[CalendarServer-changes] [3182] CalendarServer/trunk
source_changes at macosforge.org
source_changes at macosforge.org
Fri Oct 17 11:53:03 PDT 2008
Revision: 3182
http://trac.macosforge.org/projects/calendarserver/changeset/3182
Author: sagen at apple.com
Date: 2008-10-17 11:53:02 -0700 (Fri, 17 Oct 2008)
Log Message:
-----------
Adds Wiki calendar support
Modified Paths:
--------------
CalendarServer/trunk/conf/caldavd-test.plist
CalendarServer/trunk/conf/caldavd.plist
CalendarServer/trunk/twistedcaldav/config.py
CalendarServer/trunk/twistedcaldav/directory/calendar.py
CalendarServer/trunk/twistedcaldav/directory/principal.py
CalendarServer/trunk/twistedcaldav/root.py
CalendarServer/trunk/twistedcaldav/tap.py
Added Paths:
-----------
CalendarServer/trunk/twistedcaldav/directory/wiki.py
Modified: CalendarServer/trunk/conf/caldavd-test.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd-test.plist 2008-10-17 18:24:57 UTC (rev 3181)
+++ CalendarServer/trunk/conf/caldavd-test.plist 2008-10-17 18:53:02 UTC (rev 3182)
@@ -272,8 +272,10 @@
<string>sessionID</string>
<key>URL</key>
<string>http://127.0.0.1/RPC2</string>
- <key>method</key>
+ <key>UserMethod</key>
<string>userForSession</string>
+ <key>WikiMethod</key>
+ <string>accessLevelForUserWikiCalendar</string>
</dict>
</dict>
Modified: CalendarServer/trunk/conf/caldavd.plist
===================================================================
--- CalendarServer/trunk/conf/caldavd.plist 2008-10-17 18:24:57 UTC (rev 3181)
+++ CalendarServer/trunk/conf/caldavd.plist 2008-10-17 18:53:02 UTC (rev 3182)
@@ -219,12 +219,6 @@
<dict>
<key>Enabled</key>
<false/>
- <key>Cookie</key>
- <string>sessionID</string>
- <key>URL</key>
- <string>http://127.0.0.1/RPC2</string>
- <key>method</key>
- <string>userForSession</string>
</dict>
</dict>
Modified: CalendarServer/trunk/twistedcaldav/config.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/config.py 2008-10-17 18:24:57 UTC (rev 3181)
+++ CalendarServer/trunk/twistedcaldav/config.py 2008-10-17 18:53:02 UTC (rev 3182)
@@ -124,7 +124,8 @@
"Enabled": False,
"Cookie": "sessionID",
"URL": "http://127.0.0.1/RPC2",
- "method": "userForSession",
+ "UserMethod": "userForSession",
+ "WikiMethod": "accessLevelForUserWikiCalendar",
},
},
Modified: CalendarServer/trunk/twistedcaldav/directory/calendar.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/calendar.py 2008-10-17 18:24:57 UTC (rev 3181)
+++ CalendarServer/trunk/twistedcaldav/directory/calendar.py 2008-10-17 18:53:02 UTC (rev 3182)
@@ -27,7 +27,7 @@
"DirectoryCalendarHomeResource",
]
-from twisted.internet.defer import succeed
+from twisted.internet.defer import succeed, inlineCallbacks, returnValue
from twisted.web2 import responsecode
from twisted.web2.dav import davxml
from twisted.web2.http import HTTPError
@@ -42,8 +42,12 @@
from twistedcaldav.resource import CalDAVResource
from twistedcaldav.schedule import ScheduleInboxResource, ScheduleOutboxResource
from twistedcaldav.directory.idirectory import IDirectoryService
+from twistedcaldav.directory.wiki import getWikiACL
from twistedcaldav.directory.resource import AutoProvisioningResourceMixIn
+from twistedcaldav.log import Logger
+log = Logger()
+
# Use __underbars__ convention to avoid conflicts with directory resource types.
uidsResourceName = "__uids__"
@@ -410,10 +414,19 @@
return davxml.ACL(*aces)
+ @inlineCallbacks
def accessControlList(self, request, inheritance=True, expanding=False, inherited_aces=None):
- # Permissions here are fixed, and are not subject to inherritance rules, etc.
