Added PermissionDeniedException class. Throw this on failed auth attempts (stil…

…l needed for service doc but in place for general services.) Added header for HTTP Basic Auth on failure. Committed by: Paul Barrett

Added PermissionDeniedException class. Throw this on failed auth attempts (stil…
…l needed for service doc but in place for general services.) Added header for HTTP Basic Auth on failure. Committed by: Paul Barrett
Paul Barrett
1 parent 07800ae6
Showing 10 changed files with 313 additions and 155 deletions
lib/api/ktcmis/exceptions/PermissionDeniedException.inc.php
lib/api/ktcmis/ktcmis.inc.php
lib/api/ktcmis/services/CMISObjectService.inc.php
webservice/atompub/cmis/KT_cmis_atom_server.services.inc.php
webservice/atompub/cmis/KT_cmis_atom_service_helper.inc.php
webservice/classes/atompub/KT_atom_server.inc.php
webservice/classes/atompub/KT_atom_service.inc.php
webservice/classes/atompub/cmis/KT_cmis_atom_server.inc.php
webservice/classes/atompub/cmis/KT_cmis_atom_service.inc.php
webservice/classes/atompub/cmis/KT_cmis_atom_serviceDoc.inc.php
+<?php
+
+class PermissionDeniedException extends Exception {
+
+}
+
+?>
@@ -52,12 +52,14 @@ require_once(realpath(dirname(__FILE__) . &#39;/../../../config/dmsDefaults.php&#39;));
 require_once(KT_DIR . '/ktapi/ktapi.inc.php');
  
 define ('CMIS_DIR', KT_LIB_DIR . '/api/ktcmis');
+require_once(CMIS_DIR . '/exceptions/PermissionDeniedException.inc.php');
 require_once(CMIS_DIR . '/services/CMISRepositoryService.inc.php');
 require_once(CMIS_DIR . '/services/CMISNavigationService.inc.php');
 require_once(CMIS_DIR . '/services/CMISObjectService.inc.php');
 require_once(CMIS_DIR . '/util/CMISUtil.inc.php');
  
 /**
+ * Base class for all KT CMIS classes
  * Handles authentication
  */
 class KTCMISBase {
@@ -67,6 +69,11 @@ class KTCMISBase {
     static protected $ktapi;
     static protected $session;
  
+//    public function __construct($username = null, $password = null)
+//    {
+//        $this->startSession($username, $password);
+//    }
+
     // TODO try to pick up existing session if possible, i.e. if the $session value is not empty
     public function startSession($username, $password)
     {
@@ -85,6 +92,12 @@ class KTCMISBase {
             self::$ktapi = new KTAPI();
             self::$session =& self::$ktapi->start_session($username, $password);
         }
+
+        // failed authentication?
+        if (PEAR::isError(self::$session))
+        {
+            throw new PermissionDeniedException('You must be authenticated to perform this action');
+        }
  
 //        print_r(self::$ktapi);
         return self::$session;
@@ -181,7 +194,7 @@ class KTRepositoryService extends KTCMISBase {
      * @param string $repositoryId
      */
     public function getTypes($repositoryId, $typeId = '', $returnPropertyDefinitions = false,
-                      $maxItems = 0, $skipCount = 0, &$hasMoreItems = false)
+                             $maxItems = 0, $skipCount = 0, &$hasMoreItems = false)
     {
         try {
             $repositoryObjectTypeResult = $this->RepositoryService->getTypes($repositoryId, $typeId, $returnPropertyDefinitions,
@@ -166,6 +166,12 @@ class CMISObjectService {
             $properties['name'] = $properties['title'];
         }
  
+        // TODO if name is blank! throw another exception (check type) - using invalidArgument Exception for now
+        if (trim($properties['name']) == '')
+        {
+            throw new InvalidArgumentException('Refusing to create an un-named document');
+        }
+
         // TODO also set to Default if a non-supported type is submitted
         if ($properties['type'] == '')
         {
@@ -262,10 +268,10 @@ class CMISObjectService {
             throw new ConstraintViolationException('Parent folder may not hold objects of this type (' . $typeId . ')');
         }
  
