Class

eZWebDAVContentBackendAuth

class eZWebDAVContentBackendAuth implements ezcWebdavAnonymousAuthenticator, ezcWebdavBasicAuthenticator, ezcWebdavAuthorizer, ezcWebdavLockAuthorizer

Basic authentication for WebDAV.

Methods

authenticateAnonymous(ezcWebdavAnonymousAuth $data)

bool authenticateBasic(ezcWebdavBasicAuth $data)

Checks authentication for the given $user.

bool authorize(string $user, string $path, int $access = self::ACCESS_READ)

Checks authorization of the given $user to a given $path.

void assignLock(string $user, string $lockToken)

Assign a $lockToken to a given $user.

bool ownsLock(string $user, string $lockToken)

Returns if the given $lockToken is owned by the given $user.

releaseLock(string $user, string $lockToken)

Removes the assignment of $lockToken from $user.

Details

at line 23
public authenticateAnonymous(ezcWebdavAnonymousAuth $data)

Parameters

ezcWebdavAnonymousAuth $data

at line 42
public bool authenticateBasic(ezcWebdavBasicAuth $data)

Checks authentication for the given $user.

This method checks the given user/password credentials encapsulated in $data. Returns true if the user was succesfully recognized and the password is valid for him, false otherwise. In case no username and/or password was provided in the request, empty strings are provided as the parameters of this method.

Parameters

ezcWebdavBasicAuth $data

Return Value

bool

at line 100
public bool authorize(string $user, string $path, int $access = self::ACCESS_READ)

Checks authorization of the given $user to a given $path.

This method checks if the given $user has the permission $access to the resource identified by $path. The $path is the result of a translation by the servers {@link ezcWebdavPathFactory} from the request URI.

The $access parameter can be one of

The implementation of this method must only check the given $path, but MUST not check descendant paths, since the back end will issue dedicated calls for such paths. In contrast, the algoritm MUST ensure, that parent permission constraints of the given $paths are met.

Examples: Permission is rejected for the paths "/a", "/b/beamme" and "/c/connect":

authorize( 'johndoe', '/a' ) ); // false var_dump( $auth->authorize( 'johndoe', '/b' ) ); // true var_dump( $auth->authorize( 'johndoe', '/b/beamme' ) ); // false var_dump( $auth->authorize( 'johndoe', '/c/connect/some/deeper/path' ) ); // false ?>

Parameters

string $user
string $path
int $access

Return Value

bool

at line 193
public void assignLock(string $user, string $lockToken)

Assign a $lockToken to a given $user.

The authorization backend needs to save an arbitrary number of lock tokens per user. A lock token is a of maximum length 255 containing:

Parameters

string $user
string $lockToken

Return Value

void

at line 207
public bool ownsLock(string $user, string $lockToken)

Returns if the given $lockToken is owned by the given $user.

Returns true, if the $lockToken is owned by $user, false otherwise.

Parameters

string $user
string $lockToken

Return Value

bool

at line 223
public releaseLock(string $user, string $lockToken)

Removes the assignment of $lockToken from $user.

After a $lockToken has been released from the $user, the {@link ownsLock()} method must return false for the given combination. It might happen, that a lock is to be released, which already has been removed. This case must be ignored by the method.

Parameters

string $user
string $lockToken