
+++ b/vendor/sabre/dav/lib/DAVACL/IACL.php
@@ -71,5 +71,4 @@ interface IACL extends DAV\INode {
*/
function getSupportedPrivilegeSet();
-
}
diff --git a/vendor/sabre/dav/lib/DAVACL/Plugin.php b/vendor/sabre/dav/lib/DAVACL/Plugin.php
index 601dffecc..8e912309e 100644
--- a/vendor/sabre/dav/lib/DAVACL/Plugin.php
+++ b/vendor/sabre/dav/lib/DAVACL/Plugin.php
@@ -4,7 +4,11 @@ namespace Sabre\DAVACL;
use Sabre\DAV;
use Sabre\DAV\INode;
+use Sabre\DAV\Xml\Property\Href;
use Sabre\DAV\Exception\BadRequest;
+use Sabre\DAV\Exception\NotFound;
+use Sabre\DAV\Exception\NotAuthenticated;
+use Sabre\DAVACL\Exception\NeedPrivileges;
use Sabre\HTTP\RequestInterface;
use Sabre\HTTP\ResponseInterface;
use Sabre\Uri;
@@ -64,18 +68,6 @@ class Plugin extends DAV\ServerPlugin {
];
/**
- * By default ACL is only enforced for nodes that have ACL support (the
- * ones that implement IACL). For any other node, access is
- * always granted.
- *
- * To override this behaviour you can turn this setting off. This is useful
- * if you plan to fully support ACL in the entire tree.
- *
- * @var bool
- */
- public $allowAccessToNodesWithoutACL = true;
-
- /**
* By default nodes that are inaccessible by the user, can still be seen
* in directory listings (PROPFIND on parent with Depth: 1)
*
@@ -109,6 +101,18 @@ class Plugin extends DAV\ServerPlugin {
public $adminPrincipals = [];
/**
+ * The ACL plugin allows privileges to be assigned to users that are not
+ * logged in. To facilitate that, it modifies the auth plugin's behavior
+ * to only require login when a privileged operation was denied.
+ *
+ * Unauthenticated access can be considered a security concern, so it's
+ * possible to turn this feature off to harden the server's security.
+ *
+ * @var bool
+ */
+ public $allowUnauthenticatedAccess = true;
+
+ /**
* Returns a list of features added by this plugin.
*
* This list is used in the response of a HTTP OPTIONS request.
@@ -161,6 +165,7 @@ class Plugin extends DAV\ServerPlugin {
return [
'{DAV:}expand-property',
+ '{DAV:}principal-match',
'{DAV:}principal-property-search',
'{DAV:}principal-search-property-set',
];
@@ -179,7 +184,8 @@ class Plugin extends DAV\ServerPlugin {
* @param array|string $privileges
* @param int $recursion
* @param bool $throwExceptions if set to false, this method won't throw exceptions.
- * @throws Sabre\DAVACL\Exception\NeedPrivileges
+ * @throws NeedPrivileges
+ * @throws NotAuthenticated
* @return bool
*/
function checkPrivileges($uri, $privileges, $recursion = self::R_PARENT, $throwExceptions = true) {
@@ -188,18 +194,6 @@ class Plugin extends DAV\ServerPlugin {
$acl = $this->getCurrentUserPrivilegeSet($uri);
- if (is_null($acl)) {
- if ($this->allowAccessToNodesWithoutACL) {
- return true;
- } else {
- if ($throwExceptions)
- throw new Exception\NeedPrivileges($uri, $privileges);
- else
- return false;
-
- }
- }
-
$failed = [];
foreach ($privileges as $priv) {
@@ -210,10 +204,22 @@ class Plugin extends DAV\ServerPlugin {
}
if ($failed) {
- if ($throwExceptions)
- throw new Exception\NeedPrivileges($uri, $failed);
- else
+ if ($this->allowUnauthenticatedAccess && is_null($this->getCurrentUserPrincipal())) {
+ // We are not authenticated. Kicking in the Auth plugin.
+ $authPlugin = $this->server->getPlugin('auth');
+ $reasons = $authPlugin->getLoginFailedReasons();
+ $authPlugin->challenge(
+ $this->server->httpRequest,
+ $this->server->httpResponse
+ );
+ throw new notAuthenticated(implode(', ', $reasons) . '. Login was needed for privilege: ' . implode(', ', $failed) . ' on ' . $uri);
+ }
+ if ($throwExceptions) {
+
+ throw new NeedPrivileges($uri, $failed);
+ } else {
return false;
+ }
}
return true;
@@ -229,10 +235,11 @@ class Plugin extends DAV\ServerPlugin {
*/
function getCurrentUserPrincipal() {
- $authPlugin = $this->server->getPlugin('auth');
- if (is_null($authPlugin)) return null;
/** @var $authPlugin Sabre\DAV\Auth\Plugin */
-
+ $authPlugin = $this->server->getPlugin('auth');
+ if (!$authPlugin) {
+ return null;
+ }
return $authPlugin->getCurrentPrincipal();
}
@@ -258,6 +265,51 @@ class Plugin extends DAV\ServerPlugin {
}
/**
+ * Sets the default ACL rules.
+ *
+ * These rules are used for all nodes that don't implement the IACL interface.
+ *
+ * @param array $acl
+ * @return void
+ */
+ function setDefaultAcl(array $acl) {
+
+ $this->defaultAcl = $acl;
+
+ }
+
+ /**
+ * Returns the default ACL rules.
+ *
+ * These rules are used for all nodes that don't implement the IACL interface.
+ *
+ * @param array $acl
+ * @return void
+ */
+ function getDefaultAcl() {
+
+ return $this->defaultAcl;
+
+ }
+
+ /**
+ * The default ACL rules.
+ *
+ * These rules are used for nodes that don't implement IACL. These default
+ * set of rules allow anyone to do anything, as long as they are
+ * authenticated.