-        // TODO if name is blank! throw another exception (check type) - using RuntimeException for now
+        // TODO if name is blank! throw another exception (check type) - using invalidArgument Exception for now
         if (trim($properties['name']) == '')
         {
-            throw new RuntimeException('Refusing to create an un-named folder');
+            throw new InvalidArgumentException('Refusing to create an un-named folder');
         }
  
         $response = $this->ktapi->create_folder((int)$folderId, $properties['name'], $sig_username = '', $sig_password = '', $reason = '');
@@ -5,7 +5,7 @@ include_once CMIS_ATOM_LIB_FOLDER . &#39;NavigationService.inc.php&#39;;
 include_once CMIS_ATOM_LIB_FOLDER . 'ObjectService.inc.php';
 include_once 'KT_cmis_atom_service_helper.inc.php';
  
-// TODO response if failed auth, need generic response which can be used by all code
+// TODO auth failed response requires WWW-Authenticate: Basic realm="KnowledgeTree DMS" header
  
 /**
  * AtomPub Service: folder
@@ -13,12 +13,22 @@ include_once &#39;KT_cmis_atom_service_helper.inc.php&#39;;
  * Returns children, descendants (up to arbitrary depth) or detail for a particular folder
  *
  */
-class KT_cmis_atom_service_folder extends KT_cmis_atom_service
-{
-	public function GET_action()
+class KT_cmis_atom_service_folder extends KT_cmis_atom_service {
+
+    public function GET_action()
     {
         $RepositoryService = new RepositoryService();
-        $RepositoryService->startSession(self::$authData['username'], self::$authData['password']);
+        try {
+            $RepositoryService->startSession(self::$authData['username'], self::$authData['password']);
+        }
+        catch (Exception $e)
+        {
+            $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+            $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+            $this->responseFeed = $feed;
+            return null;
+        }
+
         $repositories = $RepositoryService->getRepositories();
         $repositoryId = $repositories[0]['repositoryId'];
  
@@ -31,7 +41,6 @@ class KT_cmis_atom_service_folder extends KT_cmis_atom_service
             $folderId = CMISUtil::encodeObjectId('Folder', 1);
             $folderName = urldecode($this->params[0]);
         }
-        // this is a bit of a hack, but then it's to accomodate a bit of a hack to work with the knowledgetree/drupal cmis modules...
         else if ($this->params[0] == 'path')
         {
             $ktapi =& $RepositoryService->getInterface();
@@ -41,43 +50,84 @@ class KT_cmis_atom_service_folder extends KT_cmis_atom_service
         {
             $folderId = $this->params[0];
             $ObjectService = new ObjectService();
-            $ObjectService->startSession(self::$authData['username'], self::$authData['password']);
+
+            try {
+                $ObjectService->startSession(self::$authData['username'], self::$authData['password']);
+            }
+            catch (Exception $e)
+            {
+                $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+                $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+                $this->responseFeed = $feed;
+                return null;
+            }
+
             $cmisEntry = $ObjectService->getProperties($repositoryId, $folderId, false, false);
             $folderName = $cmisEntry['properties']['Name']['value'];
-//            $feed = $this->getFolderChildrenFeed($NavigationService, $repositoryId, $newObjectId, $cmisEntry['properties']['Name']['value']);
+        //            $feed = $this->getFolderChildrenFeed($NavigationService, $repositoryId, $newObjectId, $cmisEntry['properties']['Name']['value']);
         }
  
         if (!empty($this->params[1]) && (($this->params[1] == 'children') || ($this->params[1] == 'descendants')))
         {
             $NavigationService = new NavigationService();
-            $NavigationService->startSession(self::$authData['username'], self::$authData['password']);
+
+            try {
+                $NavigationService->startSession(self::$authData['username'], self::$authData['password']);
+            }
+            catch (Exception $e)
+            {
+                $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+                $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+                $this->responseFeed = $feed;
+                return null;
+            }
  
             $feed = $this->getFolderChildrenFeed($NavigationService, $repositoryId, $folderId, $folderName, $this->params[1]);
         }
         else
         {
             $ObjectService = new ObjectService();
-            $ObjectService->startSession(self::$authData['username'], self::$authData['password']);
+
+            try {
+                $ObjectService->startSession(self::$authData['username'], self::$authData['password']);
+            }
+            catch (Exception $e)
+            {
+                $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+                $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+                $this->responseFeed = $feed;
+                return null;
+            }
  
