1<?php 2/** 3* CalDAV Server - handle GET method 4* 5* @package davical 6* @subpackage caldav 7* @author Andrew McMillan <andrew@mcmillan.net.nz> 8* @copyright Catalyst .Net Ltd, Morphoss Ltd <http://www.morphoss.com/> 9* @license http://gnu.org/copyleft/gpl.html GNU GPL v2 or later 10*/ 11dbg_error_log("get", "GET method handler"); 12 13require("caldav-GET-functions.php"); 14 15$dav_resource = new DAVResource($request->path); 16$dav_resource->NeedPrivilege( array('urn:ietf:params:xml:ns:caldav:read-free-busy','DAV::read') ); 17if ( $dav_resource->IsExternal() ) { 18 require_once("external-fetch.php"); 19 update_external ( $dav_resource ); 20} 21 22if ( ! $dav_resource->Exists() ) { 23 $request->DoResponse( 404, translate("Resource Not Found.") ); 24} 25 26 27if ( $dav_resource->IsCollection() ) { 28 $response = export_iCalendar($dav_resource); 29 header( 'Etag: '.$dav_resource->unique_tag() ); 30 $request->DoResponse( 200, ($request->method == 'HEAD' ? '' : $response), 'text/calendar; charset="utf-8"' ); 31} 32 33 34// Just a single event then 35 36$resource = $dav_resource->resource(); 37$ic = new iCalComponent( $resource->caldav_data ); 38 39$resource->caldav_data = preg_replace( '{(?<!\r)\n}', "\r\n", $resource->caldav_data); 40 41/** Default deny... */ 42$allowed = false; 43if ( $dav_resource->HavePrivilegeTo('all', false) || $session->user_no == $resource->user_no || $session->user_no == $resource->logged_user 44 || ( $c->allow_get_email_visibility && $ic->IsAttendee($session->email) ) ) { 45 /** 46 * These people get to see all of the event, and they should always 47 * get any alarms as well. 48 */ 49 $allowed = true; 50} 51else if ( $resource->class != 'PRIVATE' ) { 52 $allowed = true; // but we may well obfuscate it below 53 if ( ! $dav_resource->HavePrivilegeTo('DAV::read') || ( $resource->class == 'CONFIDENTIAL' && ! $request->HavePrivilegeTo('DAV::write-content') ) ) { 54 $ical = new iCalComponent( $resource->caldav_data ); 55 $comps = $ical->GetComponents('VTIMEZONE',false); 56 $confidential = obfuscated_event($comps[0]); 57 $ical->SetComponents( array($confidential), $resource->caldav_type ); 58 $resource->caldav_data = $ical->Render(); 59 } 60} 61// else $resource->class == 'PRIVATE' and this person may not see it. 62 63if ( ! $allowed ) { 64 $request->DoResponse( 403, translate("Forbidden") ); 65} 66 67header( 'Etag: "'.$resource->dav_etag.'"' ); 68header( 'Content-Length: '.strlen($resource->caldav_data) ); 69 70$contenttype = 'text/plain'; 71switch( $resource->caldav_type ) { 72 case 'VJOURNAL': 73 case 'VEVENT': 74 case 'VTODO': 75 $contenttype = 'text/calendar; component=' . strtolower($resource->caldav_type); 76 break; 77 78 case 'VCARD': 79 $contenttype = 'text/vcard'; 80 break; 81} 82 83$request->DoResponse( 200, ($request->method == 'HEAD' ? '' : $resource->caldav_data), $contenttype.'; charset="utf-8"' ); 84