+ *
+ * var array
+ */
+ protected $defaultAcl = [
+ [
+ 'principal' => '{DAV:}authenticated',
+ 'protected' => true,
+ 'privilege' => '{DAV:}all',
+ ],
+ ];
+
+ /**
* This array holds a cache for all the principals that are associated with
* a single principal.
*
@@ -311,13 +363,77 @@ class Plugin extends DAV\ServerPlugin {
}
/**
- * Returns the supported privilege structure for this ACL plugin.
+ * Find out of a principal equals another principal.
+ *
+ * This is a quick way to find out wether a principal URI is part of a
+ * group, or any subgroups.
*
- * See RFC3744 for more details. Currently we default on a simple,
- * standard structure.
+ * The first argument is the principal URI you want to check against. For
+ * example the principal group, and the second argument is the principal of
+ * which you want to find out of it is the same as the first principal, or
+ * in a member of the first principal's group or subgroups.
*
- * You can either get the list of privileges by a uri (path) or by
- * specifying a Node.
+ * So the arguments are not interchangable. If principal A is in group B,
+ * passing 'B', 'A' will yield true, but 'A', 'B' is false.
+ *
+ * If the sceond argument is not passed, we will use the current user
+ * principal.
+ *
+ * @param string $checkPrincipal
+ * @param string $currentPrincipal
+ * @return bool
+ */
+ function principalMatchesPrincipal($checkPrincipal, $currentPrincipal = null) {
+
+ if (is_null($currentPrincipal)) {
+ $currentPrincipal = $this->getCurrentUserPrincipal();
+ }
+ if ($currentPrincipal === $checkPrincipal) {
+ return true;
+ }
+ return in_array(
+ $checkPrincipal,
+ $this->getPrincipalMembership($currentPrincipal)
+ );
+
+ }
+
+
+ /**
+ * Returns a tree of supported privileges for a resource.
+ *
+ * The returned array structure should be in this form:
+ *
+ * [
+ * [
+ * 'privilege' => '{DAV:}read',
+ * 'abstract' => false,
+ * 'aggregates' => []
+ * ]
+ * ]
+ *
+ * Privileges can be nested using "aggregrates". Doing so means that
+ * if you assign someone the aggregrating privilege, all the
+ * sub-privileges will automatically be granted.
+ *
+ * Marking a privilege as abstract means that the privilege cannot be
+ * directly assigned, but must be assigned via the parent privilege.
+ *
+ * So a more complex version might look like this:
+ *
+ * [
+ * [
+ * 'privilege' => '{DAV:}read',
+ * 'abstract' => false,
+ * 'aggregates' => [
+ * [
+ * 'privilege' => '{DAV:}read-acl',
+ * 'abstract' => false,
+ * 'aggregates' => [],
+ * ]
+ * ]
+ * ]
+ * ]
*
* @param string|INode $node
* @return array
@@ -328,73 +444,71 @@ class Plugin extends DAV\ServerPlugin {
$node = $this->server->tree->getNodeForPath($node);
}
+ $supportedPrivileges = null;
if ($node instanceof IACL) {
- $result = $node->getSupportedPrivilegeSet();
-
- if ($result)
- return $result;
+ $supportedPrivileges = $node->getSupportedPrivilegeSet();
}
- return self::getDefaultSupportedPrivilegeSet();
+ if (is_null($supportedPrivileges)) {
- }
-
- /**
- * Returns a fairly standard set of privileges, which may be useful for
- * other systems to use as a basis.
- *
- * @return array
- */
- static function getDefaultSupportedPrivilegeSet() {
-
- return [
- 'privilege' => '{DAV:}all',
- 'abstract' => true,
- 'aggregates' => [
- [
- 'privilege' => '{DAV:}read',
+ // Default
+ $supportedPrivileges = [
+ '{DAV:}read' => [
+ 'abstract' => false,
'aggregates' => [
- [
- 'privilege' => '{DAV:}read-acl',
- 'abstract' => false,
+ '{DAV:}read-acl' => [
+ 'abstract' => false,
+ 'aggregates' => [],
],
- [
- 'privilege' => '{DAV:}read-current-user-privilege-set',
- 'abstract' => false,
+ '{DAV:}read-current-user-privilege-set' => [
+ 'abstract' => false,
+ 'aggregates' => [],
],
],
- ], // {DAV:}read
- [
- 'privilege' => '{DAV:}write',
+ ],
+ '{DAV:}write' => [
+ 'abstract' => false,
'aggregates' => [
- [
- 'privilege' => '{DAV:}write-acl',
- 'abstract' => false,
- ],
- [
- 'privilege' => '{DAV:}write-properties',
- 'abstract' => false,
- ],
- [
- 'privilege' => '{DAV:}write-content',
- 'abstract' => false,
+ '{DAV:}write-properties' => [
+ 'abstract' => false,
+ 'aggregates' => [],
],
- [
- 'privilege' => '{DAV:}bind',
- 'abstract' => false,
+ '{DAV:}write-content' => [
+ 'abstract' => false,
+ 'aggregates' => [],
],
- [
- 'privilege' => '{DAV:}unbind',
- 'abstract' => false,
- ],
- [
- 'privilege' => '{DAV:}unlock',
- 'abstract' => false,
+ '{DAV:}unlock' => [
+ 'abstract' => false,
+ 'aggregates' => [],
],
],
- ], // {DAV:}write
- ],
- ]; // {DAV:}all
+ ],
+ ];
+ if ($node instanceof \Sabre\DAV\ICollection) {
+ $supportedPrivileges['{DAV:}write']['aggregates']['{DAV:}bind'] = [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ];
+ $supportedPrivileges['{DAV:}write']['aggregates']['{DAV:}unbind'] = [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ];
+ }
+ if ($node instanceof \Sabre\DAVACL\IACL) {