             $feed = $this->getFolderFeed($ObjectService, $repositoryId, $folderId);
         }
  
-		//Expose the responseFeed
-		$this->responseFeed = $feed;
-	}
-    
-	public function POST_action()
+        //Expose the responseFeed
+        $this->responseFeed = $feed;
+    }
+
+    public function POST_action()
     {
-//        $username = $password = 'admin';
         $RepositoryService = new RepositoryService();
-        $RepositoryService->startSession(self::$authData['username'], self::$authData['password']);
+
+        try {
+            $RepositoryService->startSession(self::$authData['username'], self::$authData['password']);
+        }
+        catch (Exception $e)
+        {
+            $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+            $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+            $this->responseFeed = $feed;
+            return null;
+        }
+
         $repositories = $RepositoryService->getRepositories();
         $repositoryId = $repositories[0]['repositoryId'];
  
         $folderId = $this->params[0];
         $title = KT_cmis_atom_service_helper::getAtomValues($this->parsedXMLContent['@children'], 'title');
         $summary = KT_cmis_atom_service_helper::getAtomValues($this->parsedXMLContent['@children'], 'summary');
-        
+
         $properties = array('name' => $title, 'summary' => $summary);
  
         // determine whether this is a folder or a document create
@@ -109,7 +159,18 @@ class KT_cmis_atom_service_folder extends KT_cmis_atom_service
                                                                                                       [0]['@children']);
  
         $ObjectService = new ObjectService();
-        $ObjectService->startSession(self::$authData['username'], self::$authData['password']);
+
+        try {
+            $ObjectService->startSession(self::$authData['username'], self::$authData['password']);
+        }
+        catch (Exception $e)
+        {
+            $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+            $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+            $this->responseFeed = $feed;
+            return null;
+        }
+
         if ($type == 'folder')
             $newObjectId = $ObjectService->createFolder($repositoryId, ucwords($cmisObjectProperties['ObjectTypeId']), $properties, $folderId);
         else
@@ -127,22 +188,30 @@ class KT_cmis_atom_service_folder extends KT_cmis_atom_service
             else
             {
                 $NavigationService = new NavigationService();
-                $NavigationService->startSession(self::$authData['username'], self::$authData['password']);
+
+                try {
+                    $NavigationService->startSession(self::$authData['username'], self::$authData['password']);
+                }
+                catch (Exception $e)
+                {
+                    $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+                    $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+                    $this->responseFeed = $feed;
+                    return null;
+                }
+
                 $cmisEntry = $ObjectService->getProperties($repositoryId, $folderId, false, false);
                 $feed = $this->getFolderChildrenFeed($NavigationService, $repositoryId, $folderId, $cmisEntry['properties']['Name']['value']);
             }
         }
         else
         {
-            $this->setStatus(self::STATUS_SERVER_ERROR);
-            $feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, 'Error: ' . self::STATUS_SERVER_ERROR);
-            $entry = $feed->newEntry();
-            $feed->newField('error', $newObjectId['message'], $entry);
+            $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_SERVER_ERROR, $newObjectId['message']);
         }
  
         //Expose the responseFeed
-		$this->responseFeed = $feed;
-	}
+        $this->responseFeed = $feed;
+    }
  
     /**
      * Retrieves children/descendants of the specified folder
@@ -169,7 +238,7 @@ class KT_cmis_atom_service_folder extends KT_cmis_atom_service
         }
  
         // $baseURI=NULL,$title=NULL,$link=NULL,$updated=NULL,$author=NULL,$id=NULL
-		$feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, $folderName . ' ' . ucwords($feedType), null, null, null,
+        $feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, $folderName . ' ' . ucwords($feedType), null, null, null,
                                               'urn:uuid:' . $folderName . '-' . $feedType);
  
         foreach($entries as $cmisEntry)
@@ -200,14 +269,15 @@ class KT_cmis_atom_service_folder extends KT_cmis_atom_service
  
