[CalendarServer-changes] [879] CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav

source_changes at macosforge.org source_changes at macosforge.org
Wed Dec 20 23:11:01 PST 2006


Revision: 879
          http://trac.macosforge.org/projects/calendarserver/changeset/879
Author:   cdaboo at apple.com
Date:     2006-12-20 23:11:01 -0800 (Wed, 20 Dec 2006)

Log Message:
-----------
Provision default ACLs for calendar user proxies.

Modified Paths:
--------------
    CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/directory/calendar.py
    CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/schedule.py

Modified: CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/directory/calendar.py
===================================================================
--- CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/directory/calendar.py	2006-12-21 07:04:38 UTC (rev 878)
+++ CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/directory/calendar.py	2006-12-21 07:11:01 UTC (rev 879)
@@ -256,7 +256,7 @@
         # See DirectoryPrincipalProvisioningResource.__init__()
         myPrincipal = self._parent._parent.directory.principalCollection.principalForRecord(self.record)
 
-        return davxml.ACL(
+        aces = (
             # DAV:read access for authenticated users.
             davxml.ACE(
                 davxml.Principal(davxml.Authenticated()),
@@ -270,7 +270,27 @@
                 TwistedACLInheritable(),
             ),
         )
+        
+        if config.CalendarUserProxyEnabled:
+            aces += (
+                # DAV:read access for this principal's calendar-proxy-read users.
+                davxml.ACE(
+                    davxml.Principal(davxml.HRef(joinURL(myPrincipal.principalURL(), "calendar-proxy-read"))),
+                    davxml.Grant(davxml.Privilege(davxml.Read())),
+                    davxml.Protected(),
+                    TwistedACLInheritable(),
+                ),
+                # DAV:read/DAV:write access for this principal's calendar-proxy-write users.
+                davxml.ACE(
+                    davxml.Principal(davxml.HRef(joinURL(myPrincipal.principalURL(), "calendar-proxy-write"))),
+                    davxml.Grant(davxml.Privilege(davxml.Read()), davxml.Privilege(davxml.Write())),
+                    davxml.Protected(),
+                    TwistedACLInheritable(),
+                ),
+            )
 
+        return davxml.ACL(*aces)
+
     def principalCollections(self):
         return self._parent.principalCollections()
 

Modified: CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/schedule.py
===================================================================
--- CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/schedule.py	2006-12-21 07:04:38 UTC (rev 878)
+++ CalendarServer/branches/users/cdaboo/cuproxy-857/twistedcaldav/schedule.py	2006-12-21 07:11:01 UTC (rev 879)
@@ -41,6 +41,7 @@
 from twistedcaldav import itip
 from twistedcaldav.resource import CalDAVResource
 from twistedcaldav.caldavxml import caldav_namespace, TimeRange
+from twistedcaldav.config import config
 from twistedcaldav.ical import Component
 from twistedcaldav.method import report_common
 from twistedcaldav.method.put_common import storeCalendarObjectResource
@@ -85,6 +86,7 @@
         )
 
     def defaultAccessControlList(self):
+        
         return davxml.ACL(
             # CalDAV:schedule for any authenticated user
             davxml.ACE(
@@ -101,6 +103,26 @@
 
     Extends L{DAVResource} to provide CalDAV functionality.
     """
+
+    def defaultAccessControlList(self):
+        
+        if config.CalendarUserProxyEnabled:
+            # FIXME: directory.principalCollection smells like a hack
+            # See DirectoryPrincipalProvisioningResource.__init__()
+            myPrincipal = self._parent._parent._parent.directory.principalCollection.principalForRecord(self.record)
+    
+            return davxml.ACL(
+                # CalDAV:schedule for any authenticated user
+                davxml.ACE(
+                    davxml.Principal(davxml.HRef(joinURL(myPrincipal.principalURL(), "calendar-proxy-write"))),
+                    davxml.Grant(
+                        davxml.Privilege(caldavxml.Schedule()),
+                    ),
+                ),
+            )
+        else:
+            return super(ScheduleOutboxResource, self).defaultAccessControlList()
+
     def resourceType(self):
         return davxml.ResourceType(
             davxml.ResourceType.collection,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20061220/30b923f0/attachment.html


More information about the calendarserver-changes mailing list