diff --git a/3.0/modules/webdav/controllers/webdav.php b/3.0/modules/webdav/controllers/webdav.php index b030c425..56bc388d 100644 --- a/3.0/modules/webdav/controllers/webdav.php +++ b/3.0/modules/webdav/controllers/webdav.php @@ -1,301 +1,322 @@ setBaseUri(url::site('webdav/gallery')); - //$server->addPlugin($lock); - $server->addPlugin($filter); - - $this->doAuthenticate(); - $server->exec(); + $server->setBaseUri(url::site("/")); + // $server->addPlugin($lock); + $server->addPlugin($filter); + + if ($this->_authenticate()) { + $server->exec(); + } } - - private function doAuthenticate() { - $auth = new Sabre_HTTP_BasicAuth(); - $auth->setRealm('Gallery3'); - $authResult = $auth->getUserPass(); - list($username, $password) = $authResult; - - if ($username == '' || $password == '') { - $auth->requireLogin(); - die; - } - - $user = identity::lookup_user_by_name($username); - if (empty($user) || !identity::is_correct_password($user, $password)) { - $auth->requireLogin(); - die; - } - - identity::set_active_user($user); - return $user; + + private function _authenticate() { + $auth = new Sabre_HTTP_BasicAuth(); + $auth->setRealm(item::root()->title); + $authResult = $auth->getUserPass(); + list($username, $password) = $authResult; + + if (!$username || !$password) { + $auth->requireLogin(); + return false; + } + + $user = identity::lookup_user_by_name($username); + if (empty($user) || !identity::is_correct_password($user, $password)) { + $auth->requireLogin(); + return false; + } + + identity::set_active_user($user); + return true; } } -class Gallery3DAVCache { - protected static $cache; - private static $instance; - - private function __construct() { - $this->cache = array(); - } +class Gallery3_DAV_Cache { + private static $cache; + private static $instance; - private function encodePath($path) - { - $path = trim($path, '/'); - $encodedArray = array(); - foreach (split('/', $path) as $part) - { - $encodedArray[] = rawurlencode($part); - } - - $path = join('/', $encodedArray); - - return $path; - } + private function __construct() { + self::$cache = array(); + } - public function getAlbumOf($path) { - $path = substr($path, 0, strrpos($path, '/')); - - return $this->getItemAt($path); + public static function instance() { + if (!isset(self::$instance)) { + self::$instance = new Gallery3_DAV_Cache(); } - - public function getItemAt($path) - { - $path = trim($path, '/'); - $path = $this->encodePath($path); - - if (isset($this->cache[$path])) { - return $this->cache[$path]; - } - - $item = ORM::factory("item") + return self::$instance; + } + + private function encode_path($path) { + $path = trim($path, "/"); + $encoded_array = array(); + foreach (explode("/", $path) as $part) { + $encoded_array[] = rawurlencode($part); + } + + return join("/", $encoded_array); + } + + public function to_album($path) { + $path = substr($path, 0, strrpos($path, "/")); + return $this->to_item($path); + } + + public function to_item($path) { + $path = trim($path, "/"); + $path = $this->encode_path($path); + + if (!isset(self::$cache[$path])) { + self::$cache[$path] = ORM::factory("item") + ->viewable() ->where("relative_path_cache", "=", $path) ->find(); - - $this->cache[$path] = $item; - return $item; } - - public static function singleton() { - if (!isset(self::$instance)) { - $c = __CLASS__; - self::$instance = new $c; - } - - return self::$instance; - } - - public function __clone() {} - + + return self::$cache[$path]; + } + + public function __clone() { + } } -class Gallery3DAVTree extends Sabre_DAV_Tree { - protected $rootNode; - - public function __construct(Sabre_DAV_ICollection $rootNode) { - $this->cache = Gallery3DAVCache::singleton(); - $this->rootNode = $rootNode; +class Gallery3_DAV_Tree extends Sabre_DAV_Tree { + protected $root_node; + + public function __construct(Sabre_DAV_ICollection $root_node) { + $this->cache = Gallery3_DAV_Cache::instance(); + $this->root_node = $root_node; + } + + public function move($source, $target) { + $source_item = $this->cache->to_item($source); + $target_item = $this->cache->to_album($target); + + try { + access::required("view", $sourceItem); + access::required("edit", $sourceItem); + access::required("view", $targetItem); + access::required("edit", $targetItem); + } catch (Kohana_404_Exception $e) { + throw new Sabre_DAV_Exception_Forbidden("Access denied"); } - - - public function move($source, $target) { - $sourceItem = $this->cache->getItemAt($source); - $targetItem = $this->cache->getAlbumOf($target); - - if (! access::can('view', $sourceItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - if (! access::can('edit', $sourceItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - if (! access::can('view', $targetItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - if (! access::can('edit', $targetItem)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - - $sourceItem->parent_id = $targetItem->id; - $sourceItem->save(); + + $source_item->parent_id = $targetItem->id; + $source_item->save(); + return true; + } + + public function getNodeForPath($path) { + $path = trim($path,"/"); + $item = $this->cache->to_item($path); + + if (!$item->loaded()) { + throw new Sabre_DAV_Exception_FileNotFound("Could not find node at path: $path"); + } + + if ($item->is_album()) { + return new Gallery3_Album($path); + } else { + return new Gallery3_File($path); + } + } +} + +class Gallery3_Album extends Sabre_DAV_Directory { + private $item; + private $stat; + private $path; + + function __construct($path) { + $this->cache = Gallery3_DAV_Cache::instance(); + $this->path = $path; + $this->item = $this->cache->to_item($path); + } + + function getName() { + return $this->item->name; + } + + function getChildren() { + $return = array(); + foreach ($this->item->viewable()->children() as $child) { + $return[] = $this->getChild($child->name); + } + return $return; + } + + function getChild($name) { + $rp = "{$this->path}/$name"; + $child = $this->cache->to_item($rp); + + if (!access::can("view", $child)) { + throw new Sabre_DAV_Exception_FileNotFound("Access denied"); + } + + if ($child->is_album()) { + return new Gallery3_Album($rp); + } else { + return new Gallery3_File($rp); + } + } + + public function createFile($name, $data=null) { + try { + access::required("view", $this->item); + access::required("add", $this->item); + } catch (Kohana_404_Exception $e) { + throw new Sabre_DAV_Exception_Forbidden("Access denied"); + } + if (substr($name, 0, 1) == ".") { return true; + }; + + try { + $tempfile = tempnam(TMPPATH, "dav"); + $target = fopen($tempfile, "wb"); + stream_copy_to_stream($data, $target); + fclose($target); + + $item = ORM::factory("item"); + $item->name = $name; + $item->title = item::convert_filename_to_title($item->name); + $item->description = ""; + $item->parent_id = $this->item->id; + $item->set_data_file($tempfile); + $item->type = "photo"; + $item->save(); + } catch (Exception $e) { + unlink($tempfile); + throw $e; } - - public function getNodeForPath($path) { - - $path = trim($path,'/'); - - $currentNode = $this->rootNode; - $item = $this->cache->getItemAt($path); - - if (! $item->id) { - throw new Sabre_DAV_Exception_FileNotFound('Could not find node at path: ' . $path); - } - - if ($item->type == 'album') { $currentNode = new Gallery3Album($path); } - else { $currentNode = new Gallery3File($path); } - - return $currentNode; + } + + public function createDirectory($name) { + try { + access::required("view", $this->item); + access::required("add", $this->item); + } catch (Kohana_404_Exception $e) { + throw new Sabre_DAV_Exception_Forbidden("Access denied"); } + + $album = ORM::factory("item"); + $album->type = "album"; + $album->parent_id = $this->item->id; + $album->name = $name; + $album->title = $name; + $album->description = ""; + $album->save(); + + // Refresh MPTT pointers + $this->item->reload(); + } + + function getLastModified() { + return $this->item->updated; + } + + function setName($name) { + if (!access::can("edit", $this->item)) { + throw new Sabre_DAV_Exception_Forbidden("Access denied"); + }; + + $this->item->name = $name; + $this->item->save(); + } + + public function delete() { + if (!access::can("edit", $this->item)) { + throw new Sabre_DAV_Exception_Forbidden("Access denied"); + }; + $this->item->delete(); + } } -class Gallery3Album extends Sabre_DAV_Directory { - private $item; - private $stat; - private $path; - - function __construct($path) { - $this->cache = Gallery3DAVCache::singleton(); - $this->path = $path; - $this->item = $this->cache->getItemAt($path); - } - - function getName() { - return $this->item->name; - } - - function getChildren() { - $return = array(); - foreach ($this->item->children() as $child) { - $item = $this->getChild($child->name); - if ($item != false) { - $return[] = $item; - } - } - return $return; - } - - function getChild($name) { - $rp = $this->path . '/' . $name; - - $child = $this->cache->getItemAt($rp); - - if (! $child->id) { - throw new Sabre_DAV_Exception_FileNotFound('Access denied'); - } - - if (! access::can('view', $child)) { - return false; - }; - - if ($child->type == 'album') { - return new Gallery3Album($rp); - } else { - return new Gallery3File($rp); - } - } - - public function createFile($name, $data = null) { - if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - if (! access::can('add', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - if (substr($name, 0, 1) == '.') { return true; }; - - $tempfile = tempnam(TMPPATH, 'dav'); - $target = fopen($tempfile, 'wb'); - stream_copy_to_stream($data, $target); - fclose($target); - - $parent_id = $this->item->__get('id'); - $item = ORM::factory("item"); - $item->name = $name; - $item->title = item::convert_filename_to_title($item->name); - $item->description = ''; - $item->parent_id = $parent_id; - $item->set_data_file($tempfile); - $item->type = "photo"; - $item->save(); - } - - public function createDirectory($name) { - if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - if (! access::can('add', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - - $parent_id = $this->item->__get('id'); - $album = ORM::factory("item"); - $album->type = "album"; - $album->parent_id = $parent_id; - $album->name = $name; - $album->title = $name; - $album->description = ''; - $album->save(); - - $this->item = ORM::factory("item")->where('id', '=', $parent_id); - } - - function getLastModified() { - return $this->item->updated; - } - - function setName($name) { - if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - - $this->item->name = $name; - $this->item->save(); - } - - public function delete() { - if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - $this->item->delete(); - } -} +class Gallery3_File extends Sabre_DAV_File { + private $item; + private $stat; + private $path; -class Gallery3File extends Sabre_DAV_File { - private $item; - private $stat; - private $path; - - function __construct($path) { - $this->cache = Gallery3DAVCache::singleton(); - $this->item = $this->cache->getItemAt($path); - - if (access::can('view_full', $this->item)) { - $this->stat = stat($this->item->file_path()); - $this->path = $this->item->file_path(); - } else { - $this->stat = stat($this->item->resize_path()); - $this->path = $this->item->resize_path(); - } - } - - public function delete() { - if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - $this->item->delete(); - } - - function setName($name) { - if (! access::can('edit', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - $this->item->name = $name; - $this->item->save(); - } - - public function getLastModified() { - return $this->item->updated; - } - - function get() { - if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - return fopen($this->path,'r'); - } - - function getSize() { - return $this->stat[7]; - } - - function getName() { - return $this->item->name; - } - - function getETag() { - if (! access::can('view', $this->item)) { throw new Sabre_DAV_Exception_Forbidden('Access denied'); }; - return '"' . md5($this->item->file_path()) . '"'; - } -} + function __construct($path) { + $this->cache = Gallery3_DAV_Cache::instance(); + $this->item = $this->cache->to_item($path); -?> \ No newline at end of file + if (access::can("view_full", $this->item)) { + $this->stat = stat($this->item->file_path()); + $this->path = $this->item->file_path(); + } else { + $this->stat = stat($this->item->resize_path()); + $this->path = $this->item->resize_path(); + } + } + + public function delete() { + if (!access::can("edit", $this->item)) { + throw new Sabre_DAV_Exception_Forbidden("Access denied"); + }; + $this->item->delete(); + } + + function setName($name) { + if (!access::can("edit", $this->item)) { + throw new Sabre_DAV_Exception_Forbidden("Access denied"); + }; + $this->item->name = $name; + $this->item->save(); + } + + public function getLastModified() { + return $this->item->updated; + } + + function get() { + if (!access::can("view", $this->item)) { + throw new Sabre_DAV_Exception_Forbidden("Access denied"); + }; + return fopen($this->path, "r"); + } + + function getSize() { + return $this->stat[7]; + } + + function getName() { + return $this->item->name; + } + + function getETag() { + if (!access::can("view", $this->item)) { + throw new Sabre_DAV_Exception_Forbidden("Access denied"); + }; + return "'" . md5($this->item->file_path()) . "'"; + } +}