[CalendarServer-changes] [2289]
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.
patch
source_changes at macosforge.org
source_changes at macosforge.org
Wed Apr 9 10:58:03 PDT 2008
Revision: 2289
http://trac.macosforge.org/projects/calendarserver/changeset/2289
Author: cdaboo at apple.com
Date: 2008-04-09 10:58:03 -0700 (Wed, 09 Apr 2008)
Log Message:
-----------
Make sure that inheritable state of protected DAV:ace's is not lost when processing an ACL method request.
Modified Paths:
--------------
CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch
Modified: CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch
===================================================================
--- CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch 2008-04-09 17:55:54 UTC (rev 2288)
+++ CalendarServer/trunk/lib-patches/Twisted/twisted.web2.dav.resource.patch 2008-04-09 17:58:03 UTC (rev 2289)
@@ -350,7 +350,17 @@
def setAccessControlList(self, acl):
"""
See L{IDAVResource.setAccessControlList}.
-@@ -755,6 +825,7 @@
+@@ -748,13 +818,16 @@
+ # 10. Verify that new acl is not in conflict with itself
+ # 11. Update acl on the resource
+
+- old_acl = waitForDeferred(self.accessControlList(request))
++ # Get the current access control list, preserving any private properties on the ACEs as
++ # we will need to keep those when we change the ACL.
++ old_acl = waitForDeferred(self.accessControlList(request, expanding=True))
+ yield old_acl
+ old_acl = old_acl.getResult()
+
# Check disabled
if old_acl is None:
yield None
@@ -358,7 +368,7 @@
# Need to get list of supported privileges
supported = []
-@@ -1038,9 +1109,9 @@
+@@ -1038,9 +1111,9 @@
if myURL == "/":
# If we get to the root without any ACLs, then use the default.
@@ -370,7 +380,7 @@
# Dynamically update privileges for those ace's that are inherited.
if inheritance:
-@@ -1076,7 +1147,7 @@
+@@ -1076,7 +1149,7 @@
# Adjust ACE for inherit on this resource
children = list(ace.children)
children.remove(TwistedACLInheritable())
@@ -379,7 +389,7 @@
aces.append(davxml.ACE(*children))
else:
aces.extend(inherited_aces)
-@@ -1128,7 +1199,7 @@
+@@ -1128,7 +1201,7 @@
# Adjust ACE for inherit on this resource
children = list(ace.children)
children.remove(TwistedACLInheritable())
@@ -388,7 +398,7 @@
aces.append(davxml.ACE(*children))
# Filter out those that do not have a principal match with the current principal
-@@ -1152,49 +1223,69 @@
+@@ -1152,49 +1225,69 @@
This implementation returns an empty set.
"""
@@ -486,7 +496,7 @@
def samePrincipal(self, principal1, principal2):
"""
Check whether the two prinicpals are exactly the same in terms of
-@@ -1219,7 +1310,6 @@
+@@ -1219,7 +1312,6 @@
return False
def matchPrincipal(self, principal1, principal2, request):
@@ -494,7 +504,7 @@
"""
Check whether the principal1 is a principal in the set defined by
principal2.
-@@ -1244,6 +1334,9 @@
+@@ -1244,6 +1336,9 @@
if isinstance(principal1, davxml.Unauthenticated):
yield False
return
@@ -504,7 +514,7 @@
else:
yield True
return
-@@ -1271,7 +1364,6 @@
+@@ -1271,7 +1366,6 @@
assert principal2 is not None, "principal2 is None"
@@ -512,7 +522,7 @@
# Compare two HRefs and do group membership test as well
if principal1 == principal2:
yield True
-@@ -1302,9 +1394,9 @@
+@@ -1302,9 +1396,9 @@
def testGroup(group):
# Get principal resource for principal2
if group and isinstance(group, DAVPrincipalResource):
@@ -525,7 +535,7 @@
return False
-@@ -1351,11 +1443,16 @@
+@@ -1351,11 +1445,16 @@
@return C{True} if C{href_principal} is valid, C{False} otherwise.
This implementation tests for a href element that corresponds to
@@ -545,7 +555,7 @@
return d
def resolvePrincipal(self, principal, request):
-@@ -1432,7 +1529,7 @@
+@@ -1432,7 +1531,7 @@
log.err("DAV:self ACE is set on non-principal resource %r" % (self,))
yield None
return
@@ -554,7 +564,7 @@
if isinstance(principal, davxml.HRef):
yield principal
-@@ -1517,6 +1614,270 @@
+@@ -1517,6 +1616,270 @@
return None
##
@@ -825,7 +835,7 @@
# HTTP
##
-@@ -1567,7 +1928,7 @@
+@@ -1567,7 +1930,7 @@
def findChildren(self, depth, request, callback, privileges=None, inherited_aces=None):
return succeed(None)
@@ -834,7 +844,7 @@
"""
Resource representing a WebDAV principal. (RFC 3744, section 2)
"""
-@@ -1577,7 +1938,7 @@
+@@ -1577,7 +1940,7 @@
# WebDAV
##
@@ -843,7 +853,7 @@
(dav_namespace, "alternate-URI-set"),
(dav_namespace, "principal-URL" ),
(dav_namespace, "group-member-set" ),
-@@ -1585,14 +1946,11 @@
+@@ -1585,14 +1948,11 @@
)
def davComplianceClasses(self):
@@ -859,7 +869,7 @@
def readProperty(self, property, request):
def defer():
if type(property) is tuple:
-@@ -1610,10 +1968,10 @@
+@@ -1610,10 +1970,10 @@
return davxml.PrincipalURL(davxml.HRef(self.principalURL()))
if name == "group-member-set":
@@ -872,7 +882,7 @@
if name == "resourcetype":
if self.isCollection():
-@@ -1677,8 +2035,27 @@
+@@ -1677,8 +2037,27 @@
if self.principalURL() == uri:
return True
else:
@@ -901,7 +911,7 @@
class AccessDeniedError(Exception):
def __init__(self, errors):
"""
-@@ -1718,6 +2095,37 @@
+@@ -1718,6 +2097,37 @@
davxml.registerElement(TwistedACLInheritable)
davxml.ACE.allowed_children[(twisted_dav_namespace, "inheritable")] = (0, 1)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080409/2601a6ba/attachment-0001.html
More information about the calendarserver-changes
mailing list