diff --git a/doc/SQL/mysql.initial.sql b/doc/SQL/mysql.initial.sql index 6e90f24..810bff5 100644 --- a/doc/SQL/mysql.initial.sql +++ b/doc/SQL/mysql.initial.sql @@ -1,35 +1,38 @@ CREATE TABLE IF NOT EXISTS `chwala_locks` ( `uri` varchar(512) BINARY NOT NULL, `owner` varchar(256), `timeout` integer unsigned, `expires` datetime DEFAULT NULL, `token` varchar(256), `scope` tinyint, `depth` tinyint, INDEX `uri_index` (`uri`, `depth`), INDEX `expires_index` (`expires`), INDEX `token_index` (`token`) ) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */; CREATE TABLE IF NOT EXISTS `chwala_sessions` ( - `id` varchar(40) BINARY NOT NULL, - `uri` varchar(1024) BINARY NOT NULL, - `owner` varchar(255) BINARY NOT NULL, - `data` mediumtext, + `id` varchar(40) BINARY NOT NULL, + `uri` varchar(1024) BINARY NOT NULL, + `owner` varchar(255) BINARY NOT NULL, + `owner_name` varchar(255) DEFAULT NULL, + `data` mediumtext, PRIMARY KEY (`id`), INDEX `uri_index` (`uri`(255)), INDEX `owner` (`owner`) ) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */; CREATE TABLE IF NOT EXISTS `chwala_invitations` ( `session_id` varchar(40) BINARY NOT NULL, `user` varchar(255) BINARY NOT NULL, + `user_name` varchar(255) DEFAULT NULL, `status` varchar(16) NOT NULL, `changed` datetime DEFAULT NULL, + `comment` mediumtext, CONSTRAINT `session_id_fk_chwala_invitations` FOREIGN KEY (`session_id`) REFERENCES `chwala_sessions`(`id`) ON DELETE CASCADE ON UPDATE CASCADE, INDEX `session_id` (`session_id`), UNIQUE INDEX `user_session_id` (`user`, `session_id`) ) /*!40000 ENGINE=INNODB */ /*!40101 CHARACTER SET utf8 COLLATE utf8_general_ci */; INSERT INTO `system` (`name`, `value`) VALUES ('chwala-version', '2015110400'); diff --git a/lib/api/common.php b/lib/api/common.php index 8f7d5e7..69d2fc7 100644 --- a/lib/api/common.php +++ b/lib/api/common.php @@ -1,166 +1,166 @@ | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ class file_api_common { protected $api; protected $rc; protected $args = array(); public function __construct($api) { $this->rc = rcube::get_instance(); $this->api = $api; } /** * Request handler */ public function handle() { // GET arguments $this->args = &$_GET; // POST arguments (JSON) if ($_SERVER['REQUEST_METHOD'] == 'POST') { $post = file_get_contents('php://input'); $this->args += (array) json_decode($post, true); unset($post); } // disable script execution time limit, so we can handle big files - @set_time_limit(0); + @set_time_limit(360); } /** * File uploads handler */ protected function upload() { $files = array(); if (is_array($_FILES['file']['tmp_name'])) { foreach ($_FILES['file']['tmp_name'] as $i => $filepath) { if ($err = $_FILES['file']['error'][$i]) { if ($err == UPLOAD_ERR_INI_SIZE || $err == UPLOAD_ERR_FORM_SIZE) { $maxsize = ini_get('upload_max_filesize'); $maxsize = $this->show_bytes(parse_bytes($maxsize)); throw new Exception("Maximum file size ($maxsize) exceeded", file_api_core::ERROR_CODE); } throw new Exception("File upload failed", file_api_core::ERROR_CODE); } $files[] = array( 'path' => $filepath, 'name' => $_FILES['file']['name'][$i], 'size' => filesize($filepath), 'type' => rcube_mime::file_content_type($filepath, $_FILES['file']['name'][$i], $_FILES['file']['type']), ); } } else if ($_SERVER['REQUEST_METHOD'] == 'POST') { // if filesize exceeds post_max_size then $_FILES array is empty, if ($maxsize = ini_get('post_max_size')) { $maxsize = $this->show_bytes(parse_bytes($maxsize)); throw new Exception("Maximum file size ($maxsize) exceeded", file_api_core::ERROR_CODE); } throw new Exception("File upload failed", file_api_core::ERROR_CODE); } return $files; } /** * Return built-in viewer opbject for specified mimetype * * @return object Viewer object */ protected function find_viewer($mimetype) { $dir = RCUBE_INSTALL_PATH . 'lib/viewers'; if ($handle = opendir($dir)) { while (false !== ($file = readdir($handle))) { if (preg_match('/^([a-z0-9_]+)\.php$/i', $file, $matches)) { include_once $dir . '/' . $file; $class = 'file_viewer_' . $matches[1]; $viewer = new $class($this->api); if ($viewer->supports($mimetype)) { return $viewer; } } } closedir($handle); } } /** * Parse driver metadata information */ protected function parse_metadata($metadata, $default = false) { if ($default) { unset($metadata['form']); $metadata['name'] .= ' (' . $this->api->translate('localstorage') . ')'; } // localize form labels foreach ($metadata['form'] as $key => $val) { $label = $this->api->translate('form.' . $val); if (strpos($label, 'form.') !== 0) { $metadata['form'][$key] = $label; } } return $metadata; } /** * Get folder rights */ protected function folder_rights($folder) { list($driver, $path) = $this->api->get_driver($folder); $rights = $driver->folder_rights($path); $result = array(); $map = array( file_storage::ACL_READ => 'read', file_storage::ACL_WRITE => 'write', ); foreach ($map as $key => $value) { if ($rights & $key) { $result[] = $value; } } return $result; } } diff --git a/lib/api/document.php b/lib/api/document.php index 3b89943..fa5d7df 100644 --- a/lib/api/document.php +++ b/lib/api/document.php @@ -1,188 +1,268 @@ | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ class file_api_document extends file_api_common { /** * Request handler */ public function handle() { $method = $_SERVER['REQUEST_METHOD']; $this->args = $_GET; if ($method == 'POST' && !empty($_SERVER['HTTP_X_HTTP_METHOD'])) { $method = $_SERVER['HTTP_X_HTTP_METHOD']; } - // Sessions and invitations management - if (strpos($this->args['method'], 'document_') === 0) { - if ($method == 'POST') { + // Invitation notifications + if ($this->args['method'] == 'invitations') { + return $this->invitations(); + } + // Session and invitations management + else if (strpos($this->args['method'], 'document_') === 0) { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { $post = file_get_contents('php://input'); $this->args += (array) json_decode($post, true); unset($post); } if (empty($this->args['id'])) { throw new Exception("Missing document ID.", file_api_core::ERROR_CODE); } - + switch ($this->args['method']) { case 'document_delete': - return $this->document_delete($this->args['id']); - case 'document_invite': - return $this->document_invite($this->args['id']); - -// case 'document_request': -// case 'document_decline': -// case 'document_accept': -// case 'document_remove': + case 'document_request': + case 'document_decline': + case 'document_accept': + case 'document_cancel': + return $this->{$this->args['method']}($this->args['id']); } } // Document content actions for Manticore else if ($method == 'PUT' || $method == 'GET') { if (empty($this->args['id'])) { throw new Exception("Missing document ID.", file_api_core::ERROR_CODE); } $file = $this->get_file_path($this->args['id']); return $this->{'document_' . strtolower($method)}($file); } throw new Exception("Unknown method", file_api_core::ERROR_INVALID); } /** * Get file path from manticore session identifier */ protected function get_file_path($id) { $manticore = new file_manticore($this->api); return $manticore->session_file($id); } + /** + * Get invitations list + */ + protected function invitations() + { + $timestamp = time(); + + // Initial tracking request, return just the current timestamp + if ($this->args['timestamp'] == -1) { + return array('timestamp' => $timestamp); + // @TODO: in this mode we should likely return all invitations + // that require user action, otherwise we may skip some unintentionally + } + + $manticore = new file_manticore($this->api); + $filter = array(); + + if ($this->args['timestamp']) { + $filter['timestamp'] = $this->args['timestamp']; + } + + $list = $manticore->invitations_list($filter); + + return array( + 'list' => $list, + 'timestamp' => $timestamp, + ); + } + /** * Close (delete) manticore session */ protected function document_delete($id) { $manticore = new file_manticore($this->api); if (!$manticore->session_delete($id)) { throw new Exception("Failed deleting the document session.", file_api_core::ERROR_CODE); } } /** - * Invite/add a session participant + * Invite/add a session participant(s) */ protected function document_invite($id) { $manticore = new file_manticore($this->api); $users = $this->args['users']; + $comment = $this->args['comment']; if (empty($users)) { throw new Exception("Invalid arguments.", file_api_core::ERROR_CODE); } foreach ((array) $users as $user) { - if (empty($user['user']) || !$manticore->invitation_create($id, $user['user'], file_manticore::STATUS_INVITED)) { - throw new Exception("Failed adding a session participant.", file_api_core::ERROR_CODE); + if (!empty($user['user'])) { + $manticore->invitation_create($id, $user['user'], file_manticore::STATUS_INVITED, $comment, $user['name']); + + $result[] = array( + 'session_id' => $id, + 'user' => $user['user'], + 'user_name' => $user['name'], + 'status' => file_manticore::STATUS_INVITED, + ); } + } + + return array( + 'list' => $result, + ); + } + + /** + * Request an invitation to a session + */ + protected function document_request($id) + { + $manticore = new file_manticore($this->api); + $manticore->invitation_create($id, null, file_manticore::STATUS_REQUESTED, $this->args['comment']); + } + + /** + * Decline an invitation to a session + */ + protected function document_decline($id) + { + $manticore = new file_manticore($this->api); + $manticore->invitation_update($id, $this->args['user'], file_manticore::STATUS_DECLINED, $this->args['comment']); + } - $result = array( - 'session_id' => $id, - 'user' => $user['user'], -// 'name' => $user['name'], - 'status' => file_manticore::STATUS_INVITED, - ); + /** + * Accept an invitation to a session + */ + protected function document_accept($id) + { + $manticore = new file_manticore($this->api); + $manticore->invitation_update($id, $this->args['user'], file_manticore::STATUS_ACCEPTED, $this->args['comment']); + } + + /** + * Remove a session participant(s) - cancel invitations + */ + protected function document_cancel($id) + { + $manticore = new file_manticore($this->api); + $users = $this->args['users']; + + if (empty($users)) { + throw new Exception("Invalid arguments.", file_api_core::ERROR_CODE); + } + + foreach ((array) $users as $user) { + $manticore->invitation_delete($id, $user); + $result[] = $user; } return array( 'list' => $result, ); } /** * Update document file content */ protected function document_put($file) { list($driver, $path) = $this->api->get_driver($file); $length = rcube_utils::request_header('Content-Length'); $tmp_dir = unslashify($this->api->config->get('temp_dir')); $tmp_path = tempnam($tmp_dir, 'chwalaUpload'); // Create stream to copy input into a temp file $input = fopen('php://input', 'r'); $tmp_file = fopen($tmp_path, 'w'); if (!$input || !$tmp_file) { throw new Exception("Failed opening input or temp file stream.", file_api_core::ERROR_CODE); } // Create temp file from the input $copied = stream_copy_to_stream($input, $tmp_file); fclose($input); fclose($tmp_file); if ($copied < $length) { throw new Exception("Failed writing to temp file.", file_api_core::ERROR_CODE); } $file = array( 'path' => $tmp_path, 'type' => rcube_mime::file_content_type($tmp_path, $file), ); $driver->file_update($path, $file); // remove the temp file unlink($tmp_path); } /** * Return document file content */ protected function document_get($file) { list($driver, $path) = $this->api->get_driver($file); try { $params = array('force-type' => 'application/vnd.oasis.opendocument.text'); $driver->file_get($path, $params); } catch (Exception $e) { header("HTTP/1.0 " . file_api_core::ERROR_CODE . " " . $e->getMessage()); } exit; } } diff --git a/lib/api/file_info.php b/lib/api/file_info.php index b5d3053..304066c 100644 --- a/lib/api/file_info.php +++ b/lib/api/file_info.php @@ -1,98 +1,143 @@ | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ class file_api_file_info extends file_api_common { /** * Request handler */ public function handle() { parent::handle(); + // check Manticore support. Note: we don't use config->get('fileapi_manticore') + // here as it may be not properly set if backend driver wasn't initialized yet + $capabilities = $this->api->capabilities(false); + $manticore = $capabilities['MANTICORE']; + + // support file_info by session ID if (!isset($this->args['file']) || $this->args['file'] === '') { - throw new Exception("Missing file name", file_api_core::ERROR_CODE); + if ($manticore && !empty($this->args['session'])) { + $this->args['file'] = $this->file_manticore_file($this->args['session']); + } + else { + throw new Exception("Missing file name", file_api_core::ERROR_CODE); + } } - list($driver, $path) = $this->api->get_driver($this->args['file']); + if ($this->args['file'] !== null) { + list($driver, $path) = $this->api->get_driver($this->args['file']); - $info = $driver->file_info($path); + $info = $driver->file_info($path); + $info['file'] = $this->args['file']; + } + else { + $info = array( + // @TODO: session exists, invitation exists, assume ODF format + // however, this should be done in a different way, + // e.g. this info should be stored in sessions database + 'type' => 'application/vnd.oasis.opendocument.text', + 'writable' => false, + ); + } // Possible 'viewer' types are defined in files_api.js:file_type_supported() // 1 - Native browser support // 2 - Chwala viewer exists - // 4 - Manticore (WebODF collaborative editor) + // 4 - Editor exists if (rcube_utils::get_boolean((string) $this->args['viewer'])) { - $this->file_viewer_info($info); + if ($this->args['file'] !