+ $supportedPrivileges['{DAV:}write']['aggregates']['{DAV:}write-acl'] = [
+ 'abstract' => false,
+ 'aggregates' => [],
+ ];
+ }
+
+ }
+
+ $this->server->emit(
+ 'getSupportedPrivilegeSet',
+ [$node, &$supportedPrivileges]
+ );
+
+ return $supportedPrivileges;
}
@@ -414,35 +528,38 @@ class Plugin extends DAV\ServerPlugin {
*/
final function getFlatPrivilegeSet($node) {
- $privs = $this->getSupportedPrivilegeSet($node);
+ $privs = [
+ 'abstract' => false,
+ 'aggregates' => $this->getSupportedPrivilegeSet($node)
+ ];
$fpsTraverse = null;
- $fpsTraverse = function($priv, $concrete, &$flat) use (&$fpsTraverse) {
+ $fpsTraverse = function($privName, $privInfo, $concrete, &$flat) use (&$fpsTraverse) {
$myPriv = [
- 'privilege' => $priv['privilege'],
- 'abstract' => isset($priv['abstract']) && $priv['abstract'],
+ 'privilege' => $privName,
+ 'abstract' => isset($privInfo['abstract']) && $privInfo['abstract'],
'aggregates' => [],
- 'concrete' => isset($priv['abstract']) && $priv['abstract'] ? $concrete : $priv['privilege'],
+ 'concrete' => isset($privInfo['abstract']) && $privInfo['abstract'] ? $concrete : $privName,
];
- if (isset($priv['aggregates'])) {
+ if (isset($privInfo['aggregates'])) {
- foreach ($priv['aggregates'] as $subPriv) {
+ foreach ($privInfo['aggregates'] as $subPrivName => $subPrivInfo) {
- $myPriv['aggregates'][] = $subPriv['privilege'];
+ $myPriv['aggregates'][] = $subPrivName;
}
}
- $flat[$priv['privilege']] = $myPriv;
+ $flat[$privName] = $myPriv;
- if (isset($priv['aggregates'])) {
+ if (isset($privInfo['aggregates'])) {
- foreach ($priv['aggregates'] as $subPriv) {
+ foreach ($privInfo['aggregates'] as $subPrivName => $subPrivInfo) {
- $fpsTraverse($subPriv, $myPriv['concrete'], $flat);
+ $fpsTraverse($subPrivName, $subPrivInfo, $myPriv['concrete'], $flat);
}
@@ -451,7 +568,7 @@ class Plugin extends DAV\ServerPlugin {
};
$flat = [];
- $fpsTraverse($privs, null, $flat);
+ $fpsTraverse('{DAV:}all', $privs, null, $flat);
return $flat;
@@ -467,13 +584,13 @@ class Plugin extends DAV\ServerPlugin {
* @param string|DAV\INode $node
* @return array
*/
- function getACL($node) {
+ function getAcl($node) {
if (is_string($node)) {
$node = $this->server->tree->getNodeForPath($node);
}
if (!$node instanceof IACL) {
- return null;
+ return $this->getDefaultAcl();
}
$acl = $node->getACL();
foreach ($this->adminPrincipals as $adminPrincipal) {
@@ -506,12 +623,10 @@ class Plugin extends DAV\ServerPlugin {
$acl = $this->getACL($node);
- if (is_null($acl)) return null;
-
- $principals = $this->getCurrentUserPrincipals();
-
$collected = [];
+ $isAuthenticated = $this->getCurrentUserPrincipal() !== null;
+
foreach ($acl as $ace) {
$principal = $ace['principal'];
@@ -520,7 +635,7 @@ class Plugin extends DAV\ServerPlugin {
case '{DAV:}owner' :
$owner = $node->getOwner();
- if ($owner && in_array($owner, $principals)) {
+ if ($owner && $this->principalMatchesPrincipal($owner)) {
$collected[] = $ace;
}
break;
@@ -528,21 +643,25 @@ class Plugin extends DAV\ServerPlugin {
// 'all' matches for every user
case '{DAV:}all' :
+ $collected[] = $ace;
+ break;
- // 'authenticated' matched for every user that's logged in.
- // Since it's not possible to use ACL while not being logged
- // in, this is also always true.
case '{DAV:}authenticated' :
- $collected[] = $ace;
+ // Authenticated users only
+ if ($isAuthenticated) {
+ $collected[] = $ace;
+ }
break;
- // 'unauthenticated' can never occur either, so we simply
- // ignore these.
case '{DAV:}unauthenticated' :
+ // Unauthenticated users only
+ if (!$isAuthenticated) {
+ $collected[] = $ace;
+ }
break;
default :
- if (in_array($ace['principal'], $principals)) {
+ if ($this->principalMatchesPrincipal($ace['principal'])) {
$collected[] = $ace;
}
break;
@@ -561,6 +680,11 @@ class Plugin extends DAV\ServerPlugin {
$current = array_pop($collected);
$collected2[] = $current['privilege'];
+ if (!isset($flat[$current['privilege']])) {
+ // Ignoring privileges that are not in the supported-privileges list.
+ $this->server->getLogger()->debug('A node has the "' . $current['privilege'] . '" in its ACL list, but this privilege was not reported in the supportedPrivilegeSet list. This will be ignored.');
+ continue;
+ }
foreach ($flat[$current['privilege']]['aggregates'] as $subPriv) {
$collected2[] = $subPriv;
$collected[] = $flat[$subPriv];
@@ -587,7 +711,13 @@ class Plugin extends DAV\ServerPlugin {
$collections = $this->principalCollectionSet;
foreach ($collections as $collection) {
- $principalCollection = $this->server->tree->getNodeForPath($collection);
+ try {
+ $principalCollection = $this->server->tree->getNodeForPath($collection);
+ } catch (NotFound $e) {
+ // Ignore and move on
+ continue;
+ }
+
if (!$principalCollection instanceof IPrincipalCollection) {
// Not a principal collection, we're simply going to ignore
// this.
