[CalendarServer-changes] [535]
CalendarServer/branches/users/wsanchez/provisioning-2
source_changes at macosforge.org
source_changes at macosforge.org
Tue Nov 21 08:23:25 PST 2006
Revision: 535
http://trac.macosforge.org/projects/calendarserver/changeset/535
Author: cdaboo at apple.com
Date: 2006-11-21 08:23:24 -0800 (Tue, 21 Nov 2006)
Log Message:
-----------
Re-do default privileges to match what we had before. Also do calendar home provisioning to properly set those up.
Modified Paths:
--------------
CalendarServer/branches/users/wsanchez/provisioning-2/conf/repository.xml
CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/directory/resource.py
CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/dropbox.py
CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/static.py
Modified: CalendarServer/branches/users/wsanchez/provisioning-2/conf/repository.xml
===================================================================
--- CalendarServer/branches/users/wsanchez/provisioning-2/conf/repository.xml 2006-11-21 15:53:38 UTC (rev 534)
+++ CalendarServer/branches/users/wsanchez/provisioning-2/conf/repository.xml 2006-11-21 16:23:24 UTC (rev 535)
@@ -26,7 +26,7 @@
<properties>
<acl>
<ace>
- <principal><all/></principal>
+ <principal><authenticated/></principal>
<grant><privilege><read/></privilege></grant>
</ace>
<ace>
@@ -59,7 +59,6 @@
<principal><authenticated/></principal>
<grant><privilege><read/></privilege></grant>
<protected/>
- <inheritable/>
</ace>
</acl>
</properties>
Modified: CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/directory/resource.py
===================================================================
--- CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/directory/resource.py 2006-11-21 15:53:38 UTC (rev 534)
+++ CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/directory/resource.py 2006-11-21 16:23:24 UTC (rev 535)
@@ -32,6 +32,8 @@
from twisted.web2 import responsecode
from twisted.web2.http import Response, HTTPError
from twisted.web2.http_headers import MimeType
+from twisted.web2.dav import davxml
+from twisted.web2.dav.resource import TwistedACLInheritable
from twisted.web2.dav.static import DAVFile
from twisted.web2.dav.util import joinURL
@@ -96,6 +98,21 @@
def collectionURL(self):
return self._url
+ ##
+ # ACL
+ ##
+
+ def defaultAccessControlList(self):
+ return davxml.ACL(
+ # Read access for authenticated users.
+ davxml.ACE(
+ davxml.Principal(davxml.Authenticated()),
+ davxml.Grant(davxml.Privilege(davxml.Read())),
+ davxml.Protected(),
+ TwistedACLInheritable()
+ ),
+ )
+
class DirectoryPrincipalTypeResource (ReadOnlyResourceMixIn, CalendarPrincipalCollectionResource, DAVFile):
"""
Collection resource which provisions directory principals of a specific type as its children.
Modified: CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/dropbox.py
===================================================================
--- CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/dropbox.py 2006-11-21 15:53:38 UTC (rev 534)
+++ CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/dropbox.py 2006-11-21 16:23:24 UTC (rev 535)
@@ -76,13 +76,13 @@
)
@classmethod
- def provision(clzz, principal, cuhome):
+ def provision(clzz, cuhome):
"""
Provision user account with appropriate collections for drop box
and notifications.
@param principal: the L{CalendarPrincipalResource} for the principal to provision
- @param cuhome: C{tuple} of (C{str} - URI of user calendar home, L{DAVResource} - resource of user calendar home)
+ @param cuhome: L{DAVResource} - resource of user calendar home
"""
# Only if enabled
@@ -92,7 +92,7 @@
# Create drop box collection in calendar-home collection resource if not already present.
from twistedcaldav.static import CalDAVFile
- child = CalDAVFile(os.path.join(cuhome[1].fp.path, DropBox.dropboxName))
+ child = CalDAVFile(os.path.join(cuhome.fp.path, DropBox.dropboxName))
child_exists = child.exists()
if not child_exists:
c = child.createSpecialCollection(davxml.ResourceType.dropboxhome)
@@ -102,7 +102,7 @@
if not DropBox.notifications:
return
- child = CalDAVFile(os.path.join(cuhome[1].fp.path, DropBox.notifcationName))
+ child = CalDAVFile(os.path.join(cuhome.fp.path, DropBox.notifcationName))
child_exists = child.exists()
if not child_exists:
c = child.createSpecialCollection(davxml.ResourceType.notifications)
Modified: CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/static.py
===================================================================
--- CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/static.py 2006-11-21 15:53:38 UTC (rev 534)
+++ CalendarServer/branches/users/wsanchez/provisioning-2/twistedcaldav/static.py 2006-11-21 16:23:24 UTC (rev 535)
@@ -438,6 +438,19 @@
# FIXME: Smells like a hack
directory.calendarHomesCollection = self
+ # Create children
+ for name in self.directory.recordTypes():
+ child_fp = self.fp.child(name)
+ if child_fp.exists():
+ assert child_fp.isdir()
+ else:
+ assert self.exists()
+ assert self.isCollection()
+
+ child_fp.makedirs()
+
+ self.putChild(name, CalendarHomeTypeProvisioningFile(child_fp.path, self, name))
+
def url(self):
return self._url
@@ -468,6 +481,20 @@
def homeForDirectoryRecord(self, record):
return self.getChild(record.recordType).getChild(record.shortName)
+ ##
+ # ACL
+ ##
+
+ def defaultAccessControlList(self):
+ return davxml.ACL(
+ # Read access for authenticated users.
