[CalendarServer-changes] [1611] CalendarServer/trunk/twistedcaldav

source_changes at macosforge.org source_changes at macosforge.org
Wed Jun 20 08:59:02 PDT 2007 

Revision: 1611
          http://trac.macosforge.org/projects/calendarserver/changeset/1611
Author:   cdaboo at apple.com
Date:     2007-06-20 08:59:02 -0700 (Wed, 20 Jun 2007)

Log Message:
-----------
Prevent DELETE, COPY and MOVE on the root resource.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/root.py
    CalendarServer/trunk/twistedcaldav/test/test_root.py

Modified: CalendarServer/trunk/twistedcaldav/root.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/root.py	2007-06-20 15:56:08 UTC (rev 1610)
+++ CalendarServer/trunk/twistedcaldav/root.py	2007-06-20 15:59:02 UTC (rev 1611)
@@ -16,18 +16,16 @@
 # DRI: David Reid, dreid at apple.com
 ##
 
+from twisted.internet import defer
 from twisted.python import log
-
-from twisted.internet import defer
 from twisted.python.failure import Failure
-from twisted.cred.error import LoginFailed
-from twisted.cred.error import UnauthorizedLogin
+from twisted.cred.error import LoginFailed, UnauthorizedLogin
 
+from twisted.web2 import responsecode
+from twisted.web2.dav import davxml
 from twisted.web2.http import HTTPError
 from twisted.web2.auth.wrapper import UnauthorizedResponse
 
-from twisted.web2.dav import davxml
-
 from twistedcaldav.extensions import DAVFile
 from twistedcaldav.config import config
 
@@ -117,6 +115,9 @@
 
         return super(RootResource, self).locateChild(request, segments)
 
+    def http_COPY       (self, request): return responsecode.FORBIDDEN
+    def http_MOVE       (self, request): return responsecode.FORBIDDEN
+    def http_DELETE     (self, request): return responsecode.FORBIDDEN
 
 # So CheckSACL will be parameterized
 # We do this after RootResource is defined

Modified: CalendarServer/trunk/twistedcaldav/test/test_root.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/test_root.py	2007-06-20 15:56:08 UTC (rev 1610)
+++ CalendarServer/trunk/twistedcaldav/test/test_root.py	2007-06-20 15:59:02 UTC (rev 1611)
@@ -19,25 +19,24 @@
 import os
 
 from twistedcaldav.root import RootResource
-
 from twistedcaldav.test.util import TestCase
 from twistedcaldav.directory.principal import DirectoryPrincipalProvisioningResource
 from twistedcaldav.directory.xmlfile import XMLDirectoryService
 from twistedcaldav.directory.test.test_xmlfile import xmlFile
 
+from twisted.cred.portal import Portal
+
 from twisted.internet import defer
 
-from twisted.web2.http import HTTPError
-
+from twisted.web2 import http_headers
+from twisted.web2 import responsecode
+from twisted.web2 import server
+from twisted.web2.auth import basic
 from twisted.web2.dav import auth
 from twisted.web2.dav import davxml
+from twisted.web2.http import HTTPError
+from twisted.web2.iweb import IResponse
 
-from twisted.web2 import server
-from twisted.web2.auth import basic
-from twisted.web2 import http_headers
-
-from twisted.cred.portal import Portal
-
 from twisted.web2.test.test_server import SimpleRequest
 
 class FakeCheckSACL(object):
@@ -236,3 +235,44 @@
         d.addErrback(_Eb)
 
         return d
+
+    def test_DELETE(self):
+        def do_test(response):
+            response = IResponse(response)
+
+            if response.code != responsecode.FORBIDDEN:
+                self.fail("Incorrect response for DELETE /: %s" % (response.code,))
+            
+        request = SimpleRequest(self.site, "DELETE", "/")
+        return self.send(request, do_test)
+
+    def test_COPY(self):
+        def do_test(response):
+            response = IResponse(response)
+
+            if response.code != responsecode.FORBIDDEN:
+                self.fail("Incorrect response for COPY /: %s" % (response.code,))
+            
+        request = SimpleRequest(
+            self.site,
+            "COPY",
+            "/",
+            headers=http_headers.Headers({"Destination":"/copy/"})
+        )
+        return self.send(request, do_test)
+
+    def test_MOVE(self):
+        def do_test(response):
+            response = IResponse(response)
+
+            if response.code != responsecode.FORBIDDEN:
+                self.fail("Incorrect response for MOVE /: %s" % (response.code,))
+            
+        request = SimpleRequest(
+            self.site,
+            "MOVE",
+            "/",
+            headers=http_headers.Headers({"Destination":"/copy/"})
+        )
+        return self.send(request, do_test)
+        
\ No newline at end of file

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070620/b67d0b5d/attachment.html

More information about the calendarserver-changes mailing list