[CalendarServer-changes] [3168] CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav
source_changes at macosforge.org
source_changes at macosforge.org
Thu Oct 16 22:37:37 PDT 2008
Revision: 3168
http://trac.macosforge.org/projects/calendarserver/changeset/3168
Author: sagen at apple.com
Date: 2008-10-16 22:37:36 -0700 (Thu, 16 Oct 2008)
Log Message:
-----------
Checkpoint of work in progress
Modified Paths:
--------------
CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/principal.py
CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/wiki.py
CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/root.py
Modified: CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/principal.py
===================================================================
--- CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/principal.py 2008-10-17 03:38:48 UTC (rev 3167)
+++ CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/principal.py 2008-10-17 05:37:36 UTC (rev 3168)
@@ -70,11 +70,30 @@
def defaultAccessControlList(self):
return authReadACL
+ @inlineCallbacks
def accessControlList(self, request, inheritance=True, expanding=False, inherited_aces=None):
- # Permissions here are fixed, and are not subject to inherritance rules, etc.
- return succeed(self.defaultAccessControlList())
+ log.info("REQUEST in accessControlList: %s" % (request.authzUser))
+ # TODO: Fix the circular dependency between wiki.py and principal.py
+ from twistedcaldav.directory.wiki import WikiDirectoryService, getWikiACL
+ # If this is a wiki-related principal, ACL depends on wiki server:
+ if self.record.recordType == WikiDirectoryService.recordType_wikis:
+ if hasattr(request, 'wikiACL'):
+ # We've already looked up wikiACL during this request
+ returnValue(request.wikiACL)
+
+ # query the wiki server
+ request.wikiACL = (yield getWikiACL(request, self.record.shortName))
+ log.info("Wiki ACL: %s" % (request.wikiACL,))
+ returnValue(request.wikiACL)
+
+
+ # ...otherwise permissions are fixed, and are not subject to
+ # inheritance rules, etc.
+ returnValue(self.defaultAccessControlList())
+
+
class DirectoryProvisioningResource (
PermissionsMixIn,
CalendarPrincipalCollectionResource,
Modified: CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/wiki.py
===================================================================
--- CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/wiki.py 2008-10-17 03:38:48 UTC (rev 3167)
+++ CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/wiki.py 2008-10-17 05:37:36 UTC (rev 3168)
@@ -27,6 +27,8 @@
from twisted.web2.dav import davxml
from twisted.web.xmlrpc import Proxy, Fault
from twisted.web2.http import HTTPError, StatusResponse
+from twisted.web2.auth.wrapper import UnauthorizedResponse
+
from twisted.internet.defer import inlineCallbacks, returnValue
@@ -37,7 +39,10 @@
DirectoryRecord,
UnknownRecordTypeError)
from twistedcaldav.directory.principal import DirectoryCalendarPrincipalResource
+from twistedcaldav.log import Logger
+log = Logger()
+
class WikiDirectoryService(DirectoryService):
"""
L{IDirectoryService} implementation for Wikis.
@@ -126,6 +131,7 @@
try:
url = str(request.authzUser.children[0])
principal = (yield request.locateResource(url))
+ # TODO: Fix the circular dependency between wiki.py and calendar.py
if isinstance(principal, DirectoryCalendarPrincipalResource):
userID = principal.record.guid
except:
@@ -138,6 +144,8 @@
access = (yield proxy.callRemote(wikiConfig["WikiMethod"],
userID, wikiID))
+ log.info("getWikiACL: user [%s], wiki [%s], access [%s]" % (userID,
+ wikiID, access))
if access == "read":
returnValue(
@@ -171,18 +179,33 @@
)
)
)
- else:
- returnValue( davxml.ACL( ) )
+ else: # "no-access":
+
+ if userID == "unauthenticated":
+ # Return a 401 so they have an opportunity to log in
+ raise HTTPError(
+ UnauthorizedResponse(
+ request.credentialFactories,
+ request.remoteAddr
+ )
+ )
+
+ raise HTTPError(
+ StatusResponse(
+ 403,
+ "You are not allowed to access this wiki"
+ )
+ )
+
except Fault, fault:
- # return wikiACLSuccess("write")
+ log.info("getWikiACL: user [%s], wiki [%s], FAULT [%s]" % (userID,
+ wikiID, fault))
- if fault.faultCode == 2:
+ if fault.faultCode == 2: # non-existent user
raise HTTPError(StatusResponse(403, fault.faultString))
- elif fault.faultCode == 12:
+ else: # fault.faultCode == 12, non-existent wiki
raise HTTPError(StatusResponse(404, fault.faultString))
- returnValue( davxml.ACL( ) )
-
Modified: CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/root.py
===================================================================
--- CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/root.py 2008-10-17 03:38:48 UTC (rev 3167)
+++ CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/root.py 2008-10-17 05:37:36 UTC (rev 3168)
@@ -174,7 +174,7 @@
# Examine cookies for wiki auth token
def validSessionID(username):
- print "GOT BACK: %s" % username
+ log.info("Wiki lookup returned user: %s" % (username,))
directory = request.site.resource.getDirectory()
record = directory.recordWithShortName("users", username)
if record is None:
@@ -187,7 +187,7 @@
request.username = username
def invalidSessionID(error):
- print "INVALID SESSION ID", error
+ log.info("Wiki lookup returned ERROR: %s" % (error,))
raise HTTPError(StatusResponse(
responsecode.FORBIDDEN,
"Your sessionID was rejected by the authenticating wiki server."
@@ -204,19 +204,15 @@
token = None
if token is not None:
+ log.info("Wiki sessionID cookie value: %s" % (token,))
proxy = Proxy(wikiConfig["URL"])
- print "session id: %s" % token
d = proxy.callRemote(wikiConfig["UserMethod"],
token).addCallbacks(validSessionID, invalidSessionID)
d.addCallback(lambda _: super(RootResource, self
).locateChild(request, segments))
return d
- # TODO: REMOVE!!!!!
- # validSessionID("sagen")
- # return super(RootResource, self).locateChild(request, segments)
-
if self.useSacls and not hasattr(request, "checkedSACL") and not hasattr(request, "checkingSACL"):
d = self.checkSacl(request)
d.addCallback(lambda _: super(RootResource, self
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20081016/a6c1d93f/attachment-0001.html
More information about the calendarserver-changes
mailing list