@@ -673,6 +803,14 @@ class Plugin extends DAV\ServerPlugin {
*/
function initialize(DAV\Server $server) {
+ if ($this->allowUnauthenticatedAccess) {
+ $authPlugin = $server->getPlugin('auth');
+ if (!$authPlugin) {
+ throw new \Exception('The Auth plugin must be loaded before the ACL plugin if you want to allow unauthenticated access.');
+ }
+ $authPlugin->autoRequireLogin = false;
+ }
+
$this->server = $server;
$server->on('propFind', [$this, 'propFind'], 20);
$server->on('beforeMethod', [$this, 'beforeMethod'], 20);
@@ -683,6 +821,14 @@ class Plugin extends DAV\ServerPlugin {
$server->on('report', [$this, 'report']);
$server->on('method:ACL', [$this, 'httpAcl']);
$server->on('onHTMLActionsPanel', [$this, 'htmlActionsPanel']);
+ $server->on('getPrincipalByUri', function($principal, &$uri) {
+
+ $uri = $this->getPrincipalByUri($principal);
+
+ // Break event chain
+ if ($uri) return false;
+
+ });
array_push($server->protectedProperties,
'{DAV:}alternate-URI-set',
@@ -707,9 +853,11 @@ class Plugin extends DAV\ServerPlugin {
// class.
$server->xml->elementMap['{DAV:}group-member-set'] = 'Sabre\\DAV\\Xml\\Property\\Href';
$server->xml->elementMap['{DAV:}acl'] = 'Sabre\\DAVACL\\Xml\\Property\\Acl';
+ $server->xml->elementMap['{DAV:}acl-principal-prop-set'] = 'Sabre\\DAVACL\\Xml\\Request\\AclPrincipalPropSetReport';
$server->xml->elementMap['{DAV:}expand-property'] = 'Sabre\\DAVACL\\Xml\\Request\\ExpandPropertyReport';
$server->xml->elementMap['{DAV:}principal-property-search'] = 'Sabre\\DAVACL\\Xml\\Request\\PrincipalPropertySearchReport';
$server->xml->elementMap['{DAV:}principal-search-property-set'] = 'Sabre\\DAVACL\\Xml\\Request\\PrincipalSearchPropertySetReport';
+ $server->xml->elementMap['{DAV:}principal-match'] = 'Sabre\\DAVACL\\Xml\\Request\\PrincipalMatchReport';
}
@@ -743,7 +891,6 @@ class Plugin extends DAV\ServerPlugin {
case 'PUT' :
case 'LOCK' :
- case 'UNLOCK' :
// This method requires the write-content priv if the node
// already exists, and bind on the parent if the node is being
// created.
@@ -751,6 +898,9 @@ class Plugin extends DAV\ServerPlugin {
$this->checkPrivileges($path, '{DAV:}write-content');
break;
+ case 'UNLOCK' :
+ // Unlock is always allowed at the moment.
+ break;
case 'PROPPATCH' :
$this->checkPrivileges($path, '{DAV:}write-properties');
@@ -774,7 +924,6 @@ class Plugin extends DAV\ServerPlugin {
// If MOVE is used beforeUnbind will also be used to check if
// the sourcenode can be deleted.
$this->checkPrivileges($path, '{DAV:}read', self::R_RECURSIVE);
-
break;
}
@@ -864,24 +1013,24 @@ class Plugin extends DAV\ServerPlugin {
if ($node instanceof IPrincipal) {
$propFind->handle('{DAV:}alternate-URI-set', function() use ($node) {
- return new DAV\Xml\Property\Href($node->getAlternateUriSet());
+ return new Href($node->getAlternateUriSet());
});
$propFind->handle('{DAV:}principal-URL', function() use ($node) {
- return new DAV\Xml\Property\Href($node->getPrincipalUrl() . '/');
+ return new Href($node->getPrincipalUrl() . '/');
});
$propFind->handle('{DAV:}group-member-set', function() use ($node) {
$members = $node->getGroupMemberSet();
foreach ($members as $k => $member) {
$members[$k] = rtrim($member, '/') . '/';
}
- return new DAV\Xml\Property\Href($members);
+ return new Href($members);
});
$propFind->handle('{DAV:}group-membership', function() use ($node) {
$members = $node->getGroupMembership();
foreach ($members as $k => $member) {
$members[$k] = rtrim($member, '/') . '/';
}
- return new DAV\Xml\Property\Href($members);
+ return new Href($members);
});
$propFind->handle('{DAV:}displayname', [$node, 'getDisplayName']);
@@ -892,7 +1041,7 @@ class Plugin extends DAV\ServerPlugin {
$val = $this->principalCollectionSet;
// Ensuring all collections end with a slash
foreach ($val as $k => $v) $val[$k] = $v . '/';
- return new DAV\Xml\Property\Href($val);
+ return new Href($val);
});
$propFind->handle('{DAV:}current-user-principal', function() {
@@ -910,9 +1059,7 @@ class Plugin extends DAV\ServerPlugin {
$propFind->set('{DAV:}current-user-privilege-set', null, 403);
} else {
$val = $this->getCurrentUserPrivilegeSet($node);
- if (!is_null($val)) {
- return new Xml\Property\CurrentUserPrivilegeSet($val);
- }
+ return new Xml\Property\CurrentUserPrivilegeSet($val);
}
});
$propFind->handle('{DAV:}acl', function() use ($node, $propFind, $path) {
@@ -921,9 +1068,7 @@ class Plugin extends DAV\ServerPlugin {
$propFind->set('{DAV:}acl', null, 403);
} else {
$acl = $this->getACL($node);
- if (!is_null($acl)) {
- return new Xml\Property\Acl($this->getACL($node));
- }
+ return new Xml\Property\Acl($this->getACL($node));
}
});
$propFind->handle('{DAV:}acl-restrictions', function() {
@@ -933,7 +1078,7 @@ class Plugin extends DAV\ServerPlugin {
/* Adding ACL properties */
if ($node instanceof IACL) {
