Revision: 879 http://trac.macosforge.org/projects/calendarserver/changeset/879 Author: cdaboo@apple.com Date: 2006-12-20 23:11:01 -0800 (Wed, 20 Dec 2006) Log Message: ----------- Provision default ACLs for calendar user proxies. Modified Paths: -------------- CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/directory/calendar.py CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/schedule.py Modified: CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/directory/calendar.py =================================================================== --- CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/directory/calendar.py 2006-12-21 07:04:38 UTC (rev 878) +++ CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/directory/calendar.py 2006-12-21 07:11:01 UTC (rev 879) @@ -256,7 +256,7 @@ # See DirectoryPrincipalProvisioningResource.__init__() myPrincipal = self._parent._parent.directory.principalCollection.principalForRecord(self.record) - return davxml.ACL( + aces = ( # DAV:read access for authenticated users. davxml.ACE( davxml.Principal(davxml.Authenticated()), @@ -270,7 +270,27 @@ TwistedACLInheritable(), ), ) + + if config.CalendarUserProxyEnabled: + aces += ( + # DAV:read access for this principal's calendar-proxy-read users. + davxml.ACE( + davxml.Principal(davxml.HRef(joinURL(myPrincipal.principalURL(), "calendar-proxy-read"))), + davxml.Grant(davxml.Privilege(davxml.Read())), + davxml.Protected(), + TwistedACLInheritable(), + ), + # DAV:read/DAV:write access for this principal's calendar-proxy-write users. + davxml.ACE( + davxml.Principal(davxml.HRef(joinURL(myPrincipal.principalURL(), "calendar-proxy-write"))), + davxml.Grant(davxml.Privilege(davxml.Read()), davxml.Privilege(davxml.Write())), + davxml.Protected(), + TwistedACLInheritable(), + ), + ) + return davxml.ACL(*aces) + def principalCollections(self): return self._parent.principalCollections() Modified: CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/schedule.py =================================================================== --- CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/schedule.py 2006-12-21 07:04:38 UTC (rev 878) +++ CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/schedule.py 2006-12-21 07:11:01 UTC (rev 879) @@ -41,6 +41,7 @@ from twistedcaldav import itip from twistedcaldav.resource import CalDAVResource from twistedcaldav.caldavxml import caldav_namespace, TimeRange +from twistedcaldav.config import config from twistedcaldav.ical import Component from twistedcaldav.method import report_common from twistedcaldav.method.put_common import storeCalendarObjectResource @@ -85,6 +86,7 @@ ) def defaultAccessControlList(self): + return davxml.ACL( # CalDAV:schedule for any authenticated user davxml.ACE( @@ -101,6 +103,26 @@ Extends L{DAVResource} to provide CalDAV functionality. """ + + def defaultAccessControlList(self): + + if config.CalendarUserProxyEnabled: + # FIXME: directory.principalCollection smells like a hack + # See DirectoryPrincipalProvisioningResource.__init__() + myPrincipal = self._parent._parent._parent.directory.principalCollection.principalForRecord(self.record) + + return davxml.ACL( + # CalDAV:schedule for any authenticated user + davxml.ACE( + davxml.Principal(davxml.HRef(joinURL(myPrincipal.principalURL(), "calendar-proxy-write"))), + davxml.Grant( + davxml.Privilege(caldavxml.Schedule()), + ), + ), + ) + else: + return super(ScheduleOutboxResource, self).defaultAccessControlList() + def resourceType(self): return davxml.ResourceType( davxml.ResourceType.collection,