== null) { + $this->file_viewer_info($info); + } // check if file type is supported by webodf editor? - if ($this->rc->config->get('fileapi_manticore')) { + if ($manticore) { if (strtolower($info['type']) == 'application/vnd.oasis.opendocument.text') { $info['viewer']['manticore'] = true; } } if ((intval($this->args['viewer']) & 4) && $info['viewer']['manticore']) { $this->file_manticore_handler($info); } } + // check writable flag + if ($this->args['file'] !== null) { + $path = explode(file_storage::SEPARATOR, $path); + array_pop($path); + $path = implode(file_storage::SEPARATOR, $path); + $acl = $driver->folder_rights($path); + + $info['writable'] = ($acl & file_storage::ACL_WRITE) != 0; + } + return $info; } /** * Merge file viewer data into file info */ protected function file_viewer_info(&$info) { $file = $this->args['file']; $viewer = $this->find_viewer($info['type']); if ($viewer) { $info['viewer'] = array(); if ($frame = $viewer->frame($file, $info['type'])) { $info['viewer']['frame'] = $frame; } else if ($href = $viewer->href($file, $info['type'])) { $info['viewer']['href'] = $href; } } } /** * Merge manticore session data into file info */ protected function file_manticore_handler(&$info) { $manticore = new file_manticore($this->api); $file = $this->args['file']; $session = $this->args['session']; if ($uri = $manticore->session_start($file, $session)) { $info['viewer']['href'] = $uri; $info['session'] = $manticore->session_info($session, true); } } + + /** + * Get file from manticore session + */ + protected function file_manticore_file($session_id) + { + $manticore = new file_manticore($this->api); + + return $manticore->session_file($session_id, true); + } } diff --git a/lib/api/folder_create.php b/lib/api/folder_create.php index 843bbe6..4c77c58 100644 --- a/lib/api/folder_create.php +++ b/lib/api/folder_create.php @@ -1,94 +1,94 @@ | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ class file_api_folder_create extends file_api_common { /** * Request handler */ public function handle() { parent::handle(); if (!isset($this->args['folder']) || $this->args['folder'] === '') { throw new Exception("Missing folder name", file_api_core::ERROR_CODE); } // normal folder if (empty($this->args['driver']) || $this->args['driver'] == 'default') { list($driver, $path) = $this->api->get_driver($this->args['folder']); return $driver->folder_create($path); } // external storage (mount point) if (strpos($this->args['folder'], file_storage::SEPARATOR) !== false) { throw new Exception("Unable to mount external storage into a sub-folder", file_api_core::ERROR_CODE); } // check if driver is enabled $enabled = $this->rc->config->get('fileapi_drivers'); if (!in_array($this->args['driver'], $enabled)) { throw new Exception("Unsupported storage driver", file_storage::ERROR_UNSUPPORTED); } // check if folder/mount point already exists $drivers = $this->api->get_drivers(); foreach ($drivers as $driver) { if ($driver['title'] === $this->args['folder']) { throw new Exception("Specified folder already exists", file_storage::ERROR_FILE_EXISTS); } } $backend = $this->api->get_backend(); $folders = $backend->folder_list(); if (in_array($this->args['folder'], $folders)) { throw new Exception("Specified folder already exists", file_storage::ERROR_FILE_EXISTS); } // load driver $driver = $this->api->load_driver_object($this->args['driver']); - $driver->configure($this->api->config, $this->args['folder']); + $driver->configure($this->api->env, $this->args['folder']); // check if authentication works $data = $driver->driver_validate($this->args); $data['title'] = $this->args['folder']; $data['driver'] = $this->args['driver']; $data['enabled'] = 1; // optionally store (encrypted) passwords if (!empty($data['password']) && rcube_utils::get_boolean((string) $this->args['store_passwords'])) { $data['password'] = $this->api->encrypt($data['password']); } else { unset($data['password']); } // save the mount point info in config $backend->driver_create($data); } } diff --git a/lib/drivers/kolab/kolab_file_storage.php b/lib/drivers/kolab/kolab_file_storage.php index 43ee14c..f51e09e 100644 --- a/lib/drivers/kolab/kolab_file_storage.php +++ b/lib/drivers/kolab/kolab_file_storage.php @@ -1,1412 +1,1446 @@ | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ class kolab_file_storage implements file_storage { /** * @var rcube */ protected $rc; /** * @var array */ protected $folders; /** * @var array */ protected $config = array(); /** * @var string */ protected $title; + /** + * @var array + */ + protected $icache = array(); /** * Class constructor */ public function __construct() { $this->rc = rcube::get_instance(); // Get list of plugins // WARNING: We can use only plugins that are prepared for this // e.g. are not using output or rcmail objects or // doesn't throw errors when using them $plugins = (array) $this->rc->config->get('fileapi_plugins', array('kolab_auth', 'kolab_folders')); $plugins = array_unique(array_merge($plugins, array('libkolab'))); // Kolab WebDAV server supports plugins, no need to overwrite object if (!is_a($this->rc->plugins, 'rcube_plugin_api')) { // Initialize/load plugins $this->rc->plugins = kolab_file_plugin_api::get_instance(); $this->rc->plugins->init($this, ''); } // this way we're compatible with Roundcube Framework 1.2 // we can't use load_plugins() here foreach ($plugins as $plugin) { $this->rc->plugins->load_plugin($plugin, true); } $this->init(); } /** * Authenticates a user * * @param string $username User name * @param string $password User password * * @param bool True on success, False on failure */ public function authenticate($username, $password) { $auth = $this->rc->plugins->exec_hook('authenticate', array( 'host' => $this->select_host($username), 'user' => $username, 'pass' => $password, 'valid' => true, )); // Authenticate - get Roundcube user ID if ($auth['valid'] && !$auth['abort'] && ($this->login($auth['user'], $auth['pass'], $auth['host']))) { return true; } $this->rc->plugins->exec_hook('login_failed', array( 'host' => $auth['host'], 'user' => $auth['user'], )); } /** * Get password and name of authenticated user * * @return array Authenticated user data */ public function auth_info() { return array( 'username' => $this->config['username'] ?: $_SESSION['username'], 'password' => $this->config['password'] ?: $this->rc->decrypt($_SESSION['password']), ); } /** * Storage host selection */ private function select_host($username) { // Get IMAP host $host = $this->rc->config->get('default_host'); if (is_array($host)) { list($user, $domain) = explode('@', $username); // try to select host by mail domain if (!empty($domain)) { foreach ($host as $storage_host => $mail_domains) { if (is_array($mail_domains) && in_array_nocase($domain, $mail_domains)) { $host = $storage_host; break; } else if (stripos($storage_host, $domain) !== false || stripos(strval($mail_domains), $domain) !== false) { $host = is_numeric($storage_host) ? $mail_domains : $storage_host; break; } } } // take the first entry if $host is not found if (is_array($host)) { list($key, $val) = each($host); $host = is_numeric($key) ? $val : $key; } } return rcube_utils::parse_host($host); } /** * Authenticates a user in IMAP */ private function login($username, $password, $host) { if (empty($username)) { return false; } $login_lc = $this->rc->config->get('login_lc'); $default_port = $this->rc->config->get('default_port', 143); // parse $host $a_host = parse_url($host); if ($a_host['host']) { $host = $a_host['host']; $ssl = (isset($a_host['scheme']) && in_array($a_host['scheme'], array('ssl','imaps','tls'))) ? $a_host['scheme'] : null; if (!empty($a_host['port'])) { $port = $a_host['port']; } else if ($ssl && $ssl != 'tls' && (!$default_port || $default_port == 143)) { $port = 993; } } if (!$port) { $port = $default_port; } // Convert username to lowercase. If storage backend // is case-insensitive we need to store always the same username if ($login_lc) { if ($login_lc == 2 || $login_lc === true) { $username = mb_strtolower($username); } else if (strpos($username, '@')) { // lowercase domain name list($local, $domain) = explode('@', $username); $username = $local . '@' . mb_strtolower($domain); } } // Here we need IDNA ASCII // Only rcube_contacts class is using domain names in Unicode $host = rcube_utils::idn_to_ascii($host); $username = rcube_utils::idn_to_ascii($username); // user already registered? if ($user = rcube_user::query($username, $host)) { $username = $user->data['username']; } // authenticate user in IMAP $storage = $this->rc->get_storage(); if (!$storage->connect($host, $username, $password, $port, $ssl)) { return false; } // No user in database, but IMAP auth works if (!is_object($user)) { if ($this->rc->config->get('auto_create_user')) { // create a new user record $user = rcube_user::create($username, $host); if (!$user) { rcube::raise_error(array( 'code' => 620, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Failed to create a user record", ), true, false); return false; } } else { rcube::raise_error(array( 'code' => 620, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Access denied for new user $username. 'auto_create_user' is disabled", ), true, false); return false; } } // set session vars $_SESSION['user_id'] = $user->ID; $_SESSION['username'] = $user->data['username']; $_SESSION['storage_host'] = $host; $_SESSION['storage_port'] = $port; $_SESSION['storage_ssl'] = $ssl; $_SESSION['password'] = $this->rc->encrypt($password); $this->init($user); // force reloading of mailboxes list/data $storage->clear_cache('mailboxes', true); return true; } protected function init($user = null) { + $this->rc->plugins->exec_hook('startup'); + if ($_SESSION['user_id'] || $user) { // overwrite config with user preferences $this->rc->user = $user ? $user : new rcube_user($_SESSION['user_id']); $this->rc->config->set_user_prefs((array)$this->rc->user->get_prefs()); $storage = $this->rc->get_storage(); $storage->set_charset($this->rc->config->get('default_charset', RCUBE_CHARSET)); setlocale(LC_ALL, 'en_US.utf8', 'en_US.UTF-8'); } } /** * Configures environment * * @param array $config Configuration * @param string $title Source identifier */ public function configure($config, $title = null) { $this->config = array_merge($this->config, $config); // @TODO: this is currently not possible to have multiple sessions in Roundcube } /** * Returns current instance title * * @return string Instance title (mount point) */ public function title() { return ''; } /** * Storage driver capabilities * * @return array List of capabilities */ public function capabilities() { // find max filesize value $max_filesize = parse_bytes(ini_get('upload_max_filesize')); $max_postsize = parse_bytes(ini_get('post_max_size')); if ($max_postsize && $max_postsize < $max_filesize) { $max_filesize = $max_postsize; } $storage = $this->rc->get_storage(); $quota = $storage->get_capability('QUOTA'); return array( file_storage::CAPS_MAX_UPLOAD => $max_filesize, file_storage::CAPS_QUOTA => $quota, file_storage::CAPS_LOCKS => true, file_storage::CAPS_SUBSCRIPTIONS => true, ); } /** * Save configuration of external driver (mount point) * * @param array $driver Driver data * * @throws Exception */ public function driver_create($driver) { $drivers = $this->driver_list(); if ($drivers[$driver['title']]) { throw new Exception("Driver exists", file_storage::ERROR); } $config = kolab_storage_config::get_instance(); $status = $config->save($driver, 'file_driver'); if (!$status) { throw new Exception("Driver create failed", file_storage::ERROR); } $this->driver_list = null; } /** * Delete configuration of external driver (mount point) * * @param string $name Driver instance name * * @throws Exception */ public function driver_delete($name) { $drivers = $this->driver_list(); if ($driver = $drivers[$name]) { $config = kolab_storage_config::get_instance(); $status = $config->delete($driver['uid']); if (!$status) { throw new Exception("Driver delete failed", file_storage::ERROR); } $this->driver_list = null; return; } throw new Exception("Driver not found", file_storage::ERROR); } /** * Return list of registered drivers (mount points) * * @return array List of drivers data * @throws Exception */ public function driver_list() { // use internal cache, this is specifically for iRony // which may call this code path many times in one request if ($this->driver_list !== null) { return $this->driver_list; } // get current relations state $config = kolab_storage_config::get_instance(); $default = true; $filter = array( array('type', '=', 'file_driver'), ); $drivers = $config->get_objects($filter, $default, 100); $result = array(); foreach ($drivers as $driver) { $result[$driver['title']] = $driver; } return $this->driver_list = $result; } /** * Update configuration of external driver (mount point) * * @param string $title Driver instance title * @param array $driver Driver data * * @throws Exception */ public function driver_update($title, $driver) { $drivers = $this->driver_list(); if (!