$propFind->handle('{DAV:}owner', function() use ($node) {
- return new DAV\Xml\Property\Href($node->getOwner() . '/');
+ return new Href($node->getOwner() . '/');
});
}
@@ -952,7 +1097,7 @@ class Plugin extends DAV\ServerPlugin {
$propPatch->handle('{DAV:}group-member-set', function($value) use ($path) {
if (is_null($value)) {
$memberSet = [];
- } elseif ($value instanceof DAV\Xml\Property\Href) {
+ } elseif ($value instanceof Href) {
$memberSet = array_map(
[$this->server, 'calculateUri'],
$value->getHrefs()
@@ -990,15 +1135,23 @@ class Plugin extends DAV\ServerPlugin {
case '{DAV:}principal-property-search' :
$this->server->transactionType = 'report-principal-property-search';
- $this->principalPropertySearchReport($report);
+ $this->principalPropertySearchReport($path, $report);
return false;
case '{DAV:}principal-search-property-set' :
$this->server->transactionType = 'report-principal-search-property-set';
- $this->principalSearchPropertySetReport($report);
+ $this->principalSearchPropertySetReport($path, $report);
return false;
case '{DAV:}expand-property' :
$this->server->transactionType = 'report-expand-property';
- $this->expandPropertyReport($report);
+ $this->expandPropertyReport($path, $report);
+ return false;
+ case '{DAV:}principal-match' :
+ $this->server->transactionType = 'report-principal-match';
+ $this->principalMatchReport($path, $report);
+ return false;
+ case '{DAV:}acl-principal-prop-set' :
+ $this->server->transactionType = 'acl-principal-prop-set';
+ $this->aclPrincipalPropSetReport($path, $report);
return false;
}
@@ -1073,7 +1226,7 @@ class Plugin extends DAV\ServerPlugin {
// Looking up the principal
try {
$principal = $this->server->tree->getNodeForPath($newAce['principal']);
- } catch (DAV\Exception\NotFound $e) {
+ } catch (NotFound $e) {
throw new Exception\NotRecognizedPrincipal('The specified principal (' . $newAce['principal'] . ') does not exist');
}
if (!($principal instanceof IPrincipal)) {
@@ -1095,7 +1248,110 @@ class Plugin extends DAV\ServerPlugin {
/* Reports {{{ */
/**
- * The expand-property report is defined in RFC3253 section 3-8.
+ * The principal-match report is defined in RFC3744, section 9.3.
+ *
+ * This report allows a client to figure out based on the current user,
+ * or a principal URL, the principal URL and principal URLs of groups that
+ * principal belongs to.
+ *
+ * @param string $path
+ * @param Xml\Request\PrincipalMatchReport $report
+ * @return void
+ */
+ protected function principalMatchReport($path, Xml\Request\PrincipalMatchReport $report) {
+
+ $depth = $this->server->getHTTPDepth(0);
+ if ($depth !== 0) {
+ throw new BadRequest('The principal-match report is only defined on Depth: 0');
+ }
+
+ $currentPrincipals = $this->getCurrentUserPrincipals();
+
+ $result = [];
+
+ if ($report->type === Xml\Request\PrincipalMatchReport::SELF) {
+
+ // Finding all principals under the request uri that match the
+ // current principal.
+ foreach ($currentPrincipals as $currentPrincipal) {
+
+ if ($currentPrincipal === $path || strpos($currentPrincipal, $path . '/') === 0) {
+ $result[] = $currentPrincipal;
+ }
+
+ }
+
+ } else {
+
+ // We need to find all resources that have a property that matches
+ // one of the current principals.
+ $candidates = $this->server->getPropertiesForPath(
+ $path,
+ [$report->principalProperty],
+ 1
+ );
+
+ foreach ($candidates as $candidate) {
+
+ if (!isset($candidate[200][$report->principalProperty])) {
+ continue;
+ }
+
+ $hrefs = $candidate[200][$report->principalProperty];
+
+ if (!$hrefs instanceof Href) {
+ continue;
+ }
+
+ foreach ($hrefs->getHrefs() as $href) {
+ if (in_array(trim($href, '/'), $currentPrincipals)) {
+ $result[] = $candidate['href'];
+ continue 2;
+ }
+ }
+ }
+
+ }
+
+ $responses = [];
+
+ foreach ($result as $item) {
+
+ $properties = [];
+
+ if ($report->properties) {
+
+ $foo = $this->server->getPropertiesForPath($item, $report->properties);
+ $foo = $foo[0];
+ $item = $foo['href'];
+ unset($foo['href']);
+ $properties = $foo;
+
+ }
+
+ $responses[] = new DAV\Xml\Element\Response(
+ $item,
+ $properties,
+ '200'
+ );
+
+ }
+
+ $this->server->httpResponse->setHeader('Content-Type', 'application/xml; charset=utf-8');
+ $this->server->httpResponse->setStatus(207);
+ $this->server->httpResponse->setBody(
+ $this->server->xml->write(
+ '{DAV:}multistatus',
+ $responses,
+ $this->server->getBaseUri()
+ )
+ );
+
+
+ }
+
+ /**
+ * The expand-property report is defined in RFC3253 section 3.8.
*
* This report is very similar to a standard PROPFIND. The difference is
* that it has the additional ability to look at properties containing a
@@ -1105,15 +1361,15 @@ class Plugin extends DAV\ServerPlugin {
* Other rfc's, such as ACL rely on this report, so it made sense to put
* it in this plugin.
