Revision
2088
Author
cdaboo@apple.com
Date
2008-01-02 14:23:31 -0800 (Wed, 02 Jan 2008)

Log Message

No X-CALENDARSERVER-ACCESS on Outbox POST.

Modified Paths

Diff

Modified: CalendarServer/branches/users/cdaboo/private_events-2081/twistedcaldav/ical.py (2087 => 2088)


--- CalendarServer/branches/users/cdaboo/private_events-2081/twistedcaldav/ical.py	2008-01-02 21:41:32 UTC (rev 2087)
+++ CalendarServer/branches/users/cdaboo/private_events-2081/twistedcaldav/ical.py	2008-01-02 22:23:31 UTC (rev 2088)
@@ -160,6 +160,21 @@
     """
     X{iCalendar} component.
     """
+
+    # Private Event access levels.
+    ACCESS_PROPERTY     = "X-CALENDARSERVER-ACCESS"
+    ACCESS_PUBLIC       = "PUBLIC"
+    ACCESS_PRIVATE      = "PRIVATE"
+    ACCESS_CONFIDENTIAL = "CONFIDENTIAL"
+    ACCESS_RESTRICTED   = "RESTRICTED"
+
+    accessMap = {
+        "PUBLIC"       : ACCESS_PUBLIC,
+        "PRIVATE"      : ACCESS_PRIVATE,
+        "CONFIDENTIAL" : ACCESS_CONFIDENTIAL,
+        "RESTRICTED"   : ACCESS_RESTRICTED,
+    }
+
     @classmethod
     def fromString(clazz, string):
         """
@@ -364,6 +379,18 @@
         
         return None
     
+    def accessLevel(self):
+        """
+        Return the access level for this component.
+        @return: the access level for the calendar data.
+        """
+        assert self.name() == "VCALENDAR", "Must be a VCALENDAR: %r" % (self,)
+        
+        access = self.propertyValue(Component.ACCESS_PROPERTY)
+        if access:
+            access = access.upper()
+        return Component.accessMap.get(access, Component.ACCESS_PUBLIC)
+    
     def duplicate(self):
         """
         Duplicate this object and all its contents.

Modified: CalendarServer/branches/users/cdaboo/private_events-2081/twistedcaldav/schedule.py (2087 => 2088)


--- CalendarServer/branches/users/cdaboo/private_events-2081/twistedcaldav/schedule.py	2008-01-02 21:41:32 UTC (rev 2087)
+++ CalendarServer/branches/users/cdaboo/private_events-2081/twistedcaldav/schedule.py	2008-01-02 22:23:31 UTC (rev 2088)
@@ -35,6 +35,7 @@
 from twisted.web2.dav.util import joinURL
 
 from twistedcaldav import caldavxml
+from twistedcaldav import customxml
 from twistedcaldav import itip
 from twistedcaldav import logging
 from twistedcaldav.resource import CalDAVResource
@@ -271,6 +272,11 @@
         if not calendar.isValidITIP():
             logging.err("POST request must have a calendar component that satisfies iTIP requirements: %s" % (calendar,), system="CalDAV Outbox POST")
             raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (caldav_namespace, "valid-calendar-data")))
+
+        # X-CALENDARSERVER-ACCESS is not allowed in Outbox POSTs
+        if calendar.hasProperty(Component.ACCESS_PROPERTY):
+            logging.err("X-CALENDARSERVER-ACCESS not allowed in a calendar component POST request: %s" % (calendar,), system="CalDAV Outbox POST")
+            raise HTTPError(ErrorResponse(responsecode.FORBIDDEN, (calendarserver_namespace, "no-access-restrictions")))
     
         # Verify that the ORGANIZER's cu address maps to the request.uri
         outboxURL = None