[CalendarServer-changes] [462]
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.
patch
source_changes at macosforge.org
source_changes at macosforge.org
Tue Nov 14 20:25:09 PST 2006
Revision: 462
http://trac.macosforge.org/projects/calendarserver/changeset/462
Author: wsanchez at apple.com
Date: 2006-11-14 20:25:08 -0800 (Tue, 14 Nov 2006)
Log Message:
-----------
revert r451
Modified Paths:
--------------
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch
Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch 2006-11-15 03:33:05 UTC (rev 461)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch 2006-11-15 04:25:08 UTC (rev 462)
@@ -1,17 +1,8 @@
-Index: twisted/web2/dav/resource.py
+Index: resource.py
===================================================================
---- twisted/web2/dav/resource.py (revision 18545)
-+++ twisted/web2/dav/resource.py (working copy)
-@@ -44,6 +44,8 @@
-
- from zope.interface import implements
- from twisted.python import log
-+from twisted.python.failure import Failure
-+from twisted.cred.error import UnauthorizedLogin
- from twisted.internet.defer import Deferred, maybeDeferred, succeed
- from twisted.internet.defer import waitForDeferred, deferredGenerator
- from twisted.internet import reactor
-@@ -130,6 +132,8 @@
+--- resource.py (revision 18545)
++++ resource.py (working copy)
+@@ -130,6 +130,8 @@
(dav_namespace, "acl-restrictions" ), # RFC 3744, section 5.6
(dav_namespace, "inherited-acl-set" ), # RFC 3744, section 5.7
(dav_namespace, "principal-collection-set" ), # RFC 3744, section 5.8
@@ -20,7 +11,7 @@
(twisted_dav_namespace, "resource-class"),
)
-@@ -166,6 +170,14 @@
+@@ -166,6 +168,14 @@
if qname[0] == twisted_private_namespace:
return succeed(False)
@@ -35,7 +26,7 @@
return succeed(qname in self.liveProperties or self.deadProperties().contains(qname))
def readProperty(self, property, request):
-@@ -286,7 +298,33 @@
+@@ -286,7 +296,33 @@
d.addCallback(gotACL)
return d
return ifAllowed((davxml.ReadACL(),), callback)
@@ -69,7 +60,7 @@
elif namespace == twisted_dav_namespace:
if name == "resource-class":
class ResourceClass (davxml.WebDAVTextElement):
-@@ -366,12 +404,26 @@
+@@ -366,12 +402,26 @@
# FIXME: A set would be better here, that that's a python 2.4+ feature.
qnames = list(self.liveProperties)
@@ -97,7 +88,7 @@
def listAllprop(self, request):
"""
Some DAV properties should not be returned to a C{DAV:allprop} query.
-@@ -509,6 +561,9 @@
+@@ -509,6 +559,9 @@
reactor.callLater(0, getChild)
def checkPrivileges(child):
@@ -107,7 +98,7 @@
if privileges is None:
return child
-@@ -517,14 +572,17 @@
+@@ -517,14 +570,17 @@
return d
def gotChild(child, childpath):
@@ -132,7 +123,7 @@
reactor.callLater(0, getChild)
-@@ -535,10 +593,10 @@
+@@ -535,10 +591,10 @@
completionDeferred.callback(None)
else:
childpath = joinURL(basepath, childname)
@@ -147,22 +138,16 @@
getChild()
-@@ -564,19 +622,21 @@
+@@ -564,7 +620,7 @@
See L{IDAVResource.authorize}.
"""
def onError(failure):
- log.err("Invalid authentication details: %s" % (request,))
-- raise HTTPError(UnauthorizedResponse(
-+ failure.trap(UnauthorizedLogin)
-+
-+ log.err("Authentication failed: %s" % (failure.value,))
-+ return Failure(HTTPError(UnauthorizedResponse(
++ log.err("Invalid authentication details: %s" % (failure,))
+ raise HTTPError(UnauthorizedResponse(
request.credentialFactories,
request.remoteAddr
-- ))
-+ )))
-
- def onAuth(result):
+@@ -574,9 +630,9 @@
def onErrors(failure):
failure.trap(AccessDeniedError)
@@ -174,17 +159,8 @@
response = UnauthorizedResponse(request.credentialFactories,
request.remoteAddr)
else:
-@@ -587,7 +647,7 @@
- # class is supposed to be a FORBIDDEN status code and
- # "Authorization will not help" according to RFC2616
- #
-- raise HTTPError(response)
-+ return Failure(HTTPError(response))
+@@ -600,16 +656,22 @@
- d = self.checkPrivileges(request, privileges, recurse)
- d.addErrback(onErrors)
-@@ -600,16 +660,22 @@
-
def authenticate(self, request):
def loginSuccess(result):
- request.user = result[1]
@@ -210,29 +186,28 @@
authHeader = request.headers.getHeader('authorization')
-@@ -625,9 +691,10 @@
+@@ -625,9 +687,11 @@
# Try to match principals in each principal collection on the resource
def gotDetails(details):
- principal = IDAVPrincipalResource(details[0])
- principalURI = details[1]
- return PrincipalCredentials(principal, principalURI, creds)
-+ authnPrincipal, authzPrincipal = details
-+ authnPrincipal = IDAVPrincipalResource(authnPrincipal)
-+ authzPrincipal = IDAVPrincipalResource(authzPrincipal)
-+ return PrincipalCredentials(authnPrincipal, authzPrincipal, creds)
++ authnPrincipal = IDAVPrincipalResource(details[0][0])
++ authnURI = details[0][1]
++ authzPrincipal = IDAVPrincipalResource(details[1][0])
++ authzURI = details[1][1]
++ return PrincipalCredentials(authnPrincipal, authnURI, authzPrincipal, authzURI, creds)
def login(pcreds):
d = request.portal.login(pcreds, None, *request.loginInterfaces)
-@@ -635,13 +702,15 @@
+@@ -635,13 +699,14 @@
return d
- d = self.findPrincipalForAuthID(request, creds.username)
-- d.addCallback(gotDetails).addCallback(login)
+ d = self.principalsForAuthID(request, creds.username)
-+ d.addCallback(gotDetails)
-+ d.addCallback(login)
+ d.addCallback(gotDetails).addCallback(login)
return d
else:
@@ -244,7 +219,7 @@
##
# ACL
-@@ -650,10 +719,10 @@
+@@ -650,10 +715,10 @@
def currentPrincipal(self, request):
"""
@param request: the request being processed.
