[CalendarServer-changes] [1831]
CalendarServer/trunk/twistedcaldav/directory
source_changes at macosforge.org
source_changes at macosforge.org
Thu Aug 30 11:39:24 PDT 2007
Revision: 1831
http://trac.macosforge.org/projects/calendarserver/changeset/1831
Author: cdaboo at apple.com
Date: 2007-08-30 11:39:23 -0700 (Thu, 30 Aug 2007)
Log Message:
-----------
Make sure that a new user that re-uses the shortname of an old user (but has a different GUID) is not able to access
the calendar home of the old user if that has been left in place.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/directory/calendar.py
Added Paths:
-----------
CalendarServer/trunk/twistedcaldav/directory/test/test_guidchange.py
Modified: CalendarServer/trunk/twistedcaldav/directory/calendar.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/calendar.py 2007-08-28 01:16:05 UTC (rev 1830)
+++ CalendarServer/trunk/twistedcaldav/directory/calendar.py 2007-08-30 18:39:23 UTC (rev 1831)
@@ -26,9 +26,11 @@
"DirectoryCalendarHomeResource",
]
+from twisted.web2 import responsecode
from twisted.web2.dav import davxml
from twisted.web2.dav.util import joinURL
from twisted.web2.dav.resource import TwistedACLInheritable, TwistedQuotaRootProperty
+from twisted.web2.http import HTTPError
from twistedcaldav import caldavxml
from twistedcaldav.config import config
@@ -204,6 +206,21 @@
assert isinstance(child, cls), "Child %r is not a %s: %r" % (name, cls.__name__, child)
self.putChild(name, child)
+ def provision(self):
+ # If an ACL property does not currently exist, create one from
+ # the defaultACL
+ try:
+ _ignore_acl = self.readDeadProperty(davxml.ACL)
+ except HTTPError, e:
+ assert (
+ e.response.code == responsecode.NOT_FOUND,
+ "Expected %s response from readDeadProperty() exception, not %s"
+ % (responsecode.NOT_FOUND, e.response.code)
+ )
+ self.writeDeadProperty(self.defaultAccessControlList())
+
+ super(DirectoryCalendarHomeResource, self).provision()
+
def provisionDefaultCalendars(self):
self.provision()
Added: CalendarServer/trunk/twistedcaldav/directory/test/test_guidchange.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/test_guidchange.py (rev 0)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_guidchange.py 2007-08-30 18:39:23 UTC (rev 1831)
@@ -0,0 +1,129 @@
+##
+# Copyright (c) 2005-2007 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# DRI: Cyrus Daboo, cdaboo at apple.com
+##
+from twistedcaldav.directory.principal import DirectoryPrincipalProvisioningResource
+from twistedcaldav.static import CalendarHomeProvisioningFile
+from twistedcaldav.directory.directory import DirectoryService
+
+import os
+
+from twisted.web2.dav import davxml
+from twisted.web2.dav.fileop import rmdir
+from twisted.web2.dav.resource import AccessDeniedError
+from twisted.web2.test.test_server import SimpleRequest
+
+from twistedcaldav.directory.xmlfile import XMLDirectoryService
+from twistedcaldav.directory.test.test_xmlfile import xmlFile
+
+import twistedcaldav.test.util
+
+
+class ProvisionedPrincipals (twistedcaldav.test.util.TestCase):
+ """
+ Directory service provisioned principals.
+ """
+ def setUp(self):
+ super(ProvisionedPrincipals, self).setUp()
+
+ # Setup the initial directory
+ self.xmlfile = self.mktemp()
+ fd = open(self.xmlfile, "w")
+ fd.write(open(xmlFile.path, "r").read())
+ fd.close()
+ self.directoryService = XMLDirectoryService(self.xmlfile)
+
+ # Set up a principals hierarchy for each service we're testing with
+ name = 'principals'
+ url = "/" + name + "/"
+ path = os.path.join(self.docroot, url[1:])
+
+ if os.path.exists(path):
+ rmdir(path)
+ os.mkdir(path)
+
+ provisioningResource = DirectoryPrincipalProvisioningResource(path, url, self.directoryService)
+
+ self.site.resource.putChild('principals', provisioningResource)
+
+ self.setupCalendars()
+
+ self.site.resource.setAccessControlList(davxml.ACL())
+
+ def setupCalendars(self):
+ calendarCollection = CalendarHomeProvisioningFile(
+ os.path.join(self.docroot, 'calendars'),
+ self.directoryService,
+ '/calendars/'
+ )
+ self.site.resource.putChild('calendars', calendarCollection)
+
+ def resetCalendars(self):
+ del self.site.resource.putChildren['calendars']
+ self.setupCalendars()
+
+ def test_guidchange(self):
+ """
+ DirectoryPrincipalResource.proxies()
+ """
+
+ def privs1(result):
+ # Change GUID in record
+ fd = open(self.xmlfile, "w")
+ fd.write(open(xmlFile.path, "r").read().replace("5A985493-EE2C-4665-94CF-4DFEA3A89500", "38D8AC00-5490-4425-BE3A-05FFB9862444"))
+ fd.close()
+ fd = None
+
+ # Force re-read of records (not sure why _fileInfo has to be wiped here...)
+ self.directoryService._fileInfo = (0, 0)
+ self.directoryService.recordWithShortName(DirectoryService.recordType_users, "cdaboo")
+
+ # Now force the calendar home resource to be reset
+ self.resetCalendars()
+
+ # Make sure new user cannot access old user's calendar home
+ return self._checkPrivileges(None, "/calendars/users/cdaboo/", davxml.HRef("/principals/__uids__/38D8AC00-5490-4425-BE3A-05FFB9862444/"), davxml.Write, False)
+
+ # Make sure current user has access to their calendar home
+ d = self._checkPrivileges(None, "/calendars/users/cdaboo/", davxml.HRef("/principals/__uids__/5A985493-EE2C-4665-94CF-4DFEA3A89500/"), davxml.Write, True)
+ d.addCallback(privs1)
+ return d
+
+
+ def _checkPrivileges(self, resource, url, principal, privilege, allowed):
+ request = SimpleRequest(self.site, "GET", "/calendars/users/cdaboo/")
+
+ def gotResource(resource):
+ d = resource.checkPrivileges(request, (privilege,), principal=davxml.Principal(principal))
+ if allowed:
+ def onError(f):
+ f.trap(AccessDeniedError)
+ #print resource.readDeadProperty(davxml.ACL)
+ self.fail("%s should have %s privilege on %r" % (principal.sname(), privilege.sname(), resource))
+ d.addErrback(onError)
+ else:
+ def onError(f):
+ f.trap(AccessDeniedError)
+ def onSuccess(_):
+ #print resource.readDeadProperty(davxml.ACL)
+ self.fail("%s should not have %s privilege on %r" % (principal.sname(), privilege.sname(), resource))
+ d.addCallback(onSuccess)
+ d.addErrback(onError)
+ return d
+
+ d = request.locateResource(url)
+ d.addCallback(gotResource)
+ return d
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070830/96537a0f/attachment.html
More information about the calendarserver-changes
mailing list