[CalendarServer-changes] [2710] CalendarServer/trunk/twistedcaldav/static.py

source_changes at macosforge.org source_changes at macosforge.org
Thu Jul 17 11:08:57 PDT 2008 

Revision: 2710
          http://trac.macosforge.org/projects/calendarserver/changeset/2710
Author:   cdaboo at apple.com
Date:     2008-07-17 11:08:56 -0700 (Thu, 17 Jul 2008)
Log Message:
-----------
Make sure rolled-up calendar data obeys private events data restrictions.

Modified Paths:
--------------
    CalendarServer/trunk/twistedcaldav/static.py

Modified: CalendarServer/trunk/twistedcaldav/static.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/static.py	2008-07-17 17:08:44 UTC (rev 2709)
+++ CalendarServer/trunk/twistedcaldav/static.py	2008-07-17 18:08:56 UTC (rev 2710)
@@ -54,6 +54,7 @@
 from twistedcaldav import customxml
 from twistedcaldav.caldavxml import caldav_namespace
 from twistedcaldav.config import config
+from twistedcaldav.customxml import TwistedCalendarAccessProperty
 from twistedcaldav.extensions import DAVFile
 from twistedcaldav.extensions import CachingXattrPropertyStore
 from twistedcaldav.ical import Component as iComponent
@@ -189,8 +190,9 @@
             # the child resource loop and supply those to the checkPrivileges on each child.
             filteredaces = yield self.inheritedACEsforChildren(request)
 
-            # Must verify ACLs which means we need a request object at this point
             tzids = set()
+            isowner = (yield self.isOwner(request))
+
             for name, uid, type in self.index().search(None): #@UnusedVariable
                 try:
                     child = yield request.locateChildResource(self, name)
@@ -204,7 +206,13 @@
                         yield child.checkPrivileges(request, (davxml.Read(),), inherited_aces=filteredaces)
                     except AccessDeniedError:
                         continue
-                    subcalendar = self.iCalendar(name)
+
+                    # Get the access filtered view of the data
+                    caldata = child.iCalendarTextFiltered(isowner)
+                    try:
+                        subcalendar = iComponent.fromString(caldata)
+                    except ValueError:
+                        continue
                     assert subcalendar.name() == "VCALENDAR"
 
                     for component in subcalendar.subcomponents():
@@ -222,6 +230,21 @@
 
         raise HTTPError((ErrorResponse(responsecode.BAD_REQUEST)))
 
+    def iCalendarTextFiltered(self, isowner):
+        try:
+            access = self.readDeadProperty(TwistedCalendarAccessProperty)
+        except HTTPError:
+            access = None
+
+        if access in (iComponent.ACCESS_CONFIDENTIAL, iComponent.ACCESS_RESTRICTED):
+
+            if not isowner:
+                # Now "filter" the resource calendar data through the CALDAV:calendar-data element and apply
+                # access restrictions to the data.
+                return caldavxml.CalendarData().elementFromResourceWithAccessRestrictions(self, access).calendarData()
+
+        return self.iCalendarText()
+
     def iCalendarText(self, name=None):
         if self.isPseudoCalendarCollection():
             if name is None:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080717/6bad7836/attachment-0001.html

More information about the calendarserver-changes mailing list