- return succeed(self.defaultAccessControlList())
+ wikiACL = (yield getWikiACL(self, request))
+ if wikiACL is not None:
+ # ACL depends on wiki server...
+ log.info("Wiki ACL: %s" % (wikiACL,))
+ returnValue(wikiACL)
+ else:
+ # ...otherwise permissions are fixed, and are not subject to
+ # inheritance rules, etc.
+ returnValue(self.defaultAccessControlList())
+
def principalCollections(self):
return self.parent.principalCollections()
Modified: CalendarServer/trunk/twistedcaldav/directory/principal.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/principal.py 2008-10-17 18:24:57 UTC (rev 3181)
+++ CalendarServer/trunk/twistedcaldav/directory/principal.py 2008-10-17 18:53:02 UTC (rev 3182)
@@ -56,6 +56,7 @@
from twistedcaldav.directory.idirectory import IDirectoryService
from twistedcaldav.log import Logger
from twistedcaldav import caldavxml, customxml
+from twistedcaldav.directory.wiki import getWikiACL
log = Logger()
@@ -70,11 +71,20 @@
def defaultAccessControlList(self):
return authReadACL
+ @inlineCallbacks
def accessControlList(self, request, inheritance=True, expanding=False, inherited_aces=None):
- # Permissions here are fixed, and are not subject to inherritance rules, etc.
- return succeed(self.defaultAccessControlList())
+ wikiACL = (yield getWikiACL(self, request))
+ if wikiACL is not None:
+ # ACL depends on wiki server...
+ log.info("Wiki ACL: %s" % (wikiACL,))
+ returnValue(wikiACL)
+ else:
+ # ...otherwise permissions are fixed, and are not subject to
+ # inheritance rules, etc.
+ returnValue(self.defaultAccessControlList())
+
class DirectoryProvisioningResource (
PermissionsMixIn,
CalendarPrincipalCollectionResource,
Copied: CalendarServer/trunk/twistedcaldav/directory/wiki.py (from rev 3181, CalendarServer/branches/users/sagen/wikitype-3152/twistedcaldav/directory/wiki.py)
===================================================================
--- CalendarServer/trunk/twistedcaldav/directory/wiki.py (rev 0)
+++ CalendarServer/trunk/twistedcaldav/directory/wiki.py 2008-10-17 18:53:02 UTC (rev 3182)
@@ -0,0 +1,207 @@
+##
+# Copyright (c) 2006-2007 Apple Inc. All rights reserved.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##
+
+"""
+Directory service implementation for users who are allowed to authorize
+as other principals.
+"""
+
+__all__ = [
+ "WikiDirectoryService",
+]
+
+from twisted.python.filepath import FilePath
+from twisted.web2.dav import davxml
+from twisted.web.xmlrpc import Proxy, Fault
+from twisted.web2.http import HTTPError, StatusResponse
+from twisted.web2.auth.wrapper import UnauthorizedResponse
+
+from twisted.internet.defer import inlineCallbacks, returnValue
+
+
+from twisted.web2.dav.resource import TwistedACLInheritable
+from twistedcaldav.config import config
+from twistedcaldav.py.plistlib import readPlist
+from twistedcaldav.directory.directory import (DirectoryService,
+ DirectoryRecord,
+ UnknownRecordTypeError)
+from twistedcaldav.log import Logger
+
+log = Logger()
+
+class WikiDirectoryService(DirectoryService):
+ """
+ L{IDirectoryService} implementation for Wikis.