$drivers[$title]) { throw new Exception("Driver not found", file_storage::ERROR); } $config = kolab_storage_config::get_instance(); $status = $config->save($driver, 'file_driver'); if (!$status) { throw new Exception("Driver update failed", file_storage::ERROR); } $this->driver_list = null; } /** * Returns metadata of the driver * * @return array Driver meta data (image, name, form) */ public function driver_metadata() { $image_content = file_get_contents(__DIR__ . '/kolab.png'); $metadata = array( 'image' => 'data:image/png;base64,' . base64_encode($image_content), 'name' => 'Kolab Groupware', 'ref' => 'http://kolab.org', 'description' => 'Kolab Groupware server', 'form' => array( 'host' => 'hostname', 'username' => 'username', 'password' => 'password', ), ); return $metadata; } /** * Validate metadata (config) of the driver * * @param array $metadata Driver metadata * * @return array Driver meta data to be stored in configuration * @throws Exception */ public function driver_validate($metadata) { throw new Exception("Not implemented", file_storage::ERROR_UNSUPPORTED); } /** * Create a file. * * @param string $file_name Name of a file (with folder path) * @param array $file File data (path, type) * * @throws Exception */ public function file_create($file_name, $file) { $exists = $this->get_file_object($file_name, $folder); if (!empty($exists)) { throw new Exception("Storage error. File exists.", file_storage::ERROR); } $object = $this->to_file_object(array( 'name' => $file_name, 'type' => $file['type'], 'path' => $file['path'], 'content' => $file['content'], )); // save the file object in IMAP $saved = $folder->save($object, 'file'); if (!$saved) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Error saving object to Kolab server"), true, false); throw new Exception("Storage error. Saving file failed.", file_storage::ERROR); } } /** * Update a file. * * @param string $file_name Name of a file (with folder path) * @param array $file File data (path, type) * * @throws Exception */ public function file_update($file_name, $file) { $file_object = $this->get_file_object($file_name, $folder); if (empty($file_object)) { throw new Exception("Storage error. File not found.", file_storage::ERROR); } $key = key($file_object['_attachments']); $file_object['_attachments'] = array( 0 => array( 'name' => $file_name, 'path' => $file['path'], 'content' => $file['content'], 'mimetype' => $file['type'], ), $key => false, ); // save the file object in IMAP $saved = $folder->save($file_object, 'file', $file_object['_msguid']); if (!$saved) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Error saving object to Kolab server"), true, false); throw new Exception("Storage error. Saving file failed.", file_storage::ERROR); } } /** * Delete a file. * * @param string $file_name Name of a file (with folder path) * * @throws Exception */ public function file_delete($file_name) { $file = $this->get_file_object($file_name, $folder); if (empty($file)) { throw new Exception("Storage error. File not found.", file_storage::ERROR); } $deleted = $folder->delete($file); if (!$deleted) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Error deleting object from Kolab server"), true, false); throw new Exception("Storage error. Deleting file failed.", file_storage::ERROR); } } /** * Return file body. * * @param string $file_name Name of a file (with folder path) * @param array $params Parameters (force-download) * @param resource $fp Print to file pointer instead (send no headers) * * @throws Exception */ public function file_get($file_name, $params = array(), $fp = null) { - $file = $this->get_file_object($file_name, $folder); + $file = $this->get_file_object($file_name, $folder, true); if (empty($file)) { throw new Exception("Storage error. File not found.", file_storage::ERROR); } $file = $this->from_file_object($file); // write to file pointer, send no headers if ($fp) { if ($file['size']) { $folder->get_attachment($file['_msguid'], $file['fileid'], $file['_mailbox'], false, $fp); } return; } if (!empty($params['force-download'])) { $disposition = 'attachment'; header("Content-Type: application/octet-stream"); // @TODO // if ($browser->ie) // header("Content-Type: application/force-download"); } else { $mimetype = file_utils::real_mimetype($params['force-type'] ? $params['force-type'] : $file['type']); $disposition = 'inline'; header("Content-Transfer-Encoding: binary"); header("Content-Type: $mimetype"); } $filename = addcslashes($file['name'], '"'); // Workaround for nasty IE bug (#1488844) // If Content-Disposition header contains string "attachment" e.g. in filename // IE handles data as attachment not inline /* @TODO if ($disposition == 'inline' && $browser->ie && $browser->ver < 9) { $filename = str_ireplace('attachment', 'attach', $filename); } */ header("Content-Length: " . $file['size']); header("Content-Disposition: $disposition; filename=\"$filename\""); if ($file['size'] && empty($params['head'])) { $folder->get_attachment($file['_msguid'], $file['fileid'], $file['_mailbox'], true); } } /** * Returns file metadata. * * @param string $file_name Name of a file (with folder path) * * @throws Exception */ public function file_info($file_name) { - $file = $this->get_file_object($file_name, $folder); + $file = $this->get_file_object($file_name, $folder, true); if (empty($file)) { throw new Exception("Storage error. File not found.", file_storage::ERROR); } $file = $this->from_file_object($file); return array( 'name' => $file['name'], 'size' => (int) $file['size'], 'type' => (string) $file['type'], 'mtime' => $file['changed'] ? $file['changed']->format($this->config['date_format']) : '', 'ctime' => $file['created'] ? $file['created']->format($this->config['date_format']) : '', 'modified' => $file['changed'] ? $file['changed']->format('U') : 0, 'created' => $file['created'] ? $file['created']->format('U') : 0, ); } /** * List files in a folder. * * @param string $folder_name Name of a folder with full path * @param array $params List parameters ('sort', 'reverse', 'search', 'prefix') * * @return array List of files (file properties array indexed by filename) * @throws Exception */ public function file_list($folder_name, $params = array()) { $filter = array(array('type', '=', 'file')); if (!empty($params['search'])) { foreach ($params['search'] as $idx => $value) { switch ($idx) { case 'name': $filter[] = array('filename', '~', $value); break; case 'class': foreach (file_utils::class2mimetypes($value) as $tag) { $for[] = array('tags', '~', ' ' . $tag); } $filter[] = array($for, 'OR'); break; } } } // get files list - $folder = $this->get_folder_object($folder_name); - $files = $folder->select($filter); + $files = $this->get_files($folder_name, $filter); $result = array(); // convert to kolab_storage files list data format foreach ($files as $idx => $file) { $file = $this->from_file_object($file); if (!isset($file['name'])) { continue; } $filename = $params['prefix'] . $folder_name . file_storage::SEPARATOR . $file['name']; $result[$filename] = array( 'name' => $file['name'], 'size' => (int) $file['size'], 'type' => (string) $file['type'], 'mtime' => $file['changed'] ? $file['changed']->format($this->config['date_format']) : '', 'ctime' => $file['created'] ? $file['created']->format($this->config['date_format']) : '', 'modified' => $file['changed'] ? $file['changed']->format('U') : 0, 'created' => $file['created'] ? $file['created']->format('U') : 0, ); unset($files[$idx]); } // @TODO: pagination, search (by filename, mimetype) // Sorting $sort = !empty($params['sort']) ? $params['sort'] : 'name'; $index = array(); if ($sort == 'mtime') { $sort = 'modified'; } if (in_array($sort, array('name', 'size', 'modified'))) { foreach ($result as $key => $val) { $index[$key] = $val[$sort]; } array_multisort($index, SORT_ASC, SORT_NUMERIC, $result); } if ($params['reverse']) { $result = array_reverse($result, true); } return $result; } /** * Copy a file. * * @param string $file_name Name of a file (with folder path) * @param string $new_name New name of a file (with folder path) * * @throws Exception */ public function file_copy($file_name, $new_name) { $file = $this->get_file_object($file_name, $folder); if (empty($file)) { throw new Exception("Storage error. File not found.", file_storage::ERROR); } $new = $this->get_file_object($new_name, $new_folder); if (!empty($new)) { throw new Exception("Storage error. File exists.", file_storage::ERROR_FILE_EXISTS); } $file = $this->from_file_object($file); // Save to temp file // @TODO: use IMAP CATENATE extension $temp_dir = unslashify($this->rc->config->get('temp_dir')); $file_path = tempnam($temp_dir, 'rcmAttmnt'); $fh = fopen($file_path, 'w'); if (!$fh) { throw new Exception("Storage error. File copying failed.", file_storage::ERROR); } if ($file['size']) { $folder->get_attachment($file['uid'], $file['fileid'], null, false, $fh, true); } fclose($fh); if (!file_exists($file_path)) { throw new Exception("Storage error. File copying failed.", file_storage::ERROR); } // Update object $file['_attachments'] = array( 0 => array( 'name' => $new_name, 'path' => $file_path, 'mimetype' => $file['type'], 'size' => $file['size'], )); $fields = array('created', 'changed', '_attachments', 'notes', 'sensitivity', 'categories', 'x-custom'); $file = array_intersect_key($file, array_combine($fields, $fields)); $saved = $new_folder->save($file, 'file'); @unlink($file_path); if (!$saved) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Error updating object on Kolab server"), true, false); throw new Exception("Storage error. File copying failed.", file_storage::ERROR); } } /** * Move (or rename) a file. * * @param string $file_name Name of a file (with folder path) * @param string $new_name New name of a file (with folder path) * * @throws Exception */ public function file_move($file_name, $new_name) { $file = $this->get_file_object($file_name, $folder); if (empty($file)) { throw new Exception("Storage error. File not found.", file_storage::ERROR); } $new = $this->get_file_object($new_name, $new_folder); if (!empty($new)) { throw new Exception("Storage error. File exists.", file_storage::ERROR_FILE_EXISTS); } // Move the file if ($folder->name != $new_folder->name) { $saved = $folder->move($file['uid'], $new_folder->name); if (!$saved) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Error moving object on Kolab server"), true, false); throw new Exception("Storage error. File move failed.", file_storage::ERROR); } $folder = $new_folder; } if ($file_name === $new_name) { return; } // Update object (changing the name) $cid = key($file['_attachments']); $file['_attachments'][$cid]['name'] = $new_name; $file['_attachments'][0] = $file['_attachments'][$cid]; $file['_attachments'][$cid] = false; $saved = $folder->save($file, 'file'); if (!$saved) { rcube::raise_error(array( 'code' => 600, 'type' => 'php', 'file' => __FILE__, 'line' => __LINE__, 'message' => "Error updating object on Kolab server"), true, false); throw new Exception("Storage error. File rename failed.", file_storage::ERROR); } } /** * Create a folder. * * @param string $folder_name Name of a folder with full path * * @throws Exception on error */ public function folder_create($folder_name) { $folder_name = rcube_charset::convert($folder_name, RCUBE_CHARSET, 'UTF7-IMAP'); $success = kolab_storage::folder_create($folder_name, 'file', true); if (!$success) { throw new Exception("Storage error. Unable to create the folder", file_storage::ERROR); } } /** * Delete a folder. * * @param string $folder_name Name of a folder with full path * * @throws Exception on error */ public function folder_delete($folder_name) { $folder_name = rcube_charset::convert($folder_name, RCUBE_CHARSET, 'UTF7-IMAP'); $success = kolab_storage::folder_delete($folder_name); if (!$success) { throw new Exception("Storage error. Unable to delete the folder.", file_storage::ERROR); } } /** * Move/Rename a folder. * * @param string $folder_name Name of a folder with full path * @param string $new_name New name of a folder with full path * * @throws Exception on error */ public function folder_move($folder_name, $new_name) { $folder_name = rcube_charset::convert($folder_name, RCUBE_CHARSET, 'UTF7-IMAP'); $new_name = rcube_charset::convert($new_name, RCUBE_CHARSET, 'UTF7-IMAP'); $success = kolab_storage::folder_rename($folder_name, $new_name); if (!$success) { throw new Exception("Storage error. Unable to rename the folder", file_storage::ERROR); } } /** * Subscribe a folder. * * @param string $folder_name Name of a folder with full path * * @throws Exception */ public function folder_subscribe($folder_name) { $folder_name = rcube_charset::convert($folder_name, RCUBE_CHARSET, 'UTF7-IMAP'); $storage = $this->rc->get_storage(); if (!