[CalendarServer-changes] [2710] CalendarServer/trunk/twistedcaldav/static.py
source_changes at macosforge.org
source_changes at macosforge.org
Thu Jul 17 11:08:57 PDT 2008
Revision: 2710
http://trac.macosforge.org/projects/calendarserver/changeset/2710
Author: cdaboo at apple.com
Date: 2008-07-17 11:08:56 -0700 (Thu, 17 Jul 2008)
Log Message:
-----------
Make sure rolled-up calendar data obeys private events data restrictions.
Modified Paths:
--------------
CalendarServer/trunk/twistedcaldav/static.py
Modified: CalendarServer/trunk/twistedcaldav/static.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/static.py 2008-07-17 17:08:44 UTC (rev 2709)
+++ CalendarServer/trunk/twistedcaldav/static.py 2008-07-17 18:08:56 UTC (rev 2710)
@@ -54,6 +54,7 @@
from twistedcaldav import customxml
from twistedcaldav.caldavxml import caldav_namespace
from twistedcaldav.config import config
+from twistedcaldav.customxml import TwistedCalendarAccessProperty
from twistedcaldav.extensions import DAVFile
from twistedcaldav.extensions import CachingXattrPropertyStore
from twistedcaldav.ical import Component as iComponent
@@ -189,8 +190,9 @@
# the child resource loop and supply those to the checkPrivileges on each child.
filteredaces = yield self.inheritedACEsforChildren(request)
- # Must verify ACLs which means we need a request object at this point
tzids = set()
+ isowner = (yield self.isOwner(request))
+
for name, uid, type in self.index().search(None): #@UnusedVariable
try:
child = yield request.locateChildResource(self, name)
@@ -204,7 +206,13 @@
yield child.checkPrivileges(request, (davxml.Read(),), inherited_aces=filteredaces)
except AccessDeniedError:
continue
- subcalendar = self.iCalendar(name)
+
+ # Get the access filtered view of the data
+ caldata = child.iCalendarTextFiltered(isowner)
+ try:
+ subcalendar = iComponent.fromString(caldata)
+ except ValueError:
+ continue
assert subcalendar.name() == "VCALENDAR"
for component in subcalendar.subcomponents():
@@ -222,6 +230,21 @@
raise HTTPError((ErrorResponse(responsecode.BAD_REQUEST)))
+ def iCalendarTextFiltered(self, isowner):
+ try:
+ access = self.readDeadProperty(TwistedCalendarAccessProperty)
+ except HTTPError:
+ access = None
+
+ if access in (iComponent.ACCESS_CONFIDENTIAL, iComponent.ACCESS_RESTRICTED):
+
+ if not isowner:
+ # Now "filter" the resource calendar data through the CALDAV:calendar-data element and apply
+ # access restrictions to the data.
+ return caldavxml.CalendarData().elementFromResourceWithAccessRestrictions(self, access).calendarData()
+
+ return self.iCalendarText()
+
def iCalendarText(self, name=None):
if self.isPseudoCalendarCollection():
if name is None:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080717/6bad7836/attachment-0001.html
More information about the calendarserver-changes
mailing list