[CalendarServer-changes] [1757]

source_changes at macosforge.org source_changes at macosforge.org
Fri Aug 3 12:52:35 PDT 2007


Revision: 1757
          http://trac.macosforge.org/projects/calendarserver/changeset/1757
Author:   cdaboo at apple.com
Date:     2007-08-03 12:52:35 -0700 (Fri, 03 Aug 2007)

Log Message:
-----------
Make sure group-memberset can only contain valid principal-URL values.

Modified Paths:
--------------
    CalDAVTester/trunk/Resource/calendaruserproxy/3.xml
    CalDAVTester/trunk/Resource/calendaruserproxy/5.xml
    CalDAVTester/trunk/Resource/calendaruserproxy/7.xml
    CalDAVTester/trunk/scripts/tests/calendaruserproxy.xml
    CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py

Modified: CalDAVTester/trunk/Resource/calendaruserproxy/3.xml
===================================================================
--- CalDAVTester/trunk/Resource/calendaruserproxy/3.xml	2007-08-03 16:14:52 UTC (rev 1756)
+++ CalDAVTester/trunk/Resource/calendaruserproxy/3.xml	2007-08-03 19:52:35 UTC (rev 1757)
@@ -2,7 +2,7 @@
 <D:propertyupdate xmlns:D="DAV:">
 <D:set>
 <D:prop>
-<D:group-member-set><D:href>$principal2:</D:href></D:group-member-set>
+<D:group-member-set><D:href>$principaluri2:</D:href></D:group-member-set>
 </D:prop>
 </D:set>
 </D:propertyupdate>

Modified: CalDAVTester/trunk/Resource/calendaruserproxy/5.xml
===================================================================
--- CalDAVTester/trunk/Resource/calendaruserproxy/5.xml	2007-08-03 16:14:52 UTC (rev 1756)
+++ CalDAVTester/trunk/Resource/calendaruserproxy/5.xml	2007-08-03 19:52:35 UTC (rev 1757)
@@ -2,7 +2,7 @@
 <D:propertyupdate xmlns:D="DAV:">
 <D:set>
 <D:prop>
-<D:group-member-set><D:href>$principal2:</D:href><D:href>$principal3:</D:href></D:group-member-set>
+<D:group-member-set><D:href>$principaluri2:</D:href><D:href>$principaluri3:</D:href></D:group-member-set>
 </D:prop>
 </D:set>
 </D:propertyupdate>

Modified: CalDAVTester/trunk/Resource/calendaruserproxy/7.xml
===================================================================
--- CalDAVTester/trunk/Resource/calendaruserproxy/7.xml	2007-08-03 16:14:52 UTC (rev 1756)
+++ CalDAVTester/trunk/Resource/calendaruserproxy/7.xml	2007-08-03 19:52:35 UTC (rev 1757)
@@ -2,7 +2,7 @@
 <D:propertyupdate xmlns:D="DAV:">
 <D:set>
 <D:prop>
-<D:group-member-set><D:href>$principal2:</D:href><D:href>$principal3:bogus</D:href></D:group-member-set>
+<D:group-member-set><D:href>$principaluri2:</D:href><D:href>$principal3:</D:href></D:group-member-set>
 </D:prop>
 </D:set>
 </D:propertyupdate>

Modified: CalDAVTester/trunk/scripts/tests/calendaruserproxy.xml
===================================================================
--- CalDAVTester/trunk/scripts/tests/calendaruserproxy.xml	2007-08-03 16:14:52 UTC (rev 1756)
+++ CalDAVTester/trunk/scripts/tests/calendaruserproxy.xml	2007-08-03 19:52:35 UTC (rev 1757)
@@ -727,10 +727,18 @@
 					<callback>propfindItems</callback>
 					<arg>
 						<name>okprops</name>
-						<value>DAV:group-member-set$&lt;href&gt;$principaluri2:&lt;/href&gt;&lt;href&gt;$principaluri3:&lt;/href&gt;</value>
+						<value>DAV:group-member-set</value>
 						<value>DAV:group-membership$</value>
 					</arg>
 				</verify>
+				<verify>
+					<callback>dataString</callback>
+					<arg>
+						<name>contains</name>
+						<value>&lt;href&gt;$principaluri2:&lt;/href&gt;</value>
+						<value>&lt;href&gt;$principaluri3:&lt;/href&gt;</value>
+					</arg>
+				</verify>
 			</request>
 		</test>
 		<test name='2' ignore='no'>

Modified: CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py	2007-08-03 16:14:52 UTC (rev 1756)
+++ CalendarServer/trunk/twistedcaldav/directory/calendaruserproxy.py	2007-08-03 19:52:35 UTC (rev 1757)
@@ -185,7 +185,7 @@
         for uri in members:
             principal = self.pcollection._principalForURI(uri)
             # Invalid principals MUST result in an error.
-            if principal is None:
+            if principal is None or principal.principalURL() != uri:
                 raise HTTPError(StatusResponse(
                     responsecode.BAD_REQUEST,
                     "Attempt to use a non-existent principal %s as a group member of %s." % (uri, self.principalURL(),)

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070803/f00702eb/attachment.html


More information about the calendarserver-changes mailing list