$storage->subscribe($folder_name)) { throw new Exception("Storage error. Unable to subscribe the folder", file_storage::ERROR); } } /** * Unsubscribe a folder. * * @param string $folder_name Name of a folder with full path * * @throws Exception */ public function folder_unsubscribe($folder_name) { $folder_name = rcube_charset::convert($folder_name, RCUBE_CHARSET, 'UTF7-IMAP'); $storage = $this->rc->get_storage(); if (!$storage->unsubscribe($folder_name)) { throw new Exception("Storage error. Unable to unsubsribe the folder", file_storage::ERROR); } } /** * Returns list of folders. * * @param array $params List parameters ('type', 'search', 'extended', 'permissions') * * @return array List of folders * @throws Exception */ public function folder_list($params = array()) { $unsubscribed = $params['type'] & file_storage::FILTER_UNSUBSCRIBED; $rights = ($params['type'] & file_storage::FILTER_WRITABLE) ? 'w' : null; $imap = $this->rc->get_storage(); $folders = $imap->list_folders_subscribed('', '*', 'file', $rights); if (!is_array($folders)) { throw new Exception("Storage error. Unable to get folders list.", file_storage::ERROR); } // create/subscribe 'Files' folder in case there's no folder of type 'file' if (empty($folders) && !$unsubscribed) { $default = 'Files'; // the folder may exist but be unsubscribed if (!$imap->folder_exists($default)) { if (kolab_storage::folder_create($default, 'file', true)) { $folders[] = $default; } } else if (kolab_storage::folder_type($default) == 'file') { if ($imap->subscribe($default)) { $folders[] = $default; } } } else { if ($unsubscribed) { $subscribed = $folders; $folders = $imap->list_folders('', '*', 'file', $rights); $folders = array_diff($folders, $subscribed); } // convert folder names to UTF-8 $callback = function($folder) { if (strpos($folder, '&') !== false) { return rcube_charset::convert($folder, 'UTF7-IMAP', RCUBE_CHARSET); } return $folder; }; $folders = array_map($callback, $folders); } // searching if (isset($params['search'])) { $search = mb_strtoupper($params['search']); $prefix = null; $ns = $imap->get_namespace('other'); if (!empty($ns)) { $prefix = rcube_charset::convert($ns[0][0], 'UTF7-IMAP', RCUBE_CHARSET); } $folders = array_filter($folders, function($folder) use ($search, $prefix) { $path = explode('/', $folder); // search in folder name not the full path if (strpos(mb_strtoupper($path[count($path)-1]), $search) !== false) { return true; } // if it is an other user folder, we'll match the user name // and return all folders of the matching user else if (strpos($folder, $prefix) === 0 && strpos(mb_strtoupper($path[1]), $search) !== false) { return true; } return false; }); } $folders = array_values($folders); // In extended format we return array of arrays if ($params['extended']) { if (!$rights && $params['permissions']) { // get list of known writable folders from cache $cache_key = 'mailboxes.permissions'; $permissions = (array) $imap->get_cache($cache_key); } foreach ($folders as $idx => $folder_name) { $folder = array('folder' => $folder_name); // check if folder is readonly if (isset($permissions)) { if (!array_key_exists($folder_name, $permissions)) { $acl = $this->folder_rights($folder_name); $permissions[$folder_name] = $acl; } if (!($permissions[$folder_name] & file_storage::ACL_WRITE)) { $folder['readonly'] = true; } } $folders[$idx] = $folder; } if ($cache_key) { $imap->update_cache($cache_key, $permissions); } } return $folders; } /** * Check folder rights. * * @param string $folder Folder name * * @return int Folder rights (sum of file_storage::ACL_*) */ public function folder_rights($folder) { $storage = $this->rc->get_storage(); $folder = rcube_charset::convert($folder, RCUBE_CHARSET, 'UTF7-IMAP'); $rights = file_storage::ACL_READ; // get list of known writable folders from cache $cache_key = 'mailboxes.permissions'; $permissions = (array) $storage->get_cache($cache_key); if (array_key_exists($folder, $permissions)) { return $permissions[$folder]; } // For better performance, assume personal folders are writeable if ($storage->folder_namespace($folder) == 'personal') { $rights |= file_storage::ACL_WRITE; } else { $myrights = $storage->my_rights($folder); if (in_array('t', (array) $myrights)) { $rights |= file_storage::ACL_WRITE; } $permissions[$folder] = $rights; $storage->update_cache($cache_key, $permissions); } return $rights; } /** * Returns a list of locks * * This method should return all the locks for a particular URI, including * locks that might be set on a parent URI. * * If child_locks is set to true, this method should also look for * any locks in the subtree of the URI for locks. * * @param string $path File/folder path * @param bool $child_locks Enables subtree checks * * @return array List of locks * @throws Exception */ public function lock_list($path, $child_locks = false) { $this->init_lock_db(); // convert URI to global resource string $uri = $this->path2uri($path); // get locks list $list = $this->lock_db->lock_list($uri, $child_locks); // convert back resource string into URIs foreach ($list as $idx => $lock) { $list[$idx]['uri'] = $this->uri2path($lock['uri']); } return $list; } /** * Locks a URI * * @param string $path File/folder path * @param array $lock Lock data * - depth: 0/'infinite' * - scope: 'shared'/'exclusive' * - owner: string * - token: string * - timeout: int * * @throws Exception */ public function lock($path, $lock) { $this->init_lock_db(); // convert URI to global resource string $uri = $this->path2uri($path); if (!$this->lock_db->lock($uri, $lock)) { throw new Exception("Database error. Unable to create a lock.", file_storage::ERROR); } } /** * Removes a lock from a URI * * @param string $path File/folder path * @param array $lock Lock data * * @throws Exception */ public function unlock($path, $lock) { $this->init_lock_db(); // convert path to global resource string $uri = $this->path2uri($path); if (!$this->lock_db->unlock($uri, $lock)) { throw new Exception("Database error. Unable to remove a lock.", file_storage::ERROR); } } /** * Return disk quota information for specified folder. * * @param string $folder_name Name of a folder with full path * * @return array Quota * @throws Exception */ public function quota($folder) { $storage = $this->rc->get_storage(); $quota = $storage->get_quota(); $quota = $this->rc->plugins->exec_hook('quota', $quota); unset($quota['abort']); return $quota; } + /** + * Get files from a folder (with performance fix) + */ + protected function get_files($folder, $filter, $all = true) + { + if (!($folder instanceof kolab_storage_folder)) { + $folder = $this->get_folder_object($folder); + } + + // for better performance it's good to assume max. number of records + $folder->set_order_and_limit(null, $all ? 0 : 1); + + return $folder->select($filter); + } + /** * Get file object. * * @param string $file_name Name of a file (with folder path) * @param kolab_storage_folder $folder Reference to folder object + * @param bool $cache Use internal cache * * @return array File data * @throws Exception */ - protected function get_file_object(&$file_name, &$folder = null) + protected function get_file_object(&$file_name, &$folder = null, $cache = false) { + $original_name = $file_name; + // extract file path and file name $path = explode(file_storage::SEPARATOR, $file_name); $file_name = array_pop($path); $folder_name = implode(file_storage::SEPARATOR, $path); if ($folder_name === '') { throw new Exception("Missing folder name", file_storage::ERROR); } - // get folder object $folder = $this->get_folder_object($folder_name); - $files = $folder->select(array( + + if ($cache && !empty($this->icache[$original_name])) { + return $this->icache[$original_name]; + } + + $filter = array( array('type', '=', 'file'), array('filename', '=', $file_name) - )); + ); + + $files = $this->get_files($folder, $filter, false); + $file = $files[0]; - return $files[0]; + if ($cache) { + $this->icache[$original_name] = $file; + } + + return $file; } /** * Get folder object. * * @param string $folder_name Name of a folder with full path * * @return kolab_storage_folder Folder object * @throws Exception */ protected function get_folder_object($folder_name) { if ($folder_name === null || $folder_name === '') { throw new Exception("Missing folder name", file_storage::ERROR); } if (empty($this->folders[$folder_name])) { $storage = $this->rc->get_storage(); $separator = $storage->get_hierarchy_delimiter(); $folder_name = str_replace(file_storage::SEPARATOR, $separator, $folder_name); $imap_name = rcube_charset::convert($folder_name, RCUBE_CHARSET, 'UTF7-IMAP'); $folder = kolab_storage::get_folder($imap_name, 'file'); if (!$folder || !$folder->valid) { $error = $folder->get_error(); if ($error === kolab_storage::ERROR_IMAP_CONN || $error === kolab_storage::ERROR_CACHE_DB) { throw new Exception("The storage is temporarily unavailable.", file_storage::ERROR_UNAVAILABLE); } else if ($error === kolab_storage::ERROR_NO_PERMISSION) { throw new Exception("Storage error. Access not permitted", file_storage::ERROR_FORBIDDEN); } throw new Exception("Storage error. Folder not found.", file_storage::ERROR); } $this->folders[$folder_name] = $folder; } return $this->folders[$folder_name]; } /** * Simplify internal structure of the file object */ protected function from_file_object($file) { if (empty($file['_attachments'])) { return $file; } $attachment = array_shift($file['_attachments']); $file['name'] = $attachment['name']; $file['size'] = $attachment['size']; $file['type'] = $attachment['mimetype']; $file['fileid'] = $attachment['id']; unset($file['_attachments']); return $file; } /** * Convert to kolab_format internal structure of the file object */ protected function to_file_object($file) { // @TODO if path is empty and fileid exists it is an update // get attachment body and save it in path $file['_attachments'] = array( 0 => array( 'name' => $file['name'], 'path' => $file['path'], 'content' => $file['content'], 'mimetype' => $file['type'], 'size' => $file['size'], )); unset($file['name']); unset($file['size']); unset($file['type']); unset($file['path']); unset($file['fileid']); return $file; } /** * Convert file/folder path into a global URI. * * @param string $path File/folder path * * @return string URI * @throws Exception */ public function path2uri($path) { $storage = $this->rc->get_storage(); $namespace = $storage->get_namespace(); $separator = $storage->get_hierarchy_delimiter(); $path = str_replace(file_storage::SEPARATOR, $separator, $path); $owner = $this->rc->get_user_name(); // find the owner and remove namespace prefix foreach ($namespace as $type => $ns) { foreach ($ns as $root) { if (is_array($root) && $root[0] && strpos($path, $root[0]) === 0) { $path = substr($path, strlen($root[0])); switch ($type) { case 'shared': // in theory there can be more than one shared root // we add it to dummy user name, so we can revert conversion $owner = "shared({$root[0]})"; break; case 'other': list($user, $path) = explode($separator, $path, 2); if (strpos($user, '@') === false) { $domain = strstr($owner, '@'); if (!empty($domain)) { $user .= $domain; } } $owner = $user; break; } break 2; } } } return 'imap://' . rawurlencode($owner) . '@' . $storage->options['host'] . '/' . file_utils::encode_path($path); } /** * Convert global URI into file/folder path. * * @param string $uri URI * * @return string File/folder path * @throws Exception */ public function uri2path($uri) { if (!preg_match('|^imap://([^@]+)@([^/]+)/(.*)$|', $uri, $matches)) { throw new Exception("Internal storage error. Unexpected data format.", file_storage::ERROR); } $storage = $this->rc->get_storage(); $separator = $storage->get_hierarchy_delimiter(); $owner = $this->rc->get_user_name(); $user = rawurldecode($matches[1]); $path = file_utils::decode_path($matches[3]); // personal namespace if ($user == $owner) { // do nothing // Note: that might not work if personal namespace uses e.g. INBOX/ prefix. } // shared namespace else if (preg_match('/^shared\((.*)\)$/', $user, $matches)) { $path = $matches[1] . $path; } // other users namespace else { $namespace = $storage->get_namespace('other'); list($local, $domain) = explode('@', $user); // here we assume there's only one other users namespace root $path = $namespace[0][0] . $local . $separator . $path; } return str_replace($separator, file_storage::SEPARATOR, $path); } /** * Initializes file_locks object */ protected function init_lock_db() { if (!$this->lock_db) { $this->lock_db = new file_locks; } } } diff --git a/lib/file_api.php b/lib/file_api.php index e5706ac..21abbd4 100644 --- a/lib/file_api.php +++ b/lib/file_api.php @@ -1,442 +1,434 @@ | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ class file_api extends file_api_core { public $session; public $config; public $browser; public $output_type = file_api_core::OUTPUT_JSON; public function __construct() { $rcube = rcube::get_instance(); $rcube->add_shutdown_function(array($this, 'shutdown')); $this->config = $rcube->config; $this->session_init(); if ($_SESSION['env']) { $this->env = $_SESSION['env']; } $this->locale_init(); } /** * Process the request and dispatch it to the requested service */ public function run() { $this->request = strtolower($_GET['method']); // Check the session, authenticate the user if (!