[CalendarServer-changes] [2585] CalendarServer/branches/users/wsanchez/acl2/twistedcaldav
source_changes at macosforge.org
source_changes at macosforge.org
Tue Jun 17 19:36:15 PDT 2008
Revision: 2585
http://trac.macosforge.org/projects/calendarserver/changeset/2585
Author: wsanchez at apple.com
Date: 2008-06-17 19:36:14 -0700 (Tue, 17 Jun 2008)
Log Message:
-----------
Add ReadPrincipals option which allows a given set of principals to read everything in calendar homes.
Modified Paths:
--------------
CalendarServer/branches/users/wsanchez/acl2/twistedcaldav/config.py
CalendarServer/branches/users/wsanchez/acl2/twistedcaldav/directory/calendar.py
Modified: CalendarServer/branches/users/wsanchez/acl2/twistedcaldav/config.py
===================================================================
--- CalendarServer/branches/users/wsanchez/acl2/twistedcaldav/config.py 2008-06-18 02:23:25 UTC (rev 2584)
+++ CalendarServer/branches/users/wsanchez/acl2/twistedcaldav/config.py 2008-06-18 02:36:14 UTC (rev 2585)
@@ -87,6 +87,7 @@
# Special principals
#
"AdminPrincipals": [], # Principals with "DAV:all" access (relative URLs)
+ "ReadPrincipals": [], # Principals with "DAV:read" access (relative URLs)
"SudoersFile": "/etc/caldavd/sudoers.plist", # Principals that can pose as other principals
"EnableProxyPrincipals": True, # Create "proxy access" principals
@@ -296,6 +297,19 @@
for principal in config.AdminPrincipals
)
+ self.ReadACEs = tuple(
+ davxml.ACE(
+ davxml.Principal(davxml.HRef(principal)),
+ davxml.Grant(
+ davxml.Privilege(davxml.Read()),
+ davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+ ),
+ davxml.Protected(),
+ TwistedACLInheritable(),
+ )
+ for principal in config.ReadPrincipals
+ )
+
self.RootResourceACL = davxml.ACL(
# Read-only for anon or authenticated, depending on config
readOnlyACE(self.EnableAnonymousReadRoot),
Modified: CalendarServer/branches/users/wsanchez/acl2/twistedcaldav/directory/calendar.py
===================================================================
--- CalendarServer/branches/users/wsanchez/acl2/twistedcaldav/directory/calendar.py 2008-06-18 02:23:25 UTC (rev 2584)
+++ CalendarServer/branches/users/wsanchez/acl2/twistedcaldav/directory/calendar.py 2008-06-18 02:36:14 UTC (rev 2585)
@@ -330,7 +330,10 @@
# DAV:read access for authenticated users.
davxml.ACE(
davxml.Principal(davxml.Authenticated()),
- davxml.Grant(davxml.Privilege(davxml.Read())),
+ davxml.Grant(
+ davxml.Privilege(davxml.Read()),
+ davxml.Privilege(davxml.ReadCurrentUserPrivilegeSet()),
+ ),
),
# Inheritable DAV:all access for the resource's associated principal.
davxml.ACE(
@@ -345,7 +348,13 @@
davxml.Grant(davxml.Privilege(caldavxml.ReadFreeBusy())),
TwistedACLInheritable(),
),
- ) + config.AdminACEs
+ )
+
+ # Give read access to config.ReadPrincipals
+ aces += config.ReadACEs
+
+ # Give all access to config.AdminPrincipals
+ aces += config.AdminACEs
if config.EnableProxyPrincipals:
aces += (
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20080617/10be38fd/attachment-0001.htm
More information about the calendarserver-changes
mailing list