*
+ * @param string $path
* @param Xml\Request\ExpandPropertyReport $report
* @return void
*/
- protected function expandPropertyReport($report) {
+ protected function expandPropertyReport($path, $report) {
$depth = $this->server->getHTTPDepth(0);
- $requestUri = $this->server->getRequestUri();
- $result = $this->expandProperties($requestUri, $report->properties, $depth);
+ $result = $this->expandProperties($path, $report->properties, $depth);
$xml = $this->server->xml->write(
'{DAV:}multistatus',
@@ -1187,10 +1443,11 @@ class Plugin extends DAV\ServerPlugin {
* of properties the client may search on, using the
* {DAV:}principal-property-search report.
*
+ * @param string $path
* @param Xml\Request\PrincipalSearchPropertySetReport $report
* @return void
*/
- protected function principalSearchPropertySetReport($report) {
+ protected function principalSearchPropertySetReport($path, $report) {
$httpDepth = $this->server->getHTTPDepth(0);
if ($httpDepth !== 0) {
@@ -1241,14 +1498,14 @@ class Plugin extends DAV\ServerPlugin {
* clients to search for groups of principals, based on the value of one
* or more properties.
*
+ * @param string $path
* @param Xml\Request\PrincipalPropertySearchReport $report
* @return void
*/
- protected function principalPropertySearchReport($report) {
+ protected function principalPropertySearchReport($path, Xml\Request\PrincipalPropertySearchReport $report) {
- $uri = null;
- if (!$report->applyToPrincipalCollectionSet) {
- $uri = $this->server->httpRequest->getPath();
+ if ($report->applyToPrincipalCollectionSet) {
+ $path = null;
}
if ($this->server->getHttpDepth('0') !== 0) {
throw new BadRequest('Depth must be 0');
@@ -1256,7 +1513,7 @@ class Plugin extends DAV\ServerPlugin {
$result = $this->principalSearch(
$report->searchProperties,
$report->properties,
- $uri,
+ $path,
$report->test
);
@@ -1269,6 +1526,64 @@ class Plugin extends DAV\ServerPlugin {
}
+ /**
+ * aclPrincipalPropSet REPORT
+ *
+ * This method is responsible for handling the {DAV:}acl-principal-prop-set
+ * REPORT, as defined in:
+ *
+ * https://tools.ietf.org/html/rfc3744#section-9.2
+ *
+ * This REPORT allows a user to quickly fetch information about all
+ * principals specified in the access control list. Most commonly this
+ * is used to for example generate a UI with ACL rules, allowing you
+ * to show names for principals for every entry.
+ *
+ * @param string $path
+ * @param Xml\Request\AclPrincipalPropSetReport $report
+ * @return void
+ */
+ protected function aclPrincipalPropSetReport($path, Xml\Request\AclPrincipalPropSetReport $report) {
+
+ if ($this->server->getHTTPDepth(0) !== 0) {
+ throw new BadRequest('The {DAV:}acl-principal-prop-set REPORT only supports Depth 0');
+ }
+
+ // Fetching ACL rules for the given path. We're using the property
+ // API and not the local getACL, because it will ensure that all
+ // business rules and restrictions are applied.
+ $acl = $this->server->getProperties($path, '{DAV:}acl');
+
+ if (!$acl || !isset($acl['{DAV:}acl'])) {
+ throw new Forbidden('Could not fetch ACL rules for this path');
+ }
+
+ $principals = [];
+ foreach ($acl['{DAV:}acl']->getPrivileges() as $ace) {
+
+ if ($ace['principal'][0] === '{') {
+ // It's not a principal, it's one of the special rules such as {DAV:}authenticated
+ continue;
+ }
+
+ $principals[] = $ace['principal'];
+
+ }
+
+ $properties = $this->server->getPropertiesForMultiplePaths(
+ $principals,
+ $report->properties
+ );
+
+ $this->server->httpResponse->setStatus(207);
+ $this->server->httpResponse->setHeader('Content-Type', 'application/xml; charset=utf-8');
+ $this->server->httpResponse->setBody(
+ $this->server->generateMultiStatus($properties)
+ );
+
+ }
+
+
/* }}} */
/**
diff --git a/vendor/sabre/dav/lib/DAVACL/Principal.php b/vendor/sabre/dav/lib/DAVACL/Principal.php
index 16375d3fc..6ebb30907 100644
--- a/vendor/sabre/dav/lib/DAVACL/Principal.php
+++ b/vendor/sabre/dav/lib/DAVACL/Principal.php
@@ -22,6 +22,8 @@ use Sabre\HTTP\URLUtil;
*/
class Principal extends DAV\Node implements IPrincipal, DAV\IProperties, IACL {
+ use ACLTrait;
+
/**
* Struct with principal information.
*
@@ -216,73 +218,4 @@ class Principal extends DAV\Node implements IPrincipal, DAV\IProperties, IACL {
}
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
-
- return null;
-
- }
-
- /**
- * Returns a list of ACE's for this node.
- *
- * Each ACE has the following properties:
- * * 'privilege', a string such as {DAV:}read or {DAV:}write. These are
- * currently the only supported privileges
- * * 'principal', a url to the principal who owns the node
- * * 'protected' (optional), indicating that this ACE is not allowed to
- * be updated.