$this->session_validate()) { $this->session->destroy(session_id()); $this->session->regenerate_id(false); if ($username = $this->authenticate()) { $_SESSION['user'] = $username; - $_SESSION['time'] = time(); $_SESSION['env'] = $this->env; // remember client API version if (is_numeric($_GET['version'])) { $_SESSION['version'] = $_GET['version']; } if ($this->request == 'authenticate') { $this->output_success(array( 'token' => session_id(), 'capabilities' => $this->capabilities(), )); } } else { throw new Exception("Invalid session", 403); } } // Call service method $result = $this->request_handler($this->request); // Send success response, errors should be handled by driver class // by throwing exceptions or sending output by itself $this->output_success($result); } /** * Session validation check and session start */ private function session_validate() { $sess_id = rcube_utils::request_header('X-Session-Token') ?: $_REQUEST['token']; if (empty($sess_id)) { - session_start(); + $this->session->start(); return false; } session_id($sess_id); - session_start(); + $this->session->start(); if (empty($_SESSION['user'])) { return false; } - $timeout = $this->config->get('session_lifetime', 0) * 60; - if ($timeout && $_SESSION['time'] && $_SESSION['time'] < time() - $timeout) { - return false; - } - // update session time - $_SESSION['time'] = time(); - return true; } /** * Initializes session */ private function session_init() { $rcube = rcube::get_instance(); $sess_name = $this->config->get('session_name'); $lifetime = $this->config->get('session_lifetime', 0) * 60; if ($lifetime) { ini_set('session.gc_maxlifetime', $lifetime * 2); } ini_set('session.name', $sess_name ? $sess_name : 'file_api_sessid'); ini_set('session.use_cookies', 0); ini_set('session.serialize_handler', 'php'); // Roundcube Framework >= 1.2 if (in_array('factory', get_class_methods('rcube_session'))) { $this->session = rcube_session::factory($this->config); } // Rouncube Framework < 1.2 else { $this->session = new rcube_session($rcube->get_dbh(), $this->config); $this->session->set_secret($this->config->get('des_key') . dirname($_SERVER['SCRIPT_NAME'])); $this->session->set_ip_check($this->config->get('ip_check')); } $this->session->register_gc_handler(array($rcube, 'gc')); // this is needed to correctly close session in shutdown function $rcube->session = $this->session; } /** * Script shutdown handler */ public function shutdown() { // write performance stats to logs/console if ($this->config->get('devel_mode')) { if (function_exists('memory_get_peak_usage')) $mem = memory_get_peak_usage(); else if (function_exists('memory_get_usage')) $mem = memory_get_usage(); $log = trim($this->request . ($mem ? sprintf(' [%.1f MB]', $mem/1024/1024) : '')); if (defined('FILE_API_START')) { rcube::print_timer(FILE_API_START, $log); } else { rcube::console($log); } } } /** * Authentication request handler (HTTP Auth) */ private function authenticate() { if (isset($_POST['username'])) { $username = $_POST['username']; $password = $_POST['password']; } else if (!empty($_SERVER['PHP_AUTH_USER'])) { $username = $_SERVER['PHP_AUTH_USER']; $password = $_SERVER['PHP_AUTH_PW']; } // when used with (f)cgi no PHP_AUTH* variables are available without defining a special rewrite rule else if (!isset($_SERVER['PHP_AUTH_USER'])) { // "Basic didhfiefdhfu4fjfjdsa34drsdfterrde..." if (isset($_SERVER["REMOTE_USER"])) { $basicAuthData = base64_decode(substr($_SERVER["REMOTE_USER"], 6)); } else if (isset($_SERVER["REDIRECT_REMOTE_USER"])) { $basicAuthData = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); } else if (isset($_SERVER["Authorization"])) { $basicAuthData = base64_decode(substr($_SERVER["Authorization"], 6)); } else if (isset($_SERVER["HTTP_AUTHORIZATION"])) { $basicAuthData = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"], 6)); } if (isset($basicAuthData) && !empty($basicAuthData)) { list($username, $password) = explode(":", $basicAuthData); } } if (!empty($username)) { $backend = $this->get_backend(); $result = $backend->authenticate($username, $password); if (empty($result)) { /* header('WWW-Authenticate: Basic realm="' . $this->app_name .'"'); header('HTTP/1.1 401 Unauthorized'); exit; */ throw new Exception("Invalid password or username", file_api_core::ERROR_CODE); } } return $username; } /** * Storage/System method handler */ private function request_handler($request) { // handle "global" requests that don't require api driver switch ($request) { case 'ping': return array(); case 'quit': $this->session->destroy(session_id()); return array(); case 'configure': foreach (array_keys($this->env) as $name) { if (isset($_GET[$name])) { $this->env[$name] = $_GET[$name]; } } $_SESSION['env'] = $this->env; return $this->env; case 'upload_progress': return $this->upload_progress(); case 'mimetypes': return $this->supported_mimetypes(); case 'capabilities': return $this->capabilities(); } // handle request if ($request && preg_match('/^[a-z0-9_-]+$/', $request)) { $aliases = array( // request name aliases for backward compatibility 'lock' => 'lock_create', 'unlock' => 'lock_delete', 'folder_rename' => 'folder_move', ); // Redirect all document_* actions into 'document' action - if (strpos($request, 'document_') === 0) { + if (preg_match('/^(invitations|document_[a-z]+)$/', $request)) { $request = 'document'; } $request = $aliases[$request] ?: $request; require_once __DIR__ . "/api/common.php"; include_once __DIR__ . "/api/$request.php"; $class_name = "file_api_$request"; if (class_exists($class_name, false)) { $handler = new $class_name($this); return $handler->handle(); } } throw new Exception("Unknown method", file_api_core::ERROR_INVALID); } /** * File upload progress handler */ protected function upload_progress() { if (function_exists('apc_fetch')) { $prefix = ini_get('apc.rfc1867_prefix'); $uploadid = rcube_utils::get_input_value('id', rcube_utils::INPUT_GET); $status = apc_fetch($prefix . $uploadid); if (!empty($status)) { $status['percent'] = round($status['current']/$status['total']*100); if ($status['percent'] < 100) { $diff = max(1, time() - intval($status['start_time'])); // calculate time to end of uploading (in seconds) $status['eta'] = intval($diff * (100 - $status['percent']) / $status['percent']); // average speed (bytes per second) $status['rate'] = intval($status['current'] / $diff); } } $status['id'] = $uploadid; return $status; // id, done, total, current, percent, start_time, eta, rate } throw new Exception("Not supported", file_api_core::ERROR_CODE); } /** * Returns complete File URL * * @param string $file File name (with path) * * @return string File URL */ public function file_url($file) { return file_utils::script_uri(). '?method=file_get' . '&file=' . urlencode($file) . '&token=' . urlencode(session_id()); } /** * Returns web browser object * * @return rcube_browser Web browser object */ public function get_browser() { if ($this->browser === null) { $this->browser = new rcube_browser; } return $this->browser; } /** * Send success response * * @param mixed $data Data */ public function output_success($data) { if (!is_array($data)) { $data = array(); } $response = array('status' => 'OK', 'result' => $data); if (!empty($_REQUEST['req_id'])) { $response['req_id'] = $_REQUEST['req_id']; } $this->output_send($response); } /** * Send error response * * @param mixed $response Response data * @param int $code Error code */ public function output_error($response, $code = null) { if (is_string($response)) { $response = array('reason' => $response); } $response['status'] = 'ERROR'; if ($code) { $response['code'] = $code; } if (!empty($_REQUEST['req_id'])) { $response['req_id'] = $_REQUEST['req_id']; } if (empty($response['code'])) { $response['code'] = file_api_core::ERROR_CODE; } $this->output_send($response); } /** * Send response * * @param mixed $data Data */ protected function output_send($data) { // Send response header("Content-Type: {$this->output_type}; charset=utf-8"); echo json_encode($data); exit; } /** * Returns API version supported by the client */ public function client_version() { return $_SESSION['version']; } /** * Create a human readable string for a number of bytes * * @param int Number of bytes * * @return string Byte string */ public function show_bytes($bytes) { if ($bytes >= 1073741824) { $gb = $bytes/1073741824; $str = sprintf($gb >= 10 ? "%d " : "%.1f ", $gb) . 'GB'; } else if ($bytes >= 1048576) { $mb = $bytes/1048576; $str = sprintf($mb >= 10 ? "%d " : "%.1f ", $mb) . 'MB'; } else if ($bytes >= 1024) { $str = sprintf("%d ", round($bytes/1024)) . 'KB'; } else { $str = sprintf('%d ', $bytes) . 'B'; } return $str; } } diff --git a/lib/file_api_core.php b/lib/file_api_core.php index f2dce01..6839b7f 100644 --- a/lib/file_api_core.php +++ b/lib/file_api_core.php @@ -1,333 +1,369 @@ | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ class file_api_core extends file_locale { const API_VERSION = 2; const ERROR_CODE = 500; const ERROR_INVALID = 501; const OUTPUT_JSON = 'application/json'; const OUTPUT_HTML = 'text/html'; public $env = array( 'date_format' => 'Y-m-d H:i', 'language' => 'en_US', ); protected $app_name = 'Kolab File API'; protected $drivers = array(); + protected $icache = array(); protected $backend; /** * Returns API version */ public function client_version() { return self::API_VERSION; } /** * Initialise authentication/configuration backend class * * @return file_storage Main storage driver */ public function get_backend() { if ($this->backend) { return $this->backend; } $rcube = rcube::get_instance(); $driver = $rcube->config->get('fileapi_backend', 'kolab'); $this->backend = $this->load_driver_object($driver); // configure api $this->backend->configure($this->env); return $this->backend; } /** * Return supported/enabled external storage instances * * @param bool $as_objects Return drivers as objects not config data * * @return array List of storage drivers */ public function get_drivers($as_objects = false) { $rcube = rcube::get_instance(); $enabled = $rcube->config->get('fileapi_drivers'); $preconf = $rcube->config->get('fileapi_sources'); $result = array(); $all = array(); $iRony = defined('KOLAB_DAV_ROOT'); if (!empty($enabled)) { $backend = $this->get_backend(); $drivers = $backend->driver_list(); foreach ($drivers as $item) { // Disable webdav sources/drivers in iRony that point to the // same host to prevent infinite recursion if ($iRony && $item['driver'] == 'webdav') { $self_url = parse_url($_SERVER['SCRIPT_URI']); $item_url = parse_url($item['host']); if ($self_url['host'] == $item_url['host']) { continue; } } $all[] = $item['title']; if ($item['enabled'] && in_array($item['driver'], (array) $enabled)) { $result[] = $as_objects ? $this->get_driver_object($item) : $item; } } } if (empty($result) && !empty($preconf)) { foreach ((array) $preconf as $title => $item) { if (!in_array($title, $all)) { $item['title'] = $title; $item['admin'] = true; $result[] = $as_objects ? $this->get_driver_object($item) : $item; } } } return $result; } /** * Return driver for specified file/folder path * * @param string $path Folder/file path * * @return array Storage driver object, modified path, driver config */ public function get_driver($path) { $drivers = $this->get_drivers(); foreach ($drivers as $item) { $prefix = $item['title'] . file_storage::SEPARATOR; if ($path == $item['title'] || strpos($path, $prefix) === 0) { $selected = $item; break; } } if (empty($selected)) { return array($this->get_backend(), $path); } $path = substr($path, strlen($selected['title']) + 1); return array($this->get_driver_object($selected), $path, $selected); } /** * Initialize driver instance * * @param array $config Driver config * * @return file_storage Storage driver instance */ public function get_driver_object($config) { $key = $config['title']; if (empty($this->drivers[$key])) { $this->drivers[$key] = $driver = $this->load_driver_object($config['driver']); if ($config['username'] == '%u') { $backend = $this->get_backend(); $auth_info = $backend->auth_info(); $config['username'] = $auth_info['username']; $config['password'] = $auth_info['password']; } else if (!empty($config['password']) && empty($config['admin']) && !empty($key)) { $config['password'] = $this->decrypt($config['password']); } // configure api $driver->configure(array_merge($config, $this->env), $key); } return $this->drivers[$key]; } /** * Loads a driver */ public function load_driver_object($name) { $class = $name . '_file_storage'; if (!class_exists($class, false)) { $include_path = __DIR__ . "/drivers/$name" . PATH_SEPARATOR; $include_path .