DAViCal
caldav-GET.php
1 <?php
11 dbg_error_log("get", "GET method handler");
12 
13 require("caldav-GET-functions.php");
14 
15 $dav_resource = new DAVResource($request->path);
16 $dav_resource->NeedPrivilege( array('urn:ietf:params:xml:ns:caldav:read-free-busy','DAV::read') );
17 if ( $dav_resource->IsExternal() ) {
18  require_once("external-fetch.php");
19  update_external ( $dav_resource );
20 }
21 
22 if ( ! $dav_resource->Exists() ) {
23  $request->DoResponse( 404, translate("Resource Not Found.") );
24 }
25 
26 if ( $request->path == '/' ) {
27  $request->DoResponse( 404, translate("Resource Not Found.") );
28 }
29 
30 if ( $dav_resource->IsCollection() ) {
31  $response = export_iCalendar($dav_resource);
32  header( 'Etag: '.$dav_resource->unique_tag() );
33  $request->DoResponse( 200, ($request->method == 'HEAD' ? '' : $response), 'text/calendar; charset="utf-8"' );
34 }
35 
36 
37 // Just a single event then
38 
39 $resource = $dav_resource->resource();
40 $ic = new iCalComponent( $resource->caldav_data );
41 
42 $resource->caldav_data = preg_replace( '{(?<!\r)\n}', "\r\n", $resource->caldav_data);
43 
45 $allowed = false;
46 if ( $dav_resource->HavePrivilegeTo('all', false) || $session->user_no == $resource->user_no || $session->user_no == $resource->logged_user
47  || ( $c->allow_get_email_visibility && $ic->IsAttendee($session->email) ) ) {
52  $allowed = true;
53 }
54 else if ( $resource->class != 'PRIVATE' ) {
55  $allowed = true; // but we may well obfuscate it below
56  if ( ! $dav_resource->HavePrivilegeTo('DAV::read') || ( $resource->class == 'CONFIDENTIAL' && ! $request->HavePrivilegeTo('DAV::write-content') ) ) {
57  $ical = new iCalComponent( $resource->caldav_data );
58  $comps = $ical->GetComponents('VTIMEZONE',false);
59  $confidential = obfuscated_event($comps[0]);
60  $ical->SetComponents( array($confidential), $resource->caldav_type );
61  $resource->caldav_data = $ical->Render();
62  }
63 }
64 // else $resource->class == 'PRIVATE' and this person may not see it.
65 
66 if ( ! $allowed ) {
67  $request->DoResponse( 403, translate("Forbidden") );
68 }
69 
70 header( 'Etag: "'.$resource->dav_etag.'"' );
71 header( 'Content-Length: '.strlen($resource->caldav_data) );
72 
73 $contenttype = 'text/plain';
74 switch( $resource->caldav_type ) {
75  case 'VJOURNAL':
76  case 'VEVENT':
77  case 'VTODO':
78  $contenttype = 'text/calendar; component=' . strtolower($resource->caldav_type);
79  break;
80 
81  case 'VCARD':
82  $contenttype = 'text/vcard';
83  break;
84 }
85 
86 $request->DoResponse( 200, ($request->method == 'HEAD' ? '' : $resource->caldav_data), $contenttype.'; charset="utf-8"' );