1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
|
<?php
declare(strict_types=1);
namespace Sabre\DAVACL\Xml\Property;
use Sabre\DAV;
use Sabre\DAV\Browser\HtmlOutput;
use Sabre\DAV\Browser\HtmlOutputHelper;
use Sabre\Xml\Element;
use Sabre\Xml\Reader;
use Sabre\Xml\Writer;
/**
* This class represents the {DAV:}acl property.
*
* The {DAV:}acl property is a full list of access control entries for a
* resource.
*
* {DAV:}acl is used as a WebDAV property, but it is also used within the body
* of the ACL request.
*
* See:
* http://tools.ietf.org/html/rfc3744#section-5.5
*
* @copyright Copyright (C) fruux GmbH (https://fruux.com/)
* @author Evert Pot (http://evertpot.com/)
* @license http://sabre.io/license/ Modified BSD License
*/
class Acl implements Element, HtmlOutput
{
/**
* List of privileges.
*
* @var array
*/
protected $privileges;
/**
* Whether or not the server base url is required to be prefixed when
* serializing the property.
*
* @var bool
*/
protected $prefixBaseUrl;
/**
* Constructor.
*
* This object requires a structure similar to the return value from
* Sabre\DAVACL\Plugin::getACL().
*
* Each privilege is a an array with at least a 'privilege' property, and a
* 'principal' property. A privilege may have a 'protected' property as
* well.
*
* The prefixBaseUrl should be set to false, if the supplied principal urls
* are already full urls. If this is kept to true, the servers base url
* will automatically be prefixed.
*
* @param array $privileges
* @param bool $prefixBaseUrl
*/
public function __construct(array $privileges, $prefixBaseUrl = true)
{
$this->privileges = $privileges;
$this->prefixBaseUrl = $prefixBaseUrl;
}
/**
* Returns the list of privileges for this property.
*
* @return array
*/
public function getPrivileges()
{
return $this->privileges;
}
/**
* The xmlSerialize method is called during xml writing.
*
* Use the $writer argument to write its own xml serialization.
*
* An important note: do _not_ create a parent element. Any element
* implementing XmlSerializable should only ever write what's considered
* its 'inner xml'.
*
* The parent of the current element is responsible for writing a
* containing element.
*
* This allows serializers to be re-used for different element names.
*
* If you are opening new elements, you must also close them again.
*
* @param Writer $writer
*/
public function xmlSerialize(Writer $writer)
{
foreach ($this->privileges as $ace) {
$this->serializeAce($writer, $ace);
}
}
/**
* Generate html representation for this value.
*
* The html output is 100% trusted, and no effort is being made to sanitize
* it. It's up to the implementor to sanitize user provided values.
*
* The output must be in UTF-8.
*
* The baseUri parameter is a url to the root of the application, and can
* be used to construct local links.
*
* @param HtmlOutputHelper $html
*
* @return string
*/
public function toHtml(HtmlOutputHelper $html)
{
ob_start();
echo '<table>';
echo '<tr><th>Principal</th><th>Privilege</th><th></th></tr>';
foreach ($this->privileges as $privilege) {
echo '<tr>';
// if it starts with a {, it's a special principal
if ('{' === $privilege['principal'][0]) {
echo '<td>', $html->xmlName($privilege['principal']), '</td>';
} else {
echo '<td>', $html->link($privilege['principal']), '</td>';
}
echo '<td>', $html->xmlName($privilege['privilege']), '</td>';
echo '<td>';
if (!empty($privilege['protected'])) {
echo '(protected)';
}
echo '</td>';
echo '</tr>';
}
echo '</table>';
return ob_get_clean();
}
/**
* The deserialize method is called during xml parsing.
*
* This method is called statically, this is because in theory this method
* may be used as a type of constructor, or factory method.
*
* Often you want to return an instance of the current class, but you are
* free to return other data as well.
*
* Important note 2: You are responsible for advancing the reader to the
* next element. Not doing anything will result in a never-ending loop.
*
* If you just want to skip parsing for this element altogether, you can
* just call $reader->next();
*
* $reader->parseInnerTree() will parse the entire sub-tree, and advance to
* the next element.
*
* @param Reader $reader
*
* @return mixed
*/
public static function xmlDeserialize(Reader $reader)
{
$elementMap = [
'{DAV:}ace' => 'Sabre\Xml\Element\KeyValue',
'{DAV:}privilege' => 'Sabre\Xml\Element\Elements',
'{DAV:}principal' => 'Sabre\DAVACL\Xml\Property\Principal',
];
$privileges = [];
foreach ((array) $reader->parseInnerTree($elementMap) as $element) {
if ('{DAV:}ace' !== $element['name']) {
continue;
}
$ace = $element['value'];
if (empty($ace['{DAV:}principal'])) {
throw new DAV\Exception\BadRequest('Each {DAV:}ace element must have one {DAV:}principal element');
}
$principal = $ace['{DAV:}principal'];
switch ($principal->getType()) {
case Principal::HREF:
$principal = $principal->getHref();
break;
case Principal::AUTHENTICATED:
$principal = '{DAV:}authenticated';
break;
case Principal::UNAUTHENTICATED:
$principal = '{DAV:}unauthenticated';
break;
case Principal::ALL:
$principal = '{DAV:}all';
break;
}
$protected = array_key_exists('{DAV:}protected', $ace);
if (!isset($ace['{DAV:}grant'])) {
throw new DAV\Exception\NotImplemented('Every {DAV:}ace element must have a {DAV:}grant element. {DAV:}deny is not yet supported');
}
foreach ($ace['{DAV:}grant'] as $elem) {
if ('{DAV:}privilege' !== $elem['name']) {
continue;
}
foreach ($elem['value'] as $priv) {
$privileges[] = [
'principal' => $principal,
'protected' => $protected,
'privilege' => $priv,
];
}
}
}
return new self($privileges);
}
/**
* Serializes a single access control entry.
*
* @param Writer $writer
* @param array $ace
*/
private function serializeAce(Writer $writer, array $ace)
{
$writer->startElement('{DAV:}ace');
switch ($ace['principal']) {
case '{DAV:}authenticated':
$principal = new Principal(Principal::AUTHENTICATED);
break;
case '{DAV:}unauthenticated':
$principal = new Principal(Principal::UNAUTHENTICATED);
break;
case '{DAV:}all':
$principal = new Principal(Principal::ALL);
break;
default:
$principal = new Principal(Principal::HREF, $ace['principal']);
break;
}
$writer->writeElement('{DAV:}principal', $principal);
$writer->startElement('{DAV:}grant');
$writer->startElement('{DAV:}privilege');
$writer->writeElement($ace['privilege']);
$writer->endElement(); // privilege
$writer->endElement(); // grant
if (!empty($ace['protected'])) {
$writer->writeElement('{DAV:}protected');
}
$writer->endElement(); // ace
}
}
|
