[CalendarServer-changes] [1758]
source_changes at macosforge.org
source_changes at macosforge.org
Fri Aug 3 13:33:06 PDT 2007
Revision: 1758
http://trac.macosforge.org/projects/calendarserver/changeset/1758
Author: cdaboo at apple.com
Date: 2007-08-03 13:33:05 -0700 (Fri, 03 Aug 2007)
Log Message:
-----------
Make sure only valid principal-URL principals can be used in an ACL.
Modified Paths:
--------------
CalDAVTester/trunk/Resource/acls/10.xml
CalDAVTester/trunk/Resource/acls/12.xml
CalDAVTester/trunk/Resource/acls/5.xml
CalDAVTester/trunk/Resource/acls/6.xml
CalDAVTester/trunk/Resource/acls/9.xml
CalDAVTester/trunk/scripts/tests/acl.xml
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch
Added Paths:
-----------
CalDAVTester/trunk/Resource/acls/22.xml
Modified: CalDAVTester/trunk/Resource/acls/10.xml
===================================================================
--- CalDAVTester/trunk/Resource/acls/10.xml 2007-08-03 19:52:35 UTC (rev 1757)
+++ CalDAVTester/trunk/Resource/acls/10.xml 2007-08-03 20:33:05 UTC (rev 1758)
@@ -2,7 +2,7 @@
<D:acl xmlns:D="DAV:">
<D:ace>
<D:principal>
- <D:href>$principal3:</D:href>
+ <D:href>$principaluri3:</D:href>
</D:principal>
<D:grant>
<D:privilege><schedule xmlns='urn:ietf:params:xml:ns:caldav'/></D:privilege>
Modified: CalDAVTester/trunk/Resource/acls/12.xml
===================================================================
--- CalDAVTester/trunk/Resource/acls/12.xml 2007-08-03 19:52:35 UTC (rev 1757)
+++ CalDAVTester/trunk/Resource/acls/12.xml 2007-08-03 20:33:05 UTC (rev 1758)
@@ -2,7 +2,7 @@
<D:acl xmlns:D="DAV:">
<D:ace>
<D:principal>
- <D:href>$principal2:</D:href>
+ <D:href>$principaluri2:</D:href>
</D:principal>
<D:grant>
<D:privilege><D:read/></D:privilege>
Added: CalDAVTester/trunk/Resource/acls/22.xml
===================================================================
--- CalDAVTester/trunk/Resource/acls/22.xml (rev 0)
+++ CalDAVTester/trunk/Resource/acls/22.xml 2007-08-03 20:33:05 UTC (rev 1758)
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<D:acl xmlns:D="DAV:">
+ <D:ace>
+ <D:principal>
+ <D:href>$principaluri2:</D:href>
+ </D:principal>
+ <D:grant>
+ <D:privilege><D:read/></D:privilege>
+ </D:grant>
+ </D:ace>
+ <D:ace>
+ <D:principal>
+ <D:href>$principal1:</D:href>
+ </D:principal>
+ <D:grant>
+ <D:privilege><D:read/></D:privilege>
+ </D:grant>
+ </D:ace>
+</D:acl>
Modified: CalDAVTester/trunk/Resource/acls/5.xml
===================================================================
--- CalDAVTester/trunk/Resource/acls/5.xml 2007-08-03 19:52:35 UTC (rev 1757)
+++ CalDAVTester/trunk/Resource/acls/5.xml 2007-08-03 20:33:05 UTC (rev 1758)
@@ -2,7 +2,7 @@
<D:acl xmlns:D="DAV:">
<D:ace>
<D:principal>
- <D:href>$principal2:</D:href>
+ <D:href>$principaluri2:</D:href>
</D:principal>
<D:grant>
<D:privilege><D:read/></D:privilege>
Modified: CalDAVTester/trunk/Resource/acls/6.xml
===================================================================
--- CalDAVTester/trunk/Resource/acls/6.xml 2007-08-03 19:52:35 UTC (rev 1757)
+++ CalDAVTester/trunk/Resource/acls/6.xml 2007-08-03 20:33:05 UTC (rev 1758)
@@ -2,7 +2,7 @@
<D:acl xmlns:D="DAV:">
<D:ace>
<D:principal>
- <D:href>$principal2:</D:href>
+ <D:href>$principaluri2:</D:href>
</D:principal>
<D:grant>
<D:privilege><D:read/></D:privilege>
Modified: CalDAVTester/trunk/Resource/acls/9.xml
===================================================================
--- CalDAVTester/trunk/Resource/acls/9.xml 2007-08-03 19:52:35 UTC (rev 1757)
+++ CalDAVTester/trunk/Resource/acls/9.xml 2007-08-03 20:33:05 UTC (rev 1758)
@@ -2,7 +2,7 @@
<D:acl xmlns:D="DAV:">
<D:ace>
<D:principal>
- <D:href>$principal3:</D:href>
