mirror of
https://github.com/YunoHost-Apps/hubzilla_ynh.git
synced 2024-09-03 19:26:21 +02:00
299 lines
7.7 KiB
PHP
299 lines
7.7 KiB
PHP
|
<?php
|
||
|
/**
|
||
|
* @file include/reddav.php
|
||
|
* @brief some DAV related functions for Hubzilla.
|
||
|
*
|
||
|
* This file contains some functions which did not fit into one of the RedDAV
|
||
|
* classes.
|
||
|
*
|
||
|
* The extended SabreDAV classes you will find in the RedDAV namespace under
|
||
|
* @ref includes/RedDAV/.
|
||
|
* The original SabreDAV classes you can find under @ref vendor/sabre/dav/.
|
||
|
* We need to use SabreDAV 1.8.x for PHP5.3 compatibility. SabreDAV >= 2.0
|
||
|
* requires PHP >= 5.4.
|
||
|
*
|
||
|
* @todo split up the classes into own files.
|
||
|
*
|
||
|
* @link http://github.com/friendica/red
|
||
|
* @license http://opensource.org/licenses/mit-license.php The MIT License (MIT)
|
||
|
*/
|
||
|
|
||
|
use Sabre\DAV;
|
||
|
use Zotlabs\Storage;
|
||
|
|
||
|
require_once('vendor/autoload.php');
|
||
|
require_once('include/attach.php');
|
||
|
|
||
|
/**
|
||
|
* @brief Returns an array with viewable channels.
|
||
|
*
|
||
|
* Get a list of RedDirectory objects with all the channels where the visitor
|
||
|
* has <b>view_storage</b> perms.
|
||
|
*
|
||
|
* @todo Is there any reason why this is not inside RedDirectory class?
|
||
|
* @fixme function name looks like a class name, should we rename it?
|
||
|
*
|
||
|
* @param RedBasicAuth &$auth
|
||
|
* @return array RedDirectory[]
|
||
|
*/
|
||
|
function RedChannelList(&$auth) {
|
||
|
$ret = array();
|
||
|
|
||
|
$r = q("SELECT channel_id, channel_address FROM channel WHERE channel_removed = 0 AND channel_system = 0 AND NOT (channel_pageflags & %d)>0",
|
||
|
intval(PAGE_HIDDEN)
|
||
|
);
|
||
|
|
||
|
if ($r) {
|
||
|
foreach ($r as $rr) {
|
||
|
if (perm_is_allowed($rr['channel_id'], $auth->observer, 'view_storage')) {
|
||
|
logger('found channel: /cloud/' . $rr['channel_address'], LOGGER_DATA);
|
||
|
// @todo can't we drop '/cloud'? It gets stripped off anyway in RedDirectory
|
||
|
$ret[] = new Zotlabs\Storage\Directory('/cloud/' . $rr['channel_address'], $auth);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
return $ret;
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* @brief TODO what exactly does this function?
|
||
|
*
|
||
|
* Array with all RedDirectory and RedFile DAV\Node items for the given path.
|
||
|
*
|
||
|
* @todo Is there any reason why this is not inside RedDirectory class? Seems
|
||
|
* only to be used there and we could simplify it a bit there.
|
||
|
* @fixme function name looks like a class name, should we rename it?