+ """
+ baseGUID = "d79ef1e0-9a42-11dd-ad8b-0800200c9a66"
+
+ realmName = None
+
+ recordType_wikis = "wikis"
+
+
+ def __repr__(self):
+ return "<%s %r>" % (self.__class__.__name__, self.realmName)
+
+ def __init__(self):
+ super(WikiDirectoryService, self).__init__()
+ self.byGUID = {}
+ self.byShortName = {}
+
+ def recordTypes(self):
+ return (WikiDirectoryService.recordType_wikis,)
+
+ def listRecords(self, recordType):
+ return ()
+
+ def recordWithShortName(self, recordType, shortName):
+ if recordType != WikiDirectoryService.recordType_wikis:
+ raise UnknownRecordTypeError(recordType)
+
+ if self.byShortName.has_key(shortName):
+ return self.byShortName[shortName]
+
+ record = WikiDirectoryRecord(
+ self,
+ WikiDirectoryService.recordType_wikis,
+ shortName,
+ None
+ )
+ self.log_info("Returning wiki record with GUID %s" % (record.guid,))
+ self.byGUID[record.guid] = record
+ self.byShortName[shortName] = record
+ return record
+
+ def recordWithGUID(self, guid):
+ return self.byGUID.get(guid, None)
+
+
+
+class WikiDirectoryRecord(DirectoryRecord):
+ """
+ L{DirectoryRecord} implementation for Wikis.
+ """
+
+ def __init__(self, service, recordType, shortName, entry):
+ super(WikiDirectoryRecord, self).__init__(
+ service=service,
+ recordType=recordType,
+ guid=None,
+ shortName=shortName,
+ fullName=shortName,
+ firstName="",
+ lastName="",
+ emailAddresses=set(),
+ calendarUserAddresses=set(),
+ autoSchedule=False,
+ enabledForCalendaring=True)
+
+
+
+ at inlineCallbacks
+def getWikiACL(resource, request):
+
+ from twistedcaldav.directory.principal import DirectoryCalendarPrincipalResource
+
+ if (not hasattr(resource, "record") or
+ resource.record.recordType != WikiDirectoryService.recordType_wikis):
+ returnValue(None)
+
+ if hasattr(request, 'wikiACL'):
+ returnValue(request.wikiACL)
+
+ wikiConfig = config.Authentication["Wiki"]
+ userID = "unauthenticated"
+ wikiID = resource.record.shortName
+
+ try:
+ url = str(request.authzUser.children[0])
+ principal = (yield request.locateResource(url))
+ if isinstance(principal, DirectoryCalendarPrincipalResource):
+ userID = principal.record.guid
+ except:
+ # TODO: better error handling
+ pass
+
+ proxy = Proxy(wikiConfig["URL"])
+ try:
+
+ access = (yield proxy.callRemote(wikiConfig["WikiMethod"],
+ userID, wikiID))
+
+ log.info("getWikiACL: user [%s], wiki [%s], access [%s]" % (userID,
+ wikiID, access))
+
+ if access == "read":
+ request.wikiACL = davxml.ACL(
+ davxml.ACE(
+ request.authnUser,
+ davxml.Grant(
+ davxml.Privilege(davxml.Read()),
+ ),
+ TwistedACLInheritable(),
+ )
+ )
+ returnValue(request.wikiACL)
+
+ elif access in ("write", "admin"):
+ request.wikiACL = davxml.ACL(
+ davxml.ACE(
+ request.authnUser,
+ davxml.Grant(
+ davxml.Privilege(davxml.Read()),
+ ),
+ TwistedACLInheritable(),
+ ),
+ davxml.ACE(
+ request.authnUser,
+ davxml.Grant(
+ davxml.Privilege(davxml.Write()),
+ ),
+ TwistedACLInheritable(),
+ )
+ )
+ returnValue(request.wikiACL)
+
+ else: # "no-access":
+
+ if userID == "unauthenticated":
+ # Return a 401 so they have an opportunity to log in
+ raise HTTPError(
+ UnauthorizedResponse(
+ request.credentialFactories,
+ request.remoteAddr
+ )
+ )
+
+ raise HTTPError(
+ StatusResponse(
+ 403,
+ "You are not allowed to access this wiki"