+ davxml.ACE(
+ davxml.Principal(davxml.Authenticated()),
+ davxml.Grant(davxml.Privilege(davxml.Read())),
+ davxml.Protected(),
+ ),
+ )
+
class CalendarHomeTypeProvisioningFile (ReadOnlyResourceMixIn, DAVFile):
"""
L{CalDAVFile} resource which provisions calendar home collections of a specific
@@ -503,20 +530,39 @@
assert name is None
name = record.shortName
+ exists = False
child_fp = self.fp.child(name)
if child_fp.exists():
assert child_fp.isdir()
+ exists = True
else:
assert self.exists()
assert self.isCollection()
child_fp.makedirs()
- return CalendarHomeFile(child_fp.path, self, record)
+ home = CalendarHomeFile(child_fp.path, self, record)
+ if not exists:
+ home.provisionOnCreate()
+ return home
def listChildren(self):
return (record.shortName for record in self.directory.listRecords(self.recordType))
+ ##
+ # ACL
+ ##
+
+ def defaultAccessControlList(self):
+ return davxml.ACL(
+ # Read access for authenticated users.
+ davxml.ACE(
+ davxml.Principal(davxml.Authenticated()),
+ davxml.Grant(davxml.Privilege(davxml.Read())),
+ davxml.Protected(),
+ ),
+ )
+
class CalendarHomeFile (CalDAVFile):
"""
L{CalDAVFile} calendar home collection resource.
@@ -534,7 +580,13 @@
self.record = record
self._parent = parent
- # Create children
+ def provisionOnCreate(self):
+ """
+ Create all the child collections we need when the resource
+ is first created.
+ """
+
+ # Create inbox & outbox
for name, cls in (
("inbox" , ScheduleInboxFile),
("outbox", ScheduleOutboxFile),
@@ -543,12 +595,54 @@
child = cls(child_fp.path)
if not child_fp.exists():
child_fp.makedirs()
- if record.recordType == "resource" and child == "inbox":
- # Resources should have autorespond turned on by default,
- # since they typically don't have someone responding for them.
- child.writeDeadProperty(customxml.TwistedScheduleAutoRespond())
+ if name == "inbox":
+ child.setAccessControlList(
+ davxml.ACL(
+ davxml.ACE(
+ davxml.Principal(davxml.Authenticated()),
+ davxml.Grant(
+ davxml.Privilege(caldavxml.Schedule()),
+ ),
+ ),
+ )
+ )
+ if self.record.recordType == "resource":
+ # Resources should have autorespond turned on by default,
+ # since they typically don't have someone responding for them.
+ child.writeDeadProperty(customxml.TwistedScheduleAutoRespond())
self.putChild(name, child)
+ calendars = []
+ for calendar in ("calendar",):
+ childURL = joinURL(self.url(), calendar)
+ child = CalDAVFile(os.path.join(self.fp.path, calendar))
+ c = child.createCalendarCollection()
+ assert c.called
+ c = c.result
+ calendars.append(childURL)
+ child.setAccessControlList(
+ davxml.ACL(
+ davxml.ACE(
+ davxml.Principal(davxml.Authenticated()),
+ davxml.Grant(
+ davxml.Privilege(caldavxml.ReadFreeBusy()),
+ ),
+ TwistedACLInheritable(),
+ ),
+ )
+ )
+
+ # Set calendar-free-busy-set on Inbox if not already present
+ inbox = self.getChild("inbox")
+ if not inbox.hasDeadProperty(caldavxml.CalendarFreeBusySet()):
+ fbset = caldavxml.CalendarFreeBusySet(*[davxml.HRef.fromString(uri) for uri in calendars])
+ inbox.writeDeadProperty(fbset)
+
+ # Do drop box if requested
+ if self.record.recordType == "user":
+ from twistedcaldav.dropbox import DropBox
+ DropBox.provision(self)
+
def url(self):
return joinURL(self._parent.url(), self.record.shortName)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20061121/237a4bf2/attachment.html
More information about the calendarserver-changes
mailing list