|
||
|
*
|
||
|
* @param string $file path to a directory
|
||
|
* @param RedBasicAuth &$auth
|
||
|
* @returns null|array \Sabre\DAV\INode[]
|
||
|
* @throw \Sabre\DAV\Exception\Forbidden
|
||
|
* @throw \Sabre\DAV\Exception\NotFound
|
||
|
*/
|
||
|
function RedCollectionData($file, &$auth) {
|
||
|
$ret = array();
|
||
|
|
||
|
$x = strpos($file, '/cloud');
|
||
|
if ($x === 0) {
|
||
|
$file = substr($file, 6);
|
||
|
}
|
||
|
|
||
|
// return a list of channel if we are not inside a channel
|
||
|
if ((! $file) || ($file === '/')) {
|
||
|
return RedChannelList($auth);
|
||
|
}
|
||
|
|
||
|
$file = trim($file, '/');
|
||
|
$path_arr = explode('/', $file);
|
||
|
|
||
|
if (! $path_arr)
|
||
|
return null;
|
||
|
|
||
|
$channel_name = $path_arr[0];
|
||
|
|
||
|
$r = q("SELECT channel_id FROM channel WHERE channel_address = '%s' LIMIT 1",
|
||
|
dbesc($channel_name)
|
||
|
);
|
||
|
|
||
|
if (! $r)
|
||
|
return null;
|
||
|
|
||
|
$channel_id = $r[0]['channel_id'];
|
||
|
$perms = permissions_sql($channel_id);
|
||
|
|
||
|
$auth->owner_id = $channel_id;
|
||
|
|
||
|
$path = '/' . $channel_name;
|
||
|
|
||
|
$folder = '';
|
||
|
$errors = false;
|
||
|
$permission_error = false;
|
||
|
|
||
|
for ($x = 1; $x < count($path_arr); $x++) {
|
||
|
$r = q("SELECT id, hash, filename, flags, is_dir FROM attach WHERE folder = '%s' AND filename = '%s' AND uid = %d AND is_dir != 0 $perms LIMIT 1",
|
||
|
dbesc($folder),
|
||
|
dbesc($path_arr[$x]),
|
||
|
intval($channel_id)
|
||
|
);
|
||
|
if (! $r) {
|
||
|
// path wasn't found. Try without permissions to see if it was the result of permissions.
|
||
|
$errors = true;
|
||
|
$r = q("select id, hash, filename, flags, is_dir from attach where folder = '%s' and filename = '%s' and uid = %d and is_dir != 0 limit 1",
|
||
|
dbesc($folder),
|
||
|
basename($path_arr[$x]),
|
||
|
intval($channel_id)
|
||
|
);
|
||
|
if ($r) {
|
||
|
$permission_error = true;
|
||
|
}
|
||
|
break;
|
||
|
}
|
||
|
|
||
|
if ($r && intval($r[0]['is_dir'])) {
|
||
|
$folder = $r[0]['hash'];
|
||
|
$path = $path . '/' . $r[0]['filename'];
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ($errors) {
|
||
|
if ($permission_error) {
|
||
|
throw new DAV\Exception\Forbidden('Permission denied.');
|
||
|
} else {
|
||
|
throw new DAV\Exception\NotFound('A component of the request file path could not be found.');
|
||
|
}
|
||
|
}
|
||
|
|
||
|
// This should no longer be needed since we just returned errors for paths not found
|
||
|
if ($path !== '/' . $file) {
|
||
|
logger("Path mismatch: $path !== /$file");
|
||
|
return NULL;
|
||
|
}
|
||
|
if(ACTIVE_DBTYPE == DBTYPE_POSTGRES) {
|
||
|
$prefix = 'DISTINCT ON (filename)';
|
||
|
$suffix = 'ORDER BY filename';
|
||
|
} else {
|
||
|
$prefix = '';
|
||
|
$suffix = 'GROUP BY filename';
|
||
|
}
|
||
|
$r = q("select $prefix id, uid, hash, filename, filetype, filesize, revision, folder, flags, is_dir, created, edited from attach where folder = '%s' and uid = %d $perms $suffix",
|
||
|
dbesc($folder),
|
||
|
intval($channel_id)
|
||
|
);
|
||
|
|
||
|
foreach ($r as $rr) {
|
||
|
//logger('filename: ' . $rr['filename'], LOGGER_DEBUG);
|
||
|
if (intval($rr['is_dir'])) {
|
||
|
$ret[] = new Zotlabs\Storage\Directory($path . '/' . $rr['filename'], $auth);
|
||
|
} else {
|
||
|
$ret[] = new Zotlabs\Storage\File($path . '/' . $rr['filename'], $rr, $auth);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
return $ret;
|
||
|
}
|
||
|
|
||
|
|
||
|
/**
|
||
|
* @brief TODO What exactly is this function for?
|
||
|
*
|
||
|
* @fixme function name looks like a class name, should we rename it?