+ <D:href>$principaluri3:</D:href>
</D:principal>
<D:deny>
<D:privilege><D:write-acl/></D:privilege>
@@ -10,7 +10,7 @@
</D:ace>
<D:ace>
<D:principal>
- <D:href>$principal3:</D:href>
+ <D:href>$principaluri3:</D:href>
</D:principal>
<D:grant>
<D:privilege><D:read/></D:privilege>
Modified: CalDAVTester/trunk/scripts/tests/acl.xml
===================================================================
--- CalDAVTester/trunk/scripts/tests/acl.xml 2007-08-03 19:52:35 UTC (rev 1757)
+++ CalDAVTester/trunk/scripts/tests/acl.xml 2007-08-03 20:33:05 UTC (rev 1758)
@@ -534,6 +534,24 @@
</verify>
</request>
</test>
+ <test name='10' ignore='no'>
+ <description>Valid command</description>
+ <request print-response='no'>
+ <method>ACL</method>
+ <ruri>1.ics</ruri>
+ <data>
+ <content-type>text/xml; charset=utf-8</content-type>
+ <filepath>Resource/acls/22.xml</filepath>
+ </data>
+ <verify>
+ <callback>prepostcondition</callback>
+ <arg>
+ <name>error</name>
+ <value>DAV:recognized-principal</value>
+ </arg>
+ </verify>
+ </request>
+ </test>
</test-suite>
<test-suite name='COPY/MOVE interaction with ACL' ignore='no'>
Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch 2007-08-03 19:52:35 UTC (rev 1757)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch 2007-08-03 20:33:05 UTC (rev 1758)
@@ -517,7 +517,27 @@
return False
-@@ -1432,7 +1523,7 @@
+@@ -1351,11 +1442,16 @@
+ @return C{True} if C{href_principal} is valid, C{False} otherwise.
+
+ This implementation tests for a href element that corresponds to
+- a principal resource.
++ a principal resource and matches the principal-URL.
+ """
+- # Must have the principal resource type
++
++ # Must have the principal resource type and must match the principal-URL
++
++ def _matchPrincipalURL(resource):
++ return isPrincipalResource(resource) and resource.principalURL() == str(href_principal)
++
+ d = request.locateResource(str(href_principal))
+- d.addCallback(isPrincipalResource)
++ d.addCallback(_matchPrincipalURL)
+ return d
+
+ def resolvePrincipal(self, principal, request):
+@@ -1432,7 +1528,7 @@
log.err("DAV:self ACE is set on non-principal resource %r" % (self,))
yield None
return
@@ -526,7 +546,7 @@
if isinstance(principal, davxml.HRef):
yield principal
-@@ -1517,6 +1608,270 @@
+@@ -1517,6 +1613,270 @@
return None
##
@@ -797,7 +817,7 @@
# HTTP
##
-@@ -1567,7 +1922,7 @@
+@@ -1567,7 +1927,7 @@
def findChildren(self, depth, request, callback, privileges=None, inherited_aces=None):
return succeed(None)
@@ -806,7 +826,7 @@
"""
Resource representing a WebDAV principal. (RFC 3744, section 2)
"""
-@@ -1577,7 +1932,7 @@
+@@ -1577,7 +1937,7 @@
# WebDAV
##
@@ -815,7 +835,7 @@
(dav_namespace, "alternate-URI-set"),
(dav_namespace, "principal-URL" ),
(dav_namespace, "group-member-set" ),
-@@ -1585,14 +1940,11 @@
+@@ -1585,14 +1945,11 @@
)
def davComplianceClasses(self):
@@ -831,7 +851,7 @@
def readProperty(self, property, request):
def defer():
if type(property) is tuple:
-@@ -1610,10 +1962,10 @@
+@@ -1610,10 +1967,10 @@
return davxml.PrincipalURL(davxml.HRef(self.principalURL()))
if name == "group-member-set":
@@ -844,7 +864,7 @@
if name == "resourcetype":
if self.isCollection():
-@@ -1677,8 +2029,27 @@
+@@ -1677,8 +2034,27 @@
if self.principalURL() == uri:
return True
else:
@@ -873,7 +893,7 @@
class AccessDeniedError(Exception):
def __init__(self, errors):
"""
-@@ -1718,6 +2089,37 @@
+@@ -1718,6 +2094,37 @@
davxml.registerElement(TwistedACLInheritable)
davxml.ACE.allowed_children[(twisted_dav_namespace, "inheritable")] = (0, 1)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070803/fa3b2e57/attachment.html
More information about the calendarserver-changes
mailing list