Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source
Page
Library
Module
Module type
Parameter
Class
Class type
Source
package caldav
Legend:
Page
Library
Module
Module type
Parameter
Class
Class type
Source
Page
Library
Module
Module type
Parameter
Class
Class type
Source
Source file properties.ml
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286module Xml = Webdav_xml let prop_version = [ Xml.pcdata "2" ] module PairMap = Map.Make (struct type t = string * string let compare (a1, a2) (b1, b2) = match String.compare a1 b1 with | 0 -> String.compare a2 b2 | x -> x end) open Sexplib.Conv type property = Xml.attribute list * Xml.tree list [@@deriving sexp] type t = property PairMap.t type property_list = ((string * string) * property) list [@@deriving sexp] let to_sexp t = let bindings = PairMap.bindings t in sexp_of_property_list bindings let of_sexp now s = let bindings = property_list_of_sexp s in let map = List.fold_left (fun map (k, v) -> PairMap.add k v map) PairMap.empty bindings in match PairMap.find_opt (Xml.robur_ns, "prop_version") map with | Some ([], [ Xml.Pcdata n ]) -> begin match int_of_string n with | exception Failure _ -> Logs.warn (fun m -> m "couldn't parse version"); map | 0 | 1 -> let current = [], [ Xml.Pcdata (Ptime.to_rfc3339 now) ] in (* version 0 and 1 didn't write the lastmodified *) (* for directories, we use the current timestamp, for files the creationdate (which is always updated) *) let ts = match PairMap.find_opt (Xml.dav_ns, "getcontenttype") map with | Some ([], [ Xml.Pcdata ct ]) when ct = "text/directory" -> current | _ -> begin match PairMap.find_opt (Xml.dav_ns, "creationdate") map with | None -> Logs.warn (fun m -> m "map without creationdate"); current | Some v -> v end in PairMap.add (Xml.robur_ns, "prop_version") ([], prop_version) (PairMap.add (Xml.dav_ns, "getlastmodified") ts map) | _ -> map end | _ -> (* shouldn't happen *) Logs.warn (fun m -> m "property map without version"); map (* not safe *) let unsafe_find = PairMap.find_opt let unsafe_add = PairMap.add let unsafe_remove = PairMap.remove (* public and ok *) let empty = PairMap.empty (* internal *) let keys m = List.map fst (PairMap.bindings m) (* public and ok *) let count = PairMap.cardinal let not_returned_by_allprop = [ (Xml.robur_ns, "prop_version"); (Xml.dav_ns, "owner"); (Xml.dav_ns, "group"); (Xml.dav_ns, "supported-privilege-set"); (Xml.dav_ns, "current-user-privilege-set"); (Xml.dav_ns, "acl"); (Xml.dav_ns, "acl-restrictions"); (Xml.dav_ns, "inherited-acl-set"); (Xml.dav_ns, "principal-collection-set"); (Xml.caldav_ns, "calendar-description"); (Xml.caldav_ns, "calendar-timezone"); (Xml.caldav_ns, "supported-calendar-component-set"); (Xml.caldav_ns, "supported-calendar-data"); (Xml.caldav_ns, "max-resource-size"); (Xml.caldav_ns, "min-date-time"); (Xml.caldav_ns, "max-date-time"); (Xml.caldav_ns, "max-instances"); (Xml.caldav_ns, "max-attendees-per-instance"); (Xml.caldav_ns, "calendar-home-set"); (Xml.caldav_ns, "supported-collation-set"); (Xml.robur_ns, "password"); (Xml.robur_ns, "salt"); ] let write_protected = [ (Xml.robur_ns, "prop_version"); (Xml.dav_ns, "principal-URL"); (Xml.dav_ns, "group-membership"); (Xml.dav_ns, "resourcetype"); (Xml.dav_ns, "current-user-principal"); (Xml.dav_ns, "current-user-privilege-set"); (Xml.dav_ns, "content-length"); (Xml.dav_ns, "etag"); ] let computed_properties = [ (Xml.dav_ns, "current-user-privilege-set") ; (Xml.dav_ns, "current-user-principal") ] (* assume that it is safe, should call can_write_prop *) (* TODO check `Write_acl if writing an ACL property *) let patch ?