= ini_get('include_path'); set_include_path($include_path); } return new $class; } /** * Returns storage(s) capabilities * + * @param bool $full Return all drivers' capabilities + * * @return array Capabilities */ - public function capabilities() + public function capabilities($full = true) { $rcube = rcube::get_instance(); $backend = $this->get_backend(); $caps = array(); // check support for upload progress if (($progress_sec = $rcube->config->get('upload_progress')) && ini_get('apc.rfc1867') && function_exists('apc_fetch') ) { $caps[file_storage::CAPS_PROGRESS_NAME] = ini_get('apc.rfc1867_name'); $caps[file_storage::CAPS_PROGRESS_TIME] = $progress_sec; } // get capabilities of main storage module foreach ($backend->capabilities() as $name => $value) { // skip disabled capabilities if ($value !== false) { $caps[$name] = $value; } } // Manticore support if ($manticore = $rcube->config->get('fileapi_manticore')) { $caps['MANTICORE'] = true; } + if (!$full) { + return $caps; + } + // get capabilities of other drivers $drivers = $this->get_drivers(true); foreach ($drivers as $driver) { if ($driver != $backend) { $title = $driver->title(); foreach ($driver->capabilities() as $name => $value) { // skip disabled capabilities if ($value !== false) { $caps['MOUNTPOINTS'][$title][$name] = $value; } } } } return $caps; } + /** + * Get user name from user identifier (email address) using LDAP lookup + * + * @param string $email User identifier + * + * @return string User name + */ + public function resolve_user($email) + { + $key = "user:$email"; + + // make sure Kolab backend is initialized so kolab_storage can be found + $this->get_backend(); + + // @todo: Move this into drivers + if ($this->icache[$key] === null + && class_exists('kolab_storage') + && ($ldap = kolab_storage::ldap()) + ) { + $user = $ldap->get_user_record($email, $_SESSION['imap_host']); + + $this->icache[$key] = $user ?: false; + } + + if ($this->icache[$key]) { + return $this->icache[$key]['displayname'] ?: $this->icache[$key]['name']; + } + } + /** * Return mimetypes list supported by built-in viewers * * @return array List of mimetypes */ protected function supported_mimetypes() { $mimetypes = array(); $dir = __DIR__ . '/viewers'; if ($handle = opendir($dir)) { while (false !== ($file = readdir($handle))) { if (preg_match('/^([a-z0-9_]+)\.php$/i', $file, $matches)) { include_once $dir . '/' . $file; $class = 'file_viewer_' . $matches[1]; $viewer = new $class($this); $mimetypes = array_merge($mimetypes, $viewer->supported_mimetypes()); } } closedir($handle); } return $mimetypes; } /** * Encrypts data with current user password * * @param string $str A string to encrypt * * @return string Encrypted string (and base64-encoded) */ public function encrypt($str) { $rcube = rcube::get_instance(); $key = $this->get_crypto_key(); return $rcube->encrypt($str, $key, true); } /** * Decrypts data encrypted with encrypt() method * * @param string $str Encrypted string (base64-encoded) * * @return string Decrypted string */ public function decrypt($str) { $rcube = rcube::get_instance(); $key = $this->get_crypto_key(); return $rcube->decrypt($str, $key, true); } /** * Set encryption password */ protected function get_crypto_key() { $key = 'chwala_crypto_key'; $rcube = rcube::get_instance(); $backend = $this->get_backend(); $user = $backend->auth_info(); $password = $user['password'] . $user['username']; // encryption password must be 24 characters, no less, no more if (($len = strlen($password)) > 24) { $password = substr($password, 0, 24); } else { $password = $password . substr($rcube->config->get('des_key'), 0, 24 - $len); } $rcube->config->set($key, $password); return $key; } } diff --git a/lib/file_manticore.php b/lib/file_manticore.php index f608f5d..440624b 100644 --- a/lib/file_manticore.php +++ b/lib/file_manticore.php @@ -1,555 +1,689 @@ | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ /** * Document editing sessions handling */ class file_manticore { protected $api; protected $rc; protected $request; + protected $user; protected $sessions_table = 'chwala_sessions'; protected $invitations_table = 'chwala_invitations'; + protected $icache = array(); const STATUS_INVITED = 'invited'; const STATUS_REQUESTED = 'requested'; const STATUS_ACCEPTED = 'accepted'; const STATUS_DECLINED = 'declined'; + const STATUS_DECLINED_OWNER = 'declined-owner'; // same as 'declined' but done by the session owner + const STATUS_ACCEPTED_OWNER = 'accepted-owner'; // same as 'accepted' but done by the session owner /** * Class constructor * * @param file_api Chwala API app instance */ public function __construct($api) { - $this->rc = rcube::get_instance(); - $this->api = $api; + $this->rc = rcube::get_instance(); + $this->api = $api; + $this->user = $_SESSION['user']; $db = $this->rc->get_dbh(); $this->sessions_table = $db->table_name($this->sessions_table); $this->invitations_table = $db->table_name($this->invitations_table); } /** * Return viewer URI for specified file/session. This creates * a new collaborative editing session when needed. * * @param string $file File path * @param string &$session_id Optional session ID to join to * * @return string Manticore URI * @throws Exception */ public function session_start($file, &$session_id = null) { - list($driver, $path) = $this->api->get_driver($file); + if ($file !== null) { + list($driver, $path) = $this->api->get_driver($file); + $uri = $driver->path2uri($path); + } $backend = $this->api->get_backend(); - $uri = $driver->path2uri($path); if ($session_id) { $session = $this->session_info($session_id); if (empty($session)) { throw new Exception("Document session not found.", file_api_core::ERROR_CODE); } // check session ownership - if ($session['owner'] != $_SESSION['user']) { + if ($session['owner'] != $this->user) { // check if the user was invited - $invitations = $this->invitations_list($session_id); - $states = array(self::STATUS_DECLINED, self::STATUS_REQUESTED); + $invitations = $this->invitations_find(array('session_id' => $session_id, 'user' => $this->user)); + $states = array(self::STATUS_INVITED, self::STATUS_ACCEPTED, self::STATUS_ACCEPTED_OWNER); - if (empty($invitations) || in_array($invitations[0]['status'], $states)) { + if (empty($invitations) || !in_array($invitations[0]['status'], $states)) { throw new Exception("No permission to join the editing session.", file_api_core::ERROR_CODE); } // automatically accept the invitation, if not done yet if ($invitations[0]['status'] == self::STATUS_INVITED) { - $this->invitation_update($session_id, $_SESSION['user'], self::STATUS_ACCEPTED); + $this->invitation_update($session_id, $this->user, self::STATUS_ACCEPTED); } } + // authenticate to Manticore, we need auth token for frame_uri + $req = $this->get_request(); + // @TODO: make sure the session exists in Manticore? } - else { - $session_id = rcube_utils::bin2ascii(md5(time() . $uri, true)); - $data = array(); - $owner = $_SESSION['user']; - - // we'll store user credentials if the file comes from - // an external source that requires authentication - if ($backend != $driver) { - $auth = $driver->auth_info(); - $auth['password'] = $this->rc->encrypt($auth['password']); - $data['auth_info'] = $auth; + else if (!empty($uri)) { + // To prevent from creating new sessions for the same file+user + // (e.g. when user uses F5 to refresh the page), we check first + // if such a session exist and continue with it + $db = $this->rc->get_dbh(); + $res = $db->query("SELECT `id` FROM `{$this->sessions_table}`" + . " WHERE `owner` = ? AND `uri` = ?", $this->user, $uri); + + if ($row = $db->fetch_assoc($res)) { + $session_id = $row['id']; + $res = true; } + else if (!$db->is_error($res)) { + $session_id = rcube_utils::bin2ascii(md5(time() . $uri, true)); + $data = array(); + $owner = $this->user; + + // we'll store user credentials if the file comes from + // an external source that requires authentication + if ($backend != $driver) { + $auth = $driver->auth_info(); + $auth['password'] = $this->rc->encrypt($auth['password']); + $data['auth_info'] = $auth; + } - $res = $this->session_create($session_id, $uri, $owner, $data); + $res = $this->session_create($session_id, $uri, $owner, $data); + } if (!$res) { throw new Exception("Failed creating document editing session", file_api_core::ERROR_CODE); } } + else { + throw new Exception("Failed creating document editing session (unknown file)", file_api_core::ERROR_CODE); + } return $this->frame_uri($session_id); } /** * Get file path (not URI) from session. * - * @param string $id Session ID + * @param string $id Session ID + * @param bool $join_mode Throw exception only if session does not exist * * @return string File path * @throws Exception */ - public function session_file($id) + public function session_file($id, $join_mode = false) { $session = $this->session_info($id); if (empty($session)) { throw new Exception("Document session not found.", file_api_core::ERROR_CODE); } $path = $this->uri2path($session['uri']); - if (empty($path)) { + if (empty($path) && (!$join_mode || $session['owner'] == $this->user)) { throw new Exception("Document session not found.", file_api_core::ERROR_CODE); } - // @TODO: check permissions to the session + // check permissions to the session + if ($session['owner'] != $this->user) { + $invitations = $this->invitations_find(array('session_id' => $id, 'user' => $this->user)); + $states = array(self::STATUS_INVITED, self::STATUS_ACCEPTED, self::STATUS_ACCEPTED_OWNER); + + if (empty($invitations) || !in_array($invitations[0]['status'], $states)) { + throw new Exception("No permission to join the editing session.", file_api_core::ERROR_CODE); + } + } return $path; } /** * Get editing session info * * @param string $id Session identifier * @param bool $with_invitations Return invitations list + * + * @return array Session data */ public function session_info($id, $with_invitations = false) { - $db = $this->rc->get_dbh(); - $result = $db->query("SELECT * FROM `{$this->sessions_table}`" - . " WHERE `id` = ?", $id); + $session = $this->icache["session:$id"]; + + if (!$session) { + $db = $this->rc->get_dbh(); + $result = $db->query("SELECT * FROM `{$this->sessions_table}`" + . " WHERE `id` = ?", $id); + + if ($row = $db->fetch_assoc($result)) { + $session = $this->session_info_parse($row); + + $this->icache["session:$id"] = $session; + } + } - if ($row = $db->fetch_assoc($result)) { - $session = $this->session_info_parse($row); + if ($session) { + if ($session['owner'] == $this->user) { + $session['is_owner'] = true; + } if ($with_invitations && $session['is_owner']) { $session['invitations'] = $this->invitations_find(array('session_id' => $id)); } - - return $session; } + + return $session; } /** * Find editing sessions for specified path */ public function session_find($path, $invitations = true) { // create an URI for specified path list($driver, $path) = $this->api->get_driver($path); $uri = trim($driver->path2uri($path), '/') . '/'; // get existing sessions $sessions = array(); - $filter = array('file', 'owner', 'is_owner'); + $filter = array('file', 'owner', 'owner_name', 'is_owner'); $db = $this->rc->get_dbh(); $result = $db->query("SELECT * FROM `{$this->sessions_table}`" . " WHERE `uri` LIKE '" . $db->escape($uri) . "%'"); while ($row = $db->fetch_assoc($result)) { if ($path = $this->uri2path($row['uri'])) { $sessions[$row['id']] = $this->session_info_parse($row, $path, $filter); } } // set 'is_invited' flag if ($invitations && !empty($sessions)) { - $invitations = $this->invitations_list(); - $states = array(self::STATUS_INVITED, self::STATUS_ACCEPTED); + $invitations = $this->invitations_find(array('user' => $this->user)); + $states = array(self::STATUS_INVITED, self::STATUS_ACCEPTED, self::STATUS_ACCEPTED_OWNER); foreach ($invitations as $invitation) { if (!empty($sessions[$invitation['session_id']]) && in_array($invitation['status'], $states)) { $sessions[$invitation['session_id']]['is_invited'] = true; } } } return $sessions; } /** * Delete editing session (only owner can do that) * * @param string $id Session identifier * @param bool $local Remove session only from local database */ public function session_delete($id, $local = false) { $db = $this->rc->get_dbh(); $result = $db->query("DELETE FROM `{$this->sessions_table}`" . " WHERE `id` = ? AND `owner` = ?", - $id, $_SESSION['user']); + $id, $this->user); $success = $db->affected_rows($result) > 0; // Send document delete to Manticore if ($success && !$local) { $req = $this->get_request(); $res = $req->document_delete($id); } return $success; } /** * Create editing session */ protected function session_create($id, $uri, $owner, $data) { + // get user name + $owner_name = $this->api->resolve_user($owner) ?: ''; + // Do this before starting the session in Manticore, // it will immediately call api/document to get the file body $db = $this->rc->get_dbh(); $result = $db->query("INSERT INTO `{$this->sessions_table}`" - . " (`id`, `uri`, `owner`, `data`) VALUES (?, ?, ?, ?)", - $id, $uri, $owner, json_encode($data)); + . " (`id`, `uri`, `owner`, `owner_name`, `data`)" + . " VALUES (?, ?, ?, ?, ?)", + $id, $uri, $owner, $owner_name, json_encode($data)); $success = $db->affected_rows($result) > 0; // create the session in Manticore if ($success) { $req = $this->get_request(); $res = $req->document_create(array( 'id' => $id, 'title' => '', // @TODO: maybe set to a file path without extension? 'access' => array( array( 'identity' => $owner, 'permission' => file_manticore_api::ACCESS_WRITE, ), ), )); if (!