1<?php
2/**
3* CalDAV Server - handle GET method
4*
5* @package   davical
6* @subpackage   caldav
7* @author    Andrew McMillan <andrew@mcmillan.net.nz>
8* @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/>
9* @license   http://gnu.org/copyleft/gpl.html GNU GPL v2 or later
10*/
11dbg_error_log("get", "GET method handler");
12
13require("caldav-GET-functions.php");
14
15$dav_resource = new DAVResource($request->path);
16$dav_resource->NeedPrivilege( array('urn:ietf:params:xml:ns:caldav:read-free-busy','DAV::read') );
17if ( $dav_resource->IsExternal() ) {
18  require_once("external-fetch.php");
19  update_external ( $dav_resource );
20}
21
22if ( ! $dav_resource->Exists() ) {
23  $request->DoResponse( 404, translate("Resource Not Found.") );
24}
25
26
27if ( $dav_resource->IsCollection() ) {
28  $response = export_iCalendar($dav_resource);
29  header( 'Etag: '.$dav_resource->unique_tag() );
30  $request->DoResponse( 200, ($request->method == 'HEAD' ? '' : $response), 'text/calendar; charset="utf-8"' );
31}
32
33
34// Just a single event then
35
36$resource = $dav_resource->resource();
37$ic = new iCalComponent( $resource->caldav_data );
38
39$resource->caldav_data = preg_replace( '{(?<!\r)\n}', "\r\n", $resource->caldav_data);
40
41/** Default deny... */
42$allowed = false;
43if ( $dav_resource->HavePrivilegeTo('all', false) || $session->user_no == $resource->user_no || $session->user_no == $resource->logged_user
44      || ( $c->allow_get_email_visibility && $ic->IsAttendee($session->email) ) ) {
45  /**
46  * These people get to see all of the event, and they should always
47  * get any alarms as well.
48  */
49  $allowed = true;
50}
51else if ( $resource->class != 'PRIVATE' ) {
52  $allowed = true; // but we may well obfuscate it below
53  if ( ! $dav_resource->HavePrivilegeTo('DAV::read') || ( $resource->class == 'CONFIDENTIAL' && ! $request->HavePrivilegeTo('DAV::write-content') ) ) {
54    $ical = new iCalComponent( $resource->caldav_data );
55    $comps = $ical->GetComponents('VTIMEZONE',false);
56    $confidential = obfuscated_event($comps[0]);
57    $ical->SetComponents( array($confidential), $resource->caldav_type );
58    $resource->caldav_data = $ical->Render();
59  }
60}
61// else $resource->class == 'PRIVATE' and this person may not see it.
62
63if ( ! $allowed ) {
64  $request->DoResponse( 403, translate("Forbidden") );
65}
66
67header( 'Etag: "'.$resource->dav_etag.'"' );
68header( 'Content-Length: '.strlen($resource->caldav_data) );
69
70$contenttype = 'text/plain';
71switch( $resource->caldav_type ) {
72  case 'VJOURNAL':
73  case 'VEVENT':
74  case 'VTODO':
75    $contenttype = 'text/calendar; component=' . strtolower($resource->caldav_type);
76    break;
77
78  case 'VCARD':
79    $contenttype = 'text/vcard';
80    break;
81}
82
83$request->DoResponse( 200, ($request->method == 'HEAD' ? '' : $resource->caldav_data), $contenttype.'; charset="utf-8"' );
84