- *
- * @return array
- */
- function getACL() {
-
- return [
- [
- 'privilege' => '{DAV:}read',
- 'principal' => '{DAV:}authenticated',
- 'protected' => true,
- ],
- ];
-
- }
-
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new DAV\Exception\MethodNotAllowed('Updating ACLs is not allowed here');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php
index 01b7a175c..a491dc88f 100644
--- a/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php
+++ b/vendor/sabre/dav/lib/DAVACL/PrincipalBackend/PDO.php
@@ -300,7 +300,7 @@ class PDO extends AbstractBackend implements CreatePrincipalSupport {
$value = null;
$scheme = null;
list($scheme, $value) = explode(":", $uri, 2);
- if ($value == null) return null;
+ if (empty($value)) return null;
$uri = null;
switch ($scheme){
diff --git a/vendor/sabre/dav/lib/DAVACL/PrincipalCollection.php b/vendor/sabre/dav/lib/DAVACL/PrincipalCollection.php
index 54911e7b5..d8a90153a 100644
--- a/vendor/sabre/dav/lib/DAVACL/PrincipalCollection.php
+++ b/vendor/sabre/dav/lib/DAVACL/PrincipalCollection.php
@@ -3,7 +3,6 @@
namespace Sabre\DAVACL;
use Sabre\DAV\Exception\InvalidResourceType;
-use Sabre\DAV\Exception\Forbidden;
use Sabre\DAV\IExtendedCollection;
use Sabre\DAV\MkCol;
@@ -19,6 +18,8 @@ use Sabre\DAV\MkCol;
*/
class PrincipalCollection extends AbstractPrincipalCollection implements IExtendedCollection, IACL {
+ use ACLTrait;
+
/**
* This method returns a node for a principal.
*
@@ -73,28 +74,6 @@ class PrincipalCollection extends AbstractPrincipalCollection implements IExtend
}
/**
- * Returns the owner principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getOwner() {
- return null;
- }
-
- /**
- * Returns a group principal
- *
- * This must be a url to a principal, or null if there's no owner
- *
- * @return string|null
- */
- function getGroup() {
- return null;
- }
-
- /**
* Returns a list of ACE's for this node.
*
* Each ACE has the following properties:
@@ -116,36 +95,4 @@ class PrincipalCollection extends AbstractPrincipalCollection implements IExtend
];
}
- /**
- * Updates the ACL
- *
- * This method will receive a list of new ACE's as an array argument.
- *
- * @param array $acl
- * @return void
- */
- function setACL(array $acl) {
-
- throw new Forbidden('Updating ACLs is not allowed on this node');
-
- }
-
- /**
- * Returns the list of supported privileges for this node.
- *
- * The returned data structure is a list of nested privileges.
- * See Sabre\DAVACL\Plugin::getDefaultSupportedPrivilegeSet for a simple
- * standard structure.
- *
- * If null is returned from this method, the default privilege set is used,
- * which is fine for most common usecases.
- *
- * @return array|null
- */
- function getSupportedPrivilegeSet() {
-
- return null;
-
- }
-
}
diff --git a/vendor/sabre/dav/lib/DAVACL/Xml/Property/SupportedPrivilegeSet.php b/vendor/sabre/dav/lib/DAVACL/Xml/Property/SupportedPrivilegeSet.php
index 572bed4dd..55e7783ae 100644
--- a/vendor/sabre/dav/lib/DAVACL/Xml/Property/SupportedPrivilegeSet.php
+++ b/vendor/sabre/dav/lib/DAVACL/Xml/Property/SupportedPrivilegeSet.php
@@ -73,7 +73,7 @@ class SupportedPrivilegeSet implements XmlSerializable, HtmlOutput {
*/
function xmlSerialize(Writer $writer) {
- $this->serializePriv($writer, $this->privileges);
+ $this->serializePriv($writer, '{DAV:}all', [ 'aggregates' => $this->privileges]);
}
@@ -93,9 +93,9 @@ class SupportedPrivilegeSet implements XmlSerializable, HtmlOutput {
*/
function toHtml(HtmlOutputHelper $html) {
- $traverse = function($priv) use (&$traverse, $html) {
+ $traverse = function($privName, $priv) use (&$traverse, $html) {
echo "<li>";
- echo $html->xmlName($priv['privilege']);
+ echo $html->xmlName($privName);
if (isset($priv['abstract']) && $priv['abstract']) {
echo " <i>(abstract)</i>";
}
@@ -104,8 +104,8 @@ class SupportedPrivilegeSet implements XmlSerializable, HtmlOutput {
}
if (isset($priv['aggregates'])) {
echo "\n<ul>\n";
- foreach ($priv['aggregates'] as $subPriv) {
- $traverse($subPriv);
+ foreach ($priv['aggregates'] as $subPrivName => $subPriv) {
+ $traverse($subPrivName, $subPriv);
}
echo "</ul>";
}
@@ -114,7 +114,7 @@ class SupportedPrivilegeSet implements XmlSerializable, HtmlOutput {
ob_start();
echo "<ul class=\"tree\">";
- $traverse($this->getValue());
+ $traverse('{DAV:}all', [ 'aggregates' => $this->getValue() ]);
echo "</ul>\n";
return ob_get_clean();
@@ -132,12 +132,12 @@ class SupportedPrivilegeSet implements XmlSerializable, HtmlOutput {
* @param array $privilege
* @return void
*/
- private function serializePriv(Writer $writer, $privilege) {
+ private function serializePriv(Writer $writer, $privName, $privilege) {
$writer->startElement('{DAV:}supported-privilege');
$writer->startElement('{DAV:}privilege');
- $writer->writeElement($privilege['privilege']);
+ $writer->writeElement($privName);
$writer->endElement(); // privilege
if (!empty($privilege['abstract'])) {
@@ -147,8 +147,8 @@ class SupportedPrivilegeSet implements XmlSerializable, HtmlOutput {
$writer->writeElement('{DAV:}description', $privilege['description']);
}
if (isset($privilege['aggregates'])) {
- foreach ($privilege['aggregates'] as $subPrivilege) {
- $this->serializePriv($writer, $subPrivilege);
+ foreach ($privilege['aggregates'] as $subPrivName => $subPrivilege) {
+ $this->serializePriv($writer, $subPrivName, $subPrivilege);
}
}
diff --git a/vendor/sabre/dav/lib/DAVACL/Xml/Request/AclPrincipalPropSetReport.php b/vendor/sabre/dav/lib/DAVACL/Xml/Request/AclPrincipalPropSetReport.php
new file mode 100644
index 000000000..f01c1e6ab
--- /dev/null
+++ b/vendor/sabre/dav/lib/DAVACL/Xml/Request/AclPrincipalPropSetReport.php
@@ -0,0 +1,67 @@
+<?php
+
+namespace Sabre\DAVACL\Xml\Request;
+
+use Sabre\Xml\XmlDeserializable;
+use Sabre\Xml\Reader;
+use Sabre\Xml\Deserializer;
+
+/**
+ * AclPrincipalPropSet request parser.