         $feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, $cmisEntry['properties']['ObjectTypeId']['value'], null, null, null,
                                               'urn:uuid:' . $cmisEntry['properties']['ObjectId']['value']);
-        
+
         KT_cmis_atom_service_helper::createObjectEntry($feed, $cmisEntry, $folderName);
-//        // <cmis:hasMoreItems>false</cmis:hasMoreItems>
-//        // global $folderFeed;
-//        // $outputs =
+        //        // <cmis:hasMoreItems>false</cmis:hasMoreItems>
+        //        // global $folderFeed;
+        //        // $outputs =
  
         return $feed;
     }
+
 }
  
 /**
@@ -216,15 +286,22 @@ class KT_cmis_atom_service_folder extends KT_cmis_atom_service
  * Returns a list of supported object types
  *
  */
-class KT_cmis_atom_service_types extends KT_cmis_atom_service
-{
-	public function GET_action()
+class KT_cmis_atom_service_types extends KT_cmis_atom_service {
+
+    public function GET_action()
     {
-//        $username = $password = 'admin';
         $RepositoryService = new RepositoryService();
-        // technically do not need to log in to access this information
-        // TODO consider requiring authentication even to access basic repository information
-        $RepositoryService->startSession(self::$authData['username'], self::$authData['password']);
+
+        try {
+            $RepositoryService->startSession(self::$authData['username'], self::$authData['password']);
+        }
+        catch (Exception $e)
+        {
+            $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+            $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+            $this->responseFeed = $feed;
+            return null;
+        }
  
         // fetch repository id
         $repositories = $RepositoryService->getRepositories();
@@ -234,9 +311,10 @@ class KT_cmis_atom_service_types extends KT_cmis_atom_service
         $type = ((empty($this->params[0])) ? 'all' : $this->params[0]);
         $feed = KT_cmis_atom_service_helper::getTypeFeed($type, $types);
  
-		//Expose the responseFeed
-		$this->responseFeed = $feed;
-	}
+        //Expose the responseFeed
+        $this->responseFeed = $feed;
+    }
+    
 }
  
 /**
@@ -245,42 +323,48 @@ class KT_cmis_atom_service_types extends KT_cmis_atom_service
  * Returns the type defintion for the selected type
  *
  */
-class KT_cmis_atom_service_type extends KT_cmis_atom_service
-{
-	public function GET_action()
+class KT_cmis_atom_service_type extends KT_cmis_atom_service {
+
+    public function GET_action()
     {
-//        $username = $password = 'admin';
         $RepositoryService = new RepositoryService();
-        // technically do not need to log in to access this information
-        // TODO consider requiring authentication even to access basic repository information
-        $RepositoryService->startSession(self::$authData['username'], self::$authData['password']);
+
+        try {
+            $RepositoryService->startSession(self::$authData['username'], self::$authData['password']);
+        }
+        catch (Exception $e)
+        {
+            $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+            $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+            $this->responseFeed = $feed;
+            return null;
+        }
  
         // fetch repository id
         $repositories = $RepositoryService->getRepositories();
         $repositoryId = $repositories[0]['repositoryId'];
-        
-        if (!isset($this->params[1]))
-        {
-            // For easier return in the wanted format, we call getTypes instead of getTypeDefinition.
-            // Calling this with a single type specified returns an array containing the definition of
-            // just the requested type.
-            // NOTE could maybe be more efficient to call getTypeDefinition direct and then place in
-            //      an array on this side?  or directly expose the individual entry response code and
-            //      call directly from here rather than via getTypeFeed.
+
+        if (!isset($this->params[1])) {
+        // For easier return in the wanted format, we call getTypes instead of getTypeDefinition.
+        // Calling this with a single type specified returns an array containing the definition of
+        // just the requested type.
+        // NOTE could maybe be more efficient to call getTypeDefinition direct and then place in
+        //      an array on this side?  or directly expose the individual entry response code and
+        //      call directly from here rather than via getTypeFeed.
             $type = ucwords($this->params[0]);
             $types = $RepositoryService->getTypes($repositoryId, $type);
             $feed = KT_cmis_atom_service_helper::getTypeFeed($type, $types);
         }
-        else
-        {
-            // TODO dynamic dates, as needed everywhere
-            // NOTE children of types not yet implemented and we don't support any non-basic types at this time
+        else {
+        // TODO dynamic dates, as needed everywhere
+        // NOTE children of types not yet implemented and we don't support any non-basic types at this time
             $feed = $this->getTypeChildrenFeed($this->params[1]);
         }
  