|
||
|
*
|
||
|
* @param string $file
|
||
|
* path to file or directory
|
||
|
* @param RedBasicAuth &$auth
|
||
|
* @param boolean $test (optional) enable test mode
|
||
|
* @return RedFile|RedDirectory|boolean|null
|
||
|
* @throw \Sabre\DAV\Exception\Forbidden
|
||
|
*/
|
||
|
function RedFileData($file, &$auth, $test = false) {
|
||
|
logger($file . (($test) ? ' (test mode) ' : ''), LOGGER_DATA);
|
||
|
|
||
|
$x = strpos($file, '/cloud');
|
||
|
if ($x === 0) {
|
||
|
$file = substr($file, 6);
|
||
|
}
|
||
|
else {
|
||
|
$x = strpos($file,'/dav');
|
||
|
if($x === 0)
|
||
|
$file = substr($file,4);
|
||
|
}
|
||
|
|
||
|
|
||
|
if ((! $file) || ($file === '/')) {
|
||
|
return new Zotlabs\Storage\Directory('/', $auth);
|
||
|
}
|
||
|
|
||
|
$file = trim($file, '/');
|
||
|
|
||
|
$path_arr = explode('/', $file);
|
||
|
|
||
|
if (! $path_arr)
|
||
|
return null;
|
||
|
|
||
|
$channel_name = $path_arr[0];
|
||
|
|
||
|
$r = q("select channel_id from channel where channel_address = '%s' limit 1",
|
||
|
dbesc($channel_name)
|
||
|
);
|
||
|
|
||
|
if (! $r)
|
||
|
return null;
|
||
|
|
||
|
$channel_id = $r[0]['channel_id'];
|
||
|
|
||
|
$path = '/' . $channel_name;
|
||
|
|
||
|
$auth->owner_id = $channel_id;
|
||
|
|
||
|
$permission_error = false;
|
||
|
|
||
|
$folder = '';
|
||
|
|
||
|
require_once('include/security.php');
|
||
|
$perms = permissions_sql($channel_id);
|
||
|
|
||
|
$errors = false;
|
||
|
|
||
|
for ($x = 1; $x < count($path_arr); $x++) {
|
||
|
$r = q("select id, hash, filename, flags, is_dir from attach where folder = '%s' and filename = '%s' and uid = %d and is_dir != 0 $perms",
|
||
|
dbesc($folder),
|
||
|
dbesc($path_arr[$x]),
|
||
|
intval($channel_id)
|
||
|
);
|
||
|
|
||
|
if ($r && intval($r[0]['is_dir'])) {
|
||
|
$folder = $r[0]['hash'];
|
||
|
$path = $path . '/' . $r[0]['filename'];
|
||
|
}
|
||
|
if (! $r) {
|
||
|
$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, is_dir, os_storage, created, edited from attach
|
||
|
where folder = '%s' and filename = '%s' and uid = %d $perms order by filename limit 1",
|
||
|
dbesc($folder),
|
||
|
dbesc(basename($file)),
|
||
|
intval($channel_id)
|
||
|
);
|
||
|
}
|
||
|
if (! $r) {
|
||
|
$errors = true;
|
||
|
$r = q("select id, uid, hash, filename, filetype, filesize, revision, folder, flags, is_dir, os_storage, created, edited from attach
|
||
|
where folder = '%s' and filename = '%s' and uid = %d order by filename limit 1",
|
||
|
dbesc($folder),
|
||
|
dbesc(basename($file)),
|
||
|
intval($channel_id)
|
||
|
);
|
||
|
if ($r)
|
||
|
$permission_error = true;
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if ($path === '/' . $file) {
|
||
|
if ($test)
|
||
|
return true;
|
||
|
// final component was a directory.
|
||
|
return new Zotlabs\Storage\Directory($file, $auth);
|
||
|
}
|
||
|
|
||
|
if ($errors) {
|
||
|
logger('not found ' . $file);
|
||
|
if ($test)
|
||
|
return false;
|
||
|
if ($permission_error) {
|
||
|
logger('permission error ' . $file);
|
||
|
throw new DAV\Exception\Forbidden('Permission denied.');
|
||
|
}
|
||
|
return;
|
||
|
}
|
||
|
|
||
|
if ($r) {
|
||
|
if ($test)
|
||
|
return true;
|
||
|
|
||
|
if (intval($r[0]['is_dir'])) {
|
||
|
return new Zotlabs\Storage\Directory($path . '/' . $r[0]['filename'], $auth);
|
||
|
} else {
|
||
|
return new Zotlabs\Storage\File($path . '/' . $r[0]['filename'], $r[0], $auth);
|
||
|
}
|
||
|
}
|
||
|
return false;
|
||
|
}
|