Add WebDAV support with user folderOnly restrictions

src/webdav/CurrentUser.php

@@ -0,0 +1,16 @@
+<?php
+// src/webdav/CurrentUser.php
+namespace FileRise\WebDAV;
+
+/**
+ * Singleton holder for the current WebDAV username.
+ */
+class CurrentUser {
+    private static string $user = 'Unknown';
+    public static function set(string $u): void {
+        self::$user = $u;
+    }
+    public static function get(): string {
+        return self::$user;
+    }
+}

src/webdav/FileRiseDirectory.php

@@ -0,0 +1,110 @@
+<?php
+namespace FileRise\WebDAV;
+
+// Bootstrap constants and models
+require_once __DIR__ . '/../../config/config.php';      // UPLOAD_DIR, META_DIR, DATE_TIME_FORMAT
+require_once __DIR__ . '/../../vendor/autoload.php';    // SabreDAV
+require_once __DIR__ . '/../../src/models/FolderModel.php';
+require_once __DIR__ . '/../../src/models/FileModel.php';
+require_once __DIR__ . '/FileRiseFile.php';
+
+use Sabre\DAV\ICollection;
+use Sabre\DAV\INode;
+use Sabre\DAV\Exception\NotFound;
+use Sabre\DAV\Exception\Forbidden;
+use FileRise\WebDAV\FileRiseFile;
+use FolderModel;
+use FileModel;
+
+class FileRiseDirectory implements ICollection, INode {
+    private string $path;
+    private string $user;
+    private bool   $folderOnly;
+
+    /**
+     * @param string $path       Absolute filesystem path (no trailing slash)
+     * @param string $user       Authenticated username
+     * @param bool   $folderOnly If true, non‑admins only see $path/{user}
+     */
+    public function __construct(string $path, string $user, bool $folderOnly) {
+        $this->path       = rtrim($path, '/\\');
+        $this->user       = $user;
+        $this->folderOnly = $folderOnly;
+    }
+
+    // ── INode ───────────────────────────────────────────
+
+    public function getName(): string {
+        return basename($this->path);
+    }
+
+    public function getLastModified(): int {
+        return filemtime($this->path);
+    }
+
+    public function delete(): void {
+        throw new Forbidden('Cannot delete this node');
+    }
+
+    public function setName($name): void {
+        throw new Forbidden('Renaming not supported');
+    }
+
+    // ── ICollection ────────────────────────────────────
+
+    public function getChildren(): array {
+        $nodes = [];
+        foreach (new \DirectoryIterator($this->path) as $item) {
+            if ($item->isDot()) continue;
+            $full = $item->getPathname();
+            if ($item->isDir()) {
+                $nodes[] = new self($full, $this->user, $this->folderOnly);
+            } else {
+                $nodes[] = new FileRiseFile($full, $this->user);
+            }
+        }
+        // Apply folder‑only at the top level
+        if (
+            $this->folderOnly
+         && realpath($this->path) === realpath(rtrim(UPLOAD_DIR,'/\\'))
+        ) {
+            $nodes = array_filter($nodes, fn(INode $n)=> $n->getName() === $this->user);
+        }
+        return array_values($nodes);
+    }
+
+    public function childExists($name): bool {
+        return file_exists($this->path . DIRECTORY_SEPARATOR . $name);
+    }
+
+    public function getChild($name): INode {
+        $full = $this->path . DIRECTORY_SEPARATOR . $name;
+        if (!file_exists($full)) throw new NotFound("Not found: $name");
+        return is_dir($full)
+            ? new self($full, $this->user, $this->folderOnly)
+            : new FileRiseFile($full, $this->user);
+    }
+
+    public function createFile($name, $data = null): INode {
+        $full    = $this->path . DIRECTORY_SEPARATOR . $name;
+        $content = is_resource($data) ? stream_get_contents($data) : (string)$data;
+
+        // Compute folder‑key relative to UPLOAD_DIR
+        $rel      = substr($full, strlen(rtrim(UPLOAD_DIR,'/\\'))+1);
+        $parts    = explode('/', str_replace('\\','/',$rel));
+        $filename = array_pop($parts);
+        $folder   = empty($parts) ? 'root' : implode('/', $parts);
+
+        FileModel::saveFile($folder, $filename, $content, $this->user);
+        return new FileRiseFile($full, $this->user);
+    }
+
+    public function createDirectory($name): INode {
+        $full   = $this->path . DIRECTORY_SEPARATOR . $name;
+        $rel    = substr($full, strlen(rtrim(UPLOAD_DIR,'/\\'))+1);
+        $parent = dirname(str_replace('\\','/',$rel));
+        if ($parent === '.' || $parent === '/') $parent = '';
+        FolderModel::createFolder($name, $parent, $this->user);
+        return new self($full, $this->user, $this->folderOnly);
+    }
+}