-		//Expose the responseFeed
-		$this->responseFeed=$feed;
-	}
+        //Expose the responseFeed
+        $this->responseFeed=$feed;
+    }
+
     /**
      * Retrieves a list of child types for the supplied type
      *
@@ -292,10 +376,10 @@ class KT_cmis_atom_service_type extends KT_cmis_atom_service
      */
     private function getTypeChildrenFeed()
     {
-		//Create a new response feed
-        // $baseURI=NULL,$title=NULL,$link=NULL,$updated=NULL,$author=NULL,$id=NULL
-		$feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, 'Child Types of ' . ucwords($this->params[0]), null, null, null,
-                                              $this->params[0] . '-children');
+    //Create a new response feed
+    // $baseURI=NULL,$title=NULL,$link=NULL,$updated=NULL,$author=NULL,$id=NULL
+        $feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, 'Child Types of ' . ucwords($this->params[0]), null, null, null,
+            $this->params[0] . '-children');
  
         // TODO actually fetch child types - to be implemented when we support child types in the API
  
@@ -316,8 +400,8 @@ class KT_cmis_atom_service_type extends KT_cmis_atom_service
         // TODO actual dynamic listing, currently we have no objects with which to test
  
         // TODO
-//        <updated>2009-06-23T13:40:32.786+02:00</updated>
-//        <cmis:hasMoreItems>false</cmis:hasMoreItems>
+        //        <updated>2009-06-23T13:40:32.786+02:00</updated>
+        //        <cmis:hasMoreItems>false</cmis:hasMoreItems>
 /*
         // TODO need to create this dynamically now, will no longer work with static output
         $output = '<?xml version="1.0" encoding="UTF-8"?>
@@ -343,23 +427,31 @@ class KT_cmis_atom_service_type extends KT_cmis_atom_service
  *
  */
 // NOTE this is always an empty document, underlying API code still to be implemented
-class KT_cmis_atom_service_checkedout extends KT_cmis_atom_service
-{
-	public function GET_action()
+class KT_cmis_atom_service_checkedout extends KT_cmis_atom_service {
+
+    public function GET_action()
     {
-//        $username = $password = 'admin';
         $RepositoryService = new RepositoryService();
         $NavigationService = new NavigationService();
  
-        $NavigationService->startSession(self::$authData['username'], self::$authData['password']);
+        try {
+            $NavigationService->startSession(self::$authData['username'], self::$authData['password']);
+        }
+        catch (Exception $e)
+        {
+            $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+            $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+            $this->responseFeed = $feed;
+            return null;
+        }
  
         $repositories = $RepositoryService->getRepositories();
         $repositoryId = $repositories[0]['repositoryId'];
  
         $checkedout = $NavigationService->getCheckedoutDocs($repositoryId);
  
-		//Create a new response feed
-		$feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, 'Checked out Documents', null, null, null, 'urn:uuid:checkedout');
+        //Create a new response feed
+        $feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, 'Checked out Documents', null, null, null, 'urn:uuid:checkedout');
  
         foreach($checkedout as $document)
         {
@@ -382,9 +474,9 @@ class KT_cmis_atom_service_checkedout extends KT_cmis_atom_service
         $entry = null;
         $feed->newField('hasMoreItems', 'false', $entry, true);
  
-		//Expose the responseFeed
-		$this->responseFeed = $feed;
-	}
+        //Expose the responseFeed
+        $this->responseFeed = $feed;
+    }
  
 }
  
@@ -394,35 +486,45 @@ class KT_cmis_atom_service_checkedout extends KT_cmis_atom_service
  * Returns detail on a particular document
  *
  */
-class KT_cmis_atom_service_document extends KT_cmis_atom_service
-{
-	public function GET_action()
+class KT_cmis_atom_service_document extends KT_cmis_atom_service {
+
+    public function GET_action()
     {
-//        $username = $password = 'admin';
         $RepositoryService = new RepositoryService();
  