$res) { $this->session_delete($id, true); return false; } } return $success; } /** - * Find invitations for current user - * + * Find invitations for current user. This will return all + * invitations related to the user including his sessions. * + * @param array $filter Search filter (see self::invitations_find()) * * @return array Invitations list */ - public function invitations_list($session_id = null) + public function invitations_list($filter = array()) { - $invitations = array(); - $db = $this->rc->get_dbh(); - $result = $db->query("SELECT * FROM `{$this->invitations_table}`" - . " WHERE `user`= ?" - . ($session_id ? " AND `session_id` = " . $db->quote($session_id) : "") - . " ORDER BY `changed`", $_SESSION['user']); + $filter['user'] = $this->user; - while ($row = $db->fetch_assoc($result)) { - $invitations[] = $row; + // list of invitations to the user or requested by him + $result = $this->invitations_find($filter, true); + + unset($filter['user']); + $filter['owner'] = $this->user; + + // other invitations that belong to the sessions owned by the user + if ($other = $this->invitations_find($filter, true)) { + $result = array_merge($result, $other); } - return $invitations; + return $result; } /** - * Find invitations for specified session_id + * Find invitations for specified filter + * + * @param array $filter Search filter (see self::invitations_find()) + * - session_id: session identifier + * - timestamp: "changed > ?" filter + * - user: Invitation user identifier + * - owner: Session owner identifier + * @param bool $extended Return session file names + * + * @return array Invitations list */ - public function invitations_find($filter) + public function invitations_find($filter, $extended = false) { - $invitations = array(); - $db = $this->rc->get_dbh(); + $db = $this->rc->get_dbh(); + $query = ''; + $select = "i.*"; foreach ($filter as $column => $value) { - $filter[$column] = "`$column` = " . $db->quote($value); + if ($column == 'timestamp') { + $where[] = "i.`changed` > " . $db->fromunixtime($value); + } + else if ($column == 'owner') { + $join[] = "`{$this->sessions_table}` s ON (i.`session_id` = s.`id`)"; + $where[] = "s.`owner` = " . $db->quote($value); + } + else { + $where[] = "i.`$column` = " . $db->quote($value); + } } - $where = implode(' AND ', $filter); - $result = $db->query("SELECT * FROM `{$this->invitations_table}`" - . " WHERE $where ORDER BY `changed`"); + if ($extended) { + $select .= ", s.`uri`, s.`owner`, s.`owner_name`"; + $join[] = "`{$this->sessions_table}` s ON (i.`session_id` = s.`id`)"; + } + + if (!empty($join)) { + $query .= ' JOIN ' . implode(' JOIN ', array_unique($join)); + } + + if (!empty($where)) { + $query .= ' WHERE ' . implode(' AND ', array_unique($where)); + } + + $result = $db->query("SELECT $select FROM `{$this->invitations_table}` i" + . "$query ORDER BY `changed`"); + + if ($db->is_error($result)) { + throw new Exception("Internal error.", file_api_core::ERROR_CODE); + } + + $invitations = array(); while ($row = $db->fetch_assoc($result)) { + if ($extended) { + try { + // add unix-timestamp of the `changed` date to the result + $dt = new DateTime($row['changed']); + $row['timestamp'] = $dt->format('U'); + } + catch(Exception $e) { } + + // add filename to the result + $filename = parse_url($row['uri'], PHP_URL_PATH); + $filename = pathinfo($filename, PATHINFO_BASENAME); + $filename = rawurldecode($filename); + + $row['filename'] = $filename; + + if ($path = $this->uri2path($row['uri'])) { + $row['file'] = $path; + } + + unset($row['uri']); + } + $invitations[] = $row; } return $invitations; } /** * Create an invitation * * @param string $session_id Document session identifier - * @param string $user User identifier + * @param string $user User identifier (use null for current user) * @param string $status Invitation status (invited, requested) + * @param string $comment Invitation description/comment + * @param string &$user_name Optional user name * * @throws Exception */ - public function invitation_create($session_id, $user, $status = 'invited') + public function invitation_create($session_id, $user, $status = 'invited', $comment = '', &$user_name = '') { + if (empty($user)) { + $user = $this->user; + } + if ($status != self::STATUS_INVITED && $status != self::STATUS_REQUESTED) { throw new Exception("Invalid invitation status.", file_api_core::ERROR_CODE); } // get session information $session = $this->session_info($session_id); if (empty($session)) { throw new Exception("Document session not found.", file_api_core::ERROR_CODE); } // check session ownership, only owner can create 'new' invitations - if ($status == self::STATUS_INVITED && $session['owner'] != $_SESSION['user']) { + if ($status == self::STATUS_INVITED && $session['owner'] != $this->user) { throw new Exception("No permission to create an invitation.", file_api_core::ERROR_CODE); } if ($session['owner'] == $user) { throw new Exception("Not possible to create an invitation for the session creator.", file_api_core::ERROR_CODE); } // Update Manticore 'access' array if ($status == self::STATUS_INVITED) { $req = $this->get_request(); $res = $req->editor_add($session_id, $user, file_manticore_api::ACCESS_WRITE); if (!$res) { throw new Exception("Failed to create an invitation.", file_api_core::ERROR_CODE); } } + // get user name + if (empty($user_name)) { + $user_name = $this->api->resolve_user($user) ?: ''; + } + // insert invitation $db = $this->rc->get_dbh(); $result = $db->query("INSERT INTO `{$this->invitations_table}`" - . " (`session_id`, `user`, `status`, `changed`)" - . " VALUES (?, ?, ?, " . $db->now() . ")", - $session_id, $user, $status); + . " (`session_id`, `user`, `user_name`, `status`, `comment`, `changed`)" + . " VALUES (?, ?, ?, ?, ?, " . $db->now() . ")", + $session_id, $user, $user_name, $status, $comment ?: ''); if (!$db->affected_rows($result)) { throw new Exception("Failed to create an invitation.", file_api_core::ERROR_CODE); } } /** * Delete an invitation (only session owner can do that) * * @param string $session_id Session identifier * @param string $user User identifier * * @throws Exception */ public function invitation_delete($session_id, $user) { $db = $this->rc->get_dbh(); $result = $db->query("DELETE FROM `{$this->invitations_table}`" . " WHERE `session_id` = ? AND `user` = ?" . " AND EXISTS (SELECT 1 FROM `{$this->sessions_table}` WHERE `id` = ? AND `owner` = ?)", - $session_id, $user, $session_id, $_SESSION['user']); + $session_id, $user, $session_id, $this->user); if (!$db->affected_rows($result)) { throw new Exception("Failed to delete an invitation.", file_api_core::ERROR_CODE); } // Update Manticore 'access' array - // @todo + $req = $this->get_request(); + $res = $req->editor_delete($session_id, $user); + + if (!$res) { + throw new Exception("Failed to remove an invitation.", file_api_core::ERROR_CODE); + } } /** * Update an invitation status * * @param string $session_id Session identifier - * @param string $user User identifier + * @param string $user User identifier (use null for current user) * @param string $status Invitation status (accepted, declined) + * @param string $comment Invitation description/comment * * @throws Exception */ - public function invitation_update($session_id, $user, $status) + public function invitation_update($session_id, $user, $status, $comment = '') { + if (empty($user)) { + $user = $this->user; + } + if ($status != self::STATUS_ACCEPTED && $status != self::STATUS_DECLINED) { throw new Exception("Invalid invitation status.", file_api_core::ERROR_CODE); } // get session information $session = $this->session_info($session_id); if (empty($session)) { throw new Exception("Document session not found.", file_api_core::ERROR_CODE); } // check session ownership - if ($user != $_SESSION['user'] && $session['owner'] != $_SESSION['user']) { + if ($user != $this->user && $session['owner'] != $this->user) { throw new Exception("No permission to update an invitation.", file_api_core::ERROR_CODE); } + if ($session['owner'] == $this->user) { + $status = $status . '-owner'; + } + $db = $this->rc->get_dbh(); $result = $db->query("UPDATE `{$this->invitations_table}`" - . " SET `status` = ?, `changed` = " . $db->now() + . " SET `status` = ?, `comment` = ?, `changed` = " . $db->now() . " WHERE `session_id` = ? AND `user` = ?", - $status, $session_id, $user); + $status, $comment ?: '', $session_id, $user); if (!$db->affected_rows($result)) { throw new Exception("Failed to update an invitation status.", file_api_core::ERROR_CODE); } // Update Manticore 'access' array if an owner accepted an invitation request - if ($status == self::STATUS_ACCEPTED && $_SESSION['user'] == $session['owner']) { - // @todo + if ($status == self::STATUS_ACCEPTED_OWNER) { + $req = $this->get_request(); + $res = $req->editor_add($session_id, $user, file_manticore_api::ACCESS_WRITE); + + if (!$res) { + throw new Exception("Failed to update an invitation status.", file_api_core::ERROR_CODE); + } } } /** * Parse session info data */ protected function session_info_parse($record, $path = null, $filter = array()) { /* if (is_string($data) && !empty($data)) { $data = json_decode($data, true); } */ $session = array(); - $fields = array('id', 'uri', 'owner'); + $fields = array('id', 'uri', 'owner', 'owner_name'); foreach ($fields as $field) { if (isset($record[$field])) { $session[$field] = $record[$field]; } } if ($path) { $session['file'] = $path; } // @TODO: is_invited?, last_modified? - if ($session['owner'] == $_SESSION['user']) { + if ($session['owner'] == $this->user) { $session['is_owner'] = true; } if (!empty($filter)) { $session = array_intersect_key($session, array_flip($filter)); } return $session; } /** * Generate URI of Manticore editing session */ protected function frame_uri($id) { $base_url = rtrim($this->rc->config->get('fileapi_manticore'), ' /'); return $base_url . '/document/' . $id . '/' . $_SESSION['manticore_token']; } /** * Get file path from the URI */ protected function uri2path($uri) { $backend = $this->api->get_backend(); try { return $backend->uri2path($uri); } catch (Exception $e) { // do nothing } foreach ($this->api->get_drivers(true) as $driver) { try { $path = $driver->uri2path($uri); $title = $driver->title(); if ($title) { $path = $title . file_storage::SEPARATOR . $path; } return $path; } catch (Exception $e) { // do nothing } } } - /** - * Return Manticore user/session info - */ - public function user_info() - { - $req = $this->get_request(); - $res = $req->get('api/users/me'); - - return $res->get(); - } - /** * Initialize Manticore API request handler */ protected function get_request() { if (!$this->request) { $uri = rcube_utils::resolve_url($this->rc->config->get('fileapi_manticore')); $this->request = new file_manticore_api($uri); // Use stored session token, check if it's still valid if ($_SESSION['manticore_token']) { $is_valid = $this->request->set_session_token($_SESSION['manticore_token'], true); if ($is_valid) { return $this->request; } } $backend = $this->api->get_backend(); $auth = $backend->auth_info(); $_SESSION['manticore_token'] = $this->request->login($auth['username'], $auth['password']); if (empty($_SESSION['manticore_token'])) { throw new Exception("Unable to login to Manticore server.", file_api_core::ERROR_CODE); } } return $this->request; } } diff --git a/lib/file_manticore_api.php b/lib/file_manticore_api.php index 2a6abd5..b590062 100644 --- a/lib/file_manticore_api.php +++ b/lib/file_manticore_api.php @@ -1,394 +1,440 @@ | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ /** * Helper class to connect to the Manticore API */ class file_manticore_api { /** * @var HTTP_Request2 */ private $request; /** * @var string */ private $base_url; /** * @var bool */ private $debug = false; const ERROR_INTERNAL = 100; const ERROR_CONNECTION = 500; const ACCEPT_HEADER = "application/json,text/javascript,*/*"; const ACCESS_WRITE = 'write'; const ACCESS_READ = 'read'; const ACCESS_DENY = 'deny'; /** * Class constructor. * * @param string $base_url Base URL of the Kolab API */ public function __construct($base_url) { require_once 'HTTP/Request2.php'; $config = rcube::get_instance()->config; $this->debug = rcube_utils::get_boolean($config->get('fileapi_manticore_debug')); $this->base_url = rtrim($base_url, '/') . '/'; $this->request = new HTTP_Request2(); self::configure($this->request); } /** * Configure HTTP_Request2 object * * @param HTTP_Request2 $request Request object */ public static function configure($request) { // Configure connection options $config = rcube::get_instance()->config; $http_config = (array) $config->get('http_request', $config->get('kolab_http_request')); // Deprecated config, all options are separated variables if (empty($http_config)) { $options = array( 'ssl_verify_peer', 'ssl_verify_host', 'ssl_cafile', 'ssl_capath', 'ssl_local_cert', 'ssl_passphrase', 'follow_redirects', ); foreach ($options as $optname) { if (($optvalue = $config->get($optname)) !== null || ($optvalue = $config->get('kolab_' . $optname)) !