@@ -258,7 +233,7 @@
else:
return unauthenticatedPrincipal
-@@ -666,32 +735,27 @@
+@@ -666,32 +731,26 @@
present on this resource, it tries to get it from the parent, unless it
is the root or has no parent.
"""
@@ -275,7 +250,6 @@
- principalCollections = []
+ myURL = request.urlForResource(self)
-+ assert myURL is not None, "Resource %s was not looked up via request" % (self,)
+ if myURL == "/":
+ return succeed(())
@@ -308,7 +282,7 @@
def defaultAccessControlList(self):
"""
@return: the L{davxml.ACL} element containing the default access control
-@@ -1146,49 +1210,96 @@
+@@ -1146,49 +1205,95 @@
This implementation returns an empty set.
"""
@@ -337,15 +311,18 @@
It will errback with an HTTPError(responsecode.FORBIDDEN) if
the principal isn't found.
"""
-+ def gotAuthn(authnPrincipal):
-+ if authnPrincipal is None:
-+ log.msg("Could not find the principal resource for user id: %s" % (authid,))
++ def gotAuthn(principal):
++ if principal is None:
++ log.msg("Could not find principal matching user id: %s" % (authid,))
+ raise HTTPError(responsecode.FORBIDDEN)
+
-+ def gotAuthz(authzPrincipal):
-+ return (authnPrincipal, authzPrincipal)
++ authnPrincipal, authnURI = principal
+
-+ d = self.authorizationPrincipal(request, authid, authnPrincipal)
++ def gotAuthz(principal):
++ authzPrincipal, authzURI = principal
++ return ((authnPrincipal, authnURI), (authzPrincipal, authzURI))
++
++ d = self.authorizationPrincipal(request, authid, authnPrincipal, authnURI)
+ d.addCallback(gotAuthz)
+ return d
+
@@ -367,34 +344,24 @@
+ that is found; {principalURI} is the C{str} URI of the principal.
+ If not found return None.
+ """
-+ # FIXME: should self.principalCollections() return resources instead of URIs?
-+
# Try to match principals in each principal collection on the resource
collections = waitForDeferred(self.principalCollections(request))
yield collections
collections = collections.getResult()
-- for collection in collections:
+ for collection in collections:
- principalURI = joinURL(str(collection), authid)
-+ for collectionURI in collections:
-+ collection = waitForDeferred(request.locateResource(collectionURI))
-+ yield collection
-+ collection = collection.getResult()
++ principalURI = joinURL(collection, authid)
-- principal = waitForDeferred(request.locateResource(principalURI))
-+ # FIXME: collection = IPrincipalCollectionResource(collection)
-+
-+ principal = collection.principalForUser(authid)
-+
-+ # FIXME: Why return a tuple?
-+
+ principal = waitForDeferred(request.locateResource(principalURI))
yield principal
-- principal = principal.getResult()
--
+ principal = principal.getResult()
+
- if isPrincipalResource(principal):
- yield (principal, principalURI)
-- return
-+ return
++ if isPrincipalResource(principal) and principal.exists():
++ yield principal, principalURI
+ return
else:
- principalCollections = waitForDeferred(self.principalCollections(request))
- yield principalCollections
@@ -410,7 +377,7 @@
-
findPrincipalForAuthID = deferredGenerator(findPrincipalForAuthID)
-+ def authorizationPrincipal(self, request, authid, authnPrincipal):
++ def authorizationPrincipal(self, request, authid, authnPrincipal, authnURI):
+ """
+ Determine the authorization principal for the given request and authentication principal.
+ This implementation simply uses aht authentication principalk as the authoization principal.
@@ -419,15 +386,16 @@
+ @param authid: a string containing the uthentication/authorization identifier
+ for the principal to lookup.
+ @param authnPrincipal: the L{IDAVPrincipal} for the authenticated principal
++ @param authnURI: a C{str} containing the URI of the authenticated principal
+ @return: a deferred result C{tuple} of (L{IDAVPrincipal}, C{str}) containing the authorization principal
+ resource and URI respectively.
+ """
-+ return succeed(authnPrincipal)
++ return succeed((authnPrincipal, authnURI,))
+
def samePrincipal(self, principal1, principal2):
"""
Check whether the two prinicpals are exactly the same in terms of
-@@ -1511,6 +1622,265 @@
+@@ -1511,6 +1616,265 @@
return None
##
@@ -693,7 +661,7 @@
# HTTP
##
-@@ -1558,7 +1928,7 @@
+@@ -1558,7 +1922,7 @@
"""
DAV resource with no children.
"""
@@ -702,7 +670,7 @@
return succeed(None)
class DAVPrincipalResource (DAVLeafResource):
-@@ -1712,6 +2082,37 @@
+@@ -1712,6 +2076,37 @@
davxml.registerElement(TwistedACLInheritable)
davxml.ACE.allowed_children[(twisted_dav_namespace, "inheritable")] = (0, 1)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20061114/cbd669d1/attachment.html
More information about the calendarserver-changes
mailing list