         $ObjectService = new ObjectService();
-        $ObjectService->startSession(self::$authData['username'], self::$authData['password']);
-        
+
+        try {
+            $ObjectService->startSession(self::$authData['username'], self::$authData['password']);
+        }
+        catch (Exception $e)
+        {
+            $this->headers[] = 'WWW-Authenticate: Basic realm="KnowledgeTree Secure Area"';
+            $feed = KT_cmis_atom_service_helper::getErrorFeed($this, self::STATUS_NOT_AUTHENTICATED, $e->getMessage());
+            $this->responseFeed = $feed;
+            return null;
+        }
+
         $repositories = $RepositoryService->getRepositories();
         $repositoryId = $repositories[0]['repositoryId'];
  
         $cmisEntry = $ObjectService->getProperties($repositoryId, $this->params[0], false, false);
  
         //Create a new response feed
-		$feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, $cmisEntry['properties']['ObjectTypeId']['value'], null, null, null,
-                                  'urn:uuid:' . $cmisEntry['properties']['ObjectId']['value']);
+        $feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, $cmisEntry['properties']['ObjectTypeId']['value'], null, null, null,
+                                              'urn:uuid:' . $cmisEntry['properties']['ObjectId']['value']);
  
         KT_cmis_atom_service_helper::createObjectEntry($feed, $cmisEntry, $cmisEntry['properties']['ParentId']['value']);
  
         // <cmis:hasMoreItems>false</cmis:hasMoreItems>
  
-//        global $docFeed;
-//        $output = $docFeed;
+        //        global $docFeed;
+        //        $output = $docFeed;
  
-		//Expose the responseFeed
-		$this->responseFeed=$feed;
-	}
+        //Expose the responseFeed
+        $this->responseFeed=$feed;
+    }
+    
 }
  
 $childrenFeed[] = '<?xml version="1.0" encoding="utf-8"?>
@@ -532,7 +634,7 @@ $childrenFeed[] = &#39;&lt;?xml version=&quot;1.0&quot; encoding=&quot;utf-8&quot;?&gt;
          </entry>
         </feed>';
  
-        $childrenFeed[] = '<?xml version="1.0" encoding="UTF-8"?>
+$childrenFeed[] = '<?xml version="1.0" encoding="UTF-8"?>
 <feed xmlns="http://www.w3.org/2005/Atom" xmlns:app="http://www.w3.org/2007/app" xmlns:cmis="http://www.cmis.org/2008/05" xmlns:alf="http://www.alfresco.org" xmlns:opensearch="http://a9.com/-/spec/opensearch/1.1/">
 <author><name>System</name></author>
 <generator version="3.0.0 (Stable 1526)">Alfresco (Labs)</generator>
@@ -112,7 +112,7 @@ class KT_cmis_atom_service_helper {
         }
  
         //Create a new response feed
-		$feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, $typesHeading, null, null, null, 'urn:uuid:' . $typesString);
+        $feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, $typesHeading, null, null, null, 'urn:uuid:' . $typesString);
  
         foreach($types as $type)
         {
@@ -157,6 +157,16 @@ class KT_cmis_atom_service_helper {
         return $feed;
     }
  
+    static public function getErrorFeed(&$service, $status, $message)
+    {
+        $service->setStatus($status);
+        $feed = new KT_cmis_atom_responseFeed(CMIS_APP_BASE_URI, 'Error: ' . $status);
+        $entry = $feed->newEntry();
+        $feed->newField('error', $message, $entry);
+
+        return $feed;
+    }
+
     /**
      * Fetches the CMIS objectId based on the path
      *
 <?php
-class KT_atom_server{
+class KT_atom_server {
+
+    public $output='';
 	protected $services=array();
 	protected $workspaceDetail=array();
 	protected $errors=array();
-	public $output='';
 	protected $queryArray=array();
 	protected $serviceName='';
 	protected $method='';
 	protected $workspace='';
-
+    protected $serviceObject = null;
  
