oacs_dav::authorize (public)

 oacs_dav::authorize [ args... ]

Defined in packages/oacs-dav/tcl/oacs-dav-procs.tcl

check is user_id has permission to perform the WebDAV method on the URI

Partial Call Graph (max 5 caller/called nodes):

Testcases:

No testcase defined.

Source code:

    ns_log debug "\nOACS-DAV running oacs_dav::authorize"

    # Restrict to SSL if required
    if { [security::RestrictLoginToSSLP]  && ![security::secure_conn_p] } {
        ns_returnunauthorized
        return filter_return
    }

    # set common data for all requests
    oacs_dav::conn_setup

    set method [string tolower [oacs_dav::conn method]]
    set item_id [oacs_dav::conn item_id]
    set user_id [oacs_dav::conn user_id]
    set folder_id [oacs_dav::conn folder_id]
    ns_log debug "\nOACS-DAV oacs_dav::authorize user_id $user_id method $method item_id $item_id"
    set authorized_p 0
    # if item doesn't exist don't bother checking....
    if {$item_id eq ""} {
        if {"put" ne $method && "mkcol" ne $method && "lock" ne $method } {
            ns_log debug "\noacs_dav::authorize file not found"
            ns_return 404 text/plain "File Not Found"
            return filter_return
        }
    }
    switch $method {
        put -
        mkcol {
            set authorized_p [permission::permission_p  -object_id $folder_id  -party_id $user_id  -privilege "create"]
        }
        delete {
            set authorized_p [permission::permission_p  -object_id $item_id  -party_id $user_id  -privilege "delete"]
        }
        lock {
            if {$item_id ne ""} {
                set authorized_p [permission::permission_p  -object_id $item_id  -party_id $user_id  -privilege "write"]
            } else {
                # if item does not exist yet check for create on
                # the collection and create a null lock
                set authorized_p [permission::permission_p  -object_id $folder_id  -party_id $user_id  -privilege "create"]
            }
        }
        unlock -
        proppatch {
            set authorized_p [permission::permission_p  -object_id $item_id  -party_id $user_id  -privilege "write"]
        }
        copy -
        move {
            set dest_parent_id [oacs_dav::conn dest_parent_id]
            if {$dest_parent_id eq ""} {
                ns_return 409 text/plain {Non-existent destination}
                return filter_ok
            }
            set authorized_p [expr [permission::permission_p  -object_id $item_id  -party_id $user_id  -privilege "read"]  && [permission::permission_p  -object_id $dest_parent_id  -party_id $user_id  -privilege "create"] || [permission::permission_p  -object_id $dest_parent_id  -party_id $user_id  -privilege "write"]]
        }
        propfind {
            if {$user_id eq ""} {
                ns_returnunauthorized
            } else {
                set authorized_p [permission::permission_p  -object_id $item_id  -party_id $user_id  -privilege "read"]
            }
        }
        head -
        get {
            # default for GET PROPFIND
            set authorized_p [permission::permission_p  -object_id $item_id  -party_id $user_id  -privilege "read"]
        }
    }
    if { !$authorized_p } {
        ns_returnunauthorized
        return filter_return
    }
    return filter_ok

Generic XQL file:

packages/oacs-dav/tcl/oacs-dav-procs.xql

PostgreSQL XQL file:

packages/oacs-dav/tcl/oacs-dav-procs-postgresql.xql

Oracle XQL file:

packages/oacs-dav/tcl/oacs-dav-procs-oracle.xql