[CalendarServer-changes] [1611] CalendarServer/trunk/twistedcaldav
source_changes at macosforge.org
source_changes at macosforge.org
Wed Jun 20 08:59:02 PDT 2007
Revision: 1611
http://trac.macosforge.org/projects/calendarserver/changeset/1611
Author: cdaboo at apple.com
Date: 2007-06-20 08:59:02 -0700 (Wed, 20 Jun 2007)
Log Message:
-----------
Prevent DELETE, COPY and MOVE on the root resource.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/root.py
CalendarServer/trunk/twistedcaldav/test/test_root.py
Modified: CalendarServer/trunk/twistedcaldav/root.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/root.py 2007-06-20 15:56:08 UTC (rev 1610)
+++ CalendarServer/trunk/twistedcaldav/root.py 2007-06-20 15:59:02 UTC (rev 1611)
@@ -16,18 +16,16 @@
# DRI: David Reid, dreid at apple.com
##
+from twisted.internet import defer
from twisted.python import log
-
-from twisted.internet import defer
from twisted.python.failure import Failure
-from twisted.cred.error import LoginFailed
-from twisted.cred.error import UnauthorizedLogin
+from twisted.cred.error import LoginFailed, UnauthorizedLogin
+from twisted.web2 import responsecode
+from twisted.web2.dav import davxml
from twisted.web2.http import HTTPError
from twisted.web2.auth.wrapper import UnauthorizedResponse
-from twisted.web2.dav import davxml
-
from twistedcaldav.extensions import DAVFile
from twistedcaldav.config import config
@@ -117,6 +115,9 @@
return super(RootResource, self).locateChild(request, segments)
+ def http_COPY (self, request): return responsecode.FORBIDDEN
+ def http_MOVE (self, request): return responsecode.FORBIDDEN
+ def http_DELETE (self, request): return responsecode.FORBIDDEN
# So CheckSACL will be parameterized
# We do this after RootResource is defined
Modified: CalendarServer/trunk/twistedcaldav/test/test_root.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/test/test_root.py 2007-06-20 15:56:08 UTC (rev 1610)
+++ CalendarServer/trunk/twistedcaldav/test/test_root.py 2007-06-20 15:59:02 UTC (rev 1611)
@@ -19,25 +19,24 @@
import os
from twistedcaldav.root import RootResource
-
from twistedcaldav.test.util import TestCase
from twistedcaldav.directory.principal import DirectoryPrincipalProvisioningResource
from twistedcaldav.directory.xmlfile import XMLDirectoryService
from twistedcaldav.directory.test.test_xmlfile import xmlFile
+from twisted.cred.portal import Portal
+
from twisted.internet import defer
-from twisted.web2.http import HTTPError
-
+from twisted.web2 import http_headers
+from twisted.web2 import responsecode
+from twisted.web2 import server
+from twisted.web2.auth import basic
from twisted.web2.dav import auth
from twisted.web2.dav import davxml
+from twisted.web2.http import HTTPError
+from twisted.web2.iweb import IResponse
-from twisted.web2 import server
-from twisted.web2.auth import basic
-from twisted.web2 import http_headers
-
-from twisted.cred.portal import Portal
-
from twisted.web2.test.test_server import SimpleRequest
class FakeCheckSACL(object):
@@ -236,3 +235,44 @@
d.addErrback(_Eb)
return d
+
+ def test_DELETE(self):
+ def do_test(response):
+ response = IResponse(response)
+
+ if response.code != responsecode.FORBIDDEN:
+ self.fail("Incorrect response for DELETE /: %s" % (response.code,))
+
+ request = SimpleRequest(self.site, "DELETE", "/")
+ return self.send(request, do_test)
+
+ def test_COPY(self):
+ def do_test(response):
+ response = IResponse(response)
+
+ if response.code != responsecode.FORBIDDEN:
+ self.fail("Incorrect response for COPY /: %s" % (response.code,))
+
+ request = SimpleRequest(
+ self.site,
+ "COPY",
+ "/",
+ headers=http_headers.Headers({"Destination":"/copy/"})
+ )
+ return self.send(request, do_test)
+
+ def test_MOVE(self):
+ def do_test(response):
+ response = IResponse(response)
+
+ if response.code != responsecode.FORBIDDEN:
+ self.fail("Incorrect response for MOVE /: %s" % (response.code,))
+
+ request = SimpleRequest(
+ self.site,
+ "MOVE",
+ "/",
+ headers=http_headers.Headers({"Destination":"/copy/"})
+ )
+ return self.send(request, do_test)
+
\ No newline at end of file
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20070620/b67d0b5d/attachment.html
More information about the calendarserver-changes
mailing list