[CalendarServer-changes] [920] CalendarServer/branches/users/dreid/sudoers-2/twistedcaldav/resource. py

source_changes at macosforge.org source_changes at macosforge.org
Thu Jan 4 17:00:49 PST 2007 

Revision: 920
          http://trac.macosforge.org/projects/calendarserver/changeset/920
Author:   dreid at apple.com
Date:     2007-01-04 17:00:49 -0800 (Thu, 04 Jan 2007)

Log Message:
-----------
check if the authz is a group first.

Modified Paths:
--------------
    CalendarServer/branches/users/dreid/sudoers-2/twistedcaldav/resource.py

Modified: CalendarServer/branches/users/dreid/sudoers-2/twistedcaldav/resource.py
===================================================================
--- CalendarServer/branches/users/dreid/sudoers-2/twistedcaldav/resource.py	2007-01-05 00:38:51 UTC (rev 919)
+++ CalendarServer/branches/users/dreid/sudoers-2/twistedcaldav/resource.py	2007-01-05 01:00:49 UTC (rev 920)
@@ -254,10 +254,15 @@
             # Substitute the authz value for principal look up
             authz = authz[0]
 
+        def getPrincipalForType(type, name):
+            for collection in self.principalCollections():
+                principal = collection.principalForShortName(type, name)
+                if principal:
+                    return principal
+
         def isSudoPrincipal(authid):
-            for collection in self.principalCollections():
-                if collection.principalForShortName('sudoer', authid):
-                    return True
+            if getPrincipalForType('sudoer', authid):
+                return True
             return False
 
         if isSudoPrincipal(authid):
@@ -266,8 +271,11 @@
                     log.msg("Cannot proxy as another proxy: user '%s' as user '%s'" % (authid, authz))
                     raise HTTPError(responsecode.FORBIDDEN)
                 else:
-                    authzPrincipal = self.findPrincipalForAuthID(authz)
+                    authzPrincipal = getPrincipalForType('group', authz)
 
+                    if not authzPrincipal:
+                        authzPrincipal = self.findPrincipalForAuthID(authz)
+
                     if authzPrincipal is not None:
                         log.msg("Allow proxy: user '%s' as '%s'" % (authid, authz,))
                         yield authzPrincipal

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070104/6a25023b/attachment.html

More information about the calendarserver-changes mailing list