== null ) { $http_config[$optname] = $optvalue; } } } if (!empty($http_config)) { try { $request->setConfig($http_config); } catch (Exception $e) { rcube::log_error("HTTP: " . $e->getMessage()); } } // proxy User-Agent $request->setHeader('user-agent', $_SERVER['HTTP_USER_AGENT']); // some HTTP server configurations require this header $request->setHeader('accept', self::ACCEPT_HEADER); $request->setHeader('Content-Type', 'application/json; charset=UTF-8'); } /** * Return API's base URL * * @return string Base URL */ public function base_url() { return $this->base_url; } /** * Return HTTP_Request2 object * * @return HTTP_Request2 Request object */ public function request() { return $this->request; } /** * Logs specified user into the API * * @param string $username User name * @param string $password User password * * @return string Session token (on success) */ public function login($username, $password) { $query = array( 'email' => $username, 'password' => $password, ); // remove current token if any $this->request->setHeader('Authorization'); // authenticate the user $response = $this->post('auth/local', $query); if ($token = $response->get('token')) { $this->set_session_token($token); } return $token; } /** * Sets request session token. * * @param string $token Session token. * @param bool $validate Enables token validatity check * * @return bool Token validity status */ public function set_session_token($token, $validate = false) { $this->request->setHeader('Authorization', "Bearer $token"); if ($validate) { - $result = $this->get('api/user/me'); + $result = $this->get('api/users/me'); return $result->get_error_code() == 200; } return true; } /** * Delete document editing session * * @param array $id Session identifier * * @return bool True on success, False on failure */ public function document_delete($id) { $res = $this->delete('api/documents/' . $id); return $res->get_error_code() == 204; } /** * Create document editing session * * @param array $params Session parameters * * @return bool True on success, False on failure */ public function document_create($params) { $res = $this->post('api/documents', $params); - // @TODO: 422? + // @FIXME: 422? return $res->get_error_code() == 201 || $res->get_error_code() == 422; } /** * Add document editor (update 'access' array) * * @param array $session_id Session identifier * @param array $identity User identifier * * @return bool True on success, False on failure */ - public function editor_add($session_id, $idenity, $permission) + public function editor_add($session_id, $identity, $permission) { $res = $this->get("api/documents/$session_id/access"); -rcube::console($req); if ($res->get_error_code() != 200) { return false; } - // @todo add editor to the 'access' array - + $access = $res->get(); - $res = $this->put("api/documents/$session_id/access", $params); + // sanity check, this should never be empty + if (empty($access)) { + return false; + } + + // add editor to the 'access' array + foreach ($access as $entry) { + if ($entry['identity'] == $identity) { + return true; + } + } + + $access[] = array('identity' => $identity, 'permission' => $permission); + + $res = $this->put("api/documents/$session_id/access", $access); + + return $res->get_error_code() == 200; + } + + /** + * Remove document editor (update 'access' array) + * + * @param array $session_id Session identifier + * @param array $identity User identifier + * + * @return bool True on success, False on failure + */ + public function editor_delete($session_id, $identity) + { + $res = $this->get("api/documents/$session_id/access"); + + if ($res->get_error_code() != 200) { + return false; + } + + $access = $res->get(); + $found = true; + + // remove editor from the 'access' array + foreach ((array) $access as $idx => $entry) { + if ($entry['identity'] == $identity) { + unset($access[$idx]); + } + } + + if (!$found) { + return false; + } + + $res = $this->put("api/documents/$session_id/access", $access); -rcube::console($req); return $res->get_error_code() == 200; } /** * API's GET request. * * @param string $action Action name * @param array $get Request arguments * * @return file_ui_api_result Response */ public function get($action, $get = array()) { $url = $this->build_url($action, $get); if ($this->debug) { rcube::write_log('manticore', "GET: $url " . json_encode($get)); } $this->request->setMethod(HTTP_Request2::METHOD_GET); $this->request->setBody(''); return $this->get_response($url); } /** * API's POST request. * * @param string $action Action name * @param array $post POST arguments * * @return kolab_client_api_result Response */ public function post($action, $post = array()) { $url = $this->build_url($action); if ($this->debug) { rcube::write_log('manticore', "POST: $url " . json_encode($post)); } $this->request->setMethod(HTTP_Request2::METHOD_POST); $this->request->setBody(json_encode($post)); return $this->get_response($url); } /** * API's PUT request. * * @param string $action Action name * @param array $post POST arguments * * @return kolab_client_api_result Response */ public function put($action, $post = array()) { $url = $this->build_url($action); if ($this->debug) { rcube::write_log('manticore', "PUT: $url " . json_encode($post)); } $this->request->setMethod(HTTP_Request2::METHOD_PUT); $this->request->setBody(json_encode($post)); return $this->get_response($url); } /** * API's DELETE request. * * @param string $action Action name * @param array $get Request arguments * * @return file_ui_api_result Response */ public function delete($action, $get = array()) { $url = $this->build_url($action, $get); if ($this->debug) { rcube::write_log('manticore', "DELETE: $url " . json_encode($get)); } $this->request->setMethod(HTTP_Request2::METHOD_DELETE); $this->request->setBody(''); return $this->get_response($url); } /** * @param string $action Action GET parameter * @param array $args GET parameters (hash array: name => value) * * @return Net_URL2 URL object */ private function build_url($action, $args = array()) { $url = new Net_URL2($this->base_url . $action); $url->setQueryVariables((array) $args); return $url; } /** * HTTP Response handler. * * @param Net_URL2 $url URL object * * @return kolab_client_api_result Response object */ private function get_response($url) { try { $this->request->setUrl($url); $response = $this->request->send(); } catch (Exception $e) { return new file_ui_api_result(null, self::ERROR_CONNECTION, $e->getMessage()); } try { $body = $response->getBody(); } catch (Exception $e) { return new file_ui_api_result(null, self::ERROR_INTERNAL, $e->getMessage()); } $code = $response->getStatus(); if ($this->debug) { rcube::write_log('manticore', "Response [$code]: $body"); } if ($code < 300) { $result = $body ? json_decode($body, true) : array(); } else { if ($code != 401) { rcube::raise_error("Error $code on $url", true, false); } $error = $body; } return new file_ui_api_result($result, $code, $error); } } diff --git a/public_html/js/files_api.js b/public_html/js/files_api.js index 7d9262e..39f76e1 100644 --- a/public_html/js/files_api.js +++ b/public_html/js/files_api.js @@ -1,928 +1,1076 @@ -/* +/** +--------------------------------------------------------------------------+ | This file is part of the Kolab File API | | | - | Copyright (C) 2012-2013, Kolab Systems AG | + | Copyright (C) 2012-2015, Kolab Systems AG | | | | This program is free software: you can redistribute it and/or modify | | it under the terms of the GNU Affero General Public License as published | | by the Free Software Foundation, either version 3 of the License, or | | (at your option) any later version. | | | | This program is distributed in the hope that it will be useful, | | but WITHOUT ANY WARRANTY; without even the implied warranty of | | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | | GNU Affero General Public License for more details. | | | | You should have received a copy of the GNU Affero General Public License | | along with this program. If not, see | +--------------------------------------------------------------------------+ | Author: Aleksander Machniak | +--------------------------------------------------------------------------+ */ function files_api() { var ref = this; // default config this.sessions = {}; this.translations = {}; this.env = { url: 'api/', directory_separator: '/', resources_dir: 'resources' }; /*********************************************************/ /********* Basic utilities *********/ /*********************************************************/ // set environment variable(s) this.set_env = function(p, value) { if (p != null && typeof p === 'object' && !value) for (var n in p) this.env[n] = p[n]; else this.env[p] = value; }; // add a localized label(s) to the client environment this.tdef = function(p, value) { if (typeof p == 'string') this.translations[p] = value; else if (typeof p == 'object') $.extend(this.translations, p); }; // return a localized string this.t = function(label) { if (this.translations[label]) return this.translations[label]; else return label; }; // print a message into browser console this.log = function(msg) { if (window.console && console.log) console.log(msg); }; /********************************************************/ /********* Remote request methods *********/ /********************************************************/ // send a http POST request to the API service this.post = function(action, data, func) { var url = this.env.url + '?method=' + action; if (!func) func = 'response'; this.set_request_time(); return $.ajax({ type: 'POST', url: url, data: JSON.stringify(data), dataType: 'json', contentType: 'application/json; charset=utf-8', - success: function(response) { ref[func](response); }, + success: function(response) { if (typeof func == 'function') func(response); else ref[func](response); }, error: function(o, status, err) { ref.http_error(o, status, err); }, cache: false, beforeSend: function(xmlhttp) { xmlhttp.setRequestHeader('X-Session-Token', ref.env.token); } }); }; // send a http GET request to the API service this.get = function(action, data, func) { var url = this.env.url; if (!func) func = 'response'; this.set_request_time(); data.method = action; return $.ajax({ type: 'GET', url: url, data: data, dataType: 'json', - success: function(response) { ref[func](response); }, + success: function(response) { if (typeof func == 'function') func(response); else ref[func](response); }, error: function(o, status, err) { ref.http_error(o, status, err); }, cache: false, beforeSend: function(xmlhttp) { xmlhttp.setRequestHeader('X-Session-Token', ref.env.token); } }); }; // send request with auto-selection of POST/GET method this.request = function(action, data, func) { // Use POST for modification actions with probable big request size var method = /_(create|delete|move|copy|update|auth|subscribe|unsubscribe|invite|decline|request|accept|remove)$/.test(action) ? 'post' : 'get'; return this[method](action, data, func); }; // handle HTTP request errors this.http_error = function(request, status, err) { var errmsg = request.statusText; this.set_busy(false); request.abort(); if (request.status && errmsg) this.display_message(this.t('servererror') + ' (' + errmsg + ')', 'error'); }; this.response = function(response) { this.update_request_time(); this.set_busy(false); return this.response_parse(response); }; this.response_parse = function(response) { if (!response || response.status != 'OK') { // Logout on invalid-session error if (response && response.code == 403) this.logout(response); else this.display_message(response && response.reason ? response.reason : this.t('servererror'), 'error'); return false; } return true; }; /*********************************************************/ /********* Utilities *********/ /*********************************************************/ // Called on "session expired" session this.logout = function(response) {}; // set state this.set_busy = function(state, message) {}; // displays error message this.display_message = function(label, type) {}; // called when a request timed out this.request_timed_out = function() {}; // called on start of the request this.set_request_time = function() {}; // called on request response this.update_request_time = function() {}; /*********************************************************/ /********* Helpers *********/ /*********************************************************/ // compose a valid url with the given parameters this.url = function(action, query) { var k, param = {}, querystring = typeof query === 'string' ? '&' + query : ''; if (typeof action !== 'string') query = action; else if (!query || typeof query !== 'object') query = {}; // overwrite task name if (action) query.method = action; // remove undefined values for (k in query) { if (query[k] !== undefined && query[k] !== null) param[k] = query[k]; } return '?' + $.param(param) + querystring; }; // fill folder selector with options this.folder_select_element = function(select, params) { var options = [], selected = params && params.selected ? params.selected : this.env.folder; if (params && params.empty) options.push($('