 	public function __construct(){
 	}
@@ -3,11 +3,11 @@ class KT_atom_service{
 	const STATUS_OK					 = '200 OK';
 	const STATUS_NOT_FOUND			 = '204 No Content';
 	const STATUS_NOT_ALLOWED		 = '204 Not Allowed';
-	const STATUS_NOT_AUTHENTICATED	 = '204 Not Authenticated';
 	const STATUS_CREATED			 = '201 Created';
 	const STATUS_UPDATED			 = '200 Updated';
 	const STATUS_NOT_MODIFIED		 = '304 Not Modified';			// For use with ETag & If-None-Match headers.
 	const STATUS_BAD_REQUEST         = '400 Bad Request';           // Client issued a wrongly constructed request
+	const STATUS_NOT_AUTHENTICATED	 = '401 Not Authenticated';
 	const STATUS_PRECONDITION_FAILED = '412 Precondition Failed';   // Could not update document because another a newer version exist on the server than the one you are trying to update
 	const STATUS_SERVER_ERROR        = '500 Internal Server Error';	// Server encountered an error processing the request
  
@@ -56,6 +56,10 @@ class KT_atom_service{
 		$this->setStatus(KT_atom_service::STATUS_NOT_FOUND );
 	}
  
+    public function getHeaders()
+    {
+        return $this->headers;
+    }
  
 	public function render(){
 		return $this->responseFeed->render();
@@ -119,6 +119,24 @@ class KT_cmis_atom_server extends KT_atom_server {
 		return false;
 	}
  
+    // TODO we probably want this version in the base class for auth purposes
+    public function render()
+    {
+		ob_end_clean();
+        // possible additional headers, e.g. basic auth request
+        // FIXME this won't work with the service document as no service object exists
+        if (!is_null($this->serviceObject))
+        {
+            $headers = $this->serviceObject->getHeaders();
+            foreach ($headers as $header)
+            {
+                header($header);
+            }
+        }
+		header('Content-type: text/xml');
+        echo $this->output;
+	}
+
 }
  
 ?>
 \ No newline at end of file
@@ -10,17 +10,12 @@ class KT_cmis_atom_service extends KT_atom_service {
  
     protected function parseHeaders()
     {
-//        echo "PARSE HEADERS\n";
         parent::parseHeaders();
-//        echo "CHECKING HEADERS\n";
-//        print_r($this->headers);
-//        print_r($_SERVER);
         // attempt to fetch auth info from supplied headers
         if (!empty($this->headers['Authorization']))
         {
             $auth = base64_decode(preg_replace('/Basic */', '', $this->headers['Authorization']));
             $authData = explode(':', $auth);
-//            print_r($authData);
             self::$authData['username'] = $authData[0];
             self::$authData['password'] = $authData[1];
         }
@@ -32,7 +32,7 @@
  * logo is not reasonably feasible for technical reasons, the Appropriate Legal Notices
  * must display the words "Powered by KnowledgeTree" and retain the original
  * copyright notice.
- * Contributor( s): 
+ * Contributor( s):
  * 				Mark Holtzhausen <mark@knowledgetree.com>
  * 				Paul Barrett <paul@knowledgetree.com>
  *
@@ -47,13 +47,13 @@ include_once(KT_ATOM_LIB_FOLDER.&#39;KT_atom_serviceDoc.inc.php&#39;);
  
 class KT_cmis_atom_serviceDoc extends KT_atom_serviceDoc {
  
-    // override and extend as needed
+// override and extend as needed
  
     public $repositoryInfo = array();
  
     public function __construct($baseURI = NULL)
     {
-		parent::__construct();
+        parent::__construct();
  
         // get repositoryInfo
         // NOTE currently we only support one repository, which will be the first one found in the repositories.xml config
@@ -61,63 +61,65 @@ class KT_cmis_atom_serviceDoc extends KT_atom_serviceDoc {
  
         include 'services/cmis/RepositoryService.inc.php';
         $RepositoryService = new RepositoryService();
+        // TODO add auth requirement here, don't want to even supply service doc without auth
+//        $RepositoryService->startSession();
  