(is_mkcol = false) props_for_resource updates = (* if an update did not apply, m will be None! *) let xml (ns, n) = [ Xml.node ~ns n [] ] in let apply (props_for_resource, propstats) update = match props_for_resource, update with | None, `Set (_, k, _) -> None, (`Failed_dependency, xml k) :: propstats | None, `Remove k -> None, (`Failed_dependency, xml k) :: propstats | Some props_for_resource', `Set (a, k, v) -> if List.mem k write_protected && not (is_mkcol && k = (Xml.dav_ns, "resourcetype")) then None, (`Forbidden, xml k) :: propstats else let props_for_resource'' = unsafe_add k (a, v) props_for_resource' in (Some props_for_resource'', (`OK, xml k) :: propstats) | Some props_for_resource', `Remove k -> if List.mem k write_protected then None, (`Forbidden, xml k) :: propstats else let props_for_resource'' = unsafe_remove k props_for_resource' in Some props_for_resource'', (`OK, xml k) :: propstats in match List.fold_left apply (Some props_for_resource, []) updates with | Some props_for_resource', xs -> Some props_for_resource', xs | None, xs -> (* some update did not apply -> tree: None *) let ok_to_failed (s, k) = ((match s with | `OK -> `Failed_dependency | x -> x), k) in None, List.map ok_to_failed xs (* housekeeping *) let to_trees m = PairMap.fold (fun (ns, k) (a, v) acc -> Xml.node ~ns ~a k v :: acc) m [] (* housekeeping *) let to_string m = let c = to_trees m in Xml.tree_to_string (Xml.dav_node "prop" c) (* housekeeping *) let pp ppf t = Fmt.string ppf @@ to_string t (* housekeeping *) let equal a b = String.equal (to_string a) (to_string b) (* creates property map for file, only needs to check `Bind in parent, done by webmachine *) let create ?(initial_props = []) ?(content_type = "text/html") ?(language = "en") ?(resourcetype = []) acl timestamp length filename = let filename = if filename = "" then "hinz und kunz" else filename in let timestamp' = Ptime.to_rfc3339 timestamp in let propmap = unsafe_add (Xml.robur_ns, "prop_version") ([], prop_version) @@ unsafe_add (Xml.dav_ns, "acl") ([], List.map Xml.ace_to_xml acl) @@ unsafe_add (Xml.dav_ns, "creationdate") ([], [ Xml.Pcdata timestamp' ]) @@ unsafe_add (Xml.dav_ns, "displayname") ([], [ Xml.Pcdata filename ]) @@ unsafe_add (Xml.dav_ns, "getcontentlanguage") ([], [ Xml.Pcdata language ]) @@ unsafe_add (Xml.dav_ns, "getcontenttype") ([], [ Xml.Pcdata content_type ]) @@ unsafe_add (Xml.dav_ns, "getcontentlength") ([], [ Xml.Pcdata (string_of_int length) ]) @@ unsafe_add (Xml.dav_ns, "getlastmodified") ([], [ Xml.Pcdata timestamp' ]) @@ (* unsafe_add "lockdiscovery" *) unsafe_add (Xml.dav_ns, "resourcetype") ([], resourcetype) empty (* unsafe_add "supportedlock" *) in List.fold_left (fun p (k, v) -> unsafe_add k v p) propmap initial_props (* creates property map for directory *) let create_dir ?initial_props ?(resourcetype = []) acl timestamp dirname = create ?initial_props ~content_type:"text/directory" ~resourcetype:(Xml.dav_node "collection" [] :: resourcetype) acl timestamp 0 dirname (* housekeeping *) let from_tree = function | Xml.Node (_, "prop", _, children) -> List.fold_left (fun m c -> match c with | Xml.Node (ns, k, a, v) -> unsafe_add (ns, k) (a, v) m | Xml.Pcdata _ -> assert false) empty children | _ -> assert false (* TODO groups only one level deep right now *) (* TODO belongs elsewhere? *) (* outputs identities for a single user *) let identities userprops = let url = function | Xml.Node (_, "href", _, [ Xml.Pcdata url ]) -> [ Uri.of_string url ] | _ -> [] in let urls n = List.flatten (List.map url n) in match unsafe_find (Xml.dav_ns, "principal-URL") userprops, unsafe_find (Xml.dav_ns, "group-membership") userprops with | None, _ -> [] | Some (_, principal), Some (_, groups) -> urls