src/webdav/FileRiseFile.php

@@ -0,0 +1,115 @@
+<?php
+// src/webdav/FileRiseFile.php
+
+namespace FileRise\WebDAV;
+
+require_once __DIR__ . '/../../config/config.php';
+require_once __DIR__ . '/../../vendor/autoload.php';
+require_once __DIR__ . '/../../src/models/FileModel.php';
+
+use Sabre\DAV\IFile;
+use Sabre\DAV\INode;
+use Sabre\DAV\Exception\Forbidden;
+use FileModel;
+
+class FileRiseFile implements IFile, INode {
+    private string $path;
+
+    public function __construct(string $path) {
+        $this->path = $path;
+    }
+
+    // ── INode ───────────────────────────────────────────
+
+    public function getName(): string {
+        return basename($this->path);
+    }
+
+    public function getLastModified(): int {
+        return filemtime($this->path);
+    }
+
+    public function delete(): void {
+        $base   = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR;
+        $rel    = substr($this->path, strlen($base));
+        $parts  = explode(DIRECTORY_SEPARATOR, $rel);
+        $file   = array_pop($parts);
+        $folder = empty($parts) ? 'root' : $parts[0];
+        FileModel::deleteFiles($folder, [$file]);
+    }
+
+    public function setName($newName): void {
+        throw new Forbidden('Renaming files not supported');
+    }
+
+    // ── IFile ───────────────────────────────────────────
+
+    public function get() {
+        return fopen($this->path, 'rb');
+    }
+
+    public function put($data): ?string {
+        // 1) Save incoming data
+        file_put_contents(
+            $this->path,
+            is_resource($data) ? stream_get_contents($data) : (string)$data
+        );
+
+        // 2) Update metadata with CurrentUser
+        $this->updateMetadata();
+
+        // 3) Flush to client fast
+        if (function_exists('fastcgi_finish_request')) {
+            fastcgi_finish_request();
+        }
+
+        return null; // no ETag
+    }
+
+    public function getSize(): int {
+        return filesize($this->path);
+    }
+
+    public function getETag(): string {
+        return '"' . md5($this->getLastModified() . $this->getSize()) . '"';
+    }
+
+    public function getContentType(): ?string {
+        return mime_content_type($this->path) ?: null;
+    }
+
+    // ── Metadata helper ───────────────────────────────────
+
+    private function updateMetadata(): void {
+        $base     = rtrim(UPLOAD_DIR, '/\\') . DIRECTORY_SEPARATOR;
+        $rel      = substr($this->path, strlen($base));
+        $parts    = explode(DIRECTORY_SEPARATOR, $rel);
+        $fileName = array_pop($parts);
+        $folder   = empty($parts) ? 'root' : $parts[0];
+
+        $metaFile = META_DIR
+            . ($folder === 'root'
+               ? 'root_metadata.json'
+               : str_replace(['/', '\\', ' '], '-', $folder) . '_metadata.json');
+
+        $metadata = [];
+        if (file_exists($metaFile)) {
+            $decoded = json_decode(file_get_contents($metaFile), true);
+            if (is_array($decoded)) {
+                $metadata = $decoded;
+            }
+        }
+
+        $now      = date(DATE_TIME_FORMAT);
+        $uploaded = $metadata[$fileName]['uploaded'] ?? $now;
+        $uploader = CurrentUser::get();
+
+        $metadata[$fileName] = [
+            'uploaded'  => $uploaded,
+            'modified'  => $now,
+            'uploader'  => $uploader,
+        ];
+
+        file_put_contents($metaFile, json_encode($metadata, JSON_PRETTY_PRINT));
+    }
+}