[CalendarServer-changes] [99]
CalendarServer/branches/users/cdaboo/acl-merge/patches/Twisted/twisted.web2.dav.resource.patch
source_changes at macosforge.org
source_changes at macosforge.org
Fri Sep 1 12:12:12 PDT 2006
Revision: 99
Author: cdaboo at apple.com
Date: 2006-09-01 12:12:10 -0700 (Fri, 01 Sep 2006)
Log Message:
-----------
Make sure client is prompted to authenticate when authorization fails when client did not provide
authentication details to start with.
Modified Paths:
--------------
CalendarServer/branches/users/cdaboo/acl-merge/patches/Twisted/twisted.web2.dav.resource.patch
Modified: CalendarServer/branches/users/cdaboo/acl-merge/patches/Twisted/twisted.web2.dav.resource.patch
===================================================================
--- CalendarServer/branches/users/cdaboo/acl-merge/patches/Twisted/twisted.web2.dav.resource.patch 2006-09-01 17:32:49 UTC (rev 98)
+++ CalendarServer/branches/users/cdaboo/acl-merge/patches/Twisted/twisted.web2.dav.resource.patch 2006-09-01 19:12:10 UTC (rev 99)
@@ -2,7 +2,25 @@
===================================================================
--- twisted/web2/dav/resource.py (revision 17967)
+++ twisted/web2/dav/resource.py (working copy)
-@@ -593,9 +593,6 @@
+@@ -551,8 +551,15 @@
+ def onErrors(failure):
+ from twisted.web2.dav.acl import AccessDeniedError
+ failure.trap(AccessDeniedError)
+- response = NeedPrivilegesResponse(request.uri,
+- failure.value.errors)
++
++ # If we were unauthorized to start with (no Authorization header from client) then
++ # we should return an unauthorized response instead to force the client to login if it can
++ if request.user == davxml.Principal(davxml.Unauthenticated()):
++ response = UnauthorizedResponse(request.credentialFactories,
++ request.remoteAddr)
++ else:
++ response = NeedPrivilegesResponse(request.uri,
++ failure.value.errors)
+ #
+ # We're not adding the headers here because this response
+ # class is supposed to be a FORBIDDEN status code and
+@@ -593,9 +600,6 @@
factory = request.credentialFactories[authHeader[0]]
creds = factory.decode(authHeader[1], request.method)
@@ -12,7 +30,7 @@
# Try to match principals in each principal collection on
# the resource
-@@ -635,7 +632,7 @@
+@@ -635,7 +639,7 @@
@return: the current principal, as derived from the given request.
"""
if hasattr(request, "user"):
@@ -21,7 +39,7 @@
else:
return unauthenticatedPrincipal
-@@ -760,7 +757,10 @@
+@@ -760,7 +764,10 @@
elif isinstance(item, davxml.SupportedPrivilege):
addSupportedPrivilege(item)
@@ -33,7 +51,7 @@
assert (
isinstance(item, davxml.SupportedPrivilege),
"Not a SupportedPrivilege: %r" % (item,)
-@@ -920,11 +920,16 @@
+@@ -920,11 +927,16 @@
yield ign
ign.getResult()
@@ -52,7 +70,7 @@
pending = list(privileges)
denied = []
-@@ -930,7 +935,7 @@
+@@ -930,7 +942,7 @@
for ace in acl.children:
for privilege in tuple(pending):
@@ -61,7 +79,7 @@
continue
match = waitForDeferred(self.matchPrincipal(principal, ace.principal, request))
-@@ -952,7 +957,7 @@
+@@ -952,7 +964,7 @@
denied += pending # If no matching ACE, then denied
if denied:
@@ -70,7 +88,7 @@
if errors:
raise AccessDeniedError(errors,)
-@@ -1015,6 +1020,7 @@
+@@ -1015,6 +1027,7 @@
disabled = self.hasDeadProperty(TwistedAccessDisabledProperty)
if disabled:
yield None
@@ -78,7 +96,7 @@
myURL = None
-@@ -1069,6 +1075,7 @@
+@@ -1069,6 +1082,7 @@
# Check disabled
if parent_acl is None:
yield None
@@ -86,7 +104,7 @@
for ace in parent_acl.children:
if ace.inherited:
-@@ -1100,7 +1107,6 @@
+@@ -1100,7 +1114,6 @@
accessControlList = deferredGenerator(accessControlList)
@@ -94,7 +112,7 @@
def inheritedACEsforChildren(self, request):
"""
Do some optimisation of access control calculation by determining any inherited ACLs outside of
-@@ -1112,11 +1118,14 @@
+@@ -1112,11 +1125,14 @@
"""
# Get the parent ACLs with inheritance and preserve the <inheritable> element.
@@ -111,7 +129,7 @@
# Filter out those that are not inheritable (and remove the inheritable element from those that are)
aces = []
-@@ -1141,7 +1150,9 @@
+@@ -1141,7 +1157,9 @@
if not ace.invert:
continue
filteredaces.append(ace)
@@ -122,7 +140,7 @@
def inheritedACLSet(self):
"""
-@@ -1180,6 +1191,14 @@
+@@ -1180,6 +1198,14 @@
yield (principal, principalURI)
return
else:
@@ -137,7 +155,7 @@
raise HTTPError(responsecode.FORBIDDEN)
findPrincipalForAuthID = deferredGenerator(findPrincipalForAuthID)
-@@ -1261,7 +1280,7 @@
+@@ -1261,7 +1287,7 @@
assert principal2 is not None, "principal2 is None"
@@ -146,7 +164,7 @@
if principal1 == principal2:
yield True
return
-@@ -1301,7 +1320,7 @@
+@@ -1301,7 +1327,7 @@
d = request.locateResource(principal2)
d.addCallback(_testGroup)
return d
@@ -155,7 +173,7 @@
def validPrincipal(self, ace_principal, request):
"""
Check whether the supplied principal is valid for this resource.
-@@ -1317,16 +1336,16 @@
+@@ -1317,16 +1343,16 @@
# We know that the element contains a valid element type, so all
# we need to do is check for a valid property and a valid href.
#
@@ -177,7 +195,7 @@
return True
-@@ -1367,7 +1386,6 @@
+@@ -1367,7 +1393,6 @@
@param request: the request being processed.
@return: a deferred L{davxml.HRef} element or C{None}.
"""
@@ -185,7 +203,7 @@
if isinstance(principal, davxml.Property):
# raise NotImplementedError("Property principals are not implemented.")
-@@ -1428,15 +1446,6 @@
+@@ -1428,15 +1453,6 @@
if isinstance(principal, davxml.HRef):
yield principal
else:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20060901/f5def78d/attachment.html
More information about the calendarserver-changes
mailing list