principal @ urls groups | Some (_, principal), None -> urls principal let privileges ~auth_user_props resource_props = let aces = match unsafe_find (Xml.dav_ns, "acl") resource_props with | None -> [] | Some (_, aces) -> aces in Privileges.list ~identities:(identities auth_user_props) aces let inherited_acls ~auth_user_props resource_props = let aces = match unsafe_find (Xml.dav_ns, "acl") resource_props with | None -> [] | Some (_, aces) -> aces in Logs.debug (fun m -> m "inherited aces size %d" (List.length aces)); let inherited = Privileges.inherited_acls ~identities:(identities auth_user_props) aces in Logs.debug (fun m -> m "inherited size %d" (List.length inherited)); inherited (* helper computing "current-user-privilege-set", not public *) let current_user_privilege_set ~auth_user_props map = let make_node p = Xml.dav_node "privilege" [ Xml.priv_to_xml p ] in let privileges = privileges ~auth_user_props map in let uniq = (* workaround for Firefox OS which doesn't understand <privilege><all/></privilege> *) if List.mem `All privileges then [ `Read ; `Write ; `Read_current_user_privilege_set ; `Write_content ; `Write_properties ; `Bind ; `Unbind ; `All ] else List.sort_uniq compare privileges in Some ([], (List.map make_node uniq)) (* checks nothing, computes current-user-principal, helper function *) let current_user_principal props = match unsafe_find (Xml.dav_ns, "principal-URL") props with | None -> Some ([], [ Xml.dav_node "unauthenticated" [] ]) | Some url -> Some url (* checks nothing, computes properties, should be visible? but requires auth_user_props *) let get_prop auth_user_props m = function | ns, "current-user-privilege-set" when ns = Xml.dav_ns -> current_user_privilege_set ~auth_user_props m | ns, "current-user-principal" when ns = Xml.dav_ns -> current_user_principal auth_user_props | fqname -> unsafe_find fqname m let find ~auth_user_props ~resource_props property_fqname = let privileges = privileges ~auth_user_props resource_props in if Privileges.can_read_prop property_fqname privileges then match get_prop auth_user_props resource_props property_fqname with | None -> Error `Not_found | Some v -> Ok v else Error `Forbidden let transform_lastmodified = function | None -> None | Some (attrs, [ Xml.Pcdata str ]) -> Some (attrs, [ Xml.Pcdata (Xml.rfc3339_date_to_http_date str) ]) | Some _ -> assert false (* checks sufficient privileges for "current-user-privilege-set" and "read-acl" via can_read_prop *) let find_many ~auth_user_props ~resource_props property_names = let resource_props = PairMap.update (Xml.dav_ns, "getlastmodified") transform_lastmodified resource_props in let props = List.map (find ~auth_user_props ~resource_props) property_names in let results = List.map2 (fun (ns, name) p -> p, match p with | Ok (a, c) -> Xml.node ~ns ~a name c | Error _ -> Xml.node ~ns name []) property_names props in (* group by return code *) let found, rest = List.partition (function | Ok _, _ -> true | _ -> false) results in let not_found, forbidden = List.partition (function | Error `Not_found, _ -> true | Error `Forbidden, _ -> false | Ok _, _ -> assert false) rest in let apply_tag tag l = if l = [] then [] else [ tag, List.map snd l ] in apply_tag `OK found @ apply_tag `Not_found not_found @ apply_tag `Forbidden forbidden (* not safe, exposed, returns property names *) let names m = List.map (fun (ns, k) -> Xml.node ~ns k []) @@ computed_properties @ keys m (* not really safe, but excludes from the not-returned-by-allprop list *) let all m = let m' = PairMap.update (Xml.dav_ns, "getlastmodified") transform_lastmodified m in to_trees (List.fold_right unsafe_remove not_returned_by_allprop m')