[CalendarServer-changes] [1831] CalendarServer/trunk/twistedcaldav/directory

source_changes at macosforge.org source_changes at macosforge.org
Thu Aug 30 11:39:24 PDT 2007 

Revision: 1831
          http://trac.macosforge.org/projects/calendarserver/changeset/1831
Author:   cdaboo at apple.com
Date:     2007-08-30 11:39:23 -0700 (Thu, 30 Aug 2007)

Log Message:
-----------
Make sure that a new user that re-uses the shortname of an old user (but has a different GUID) is not able to access
the calendar home of the old user if that has been left in place.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/directory/calendar.py

Added Paths:
-----------
    CalendarServer/trunk/twistedcaldav/directory/test/test_guidchange.py

Modified: CalendarServer/trunk/twistedcaldav/directory/calendar.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/calendar.py	2007-08-28 01:16:05 UTC (rev 1830)
+++ CalendarServer/trunk/twistedcaldav/directory/calendar.py	2007-08-30 18:39:23 UTC (rev 1831)
@@ -26,9 +26,11 @@
     "DirectoryCalendarHomeResource",
 ]
 
+from twisted.web2 import responsecode
 from twisted.web2.dav import davxml
 from twisted.web2.dav.util import joinURL
 from twisted.web2.dav.resource import TwistedACLInheritable, TwistedQuotaRootProperty
+from twisted.web2.http import HTTPError
 
 from twistedcaldav import caldavxml
 from twistedcaldav.config import config
@@ -204,6 +206,21 @@
             assert isinstance(child, cls), "Child %r is not a %s: %r" % (name, cls.__name__, child)
             self.putChild(name, child)
 
+    def provision(self):
+        # If an ACL property does not currently exist, create one from
+        # the defaultACL
+        try:
+            _ignore_acl = self.readDeadProperty(davxml.ACL)
+        except HTTPError, e:
+            assert (
+                e.response.code == responsecode.NOT_FOUND,
+                "Expected %s response from readDeadProperty() exception, not %s"
+                % (responsecode.NOT_FOUND, e.response.code)
+            )
+            self.writeDeadProperty(self.defaultAccessControlList())
+        
+        super(DirectoryCalendarHomeResource, self).provision()
+
     def provisionDefaultCalendars(self):
         self.provision()
 

Added: CalendarServer/trunk/twistedcaldav/directory/test/test_guidchange.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/test/test_guidchange.py	                        (rev 0)
+++ CalendarServer/trunk/twistedcaldav/directory/test/test_guidchange.py	2007-08-30 18:39:23 UTC (rev 1831)
@@ -0,0 +1,129 @@
+##
+# Copyright (c) 2005-2007 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+#
+# DRI: Cyrus Daboo, cdaboo at apple.com
+##
+from twistedcaldav.directory.principal import DirectoryPrincipalProvisioningResource
+from twistedcaldav.static import CalendarHomeProvisioningFile
+from twistedcaldav.directory.directory import DirectoryService
+
+import os
+
+from twisted.web2.dav import davxml
+from twisted.web2.dav.fileop import rmdir
+from twisted.web2.dav.resource import AccessDeniedError
+from twisted.web2.test.test_server import SimpleRequest
+
+from twistedcaldav.directory.xmlfile import XMLDirectoryService
+from twistedcaldav.directory.test.test_xmlfile import xmlFile
+
+import twistedcaldav.test.util
+
+
+class ProvisionedPrincipals (twistedcaldav.test.util.TestCase):
+    """
+    Directory service provisioned principals.
+    """
+    def setUp(self):
+        super(ProvisionedPrincipals, self).setUp()
+        
+        # Setup the initial directory
+        self.xmlfile = self.mktemp()
+        fd = open(self.xmlfile, "w")
+        fd.write(open(xmlFile.path, "r").read())
+        fd.close()
+        self.directoryService = XMLDirectoryService(self.xmlfile)
+        
+        # Set up a principals hierarchy for each service we're testing with
+        name = 'principals'
+        url = "/" + name + "/"
+        path = os.path.join(self.docroot, url[1:])
+
+        if os.path.exists(path):
+            rmdir(path)
+        os.mkdir(path)
+
+        provisioningResource = DirectoryPrincipalProvisioningResource(path, url, self.directoryService)
+
+        self.site.resource.putChild('principals', provisioningResource)
+
+        self.setupCalendars()
+
+        self.site.resource.setAccessControlList(davxml.ACL())
+
+    def setupCalendars(self):
+        calendarCollection = CalendarHomeProvisioningFile(
+            os.path.join(self.docroot, 'calendars'),
+            self.directoryService,
+            '/calendars/'
+        )
+        self.site.resource.putChild('calendars', calendarCollection)
+
+    def resetCalendars(self):
+        del self.site.resource.putChildren['calendars']
+        self.setupCalendars()
+
+    def test_guidchange(self):
+        """
+        DirectoryPrincipalResource.proxies()
+        """
+        
+        def privs1(result):
+            # Change GUID in record
+            fd = open(self.xmlfile, "w")
+            fd.write(open(xmlFile.path, "r").read().replace("5A985493-EE2C-4665-94CF-4DFEA3A89500", "38D8AC00-5490-4425-BE3A-05FFB9862444"))
+            fd.close()
+            fd = None
+
+            # Force re-read of records (not sure why _fileInfo has to be wiped here...)
+            self.directoryService._fileInfo = (0, 0)
+            self.directoryService.recordWithShortName(DirectoryService.recordType_users, "cdaboo")
+
+            # Now force the calendar home resource to be reset
+            self.resetCalendars()
+            
+            # Make sure new user cannot access old user's calendar home
+            return self._checkPrivileges(None, "/calendars/users/cdaboo/", davxml.HRef("/principals/__uids__/38D8AC00-5490-4425-BE3A-05FFB9862444/"), davxml.Write, False)
+            
+        # Make sure current user has access to their calendar home
+        d = self._checkPrivileges(None, "/calendars/users/cdaboo/", davxml.HRef("/principals/__uids__/5A985493-EE2C-4665-94CF-4DFEA3A89500/"), davxml.Write, True)
+        d.addCallback(privs1)
+        return d
+        
+
+    def _checkPrivileges(self, resource, url, principal, privilege, allowed):
+        request = SimpleRequest(self.site, "GET", "/calendars/users/cdaboo/")
+
+        def gotResource(resource):
+            d = resource.checkPrivileges(request, (privilege,), principal=davxml.Principal(principal))
+            if allowed:
+                def onError(f):
+                    f.trap(AccessDeniedError)
+                    #print resource.readDeadProperty(davxml.ACL)
+                    self.fail("%s should have %s privilege on %r" % (principal.sname(), privilege.sname(), resource))
+                d.addErrback(onError)
+            else:
+                def onError(f):
+                    f.trap(AccessDeniedError)
+                def onSuccess(_):
+                    #print resource.readDeadProperty(davxml.ACL)
+                    self.fail("%s should not have %s privilege on %r" % (principal.sname(), privilege.sname(), resource))
+                d.addCallback(onSuccess)
+                d.addErrback(onError)
+            return d
+
+        d = request.locateResource(url)
+        d.addCallback(gotResource)
+        return d

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070830/96537a0f/attachment.html

More information about the calendarserver-changes mailing list