+ *
+ * This class parses the {DAV:}acl-principal-prop-set REPORT, as defined in:
+ *
+ * https://tools.ietf.org/html/rfc3744#section-9.2
+ *
+ * @copyright Copyright (C) fruux GmbH (https://fruux.com/)
+ * @author Evert Pot (https://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+class AclPrincipalPropSetReport implements XmlDeserializable {
+
+ public $properties = [];
+
+ /**
+ * The deserialize method is called during xml parsing.
+ *
+ * This method is called statictly, this is because in theory this method
+ * may be used as a type of constructor, or factory method.
+ *
+ * Often you want to return an instance of the current class, but you are
+ * free to return other data as well.
+ *
+ * You are responsible for advancing the reader to the next element. Not
+ * doing anything will result in a never-ending loop.
+ *
+ * If you just want to skip parsing for this element altogether, you can
+ * just call $reader->next();
+ *
+ * $reader->parseInnerTree() will parse the entire sub-tree, and advance to
+ * the next element.
+ *
+ * @param Reader $reader
+ * @return mixed
+ */
+ static function xmlDeserialize(Reader $reader) {
+
+ $reader->pushContext();
+ $reader->elementMap['{DAV:}prop'] = 'Sabre\Xml\Deserializer\enum';
+
+ $elems = Deserializer\keyValue(
+ $reader,
+ 'DAV:'
+ );
+
+ $reader->popContext();
+
+ $report = new self();
+
+ if (!empty($elems['prop'])) {
+ $report->properties = $elems['prop'];
+ }
+
+ return $report;
+
+ }
+
+}
diff --git a/vendor/sabre/dav/lib/DAVACL/Xml/Request/PrincipalMatchReport.php b/vendor/sabre/dav/lib/DAVACL/Xml/Request/PrincipalMatchReport.php
new file mode 100644
index 000000000..5c4e88189
--- /dev/null
+++ b/vendor/sabre/dav/lib/DAVACL/Xml/Request/PrincipalMatchReport.php
@@ -0,0 +1,107 @@
+<?php
+
+namespace Sabre\DAVACL\Xml\Request;
+
+use Sabre\Xml\XmlDeserializable;
+use Sabre\Xml\Reader;
+use Sabre\Xml\Deserializer;
+
+/**
+ * PrincipalMatchReport request parser.
+ *
+ * This class parses the {DAV:}principal-match REPORT, as defined
+ * in:
+ *
+ * https://tools.ietf.org/html/rfc3744#section-9.3
+ *
+ * @copyright Copyright (C) fruux GmbH (https://fruux.com/)
+ * @author Evert Pot (http://evertpot.com/)
+ * @license http://sabre.io/license/ Modified BSD License
+ */
+class PrincipalMatchReport implements XmlDeserializable {
+
+ /**
+ * Report on a list of principals that match the current principal.
+ */
+ const SELF = 1;
+
+ /**
+ * Report on a property on resources, such as {DAV:}owner, that match the current principal.
+ */
+ const PRINCIPAL_PROPERTY = 2;
+
+ /**
+ * Must be SELF or PRINCIPAL_PROPERTY
+ *
+ * @var int
+ */
+ public $type;
+
+ /**
+ * List of properties that are being requested for matching resources.
+ *
+ * @var string[]
+ */
+ public $properties = [];
+
+ /**
+ * If $type = PRINCIPAL_PROPERTY, which WebDAV property we should compare
+ * to the current principal.
+ *
+ * @var string
+ */
+ public $principalProperty;
+
+ /**
+ * The deserialize method is called during xml parsing.
+ *
+ * This method is called statictly, this is because in theory this method
+ * may be used as a type of constructor, or factory method.
+ *
+ * Often you want to return an instance of the current class, but you are
+ * free to return other data as well.
+ *
+ * You are responsible for advancing the reader to the next element. Not
+ * doing anything will result in a never-ending loop.
+ *
+ * If you just want to skip parsing for this element altogether, you can
+ * just call $reader->next();
+ *
+ * $reader->parseInnerTree() will parse the entire sub-tree, and advance to
+ * the next element.
+ *
+ * @param Reader $reader
+ * @return mixed
+ */
+ static function xmlDeserialize(Reader $reader) {
+
+ $reader->pushContext();
+ $reader->elementMap['{DAV:}prop'] = 'Sabre\Xml\Deserializer\enum';
+
+ $elems = Deserializer\keyValue(
+ $reader,
+ 'DAV:'
+ );
+
+ $reader->popContext();
+
+ $principalMatch = new self();
+
+ if (array_key_exists('self', $elems)) {
+ $principalMatch->type = self::SELF;
+ }
+
+ if (array_key_exists('principal-property', $elems)) {
+ $principalMatch->type = self::PRINCIPAL_PROPERTY;
+ $principalMatch->principalProperty = $elems['principal-property'][0]['name'];
+ }
+
+ if (!empty($elems['prop'])) {
+ $principalMatch->properties = $elems['prop'];
+ }
+
+ return $principalMatch;
+
+ }
+
+}