+/* acls as a container */
+
+- (NSArray *) aclUsersForObjectAtPath: (NSArray *) objectPathArray;
+{
+ EOQualifier *qualifier;
+ NSString *qs;
+ NSArray *records;
+
+ qs = [NSString stringWithFormat: @"c_object = '/%@'",
+ [objectPathArray componentsJoinedByString: @"/"]];
+ qualifier = [EOQualifier qualifierWithQualifierFormat: qs];
+ records = [[self ocsFolder] fetchAclMatchingQualifier: qualifier];
+
+ return [records valueForKey: @"c_uid"];
+}
+
+- (NSArray *) _fetchAclsForUser: (NSString *) uid
+ forObjectAtPath: (NSString *) objectPath
+{
+ EOQualifier *qualifier;
+ NSArray *records;
+ NSMutableArray *acls;
+ NSString *qs;
+
+ qs = [NSString stringWithFormat: @"(c_object = '/%@') AND (c_uid = '%@')",
+ objectPath, uid];
+ qualifier = [EOQualifier qualifierWithQualifierFormat: qs];
+ records = [[self ocsFolder] fetchAclMatchingQualifier: qualifier];
+
+ acls = [NSMutableArray array];
+ if ([records count] > 0)
+ {
+ [acls addObject: SOGoRole_AuthorizedSubscriber];
+ [acls addObjectsFromArray: [records valueForKey: @"c_role"]];
+ }
+
+ return acls;
+}
+
+- (void) _cacheRoles: (NSArray *) roles
+ forUser: (NSString *) uid
+ forObjectAtPath: (NSString *) objectPath
+{
+ NSMutableDictionary *aclsForObject;
+
+ aclsForObject = [aclCache objectForKey: objectPath];
+ if (!aclsForObject)
+ {
+ aclsForObject = [NSMutableDictionary dictionary];
+ [aclCache setObject: aclsForObject
+ forKey: objectPath];
+ }
+ if (roles)
+ [aclsForObject setObject: roles forKey: uid];
+ else
+ [aclsForObject removeObjectForKey: uid];
+}
+
+- (NSArray *) aclsForUser: (NSString *) uid
+ forObjectAtPath: (NSArray *) objectPathArray
+{
+ NSArray *acls;
+ NSString *objectPath;
+ NSDictionary *aclsForObject;
+
+ objectPath = [objectPathArray componentsJoinedByString: @"/"];
+ aclsForObject = [aclCache objectForKey: objectPath];
+ if (aclsForObject)
+ acls = [aclsForObject objectForKey: uid];
+ else
+ acls = nil;
+ if (!acls)
+ {
+ acls = [self _fetchAclsForUser: uid forObjectAtPath: objectPath];
+ [self _cacheRoles: acls forUser: uid forObjectAtPath: objectPath];
+ }
+
+ if (!([acls count] || [uid isEqualToString: defaultUserID]))
+ acls = [self aclsForUser: defaultUserID
+ forObjectAtPath: objectPathArray];
+
+ return acls;
+}
+
+- (void) removeAclsForUsers: (NSArray *) users
+ forObjectAtPath: (NSArray *) objectPathArray
+{
+ EOQualifier *qualifier;
+ NSString *uids, *qs, *objectPath;
+ NSMutableDictionary *aclsForObject;
+
+ if ([users count] > 0)
+ {
+ objectPath = [objectPathArray componentsJoinedByString: @"/"];
+ aclsForObject = [aclCache objectForKey: objectPath];
+ if (aclsForObject)
+ [aclsForObject removeObjectsForKeys: users];
+ uids = [users componentsJoinedByString: @"') OR (c_uid = '"];
+ qs = [NSString
+ stringWithFormat: @"(c_object = '/%@') AND ((c_uid = '%@'))",
+ objectPath, uids];
+ qualifier = [EOQualifier qualifierWithQualifierFormat: qs];
+ [[self ocsFolder] deleteAclMatchingQualifier: qualifier];
+ }
+}
+
+- (void) _commitRoles: (NSArray *) roles
+ forUID: (NSString *) uid
+ forObject: (NSString *) objectPath
+{
+ EOAdaptorChannel *channel;
+ GCSFolder *folder;
+ NSEnumerator *userRoles;
+ NSString *SQL, *currentRole;
+
+ folder = [self ocsFolder];
+ channel = [folder acquireAclChannel];
+ userRoles = [roles objectEnumerator];
+ currentRole = [userRoles nextObject];
+ while (currentRole)
+ {
+ SQL = [NSString stringWithFormat: @"INSERT INTO %@"
+ @" (c_object, c_uid, c_role)"
+ @" VALUES ('/%@', '%@', '%@')",
+ [folder aclTableName],
+ objectPath, uid, currentRole];
+ [channel evaluateExpressionX: SQL];
+ currentRole = [userRoles nextObject];
+ }
+
+ [folder releaseChannel: channel];
+}
+
+- (void) setRoles: (NSArray *) roles
+ forUser: (NSString *) uid
+ forObjectAtPath: (NSArray *) objectPathArray
+{
+ NSString *objectPath;
+ NSMutableArray *newRoles;
+
+ [self removeAclsForUsers: [NSArray arrayWithObject: uid]
+ forObjectAtPath: objectPathArray];
+
+ newRoles = [NSMutableArray arrayWithArray: roles];
+ [newRoles removeObject: SOGoRole_AuthorizedSubscriber];
+ [newRoles removeObject: SOGoRole_None];
+ objectPath = [objectPathArray componentsJoinedByString: @"/"];
+ [self _cacheRoles: newRoles forUser: uid
+ forObjectAtPath: objectPath];
+ if (![newRoles count])
+ [newRoles addObject: SOGoRole_None];
+
+ [self _commitRoles: newRoles forUID: uid forObject: objectPath];
+}
+
+/* acls */
+- (NSArray *) aclUsers
+{
+ return [self aclUsersForObjectAtPath: [self pathArrayToSoObject]];
+}
+
+- (NSArray *) aclsForUser: (NSString *) uid
+{
+ NSMutableArray *acls;
+ NSArray *ownAcls, *containerAcls;
+
+ acls = [NSMutableArray array];
+ ownAcls = [self aclsForUser: uid
+ forObjectAtPath: [self pathArrayToSoObject]];
+ [acls addObjectsFromArray: ownAcls];
+ if ([container respondsToSelector: @selector (aclsForUser:)])
+ {
+ containerAcls = [container aclsForUser: uid];
+ if ([containerAcls count] > 0)
+ {
+ if ([containerAcls containsObject: SOGoRole_ObjectReader])
+ [acls addObject: SOGoRole_ObjectViewer];
+#warning this should be checked
+ if ([containerAcls containsObject: SOGoRole_ObjectEraser])
+ [acls addObject: SOGoRole_ObjectEraser];
+ }
+ }
+
+ return acls;
+}
+
+- (void) setRoles: (NSArray *) roles
+ forUser: (NSString *) uid
+{
+ return [self setRoles: roles
+ forUser: uid
+ forObjectAtPath: [self pathArrayToSoObject]];
+}
+
+- (void) removeAclsForUsers: (NSArray *) users
+{
+ return [self removeAclsForUsers: users
+ forObjectAtPath: [self pathArrayToSoObject]];
+}
+
+- (NSString *) defaultUserID
+{
+ return defaultUserID;
+}
+
+- (NSString *) httpURLForAdvisoryToUser: (NSString *) uid
+{
+ return [[self soURL] absoluteString];
+}
+
+- (NSString *) resourceURLForAdvisoryToUser: (NSString *) uid
+{
+ return [[self davURL] absoluteString];
+}
+