+ )
+ )
+
+ except Fault, fault:
+
+ log.info("getWikiACL: user [%s], wiki [%s], FAULT [%s]" % (userID,
+ wikiID, fault))
+
+ if fault.faultCode == 2: # non-existent user
+ raise HTTPError(StatusResponse(403, fault.faultString))
+
+ else: # fault.faultCode == 12, non-existent wiki
+ raise HTTPError(StatusResponse(404, fault.faultString))
+
Modified: CalendarServer/trunk/twistedcaldav/root.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/root.py 2008-10-17 18:24:57 UTC (rev 3181)
+++ CalendarServer/trunk/twistedcaldav/root.py 2008-10-17 18:53:02 UTC (rev 3182)
@@ -174,6 +174,7 @@
# Examine cookies for wiki auth token
def validSessionID(username):
+ log.info("Wiki lookup returned user: %s" % (username,))
directory = request.site.resource.getDirectory()
record = directory.recordWithShortName("users", username)
if record is None:
@@ -183,8 +184,8 @@
))
request.authnUser = request.authzUser = davxml.Principal(
davxml.HRef.fromString("/principals/__uids__/%s/" % (record.guid,)))
-
def invalidSessionID(error):
+ log.info("Wiki lookup returned ERROR: %s" % (error,))
raise HTTPError(StatusResponse(
responsecode.FORBIDDEN,
"Your sessionID was rejected by the authenticating wiki server."
@@ -201,9 +202,10 @@
token = None
if token is not None:
+ log.info("Wiki sessionID cookie value: %s" % (token,))
proxy = Proxy(wikiConfig["URL"])
- d = proxy.callRemote(wikiConfig["method"], token).addCallbacks(
- validSessionID, invalidSessionID)
+ d = proxy.callRemote(wikiConfig["UserMethod"],
+ token).addCallbacks(validSessionID, invalidSessionID)
d.addCallback(lambda _: super(RootResource, self
).locateChild(request, segments))
return d
Modified: CalendarServer/trunk/twistedcaldav/tap.py
===================================================================
--- CalendarServer/trunk/twistedcaldav/tap.py 2008-10-17 18:24:57 UTC (rev 3181)
+++ CalendarServer/trunk/twistedcaldav/tap.py 2008-10-17 18:53:02 UTC (rev 3182)
@@ -51,6 +51,7 @@
from twistedcaldav.directory.principal import DirectoryPrincipalProvisioningResource
from twistedcaldav.directory.aggregate import AggregateDirectoryService
from twistedcaldav.directory.sudo import SudoDirectoryService
+from twistedcaldav.directory.wiki import WikiDirectoryService
from twistedcaldav.static import CalendarHomeProvisioningFile
from twistedcaldav.static import IScheduleInboxFile
from twistedcaldav.static import TimezoneServiceFile
@@ -455,6 +456,7 @@
#
directories = []
+
directoryClass = namedClass(config.DirectoryService["type"])
log.info("Configuring directory service of type: %s"
@@ -479,12 +481,22 @@
log.info("Not using SudoDirectoryService; file doesn't exist: %s"
% (config.SudoersFile,))
+ #
+ # Add wiki directory service
+ #
+ if config.Authentication["Wiki"]["Enabled"]:
+ wikiDirectory = WikiDirectoryService()
+ wikiDirectory.realmName = baseDirectory.realmName
+ directories.append(wikiDirectory)
+
+
directory = AggregateDirectoryService(directories)
if sudoDirectory:
directory.userRecordTypes.insert(0,
SudoDirectoryService.recordType_sudoers)
+
#
# Configure Memcached Client Pool
#
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.macosforge.org/pipermail/calendarserver-changes/attachments/20081017/5e5f683a/attachment-0001.html
More information about the calendarserver-changes
mailing list