212 lines
6.2 KiB
PHP
212 lines
6.2 KiB
PHP
<?php
|
|
|
|
namespace Sabre\DAVACL\Property;
|
|
|
|
use Sabre\DAV;
|
|
|
|
/**
|
|
* This class represents the {DAV:}acl property
|
|
*
|
|
* @copyright Copyright (C) 2007-2015 fruux GmbH (https://fruux.com/).
|
|
* @author Evert Pot (http://evertpot.com/)
|
|
* @license http://sabre.io/license/ Modified BSD License
|
|
*/
|
|
class Acl extends DAV\Property {
|
|
|
|
/**
|
|
* List of privileges
|
|
*
|
|
* @var array
|
|
*/
|
|
private $privileges;
|
|
|
|
/**
|
|
* Whether or not the server base url is required to be prefixed when
|
|
* serializing the property.
|
|
*
|
|
* @var boolean
|
|
*/
|
|
private $prefixBaseUrl;
|
|
|
|
/**
|
|
* Constructor
|
|
*
|
|
* This object requires a structure similar to the return value from
|
|
* Sabre\DAVACL\Plugin::getACL().
|
|
*
|
|
* Each privilege is a an array with at least a 'privilege' property, and a
|
|
* 'principal' property. A privilege may have a 'protected' property as
|
|
* well.
|
|
*
|
|
* The prefixBaseUrl should be set to false, if the supplied principal urls
|
|
* are already full urls. If this is kept to true, the servers base url
|
|
* will automatically be prefixed.
|
|
*
|
|
* @param bool $prefixBaseUrl
|
|
* @param array $privileges
|
|
*/
|
|
public function __construct(array $privileges, $prefixBaseUrl = true) {
|
|
|
|
$this->privileges = $privileges;
|
|
$this->prefixBaseUrl = $prefixBaseUrl;
|
|
|
|
}
|
|
|
|
/**
|
|
* Returns the list of privileges for this property
|
|
*
|
|
* @return array
|
|
*/
|
|
public function getPrivileges() {
|
|
|
|
return $this->privileges;
|
|
|
|
}
|
|
|
|
/**
|
|
* Serializes the property into a DOMElement
|
|
*
|
|
* @param DAV\Server $server
|
|
* @param \DOMElement $node
|
|
* @return void
|
|
*/
|
|
public function serialize(DAV\Server $server,\DOMElement $node) {
|
|
|
|
$doc = $node->ownerDocument;
|
|
foreach($this->privileges as $ace) {
|
|
|
|
$this->serializeAce($doc, $node, $ace, $server);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
/**
|
|
* Unserializes the {DAV:}acl xml element.
|
|
*
|
|
* @param \DOMElement $dom
|
|
* @return Acl
|
|
*/
|
|
static public function unserialize(\DOMElement $dom) {
|
|
|
|
$privileges = array();
|
|
$xaces = $dom->getElementsByTagNameNS('urn:DAV','ace');
|
|
for($ii=0; $ii < $xaces->length; $ii++) {
|
|
|
|
$xace = $xaces->item($ii);
|
|
$principal = $xace->getElementsByTagNameNS('urn:DAV','principal');
|
|
if ($principal->length !== 1) {
|
|
throw new DAV\Exception\BadRequest('Each {DAV:}ace element must have one {DAV:}principal element');
|
|
}
|
|
$principal = Principal::unserialize($principal->item(0));
|
|
|
|
switch($principal->getType()) {
|
|
case Principal::HREF :
|
|
$principal = $principal->getHref();
|
|
break;
|
|
case Principal::AUTHENTICATED :
|
|
$principal = '{DAV:}authenticated';
|
|
break;
|
|
case Principal::UNAUTHENTICATED :
|
|
$principal = '{DAV:}unauthenticated';
|
|
break;
|
|
case Principal::ALL :
|
|
$principal = '{DAV:}all';
|
|
break;
|
|
|
|
}
|
|
|
|
$protected = false;
|
|
|
|
if ($xace->getElementsByTagNameNS('urn:DAV','protected')->length > 0) {
|
|
$protected = true;
|
|
}
|
|
|
|
$grants = $xace->getElementsByTagNameNS('urn:DAV','grant');
|
|
if ($grants->length < 1) {
|
|
throw new DAV\Exception\NotImplemented('Every {DAV:}ace element must have a {DAV:}grant element. {DAV:}deny is not yet supported');
|
|
}
|
|
$grant = $grants->item(0);
|
|
|
|
$xprivs = $grant->getElementsByTagNameNS('urn:DAV','privilege');
|
|
for($jj=0; $jj<$xprivs->length; $jj++) {
|
|
|
|
$xpriv = $xprivs->item($jj);
|
|
|
|
$privilegeName = null;
|
|
|
|
for ($kk=0;$kk<$xpriv->childNodes->length;$kk++) {
|
|
|
|
$childNode = $xpriv->childNodes->item($kk);
|
|
if ($t = DAV\XMLUtil::toClarkNotation($childNode)) {
|
|
$privilegeName = $t;
|
|
break;
|
|
}
|
|
}
|
|
if (is_null($privilegeName)) {
|
|
throw new DAV\Exception\BadRequest('{DAV:}privilege elements must have a privilege element contained within them.');
|
|
}
|
|
|
|
$privileges[] = array(
|
|
'principal' => $principal,
|
|
'protected' => $protected,
|
|
'privilege' => $privilegeName,
|
|
);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return new self($privileges);
|
|
|
|
}
|
|
|
|
/**
|
|
* Serializes a single access control entry.
|
|
*
|
|
* @param \DOMDocument $doc
|
|
* @param \DOMElement $node
|
|
* @param array $ace
|
|
* @param DAV\Server $server
|
|
* @return void
|
|
*/
|
|
private function serializeAce($doc,$node,$ace, DAV\Server $server) {
|
|
|
|
$xace = $doc->createElementNS('DAV:','d:ace');
|
|
$node->appendChild($xace);
|
|
|
|
$principal = $doc->createElementNS('DAV:','d:principal');
|
|
$xace->appendChild($principal);
|
|
switch($ace['principal']) {
|
|
case '{DAV:}authenticated' :
|
|
$principal->appendChild($doc->createElementNS('DAV:','d:authenticated'));
|
|
break;
|
|
case '{DAV:}unauthenticated' :
|
|
$principal->appendChild($doc->createElementNS('DAV:','d:unauthenticated'));
|
|
break;
|
|
case '{DAV:}all' :
|
|
$principal->appendChild($doc->createElementNS('DAV:','d:all'));
|
|
break;
|
|
default:
|
|
$principal->appendChild($doc->createElementNS('DAV:','d:href',($this->prefixBaseUrl?$server->getBaseUri():'') . $ace['principal'] . '/'));
|
|
}
|
|
|
|
$grant = $doc->createElementNS('DAV:','d:grant');
|
|
$xace->appendChild($grant);
|
|
|
|
$privParts = null;
|
|
|
|
preg_match('/^{([^}]*)}(.*)$/',$ace['privilege'],$privParts);
|
|
|
|
$xprivilege = $doc->createElementNS('DAV:','d:privilege');
|
|
$grant->appendChild($xprivilege);
|
|
|
|
$xprivilege->appendChild($doc->createElementNS($privParts[1],'d:'.$privParts[2]));
|
|
|
|
if (isset($ace['protected']) && $ace['protected'])
|
|
$xace->appendChild($doc->createElement('d:protected'));
|
|
|
|
}
|
|
|
|
}
|