[CalendarServer-changes] [1744]
CalendarServer/branches/users/wsanchez/deleted-uids/twistedcaldav
source_changes at macosforge.org
source_changes at macosforge.org
Wed Aug 1 08:43:40 PDT 2007
Revision: 1744
http://trac.macosforge.org/projects/calendarserver/changeset/1744
Author: cdaboo at apple.com
Date: 2007-08-01 08:43:40 -0700 (Wed, 01 Aug 2007)
Log Message:
-----------
Fix issue with SACLs not being able to extract the proper user name from the authorized principal-URL.
Modified Paths:
--------------
CalendarServer/branches/users/wsanchez/deleted-uids/twistedcaldav/root.py
CalendarServer/branches/users/wsanchez/deleted-uids/twistedcaldav/test/test_root.py
Modified: CalendarServer/branches/users/wsanchez/deleted-uids/twistedcaldav/root.py
===================================================================
--- CalendarServer/branches/users/wsanchez/deleted-uids/twistedcaldav/root.py 2007-07-31 21:52:19 UTC (rev 1743)
+++ CalendarServer/branches/users/wsanchez/deleted-uids/twistedcaldav/root.py 2007-08-01 15:43:40 UTC (rev 1744)
@@ -86,17 +86,24 @@
request.authzUser = authzUser
# Figure out the "username" from the davxml.Principal object
- username = authzUser.children[0].children[0].data
- username = username.rstrip('/').split('/')[-1]
+ request.checkingSACL = True
+ d = request.locateResource(authzUser.children[0].children[0].data)
- if RootResource.CheckSACL(username, self.saclService) != 0:
- log.msg("User '%s' is not enabled with the '%s' SACL" % (username, self.saclService,))
- return Failure(HTTPError(403))
+ def _checkedSACLCb(principal):
+ delattr(request, "checkingSACL")
+ username = principal.record.shortName
+
+ if RootResource.CheckSACL(username, self.saclService) != 0:
+ log.msg("User '%s' is not enabled with the '%s' SACL" % (username, self.saclService,))
+ return Failure(HTTPError(403))
+
+ # Mark SACL's as having been checked so we can avoid doing it multiple times
+ request.checkedSACL = True
+ return True
+
+ d.addCallback(_checkedSACLCb)
+ return d
- # Mark SACL's as having been checked so we can avoid doing it multiple times
- request.checkedSACL = True
- return True
-
d = defer.maybeDeferred(self.authenticate, request)
d.addCallbacks(_authCb, _authEb)
d.addCallback(_checkSACLCb)
@@ -106,7 +113,7 @@
for filter in self.contentFilters:
request.addResponseFilter(filter[0], atEnd=filter[1])
- if self.useSacls and not hasattr(request, "checkedSACL"):
+ if self.useSacls and not hasattr(request, "checkedSACL") and not hasattr(request, "checkingSACL"):
d = self.checkSacl(request)
d.addCallback(lambda _: super(RootResource, self
).locateChild(request, segments))
Modified: CalendarServer/branches/users/wsanchez/deleted-uids/twistedcaldav/test/test_root.py
===================================================================
--- CalendarServer/branches/users/wsanchez/deleted-uids/twistedcaldav/test/test_root.py 2007-07-31 21:52:19 UTC (rev 1743)
+++ CalendarServer/branches/users/wsanchez/deleted-uids/twistedcaldav/test/test_root.py 2007-08-01 15:43:40 UTC (rev 1744)
@@ -141,7 +141,7 @@
self.assertEquals(request.authzUser,
davxml.Principal(
- davxml.HRef('/principals/users/dreid/')))
+ davxml.HRef('/principals/__uids__/5FF60DAD-0BDE-4508-8C77-15F0CA5C8DD1/')))
d = defer.maybeDeferred(resrc.locateChild, request, ['principals'])
d.addCallback(_Cb)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070801/0feae72c/attachment.html
More information about the calendarserver-changes
mailing list