         // fetch data for response
         $repositories = $RepositoryService->getRepositories();
         // fetch for default first repo;  NOTE that this will probably have to change at some point, quick and dirty for now
         $this->repositoryInfo = $RepositoryService->getRepositoryInfo($repositories[0]['repositoryId']);
-	}
-	
-	protected function constructServiceDocumentHeaders()
+    }
+
+    protected function constructServiceDocumentHeaders()
     {
-		$service = $this->newElement('service');
-		$service->appendChild($this->newAttr('xmlns', 'http://www.w3.org/2007/app'));
-		$service->appendChild($this->newAttr('xmlns:atom', 'http://www.w3.org/2005/Atom'));
+        $service = $this->newElement('service');
+        $service->appendChild($this->newAttr('xmlns', 'http://www.w3.org/2007/app'));
+        $service->appendChild($this->newAttr('xmlns:atom', 'http://www.w3.org/2005/Atom'));
         $service->appendChild($this->newAttr('xmlns:cmis', 'http://www.cmis.org/2008/05'));
         $this->service =& $service;
-		$this->DOM->appendChild($this->service);
-	}
-	
-	public function &newCollection($url = NULL, $title = NULL, $cmisCollectionType = NULL, &$ws = NULL)
+        $this->DOM->appendChild($this->service);
+    }
+
+    public function &newCollection($url = NULL, $title = NULL, $cmisCollectionType = NULL, &$ws = NULL)
     {
-		$collection=$this->newElement('collection');
-		$collection->appendChild($this->newAttr('href', $url));
-		$collection->appendChild($this->newAttr('cmis:collectionType', $cmisCollectionType));
-		$collection->appendChild($this->newElement('atom:title', $title));
-		if(isset($ws))$ws->appendChild($collection);
-		return $collection;
-	}
-	
+        $collection=$this->newElement('collection');
+        $collection->appendChild($this->newAttr('href', $url));
+        $collection->appendChild($this->newAttr('cmis:collectionType', $cmisCollectionType));
+        $collection->appendChild($this->newElement('atom:title', $title));
+        if(isset($ws))$ws->appendChild($collection);
+        return $collection;
+    }
+
 }
  
 /**
-<?xml version="1.0" encoding="utf-8"?>
-<service xmlns="http://www.w3.org/2007/app" xmlns:atom="http://www.w3.org/2005/Atom">
-  <workspace>
-    <atom:title>Main Site</atom:title>
-    <collection href="http://example.org/blog/main" >
-      <atom:title>My Blog Entries</atom:title>
-      <categories href="http://example.com/cats/forMain.cats" />
-    </collection>
-    <collection href="http://example.org/blog/pic" >
-      <atom:title>Pictures</atom:title>
-      <accept>image/png</accept>
-      <accept>image/jpeg</accept>
-      <accept>image/gif</accept>
-    </collection>
-  </workspace>
-  <workspace>
-    <atom:title>Sidebar Blog</atom:title>
-    <collection href="http://example.org/sidebar/list" >
-      <atom:title>Remaindered Links</atom:title>
-      <accept>application/atom+xml;type=entry</accept>
-      <categories fixed="yes">
-        <atom:category scheme="http://example.org/extra-cats/" term="joke" />
-        <atom:category scheme="http://example.org/extra-cats/" term="serious" />
-      </categories>
-    </collection>
-  </workspace>
-</service>
+ <?xml version="1.0" encoding="utf-8"?>
+ <service xmlns="http://www.w3.org/2007/app" xmlns:atom="http://www.w3.org/2005/Atom">
+ <workspace>
+ <atom:title>Main Site</atom:title>
+ <collection href="http://example.org/blog/main" >
+ <atom:title>My Blog Entries</atom:title>
+ <categories href="http://example.com/cats/forMain.cats" />
+ </collection>
+ <collection href="http://example.org/blog/pic" >
+ <atom:title>Pictures</atom:title>
+ <accept>image/png</accept>
+ <accept>image/jpeg</accept>
+ <accept>image/gif</accept>
+ </collection>
+ </workspace>
+ <workspace>
+ <atom:title>Sidebar Blog</atom:title>
+ <collection href="http://example.org/sidebar/list" >
+ <atom:title>Remaindered Links</atom:title>
+ <accept>application/atom+xml;type=entry</accept>
+ <categories fixed="yes">
+ <atom:category scheme="http://example.org/extra-cats/" term="joke" />
+ <atom:category scheme="http://example.org/extra-cats/" term="serious" />
+ </categories>
+ </collection>
+ </workspace>
+ </service>
  
  */