[CalendarServer-changes] [3168] CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav

source_changes at macosforge.org source_changes at macosforge.org
Thu Oct 16 22:37:37 PDT 2008 

Revision: 3168
          http://trac.macosforge.org/projects/calendarserver/changeset/3168
Author:   sagen at apple.com
Date:     2008-10-16 22:37:36 -0700 (Thu, 16 Oct 2008)
Log Message:
-----------
Checkpoint of work in progress

Modified Paths:
--------------
    CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/principal.py
    CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/wiki.py
    CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/root.py

Modified: CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/principal.py
===================================================================
--- CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/principal.py	2008-10-17 03:38:48 UTC (rev 3167)
+++ CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/principal.py	2008-10-17 05:37:36 UTC (rev 3168)
@@ -70,11 +70,30 @@
     def defaultAccessControlList(self):
         return authReadACL
 
+    @inlineCallbacks
     def accessControlList(self, request, inheritance=True, expanding=False, inherited_aces=None):
-        # Permissions here are fixed, and are not subject to inherritance rules, etc.
-        return succeed(self.defaultAccessControlList())
 
+        log.info("REQUEST in accessControlList: %s" % (request.authzUser))
+        # TODO: Fix the circular dependency between wiki.py and principal.py
+        from twistedcaldav.directory.wiki import WikiDirectoryService, getWikiACL
+        # If this is a wiki-related principal, ACL depends on wiki server:
+        if self.record.recordType == WikiDirectoryService.recordType_wikis:
 
+            if hasattr(request, 'wikiACL'):
+                # We've already looked up wikiACL during this request
+                returnValue(request.wikiACL)
+
+            # query the wiki server
+            request.wikiACL = (yield getWikiACL(request, self.record.shortName))
+            log.info("Wiki ACL: %s" % (request.wikiACL,))
+            returnValue(request.wikiACL)
+
+
+        # ...otherwise permissions are fixed, and are not subject to
+        # inheritance rules, etc.
+        returnValue(self.defaultAccessControlList())
+
+
 class DirectoryProvisioningResource (
     PermissionsMixIn,
     CalendarPrincipalCollectionResource,

Modified: CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/wiki.py
===================================================================
--- CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/wiki.py	2008-10-17 03:38:48 UTC (rev 3167)
+++ CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/wiki.py	2008-10-17 05:37:36 UTC (rev 3168)
@@ -27,6 +27,8 @@
 from twisted.web2.dav import davxml
 from twisted.web.xmlrpc import Proxy, Fault
 from twisted.web2.http import HTTPError, StatusResponse
+from twisted.web2.auth.wrapper import UnauthorizedResponse
+
 from twisted.internet.defer import inlineCallbacks, returnValue
 
 
@@ -37,7 +39,10 @@
                                                DirectoryRecord,
                                                UnknownRecordTypeError)
 from twistedcaldav.directory.principal import DirectoryCalendarPrincipalResource
+from twistedcaldav.log import Logger
 
+log = Logger()
+
 class WikiDirectoryService(DirectoryService):
     """
     L{IDirectoryService} implementation for Wikis.
@@ -126,6 +131,7 @@
     try:
         url = str(request.authzUser.children[0])
         principal = (yield request.locateResource(url))
+        # TODO: Fix the circular dependency between wiki.py and calendar.py
         if isinstance(principal, DirectoryCalendarPrincipalResource):
             userID = principal.record.guid
     except:
@@ -138,6 +144,8 @@
         access = (yield proxy.callRemote(wikiConfig["WikiMethod"],
             userID, wikiID))
 
+        log.info("getWikiACL: user [%s], wiki [%s], access [%s]" % (userID,
+            wikiID, access))
 
         if access == "read":
             returnValue(
@@ -171,18 +179,33 @@
                     )
                 )
             )
-        else:
-            returnValue( davxml.ACL( ) )
 
+        else: # "no-access":
+
+            if userID == "unauthenticated":
+                # Return a 401 so they have an opportunity to log in
+                raise HTTPError(
+                    UnauthorizedResponse(
+                        request.credentialFactories,
+                        request.remoteAddr
+                    )
+                )
+
+            raise HTTPError(
+                StatusResponse(
+                    403,
+                    "You are not allowed to access this wiki"
+                )
+            )
+
     except Fault, fault:
 
-        # return wikiACLSuccess("write")
+        log.info("getWikiACL: user [%s], wiki [%s], FAULT [%s]" % (userID,
+            wikiID, fault))
 
-        if fault.faultCode == 2:
+        if fault.faultCode == 2: # non-existent user
             raise HTTPError(StatusResponse(403, fault.faultString))
 
-        elif fault.faultCode == 12:
+        else: # fault.faultCode == 12, non-existent wiki
             raise HTTPError(StatusResponse(404, fault.faultString))
 
-        returnValue( davxml.ACL( ) )
-

Modified: CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/root.py
===================================================================
--- CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/root.py	2008-10-17 03:38:48 UTC (rev 3167)
+++ CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/root.py	2008-10-17 05:37:36 UTC (rev 3168)
@@ -174,7 +174,7 @@
         # Examine cookies for wiki auth token
 
         def validSessionID(username):
-            print "GOT BACK: %s" % username
+            log.info("Wiki lookup returned user: %s" % (username,))
             directory = request.site.resource.getDirectory()
             record = directory.recordWithShortName("users", username)
             if record is None:
@@ -187,7 +187,7 @@
             request.username = username
 
         def invalidSessionID(error):
-            print "INVALID SESSION ID", error
+            log.info("Wiki lookup returned ERROR: %s" % (error,))
             raise HTTPError(StatusResponse(
                 responsecode.FORBIDDEN,
                 "Your sessionID was rejected by the authenticating wiki server."
@@ -204,19 +204,15 @@
                 token = None
 
             if token is not None:
+                log.info("Wiki sessionID cookie value: %s" % (token,))
                 proxy = Proxy(wikiConfig["URL"])
-                print "session id: %s" % token
                 d = proxy.callRemote(wikiConfig["UserMethod"],
                     token).addCallbacks(validSessionID, invalidSessionID)
                 d.addCallback(lambda _: super(RootResource, self
                                               ).locateChild(request, segments))
                 return d
 
-        # TODO: REMOVE!!!!!
-        # validSessionID("sagen")
-        # return super(RootResource, self).locateChild(request, segments)
 
-
         if self.useSacls and not hasattr(request, "checkedSACL") and not hasattr(request, "checkingSACL"):
             d = self.checkSacl(request)
             d.addCallback(lambda _: super(RootResource, self
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20081016/a6c1d93f/attachment-0001.html

More information about the calendarserver-changes mailing list